Compare commits

..

No commits in common. "dea406fb54c010ab31aa6b8b5c9562dd04fc094b" and "9b01415013f246fc4e4f2533159a70b1f98ac7ee" have entirely different histories.

25 changed files with 66 additions and 907 deletions

View file

@ -1,5 +0,0 @@
---
profile: production
strict: true
exclude_paths:
- "**/*docker-compose.yaml"

View file

@ -1,3 +1,3 @@
[env] [env]
ANSIBLE_INVENTORY = "{{config_root}}/inventory.ini" ANSIBLE_INVENTORY = "{{config_root}}/inventory.ini"
ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass" ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass"

View file

@ -1,39 +0,0 @@
---
ci:
autoupdate_schedule: monthly
skip:
# build of https://github.com/ansible/ansible-lint:ansible@v24.9.2 for python@python3 exceeds tier max size 250MiB: 405.6MiB
- ansible-lint
- ggshield
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-illegal-windows-names
- id: check-json
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: check-toml
- id: check-vcs-permalinks
- id: check-yaml
args: [--unsafe]
- id: detect-private-key
- id: end-of-file-fixer
- id: mixed-line-ending
- id: trailing-whitespace
- repo: https://github.com/ansible/ansible-lint
rev: v24.9.2
hooks:
- id: ansible-lint
entry: python3 -m ansiblelint -v --force-color --fix
additional_dependencies:
- ansible # necessary because we're using community collections
- repo: https://github.com/gitguardian/ggshield
rev: v1.32.1
hooks:
- id: ggshield

View file

@ -1,2 +1,2 @@
[servers] [servers]
ubuntu ansible_host=192.168.0.6 ansible_python_interpreter=auto_silent ubuntu ansible_host=192.168.0.6 ansible_port=38303 ansible_python_interpreter=auto_silent

View file

@ -1,20 +0,0 @@
---
- name: Update caddy config
hosts: servers
gather_facts: false
become: true
tasks:
- name: Write Caddyfile
ansible.builtin.copy:
src: files/Caddyfile
dest: /etc/caddy/Caddyfile
mode: "0644"
owner: root
group: root
notify:
- Reload caddy
handlers:
- name: Reload caddy
ansible.builtin.service:
name: caddy
state: reloaded

