Compare commits
No commits in common. "main" and "e98699146630e7f6e6e9a577e145ae7867dbe823" have entirely different histories.
main
...
e986991466
|
@ -12,14 +12,10 @@ homelab.
|
||||||
|
|
||||||
=== Containers
|
=== Containers
|
||||||
|
|
||||||
* Authelia
|
|
||||||
* Jellyfin
|
|
||||||
* Keycloak
|
|
||||||
* NGINX
|
* NGINX
|
||||||
* OpenLDAP
|
* Jellyfin
|
||||||
* Portainer
|
|
||||||
* PostgreSQL
|
* PostgreSQL
|
||||||
* Radarr
|
* Keycloak
|
||||||
|
|
||||||
=== Testing
|
=== Testing
|
||||||
To run locally, specify the inventory file with `-i hosts`.
|
To run locally, specify the inventory file with `-i hosts`.
|
||||||
|
|
|
@ -13,9 +13,4 @@ pgid: "1000"
|
||||||
tz: "Europe/Prague"
|
tz: "Europe/Prague"
|
||||||
media:
|
media:
|
||||||
tv: "{{ data_folder }}/media/tv"
|
tv: "{{ data_folder }}/media/tv"
|
||||||
movies: "{{ data_folder }}/media/movies"
|
movies: "{{ data_folder }}/media/movies"
|
||||||
downloads:
|
|
||||||
nzb: "{{ data_folder }}/downloads/nzb"
|
|
||||||
torrent: "{{ data_folder }}/downloads/torrent"
|
|
||||||
torrent_blackhole: "{{ data_folder }}/downloads/blackhole"
|
|
||||||
music: "{{ data_folder }}/downloads/music"
|
|
|
@ -3,13 +3,10 @@
|
||||||
roles:
|
roles:
|
||||||
- docker
|
- docker
|
||||||
- nginx
|
- nginx
|
||||||
- openldap
|
|
||||||
- portainer
|
|
||||||
- jellyfin
|
- jellyfin
|
||||||
|
- openldap
|
||||||
- postgres
|
- postgres
|
||||||
- authelia
|
|
||||||
- keycloak
|
- keycloak
|
||||||
- radarr
|
|
||||||
vars_files:
|
vars_files:
|
||||||
- vault/certs/{{ base_domain }}.yml
|
- vault/certs/{{ base_domain }}.yml
|
||||||
- vault/passwords.yml
|
- vault/passwords.yml
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
#!/bin/env fish
|
|
||||||
ANSIBLE_VAULT_PASSWORD_FILE=(pass show ansible-homelab | psub) vagrant provision
|
|
|
@ -1,39 +0,0 @@
|
||||||
- name: ensure directories exist
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
mode: '0755'
|
|
||||||
loop:
|
|
||||||
- "{{ data_folder }}/authelia"
|
|
||||||
- name: copy configuration.yml
|
|
||||||
template:
|
|
||||||
src: "configuration.yml.j2"
|
|
||||||
dest: "{{ data_folder }}/authelia/configuration.yml"
|
|
||||||
mode: "755"
|
|
||||||
- name: run container
|
|
||||||
docker_container:
|
|
||||||
name: "authelia"
|
|
||||||
image: "authelia/authelia"
|
|
||||||
ports:
|
|
||||||
- "9091:9091"
|
|
||||||
networks:
|
|
||||||
- name: external
|
|
||||||
- name: openldap
|
|
||||||
volumes:
|
|
||||||
- "{{ data_folder }}/authelia:/config"
|
|
||||||
- name: copy nginx endpoint conf
|
|
||||||
template:
|
|
||||||
src: "authelia-endpoint.conf.j2"
|
|
||||||
dest: "{{ data_folder }}/nginx/snippets/authelia-endpoint.conf"
|
|
||||||
mode: "755"
|
|
||||||
- name: copy nginx auth conf
|
|
||||||
template:
|
|
||||||
src: "authelia-auth.conf.j2"
|
|
||||||
dest: "{{ data_folder }}/nginx/snippets/authelia-auth.conf"
|
|
||||||
mode: "755"
|
|
||||||
- name: copy nginx conf
|
|
||||||
template:
|
|
||||||
src: "authelia.conf.j2"
|
|
||||||
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
|
|
||||||
mode: "755"
|
|
||||||
notify: reload nginx
|
|
|
@ -1,11 +0,0 @@
|
||||||
auth_request /authelia/api/verify;
|
|
||||||
auth_request_set $target_url $scheme://$http_host$request_uri;
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
|
||||||
auth_request_set $groups $upstream_http_remote_groups;
