finallycoffee/services
6
1
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: finallycoffee:0.1.1
Branches Tags
finallycoffee:main finallycoffee:transcaffeine/snipe-it-8.1.0 finallycoffee:transcaffeine/phpldapadmin finallycoffee:transcaffeine/authelia-refactor finallycoffee:transcaffeine/snipe-it finallycoffee:transcaffeine/vaultwarden finallycoffee:transcaffeine/hedgedoc finallycoffee:transcaffeine/restic-unlock-on-boot
finallycoffee:0.1.15 finallycoffee:0.1.14 finallycoffee:0.1.13 finallycoffee:0.1.12 finallycoffee:0.1.11 finallycoffee:0.1.10 finallycoffee:0.1.9 finallycoffee:0.1.8 finallycoffee:0.1.7 finallycoffee:0.1.6 finallycoffee:0.1.5 finallycoffee:0.1.4 finallycoffee:0.1.3 finallycoffee:0.1.2 finallycoffee:0.1.1 finallycoffee:0.1.0
...
compare: finallycoffee:0.1.3
Branches Tags
finallycoffee:main finallycoffee:transcaffeine/snipe-it-8.1.0 finallycoffee:transcaffeine/phpldapadmin finallycoffee:transcaffeine/authelia-refactor finallycoffee:transcaffeine/snipe-it finallycoffee:transcaffeine/vaultwarden finallycoffee:transcaffeine/hedgedoc finallycoffee:transcaffeine/restic-unlock-on-boot
finallycoffee:0.1.15 finallycoffee:0.1.14 finallycoffee:0.1.13 finallycoffee:0.1.12 finallycoffee:0.1.11 finallycoffee:0.1.10 finallycoffee:0.1.9 finallycoffee:0.1.8 finallycoffee:0.1.7 finallycoffee:0.1.6 finallycoffee:0.1.5 finallycoffee:0.1.4 finallycoffee:0.1.3 finallycoffee:0.1.2 finallycoffee:0.1.1 finallycoffee:0.1.0

15 Commits
0.1.1 ... 0.1.3

Author SHA1 Message Date
transcaffeine
cde5f12e79 meta: bump galaxy version to 0.1.3 2024-10-03 22:37:43 +02:00
transcaffeine
a8f5507eab meta: add role descriptions 2024-10-03 22:34:28 +02:00
transcaffeine
ddfa8d6687 chore(jellyfin): migrate to fully-qualified module names 2024-10-03 22:25:46 +02:00
transcaffeine
fd4cc0fe6a meta: require community.crypto@^2.0.0 in collection 2024-10-03 22:24:30 +02:00
transcaffeine
3a15ed1157 chore(gitea): migrate to fully-qualified module names 2024-10-03 22:22:31 +02:00
transcaffeine
a7fad79d05 chore(authelia): add container recreation option 2024-10-03 22:19:16 +02:00
transcaffeine
f3d3617ec0 chore(authelia): migrate to fully-qualified module names 2024-10-03 22:18:34 +02:00
transcaffeine
908b579f2c chore(authelia): more config migration in preparation for authelia 5.0.x 2024-10-03 22:05:08 +02:00
transcaffeine
bab5b94500 update(ghost): bump version to 5.95.0 2024-10-03 21:30:48 +02:00
transcaffeine
b5b4f67a08 chore(authelia): migrate away from deprecated config options 2024-10-03 18:01:40 +02:00
transcaffeine
5e29e174d5 chore(authelia): add etc_hosts container option 2024-10-03 17:06:49 +02:00
transcaffeine
6001399569 meta: bump collection version to 0.1.2, take issues on codeberg repo, require community.general>=3.0.0 2024-10-03 16:58:58 +02:00
transcaffeine
87df054977 update(authelia): bump version to 4.38.15 2024-10-03 16:57:00 +02:00
transcaffeine
8c89d40fcd chore(authelia): split container image into parts 2024-10-03 16:55:46 +02:00
transcaffeine
f231d4e7d3 chore(gitea): split container_image_name into parts for easier overriding 2024-10-03 14:05:35 +02:00
13 changed files with 154 additions and 53 deletions
Expand all files Collapse all files