View file

@ -1,294 +0,0 @@
{
email gabriel@augendre.info
http_port 80
https_port 443
}
(common_headers) {
header * -Server
header * -X-Powered-By
header * Permissions-Policy interest-cohort=()
header * ?Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
header * ?Referrer-Policy "strict-origin-when-cross-origin"
header * ?X-Content-Type-Options "nosniff"
header * ?X-Frame-Options "DENY"
header * ?X-XSS-Protection "1; mode=block"
}
(internal) {
@blocked not client_ip private_ranges 2a01:e0a:325:a1c0::/64
respond @blocked "Access denied" 403 {
close
}
}
#########################################################
# PUBLIC SERVICES
#########################################################
## Static config
#########################################################
static.augendre.info {
import common_headers
header * Cache-Control "max-age=300"
file_server * {
root /mnt/data/caddy/static
hide .*
}
}
augendre.info {
import common_headers
respond * 200
}
## Reverse proxies (ports 8000-8999)
#########################################################
charasheet.augendre.info {
import common_headers
route {
file_server /media/* {
root /mnt/data/charasheet/data
}
reverse_proxy localhost:8001
}
}
checkout.augendre.info {
import common_headers
route {
file_server /media/* {
root /mnt/data/checkout
}
reverse_proxy localhost:8002
}
}
cloud.augendre.info {
import common_headers
route /push/* {
uri strip_prefix /push
reverse_proxy localhost:8004
}
# rewrite to suppress carddav/caldav warning
# in nextcloud settings
rewrite /.well-known/carddav /remote.php/dav/
rewrite /.well-known/caldav /remote.php/dav/
reverse_proxy localhost:8003
}
gc.gabnotes.org, gc.augendre.info, static.gc.augendre.info, voyages.gc.coccomagnard.fr {
import common_headers
reverse_proxy localhost:8005
}
git.augendre.info {
import common_headers
reverse_proxy localhost:8006
}
office.augendre.info {
import common_headers
reverse_proxy localhost:8007
}
reader.augendre.info {
import common_headers
reverse_proxy localhost:8008
}
wallabag.augendre.info {
import common_headers
header * ?Content-Security-Policy "default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; manifest-src 'self'"
reverse_proxy localhost:8009
}
bin.augendre.info, paste.augendre.info {
import common_headers
@bot header User-Agent PrivateBinDirectoryBot*
respond @bot "Access denied" 403 {
close
}
reverse_proxy localhost:8010
}
g4b.ovh {
import common_headers
reverse_proxy localhost:8011
}
manuels.augendre.info, fournitures.augendre.info {
import common_headers
reverse_proxy localhost:8012
}
tcl.augendre.info {
import common_headers
reverse_proxy localhost:8013
}
## Ghost blogs (ports >=2368)
#########################################################
gabnotes.org {
import common_headers
header * Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://cdn.jsdelivr.net https://code.jquery.com https://*.gabnotes.org https://unpkg.com https://cdnjs.cloudflare.com; img-src 'self' https:; connect-src 'self' https://*.augendre.info https://unpkg.com https://*.gabnotes.org https://api.codapi.org; frame-ancestors https://*.augendre.info; base-uri 'self'; form-action 'self';"
reverse_proxy localhost:2368
}
ghost.augendre.info {
import common_headers
redir / /ghost/
reverse_proxy localhost:2368
}
voyages-lois.augendre.info {
import common_headers
header * X-Frame-Options "SAMEORIGIN"
reverse_proxy localhost:2369
}
voyages.coccomagnard.fr, voyages.augendre.info {
import common_headers
header * X-Frame-Options "SAMEORIGIN"
reverse_proxy localhost:2370
}
#########################################################
# PROXY TO EXTERNAL SERVICES
#########################################################
## At home
#########################################################
hass.augendre.info {
import common_headers
header * X-Frame-Options "SAMEORIGIN"
reverse_proxy http://192.168.0.9:8123
}
prusalink.augendre.info {
import internal
reverse_proxy http://192.168.0.12
}
## Outside
#########################################################
autoconfig.augendre.info {
import common_headers
reverse_proxy https://autoconfig.migadu.com
}
#########################################################
# INTERNAL SERVICES
#########################################################
## Static config
#########################################################
internal-static.augendre.info {
import common_headers
import internal
header * Cache-Control "max-age=300"
file_server * {
root /mnt/data/caddy/internal-static
hide .*
browse
}
}
## Reverse proxies (ports 9000-9999)
#########################################################
portainer.augendre.info {
import common_headers
import internal
reverse_proxy https://localhost:9001 {
transport http {
tls_insecure_skip_verify
}
}
}
code.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9002
}
plex.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9003
}
transmission.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9004
}
sonarr.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9005
}
prowlarr.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9006
}
radarr.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9007
}
test.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9008
}
nextcloud-kibana.augendre.info {
import common_headers
import internal
reverse_proxy localhost:9009
}
display.augendre.info {
import common_headers
import internal
header Content-Security-Policy "default-src 'self' https://*.augendre.info; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors https://*.augendre.info; connect-src 'self' https://*.augendre.info https://download.data.grandlyon.com"
reverse_proxy localhost:9010
}
#########################################################
# REDIRECTS
#########################################################
mariage.augendre.info {
import common_headers
redir https://cloud.augendre.info/s/65JgH8fzz2CyJZ3
}
mail.augendre.info {
import common_headers
redir https://webmail.migadu.com permanent
}
cv-gabriel.augendre.info {
import common_headers
redir https://cloud.augendre.info/s/FHGJkc2DzJECY64/download permanent
}
blog.augendre.info gabriel.augendre.info www.gabnotes.org {
import common_headers
redir https://gabnotes.org{uri} permanent
}
qrcode.augendre.info qr.augendre.info {
import common_headers
redir https://static.augendre.info/qrcode-web/
}

View file

@ -1,13 +0,0 @@
services:
server:
image: codeberg.org/forgejo/forgejo:8
env_file: gitea.env
restart: always
volumes:
- ./gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "23730:22"
- "8006:3000"
mem_limit: 512m