|
|
||||||
auth_request_set $name $upstream_http_remote_name;
|
|
||||||
auth_request_set $email $upstream_http_remote_email;
|
|
||||||
proxy_set_header Remote-User $user;
|
|
||||||
proxy_set_header Remote-Groups $groups;
|
|
||||||
proxy_set_header Remote-Name $name;
|
|
||||||
proxy_set_header Remote-Email $email;
|
|
||||||
error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
|
|
|
@ -1,47 +0,0 @@
|
||||||
location ^~ /authelia {
|
|
||||||
include /etc/nginx/snippets/proxy.conf;
|
|
||||||
set $upstream_authelia authelia;
|
|
||||||
proxy_pass http://$upstream_authelia:9091;
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /authelia/api/verify {
|
|
||||||
internal;
|
|
||||||
if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) {
|
|
||||||
return 401;
|
|
||||||
}
|
|
||||||
set $upstream_authelia authelia;
|
|
||||||
proxy_pass_request_body off;
|
|
||||||
proxy_pass http://$upstream_authelia:9091;
|
|
||||||
proxy_set_header Content-Length "";
|
|
||||||
|
|
||||||
# Timeout if the real server is dead
|
|
||||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
|
||||||
|
|
||||||
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
|
|
||||||
# Provide either X-Original-URL and X-Forwarded-Proto or
|
|
||||||
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
|
|
||||||
# Those headers will be used by Authelia to deduce the target url of the user.
|
|
||||||
# Basic Proxy Config
|
|
||||||
client_body_buffer_size 128k;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-Method $request_method;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-Uri $request_uri;
|
|
||||||
proxy_set_header X-Forwarded-Ssl on;
|
|
||||||
proxy_redirect http:// $scheme://;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Connection "";
|
|
||||||
proxy_cache_bypass $cookie_session;
|
|
||||||
proxy_no_cache $cookie_session;
|
|
||||||
proxy_buffers 4 32k;
|
|
||||||
|
|
||||||
# Advanced Proxy Config
|
|
||||||
send_timeout 5m;
|
|
||||||
proxy_read_timeout 240;
|
|
||||||
proxy_send_timeout 240;
|
|
||||||
proxy_connect_timeout 240;
|
|
||||||
}
|
|
|
@ -1,16 +0,0 @@
|
||||||
server {
|
|
||||||
server_name auth.{{ base_domain }};
|
|
||||||
listen 80;
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name auth.{{ base_domain }};
|
|
||||||
listen 443 ssl http2;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
include /etc/nginx/snippets/proxy.conf;
|
|
||||||
set $upstream_authelia http://authelia:9091; # This example assumes a Docker deployment
|
|
||||||
proxy_pass $upstream_authelia;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,71 +0,0 @@
|
||||||
host: 0.0.0.0
|
|
||||||
port: 9091
|
|
||||||
server:
|
|
||||||
read_buffer_size: 4096
|
|
||||||
write_buffer_size: 4096
|
|
||||||
path: "authelia"
|
|
||||||
log_level: debug
|
|
||||||
jwt_secret: somethingsomethingrandomrecret
|
|
||||||
default_redirection_url: https://{{ base_domain }}
|
|
||||||
authentication_backend:
|
|
||||||
disable_reset_password: false
|
|
||||||
ldap:
|
|
||||||
implementation: custom
|
|
||||||
url: ldap://openldap
|
|
||||||
start_tls: false
|
|
||||||
tls:
|
|
||||||
server_name: openldap
|
|
||||||
skip_verify: false
|
|
||||||
minimum_version: TLS1.2
|
|
||||||
base_dn: dc=kucharczyk,dc=xyz
|
|
||||||
username_attribute: uid
|
|
||||||
users_filter: ({username_attribute}={input})
|
|
||||||