7
galaxy.yml
View File

@ -1,14 +1,15 @@
namespace: finallycoffee
name: services
version: 0.1.1
version: 0.1.3
readme: README.md
authors:
- transcaffeine <transcaffeine@finally.coffee>
description: Various ansible roles useful for automating infrastructure
dependencies:
"community.docker": "^1.10.0"
"community.crypto": "^2.0.0"
"community.docker": "^3.0.0"
license_file: LICENSE.md
build_ignore:
- '*.tar.gz'
repository: https://git.finally.coffee/finallycoffee/services
issues: https://git.finally.coffee/finallycoffee/services/issues
issues: https://codeberg.org/finallycoffee/ansible-collection-services/issues

60
roles/authelia/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
authelia_version: 4.37.5
authelia_version: 4.38.15
authelia_user: authelia
authelia_base_dir: /opt/authelia
authelia_domain: authelia.example.org
@ -14,9 +14,20 @@ authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt"
authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml"
authelia_container_name: authelia
authelia_container_image_name: docker.io/authelia/authelia
authelia_container_image_server: docker.io
authelia_container_image_namespace: authelia
authelia_container_image_name: authelia
authelia_container_image: >-2
{{
[
authelia_container_image_server,
authelia_container_image_namespace,
authelia_container_image_name
] | join('/')
}}
authelia_container_image_tag: ~
authelia_container_image_ref: "{{ authelia_container_image_name }}:{{ authelia_container_image_tag | default(authelia_version, true) }}"
authelia_container_image_ref: >-2
{{ authelia_container_image }}:{{ authelia_container_image_tag | default(authelia_version, true) }}
authelia_container_image_force_pull: "{{ authelia_container_image_tag | default(false, True) }}"
authelia_container_env:
PUID: "{{ authelia_run_user }}"
@ -42,12 +53,22 @@ authelia_config_jwt_secret: ~
authelia_config_default_redirection_url: ~
authelia_config_server_host: 0.0.0.0
authelia_config_server_port: "{{ authelia_container_listen_port }}"
authelia_config_server_address: >-2
{{ authelia_config_server_host }}:{{ authelia_config_server_port }}
authelia_config_server_path: ""
authelia_config_server_asset_path: "/config/assets/"
authelia_config_server_read_buffer_size: 4096
authelia_config_server_write_buffer_size: 4096
authelia_config_server_enable_pprof: true
authelia_config_server_enable_expvars: true
authelia_config_server_buffers_read: 4096
authelia_config_server_read_buffer_size: >-2
{{ authelia_config_server_buffers_read }}
authelia_config_server_buffers_write: 4096
authelia_config_server_write_buffer_size: >-2
{{ authelia_config_server_buffers_write }}
authelia_config_server_endpoints_enable_pprof: true
authelia_config_server_enable_pprof: >-2
{{ authelia_config_server_endpoints_enable_pprof }}
authelia_config_server_endpoints_enable_expvars: true
authelia_config_server_enable_expvars: >-2
{{ authelia_config_server_endpoints_enable_expvars }}
authelia_config_server_disable_healthcheck:
authelia_config_server_tls_key: ~
authelia_config_server_tls_certificate: ~
@ -94,10 +115,18 @@ authelia_config_authentication_backend_ldap_additional_users_dn: "ou=users"
authelia_config_authentication_backend_ldap_users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=inetOrgPerson))"
authelia_config_authentication_backend_ldap_additional_groups_dn: "ou=groups"
authelia_config_authentication_backend_ldap_groups_filter: "(member={dn})"
authelia_config_authentication_backend_ldap_attributes_username: uid
authelia_config_authentication_backend_ldap_username_attribute: >-2
{{ authelia_config_authentication_backend_ldap_attributes_username }}
authelia_config_authentication_backend_ldap_attributes_mail: mail
authelia_config_authentication_backend_ldap_mail_attribute: >-2
{{ authelia_config_authentication_backend_ldap_attributes_mail }}
authelia_config_authentication_backend_ldap_attributes_display_name: displayName
authelia_config_authentication_backend_ldap_display_name_attribute: >-2
{{ authelia_config_authentication_backend_ldap_attributes_display_name }}
authelia_config_authentication_backend_ldap_group_name_attribute: cn
authelia_config_authentication_backend_ldap_username_attribute: uid
authelia_config_authentication_backend_ldap_mail_attribute: mail
authelia_config_authentication_backend_ldap_display_name_attribute: displayName
authelia_config_authentication_backend_ldap_attributes_group_name: >-2
{{ authelia_config_authentication_backend_ldap_group_name_attribute }}
authelia_config_authentication_backend_ldap_user: ~
authelia_config_authentication_backend_ldap_password: ~
authelia_config_authentication_backend_file_path: ~
@ -125,6 +154,8 @@ authelia_config_session_secret: ~
authelia_config_session_expiration: 1h
authelia_config_session_inactivity: 5m
authelia_config_session_remember_me_duration: 1M
authelia_config_session_remember_me: >-2
{{ authelia_config_session_remember_me_duration }}
authelia_config_session_redis_host: "{{ authelia_redis_host }}"
authelia_config_session_redis_port: "{{ authelia_redis_port }}"
authelia_config_session_redis_username: "{{ authelia_redis_user }}"
@ -149,8 +180,7 @@ authelia_config_storage_postgres_ssl_certificate: disable
authelia_config_storage_postgres_ssl_key: disable
authelia_config_notifier_disable_startup_check: false
authelia_config_notifier_filesystem_filename: ~
authelia_config_notifier_smtp_host: "{{ authelia_smtp_host }}"
authelia_config_notifier_smtp_port: "{{ authelia_stmp_port }}"
authelia_config_notifier_smtp_address: "{{ authelia_smtp_host }}:{{ authelia_stmp_port }}"
authelia_config_notifier_smtp_username: "{{ authelia_smtp_user }}"
authelia_config_notifier_smtp_password: "{{ authelia_smtp_pass }}"
authelia_config_notifier_smtp_timeout: 5s
@ -166,6 +196,12 @@ authelia_config_notifier_smtp_tls_minimum_version: "{{ authelia_tls_minimum_vers
authelia_database_type: ~
authelia_database_host: ~
authelia_database_port: ~
authelia_database_address: >-2
{{ authelia_database_host }}{{
(authelia_database_port | default(false, true) | bool)
| ternary(':' + authelia_database_port, '')
}}
authelia_database_user: authelia
authelia_database_pass: ~
authelia_database_name: authelia