View file

@ -1,8 +0,0 @@
# Edit most values in gitea_data/gitea/conf/app.ini
DOMAIN=git.augendre.info
SSH_DOMAIN=git.augendre.info
ROOT_URL=https://git.augendre.info/
SSH_PORT=23730
SSH_LISTEN_PORT=22
INSTALL_LOCK=false
DISABLE_REGISTRATION=true

View file

@ -1,47 +0,0 @@
"""
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
class S(BaseHTTPRequestHandler):
def _set_response(self):
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_GET(self):
logging.info("GET request,\nPath: %s\nHeaders:\n%s\n", str(self.path), str(self.headers))
self._set_response()
self.wfile.write("GET request for {}".format(self.path).encode('utf-8'))
def do_POST(self):
content_length = int(self.headers['Content-Length']) # <--- Gets the size of data
post_data = self.rfile.read(content_length) # <--- Gets the data itself
logging.info("POST request,\nPath: %s\nHeaders:\n%s\n\nBody:\n%s\n",
str(self.path), str(self.headers), post_data.decode('utf-8'))
self._set_response()
self.wfile.write("POST request for {}".format(self.path).encode('utf-8'))
def run(server_class=HTTPServer, handler_class=S, port=8080):
logging.basicConfig(level=logging.INFO)
server_address = ('', port)
httpd = server_class(server_address, handler_class)
logging.info('Starting httpd on port %s...\n', port)
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()
logging.info('Stopping httpd...\n')
if __name__ == '__main__':
from sys import argv
if len(argv) == 2:
run(port=int(argv[1]))
else:
run()

View file

@ -1,10 +0,0 @@
services:
app:
image: python:3.13-slim
command: python /app/app.py
volumes:
- ./:/app
ports:
- "9008:8080"
init: true
tty: true

View file

@ -1,10 +0,0 @@
services:
wallabag:
image: wallabag/wallabag:latest
env_file: wallabag.env
restart: always
volumes:
- ./wallabag_data/data:/var/www/wallabag/data
- ./wallabag_data/images:/var/www/wallabag/web/assets/images
ports:
- "8009:80"

View file

@ -1,53 +0,0 @@
---
- name: Ghost update
hosts: servers
gather_facts: false
tasks:
- name: Start update on gabnotes.org
ansible.builtin.command:
chdir: /mnt/data/gabnotes.org
cmd: ghost update
register: gabnotes_async
changed_when: true
async: 300
poll: 0
- name: Start update on voyages-lois.augendre.info
ansible.builtin.command:
chdir: /mnt/data/voyages-lois.augendre.info
cmd: ghost update
register: voyages_lois_async
changed_when: true
async: 300
poll: 0
- name: Start update on voyages.coccomagnard.fr
ansible.builtin.command:
chdir: /mnt/data/voyages.coccomagnard.fr
cmd: ghost update
register: voyages_coccomagnard_async
changed_when: true
async: 300
poll: 0
- name: Check gabnotes.org
ansible.builtin.async_status:
jid: "{{ gabnotes_async.ansible_job_id }}"
register: gabnotes
until: gabnotes.finished
changed_when: '"Restarting Ghost" in gabnotes.stdout'
retries: 100
delay: 10
- name: Check voyages-lois.augendre.info
ansible.builtin.async_status:
jid: "{{ voyages_lois_async.ansible_job_id }}"
register: voyages_lois
until: voyages_lois.finished
changed_when: '"Restarting Ghost" in voyages_lois.stdout'
retries: 100
delay: 10
- name: Check voyages.coccomagnard.fr
ansible.builtin.async_status:
jid: "{{ voyages_coccomagnard_async.ansible_job_id }}"
register: voyages_coccomagnard
until: voyages_coccomagnard.finished
changed_when: '"Restarting Ghost" in voyages_coccomagnard.stdout'
retries: 100
delay: 10