groups_filter: (member={dn})
|
|
||||||
mail_attribute: mail
|
|
||||||
user: cn=admin,dc=kucharczyk,dc=xyz
|
|
||||||
password: {{ vault_openldap_admin_password }}
|
|
||||||
access_control:
|
|
||||||
default_policy: deny
|
|
||||||
networks:
|
|
||||||
- name: local
|
|
||||||
networks:
|
|
||||||
- 192.168.0.0/24
|
|
||||||
rules:
|
|
||||||
- domain: "*.{{ base_domain }}"
|
|
||||||
networks:
|
|
||||||
- local
|
|
||||||
policy: bypass
|
|
||||||
- domain: portainer.{{ base_domain }}
|
|
||||||
policy: one_factor
|
|
||||||
- domain: keycloak.{{ base_domain }}
|
|
||||||
policy: one_factor
|
|
||||||
- domain: radarr.{{ base_domain }}
|
|
||||||
policy: two_factor
|
|
||||||
session:
|
|
||||||
name: authelia_session
|
|
||||||
secret: somerandomsecret
|
|
||||||
expiration: 1h
|
|
||||||
inactivity: 5m
|
|
||||||
remember_me_duration: 1M
|
|
||||||
domain: {{ base_domain }}
|
|
||||||
regulation:
|
|
||||||
max_retries: 3
|
|
||||||
find_time: 2m
|
|
||||||
ban_time: 99y
|
|
||||||
storage:
|
|
||||||
local:
|
|
||||||
path: /config/db.sqlite3
|
|
||||||
notifier:
|
|
||||||
disable_startup_check: false
|
|
||||||
smtp:
|
|
||||||
username: kucharczyk.lukas@gmail.com
|
|
||||||
password: {{ vault_email_gmail_password }}
|
|
||||||
host: smtp.gmail.com
|
|
||||||
port: 587
|
|
||||||
sender: kucharczyk.lukas@gmail.com
|
|
||||||
subject: "[Authelia] {title}"
|
|
||||||
startup_check_address: test@authelia.com
|
|
||||||
disable_require_tls: false
|
|
||||||
tls:
|
|
||||||
skip_verify: false
|
|
||||||
minimum_version: TLS1.2
|
|
|
@ -3,9 +3,6 @@
|
||||||
name:
|
name:
|
||||||
- docker
|
- docker
|
||||||
- python-pip
|
- python-pip
|
||||||
- neovim
|
|
||||||
- fish
|
|
||||||
- curlie
|
|
||||||
state: present
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
- name: start
|
- name: start
|
||||||
|
@ -15,9 +12,8 @@
|
||||||
- name: add user to group
|
- name: add user to group
|
||||||
user:
|
user:
|
||||||
name: lukas
|
name: lukas
|
||||||
groups: docker,wheel
|
groups: docker
|
||||||
append: true
|
append: true
|
||||||
shell: /usr/bin/fish
|
|
||||||
- name: install python docker
|
- name: install python docker
|
||||||
pip:
|
pip:
|
||||||
name:
|
name:
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
name: 'jellyfin'
|
name: 'jellyfin'
|
||||||
image: linuxserver/jellyfin
|
image: linuxserver/jellyfin
|
||||||
networks:
|
networks:
|
||||||
- name: external
|
- name: nginx-internal
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ data_folder }}/jellyfin:/config"
|
- "{{ data_folder }}/jellyfin:/config"
|
||||||
- "{{ media.tv }}:/data/tv"
|
- "{{ media.tv }}:/data/tv"
|
||||||
|
@ -29,6 +29,7 @@
|
||||||
devices:
|
devices:
|
||||||
- /dev/dri:/dev/dri
|
- /dev/dri:/dev/dri
|
||||||
state: started
|
state: started
|
||||||
|
restart: yes
|
||||||
- name: copy jellyfin nginx config
|
- name: copy jellyfin nginx config
|
||||||
template:
|
template:
|
||||||
src: jellyfin.conf.j2
|
src: jellyfin.conf.j2
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
server {
|
server {
|
||||||
server_name "jellyfin.{{ base_domain }}";
|
|
||||||
listen 80;
|
listen 80;
|
||||||
return 301 https://$server_name$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
|
|
@ -5,9 +5,8 @@
|
||||||
ports:
|
ports:
|
||||||
- "8080:8080"
|
- "8080:8080"
|
||||||
networks:
|
networks:
|
||||||
- name: external
|
|
||||||