9
roles/authelia/meta/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: authelia
description: Ansible role to deploy authelia using docker
galaxy_tags:
- authelia
- docker

16
roles/authelia/tasks/main.yml
View File

@ -1,14 +1,14 @@
---
- name: Ensure user {{ authelia_user }} exists
user:
ansible.builtin.user:
name: "{{ authelia_user }}"
state: present
system: true
register: authelia_user_info
- name: Ensure host directories are created with correct permissions
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner | default(authelia_user) }}"
@ -26,7 +26,7 @@
mode: "0750"
- name: Ensure config file is generated
copy:
ansible.builtin.copy:
content: "{{ authelia_config | to_nice_yaml(indent=2, width=10000) }}"
dest: "{{ authelia_config_file }}"
owner: "{{ authelia_run_user }}"
@ -35,7 +35,7 @@
notify: restart-authelia
- name: Ensure sqlite database file exists before mounting it
file:
ansible.builtin.file:
path: "{{ authelia_sqlite_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
@ -46,7 +46,7 @@
when: authelia_config_storage_local_path | default(false, true)
- name: Ensure user database exists before mounting it
file:
ansible.builtin.file:
path: "{{ authelia_user_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
@ -57,7 +57,7 @@
when: authelia_config_authentication_backend_file_path | default(false, true)
- name: Ensure notification reports file exists before mounting it
file:
ansible.builtin.file:
path: "{{ authelia_notification_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
@ -76,7 +76,7 @@
register: authelia_container_image_info
- name: Ensure authelia container is running
docker_container:
community.docker.docker_container:
name: "{{ authelia_container_name }}"
image: "{{ authelia_container_image_ref }}"
env: "{{ authelia_container_env }}"
@ -85,7 +85,9 @@
labels: "{{ authelia_container_labels }}"
volumes: "{{ authelia_container_volumes }}"
networks: "{{ authelia_container_networks | default(omit, true) }}"
etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}"
purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
restart_policy: "{{ authelia_container_restart_policy }}"
recreate: "{{ authelia_container_recreate | default(omit, true) }}"
state: "{{ authelia_container_state }}"
register: authelia_container_info