View file

@ -1,86 +0,0 @@
---
- name: Setup gitea
hosts: servers
gather_facts: false
tasks:
- name: Create dir
ansible.builtin.file:
path: "{{ dir }}"
state: directory
mode: "0775"
- name: Write env file
ansible.builtin.copy:
src: files/gitea/gitea.env
dest: "{{ dir }}/gitea.env"
mode: "0644"
- name: Write docker-compose.yaml
ansible.builtin.copy:
src: files/gitea/docker-compose.yaml
dest: "{{ dir }}/docker-compose.yaml"
mode: "0644"
- name: Write app.ini
ansible.builtin.template:
src: templates/gitea_app.ini.j2
dest: "{{ dir }}/gitea_data/gitea/conf/app.ini"
mode: "0600"
notify:
- Restart service
- name: Ensure service is started
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: present
handlers:
- name: Restart service
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: restarted
vars:
dir: /mnt/data/git
lfs_jwt_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
34656631616165623233353835386162343837363230366136303764613334323262313233616462
6431363965646135343161373039333130666663613765660a343734656332323730633165376166
66323834326263336265303864653036343262336262376433373163666339666236363438363031
3632323362336433360a643537613336353434323631366262613839333931666435333563653737
62303161393435653735326338623162383432663964333436373539663434363737386161636535
3032313433633635636136656434626163393734306563333631
secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
35323938623166653161316430346664643063363366656461623333373764626439336335383538
6664346231326137313863623966343438333662383139360a373762346438636630363833653330
38323532663435643666306563353632653832366635626664373534383633346662353165363235
6263633436663661610a653335653730613832373836616231383135316262383438633938353133
34633231636331353864346637326535656538666662643965366232666265333332666362323034
65363435623366303937353337303131663138303935333562626461643332383434376364376537
66666436333261326336666130373934323138623233383038343563353132326231623264313565
32376463353631616234
internal_token: !vault |
$ANSIBLE_VAULT;1.1;AES256
30666238373766633735626466393534646138616139326533363561373331653730663731626338
6139323230353139383638326639646534383463636266650a633737366632636262323938643531
33386236643234303365326430326436653830363561373334633461306161666439653833386432
6537343332313535340a643638346563663966383862646433636531316433343234356262653766
37356233323165633565636137653865373835663234343363313966346138636439303761646534
36393633636433376231353364386164336566386161376337366336396566333332623430646261
65663964383262633037663330646161663236613038626531636237376661633037313566366439
35643362653637663662666663393035653765306262376365386437393537623037633365333236
32303261313264363232643834313166656137316635356436343566343962663630
oauth_jwt_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
66646361313538383161633932643062633336333436376564383836363762303738336638373865
6161326465386466326366383766633338623934396464610a643337363439663833363139366564
35316562643431616637623432363636623238303637366162393434346366393166313334653932
3637303230323733340a353038376631613238393363396363646339393961353430663561353831
32333435633565323064616463333863373132313164386462333934303434356334643938623334
3037366532373130393236666534653132343335366335633635
mailgun_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
65363934663231343630323139393839383161333562376630653363646630393265326134646463
3735363064643138333332623736326638396332323664630a663230363230333138373430316361
35326166663361666437346631626235393133633833336166393366383832363466336635646237
6432653738303864300a623266363661616434393964333464366264326266356466646664363531
63666633376563316336326231313533343065376537313437393830633962313964613336323566
61393561333264366332353838326265343039653165393964313036626563626439616666343436
666235313435363835333664376237336439