- name: postgres
|
- name: postgres
|
||||||
- name: openldap
|
- name: nginx-internal
|
||||||
env:
|
env:
|
||||||
"KEYCLOAK_USER": "{{ vault_keycloak_user }}"
|
"KEYCLOAK_USER": "{{ vault_keycloak_user }}"
|
||||||
"KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}"
|
"KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}"
|
||||||
|
@ -21,6 +20,6 @@
|
||||||
- name: copy nginx conf
|
- name: copy nginx conf
|
||||||
template:
|
template:
|
||||||
src: "keycloak.conf.j2"
|
src: "keycloak.conf.j2"
|
||||||
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
|
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name}}.{{ base_domain }}.conf"
|
||||||
mode: "755"
|
mode: "755"
|
||||||
notify: reload nginx
|
notify: reload nginx
|
|
@ -1,7 +1,6 @@
|
||||||
server {
|
server {
|
||||||
server_name "keycloak.{{ base_domain }}";
|
listen 80;
|
||||||
listen 80;
|
return 301 https://$host$request_uri;
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
@ -14,11 +13,8 @@ server {
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
add_header X-Content-Type-Options "nosniff";
|
add_header X-Content-Type-Options "nosniff";
|
||||||
|
|
||||||
include /etc/nginx/snippets/authelia-endpoint.conf;
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://$keycloak:8080;
|
proxy_pass http://$keycloak:8080;
|
||||||
include /etc/nginx/snippets/authelia-auth.conf;
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
|
@ -14,11 +14,11 @@
|
||||||
- name: generate self-signed certs
|
- name: generate self-signed certs
|
||||||
import_tasks: self-signed.yml
|
import_tasks: self-signed.yml
|
||||||
when: self_signed
|
when: self_signed
|
||||||
- name: create external bridge network
|
- name: create nginx bridge network
|
||||||
docker_network:
|
docker_network:
|
||||||
name: external
|
name: nginx-internal
|
||||||
attachable: true
|
attachable: true
|
||||||
internal: false
|
internal: true
|
||||||
state: present
|
state: present
|
||||||
- name: copy nginx.conf
|
- name: copy nginx.conf
|
||||||
template:
|
template:
|
||||||
|
@ -37,7 +37,8 @@
|
||||||
name: 'nginx'
|
name: 'nginx'
|
||||||
image: nginx
|
image: nginx
|
||||||
networks:
|
networks:
|
||||||
- name: external
|
- name: bridge
|
||||||
|
- name: nginx-internal
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
|
- "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
|
||||||
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
|
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
|
||||||
|
@ -52,4 +53,5 @@
|
||||||
env:
|
env:
|
||||||
NGINX_HOST: "{{ base_domain }}"
|
NGINX_HOST: "{{ base_domain }}"
|
||||||
NGINX_PORT: '80'
|
NGINX_PORT: '80'
|
||||||
state: started
|
state: started
|
||||||
|
restart: yes
|
||||||
|
|
|
@ -13,8 +13,6 @@ events {
|
||||||
http {
|
http {
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
log_subrequest on;
|
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
client_body_buffer_size 128k;
|
|
||||||
|
|
||||||
#Timeout if the real server is dead
|
|
||||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
|
||||||
|
|
||||||
# Advanced Proxy Config
|
|
||||||
send_timeout 5m;
|
|
||||||
proxy_read_timeout 360;
|
|
||||||
proxy_send_timeout 360;
|
|
||||||
proxy_connect_timeout 360;
|
|
||||||
|
|
||||||
# Basic Proxy Config
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-Uri $request_uri;
|
|
||||||