36
roles/authelia/vars/main.yml
View File

@ -48,18 +48,20 @@ authelia_base_config: >-2
authelia_config_server: >-2
{{
{
"host": authelia_config_server_host,
"port": authelia_config_server_port,
"path": authelia_config_server_path,
"address": authelia_config_server_address,
"asset_path": authelia_config_server_asset_path,
"read_buffer_size": authelia_config_server_read_buffer_size,
"write_buffer_size": authelia_config_server_write_buffer_size,
"enable_pprof": authelia_config_server_enable_pprof,
"enable_expvars": authelia_config_server_enable_expvars,
"disable_healthcheck": authelia_config_server_disable_healthcheck,
"endpoints": authelia_config_server_endpoints,
"buffers": authelia_config_server_buffers,
} | combine({"headers": {"csp_template": authelia_config_server_headers_csp_template}}
if authelia_config_server_headers_csp_template | default(false, true) else {})
}}
authelia_config_server_endpoints:
enable_expvars: "{{ authelia_config_server_endpoints_enable_expvars }}"
enable_pprof: "{{ authelia_config_server_endpoints_enable_pprof }}"
authelia_config_server_buffers:
read: "{{ authelia_config_server_buffers_read }}"
write: "{{ authelia_config_server_buffers_write }}"
authelia_config_server_tls:
key: "{{ authelia_config_server_tls_key }}"
certificate: "{{ authelia_config_server_tls_certificate }}"
@ -132,10 +134,11 @@ authelia_config_authentication_backend_ldap:
additional_groups_dn: "{{ authelia_config_authentication_backend_ldap_additional_groups_dn }}"
users_filter: "{{ authelia_config_authentication_backend_ldap_users_filter }}"
groups_filter: "{{ authelia_config_authentication_backend_ldap_groups_filter }}"
group_name_attribute: "{{ authelia_config_authentication_backend_ldap_group_name_attribute }}"
username_attribute: "{{ authelia_config_authentication_backend_ldap_username_attribute }}"
mail_attribute: "{{ authelia_config_authentication_backend_ldap_mail_attribute }}"
display_name_attribute: "{{ authelia_config_authentication_backend_ldap_display_name_attribute }}"
attributes:
username: "{{ authelia_config_authentication_backend_ldap_attributes_username }}"
mail: "{{ authelia_config_authentication_backend_ldap_attributes_mail }}"
display_name: "{{ authelia_config_authentication_backend_ldap_attributes_display_name }}"
group_name: "{{ authelia_config_authentication_backend_ldap_attributes_group_name }}"
user: "{{ authelia_config_authentication_backend_ldap_user }}"
password: "{{ authelia_config_authentication_backend_ldap_password }}"
authelia_config_authentication_backend_file:
@ -174,7 +177,7 @@ authelia_config_session:
secret: "{{ authelia_config_session_secret }}"
expiration: "{{ authelia_config_session_expiration }}"
inactivity: "{{ authelia_config_session_inactivity }}"
remember_me_duration: "{{ authelia_config_session_remember_me_duration }}"
remember_me: "{{ authelia_config_session_remember_me }}"
authelia_config_session_redis: >-2
{{
{
@ -218,15 +221,13 @@ authelia_config_storage: >-2
authelia_config_storage_local:
path: "{{ authelia_config_storage_local_path }}"
authelia_config_storage_mysql:
host: "{{ authelia_database_host }}"
port: "{{ authelia_config_storage_mysql_port }}"
host: "{{ authelia_database_address }}"
database: "{{ authelia_database_name }}"
username: "{{ authelia_database_user }}"
password: "{{ authelia_database_pass }}"
timeout: "{{ authelia_database_timeout }}"
authelia_config_storage_postgres:
host: "{{ authelia_database_host }}"
port: "{{ authelia_config_storage_postgres_port }}"
address: "{{ authelia_database_address }}"
database: "{{ authelia_database_name }}"
schema: public
username: "{{ authelia_database_user }}"
@ -250,8 +251,7 @@ authelia_config_notifier: >-2
authelia_config_notifier_filesystem:
filename: "{{ authelia_config_notifier_filesystem_filename }}"
authelia_config_notifier_smtp:
host: "{{ authelia_config_notifier_smtp_host }}"
port: "{{ authelia_config_notifier_smtp_port }}"
address: "{{ authelia_config_notifier_smtp_address }}"
timeout: "{{ authelia_config_notifier_smtp_timeout }}"
username: "{{ authelia_config_notifier_smtp_username }}"
password: "{{ authelia_config_notifier_smtp_password }}"

2
roles/ghost/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
ghost_domain: ~
ghost_version: "5.94.1"
ghost_version: "5.95.0"
ghost_user: ghost
ghost_user_group: ghost
ghost_base_path: /opt/ghost