View file

@ -1,65 +1,57 @@
--- - name: goatcounter
- name: Goatcounter
hosts: servers hosts: servers
gather_facts: false
tasks: tasks:
- name: Get latest release - name: get latest release
community.general.github_release: github_release:
action: latest_release action: latest_release
user: arp242 user: arp242
repo: goatcounter repo: goatcounter
register: release register: release
- name: Print release - name: print release
ansible.builtin.debug: ansible.builtin.debug:
var: release.tag var: release.tag
- name: Download binary - name: download binary
ansible.builtin.get_url: get_url:
url: https://github.com/arp242/goatcounter/releases/download/{{ release.tag }}/goatcounter-{{ release.tag }}-linux-amd64.gz url: https://github.com/arp242/goatcounter/releases/download/{{release.tag}}/goatcounter-{{release.tag}}-linux-amd64.gz
dest: "{{ base_dir }}/goatcounter-{{ release.tag }}.gz" dest: "{{base_dir}}/goatcounter-{{release.tag}}.gz"
mode: "0644" - name: uncompress
owner: gaugendre command: gunzip {{base_dir}}/goatcounter-{{release.tag}}.gz
group: gaugendre
- name: Uncompress
ansible.builtin.command: gunzip {{ base_dir }}/goatcounter-{{ release.tag }}.gz
args: args:
creates: "{{ base_dir }}/goatcounter-{{ release.tag }}" creates: "{{base_dir}}/goatcounter-{{release.tag}}"
- name: Make executable - name: make executable
ansible.builtin.file: file:
path: "{{ base_dir }}/goatcounter-{{ release.tag }}" path: "{{base_dir}}/goatcounter-{{release.tag}}"
mode: "0775" mode: '0775'
- name: Symlink - name: symlink
ansible.builtin.file: file:
src: "{{ base_dir }}/goatcounter-{{ release.tag }}" src: "{{base_dir}}/goatcounter-{{release.tag}}"
dest: "{{ base_dir }}/goatcounter" dest: "{{base_dir}}/goatcounter"
state: link state: link
- name: Write service unit file - name: write service unit file
become: true become: true
ansible.builtin.template: template:
src: templates/goatcounter.service.j2 src: ../../templates/goatcounter.service.j2
dest: /etc/systemd/system/goatcounter.service dest: /etc/systemd/system/goatcounter.service
mode: "0644"
owner: root
group: root
notify: notify:
- Daemon-reload - daemon-reload
- Restart service - restart goatcounter
- name: Flush handlers - name: flush handlers
ansible.builtin.meta: flush_handlers meta: flush_handlers
- name: Ensure service is running - name: ensure service is running
become: true become: true
ansible.builtin.service: service:
name: goatcounter name: goatcounter
state: started state: started
enabled: true enabled: true
handlers: handlers:
- name: Daemon-reload - name: daemon-reload
become: true become: true
ansible.builtin.systemd: systemd:
daemon_reload: true daemon_reload: true
- name: Restart service - name: restart service
become: true become: true
ansible.builtin.service: service:
name: goatcounter name: goatcounter
state: restarted state: restarted
@ -74,4 +66,4 @@
3662343162643033380a326161313036643835636562636165356464393236303533303435353365 3662343162643033380a326161313036643835636562636165356464393236303533303435353365
36336163313338346235396565363631366564393562326536353262363637653432643830663532 36336163313338346235396565363631366564393562326536353262363637653432643830663532
30356133383335653330613965623261323531613131663437363430636565393262353565326132 30356133383335653330613965623261323531613131663437363430636565393262353565326132
323830313235313462633335333763363161 323830313235313462633335333763363161

View file

@ -1,36 +1,31 @@
--- - name: lyon-transports
- name: Lyon-transports
hosts: servers hosts: servers
gather_facts: false
tasks: tasks:
- name: Write service file - name: write service file
become: true become: true
ansible.builtin.template: template:
src: templates/lyon-transports.service.j2 src: ../../templates/lyon-transports.service.j2
dest: /etc/systemd/system/lyon-transports.service dest: /etc/systemd/system/lyon-transports.service
mode: "0644"
owner: root
group: root
notify: notify:
- Reload daemon - daemon-reload
- Restart service - restart lyon-transports
- name: Flush handlers - name: flush handlers
ansible.builtin.meta: flush_handlers meta: flush_handlers
- name: Ensure service is running - name: ensure service is running
become: true become: true
ansible.builtin.service: service:
name: lyon-transports name: lyon-transports
state: started state: started
enabled: true enabled: true
handlers: handlers:
- name: Reload daemon - name: daemon-reload
become: true become: true
ansible.builtin.systemd: systemd:
daemon_reload: true daemon_reload: true
- name: Restart service - name: restart service
become: true become: true
ansible.builtin.service: service:
name: lyon-transports name: lyon-transports
state: restarted state: restarted

