From be9c6585895b8d8f249a49062a688234a58a1afb Mon Sep 17 00:00:00 2001 From: Ethan Paul Date: Mon, 15 Nov 2021 01:31:39 -0500 Subject: [PATCH] Port docker-compose resources and service details --- inventory.yaml | 1 + resources/docker-compose/_meta.yaml.j2 | 78 +++++++ resources/docker-compose/adguard.yaml.j2 | 53 +++++ resources/docker-compose/bitwarden.yaml.j2 | 214 +++++++++++++++++++ resources/docker-compose/gitea.yaml.j2 | 52 +++++ resources/docker-compose/minecraft.yaml.j2 | 55 +++++ resources/docker-compose/plex.yaml.j2 | 95 +++++++++ resources/docker-compose/unifi.yaml.j2 | 70 +++++++ resources/docker-compose/vikunja.yaml.j2 | 108 ++++++++++ vars/access.yaml | 35 ++++ vars/services.yaml | 227 +++++++++++++++++++++ 11 files changed, 988 insertions(+) create mode 100644 resources/docker-compose/_meta.yaml.j2 create mode 100644 resources/docker-compose/adguard.yaml.j2 create mode 100644 resources/docker-compose/bitwarden.yaml.j2 create mode 100644 resources/docker-compose/gitea.yaml.j2 create mode 100644 resources/docker-compose/minecraft.yaml.j2 create mode 100644 resources/docker-compose/plex.yaml.j2 create mode 100644 resources/docker-compose/unifi.yaml.j2 create mode 100644 resources/docker-compose/vikunja.yaml.j2 create mode 100644 vars/services.yaml diff --git a/inventory.yaml b/inventory.yaml index cd8b090..95464ca 100644 --- a/inventory.yaml +++ b/inventory.yaml @@ -30,6 +30,7 @@ en1: cluster: vars: skylab_targets: [cluster, datastore] + skylab_compose_version: 3.8 skylab_roles: - server - datastore diff --git a/resources/docker-compose/_meta.yaml.j2 b/resources/docker-compose/_meta.yaml.j2 new file mode 100644 index 0000000..8ec61ca --- /dev/null +++ b/resources/docker-compose/_meta.yaml.j2 @@ -0,0 +1,78 @@ +--- +version: "{{ skylab_compose_version }}" + + +networks: + meta: + name: meta + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.ext }} + + +volumes: +{% for key, value in app.volumes.items() %} + meta-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + + +services: + proxy: + image: nginx:{{ app.versions.proxy }} + hostname: proxy + networks: + - meta + extra_hosts: + - "dockerloopback:{{ app.settings.loopback_address }}" + ports: + - published: {{ app.ports.80 }} + target: 80 + protocol: tcp + mode: ingress + - published: {{ app.ports.443 }} + target: 443 + protocol: tcp + mode: ingress + volumes: + - type: volume + source: meta-nginx + target: /etc/nginx + read_only: true + - type: volume + source: meta-letsencrypt-config + target: /etc/letsencrypt + read_only: true + deploy: + replicas: 2 + placement: + max_replicas_per_node: 1 + + certbot: + image: certbot/certbot:{{ app.versions.certbot }} + hostname: certbot + command: renew --standalone + networks: + - meta + ports: + - published: 8088 # This is hardcoded to avoid conflicts + target: 80 + protocol: tcp + mode: ingress + volumes: + - type: volume + source: meta-letsencrypt-config + target: /etc/letsencrypt + read_only: false + - type: volume + source: meta-letsencrypt-data + target: /var/lib/letsencrypt + read_only: false + deploy: + replicas: 1 + restart_policy: + condition: any + delay: 24h diff --git a/resources/docker-compose/adguard.yaml.j2 b/resources/docker-compose/adguard.yaml.j2 new file mode 100644 index 0000000..9e703b8 --- /dev/null +++ b/resources/docker-compose/adguard.yaml.j2 @@ -0,0 +1,53 @@ +--- +version: "{{ skylab_compose_version }}" + +networks: + adguard: + name: adguard + driver: overlay + ipam: + driver: default + config: + - subnet: "{{ app.networks.ext }}" + +volumes: +{% for key, value in app.volumes.items() %} + adguard-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + +services: + server: + image: adguard/adguardhome:{{ app.versions.server }} + hostname: adguard + networks: + - adguard + dns: +{% for server in app.settings.upstream %} + - {{ server }} +{% endfor %} + ports: + - published: {{ app.ports.53 }} + target: 53 + protocol: udp + mode: ingress + - published: {{ app.ports.53 }} + target: 53 + protocol: tcp + mode: ingress + - published: {{ app.ports.8064 }} + target: 8064 + protocol: tcp + mode: ingress + volumes: + - type: volume + source: adguard-config + target: /opt/adguardhome/conf + read_only: false + - type: volume + source: adguard-data + target: /opt/adguardhome/work + read_only: false + deploy: + replicas: 1 diff --git a/resources/docker-compose/bitwarden.yaml.j2 b/resources/docker-compose/bitwarden.yaml.j2 new file mode 100644 index 0000000..54bdaee --- /dev/null +++ b/resources/docker-compose/bitwarden.yaml.j2 @@ -0,0 +1,214 @@ +--- +version: "{{ skylab_compose_version }}" + + +x-global-env: &globalenv + LOCAL_UID: "{{ _app_account.uid }}" + LOCAL_GID: "{{ _app_account.uid }}" + ASPNETCORE_ENVIRONMENT: Production + globalSettings__selfHosted: "true" + globalSettings__baseServiceUri__vault: https://{{ app.domain }} + globalSettings__baseServiceUri__api: https://{{ app.domain }}/api + globalSettings__baseServiceUri__identity: https://{{ app.domain }}/identity + globalSettings__baseServiceUri__admin: https://{{ app.domain }}/admin + globalSettings__baseServiceUri__notifications: https://{{ app.domain }}/notifications + globalSettings__baseServiceUri__internalNotifications: http://bitwarden_notifications:5000 + globalSettings__baseServiceUri__internalAdmin: http://bitwarden_admin:5000 + globalSettings__baseServiceUri__internalIdentity: http://bitwarden_identity:5000 + globalSettings__baseServiceUri__internalApi: http://bitwarden_api:5000 + globalSettings__baseServiceUri__internalVault: http://bitwarden_web:5000 + globalSettings__pushRelayBaseUri: https://push.bitwarden.com + globalSettings__installation__identityUri: https://identity.bitwarden.com + globalSettings__sqlServer__connectionString: "Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=e934c0bb-3b5a-4e6b-b525-cd6d83004e1a;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True" + globalSettings__identityServer__certificatePassword: {{ app.settings.certificatePassword }} + globalSettings__attachment__baseDirectory: /etc/bitwarden/core/attachments + globalSettings__attachment__baseUrl: https://{{ app.domain }}/attachments + globalSettings__dataProtection__directory: /etc/bitwarden/core/aspnet-dataprotection + globalSettings__logDirectory: /etc/bitwarden/logs + globalSettings__licenseDirectory: /etc/bitwarden/core/licenses + globalSettings__internalIdentityKey: {{ app.settings.internalIdentityKey }} + globalSettings__duo__aKey: {{ app.settings.duo__aKey }} + globalSettings__installation__id: {{ app.settings.installation__id }} + globalSettings__installation__key: {{ app.settings.installation__key }} + globalSettings__yubico__clientId: REPLACE + globalSettings__yubico__key: REPLACE + globalSettings__mail__replyToEmail: noreply@enp.one + globalSettings__mail__smtp__host: REPLACE + globalSettings__mail__smtp__port: "587" + globalSettings__mail__smtp__ssl: "false" + globalSettings__mail__smtp__username: REPLACE + globalSettings__mail__smtp__password: REPLACE + globalSettings__disableUserRegistration: "false" + globalSettings__hibpApiKey: REPLACE + adminSettings__admins: "" + + +volumes: +{% for key, value in app.volumes.items() %} + bitwarden-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + +networks: + bitwarden_internal: + internal: true + name: bitwarden_internal + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.internal }} + bitwarden_external: + internal: false + name: bitwarden_external + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.external }} + + +services: + mssql: + image: bitwarden/mssql:{{ app.versions.mssql }} + stop_grace_period: 60s + networks: + - bitwarden_internal + volumes: + - bitwarden-db-data:/var/opt/mssql/data + - bitwarden-db-backup:/etc/bitwarden/mssql/backups + - bitwarden-logs-db:/var/opt/mssql/log + environment: + LOCAL_UID: "{{ _app_account.uid }}" + LOCAL_GID: "{{ _app_account.uid }}" + ACCEPT_EULA: "Y" + MSSQL_PID: Express + SA_PASSWORD: {{ app.settings.SA_PASSWORD }} + deploy: + replicas: 1 + + web: + image: bitwarden/web:{{ app.versions.web }} + networks: + - bitwarden_internal + volumes: + - bitwarden-web:/etc/bitwarden/web + environment: *globalenv + deploy: + replicas: 1 + + attachments: + image: bitwarden/attachments:{{ app.versions.attachments }} + networks: + - bitwarden_internal + volumes: + - bitwarden-core:/etc/bitwarden/core + environment: *globalenv + deploy: + replicas: 1 + + api: + image: bitwarden/api:{{ app.versions.api }} + volumes: + - bitwarden-core:/etc/bitwarden/core + - bitwarden-ca-certs:/etc/bitwarden/ca-certificates + - bitwarden-logs-api:/etc/bitwarden/logs + environment: *globalenv + networks: + - bitwarden_external + - bitwarden_internal + deploy: + replicas: 1 + + identity: + image: bitwarden/identity:{{ app.versions.identity }} + volumes: + - bitwarden-identity:/etc/bitwarden/identity + - bitwarden-core:/etc/bitwarden/core + - bitwarden-ca-certs:/etc/bitwarden/ca-certificates + - bitwarden-logs-identity:/etc/bitwarden/logs + environment: *globalenv + networks: + - bitwarden_external + - bitwarden_internal + deploy: + replicas: 1 + + admin: + image: bitwarden/admin:{{ app.versions.admin }} + depends_on: + - mssql + volumes: + - bitwarden-core:/etc/bitwarden/core + - bitwarden-ca-certs:/etc/bitwarden/ca-certificates + - bitwarden-logs-admin:/etc/bitwarden/logs + environment: *globalenv + networks: + - bitwarden_external + - bitwarden_internal + deploy: + replicas: 1 + + icons: + image: bitwarden/icons:{{ app.versions.icons }} + volumes: + - bitwarden-ca-certs:/etc/bitwarden/ca-certificates + - bitwarden-logs-icons:/etc/bitwarden/logs + environment: *globalenv + networks: + - bitwarden_external + - bitwarden_internal + deploy: + replicas: 1 + + notifications: + image: bitwarden/notifications:1.40.0 + volumes: + - bitwarden-ca-certs:/etc/bitwarden/ca-certificates + - bitwarden-logs-notifications:/etc/bitwarden/logs + environment: *globalenv + networks: + - bitwarden_external + - bitwarden_internal + deploy: + replicas: 1 + + events: + image: bitwarden/events:{{ app.versions.events }} + volumes: + - bitwarden-ca-certs:/etc/bitwarden/ca-certificates + - bitwarden-logs-events:/etc/bitwarden/logs + environment: *globalenv + networks: + - bitwarden_external + - bitwarden_internal + deploy: + replicas: 1 + + nginx: + image: bitwarden/nginx:{{ app.versions.nginx }} + depends_on: + - web + - admin + - api + - identity + ports: + - published: {{ app.ports.8080 }} + target: 8080 + protocol: tcp + mode: ingress + - published: {{ app.ports.8443 }} + target: 8443 + protocol: tcp + mode: ingress + volumes: + - bitwarden-nginx-data:/etc/bitwarden/nginx + - bitwarden-ssl:/etc/ssl + - bitwarden-logs-nginx:/var/log/nginx + environment: *globalenv + networks: + - bitwarden_external + - bitwarden_internal + deploy: + replicas: 1 diff --git a/resources/docker-compose/gitea.yaml.j2 b/resources/docker-compose/gitea.yaml.j2 new file mode 100644 index 0000000..e36f744 --- /dev/null +++ b/resources/docker-compose/gitea.yaml.j2 @@ -0,0 +1,52 @@ +--- +version: "{{ skylab_compose_version }}" + + +networks: + gitea: + name: gitea + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.ext }} + + +volumes: +{% for key, value in app.volumes.items() %} + gitea-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + + +services: + server: + image: gitea/gitea:{{ app.versions.server }} + hostname: gitea + networks: + - gitea + ports: + - published: {{ app.ports.3000 }} + target: 3000 + protocol: tcp + mode: ingress + - published: {{ app.ports.22 }} + target: 22 + protocol: tcp + mode: ingress + volumes: + - type: volume + source: gitea-data + target: /data + read_only: false + environment: + USER_UID: "{{ _app_account.uid }}" + USER_GID: "{{ _app_account.uid }}" + APP_NAME: ENP Version Control System + RUN_MODE: prod + ROOT_URL: https://{{ app.domain }}/ + DB_TYPE: sqlite3 + DISABLE_REGISTRATION: "true" + deploy: + replicas: 1 diff --git a/resources/docker-compose/minecraft.yaml.j2 b/resources/docker-compose/minecraft.yaml.j2 new file mode 100644 index 0000000..a056e92 --- /dev/null +++ b/resources/docker-compose/minecraft.yaml.j2 @@ -0,0 +1,55 @@ +--- +version: "{{ skylab_compose_version }}" + + +networks: + minecraft: + name: minecraft + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.ext }} + + +volumes: +{% for key, value in app.volumes.items() %} + minecraft-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + + +services: + server: + image: itzg/minecraft-server:latest + hostname: minecraft + networks: + - minecraft + ports: + - published: {{ app.ports.25565 }} + target: 25565 + protocol: tcp + mode: ingress + volumes: + - type: volume + source: minecraft-data + target: /data + read_only: false + environment: + EULA: "TRUE" + TZ: Americas/New_York + VERSION: {{ app.versions.server }} + MAX_MEMORY: "8G" + MOTD: "A home for buttery companions" + MODE: survival + OPS: {{ app.settings.admins | default([]) | join(',') }} + WHITELIST: "{{ app.settings.users | default([]) | join(',') }}" + MAX_BUILD_HEIGHT: "512" + SNOOPER_ENABLED: "false" + ICON: https://cdn.enp.one/img/logos/e-w-sm.png + ENABLE_RCON: "false" + UID: "{{ _app_account.uid }}" + GID: "{{ _app_account.uid }}" + deploy: + replicas: 1 diff --git a/resources/docker-compose/plex.yaml.j2 b/resources/docker-compose/plex.yaml.j2 new file mode 100644 index 0000000..c0d1b39 --- /dev/null +++ b/resources/docker-compose/plex.yaml.j2 @@ -0,0 +1,95 @@ +--- +version: "{{ skylab_compose_version }}" + + +networks: + plex: + name: plex + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.ext }} + + +volumes: +{% for key, value in app.volumes.items() %} + plex-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + plex-data: + name: plex-data + driver: local + driver_opts: + type: nfs + o: "addr={{ app.settings.mediastore }},ro" + device: ":/nfs/plex" + + +services: + server: + image: plexinc/pms-docker:{{ app.versions.server }} + hostname: plex-media-server + networks: + - plex + ports: + - published: {{ app.ports.32400 }} + target: 32400 + protocol: tcp + mode: ingress + - published: {{ app.ports.3005 }} + target: 3005 + protocol: tcp + mode: ingress + - published: {{ app.ports.8324 }} + target: 8324 + protocol: tcp + mode: ingress + - published: {{ app.ports.32469 }} + target: 32469 + protocol: tcp + mode: ingress + - published: {{ app.ports.1900 }} + target: 1900 + protocol: udp + mode: ingress + - published: {{ app.ports.32410 }} + target: 32410 + protocol: udp + mode: ingress + - published: {{ app.ports.32413 }} + target: 32413 + protocol: udp + mode: ingress + - published: {{ app.ports.32414 }} + target: 32414 + protocol: udp + mode: ingress + volumes: + - type: volume + source: plex-config + target: /config + read_only: false + - type: volume + source: plex-data + target: /data + read_only: true + - type: volume + source: plex-personal + target: /personal + read_only: false + environment: + TZ: "Americas/New_York" + ALLOWED_NETWORKS: {{ app.settings.internal_subnets | join(',') }} + PLEX_UID: "{{ _app_account.uid }}" + PLEX_GID: "{{ _app_account.uid }}" + deploy: + replicas: 1 + placement: +{% if app.settings.exclude_hosts is defined %} + constraints: +{% for host in app.settings.exclude_hosts %} + - node.hostname!={{ host }} +{% endfor %} +{% endif %} diff --git a/resources/docker-compose/unifi.yaml.j2 b/resources/docker-compose/unifi.yaml.j2 new file mode 100644 index 0000000..b8bc23b --- /dev/null +++ b/resources/docker-compose/unifi.yaml.j2 @@ -0,0 +1,70 @@ +--- +version: "{{ skylab_compose_version }}" + + +networks: + unifi: + name: unifi + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.ext }} + + +volumes: +{% for key, value in app.volumes.items() %} + unifi-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + + +services: + wlc: + image: jacobalberty/unifi:{{ app.versions.wlc }} + hostname: en1-unifi-wlc + init: true + networks: + - unifi + ports: + - published: {{ app.ports.8080 }} + target: 8080 + protocol: tcp + mode: ingress + - published: {{ app.ports.8443 }} + target: 8443 + protocol: tcp + mode: ingress + - published: {{ app.ports.8843 }} + target: 8843 + protocol: tcp + mode: ingress + - published: {{ app.ports.8880 }} + target: 8880 + protocol: tcp + mode: ingress + - published: {{ app.ports.3478 }} + target: 3478 + protocol: udp + mode: ingress + - published: {{ app.ports.6789 }} + target: 6789 + protocol: tcp + mode: ingress + - published: {{ app.ports.10001 }} + target: 10001 + protocol: udp + mode: ingress + volumes: + - type: volume + source: unifi-data + target: /unifi + read_only: false + environment: + RUNAS_UID0: "false" + UNIFI_UID: "{{ _app_account.uid }}" + UNIFI_GID: "{{ _app_account.uid }}" + TZ: "Americas/New_York" + deploy: + replicas: 1 diff --git a/resources/docker-compose/vikunja.yaml.j2 b/resources/docker-compose/vikunja.yaml.j2 new file mode 100644 index 0000000..7c23efd --- /dev/null +++ b/resources/docker-compose/vikunja.yaml.j2 @@ -0,0 +1,108 @@ +--- +version: "{{ skylab_compose_version }}" + + +networks: + vikunja: + name: vikunja + driver: overlay + ipam: + driver: default + config: + - subnet: {{ app.networks.ext }} + + +volumes: +{% for key, value in app.volumes.items() %} + vikunja-{{ key }}: + name: datastore{{ value }} + driver: glusterfs +{% endfor %} + + +services: + database: + image: mariadb:{{ app.versions.database }} + hostname: database + command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci + networks: + - vikunja + volumes: + - type: volume + source: vikunja-database + target: /var/lib/mysql + read_only: false + environment: + MYSQL_RANDOM_ROOT_PASSWORD: "true" + MYSQL_USER: vikunja + MYSQL_PASSWORD: {{ app.settings.database_password }} + MYSQL_DATABASE: vikunja + deploy: + replicas: 1 + + cache: + image: redis:{{ app.versions.cache }} + hostname: cache + networks: + - vikunja + deploy: + replicas: 1 + + proxy: + image: nginx:{{ app.versions.proxy }} + hostname: proxy + networks: + - vikunja + ports: + - published: {{ app.ports.80 }} + target: 80 + protocol: tcp + mode: ingress + volumes: + - type: volume + source: vikunja-nginx + target: /etc/nginx/conf.d + read_only: true + deploy: + replicas: 1 + + api: + image: vikunja/api:{{ app.versions.api }} + hostname: api + networks: + - vikunja + depends_on: + - database + - cache + volumes: + - type: volume + source: vikunja-files + target: /app/vikunja/files + read_only: false + environment: + VIKUNJA_DATABASE_HOST: database + VIKUNJA_DATABASE_PASSWORD: {{ app.settings.database_password }} + VIKUNJA_DATABASE_TYPE: mysql + VIKUNJA_DATABASE_USER: vikunja + VIKUNJA_DATABASE_DATABASE: vikunja + VIKUNJA_REDIS_ENABLED: "1" + VIKUNJA_REDIS_HOST: cache:6379 + VIKUNJA_CACHE_ENABLED: "1" + VIKUNJA_CACHE_TYPE: redis + VIKUNJA_FILES_MAXSIZE: 50MB + deploy: + replicas: 1 + + web: + image: vikunja/frontend:{{ app.versions.web }} + hostname: web + networks: + - vikunja + depends_on: + - database + - cache + - proxy + environment: + VIKUNJA_API_URL: https://{{ app.domain }}/api/v1 + deploy: + replicas: 1 diff --git a/vars/access.yaml b/vars/access.yaml index 36a0cd5..b6047ae 100644 --- a/vars/access.yaml +++ b/vars/access.yaml @@ -14,6 +14,41 @@ skylab_accounts: service: true password: $6$qNKmYg4y9YS4f5Gr$m0mAqEVbymPguj.1cS.pfclt33Okfmn1KhFC0r1iQ3eVvz/OIZY3x0qGmPnJ1zOXDWyKKs5hnlGTAeZgCh49C. + - name: autocraft + uid: 1401 + service: true + password: $6$j8aWjPweCWmNT4cZ$F7puAjVES60a5mkBg1WfYMYIGbLrs8FFowf5BPzVo9qgbMYEC53i8rHezDACZjHmOxj5PhJkmZjHD4vfbf3PC1 + + - name: autotea + uid: 1402 + service: true + password: $6$NdUiEi2P8TI.2jgb$ai1WbWno8QK6Wg/KAV4IacwG92FctN5aQX2i45a9DSCg8k1nkwGj5gc230FXePh8P7vzQ6ifYrYsAvEfZ1J8B. + + - name: autowarden + uid: 1403 + service: true + password: $6$a18IBPw40.ELiuy5$RbGfNGUe9iTA6bOaKLsp7q3X3uQ3D1LP8LAF5ioQAafimVvCtwyG.O4Colo9nsl2yoCF6TMIHX9zOTavkbg7W0 + + - name: autoguard + uid: 1404 + service: true + password: $6$PLf4ifrrk0/5AF21$ohZXy0xDzyUiHXwoCW8zvbrPHFiWSWxYx2.QlDy09wND7RbPhwxghHS0trWWVdy14jAxU45mz5YvdAl7qmEIO0 + + - name: autoplex + uid: 1405 + service: true + password: $6$VfMCenzm5UPHrpNN$yQIpnQUZPhO9UoSylaOxR6TOrJfR5dFdzdRFzle7dP/bfeDBKxC6hsy52IEowilL.aCbYevz67R9s1hB3q9GU1 + + - name: autounifi + uid: 1406 + service: true + password: $6$ScrKQGmAifGVDovx$wuQQhEdNya8Tjj/oTeY/eT1grLl17hSYbVeWIIqU.jv.W9vFyoVkxeE/lBcPvBe8XdGjOxWu32WsnomL8irb11 + + - name: autollama + uid: 1407 + service: true + password: $6$lEdCBbqlWIdHuRZZ$Pr9SAybk7uCTfzjtCpSe7RrwM2TKqr8vWtLDARZRQ9e1RpNKHP2bEvkeg2VPc7oACVfxbg7Y8PP0rKOR.3fcD. + skylab_group: name: skylab gid: 1200 diff --git a/vars/services.yaml b/vars/services.yaml new file mode 100644 index 0000000..9376888 --- /dev/null +++ b/vars/services.yaml @@ -0,0 +1,227 @@ +--- +skylab_services: + _meta: + networks: + ext: 192.168.99.0/24 + volumes: + nginx: /appdata/nginx + letsencrypt-config: /appdata/letsencrypt/config + letsencrypt-data: /appdata/letsencrypt/data + ports: + 80: 80 + 443: 443 + versions: + proxy: latest + certbot: latest + settings: + loopback_address: 192.168.255.255 + + minecraft: + user: auto_minecraft + domain: mcs.enp.one + networks: + ext: 192.168.102.0/24 + volumes: + data: /appdata/minecraft + ports: + 25565: 25565 + versions: + server: 1.16.5 + settings: + admins: + - ScifiGeek42 + users: + - ScifiGeek42 + - fantasycat256 + - CoffeePug + - Snowdude21325 + - KaiserSJR + - glutenfreebean + + gitea: + user: autotea + domain: vcs.enp.one + networks: + ext: 192.168.103.0/24 + volumes: + data: /appdata/gitea + ports: + 3000: 3000 + 22: 2222 + versions: + server: 1.15.4 + + bitwarden: + user: autowarden + domain: ssv.enp.one + networks: + internal: 192.168.104.0/24 + external: 192.168.105.0/24 + volumes: + db-data: /appdata/bitwarden/mssql/data + db-backup: /appdata/bitwarden/mssql/backup + nginx-data: /appdata/bitwarden/nginx + web: /appdata/bitwarden/web + ssl: /appdata/bitwarden/ssl + ca-certs: /appdata/bitwarden/ca-certificates + core: /appdata/bitwarden/core + identity: /appdata/bitwarden/identity + logs-api: /appdata/bitwarden/logs/api + logs-db: /appdata/bitwarden/logs/mssql + logs-identity: /appdata/bitwarden/logs/identity + logs-nginx: /appdata/bitwarden/logs/nginx + logs-admin: /appdata/bitwarden/logs/admin + logs-icons: /appdata/bitwarden/logs/icons + logs-notifications: /appdata/bitwarden/logs/notifications + logs-events: /appdata/bitwarden/logs/events + ports: + 8080: 8090 + 8443: 8943 + versions: + mssql: 1.40.0 + web: 2.19.0 + attachments: 1.40.0 + api: 1.40.0 + identity: 1.40.0 + admin: 1.40.0 + icons: 1.40.0 + events: 1.40.0 + nginx: 1.40.0 + settings: + certificatePassword: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34336462333965626665636664636338353139306135393862656539623935666134666638313632 + 6337393734353237373233663763666566316637393436650a346134353365626637313732346565 + 64373866633430613637663230383866336362313739313335646330373666353536396463376364 + 3730306338623831300a346565613730326138333732306237333236393237653363386263376531 + 30653663346234383538316337386534356534316437323561646637636361396462393335316233 + 3931623037626539636535353963666635316334613833396437 + internalIdentityKey: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64343365323264303635306461386464626535343138333637333035343365386138363261666561 + 3036376532316230326238626662663434343131393336350a363230333637373231333332356230 + 66383466626139396365333865663538386130633136643861353936613330613535313363323639 + 6538656632376330380a373534393361613234366536353866353366646263643565346534393235 + 30623261626364613063353839663130656436316531666431316332653330636436323331316462 + 3539383064363338313433343837363563313838333231363639 + duo__aKey: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38353861643436373461393663616366383139393164366664303333333431663364613530323532 + 3434643335353964613464393734623934313164663339340a303831353734623332316464333735 + 34343961393562366435653935313038336638623061353761343538333264386638306363386463 + 3339346561333039650a353163633263386232646366323637383866303033356631376639383561 + 36316333336434393364316565353363623036613233633933616532376530653138366432303762 + 