10
roles/ghost/meta/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: ghost
description: Ansible role to deploy ghost (https://ghost.org) using docker
galaxy_tags:
- ghost
- blog
- docker

15
roles/gitea/defaults/main.yml
View File

@ -11,9 +11,20 @@ gitea_domain: ~
# container config
gitea_container_name: "{{ gitea_user }}"
gitea_container_image_name: "docker.io/gitea/gitea"
gitea_contianer_image_server: "docker.io"
gitea_container_image_name: "gitea"
gitea_container_image_namespace: gitea
gitea_container_image_fq_name: >-
{{
[
gitea_container_image_server,
gitea_container_image_namespace,
gitea_container_image_name
] | join('/')
}}
gitea_container_image_tag: "{{ gitea_version }}"
gitea_container_image: "{{ gitea_container_image_name }}:{{ gitea_container_image_tag }}"
gitea_container_image: >-2
{{ gitea_container_image_fq_name }}:{{ gitea_container_image_tag }}
gitea_container_networks: []
gitea_container_purge_networks: ~
gitea_container_restart_policy: "unless-stopped"

10
roles/gitea/meta/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: gitea
description: Ansible role to deploy gitea using docker
galaxy_tags:
- gitea
- git
- docker

12
roles/gitea/tasks/main.yml
View File

@ -1,7 +1,7 @@
---
- name: Ensure gitea user '{{ gitea_user }}' is present
user:
ansible.builtin.user:
name: "{{ gitea_user }}"
state: "present"
system: false
@ -9,7 +9,7 @@
register: gitea_user_res
- name: Ensure host directories exist
file:
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
@ -19,7 +19,7 @@
- "{{ gitea_data_path }}"
- name: Ensure .ssh folder for gitea user exists
file:
ansible.builtin.file:
path: "/home/{{ gitea_user }}/.ssh"
state: directory
owner: "{{ gitea_user_res.uid }}"
@ -38,7 +38,7 @@
register: gitea_user_ssh_key
- name: Create forwarding script
copy:
ansible.builtin.copy:
dest: "/usr/local/bin/gitea"
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
@ -47,7 +47,7 @@
ssh -p {{ gitea_public_ssh_server_port }} -o StrictHostKeyChecking=no {{ gitea_run_user }}@127.0.0.1 -i /home/{{ gitea_user }}/.ssh/id_ssh_ed25519 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
- name: Add host pubkey to git users authorized_keys file
lineinfile:
ansible.builtin.lineinfile:
path: "/home/{{ gitea_user }}/.ssh/authorized_keys"
line: "{{ gitea_user_ssh_key.public_key }} Gitea:Host2Container"
state: present
@ -77,7 +77,7 @@
state: "{{ gitea_container_state }}"
- name: Ensure given configuration is set in the config file
ini_file:
ansible.builtin.ini_file:
path: "{{ gitea_data_path }}/gitea/conf/app.ini"
section: "{{ section }}"
option: "{{ option }}"

10
roles/jellyfin/meta/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: jellyfin
description: Ansible role to deploy jellyfin using docker
galaxy_tags:
- jellyfin
- streaming
- docker

8
roles/jellyfin/tasks/main.yml
View File

@ -1,14 +1,14 @@
---
- name: Ensure user '{{ jellyfin_user }}' for jellyfin is created
user:
ansible.builtin.user:
name: "{{ jellyfin_user }}"
state: present
system: yes
register: jellyfin_user_info
- name: Ensure host directories for jellyfin exist
file:
ansible.builtinfile:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner | default(jellyfin_uid) }}"
@ -17,7 +17,7 @@
loop: "{{ jellyfin_host_directories }}"
- name: Ensure container image for jellyfin is available
docker_image:
community.docker.docker_image:
name: "{{ jellyfin_container_image_ref }}"
state: present
source: pull
@ -28,7 +28,7 @@
delay: 3
- name: Ensure container '{{ jellyfin_container_name }}' is running
docker_container:
community.docker.docker_container:
name: "{{ jellyfin_container_name }}"
image: "{{ jellyfin_container_image_ref }}"
user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"

12
roles/vouch_proxy/meta/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: vouch_proxy
description: Ansible role to deploy vouch_proxy using docker
galaxy_tags:
- vouch_proxy
- oidc
- authentication
- authorization
- docker