diff --git a/README.md b/README.md index d2f8c19c..82700cad 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # ansible_heimserver -[![Build Status](http://docker9.grote.lan/api/badges/mg/ansible/status.svg)](http://docker9.grote.lan/mg/ansible) +[![Build Status](http://docker10.grote.lan/api/badges/mg/ansible/status.svg)](http://docker10.grote.lan/mg/ansible) ## example-cli `ansible-playbook playbooks/base/0_master.yml -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan` diff --git a/ansible.cfg b/ansible.cfg index 3dc509a5..0f87ac87 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -34,4 +34,4 @@ always = true [ara] api_client = http -api_server = http://docker7.grote.lan:2233 +api_server = http://docker10.grote.lan:2233 diff --git a/docker-compose/ara/docker-compose.yml.j2 b/docker-compose/ara/docker-compose.yml.j2 new file mode 100644 index 00000000..2912c557 --- /dev/null +++ b/docker-compose/ara/docker-compose.yml.j2 @@ -0,0 +1,15 @@ +version: '3.3' +services: + ara: + container_name: ara + ports: + - '2233:8000' + image: 'quay.io/recordsansible/ara-api:latest' + volumes: + - store:/opt/ara:z + environment: + - ARA_ALLOWED_HOSTS=['docker10.grote.lan'] + restart: always +######## Volumes ######## +volumes: + store: diff --git a/docker-compose/drone/docker-compose.yml.j2 b/docker-compose/drone/docker-compose.yml.j2 new file mode 100644 index 00000000..13b4534a --- /dev/null +++ b/docker-compose/drone/docker-compose.yml.j2 @@ -0,0 +1,50 @@ +version: '3.3' +services: +# server + drone: + volumes: + - 'data:/data' + environment: + - 'DRONE_GITEA_SERVER=https://git.mgrote.net' + - DRONE_GITEA_CLIENT_ID=f8f0db2a-0089-4e23-9f5a-a5e52f20d765 + - DRONE_GITEA_CLIENT_SECRET={{ lookup('keepass', 'drone_gitea_client_secret', 'password') }} + - DRONE_RPC_SECRET={{ lookup('keepass', 'drone_rpc_secret', 'password') }} + - DRONE_SERVER_HOST=docker10.grote.lan:81 + - DRONE_SERVER_PROTO=http + - DRONE_USER_CREATE=username:mg,admin:true # Gitea-Nutzer "mg" als Admin + #- DRONE_LOGS_DEBUG=true + ports: + - '81:80' + - '444:443' + restart: always + container_name: drone-server + image: 'drone/drone:latest' + networks: + - intern + + +# runner + drone-runner-docker: + volumes: + - '/var/run/docker.sock:/var/run/docker.sock' + environment: + - DRONE_RPC_PROTO=http + # container-name des servers + - DRONE_RPC_HOST=drone-server + - DRONE_RPC_SECRET={{ lookup('keepass', 'drone_rpc_secret', 'password') }} + - DRONE_RUNNER_CAPACITY=4 + - DRONE_RUNNER_NAME=drone-runner + ports: + - '3000:3000' + restart: always + container_name: drone-runner + image: 'drone/drone-runner-docker:latest' + networks: + - intern + +######## Volumes ######## +volumes: + data: +######## Networks ######## +networks: + intern: # hier kommunizieren Runner + Server diff --git a/docker-compose/hastebin/docker-compose.yml.j2 b/docker-compose/hastebin/docker-compose.yml.j2 new file mode 100644 index 00000000..6b17b99b --- /dev/null +++ b/docker-compose/hastebin/docker-compose.yml.j2 @@ -0,0 +1,36 @@ +version: '3' +services: +######## hastebin ######## + hastebin: + container_name: "hastebin-frontend" + image: quotengrote/hastebin + restart: always + depends_on: + - redis + environment: + - TZ=Europe/Berlin + - STORAGE_TYPE=redis + - STORAGE_HOST=redis + networks: + - int + ports: + - 7777:7777 +######## redis ######## + redis: + container_name: "hastebin-redis" + image: redis + restart: always + volumes: + - redis:/data + networks: + - int + environment: + - TZ=Europe/Berlin + +######## Volumes ######## +volumes: + redis: +######## Networks ######## +networks: + int: # das Prefix "hastebin_" wird automatisch gesetzt; gilt auch für Volumes + driver: bridge diff --git a/docker-compose/homer/assets/config.yml b/docker-compose/homer/assets/config.yml new file mode 100644 index 00000000..d5f37027 --- /dev/null +++ b/docker-compose/homer/assets/config.yml @@ -0,0 +1,246 @@ +--- +# https://github.com/bastienwirtz/homer/blob/main/docs/configuration.md +title: "Homer" +logo: "assets/icons/homer.png" + +header: false +footer: false + +columns: "4" + + + +theme: default +colors: + light: + highlight-primary: "#3367d6" + highlight-secondary: "#4285f4" + highlight-hover: "#5a95f5" + background: "#f5f5f5" + card-background: "#ffffff" + text: "#363636" + text-header: "#ffffff" + text-title: "#303030" + text-subtitle: "#424242" + card-shadow: rgba(0, 0, 0, 0.1) + link-hover: "#363636" + dark: + highlight-primary: "#3367d6" + highlight-secondary: "#4285f4" + highlight-hover: "#5a95f5" + background: "#131313" + card-background: "#2b2b2b" + text: "#eaeaea" + text-header: "#ffffff" + text-title: "#fafafa" + text-subtitle: "#f5f5f5" + card-shadow: rgba(0, 0, 0, 0.4) + link-hover: "#ffdd57" + + + + +links: + - name: "Homepage" + icon: "fas fa-heartbeat" + url: "http://docker10.grote.lan:333" + - name: "Management" + icon: "fas fa-code-branch" + url: "#mgmt" + - name: "Extern" + icon: "fas fa-file-alt" + url: "#papa" + - name: "Test" + icon: "fas fa-globe" + url: "#test" + +# wetter + +# https://github.com/bastienwirtz/homer/pull/181 +services: + - name: "Wetter" + icon: "fas fa-cloud" + items: + - name: "Weather" + location: "Burg" # your location. + locationId: "2941501" # OpenWeatherMap city ID. + apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://openweathermap.org/api. + units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin. + background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none. + type: "OpenWeather" + - name: "Weather" + location: "Magdeburg" + locationId: "2874545" + apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" + units: "metric" + background: "none" + type: "OpenWeather" + + + - name: "Help" + icon: "fas fa-cloud" + items: + - name: "Crontab Guru" + logo: "assets/icons/healthchecks.png" + url: "https://crontab.guru" + target: "_blank" + - name: "Epoch Converter" + logo: "assets/icons/epochconverter.png" + url: "https://www.epochconverter.com" + target: "_blank" + - name: "fstab Generator" + logo: "assets/icons/sabnzbd.png" + url: "https://epistel.no/fstab/" + target: "_blank" + - name: "chmod Calculator" + logo: "assets/icons/redis.png" + url: "https://chmod-calculator.com" + target: "_blank" + - name: "composerizer" + logo: "assets/icons/docker.png" + url: "https://www.composerize.com" + target: "_blank" + subtitle: "docker-run to docker-compose" + - name: "Umrechner Bytes" + logo: "assets/icons/bytes.png" + url: "https://www.fischerclan.de/byte_umrechner.html" + target: "_blank" + - name: "git revert..." + logo: "assets/icons/netatmo.png" + url: "https://sethrobertson.github.io/GitFixUm/fixup.html" + target: "_blank" + + + - name: "Dienste" + icon: "fas fa-cloud" + items: + - name: "gitea" + logo: "assets/icons/gitea.png" + url: "https://git.mgrote.net" + target: "_blank" + subtitle: "git" + - name: "Miniflux" + logo: "assets/icons/miniflux.png" + url: "https://miniflux.mgrote.net/unread" + target: "_blank" + subtitle: "RSS" + - name: "Nextcloud" + logo: "assets/icons/nextcloud.png" + url: "https://nextcloud.mgrote.net" + target: "_blank" + subtitle: "Cloud" + - name: "DokuWiki" + logo: "assets/icons/dokuwiki.png" + url: "http://dokuwiki2.grote.lan" + target: "_blank" + subtitle: "Wiki" + - name: "RSS-Bridge" + logo: "assets/icons/rssb.png" + url: "http://docker10.grote.lan:3001" + target: "_blank" + subtitle: "Facebook/Instagram-to-rss" + - name: "Navidrome - mg" + logo: "assets/icons/navidrome.png" + url: "https://audio.mgrote.net/mg" + target: "_blank" + subtitle: "Audio-Streaming" + - name: "changedetection.io" + logo: "assets/icons/changedetection.png" + url: "http://docker10.grote.lan:5000" + target: "_blank" + subtitle: "Website2rss" + - name: "Photoprism" + logo: "assets/icons/photoprism.svg" + url: "http://docker10.grote.lan:2342" + target: "_blank" + subtitle: "Bildersammlung" + - name: "hastebin" + logo: "assets/icons/hastebin.png" + url: "http://docker10.grote.lan:7777" + target: "_blank" + subtitle: "pastebin" + + + + - name: "Web" + icon: "fas fa-cloud" + items: + - name: "Todoist" + logo: "assets/icons/todoist.png" + url: "https://todoist.com/app/#project%2F2231794668" + target: "_blank" + - name: "WhatsApp" + logo: "assets/icons/whatsapp.png" + url: "https://web.whatsapp.com" + target: "_blank" + - name: "GitHub" + logo: "assets/icons/github.png" + url: "https://github.com/quotengrote" + target: "_blank" + - name: "Monkeytype" + logo: "assets/icons/monkeytype.png" + target: "_blank" + url: "https://monkeytype.com" + - name: "Posteo" + logo: "assets/icons/posteo.png" + url: "https://posteo.de/webmail/?_task=mail&_refresh=1&_mbox=INBOX" + target: "_blank" + - name: "Wikipedia" + logo: "assets/icons/wikipedia.png" + url: "https://de.wikipedia.org/wiki/Benutzer:Quotengrote" + target: "_blank" + - name: "Docker Hub" + logo: "assets/icons/docker.png" + url: "https://hub.docker.com/r/quotengrote" + target: "_blank" + + + - name: "Diabetes" + icon: "fas fa-cloud" + items: + - name: "LibreView" + logo: "assets/icons/freestyle.png" + url: "https://www.libreview.com/glucosereports" + target: "_blank" + - name: "DexCom Clarity" + logo: "assets/icons/dexcom.png" + url: "https://clarity.dexcom.eu/#/overview" + target: "_blank" + - name: "glooko" + logo: "assets/icons/glooko.png" + url: "https://de-fr.my.glooko.com" + target: "_blank" + + + + - name: "Spiele" + icon: "fas fa-cloud" + items: + - name: "Gravity Simulator" + logo: "assets/icons/freshrss.png" + url: "https://testtubegames.com/gravity.html" + target: "_blank" + + + + - name: "Finanzen" + icon: "fas fa-cloud" + items: + - name: "ING Diba" + logo: "assets/icons/ing.png" + url: "https://www.ing.de" + target: "_blank" + - name: "Leaseplanbank" + logo: "assets/icons/leaseplan.webp" + url: "https://sparen.leaseplanbank.de" + target: "_blank" + + + - name: "Dataport" + icon: "fas fa-cloud" + items: + - name: "Outlook" + logo: "assets/icons/dataport.png" + url: "https://webmail.ondataport.de" + target: "_blank" + subtitle: "Webmail" diff --git a/docker-compose/homer/assets/icons/1und1.jpg b/docker-compose/homer/assets/icons/1und1.jpg new file mode 100644 index 00000000..71351691 Binary files /dev/null and b/docker-compose/homer/assets/icons/1und1.jpg differ diff --git a/docker-compose/homer/assets/icons/acng.jpg b/docker-compose/homer/assets/icons/acng.jpg new file mode 100644 index 00000000..ce5925c8 Binary files /dev/null and b/docker-compose/homer/assets/icons/acng.jpg differ diff --git a/docker-compose/homer/assets/icons/ara.png b/docker-compose/homer/assets/icons/ara.png new file mode 100644 index 00000000..076b1083 Binary files /dev/null and b/docker-compose/homer/assets/icons/ara.png differ diff --git a/docker-compose/homer/assets/icons/brother.jpg b/docker-compose/homer/assets/icons/brother.jpg new file mode 100644 index 00000000..8aa7a8e9 Binary files /dev/null and b/docker-compose/homer/assets/icons/brother.jpg differ diff --git a/docker-compose/homer/assets/icons/bytes.png b/docker-compose/homer/assets/icons/bytes.png new file mode 100644 index 00000000..866e103e Binary files /dev/null and b/docker-compose/homer/assets/icons/bytes.png differ diff --git a/docker-compose/homer/assets/icons/changedetection.png b/docker-compose/homer/assets/icons/changedetection.png new file mode 100644 index 00000000..991bb6f4 Binary files /dev/null and b/docker-compose/homer/assets/icons/changedetection.png differ diff --git a/docker-compose/homer/assets/icons/dataport.png b/docker-compose/homer/assets/icons/dataport.png new file mode 100644 index 00000000..59ebc7bc Binary files /dev/null and b/docker-compose/homer/assets/icons/dataport.png differ diff --git a/docker-compose/homer/assets/icons/dexcom.png b/docker-compose/homer/assets/icons/dexcom.png new file mode 100644 index 00000000..1c3bdde1 Binary files /dev/null and b/docker-compose/homer/assets/icons/dexcom.png differ diff --git a/docker-compose/homer/assets/icons/docker.png b/docker-compose/homer/assets/icons/docker.png new file mode 100644 index 00000000..dcce1ace Binary files /dev/null and b/docker-compose/homer/assets/icons/docker.png differ diff --git a/docker-compose/homer/assets/icons/dokuwiki.png b/docker-compose/homer/assets/icons/dokuwiki.png new file mode 100644 index 00000000..82c1d495 Binary files /dev/null and b/docker-compose/homer/assets/icons/dokuwiki.png differ diff --git a/docker-compose/homer/assets/icons/drone.png b/docker-compose/homer/assets/icons/drone.png new file mode 100644 index 00000000..76b8f359 Binary files /dev/null and b/docker-compose/homer/assets/icons/drone.png differ diff --git a/docker-compose/homer/assets/icons/epochconverter.png b/docker-compose/homer/assets/icons/epochconverter.png new file mode 100644 index 00000000..6c8e07e5 Binary files /dev/null and b/docker-compose/homer/assets/icons/epochconverter.png differ diff --git a/docker-compose/homer/assets/icons/freestyle.png b/docker-compose/homer/assets/icons/freestyle.png new file mode 100644 index 00000000..212de89e Binary files /dev/null and