View file

@ -1,110 +0,0 @@
APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea
[repository]
ROOT = /data/git/repositories
ENABLE_PUSH_CREATE_USER = true
ENABLE_PUSH_CREATE_ORG = true
MAX_CREATION_LIMIT = 0
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git.augendre.info
SSH_DOMAIN = git.augendre.info
HTTP_PORT = 3000
ROOT_URL = https://git.augendre.info/
DISABLE_SSH = false
SSH_PORT = 23730
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lfs_jwt_secret }}
OFFLINE_MODE = true
LANDING_PAGE = explore
[lfs]
PATH = /data/git/lfs
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD =
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false
[attachment]
PATH = /data/gitea/attachments
MAX_SIZE = 10
MAX_FILES = 50
[log]
ROOT_PATH = /data/gitea/log
MODE = console
LEVEL = Info
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ secret_key }}
INTERNAL_TOKEN = {{ internal_token }}
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = true
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING = false
NO_REPLY_ADDRESS = noreply-git.augendre.info
[oauth2]
JWT_SECRET = {{ oauth_jwt_secret }}
[mailer]
ENABLED = true
SMTP_ADDR = smtp.mailgun.org
SMTP_PORT = 587
FROM = Gitea <git@mg.augendre.info>
USER = git@mg.augendre.info
PASSWD = {{ mailgun_key }}
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[cron.delete_old_actions]
ENABLED = true
[cron.delete_old_system_notices]
ENABLED = true
[cron.delete_inactive_accounts]
ENABLED = true
SCHEDULE = @monthly

View file

@ -1,10 +0,0 @@
SYMFONY__ENV__SECRET={{ secret_key }}
SYMFONY__ENV__LOCALE=en
SYMFONY__ENV__MAILER_HOST=smtp.mailgun.org
SYMFONY__ENV__MAILER_USER=wallabag@mg.augendre.info
SYMFONY__ENV__MAILER_PASSWORD={{ mailgun_api_key }}
SYMFONY__ENV__MAILER_PORT=587
SYMFONY__ENV__FROM_EMAIL=wallabag@mg.augendre.info
SYMFONY__ENV__FOSUSER_REGISTRATION=false
#SYMFONY__ENV__FOSUSER_CONFIRMATION=
SYMFONY__ENV__DOMAIN_NAME=https://wallabag.augendre.info

View file

@ -1,37 +0,0 @@
---
- name: Setup test_headers
hosts: servers
gather_facts: false
tasks:
- name: Create dir
ansible.builtin.file:
path: "{{ dir }}"
state: directory
mode: "0775"
- name: Write app.py
ansible.builtin.copy:
src: files/test_headers/app.py
dest: "{{ dir }}/app.py"
mode: "0644"
owner: gaugendre
group: gaugendre
notify:
- Restart service
- name: Write docker-compose.yaml
ansible.builtin.copy:
src: files/test_headers/docker-compose.yaml
dest: "{{ dir }}/docker-compose.yaml"
mode: "0644"
owner: gaugendre
group: gaugendre
- name: Ensure service is started
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: present
handlers:
- name: Restart service
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: restarted
vars:
dir: /mnt/data/test_headers

View file

@ -1,44 +0,0 @@
---
- name: Setup wallabag
hosts: servers
gather_facts: false
tasks:
- name: Create dir
ansible.builtin.file:
path: "{{ dir }}"
state: directory
mode: "0775"
- name: Write env file
ansible.builtin.template:
src: templates/wallabag.env.j2
dest: "{{ dir }}/wallabag.env"
mode: "0644"
- name: Write docker-compose.yaml
ansible.builtin.copy:
src: files/wallabag-docker-compose.yaml
dest: "{{ dir }}/docker-compose.yaml"
mode: "0644"
- name: Ensure service is started
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: present
vars:
dir: /mnt/data/wallabag
secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
31346432623062383331306633383230376264326530643236393838356166346563653637376666
6164636662643832383639346638376534353339356161300a636132376531333539323066666334
38663566633337343164316239613239656662623437373234366135366134646665343134656566
3933313933323732350a623262383864343331363138353335663333626537366563663234363833
36613166343664386362626631623061613536616663616431353066633531643736343236333435
31613930633837396237633732353266656533373739613031326137656430633036356565376238
653264666166386662643966383234323133
mailgun_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
38643731363932383630346636353230626563376532316539346231376337636538326233663738
3237623235666635656566376364343063316661646161660a636366306562353361313930383136
34343938663832646631373830373539356236313132333039393236393539613938343339313066
6331656438666366330a353538393238353438643330356665373635373465643161333137386130
34316164613965663930303265353964666338326437386362326639656264653238326463613430
63326533386332313965343064323466653961643939656566343635366231386463323534303464
353966343531346266356462396433373164