proxy_set_header X-Forwarded-Ssl on;
|
|
||||||
proxy_redirect http:// $scheme://;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Connection "";
|
|
||||||
proxy_cache_bypass $cookie_session;
|
|
||||||
proxy_no_cache $cookie_session;
|
|
||||||
proxy_buffers 64 256k;
|
|
||||||
|
|
||||||
# If behind reverse proxy, forwards the correct IP
|
|
||||||
set_real_ip_from 10.0.0.0/8;
|
|
||||||
set_real_ip_from 172.16.0.0/12;
|
|
||||||
set_real_ip_from 172.17.0.0/16;
|
|
||||||
set_real_ip_from 172.18.0.0/16;
|
|
||||||
set_real_ip_from 172.19.0.0/16;
|
|
||||||
set_real_ip_from 192.168.0.0/16;
|
|
||||||
set_real_ip_from fc00::/7;
|
|
||||||
real_ip_header X-Forwarded-For;
|
|
||||||
real_ip_recursive on;
|
|
|
@ -6,27 +6,44 @@
|
||||||
loop:
|
loop:
|
||||||
- "{{ data_folder }}/openldap"
|
- "{{ data_folder }}/openldap"
|
||||||
- "{{ data_folder }}/openldap/data"
|
- "{{ data_folder }}/openldap/data"
|
||||||
- name: create network
|
- "{{ data_folder }}/openldap/slapd.d"
|
||||||
docker_network:
|
- "{{ data_folder }}/openldap/ldifs"
|
||||||
name: openldap
|
# - name: copy slapd.conf
|
||||||
attachable: true
|
# template:
|
||||||
internal: true
|
# src: slapd.conf.j2
|
||||||
state: present
|
# dest: "{{ data_folder }}/openldap/slapd.d/slapd.conf"
|
||||||
|
# mode: '0755'
|
||||||
|
- name: copy user ldif
|
||||||
|
template:
|
||||||
|
src: lukas.ldif.j2
|
||||||
|
dest: "{{ data_folder }}/openldap/ldifs/lukas.ldif"
|
||||||
|
mode: '0755'
|
||||||
- name: run container
|
- name: run container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: "openldap"
|
name: "openldap"
|
||||||
image: osixia/openldap
|
image: osixia/openldap
|
||||||
hostname: openldap
|
command: "--loglevel debug"
|
||||||
|
hostname: ldap.dev.local
|
||||||
networks:
|
networks:
|
||||||
- name: openldap
|
# - name: bridge
|
||||||
|
- name: nginx-internal
|
||||||
ports:
|
ports:
|
||||||
- "389:389"
|
- "389:389"
|
||||||
- "636:636"
|
- "636:636"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ data_folder }}/openldap/data:/var/lib/ldap"
|
- "{{ data_folder }}/openldap/data:/var/lib/ldap"
|
||||||
|
- "{{ data_folder }}/openldap/slapd.d:/etc/ldap/slapd.d"
|
||||||
|
- "{{ data_folder }}/openldap/ldifs:/container/service/slapd/assets/config/bootstrap/ldif/custom"
|
||||||
env:
|
env:
|
||||||
LDAP_ORGANISATION: "Homelab"
|
LDAP_ORGANISATION: "Homelab"
|
||||||
LDAP_DOMAIN: "kucharczyk.xyz"
|
LDAP_DOMAIN: "kucharczyk.xyz"
|
||||||
LDAP_ADMIN_PASSWORD: "{{ vault_openldap_admin_password }}"
|
|
||||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
|
||||||
state: started
|
LDAP_ADMIN_PASSWORD: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
35623735376134353839323136623133393035343162363366643632376262393539653736326431
|
||||||
|
6635373265313033653861393463633835333639346239650a303463323063373866316162616131
|
||||||
|
66356335346631386265363462353034393735366430636634643466376435313638303938363363
|
||||||
|
3838396139663964300a633931303135376566633363303336373937373138643564636263656233
|
||||||
|
6239
|
||||||
|
state: started
|
||||||
|
restart: yes
|
|
@ -0,0 +1,6 @@
|
||||||
|
dn: dc=kucharczyk,dc=xyz
|
||||||
|
objectclass: top
|
||||||
|
objectclass: dcObject
|
||||||
|
objectclass: organization
|
||||||
|
dc: kucharczyk
|
||||||
|
o: Homelab
|
|
@ -0,0 +1,14 @@
|
||||||
|
dn: uid=lukas,dc=kucharczyk,dc=xyz
|
||||||