6532343435636261353434323461646365396538646466353032 + installation__id: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62323837366638363735393462326566633235356261326636623239366462316465636163663063 + 3065613765386138653239383332306363346236666662660a313634333334396633646465356435 + 66666231633938613838663364323331666434383439303931393761313563663931386532336330 + 6433383331643933610a323565636462663865666435376334346535323964663264363039623364 + 32653966363634376534383664663535373830366466336463613365653463363663316165303330 + 3834653063653334313931643330663163386638363938643130 + installation__key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38353130336136623437653131316461653561393539373630623135383036643135623361613735 + 6431306133623866613836363361376163656434343230660a663635393861333863376461336661 + 30386562353730326665323030393531663234373430363639306562633031363065386665646431 + 3163633239366630300a313436386131376433333231346135393735373236626365393533626232 + 61313536323437363234396536623662613434333363326565303939363562353732 + SA_PASSWORD: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64313236346631366338313139396532346461333835616466313037363132656632323566663138 + 6665393239656262363261303362303437343438626234340a663836623362353431373035356562 + 61383865303835323336363862303035363161376336346563323966633361333966363232393665 + 6166323331353065380a616138303531643063653633656561383761393433646130656432363436 + 62383763316130306235396338356236636263653830666139663064626633643635386237373034 + 3465323836373437383465316537666337373134616135626238 + + adguard: + user: autoguard + domain: adguard.en1.local + networks: + ext: 192.168.108.0/24 + volumes: + config: /appdata/adguard/config + data: /appdata/adguard/data + ports: + 53: 53 + 8064: 8084 + versions: + server: v0.106.3 + settings: + upstream: + - 1.1.1.1 + - 1.0.0.1 + + plex: + user: autoplex + domain: pms.enp.one + networks: + ext: 192.168.101.0/24 + volumes: + config: /appdata/plex + ports: + 32400: 32400 + 3005: 3005 + 8324: 8324 + 32469: 32469 + 1900: 1900 + 32410: 32410 + 32413: 32413 + 32414: 32414 + versions: + server: latest + settings: + mediastore: mediastore.skylab.enp.one + internal_subnets: + - 10.42.100.0/24 + - 10.42.101.0/24 + exclude_hosts: + - jupiter.net.enp.one + - pegasus.skylab.enp.one + + unifi: + user: autounifi + domain: unifi.en1.local + networks: + ext: 192.168.100.0/24 + volumes: + data: /appdata/unifi + ports: + 8080: 8080 + 8443: 8443 + 8843: 8843 + 8880: 8880 + 3478: 3478 + 6789: 6789 + 10001: 10001 + versions: + wlc: "6.2" + + vikunja: + user: autollama + domain: org.enp.one + networks: + ext: 192.168.107.0/24 + volumes: + database: /appdata/vikunja/database + files: /appdata/vikunja/files + nginx: /appdata/vikunja/nginx + ports: + 80: 8087 + versions: + database: "10" + cache: latest + proxy: latest + api: 0.18.1 + web: 0.18.1 + settings: + database_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35313866386161376430383232343834633566363136323761316531663633383231653135313565 + 6332336461356164623237306436393131383566656233640a316262616161336331356565363963 + 35313430303237313039346162653564623236373564306333393362623134613437656231633635 + 6334616138663036610a646234366264646363353635356338633035373166343763353733336339 + 38663937383165386530326138363965626666386366636330343133633238636236316432613136 + 6662313533316563646461646336396430306466323831613730