View file

@ -1,9 +1,7 @@
--- - name: clean ansible venv
- name: Clean ansible venv
hosts: servers hosts: servers
gather_facts: false
tasks: tasks:
- name: Remove virtualenv - name: remove virtualenv
ansible.builtin.file: file:
path: /tmp/ansible path: /tmp/ansible
state: absent state: absent

View file

@ -1,20 +1,18 @@
--- - name: setup ansible python dependencies
- name: Setup ansible python dependencies
hosts: servers hosts: servers
gather_facts: false
tasks: tasks:
- name: Install system deps - name: install system deps
become: true become: true
ansible.builtin.apt: apt:
pkg: pkg:
- python3-venv - python3-venv
- name: Setup venv - name: setup venv
ansible.builtin.shell: | shell: |
if [ -x /tmp/ansible/bin/python ]; then exit 123; fi if [ -x /tmp/ansible/bin/python ]; then exit 123; fi
/usr/bin/python3 -m venv /tmp/ansible /usr/bin/python3 -m venv /tmp/ansible
/tmp/ansible/bin/pip install --upgrade 'github3.py >= 1.0.0a3' /tmp/ansible/bin/pip install --upgrade 'github3.py >= 1.0.0a3'
args: args:
executable: /bin/bash executable: /bin/bash
register: venv register: venv
changed_when: venv.rc != 123 changed_when: "venv.rc != 123"
failed_when: venv.rc != 0 and venv.rc != 123 failed_when: "venv.rc != 0 and venv.rc != 123"

View file

@ -1,36 +0,0 @@
---
- name: Setup caddy
hosts: servers
gather_facts: false
become: true
tasks:
- name: Install system deps
ansible.builtin.apt:
pkg:
- debian-keyring
- debian-archive-keyring
- apt-transport-https
- gnupg2
- curl
state: present
- name: Add caddy repository
ansible.builtin.deb822_repository:
name: caddy
uris: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
signed_by: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
components: main
suites: any-version
types: [deb]
state: present
enabled: true
- name: Install caddy
ansible.builtin.apt:
update_cache: true
name: caddy
state: present
notify: Restart caddy
handlers:
- name: Restart caddy
ansible.builtin.service:
name: caddy
state: restarted

View file

@ -1,11 +1,9 @@
--- - name: system update
- name: Update system
hosts: servers hosts: servers
gather_facts: false
become: true become: true
tasks: tasks:
- name: Update packages - name: packages update
ansible.builtin.apt: apt:
upgrade: true upgrade: yes
update_cache: true update_cache: yes
cache_valid_time: 86400 cache_valid_time: 86400

View file

@ -3,7 +3,7 @@ Description=Goatcounter
After=network.target After=network.target
[Service] [Service]
ExecStart={{base_dir}}/goatcounter serve -listen *:8005 -tls http -smtp smtps://goatcounter%%40mg.augendre.info:{{gc_mailgun_api_key}}@smtp.mailgun.org:587 -email-from goatcounter@mg.augendre.info -automigrate -db sqlite+{{base_dir}}/db/goatcounter.sqlite3 ExecStart={{base_dir}}/goatcounter serve -listen *:8081 -tls http -smtp smtps://goatcounter%%40mg.augendre.info:{{gc_mailgun_api_key}}@smtp.mailgun.org:587 -email-from goatcounter@mg.augendre.info -automigrate -db sqlite+{{base_dir}}/db/goatcounter.sqlite3
Type=simple Type=simple
Restart=always Restart=always
User=gaugendre User=gaugendre

View file

@ -3,7 +3,7 @@ Description=Lyon transports API
After=network.target After=network.target
[Service] [Service]
ExecStart=/mnt/data/lyon-transports/lyon-transports-linux-amd64 --host 0.0.0.0 --port 8013 -u {{ lyon_transports_username }} -p {{ lyon_transports_password }} --cors-allowed-origin https://display.augendre.info ExecStart=/mnt/data/lyon-transports/lyon-transports-linux-amd64 --host 0.0.0.0 -u {{ lyon_transports_username }} -p {{ lyon_transports_password }} --cors-allowed-origin https://display.augendre.info
Type=simple Type=simple
Restart=always Restart=always
User=gaugendre User=gaugendre