|
uid: lukas
|
||||||
|
cn: lukas
|
||||||
|
givenName: Lukas
|
||||||
|
sn: Kucharczyk
|
||||||
|
objectClass: top
|
||||||
|
objectClass: posixAccount
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
loginShell: /bin/bash
|
||||||
|
homeDirectory: /home/lukas
|
||||||
|
uidNumber: 1000
|
||||||
|
gidNumber: 1000
|
||||||
|
userPassword: {SSHA}zsJllCeWKbz1we+L/gu/yt0hxeBdvJfT
|
||||||
|
mail: lukas@kucharczyk.xyz
|
|
@ -0,0 +1,16 @@
|
||||||
|
# default config from /etc/openldap/slapd.conf
|
||||||
|
include /etc/openldap/schema/core.schema
|
||||||
|
pidfile /run/openldap/slapd.pid
|
||||||
|
argsfile /run/openldap/slapd.args
|
||||||
|
|
||||||
|
# custom config
|
||||||
|
allow bind_anon_dn
|
||||||
|
access to attrs=userPassword by * auth
|
||||||
|
access to * by * read
|
||||||
|
loglevel 256
|
||||||
|
|
||||||
|
database mdb
|
||||||
|
suffix "dc=kucharczyk, dc=xyz"
|
||||||
|
rootdn "cn=admin, dc=kucharczyk, dc=xyz"
|
||||||
|
rootpw {SSHA}sgIeW4kyz3t0OyfZ1IZjzEDDb31JI3xK
|
||||||
|
directory /var/lib/ldap
|
|
@ -1,19 +0,0 @@
|
||||||
- name: run container
|
|
||||||
docker_container:
|
|
||||||
name: 'portainer'
|
|
||||||
image: portainer/portainer-ce
|
|
||||||
networks:
|
|
||||||
- name: external
|
|
||||||
- name: openldap
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
ports:
|
|
||||||
- "8000:8000"
|
|
||||||
- "9000:9000"
|
|
||||||
state: started
|
|
||||||
- name: copy nginx conf
|
|
||||||
template:
|
|
||||||
src: portainer.conf.j2
|
|
||||||
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
|
|
||||||
mode: "755"
|
|
||||||
notify: reload nginx
|
|
|
@ -1,20 +0,0 @@
|
||||||
server {
|
|
||||||
server_name portainer.{{ base_domain }};
|
|
||||||
listen 80;
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name portainer.{{ base_domain }};
|
|
||||||
listen 443 ssl http2;
|
|
||||||
|
|
||||||
include /etc/nginx/snippets/authelia-endpoint.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
include /etc/nginx/snippets/proxy.conf;
|
|
||||||
include /etc/nginx/snippets/authelia-auth.conf;
|
|
||||||
|
|
||||||
set $upstream http://portainer:9000; # This example assumes a Docker deployment
|
|
||||||
proxy_pass $upstream;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,34 +0,0 @@
|
||||||
- name: ensure directories exist
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
mode: '0755'
|
|
||||||
loop:
|
|
||||||
- "{{ data_folder }}/radarr"
|
|
||||||
- "{{ media.tv }}"
|
|
||||||
- "{{ media.movies }}"
|
|
||||||
- "{{ downloads.nzb }}"
|
|
||||||
- name: run container
|
|
||||||
docker_container:
|
|
||||||
name: "{{ role_name }}"
|
|
||||||
image: "linuxserver/radarr"
|
|
||||||
networks:
|
|
||||||
- name: external
|
|
||||||
env:
|
|
||||||
"TZ": "{{ tz }}"
|
|
||||||
"PUID": "{{ puid }}"
|
|
||||||
"PGID": "{{ pgid }}"
|
|
||||||
"UMASK": "022"
|
|
||||||
volumes:
|
|
||||||
- "{{ data_folder }}/radarr:/config"
|
|
||||||
- "{{ downloads.nzb }}:/downloads"
|
|
||||||
- "{{ media.movies }}:/movies"
|
|
||||||
ports:
|
|
||||||
- "7878:7878"
|
|
||||||
state: started
|
|
||||||
- name: copy nginx conf
|
|
||||||
template:
|
|
||||||
src: "{{ role_name }}.conf.j2"
|
|
||||||
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
|
|
||||||
mode: "755"
|
|
||||||
notify: reload nginx
|
|
|
@ -1,20 +0,0 @@
|
||||||
server {
|
|
||||||
server_name {{ role_name }}.{{ base_domain }};