b/docker-compose/homer/assets/icons/freestyle.png differ diff --git a/docker-compose/homer/assets/icons/freshrss.png b/docker-compose/homer/assets/icons/freshrss.png new file mode 100644 index 00000000..3e54369e Binary files /dev/null and b/docker-compose/homer/assets/icons/freshrss.png differ diff --git a/docker-compose/homer/assets/icons/fritzbox.svg b/docker-compose/homer/assets/icons/fritzbox.svg new file mode 100644 index 00000000..e47e6939 --- /dev/null +++ b/docker-compose/homer/assets/icons/fritzbox.svg @@ -0,0 +1,320 @@ + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docker-compose/homer/assets/icons/gitea.png b/docker-compose/homer/assets/icons/gitea.png new file mode 100644 index 00000000..dd3e97c4 Binary files /dev/null and b/docker-compose/homer/assets/icons/gitea.png differ diff --git a/docker-compose/homer/assets/icons/github.png b/docker-compose/homer/assets/icons/github.png new file mode 100644 index 00000000..33479614 Binary files /dev/null and b/docker-compose/homer/assets/icons/github.png differ diff --git a/docker-compose/homer/assets/icons/gl-cloud.png b/docker-compose/homer/assets/icons/gl-cloud.png new file mode 100644 index 00000000..a4b6f054 Binary files /dev/null and b/docker-compose/homer/assets/icons/gl-cloud.png differ diff --git a/docker-compose/homer/assets/icons/glooko.png b/docker-compose/homer/assets/icons/glooko.png new file mode 100644 index 00000000..c6f29070 Binary files /dev/null and b/docker-compose/homer/assets/icons/glooko.png differ diff --git a/docker-compose/homer/assets/icons/hastebin.png b/docker-compose/homer/assets/icons/hastebin.png new file mode 100644 index 00000000..8d3858da Binary files /dev/null and b/docker-compose/homer/assets/icons/hastebin.png differ diff --git a/docker-compose/homer/assets/icons/healthchecks.png b/docker-compose/homer/assets/icons/healthchecks.png new file mode 100644 index 00000000..3d7696b6 Binary files /dev/null and b/docker-compose/homer/assets/icons/healthchecks.png differ diff --git a/docker-compose/homer/assets/icons/homer.png b/docker-compose/homer/assets/icons/homer.png new file mode 100644 index 00000000..2ff23ae6 Binary files /dev/null and b/docker-compose/homer/assets/icons/homer.png differ diff --git a/docker-compose/homer/assets/icons/ing.png b/docker-compose/homer/assets/icons/ing.png new file mode 100644 index 00000000..2665d94a Binary files /dev/null and b/docker-compose/homer/assets/icons/ing.png differ diff --git a/docker-compose/homer/assets/icons/leaseplan.webp b/docker-compose/homer/assets/icons/leaseplan.webp new file mode 100644 index 00000000..3936b6cc Binary files /dev/null and b/docker-compose/homer/assets/icons/leaseplan.webp differ diff --git a/docker-compose/homer/assets/icons/librenms.png b/docker-compose/homer/assets/icons/librenms.png new file mode 100644 index 00000000..94799e98 Binary files /dev/null and b/docker-compose/homer/assets/icons/librenms.png differ diff --git a/docker-compose/homer/assets/icons/miniflux.png b/docker-compose/homer/assets/icons/miniflux.png new file mode 100644 index 00000000..62a25a22 Binary files /dev/null and b/docker-compose/homer/assets/icons/miniflux.png differ diff --git a/docker-compose/homer/assets/icons/monkeytype.png b/docker-compose/homer/assets/icons/monkeytype.png new file mode 100644 index 00000000..2f0c64d2 Binary files /dev/null and b/docker-compose/homer/assets/icons/monkeytype.png differ diff --git a/docker-compose/homer/assets/icons/munin.png b/docker-compose/homer/assets/icons/munin.png new file mode 100644 index 00000000..bdb93942 Binary files /dev/null and b/docker-compose/homer/assets/icons/munin.png differ diff --git a/docker-compose/homer/assets/icons/navidrome.png b/docker-compose/homer/assets/icons/navidrome.png new file mode 100644 index 00000000..2bb8c77d Binary files /dev/null and b/docker-compose/homer/assets/icons/navidrome.png differ diff --git a/docker-compose/homer/assets/icons/netatmo.png b/docker-compose/homer/assets/icons/netatmo.png new file mode 100644 index 00000000..d5a3fc5a Binary files /dev/null and b/docker-compose/homer/assets/icons/netatmo.png differ diff --git a/docker-compose/homer/assets/icons/netbootxyz.png b/docker-compose/homer/assets/icons/netbootxyz.png new file mode 100644 index 00000000..a57a8998 Binary files /dev/null and b/docker-compose/homer/assets/icons/netbootxyz.png differ diff --git a/docker-compose/homer/assets/icons/nextcloud.png b/docker-compose/homer/assets/icons/nextcloud.png new file mode 100644 index 00000000..294e230b Binary files /dev/null and b/docker-compose/homer/assets/icons/nextcloud.png differ diff --git a/docker-compose/homer/assets/icons/oxidized.svg b/docker-compose/homer/assets/icons/oxidized.svg new file mode 100644 index 00000000..a58c2128 --- /dev/null +++ b/docker-compose/homer/assets/icons/oxidized.svg @@ -0,0 +1,38 @@ + + + + + + + + + + + + diff --git a/docker-compose/homer/assets/icons/photoprism.svg b/docker-compose/homer/assets/icons/photoprism.svg new file mode 100644 index 00000000..2ffcd856 --- /dev/null +++ b/docker-compose/homer/assets/icons/photoprism.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docker-compose/homer/assets/icons/posteo.png b/docker-compose/homer/assets/icons/posteo.png new file mode 100644 index 00000000..0cdaa6a1 Binary files /dev/null and b/docker-compose/homer/assets/icons/posteo.png differ diff --git a/docker-compose/homer/assets/icons/pve.png b/docker-compose/homer/assets/icons/pve.png new file mode 100644 index 00000000..4a972d7b Binary files /dev/null and b/docker-compose/homer/assets/icons/pve.png differ diff --git a/docker-compose/homer/assets/icons/qnap.png b/docker-compose/homer/assets/icons/qnap.png new file mode 100644 index 00000000..b06ca3ef Binary files /dev/null and b/docker-compose/homer/assets/icons/qnap.png differ diff --git a/docker-compose/homer/assets/icons/redis.png b/docker-compose/homer/assets/icons/redis.png new file mode 100644 index 00000000..923d14aa Binary files /dev/null and b/docker-compose/homer/assets/icons/redis.png differ diff --git a/docker-compose/homer/assets/icons/roundcube.png b/docker-compose/homer/assets/icons/roundcube.png new file mode 100644 index 00000000..60fda3c6 Binary files /dev/null and b/docker-compose/homer/assets/icons/roundcube.png differ diff --git a/docker-compose/homer/assets/icons/rssb.png b/docker-compose/homer/assets/icons/rssb.png new file mode 100644 index 00000000..077f9548 Binary files /dev/null and b/docker-compose/homer/assets/icons/rssb.png differ diff --git a/docker-compose/homer/assets/icons/sabnzbd.png b/docker-compose/homer/assets/icons/sabnzbd.png new file mode 100644 index 00000000..46b4a92a Binary files /dev/null and b/docker-compose/homer/assets/icons/sabnzbd.png differ diff --git a/docker-compose/homer/assets/icons/scaleway.png b/docker-compose/homer/assets/icons/scaleway.png new file mode 100644 index 00000000..c0ddedf5 Binary files /dev/null and b/docker-compose/homer/assets/icons/scaleway.png differ diff --git a/docker-compose/homer/assets/icons/speedport.png b/docker-compose/homer/assets/icons/speedport.png new file mode 100644 index 00000000..d5497565 Binary files /dev/null and b/docker-compose/homer/assets/icons/speedport.png differ diff --git a/docker-compose/homer/assets/icons/strato.jpg b/docker-compose/homer/assets/icons/strato.jpg new file mode 100644 index 00000000..d5b8e6f2 Binary files /dev/null and b/docker-compose/homer/assets/icons/strato.jpg differ diff --git a/docker-compose/homer/assets/icons/switch.png b/docker-compose/homer/assets/icons/switch.png new file mode 100644 index 00000000..fa4a81e0 Binary files /dev/null and b/docker-compose/homer/assets/icons/switch.png differ diff --git a/docker-compose/homer/assets/icons/todoist.png b/docker-compose/homer/assets/icons/todoist.png new file mode 100644 index 00000000..4daa8ab2 Binary files /dev/null and b/docker-compose/homer/assets/icons/todoist.png differ diff --git a/docker-compose/homer/assets/icons/traefik.png b/docker-compose/homer/assets/icons/traefik.png new file mode 100644 index 00000000..77a490a2 Binary files /dev/null and b/docker-compose/homer/assets/icons/traefik.png differ diff --git a/docker-compose/homer/assets/icons/ubiquiti.png b/docker-compose/homer/assets/icons/ubiquiti.png new file mode 100644 index 00000000..e67eec6b Binary files /dev/null and b/docker-compose/homer/assets/icons/ubiquiti.png differ diff --git a/docker-compose/homer/assets/icons/whatsapp.png b/docker-compose/homer/assets/icons/whatsapp.png new file mode 100644 index 00000000..0a17a5d1 Binary files /dev/null and b/docker-compose/homer/assets/icons/whatsapp.png differ diff --git a/docker-compose/homer/assets/icons/wikipedia.png b/docker-compose/homer/assets/icons/wikipedia.png new file mode 100644 index 00000000..650e7cf2 Binary files /dev/null and b/docker-compose/homer/assets/icons/wikipedia.png differ diff --git a/docker-compose/homer/assets/manifest.json b/docker-compose/homer/assets/manifest.json new file mode 100644 index 00000000..9faa0934 --- /dev/null +++ b/docker-compose/homer/assets/manifest.json @@ -0,0 +1 @@ +{"name":"Homer Dashboard","short_name":"Homer","theme_color":"#3367D6","icons":[{"src":"./icons/favicon-16x16.png","sizes":"16x16","type":"image/png"},{"src":"./icons/favicon-32x32.png","sizes":"32x32","type":"image/png"},{"src":"./icons/icon-any.png","sizes":"512x512","type":"image/png","purpose":"any"},{"src":"./icons/icon-any.svg","sizes":"any","type":"image/svg+xml","purpose":"any"},{"src":"./icons/icon-maskable.png","sizes":"512x512","type":"image/png","purpose":"maskable"},{"src":"./icons/safari-pinned-tab.svg","sizes":"any","type":"image/svg+xml","purpose":"monochrome"}],"start_url":"../","display":"standalone","background_color":"#000000"} \ No newline at end of file diff --git a/docker-compose/homer/assets/mgmt.yml b/docker-compose/homer/assets/mgmt.yml new file mode 100644 index 00000000..6599ad93 --- /dev/null +++ b/docker-compose/homer/assets/mgmt.yml @@ -0,0 +1,135 @@ +--- +# Additionnal page configuration + +# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://#). +# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything + + +subtitle: "Management" + +# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one: +# message: ~ + +# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field: +links: + - name: "Homepage" + icon: "fas fa-heartbeat" + url: "http://docker10.grote.lan:333" + - name: "Management" + icon: "fas fa-code-branch" + url: "#mgmt" + - name: "Extern" + icon: "fas fa-file-alt" + url: "#papa" + - name: "Test" + icon: "fas fa-globe" + url: "#test" + +services: + - name: "Hardware" + icon: "fas fa-cloud" + items: + - name: "IPMI - pve2" + logo: "assets/icons/netbootxyz.png" + url: "https://192.168.2.13" + target: "_blank" + subtitle: "Supermicro X10SRL-F" + - name: "Brother ADS-2700W" + logo: "assets/icons/brother.jpg" + url: "http://192.168.2.48" + target: "_blank" + - name: "Fritzbox 7590" + logo: "assets/icons/fritzbox.svg" + url: "http://192.168.5.1" + target: "_blank" + subtitle: "Modem" + + - name: "Infra" + icon: "fas fa-cloud" + items: + - name: "ProxMox Virtual Environment" + logo: "assets/icons/pve.png" + url: "https://pve2.grote.lan:8006" + target: "_blank" + subtitle: "Selbstbau" + - name: "Apt-Cacher-NG" + logo: "assets/icons/acng.jpg" + url: "http://acng.grote.lan:9999/acng-report.html" + target: "_blank" + subtitle: "apt" + - name: "gitea" + logo: "assets/icons/gitea.png" + url: "https://git.mgrote.net" + target: "_blank" + subtitle: "git" + - name: "Traefik" + logo: "assets/icons/traefik.png" + url: "http://docker10.grote.lan:8081" + target: "_blank" + subtitle: "Reverse Proxy" + - name: "Unifi Controller" + logo: "assets/icons/ubiquiti.png" + url: "https://docker10.grote.lan:8443" + target: "_blank" + subtitle: "WLAN" + - name: "drone.io" + logo: "assets/icons/drone.png" + url: "http://docker10.grote.lan:81" + target: "_blank" + subtitle: "CI/CD" + - name: "httpd" + logo: "assets/icons/roundcube.png" + url: " http://docker10.grote.lan:3344" + target: "_blank" + subtitle: "Package-Registry" + + + + + - name: "Monitoring" + icon: "fas fa-cloud" + items: + - name: "Ara" + logo: "assets/icons/ara.png" + url: "http://docker10.grote.lan:2233" + target: "_blank" + subtitle: "ansible" + - name: "Munin - Production" + logo: "assets/icons/munin.png" + url: "http://docker10.grote.lan:1234" + target: "_blank" + subtitle: "Monitoring" + - name: "Oxidized" + logo: "assets/icons/oxidized.svg" + url: "http://docker10.grote.lan:8888" + target: "_blank" + subtitle: "network device configuration backup tool" + - name: "LibreNMS" + logo: "assets/icons/librenms.png" + url: "http://docker10.grote.lan:8000" + target: "_blank" + subtitle: "network monitoring" + + - name: "Internet-MGMT" + icon: "fas fa-cloud" + items: + - name: "IONOS" + logo: "assets/icons/1und1.jpg" + url: "https://login.ionos.de/#/servers/F872D83983D453EA40074C5C59AFB7DD" + target: "_blank" + subtitle: "tor1.mgrote.net" + - name: "Scaleway" + logo: "assets/icons/scaleway.png" + url: "https://console.scaleway.com/object-storage/buckets" + target: "_blank" + subtitle: "Scaleway S3" + - name: "gl.inet - Cloud" + logo: "assets/icons/gl-cloud.png" + url: "https://www.goodcloud.xyz/#/login" + target: "_blank" + subtitle: "Mango MGMT" + - name: "Strato - DNS" + logo: "assets/icons/strato.jpg" + url: "https://www.strato.de/apps/CustomerService#/skl" + target: "_blank" + subtitle: "Domainverwaltung" diff --git a/docker-compose/homer/assets/papa.yml b/docker-compose/homer/assets/papa.yml new file mode 100644 index 00000000..bc86ff9a --- /dev/null +++ b/docker-compose/homer/assets/papa.yml @@ -0,0 +1,46 @@ +--- +# Additionnal page configuration + +# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://#). +# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything + + +subtitle: "Papa's Dienste" + +# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one: +message: "Nur per VPN erreichbar, @home über den Router als s2s-Tunnel umgesetzt." + +# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field: +links: + - name: "Homepage" + icon: "fas fa-heartbeat" + url: "http://docker10.grote.lan:333" + - name: "Management" + icon: "fas fa-code-branch" + url: "#mgmt" + - name: "Extern" + icon: "fas fa-file-alt" + url: "#papa" + - name: "Test" + icon: "fas fa-globe" + url: "#test" + +services: + - name: "Storage" + icon: "fas fa-cloud" + items: + - name: "QNAP TS-251+" + logo: "assets/icons/qnap.png" + url: "http://192.168.3.108:8080" + target: "_blank" + - name: "Network" + icon: "fas fa-cloud" + items: + - name: "Speedport Smart 3" + logo: "assets/icons/speedport.png" + url: "http://192.168.3.1" + target: "_blank" + - name: "Netgear GS308E" + logo: "assets/icons/switch.png" + url: "http://192.168.3.147" + target: "_blank" diff --git a/docker-compose/homer/assets/test.yml b/docker-compose/homer/assets/test.yml new file mode 100644 index 00000000..8e10ca1e --- /dev/null +++ b/docker-compose/homer/assets/test.yml @@ -0,0 +1,69 @@ +--- +# Additionnal page configuration + +# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://#). +# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything + + +subtitle: "Test/Staging" + +# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one: +# message: ~ + +# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field: +links: + - name: "Homepage" + icon: "fas fa-heartbeat" + url: "http://docker10.grote.lan:333" + - name: "Management" + icon: "fas fa-code-branch" + url: "#mgmt" + - name: "Extern" + icon: "fas fa-file-alt" + url: "#papa" + - name: "Test" + icon: "fas fa-globe" + url: "#test" + +services: + - name: "Infra" + icon: "fas fa-cloud" + items: + - name: "ProxMox Virtual Environment" + logo: "assets/icons/pve.png" + url: "https://pve2-test2.grote.lan:8006" + target: "_blank" + subtitle: "VM" + - name: "Apt-Cacher-NG" + logo: "assets/icons/acng.jpg" + url: "http://acng-test.grote.lan:9999/acng-report.html" + target: "_blank" + subtitle: "apt" + - name: "gitea" + logo: "assets/icons/gitea.png" + url: "http://gitea-test.grote.lan:3000" + target: "_blank" + subtitle: "git" + + - name: "Monitoring" + icon: "fas fa-cloud" + items: + - name: "Munin" + logo: "assets/icons/munin.png" + url: "http://docker7-test.grote.lan:12345" + target: "_blank" + subtitle: "Monitoring" + + - name: "Dienste" + icon: "fas fa-cloud" + items: + - name: "homer" + logo: "assets/icons/homer.png" + url: "http://docker7-test.grote.lan:333" + target: "_blank" + subtitle: "Dashboard" + - name: "DokuWiki" + logo: "assets/icons/dokuwiki.png" + url: "http://dokuwiki-test.grote.lan/doku.php" + target: "_blank" + subtitle: "Wiki" diff --git a/docker-compose/homer/docker-compose.yml.j2 b/docker-compose/homer/docker-compose.yml.j2 new file mode 100644 index 00000000..b311eb76 --- /dev/null +++ b/docker-compose/homer/docker-compose.yml.j2 @@ -0,0 +1,16 @@ +version: '3' +services: +######## homer ######## + homer: + image: b4bz/homer:latest + container_name: homer-dashboard + restart: always + environment: + - TZ=Europe/Berlin + - UID=1000 + - GID=1000 + - INIT_ASSETS=0 + volumes: + - ./assets/:/www/assets + ports: + - 333:8080 diff --git a/docker-compose/httpd/docker-compose.yml.j2 b/docker-compose/httpd/docker-compose.yml.j2 new file mode 100644 index 00000000..96bed481 --- /dev/null +++ b/docker-compose/httpd/docker-compose.yml.j2 @@ -0,0 +1,12 @@ +version: '3' +services: + httpd-registry: + container_name: "httpd-registry" + image: httpd:bullseye + restart: always + volumes: + # mounte das lokale Verzeichnis in den Container, der Inhalt ist dann per http aufzurufen; reingeschrieben wird in den lokalen Ordner z.B. per scp aus der Pipeline heraus + - /mnt/httpd:/usr/local/apache2/htdocs/ + - "${PWD}/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro" + ports: + - 3344:80 diff --git a/docker-compose/httpd/httpd.conf.j2 b/docker-compose/httpd/httpd.conf.j2 new file mode 100644 index 00000000..11eb767b --- /dev/null +++ b/docker-compose/httpd/httpd.conf.j2 @@ -0,0 +1,555 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/access_log" +# with ServerRoot set to "/usr/local/apache2" will be interpreted by the +# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" +# will be interpreted as '/logs/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/usr/local/apache2" + +# +# Mutex: Allows you to set the mutex mechanism and mutex file directory +# for individual mutexes, or change the global defaults +# +# Uncomment and change the directory if mutexes are file-based and the default +# mutex file directory is not on a local disk or is not appropriate for some +# other reason. +# +# Mutex default:logs + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule mpm_event_module modules/mod_mpm_event.so +#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +#LoadModule mpm_worker_module modules/mod_mpm_worker.so +LoadModule authn_file_module modules/mod_authn_file.so +#LoadModule authn_dbm_module modules/mod_authn_dbm.so +#LoadModule authn_anon_module modules/mod_authn_anon.so +#LoadModule authn_dbd_module modules/mod_authn_dbd.so +#LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +#LoadModule authz_dbm_module modules/mod_authz_dbm.so +#LoadModule authz_owner_module modules/mod_authz_owner.so +#LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_core_module modules/mod_authz_core.so +#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +#LoadModule auth_form_module modules/mod_auth_form.so +#LoadModule auth_digest_module modules/mod_auth_digest.so +#LoadModule allowmethods_module modules/mod_allowmethods.so +#LoadModule isapi_module modules/mod_isapi.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule cache_module modules/mod_cache.so +#LoadModule cache_disk_module modules/mod_cache_disk.so +#LoadModule cache_socache_module modules/mod_cache_socache.so +#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +#LoadModule socache_dbm_module modules/mod_socache_dbm.so +#LoadModule socache_memcache_module modules/mod_socache_memcache.so +#LoadModule socache_redis_module modules/mod_socache_redis.so +#LoadModule watchdog_module modules/mod_watchdog.so +#LoadModule macro_module modules/mod_macro.so +#LoadModule dbd_module modules/mod_dbd.so +#LoadModule bucketeer_module modules/mod_bucketeer.so +#LoadModule dumpio_module modules/mod_dumpio.so +#LoadModule echo_module modules/mod_echo.so +#LoadModule example_hooks_module modules/mod_example_hooks.so +#LoadModule case_filter_module modules/mod_case_filter.so +#LoadModule case_filter_in_module modules/mod_case_filter_in.so +#LoadModule example_ipc_module modules/mod_example_ipc.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule data_module modules/mod_data.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +#LoadModule ext_filter_module modules/mod_ext_filter.so +#LoadModule request_module modules/mod_request.so +#LoadModule include_module modules/mod_include.so +LoadModule filter_module modules/mod_filter.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule substitute_module modules/mod_substitute.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule deflate_module modules/mod_deflate.so +#LoadModule xml2enc_module modules/mod_xml2enc.so +#LoadModule proxy_html_module modules/mod_proxy_html.so +#LoadModule brotli_module modules/mod_brotli.so +LoadModule mime_module modules/mod_mime.so +#LoadModule ldap_module modules/mod_ldap.so +LoadModule log_config_module modules/mod_log_config.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule logio_module modules/mod_logio.so +#LoadModule lua_module modules/mod_lua.so +LoadModule env_module modules/mod_env.so +#LoadModule mime_magic_module modules/mod_mime_magic.so +#LoadModule cern_meta_module modules/mod_cern_meta.so +#LoadModule expires_module modules/mod_expires.so +LoadModule headers_module modules/mod_headers.so +#LoadModule ident_module modules/mod_ident.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule unique_id_module modules/mod_unique_id.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +#LoadModule remoteip_module modules/mod_remoteip.so +#LoadModule proxy_module modules/mod_proxy.so +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so +#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +#LoadModule proxy_express_module modules/mod_proxy_express.so +#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so +#LoadModule session_module modules/mod_session.so +#LoadModule session_cookie_module modules/mod_session_cookie.so +#LoadModule session_crypto_module modules/mod_session_crypto.so +#LoadModule session_dbd_module modules/mod_session_dbd.so +#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +#LoadModule ssl_module modules/mod_ssl.so +#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so +#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so +#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so +#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule http2_module modules/mod_http2.so +#LoadModule proxy_http2_module modules/mod_proxy_http2.so +#LoadModule md_module modules/mod_md.so +#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule unixd_module modules/mod_unixd.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule dav_module modules/mod_dav.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +#LoadModule asis_module modules/mod_asis.so +#LoadModule info_module modules/mod_info.so +#LoadModule suexec_module modules/mod_suexec.so + + #LoadModule cgid_module modules/mod_cgid.so + + + #LoadModule cgi_module modules/mod_cgi.so + +#LoadModule dav_fs_module modules/mod_dav_fs.so +#LoadModule dav_lock_module modules/mod_dav_lock.so +#LoadModule vhost_alias_module modules/mod_vhost_alias.so +#LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +#LoadModule imagemap_module modules/mod_imagemap.so +#LoadModule actions_module modules/mod_actions.so +#LoadModule speling_module modules/mod_speling.so +#LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +#LoadModule rewrite_module modules/mod_rewrite.so + + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User www-data +Group www-data + + + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin you@example.com + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all granted + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/usr/local/apache2/htdocs" + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + + # Ab hier alles für schöne Dir-listings + # https://perishablepress.com/better-default-directory-views-with-htaccess/ + IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble + Order allow,deny + Options +Indexes + Allow from all + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog /proc/self/fd/2 + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + CustomLog /proc/self/fd/1 common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + #CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" + + + + + # + # ScriptSock: On threaded servers, designate the path to the UNIX + # socket used to communicate with the CGI daemon of mod_cgid. + # + #Scriptsock cgisock + + +# +# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied + # backend servers which have lingering "httpoxy" defects. + # 'Proxy' request header is undefined by the IETF, not listed by IANA + # + RequestHeader unset Proxy early + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig conf/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + #AddType text/html .shtml + #AddOutputFilter INCLUDES .shtml + + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# +#MIMEMagicFile conf/magic + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +#EnableSendfile on + +# Supplemental configuration +# +# The configuration files in the conf/extra/ directory can be +# included to add extra features or to modify the default configuration of +# the server, or you may simply copy their contents here and change as +# necessary. + +# Server-pool management (MPM specific) +#Include conf/extra/httpd-mpm.conf + +# Multi-language error messages +#Include conf/extra/httpd-multilang-errordoc.conf + +# Fancy directory listings +Include conf/extra/httpd-autoindex.conf + +# Language settings +#Include conf/extra/httpd-languages.conf + +# User home directories +#Include conf/extra/httpd-userdir.conf + +# Real-time info on requests and configuration +#Include conf/extra/httpd-info.conf + +# Virtual hosts +#Include conf/extra/httpd-vhosts.conf + +# Local access to the Apache HTTP Server Manual +#Include conf/extra/httpd-manual.conf + +# Distributed authoring and versioning (WebDAV) +#Include conf/extra/httpd-dav.conf + +# Various default settings +#Include conf/extra/httpd-default.conf + +# Configure mod_proxy_html to understand HTML4/XHTML1 + +Include conf/extra/proxy-html.conf + + +# Secure (SSL/TLS) connections +#Include conf/extra/httpd-ssl.conf +# +# Note: The following must must be present to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# + +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + diff --git a/docker-compose/librenms/.env.j2 b/docker-compose/librenms/.env.j2 new file mode 100644 index 00000000..1ed21b53 --- /dev/null +++ b/docker-compose/librenms/.env.j2 @@ -0,0 +1,21 @@ +TZ=Europe/Paris +PUID=1000 +PGID=1000 + +MYSQL_DATABASE=librenms +MYSQL_USER=librenms +MYSQL_PASSWORD={{ lookup('keepass', 'librenms_mysql_password', 'password') }} + +MEMORY_LIMIT=256M +UPLOAD_MAX_SIZE=16M +OPCACHE_MEM_SIZE=128 +REAL_IP_FROM=0.0.0.0/32 +REAL_IP_HEADER=X-Forwarded-For +LOG_IP_VAR=remote_addr + +LIBRENMS_SNMP_COMMUNITY=librenms +MEMCACHED_HOST=memcached +MEMCACHED_PORT=11211 + +LIBRENMS_WEATHERMAP=false +LIBRENMS_WEATHERMAP_SCHEDULE=*/5 * * * * diff --git a/docker-compose/librenms/docker-compose.yml.j2 b/docker-compose/librenms/docker-compose.yml.j2 new file mode 100644 index 00000000..02e97b53 --- /dev/null +++ b/docker-compose/librenms/docker-compose.yml.j2 @@ -0,0 +1,161 @@ +version: "3.5" + +services: + db: + image: mariadb:10.5 + container_name: librenms_db + command: + - "mysqld" + - "--innodb-file-per-table=1" + - "--lower-case-table-names=0" + - "--character-set-server=utf8mb4" + - "--collation-server=utf8mb4_unicode_ci" + volumes: + - "mariadb:/var/lib/mysql" + environment: + - "TZ=${TZ}" + - "MYSQL_ALLOW_EMPTY_PASSWORD=yes" + - "MYSQL_DATABASE=${MYSQL_DATABASE}" + - "MYSQL_USER=${MYSQL_USER}" + - "MYSQL_PASSWORD=${MYSQL_PASSWORD}" + restart: always + + memcached: + image: memcached:alpine + container_name: librenms_memcached + environment: + - "TZ=${TZ}" + restart: always + + redis: + image: redis:5.0-alpine + container_name: librenms_redis + environment: + - "TZ=${TZ}" + restart: always + + librenms: + image: librenms/librenms:latest + container_name: librenms + hostname: librenms + cap_add: + - NET_ADMIN + - NET_RAW + ports: + - target: 8000 + published: 8000 + protocol: tcp + depends_on: + - db + - memcached + volumes: + - "data:/data" + environment: + - "TZ=${TZ}" + - "PUID=${PUID}" + - "PGID=${PGID}" + - "DB_HOST=db" + - "DB_NAME=${MYSQL_DATABASE}" + - "DB_USER=${MYSQL_USER}" + - "DB_PASSWORD=${MYSQL_PASSWORD}" + - "DB_TIMEOUT=60" + - "REDIS_HOST=redis" + - "REDIS_PORT=6379" + - "REDIS_DB=0" + restart: always + + dispatcher: + image: librenms/librenms:latest + container_name: librenms_dispatcher + hostname: librenms-dispatcher + cap_add: + - NET_ADMIN + - NET_RAW + depends_on: + - librenms + - redis + volumes: + - "data:/data" + environment: + - "TZ=${TZ}" + - "PUID=${PUID}" + - "PGID=${PGID}" + - "DB_HOST=db" + - "DB_NAME=${MYSQL_DATABASE}" + - "DB_USER=${MYSQL_USER}" + - "DB_PASSWORD=${MYSQL_PASSWORD}" + - "DB_TIMEOUT=60" + - "DISPATCHER_NODE_ID=dispatcher1" + - "REDIS_HOST=redis" + - "REDIS_PORT=6379" + - "REDIS_DB=0" + - "SIDECAR_DISPATCHER=1" + restart: always + + syslogng: + image: librenms/librenms:latest + container_name: librenms_syslogng + hostname: librenms-syslogng + cap_add: + - NET_ADMIN + - NET_RAW + depends_on: + - librenms + ports: + - target: 514 + published: 514 + protocol: tcp + - target: 514 + published: 514 + protocol: udp + volumes: + - "data:/data" + environment: + - "TZ=${TZ}" + - "PUID=${PUID}" + - "PGID=${PGID}" + - "DB_HOST=db" + - "DB_NAME=${MYSQL_DATABASE}" + - "DB_USER=${MYSQL_USER}" + - "DB_PASSWORD=${MYSQL_PASSWORD}" + - "DB_TIMEOUT=60" + - "REDIS_HOST=redis" + - "REDIS_PORT=6379" + - "REDIS_DB=0" + - "SIDECAR_SYSLOGNG=1" + restart: always + + snmptrapd: + image: librenms/librenms:latest + container_name: librenms_snmptrapd + hostname: librenms-snmptrapd + cap_add: + - NET_ADMIN + - NET_RAW + depends_on: + - librenms + ports: + - target: 162 + published: 162 + protocol: tcp + - target: 162 + published: 162 + protocol: udp + volumes: + - "data:/data" + environment: + - "TZ=${TZ}" + - "PUID=${PUID}" + - "PGID=${PGID}" + - "DB_HOST=db" + - "DB_NAME=${MYSQL_DATABASE}" + - "DB_USER=${MYSQL_USER}" + - "DB_PASSWORD=${MYSQL_PASSWORD}" + - "DB_TIMEOUT=60" + - "SIDECAR_SNMPTRAPD=1" + restart: always + +######## Volumes ######## +volumes: + mariadb: + data: diff --git a/docker-compose/miniflux/docker-compose.yml.j2 b/docker-compose/miniflux/docker-compose.yml.j2 new file mode 100644 index 00000000..a9240e46 --- /dev/null +++ b/docker-compose/miniflux/docker-compose.yml.j2 @@ -0,0 +1,99 @@ +version: '3' +services: +######## Miniflux ######## + miniflux: + container_name: "mf-frontend" + image: miniflux/miniflux:latest + restart: always + depends_on: + - db + environment: + - DATABASE_URL=postgres://miniflux:{{ lookup('keepass', 'miniflux_postgres_password', 'password') }}@mf-db/miniflux?sslmode=disable + - RUN_MIGRATIONS=1 +# - CREATE_ADMIN=1 +# - ADMIN_USERNAME=adminmf +# - ADMIN_PASSWORD={{ lookup('keepass', 'miniflux_admin_password', 'password') }} + - WORKER_POOL_SIZE=10 + - POLLING_FREQUENCY=10 + - CLEANUP_ARCHIVE_UNREAD_DAYS=-1 + - CLEANUP_ARCHIVE_READ_DAYS=90 + - TZ=Europe/Berlin + networks: + - intern + - traefik + labels: + - traefik.http.routers.miniflux.rule=Host(`miniflux.mgrote.net`) + - traefik.enable=true + - traefik.http.routers.miniflux.tls=true + - traefik.http.routers.miniflux.tls.certresolver=resolver_letsencrypt + - traefik.http.routers.miniflux.entrypoints=entry_https + - traefik.http.services.miniflux.loadbalancer.server.port=8080 +######## PostGreSQL ######## + db: + container_name: "mf-db" + image: postgres:13 + restart: always + environment: + - POSTGRES_USER=miniflux + - POSTGRES_PASSWORD={{ lookup('keepass', 'miniflux_postgres_password', 'password') }} + - TZ=Europe/Berlin + volumes: + - db:/var/lib/postgresql/data + networks: + - intern + labels: + - com.centurylinklabs.watchtower.enable="false" +######## Miniflux-Filter ######## + mf-filter: + container_name: mf-filter + restart: always + environment: + - TZ=Europe/Berlin + - MF_AUTH_TOKEN={{ lookup('keepass', 'miniflux_auth_token', 'password') }} + - MF_API_URL=https://miniflux.mgrote.net/v1 + - MF_SLEEP=60 + #- MF_DEBUG=1 + image: quotengrote/miniflux-filter:latest + volumes: + - ./filter.txt:/data/filter.txt + networks: + - intern +######## RSS-Bridge ######## + rssbridge: + container_name: "mf-bridge" + image: rssbridge/rss-bridge:latest + restart: always + environment: + - TZ=Europe/Berlin + volumes: + - ./whitelist.txt:/app/whitelist.txt + networks: + - intern + ports: #um neue Feeds einzufügen + - 3001:80 +######## changedetection ######## + changedetection.io: + image: ghcr.io/dgtlmoon/changedetection.io + container_name: mf-changedetection.io + hostname: changedetection.io + volumes: + - changedetection-data:/datastore + environment: + - PORT=5000 + - BASE_URL=http://docker10.grote.lan:5000 + ports: + - 5000:5000 + restart: always + networks: + - intern + +######## Volumes ######## +volumes: + db: + changedetection-data: +######## Networks ######## +networks: + traefik: + external: true + intern: + driver: bridge diff --git a/docker-compose/miniflux/filter.txt b/docker-compose/miniflux/filter.txt new file mode 100644 index 00000000..cf1253d1 --- /dev/null +++ b/docker-compose/miniflux/filter.txt @@ -0,0 +1,460 @@ +9to5linux.com::9to5Linux Weekly Roundup: +astralcodexten.substack.com::Open Thread +augengeradeaus.net::Sicherheitshalber der Podcast +axios.com::Axios on HBO +computerbase.de::Adrenalin 2020 Edition +computerbase.de::Adrenalin 2021 Edition +computerbase.de::Community: Fotowettbewerb +computerbase.de::Fotowettbewerb: +computerbase.de::Screenshot-Wettbewerb +computerbase.de::Sonntagsfrage: +computerbase.de::Wochenrück- und Ausblick: +facebook.com::Bridge returned error +golem.de::Anzeige +golem.de::Aus dem Verlag: +golem.de::Fifa +golem.de::(g+) +golem.de::in aller Kürze +golem.de::In eigener Sache +golem.de::kurznews +golem.de::Marvel +golem.de::Sonst noch was? +golem.de::Star Trek: +golem.de::Tech Talks: +golem.de::Wochenrückblick +hardwareluxx.de::Der Hardwareluxx-Webwatch: +hardwareluxx.de::Unsere Artikel der letzten Woche +heise.de::Anzeige +heise.de::Auslegungssache +heise.de::Bit-Rauschen +heise.de::Bit-Rauschen, der Prozessor-Podcast +heise.de::c't +heise.de::c’t-Webinar: +heise.de::Desinfec +heise.de::Die Bilder der Woche +heise.de::Die Bilder der Woche (KW +heise.de::Die Highlights bei +heise.de::Die Hupe +heise.de::Dienstag +heise.de::Dienstag: +heise.de::Die Produktwerker +heise.de::Ferris Talk +heise.de::FIFA +heise.de::Freitag +heise.de::Fußball-WM +heise.de::heise+ +heise.de::heise+ | +heise.de::heise-Angebot: +heise.de::Heise-Konferenz +heise.de::heise meets +heise.de::heise meets… +heise.de::#heiseshow +heise.de::heiseshow +heise.de::Heise spielt +heise.de::iX-Workshop +heise.de::Kurz informiert: +heise.de::Mac & i Extra: +heise.de::Missing Link +heise.de::Mittwoch +heise.de::Montag +heise.de::Podcast +heise.de::Podcast "Die Hupe" +heise.de::Podcast Die Hupe +heise.de::Podcast "Die Produktwerker" +heise.de::samstag +heise.de::SoftwareArchitekTOUR +heise.de::software-architektur.tv +heise.de::Sonderheft +heise.de::sonntag +heise.de::t 3003 +heise.de::Tech2go-Podcast: +heise.de::TechStage +heise.de::TechStage | +heise.de::t Fotografie +heise.de::t Fotografie-Wettbewerb +heise.de::#TGIQF +heise.de::TGIQF +heise.de::t uplink +heise.de::t zockt +heise.de::uplink +heise.de::Was war. Was wird. +heise.de::WM 2022 +heise.de::zockt +heise.de::Zugriff auf alle Inhalte von heise+ +instagram.com::Bridge returned error +mdr.de::Fussball +mdr.de::Fußball +mdr.de::Leichtathletik: +mdr.de::Link des Audios +mdr.de::Link des Videos +mdr.de::Livestream +mdr.de::#MDRklärt: +mdr.de::Pferdesport: +mdr.de::Podcast: +mdr.de::Podcast "digital Leben" +mdr.de::Podcast "digital Leben": +mdr.de::Podcastserie +mdr.de::Schwimmen: +mf-bridge::Bridge encountered an unexpected situation +monkeyuser.com::AdLitteram +netzpolitik.org::KW +netzpolitik.org::NPP +planet3dnow.de::AIDA64 Version +planet3dnow.de::Blender +planet3dnow.de::CrystalDiskInfo +planet3dnow.de::CrystalDiskMark +planet3dnow.de::DesktopOK +planet3dnow.de::Display Driver Uninstaller (DDU) +planet3dnow.de::FreeCommander XE +planet3dnow.de::FurMark +planet3dnow.de::GPU‑Z +planet3dnow.de::HWiNFO64 +planet3dnow.de::KiTTY +planet3dnow.de::LibreOffice 7 +planet3dnow.de::MC Extractor +planet3dnow.de::Media Player Classic +planet3dnow.de::Neue Downloads der KW +planet3dnow.de::Notepad++ +planet3dnow.de::NVCleanstall v +planet3dnow.de::Nvidia GeForce-Treiber +planet3dnow.de::paint.net +planet3dnow.de::PowerToys v +planet3dnow.de::Prime95 +planet3dnow.de::Process Lasso +planet3dnow.de::Quick CPU +planet3dnow.de::Radeon Software Adrenalin +planet3dnow.de::Rufus +planet3dnow.de::Ryzen Master +planet3dnow.de::Sysinternals Suite +planet3dnow.de::System Information Viewer Version +planet3dnow.de::SystemRescue +planet3dnow.de::Thunderbird +planet3dnow.de::Universal Media Server +planet3dnow.de::WinRAR +planet3dnow.de::WinSCP +planet3dnow.de::ZenTimings +portuguesegeese.com::portuguesegeese.com +reddit.com::UEFA +stackoverflow.blog::Podcast +stackoverflow.blog::The Overflow +stadt-bremerhaven.de::Bundesliga +stadt-bremerhaven.de::Disney+ +stadt-bremerhaven.de::eFootball +stadt-bremerhaven.de::FIFA +stadt-bremerhaven.de::Formel 1 +stadt-bremerhaven.de::Immer wieder sonntags KW +stadt-bremerhaven.de::Sky Ticket +stadt-bremerhaven.de::(Werbung) +stadt-bremerhaven.de::WM 2022 +sueddeutsche.de::1:1 +sueddeutsche.de::1860 München +sueddeutsche.de::1. FC Kaiserslautern: +sueddeutsche.de::1. FC Köln +sueddeutsche.de::1. FC Union +sueddeutsche.de::3. Liga +sueddeutsche.de::Afrika-Cup: +sueddeutsche.de::Alphonso Davies +sueddeutsche.de::American Football: +sueddeutsche.de::Arminia Bielefeld: +sueddeutsche.de::ATP- +sueddeutsche.de::ATP Finals +sueddeutsche.de::Australian Open: +sueddeutsche.de::Auswärtstor +sueddeutsche.de::Barça +sueddeutsche.de::Basketball +sueddeutsche.de::Bayern +sueddeutsche.de::Belenenses +sueddeutsche.de::Berlinale +sueddeutsche.de::Biathlon +sueddeutsche.de::Bobfahr +sueddeutsche.de::Borussia +sueddeutsche.de::Borussia Dortmund: +sueddeutsche.de::Bundesliga +sueddeutsche.de::BVB +sueddeutsche.de::Carlos Alcaraz +sueddeutsche.de::Champions-League +sueddeutsche.de::Conference League +sueddeutsche.de::Conference-League +sueddeutsche.de::Daniil Medwedew +sueddeutsche.de::Darts +sueddeutsche.de::Darts-WM: +sueddeutsche.de::Davis Cup +sueddeutsche.de::Derby +sueddeutsche.de::Deutsche Nationalmannschaft +sueddeutsche.de::Deutsche U21: +sueddeutsche.de::DFB +sueddeutsche.de::DFB-Elf +sueddeutsche.de::DFB-Pokal +sueddeutsche.de::DFL-Supercup +sueddeutsche.de::Djokovic +sueddeutsche.de::Dressur-Weltmeister +sueddeutsche.de::Drittliga +sueddeutsche.de::Eintracht +sueddeutsche.de::Eisbären Berlin +sueddeutsche.de::Eishockey-WM: +sueddeutsche.de::Eiskunstl +sueddeutsche.de::Eisschnelllauf +sueddeutsche.de::Elfmeter +sueddeutsche.de::EM: +sueddeutsche.de::Emil Forsberg +sueddeutsche.de::Englisches Nationalteam: +sueddeutsche.de::ESC-Finale +sueddeutsche.de::Euroleague +sueddeutsche.de::Europa League +sueddeutsche.de::Europa League: +sueddeutsche.de::Europameister +sueddeutsche.de::Europapokal +sueddeutsche.de::Eurovision Song Contest +sueddeutsche.de::Eurovision Song Contest: +sueddeutsche.de::FC Augsburg +sueddeutsche.de::FC Barcelona +sueddeutsche.de::FC Chelsea: +sueddeutsche.de::FC Sevilla +sueddeutsche.de::Formel 1 +sueddeutsche.de::Frankfurt +sueddeutsche.de::French Open +sueddeutsche.de::Fussball +sueddeutsche.de::Fußball +sueddeutsche.de::Fußball-EM +sueddeutsche.de::Fußballern +sueddeutsche.de::Fußball in England: +sueddeutsche.de::Fußballtorwart +sueddeutsche.de::Fußball-WM +sueddeutsche.de::Galopp +sueddeutsche.de::Gerard López +sueddeutsche.de::Gladbach +sueddeutsche.de::Glasgow Rangers +sueddeutsche.de::Golf: +sueddeutsche.de::Guardiola +sueddeutsche.de::Halbfinale +sueddeutsche.de::Handball-EM: +sueddeutsche.de::Handball-WM +sueddeutsche.de::Hannover 96: +sueddeutsche.de::Heldenfußball +sueddeutsche.de::Hertha +sueddeutsche.de::Hinspiel +sueddeutsche.de::Hochspring +sueddeutsche.de::HSV +sueddeutsche.de::Ibrahimović +sueddeutsche.de::"Ich bin ein Star" +sueddeutsche.de::Infantino +sueddeutsche.de::Inter Mailand +sueddeutsche.de::Joachim Löw +sueddeutsche.de::Julian Nagelsmann +sueddeutsche.de::Juve +sueddeutsche.de::Kevin Trapp +sueddeutsche.de::Klopp +sueddeutsche.de::Klosterhalfen +sueddeutsche.de::La Boum: +sueddeutsche.de::La Liga +sueddeutsche.de::Länderspiel +sueddeutsche.de::Lazio Rom +sueddeutsche.de::Leichtathletik: +sueddeutsche.de::Leichtathletik-Weltmeisterschaft +sueddeutsche.de::Leichtathletik-WM +sueddeutsche.de::Leichtathletik-WM: +sueddeutsche.de::Leon Draisaitl +sueddeutsche.de::leute: +sueddeutsche.de::Leverkusen +sueddeutsche.de::Lewandowski +sueddeutsche.de::Lewis Hamilton +sueddeutsche.de::LIV Tour +sueddeutsche.de::Los Angeles Lakers +sueddeutsche.de::Manchester City +sueddeutsche.de::Manchester United +sueddeutsche.de::ManCity +sueddeutsche.de::ManUnited +sueddeutsche.de::Mbappé +sueddeutsche.de::Messi +sueddeutsche.de::Miroslav Klose +sueddeutsche.de::Monza +sueddeutsche.de::Mourinho +sueddeutsche.de::Musiala +sueddeutsche.de::Nadal +sueddeutsche.de::Nationalmannschaft +sueddeutsche.de::Nations League +sueddeutsche.de::NBA +sueddeutsche.de::Neujahrsspringen +sueddeutsche.de::NFL +sueddeutsche.de::Niklas Süle: +sueddeutsche.de::Nordische Ski-WM +sueddeutsche.de::Olympia +sueddeutsche.de::Olympia: +sueddeutsche.de::Olympia 2022: +sueddeutsche.de::Olympia-Ticker: +sueddeutsche.de::Olympischen Spielen: +sueddeutsche.de::Olympische Spiele: +sueddeutsche.de::Olympische Winterspiele: +sueddeutsche.de::OSC Lille +sueddeutsche.de::Paralympics: +sueddeutsche.de::Paris Saint-Germain +sueddeutsche.de::Pep Guardiola +sueddeutsche.de::Pferdesport +sueddeutsche.de::Playoffs +sueddeutsche.de::Podcasts-Tipps im +sueddeutsche.de::Podcast-Tipps +sueddeutsche.de::Pokal-Sieg +sueddeutsche.de::Polizeiruf 110 +sueddeutsche.de::Prantls Blick: +sueddeutsche.de::Premier +sueddeutsche.de::Premier League +sueddeutsche.de::PSV Eindhoven +sueddeutsche.de::Qualifikationsspiel +sueddeutsche.de::Raducanu +sueddeutsche.de::Rangnick +sueddeutsche.de::RB Leipzig: +sueddeutsche.de::Real Madrid +sueddeutsche.de::Reiten +sueddeutsche.de::Reit-WM +sueddeutsche.de::Relegation +sueddeutsche.de::Robin Gosens +sueddeutsche.de::Rodel- +sueddeutsche.de::Rodeln: +sueddeutsche.de::Ronaldo +sueddeutsche.de::Rudern +sueddeutsche.de::SC Freiburg +sueddeutsche.de::Schach-WM +sueddeutsche.de::Schalke +sueddeutsche.de::Schiedsrichter +sueddeutsche.de::Schwimmen: +sueddeutsche.de::Schwimm-WM +sueddeutsche.de::Serien des Monats +sueddeutsche.de::Ski alpin +sueddeutsche.de::Ski alpin: +sueddeutsche.de::Skilanglauf +sueddeutsche.de::Skirenn +sueddeutsche.de::Skispringen +sueddeutsche.de::Ski-Weltcup +sueddeutsche.de::Slalomfahr +sueddeutsche.de::Stanley Cup +sueddeutsche.de::ST. Pauli +sueddeutsche.de::Stürmer +sueddeutsche.de::Super Bowl +sueddeutsche.de::Super Bowl Sunday: +sueddeutsche.de::Supercup +sueddeutsche.de::Supercup live +sueddeutsche.de::Super League +sueddeutsche.de::Synchronschwimmen: +sueddeutsche.de::SZ-Audioreihe +sueddeutsche.de::SZ-Kolumne "Bester Dinge": +sueddeutsche.de::SZ-Kolumne "Mitten in ...": +sueddeutsche.de::SZ-Plus-Abonnenten lesen auch +sueddeutsche.de::SZ-Podcast +sueddeutsche.de::SZ-Podcast "Und nun zum Sport": +sueddeutsche.de::Tabellenspitze +sueddeutsche.de::"Tatort" +sueddeutsche.de::Tatort aus +sueddeutsche.de::Tatort München: +sueddeutsche.de::Teamspringen +sueddeutsche.de::Tennis +sueddeutsche.de::Tennis: +sueddeutsche.de::Three Lions: +sueddeutsche.de::Timo Boll +sueddeutsche.de::Tischtennis WM: +sueddeutsche.de::Toni Kroos +sueddeutsche.de::Tottenham +sueddeutsche.de::Trikots +sueddeutsche.de::TSG Hoffenheim +sueddeutsche.de::Tuchel +sueddeutsche.de::Türkgücü München +sueddeutsche.de::Ukrainisches Tagebuch +sueddeutsche.de::Uli Hoeneß +sueddeutsche.de::Union Berlin +sueddeutsche.de::US Open +sueddeutsche.de::VfB Stuttgart +sueddeutsche.de::VfL +sueddeutsche.de::VfL Wolfsburg +sueddeutsche.de::Vierschanzentournee +sueddeutsche.de::Viertelfinal +sueddeutsche.de::Weitspr +sueddeutsche.de::Werder +sueddeutsche.de::Wimbledon +sueddeutsche.de::WM-Qualifikation +sueddeutsche.de::WM-Silber +sueddeutsche.de::WM-Ticket +sueddeutsche.de::WM-Titel +sueddeutsche.de::Zlatan +tagesschau.de::Alpine-Super-Kombination: +tagesschau.de::American Football: +tagesschau.de::Auslandspodcast +tagesschau.de::Bahnrad +tagesschau.de::Bayern München +tagesschau.de::Biathl +tagesschau.de::Boateng +tagesschau.de::Bremer SV +tagesschau.de::Bundesliga +tagesschau.de::BVB +tagesschau.de::Carlsen +tagesschau.de::Champions League +tagesschau.de::Darts- +tagesschau.de::Darts-WM: +tagesschau.de::DFB +tagesschau.de::DFB-Bundesgericht +tagesschau.de::Dressurreit +tagesschau.de::Eintracht +tagesschau.de::Eishockey: +tagesschau.de::Eishockey-WM: +tagesschau.de::EM: +tagesschau.de::ESC-Finale +tagesschau.de::European Championships +tagesschau.de::Fashion Week +tagesschau.de::Football +tagesschau.de::Formel 1: +tagesschau.de::Formel-1 +tagesschau.de::Freiwasser- +tagesschau.de::Fußball +tagesschau.de::Fußball-Bundesliga +tagesschau.de::Fußball-EM +tagesschau.de::Gladbach +tagesschau.de::Handball: +tagesschau.de::Handball-EM: +tagesschau.de::Hertha BSC +tagesschau.de::Hoffenheim +tagesschau.de::Klippenspring +tagesschau.de::Klosterhalfen +tagesschau.de::Kostic +tagesschau.de::Leichtathletik-WM: +tagesschau.de::Liveblog +tagesschau.de::Livestream +tagesschau.de::Mehrkamp +tagesschau.de::Nationalmannschaft +tagesschau.de::Nationaltrainer +tagesschau.de::Nepomnjaschtschi +tagesschau.de::Neujahrsspringen +tagesschau.de::Olympia- +tagesschau.de::Olympia: +tagesschau.de::Olympischen Winterspiele: +tagesschau.de::Olympische Winterspiele: +tagesschau.de::Paralympics +tagesschau.de::Remis +tagesschau.de::Riesenslalom: +tagesschau.de::RKI meldet +tagesschau.de::Rodel- +tagesschau.de::Schach-WM: +tagesschau.de::Schwimm-EM +tagesschau.de::Schwimm-WM: +tagesschau.de::Ski Alpin: +tagesschau.de::Skispring +tagesschau.de::Sondersendung: +tagesschau.de::Springreiter +tagesschau.de::Sprintstaffel +tagesschau.de::Stefan Kuntz +tagesschau.de::Tabellenspitze +tagesschau.de::Tennis +tagesschau.de::Trainerwechsel +tagesschau.de::Tuchel +tagesschau.de::UEFA +tagesschau.de::Verstappen +tagesschau.de::Vierschanzentournee +tagesschau.de::Wasserspringen: +tagesschau.de::Weitsprung +tagesschau.de::Werders +tagesschau.de::WM-Auftakt +tagesschau.de::WM-Gold +tagesschau.de::WM-Qualifikation +tagesschau.de::WM-Viertelfinale +tagesschau.de::Zukunftspodcast +tagesschau.de::Zweierbob: +theguardian.com::Guardiola +theguardian.com::Manchester United +toonhole.com::Bernai diff --git a/docker-compose/miniflux/sort_and_remove_double_entries.sh b/docker-compose/miniflux/sort_and_remove_double_entries.sh new file mode 100644 index 00000000..876c3b25 --- /dev/null +++ b/docker-compose/miniflux/sort_and_remove_double_entries.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +FILTERFILE=./filter.txt +VORHER=$(wc -l < $FILTERFILE) +echo Sortiere und filtere doppelte Zeilen heraus. +sort filter.txt | uniq -u -i | cat > .tmp +NACHHER=$(wc -l < .tmp) +echo Es wurden $((VORHER-NACHHER)) Zeilen entfernt! +mv -f .tmp filter.txt diff --git a/docker-compose/miniflux/whitelist.txt b/docker-compose/miniflux/whitelist.txt new file mode 100644 index 00000000..d95e62ed --- /dev/null +++ b/docker-compose/miniflux/whitelist.txt @@ -0,0 +1,5 @@ +TwitterBridge +WikipediaBridge +YoutubeBridge +FacebookBridge +InstagramBridge diff --git a/docker-compose/munin/docker-compose.yml.j2 b/docker-compose/munin/docker-compose.yml.j2 new file mode 100644 index 00000000..4fd6230e --- /dev/null +++ b/docker-compose/munin/docker-compose.yml.j2 @@ -0,0 +1,41 @@ +version: '3' +services: + munin: + container_name: "munin-master-prod" + image: quotengrote/munin-server + restart: always + environment: + - MAILCONTACT=michael.grote@posteo.de + - MAILSERVER=smtp.strato.de + - MAILPORT=587 + - MAILUSER=info@mgrote.net + - MAILPASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }} + - MAILFROM=info@mgrote.net + - MAILNAME=Munin-Prod + - MAILDOMAIN=mgrote.net + - TZ=Europe/Berlin + - DISABLELOCALNODE=yes + - CRONDELAY=5 + - 'NODES= + fileserver2.grote.lan:fileserver2.grote.lan + acng.grote.lan:acng.grote.lan + ansible2.grote.lan:ansible2.grote.lan + pve2.grote.lan:pve2.grote.lan + dokuwiki2.grote.lan:dokuwiki2.grote.lan + gitea.grote.lan:gitea.grote.lan + docker10.grote.lan:docker10.grote.lan + dnsmasq.grote.lan:dnsmasq.grote.lan' + # z.B. + # computer-test.grote.lan.test:192.68.2.4 + # computer.grote.lan:computer.grote.lan + volumes: + - db:/var/lib/munin + - logs:/var/log/munin + - cache:/var/cache/munin + ports: + - 1234:80 + +volumes: + db: + logs: + cache: diff --git a/docker-compose/navidrome/docker-compose.yml.j2 b/docker-compose/navidrome/docker-compose.yml.j2 new file mode 100644 index 00000000..48ddfd4a --- /dev/null +++ b/docker-compose/navidrome/docker-compose.yml.j2 @@ -0,0 +1,54 @@ +version: '3' +services: +######## navidrome-mg ######## + navidrome-mg: + container_name: "navidrome-mg" + image: deluan/navidrome:latest + restart: always + environment: + - ND_LOGLEVEL=info + - ND_SESSIONTIMEOUT=24h + - ND_MUSICFOLDER=/music + - ND_DATAFOLDER=/data + - ND_SCANSCHEDULE=6 * * * * + - ND_TRANSCODINGCACHESIZE=500MB + - ND_IMAGECACHESIZE=100MB + - ND_AUTOIMPORTPLAYLISTS=false + - ND_BASEURL=/mg + - ND_ENABLESTARRATING=false + - ND_ENABLEGRAVATAR=false + - ND_LASTFM_ENABLED=false + - ND_ENABLETRANSCODINGCONFIG=true + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - ND_ENABLE_EXTERNAL_SERVICES=false + volumes: + - musik_smb_mg:/music:ro + - data:/data + networks: + - traefik + labels: + - traefik.http.routers.navidrome-mg.rule=Host(`audio.mgrote.net`)&&PathPrefix(`/mg`) + - traefik.enable=true + - traefik.http.routers.navidrome-mg.tls=true + - traefik.http.routers.navidrome-mg.tls.certresolver=resolver_letsencrypt + - traefik.http.routers.navidrome-mg.entrypoints=entry_https + - traefik.http.services.navidrome-mg.loadbalancer.server.port=4533 + ports: + - "4533:4533" + + +######## Volumes ######## +volumes: + data: + musik_smb_mg: # Verzeichnis in restic aus Backup ausnehmen! + driver: local + driver_opts: + type: "cifs" + o: "user=navidrome,password={{ lookup('keepass', 'navidrome_smb_share_password', 'password') }}" + device: "//192.168.2.36/musik/Musik" +######## Networks ######## +networks: + traefik: + external: true diff --git a/docker-compose/nextcloud/.env.j2 b/docker-compose/nextcloud/.env.j2 new file mode 100644 index 00000000..6bf61d52 --- /dev/null +++ b/docker-compose/nextcloud/.env.j2 @@ -0,0 +1,5 @@ +MYSQL_ROOT_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }} +MYSQL_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_password', 'password') }} +REDIS_HOST_PASSWORD={{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }} +SMTP_PASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }} +NC_MAJOR_VERSION=23 diff --git a/docker-compose/nextcloud/docker-compose.yml.j2 b/docker-compose/nextcloud/docker-compose.yml.j2 new file mode 100644 index 00000000..5553b5e3 --- /dev/null +++ b/docker-compose/nextcloud/docker-compose.yml.j2 @@ -0,0 +1,117 @@ +version: '3.3' +services: +######## Datenbank ######## + nextcloud-db: + image: mariadb + container_name: nextcloud-db + command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_INITDB_SKIP_TZINFO=1 + networks: + - intern + labels: + - com.centurylinklabs.watchtower.enable="false" +######## Redis ######## + nextcloud-redis: + image: redis:alpine + container_name: nextcloud-redis + hostname: nextcloud-redis + networks: + - intern + restart: unless-stopped + command: redis-server --requirepass ${REDIS_HOST_PASSWORD} + labels: + - com.centurylinklabs.watchtower.enable="false" +######## cron ######## + cron: + container_name: nextcloud-cron + image: rcdailey/nextcloud-cronjob + restart: unless-stopped + network_mode: none + depends_on: + - nextcloud-app + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /etc/localtime:/etc/localtime:ro + environment: + - NEXTCLOUD_CONTAINER_NAME=nextcloud-app + - NEXTCLOUD_CRON_MINUTE_INTERVAL=1 +######## Nextcloud ######## + nextcloud-app: + image: nextcloud:${NC_MAJOR_VERSION} + container_name: nextcloud-app + restart: unless-stopped + depends_on: + - nextcloud-db + - nextcloud-redis + environment: + REDIS_HOST: nextcloud-redis + REDIS_HOST_PASSWORD: ${REDIS_HOST_PASSWORD} + MYSQL_DATABASE: nextcloud + MYSQL_USER: nextcloud + MYSQL_PASSWORD: ${MYSQL_PASSWORD} + MYSQL_HOST: nextcloud-db + NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net" + SMTP_HOST: smtp.strato.de + SMTP_SECURE: tls + SMTP_PORT: 587 + SMTP_AUTHTYPE: LOGIN + SMTP_NAME: info@mgrote.net + SMTP_PASSWORD: ${SMTP_PASSWORD} + MAIL_FROM_ADDRESS: info@mgrote.net + PHP_MEMORY_LIMIT: 1024M + PHP_UPLOAD_LIMIT: 10G + APACHE_DISABLE_REWRITE_IP: 1 + TRUSTED_PROXIES: "192.168.2.43" # docker10.grote.lan/traefik #prüfen + volumes: + - app:/var/www/html + - data:/var/www/html/data + networks: + - intern +# ports: +# - 80:80 + networks: + - intern + - traefik + labels: + - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mgrote.net`) + - traefik.enable=true + - traefik.http.routers.nextcloud.tls=true + - traefik.http.routers.nextcloud.tls.certresolver=resolver_letsencrypt + - traefik.http.routers.nextcloud.entrypoints=entry_https + - traefik.http.services.nextcloud.loadbalancer.server.port=80 + + - traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex="^/.well-known/ca(l|rd)dav" + - traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement="/remote.php/dav/" + + - traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains=false + - traefik.http.middlewares.nextcloud-hsts.headers.stspreload=true + - traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552001 + - traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment=false + + - traefik.http.routers.nextcloud.middlewares=nextcloud-hsts@docker,nextcloud-webdav@docker + +######## Networks ######## +networks: + intern: + driver: bridge + traefik: + external: true +######## Volumes ######## +volumes: + db: + app: + data: + +######## Doku ######## +# Telefonregion +# docker exec --user www-data nextcloud-app php occ config:system:set default_phone_region --value="DE" diff --git a/docker-compose/nextcloud/e-mail_settings.png b/docker-compose/nextcloud/e-mail_settings.png new file mode 100644 index 00000000..18826693 Binary files /dev/null and b/docker-compose/nextcloud/e-mail_settings.png differ diff --git a/docker-compose/oxidized/config.j2 b/docker-compose/oxidized/config.j2 new file mode 100644 index 00000000..d6ac579b --- /dev/null +++ b/docker-compose/oxidized/config.j2 @@ -0,0 +1,34 @@ +source: + default: csv + csv: + file: /var/lib/oxidized/router.db + delimiter: !ruby/regexp /:/ + map: + name: 0 + ip: 1 + model: 2 + username: 3 + password: 4 + vars_map: + enable: 5 + +# enable WebGUI +rest: 0.0.0.0:8888 + +# debug +# debug: true + +output: + default: git + git: + user: oxidized + email: oxidized@grote.lan + repo: "/var/lib/oxidized/devices.git" + +hooks: + push_to_remote: + type: githubrepo + events: [post_store] + remote_repo: ssh://gitea@git.mgrote.net:2222/mg/oxidized-configs.git + publickey: /ssh/id_rsa.pub + privatekey: /ssh/id_rsa diff --git a/docker-compose/oxidized/docker-compose.yml.j2 b/docker-compose/oxidized/docker-compose.yml.j2 new file mode 100644 index 00000000..18cb0314 --- /dev/null +++ b/docker-compose/oxidized/docker-compose.yml.j2 @@ -0,0 +1,35 @@ +version: '3.3' +services: + oxidized: + restart: always + container_name: "oxidized" + image: oxidized/oxidized:latest + ports: + - 8888:8888/tcp + environment: + CONFIG_RELOAD_INTERVAL: 600 + volumes: + - ./router.db:/var/lib/oxidized/router.db + - ./config:/root/.config/oxidized/config + - ./ssh:/ssh/ + - oxidized:/var/lib/oxidized + +######## Volumes ######## +volumes: + oxidized: + +# auf git.mgrote.net ist "docker-oxidized" als user angelegt und die ssh-keys sind in seinem Nutzerprofil hinterlegt +# von Nutzer "mg" sind die beiden oxidized Repos an "docker-oxidized" geteilt + +# ssh: +# die ssh-keys müsen im alten pem-format vorliegen +# https://github.com/ytti/oxidized/pull/2453/commits/a67a7204f65be8c564144e23012844fcff5444b5 + +# erstellen: +# 1. ssh-keygen (ohne alles) +# 2. ssh-keygen -p -m PEM -f +# 3. chmod 0660 id_rsa* +# 4. Key in ansible-vault/KeePass hinterlegen + +# hardware: +# oxidized besitzt jeweils einen user auf jedem Gerät mit der Policy "read-only" diff --git a/docker-compose/oxidized/router.db.j2 b/docker-compose/oxidized/router.db.j2 new file mode 100644 index 00000000..31f51554 --- /dev/null +++ b/docker-compose/oxidized/router.db.j2 @@ -0,0 +1,5 @@ +rb5009.grote.lan:192.168.2.1:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_rb5009', 'password') }} +crs309.grote.lan:192.168.2.224:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs309', 'password') }} +nanohd-wohnzimmer.grote.lan:192.168.2.35:airos:ubi_ssh_admin:{{ lookup('keepass', 'docker_oxidized_nanohd', 'password') }} +crs305.grote.lan:192.168.2.225:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs305', 'password') }} +hex.grote.lan:192.168.3.144:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_hex', 'password') }} diff --git a/docker-compose/oxidized/ssh/id_rsa.j2 b/docker-compose/oxidized/ssh/id_rsa.j2 new file mode 100644 index 00000000..208359be --- /dev/null +++ b/docker-compose/oxidized/ssh/id_rsa.j2 @@ -0,0 +1 @@ +{{ lookup('keepass', 'docker_oxidized_gitea_ssh_key_private', 'notes') }} diff --git a/docker-compose/oxidized/ssh/id_rsa.pub b/docker-compose/oxidized/ssh/id_rsa.pub new file mode 100644 index 00000000..f6ac6d1d --- /dev/null +++ b/docker-compose/oxidized/ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiSAQC6Ayt6c9FSrJFBuuGmNpAU/cTDt+s9fy5l4LXOlY+255+ny0IDwfSYBx0e4DtOcpMnaOBazBSONc9zPAU+JFfX7XnO00ion4zHdoviy4TGYO+26L08srobU2sggZnIZLdXIXflpB2t80L2VfJa0RruARjDOAwAv1pM2JqWLjI1be1s8VvY6cj4ki5vl2xkKLBviIS/tBTgdIxtr/+S6U5az+wuopzEO6bXgIoye8ZvwWRVbqWhWwSarntX1yLfDHjFg5IIP9T5j1ySK/dgNL632JZhqM36F4LYEHiTZ4myAE7dCk08HIneQ3O5K4mWgRDKShBpPrWRMGKQouH0N0uoXVu24R7nBio3poVP0dY0TInhWtjIrY8vmdebHQGThNtTwXCBmBHX40UAkKSUuy98gzXa5X068ohvoWzOBHhSk9XY2upPwPEf3qga+mB98aH6UqjcI6/CHi2dIGOL5z8WbYBLhHJQo/hp7lVgLCbpQVv45Whjf+p+IX/sgk= mg@docker10 diff --git a/docker-compose/photoprism/docker-compose.yml.j2 b/docker-compose/photoprism/docker-compose.yml.j2 new file mode 100644 index 00000000..3a281e02 --- /dev/null +++ b/docker-compose/photoprism/docker-compose.yml.j2 @@ -0,0 +1,92 @@ +version: '3.5' +# ------------------------------------------------------------------ +# DOCKER COMPOSE COMMAND REFERENCE +# ------------------------------------------------------------------ +# Start | docker-compose up -d +# Stop | docker-compose stop +# Update | docker-compose pull +# Logs | docker-compose logs --tail=25 -f +# Terminal | docker-compose exec photoprism bash +# Help | docker-compose exec photoprism photoprism help +# Config | docker-compose exec photoprism photoprism config +# Reset | docker-compose exec photoprism photoprism reset +# Backup | docker-compose exec photoprism photoprism backup -a -i +# Restore | docker-compose exec photoprism photoprism restore -a -i +# Index | docker-compose exec photoprism photoprism index +# Reindex | docker-compose exec photoprism photoprism index -a +# Import | docker-compose exec photoprism photoprism import +# ------------------------------------------------------------------- +services: + photoprism: + # Use photoprism/photoprism:preview instead for testing preview builds: + image: photoprism/photoprism:latest + container_name: photoprism-frontend + restart: always + security_opt: + - seccomp:unconfined + - apparmor:unconfined + ports: + - 2342:2342 + environment: + PHOTOPRISM_ADMIN_PASSWORD: "{{ lookup('keepass', 'photoprism_admin_password', 'password') }}" + PHOTOPRISM_HTTP_PORT: 2342 + PHOTOPRISM_HTTP_COMPRESSION: "gzip" # none or gzip + PHOTOPRISM_DEBUG: "false" + PHOTOPRISM_PUBLIC: "false" # No authentication required (disables password protection) + PHOTOPRISM_READONLY: "true" # Don't modify originals directory (reduced functionality) + PHOTOPRISM_EXPERIMENTAL: "false" + PHOTOPRISM_DISABLE_WEBDAV: "true" + PHOTOPRISM_DISABLE_SETTINGS: "false" + PHOTOPRISM_DISABLE_TENSORFLOW: "false" + PHOTOPRISM_DARKTABLE_PRESETS: "false" + PHOTOPRISM_DETECT_NSFW: "true" + PHOTOPRISM_UPLOAD_NSFW: "true" + PHOTOPRISM_DATABASE_DRIVER: "mysql" + PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" + PHOTOPRISM_DATABASE_NAME: "photoprism" + PHOTOPRISM_DATABASE_USER: "photoprism" + PHOTOPRISM_DATABASE_PASSWORD: "{{ lookup('keepass', 'photoprism_database_password', 'password') }}" + PHOTOPRISM_SITE_URL: "http://docker10.grote.lan:2342/" + PHOTOPRISM_SITE_TITLE: "PhotoPrism" + PHOTOPRISM_SITE_CAPTION: "Browse Your Life" + PHOTOPRISM_SITE_DESCRIPTION: "" + PHOTOPRISM_SITE_AUTHOR: "mgrote" + # You may optionally set a user / group id using environment variables if your Docker version or NAS does not + # support this natively (see next example): + # UID: 1000 + # GID: 1000 + # UMASK: 0000 + # Uncomment and edit the following line to set a specific user / group id (native): + # user: "1000:1000" + volumes: + - "smb_bilder:/photoprism/originals/" + - "storage:/photoprism/storage" + # hier alle Bilder hinzufügen, in einem Ordner + + mariadb: + image: mariadb:10.5 + container_name: photoprism-db + restart: always + security_opt: + - seccomp:unconfined + - apparmor:unconfined + command: mysqld --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=50 + volumes: # Don't remove permanent storage for index database files! + - "database:/var/lib/mysql" + environment: + MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'photoprism_mysql_root_password', 'password') }} + MYSQL_DATABASE: photoprism + MYSQL_USER: photoprism + MYSQL_PASSWORD: {{ lookup('keepass', 'photoprism_database_password', 'password') }} + labels: + - com.centurylinklabs.watchtower.enable="false" + +volumes: + storage: + database: + smb_bilder: + driver: local + driver_opts: + type: "cifs" + o: "user=photoprism,password={{ lookup('keepass', 'photoprism_fileserver_cifs_password', 'password') }}" + device: "//192.168.2.36/bilder" diff --git a/docker-compose/tor-snowflake/docker-compose.yml.j2 b/docker-compose/tor-snowflake/docker-compose.yml.j2 new file mode 100644 index 00000000..89cc75da --- /dev/null +++ b/docker-compose/tor-snowflake/docker-compose.yml.j2 @@ -0,0 +1,8 @@ +--- +version: "3.8" +services: + snowflake-proxy: + network_mode: host + image: thetorproject/snowflake-proxy:latest + container_name: tor-snowflake-proxy + restart: unless-stopped diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 new file mode 100644 index 00000000..21afd502 --- /dev/null +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -0,0 +1,29 @@ +version: '3' +services: +######## traefik ######## + traefik: + container_name: "traefik" + image: traefik:latest + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik.yml:/etc/traefik/traefik.yml + - ./file-provider.yml:/etc/traefik/file-provider.yml + - acme_data:/etc/traefik/acme + networks: + - traefik + ports: + - "80:80" # HTTP + - "8081:8080" # Web-GUI + - "443:443" # HTTPS + - "2222:2222" # SSH + environment: + - TZ=Europe/Berlin +######## Networks ######## +networks: + traefik: + external: true + +######## Volumes ######## +volumes: + acme_data: diff --git a/docker-compose/traefik/file-provider.yml b/docker-compose/traefik/file-provider.yml new file mode 100644 index 00000000..3b8f55b8 --- /dev/null +++ b/docker-compose/traefik/file-provider.yml @@ -0,0 +1,44 @@ +# TCP da SSH keine Hostnamen kennt +# alle Anfragen an diesen Port werden an Gitea weitergeleitet +tcp: +###### router ##### + routers: + router-ssh: + entryPoints: + - entry_ssh + rule: HostSNI(`*`) + service: service_gitea_ssh +###### services ##### + services: + service_gitea_ssh: + loadBalancer: + servers: + - address: gitea.grote.lan:2222 + +http: +###### router ##### + routers: + router_dokuwiki: + rule: "Host(`dokuwiki.mgrote.net`,`mgrote.net`,`www.mgrote.net`,`wiki.mgrote.net`)" + service: "service_dokuwiki" + entrypoints: + - entry_https + tls: + certresolver: resolver_letsencrypt + router_gitea: + rule: "Host(`git.mgrote.net`)" + service: "service_gitea" + entrypoints: + - entry_https + tls: + certresolver: resolver_letsencrypt +###### services ##### + services: + service_dokuwiki: + loadBalancer: + servers: + - url: "http://dokuwiki2.grote.lan/" + service_gitea: + loadBalancer: + servers: + - url: "http://gitea.grote.lan:3000/" diff --git a/docker-compose/traefik/traefik.yml b/docker-compose/traefik/traefik.yml new file mode 100644 index 00000000..1c61a6e2 --- /dev/null +++ b/docker-compose/traefik/traefik.yml @@ -0,0 +1,38 @@ +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + network: traefik + file: + filename: /etc/traefik/file-provider.yml # Datei für alte/externe Services + +entryPoints: + entry_http: + address: :80 + http: #Umleitung http zu https + redirections: + entryPoint: + to: entry_https + scheme: https + permanent: true + entry_https: + address: :443 + entry_ssh: + address: :2222 # wenn hier zusätzliche Ports eingetragen werden, müssen diese auch in der docker-compose.yml als Ports gemappt werden + +#letsencrypt +certificatesResolvers: + resolver_letsencrypt: + acme: + email: "michael.grote@posteo.de" + storage: "/etc/traefik/acme/acme.json" +# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" + # zum Testen, da Staging kein Rate-Limiting einsetzt + tlsChallenge: true + +log: + level: INFO + +api: + insecure: true + dashboard: true #unter Port 8081 erreichbar diff --git a/docker-compose/unifi-controller/docker-compose.yml.j2 b/docker-compose/unifi-controller/docker-compose.yml.j2 new file mode 100644 index 00000000..e53b0a21 --- /dev/null +++ b/docker-compose/unifi-controller/docker-compose.yml.j2 @@ -0,0 +1,29 @@ +--- +version: "2.1" +services: + unifi-controller: + image: ghcr.io/linuxserver/unifi-controller + container_name: unifi-controller + environment: + - PUID=1000 + - PGID=1000 + - MEM_LIMIT=1024M #optional + - MEM_STARTUP=1024M #optional + volumes: + - data:/config + ports: + - 3478:3478/udp #Unifi STUN port + - 10001:10001/udp #Required for AP discovery + - 8080:8080 #Required for device communication + - 8443:8443 #Unifi web admin port + - 1900:1900/udp #optional, Required for Make controller discoverable on L2 network option + - 8843:8843 #optional, Unifi guest portal HTTPS redirect port + - 8880:8880 #optional, Unifi guest portal HTTP redirect port + - 6789:6789 #optional, For mobile throughput test + - 5514:5514/udp #optional + restart: always + labels: + - com.centurylinklabs.watchtower.enable="false" +######## Volumes ######## +volumes: + data: diff --git a/group_vars/all.yml b/group_vars/all.yml index a3fafea4..511816f4 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -185,7 +185,7 @@ - nano - ubuntu-advantage-tools apt_packages_internet: - - http://docker7.grote.lan:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb + - http://docker10.grote.lan:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb diff --git a/group_vars/dnsmasq.yml b/group_vars/dnsmasq.yml index 68d2a304..895a94a3 100644 --- a/group_vars/dnsmasq.yml +++ b/group_vars/dnsmasq.yml @@ -23,7 +23,7 @@ ### mgrote.apt_manage_packages # hier mit IP statt Hostnamen da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann apt_packages_internet: - - http://192.168.2.50:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb + - http://192.168.2.43:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb ### mgrote.munin-node munin_node_plugins: - name: timesync diff --git a/host_vars/docker7.grote.lan.yml b/host_vars/docker10.grote.lan.yml similarity index 62% rename from host_vars/docker7.grote.lan.yml rename to host_vars/docker10.grote.lan.yml index 64252a9c..594aaf9d 100644 --- a/host_vars/docker7.grote.lan.yml +++ b/host_vars/docker10.grote.lan.yml @@ -1,10 +1,4 @@ --- - ### mgrote.restic - restic_folders_to_backup: "/ /var/lib/docker /var/lib/docker2" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files - #### mgrote.set_permissions - dir_permissions: - - path: /var/lib/docker2/httpd-registry - mode: '0777' ### mrlesmithjr.ansible-manage-lvm lvm_groups: - vgname: vg_docker @@ -12,7 +6,7 @@ - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 create: true lvnames: - - lvname: lv_docker + - lvname: docker size: +100%FREE create: true filesystem: xfs @@ -23,124 +17,68 @@ - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2 create: true lvnames: - - lvname: lv_docker2 - size: +100%FREE + - lvname: httpd + size: 1G create: true filesystem: xfs mount: true - mntp: /var/lib/docker2/httpd-registry + mntp: /mnt/httpd manage_lvm: true pvresize_to_max: true - ### mgrote.apt_manage_packages - apt_packages_extra: - - libwww-curl-perl # für munin-plugin: unifi - - libjson-perl # für munin-plugin: unifi - - sshpass # fur munin mt_system_* - ### mgrote.docker-compose-deploy - docker_compose_projects: - - name: watchtower - dir_name: docker-watchtower - repository_url: git.mgrote.net/mg/docker-watchtower - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: ansible-ara - dir_name: docker-ansible-ara - repository_url: git.mgrote.net/mg/docker-ansible-ara - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: homer - dir_name: docker-homer - repository_url: git.mgrote.net/mg/docker-homer - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: photoprism - dir_name: docker-photoprism - repository_url: git.mgrote.net/mg/docker-photoprism - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: miniflux - dir_name: docker-miniflux - repository_url: git.mgrote.net/mg/docker-miniflux - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: traefik - dir_name: docker-traefik - repository_url: git.mgrote.net/mg/docker-traefik - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - network_name: nw_proxy_traefik - - name: munin-master - dir_name: docker-munin-master - repository_url: git.mgrote.net/mg/docker-munin-master_production - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: oxidized - dir_name: docker-oxidized - repository_url: git.mgrote.net/mg/docker-oxidized - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: librenms - dir_name: docker-librenms - repository_url: git.mgrote.net/mg/docker-librenms - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: unifi-controller - dir_name: docker-unifi-controller - repository_url: git.mgrote.net/mg/docker-unifi-controller - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: navidrome-mg - dir_name: docker-navidrome-mg - repository_url: git.mgrote.net/mg/docker-navidrome-mg - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: hastebin - dir_name: docker-hastebin - repository_url: git.mgrote.net/mg/docker-hastebin - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: tor-snowflake - dir_name: tor-snowflake - repository_url: git.mgrote.net/Docker-Compose/tor-snowflake - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: apache-registry # fur diesen container ist das lv: lv_docker2 nach /var/lib/docker2/httpd-registry gemountet; dieser Pfad steht in der docker-compose.yml als Volume drin; dieser Ordner hat die Rechte 0777 damit jeder per SSH reinschrieben kann; ist fur drone.io eingerichtet; siehe $dir_permissions - dir_name: docker-apache-registry - repository_url: git.mgrote.net/Docker-Compose/apache-registry - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - git_branch: main + ### mgrote.restic + restic_folders_to_backup: "/ /var/lib/docker /mnt/httpd" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben + # die vars noch in rolle übertragen mit beispiel + + ### mgrote.docker-compose-inline + compose_owner: "docker-user" + compose_group: "docker-user" + compose_file_permissions: "644" + compose_dir_permissions: "755" + compose_dest_basedir: "/docker" + compose_src_basedir: "{{ inventory_dir }}/docker-compose" + compose_files: + - name: hastebin + state: present + - name: ara + state: present + - name: oxidized + state: present + - name: homer + state: present + - name: munin + state: present + - name: drone + state: present + - name: nextcloud + state: present + network: traefik + - name: tor-snowflake + state: present + - name: photoprism + state: present + - name: librenms + state: present + - name: httpd # das Volume hat die Rechte 0777 damit jeder per SSH reinschreiben kann; ist fur drone.io eingerichtet; siehe $dir_permissions + state: present + - name: unifi-controller + state: present + - name: miniflux + state: present + network: traefik + - name: traefik + state: present + network: traefik + - name: navidrome + state: present + network: traefik + + #### mgrote.set_permissions + dir_permissions: + - path: /mnt/httpd + mode: '0777' ### oefenweb.ufw - ufw_rules: # ist extra weil bei munin kein subnet angegeben ist + ufw_rules: - rule: allow to_port: 22 protocol: tcp @@ -151,11 +89,14 @@ protocol: tcp comment: 'munin' from_ip: 0.0.0.0/0 + # docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h - rule: allow - to_port: 443 - protocol: tcp - comment: 'mf-filter' # da mgrote.net auf tarefik umgelietet wird funktioniert sonst mf-filter nicht, daher hier explizit Port 443 freigegeben - from_ip: 0.0.0.0/0 + from_ip: 192.168.0.0/16 + comment: 'docker networks' + - rule: allow + from_ip: 172.0.0.0/8 + comment: 'docker networks' + ### geerlingguy.pip pip_package: python3-pip pip_install_packages: @@ -163,6 +104,13 @@ - name: fritzconnection # für munin fritzbox* - name: lxml # für munin fritzbox* - name: requests # für munin fritzbox* + + ### mgrote.apt_manage_packages + apt_packages_extra: + - libwww-curl-perl # für munin-plugin: unifi + - libjson-perl # für munin-plugin: unifi + - sshpass # fur munin mt_system_* + ### mgrote.munin-node munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift munin_node_plugins: @@ -205,7 +153,7 @@ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response config: | [http_response] - env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 http://docker7.grote.lan:2342 https://audio.mgrote.net/mg http://docker7.grote.lan:3344 + env.sites http://docker10.grote.lan:7777 http://docker10.grote.lan:2233 http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 http://docker10.grote.lan:2342/ env.max_time 20 env.short_label true env.follow_redirect true @@ -215,7 +163,7 @@ [mt_system_crs309] user root env.ssh_user munin - env.ssh_password {{ lookup('keepass', 'crs309_munin_user', 'password') }} + env.ssh_password {{ lookup('keepass', 'munin_user_crs309', 'password') }} env.ssh_host 192.168.2.224 - name: mt_system_hex src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system @@ -223,7 +171,7 @@ [mt_system_hex] user root env.ssh_user munin - env.ssh_password {{ lookup('keepass', 'hex_munin_user', 'password') }} + env.ssh_password {{ lookup('keepass', 'munin_user_hex', 'password') }} env.ssh_host 192.168.3.144 - name: mt_system_crs305 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system @@ -231,7 +179,7 @@ [mt_system_crs305] user root env.ssh_user munin - env.ssh_password {{ lookup('keepass', 'crs305_munin_user', 'password') }} + env.ssh_password {{ lookup('keepass', 'munin_user_crs305', 'password') }} env.ssh_host 192.168.2.225 - name: mt_system_rb5009 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system @@ -239,7 +187,7 @@ [mt_system_rb5009] user root env.ssh_user munin - env.ssh_password {{ lookup('keepass', 'rb5009_munin_user', 'password') }} + env.ssh_password {{ lookup('keepass', 'munin_user_rb5009', 'password') }} env.ssh_host 192.168.2.1 - name: unifi src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi @@ -249,9 +197,9 @@ # point to a read-only account. env.user munin # Password to login to unifi controller API. Default is "ubnt" - env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }} + env.pass {{ lookup('keepass', 'munin_user_unifi', 'password') }} # URL of the API, with port if needed. No trailing slash. - env.api_url https://docker7.grote.lan:8443 + env.api_url https://docker10.grote.lan:8443 # Verify SSL certificate name against host. # Note: if using a default cloudkey certificate, this will fail unless you manually add it # to the local keystore. @@ -323,5 +271,13 @@ [fritzbox_*] env.fritzbox_ip 192.168.5.1 env.fritzbox_username munin - env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }} + env.fritzbox_password {{ lookup('keepass', 'munin_user_fritzbox', 'password') }} env.traffic_remove_max true # if you do not want the possible max values + - name: nextcloud_nextcloud.mgrote.net + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_ + config: | + [nextcloud_nextcloud.mgrote.net] + env.username munin + env.password {{ lookup('keepass', 'munin_user_nextcloud', 'password') }} + env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info + env.scheme https diff --git a/host_vars/docker8.grote.lan.yml b/host_vars/docker8.grote.lan.yml deleted file mode 100644 index 1c90044c..00000000 --- a/host_vars/docker8.grote.lan.yml +++ /dev/null @@ -1,120 +0,0 @@ ---- - ### mrlesmithjr.ansible-manage-lvm - lvm_groups: - - vgname: vg_nextcloud - disks: - - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 - create: true - lvnames: - - lvname: lv_nextcloud - size: +100%FREE - create: true - filesystem: xfs - mount: true - mntp: /mnt/nextcloud - - vgname: vg_docker - disks: - - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2 - create: true - lvnames: - - lvname: lv_docker - size: +100%FREE - create: true - filesystem: xfs - mount: true - mntp: /var/lib/docker - manage_lvm: true - pvresize_to_max: true - ### mgrote.restic - restic_folders_to_backup: "/ /mnt/nextcloud /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files - restic_schedule: "0/2:00" # alle 2 Stunden - restic_exclude: | - ._* - .Trash-* - # https://github.com/restic/restic/issues/1005 - # https://forum.restic.net/t/exclude-syntax-confusion/1531/12 - ### mgrote.munin-node - munin_node_plugins: - - name: timesync - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: systemd_mem - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem - config: | - [systemd_mem] - env.all_services true - - name: lvm_ - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ - config: | - [lvm_*] - user root - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root - - name: nextcloud_nextcloud.mgrote.net - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_ - config: | - [nextcloud_nextcloud.mgrote.net] - env.username munin - env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }} - env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info - env.scheme https - - name: http_response - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response - config: | - [http_response] - env.sites https://nextcloud.mgrote.net - env.max_time 20 - env.short_label true - env.follow_redirect true - - name: timesync - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: lvm_ - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ - config: | - [lvm_*] - user root - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root - - name: docker_containers - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - config: | - [docker_*] - user root - env.DOCKER_HOST unix://run/docker.sock - - name: docker_cpu - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_memory - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_network - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_volumes - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - ### mgrote.docker-compose-deploy - docker_compose_projects: - - name: nextcloud - dir_name: docker-nextcloud - repository_url: git.mgrote.net/mg/docker-nextcloud - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: watchtower - dir_name: docker-watchtower - repository_url: git.mgrote.net/mg/docker-watchtower - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" diff --git a/host_vars/docker9.grote.lan.yml b/host_vars/docker9.grote.lan.yml deleted file mode 100644 index eaa0ec48..00000000 --- a/host_vars/docker9.grote.lan.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- - ### mrlesmithjr.ansible-manage-lvm - lvm_groups: - - vgname: vg_drone - disks: - - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 - create: true - lvnames: - - lvname: lv_drone - size: +100%FREE - create: true - filesystem: xfs - mount: true - mntp: /drone - - vgname: vg_docker - disks: - - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2 - create: true - lvnames: - - lvname: lv_docker - size: +100%FREE - create: true - filesystem: xfs - mount: true - mntp: /var/lib/docker - manage_lvm: true - pvresize_to_max: true - ### mgrote.restic - restic_folders_to_backup: "/ /drone /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files - restic_schedule: "0/6:00" - restic_exclude: | - ._* - .Trash-* - # https://github.com/restic/restic/issues/1005 - # https://forum.restic.net/t/exclude-syntax-confusion/1531/12 - ### mgrote.munin-node - munin_node_plugins: - - name: timesync - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: systemd_mem - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem - config: | - [systemd_mem] - env.all_services true - - name: lvm_ - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ - config: | - [lvm_*] - user root - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root - - name: http_response - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response - config: | - [http_response] - env.sites http://docker9.grote.lan - env.max_time 20 - env.short_label true - env.follow_redirect true - - name: timesync - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: lvm_ - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ - config: | - [lvm_*] - user root - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root - - name: docker_containers - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - config: | - [docker_*] - user root - env.DOCKER_HOST unix://run/docker.sock - - name: docker_cpu - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_memory - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_network - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_volumes - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - ### mgrote.docker-compose-deploy - docker_compose_projects: - - name: watchtower - dir_name: docker-watchtower - repository_url: git.mgrote.net/mg/docker-watchtower - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - name: drone-server - dir_name: docker-drone-server - repository_url: git.mgrote.net/mg/docker-drone-server - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - network_name: nw_drone - - name: drone-runnner - dir_name: docker-drone-runnner - repository_url: git.mgrote.net/mg/docker-drone-runner - state: present - os_username: docker-user - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - network_name: nw_drone diff --git a/inventory b/inventory index a7349d82..cfa07929 100644 --- a/inventory +++ b/inventory @@ -22,10 +22,8 @@ all: ansible-test.grote.lan: docker: hosts: - docker7.grote.lan: + docker10.grote.lan: docker7-test.grote.lan: - docker8.grote.lan: - docker9.grote.lan: vmtest: hosts: vm-test2.grote.lan: @@ -58,9 +56,7 @@ all: pve2.grote.lan: gitea.grote.lan: dnsmasq.grote.lan: - docker7.grote.lan: - docker8.grote.lan: - docker9.grote.lan: + docker10.grote.lan: test: hosts: dokuwiki-test.grote.lan: diff --git a/keepass_db.kdbx b/keepass_db.kdbx index 82bc9c42..75064fef 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ diff --git a/playbooks/3_service/docker.yml b/playbooks/3_service/docker.yml index 85a72e05..c7d5a93f 100644 --- a/playbooks/3_service/docker.yml +++ b/playbooks/3_service/docker.yml @@ -5,4 +5,4 @@ - { role: geerlingguy.docker, tags: "docker", become: true } - { role: gantsign.ctop, tags: "ctop", become: true } - { role: mgrote.set_permissions, tags: "perm", become: true } - - { role: mgrote.docker-compose-deploy, tags: "compose", become: true } + - { role: mgrote.docker-compose-inline, tags: "compose", become: true } diff --git a/roles/mgrote.alacritty/defaults/main.yml b/roles/mgrote.alacritty/defaults/main.yml index a8034351..d489a06c 100644 --- a/roles/mgrote.alacritty/defaults/main.yml +++ b/roles/mgrote.alacritty/defaults/main.yml @@ -1,2 +1,2 @@ --- - alacritty_url: http://docker7.grote.lan:3344/alacritty/alacritty-latest.tar.gz + alacritty_url: http://docker10.grote.lan:3344/alacritty/alacritty-latest.tar.gz diff --git a/roles/mgrote.docker-compose-inline/LICENSE b/roles/mgrote.docker-compose-inline/LICENSE new file mode 100644 index 00000000..e72bfdda --- /dev/null +++ b/roles/mgrote.docker-compose-inline/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. \ No newline at end of file diff --git a/roles/mgrote.docker-compose-inline/README.md b/roles/mgrote.docker-compose-inline/README.md new file mode 100644 index 00000000..c3491d9f --- /dev/null +++ b/roles/mgrote.docker-compose-inline/README.md @@ -0,0 +1,27 @@ +# mgrote.docker-compose-inline + +### Beschreibung + +Diese Rolle templated docker-compose-Ordner auf die Zielmaschine und startet dort die Container. + +### getestet auf + +- [X] Ubuntu (>=20.04) + +### Variablen + Defaults + +siehe [defaults](./defaults/main.yml) + +### Nutzung: Abbau Container + +1. setze `state: absent` +1. lösche Ordner in `compose_src_basedir` +2. Rolle ausführen + + +### Nutzung: Hinzufügen Container + +1. ersteller Ordner in `compose_src_basedir` +1. alle Dateien die templated werden sollen + IMMER `docker-compose.yml` mit der Dateiendung `.j2` versehen +1. Secrets: in `*.j2`-Dateien mit `{{ lookup('keepass', '', 'password') }} +` einbauen diff --git a/roles/mgrote.docker-compose-inline/defaults/main.yml b/roles/mgrote.docker-compose-inline/defaults/main.yml new file mode 100644 index 00000000..8d9cb9e5 --- /dev/null +++ b/roles/mgrote.docker-compose-inline/defaults/main.yml @@ -0,0 +1,18 @@ +--- + # owner and group of all files and directories + compose_owner: "docker-user" + compose_group: "docker-user" + # default permissions for all files and directories + compose_file_permissions: "644" + compose_dir_permissions: "755" + # where to store the compose-files on the destination system + compose_dest_basedir: "/docker" # without trailing "/" + # where are the docker-compose-files located on the ansible controller + compose_src_basedir: "{{ inventory_dir }}/docker-compose" # without trailing "/" + # dict of compose-files to deploy + #compose_files: + # - name: hastebin # used for directory name; starting & stopping + # state: present + # #network: test_nw # external network (optional) + # - name: ara + # state: present diff --git a/roles/mgrote.docker-compose-inline/tasks/main.yml b/roles/mgrote.docker-compose-inline/tasks/main.yml new file mode 100644 index 00000000..9dfda2aa --- /dev/null +++ b/roles/mgrote.docker-compose-inline/tasks/main.yml @@ -0,0 +1,97 @@ +--- + - name: ensure basedir exists + become: true + ansible.builtin.file: + path: "{{ compose_dest_basedir }}" + state: directory + mode: "{{ compose_dir_permissions }}" + owner: "{{ compose_owner }}" + group: "{{ compose_group }}" + +# https://codeutility.org/ansible-can-the-templates-module-handle-multiple-templates-directories-stack-overflow/ + - name: copy all directories recursively + ansible.builtin.file: + dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '') }}" + state: directory + mode: "{{ compose_dir_permissions }}" + owner: "{{ compose_owner }}" + group: "{{ compose_group }}" + with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type d').split('\n') }}" + + - name: copy all files recursively (can take a long time) + ansible.builtin.copy: + mode: "{{ compose_file_permissions }}" + owner: "{{ compose_owner }}" + group: "{{ compose_group }}" + src: "{{ item }}" + dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '') }}" + with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}" + no_log: true + + - name: copy templates files recursively + ansible.builtin.template: + mode: "{{ compose_file_permissions }}" + owner: "{{ compose_owner }}" + group: "{{ compose_group }}" + src: "{{ item }}" + dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '')|replace('.j2', '') }}" + with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}" + register: copy_template + no_log: true + +# - name: print $copy_template +# ansible.builtin.debug: +# var: copy_template + + - name: create networks + become: true + ansible.builtin.shell: "docker network create {{ item.network }}" # erstelle network + register: network_result # speichere ergebnis in var + changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0 + ignore_errors: yes # ignoriere fehler + loop: "{{ compose_files }}" + when: + - item.state == "present" + - item.network is defined + + - name: (re)start container + become: true + ansible.builtin.shell: docker-compose up -d + args: + chdir: "{{ compose_dest_basedir }}/{{ item.name }}" + register: start_result # speichere ergebnis in var + changed_when: "start_result.rc == 0" # markiere tasks als changed when exit-code == 0 + loop: "{{ compose_files }}" + when: + - item.state == "present" + - copy_template is changed + + - name: stop old container + become: true + ansible.builtin.shell: docker-compose down + args: + chdir: "{{ compose_dest_basedir }}/{{ item.name }}" + loop: "{{ compose_files }}" + when: + - item.state == "absent" + ignore_errors: yes # ignoriere fehler + + - name: remove old networks + become: true + ansible.builtin.shell: "docker network remove {{ item.network }}" # erstelle network + register: network_result # speichere ergebnis in var + changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0 + ignore_errors: yes # ignoriere fehler + loop: "{{ compose_files }}" + when: + - item.state == "absent" + - item.network is defined + + - name: remove old docker-compose files & directories + become: true + ansible.builtin.file: + path: "{{ compose_dest_basedir }}/{{ item.name }}/" + state: absent + loop: "{{ compose_files }}" + when: + - item.state == "absent"