|
|
||||||
listen 80;
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name {{ role_name }}.{{ base_domain }};
|
|
||||||
listen 443 ssl http2;
|
|
||||||
|
|
||||||
include /etc/nginx/snippets/authelia-endpoint.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
include /etc/nginx/snippets/proxy.conf;
|
|
||||||
include /etc/nginx/snippets/authelia-auth.conf;
|
|
||||||
|
|
||||||
set $upstream http://{{ role_name }}:7878;
|
|
||||||
proxy_pass $upstream;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,2 +0,0 @@
|
||||||
#!/bin/env fish
|
|
||||||
ansible-vault view --vault-password-file (pass show ansible-homelab | psub) vault/passwords.yml
|
|
|
@ -1,19 +1,14 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
35356537316639386637316365393533643061363734323630393363313237643935666639653963
|
32656133366339323166343734353434356561306461363033383266373733646161323166353438
|
||||||
3734376266353938653631323266663139306335646635660a373233663964623335663366333434
|
3537666138666438373366353530626339303866353162340a386539353333323835383237356566
|
||||||
34386136656530386639646234316238326132616131616632346537613963636637393839613661
|
66636133383662333334396162323637393335336463316235386334353930616238623133613636
|
||||||
6366326639643632320a386436316165343166366134633464393461653434323934326238313430
|
6535613536633662340a386333373465613466303137643232356664363233326561653235656263
|
||||||
39323439306637306134326635323138616337646336653238636539643538613664303764303661
|
63316130346236376235623632356364353538306439616362313837303438363736316137346237
|
||||||
39636661353538393532663937396363656664613334383261336664336237356366663334633430
|
36623333643062626532383439663730653139633836613636343232323437643564643531336661
|
||||||
36356235383930653835393439373737623036613565313131626462363034303062323662663832
|
34386135386437656135616536356538663731336261393636396562666337616462323330623732
|
||||||
66613833613336646633383835653161386363386136663764653734313763383231626434393864
|
65363536383238376166393563636532353336306335613131653261333662613965633265333462
|
||||||
63313061346335383933623630396336336561633938613237643238616531343766613734666132
|
30353564316435636330623434623832623463336231393630616266336435646434303963353665
|
||||||
32306362616131396266656162653563356137383239616464306662643032623438373764306361
|
63616631313863303838613362343538663236656235353966306231643132633938373935646466
|
||||||
32363133626662633435626232653061373831626563323861626635383039613136303632613335
|
63333036376136353831653236663631343761303830336461326264316563643037363935623731
|
||||||
61363265316534653033393763646565393330633063323634353932353936303638356433306362
|
38393037396530346232656366626535363539653462393663653739653935376436333934616562
|
||||||
65383938306637333765383263653939633964613230613835326630313761323561376162646439
|
3931
|
||||||
62323035323634323766393233326363383364653531306432663263303831623936616139306639
|
|
||||||
64303863386265343165666435363761653464386366636366323261353731643263356635383536
|
|
||||||
66326666616339653731633530663161363933383334376238313637356331663431336433643338
|
|
||||||
64313861306161373538363332663363623131303561373237326436373838393965306663333835
|
|
||||||
3764356534323963303832653964666431626538316361613137
|
|
||||||
|
|
Loading…
Reference in New Issue