inventories/production/group_vars/all.yml

@@ -174,6 +174,31 @@ secret_gvm_pass: !vault |
           6637306661373339350a633038336339306639386539336163386530376662663663653966336633
           65383335323339366637633934323632666638366265353839306432373365376530
 
+# For gulagbot
+secret_gulagbot_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63386534643137613234643962663831353461356464363732613030626364366661626134643837
+          6466653931366539656662323330333363633732613061360a306565643932613635353435663039
+          61386334626437323934366634343162643932393834313235356664623537636162376464613061
+          3966393761626133320a646465376235346239333036326530363538306238626438653232623632
+          37616561326538636534393533613037336665333865613735646532656163373233
+secret_gulagbot_discord_token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          37613664393766353738353139323365346639393538653834643633613564646537616532316336
+          6532636639333062643631316234386533613862353232390a656634383663623064326666313861
+          35373034363332363064613165313034666166666233363963646333306138346463613166396438
+          6138366330623562330a636637326335383333643230333565366263383361333936346638363163
+          63343237616363376135303938373833373531306433633536613464363664303861353630313366
+          34356463653362613561373830373235633034656566633032653931316465316438363532396363
+          333735353435383566323463303566646637
+secret_gulagbot_test_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30623364333066613265343462633566663866643264303532343561326461383565326565333230
+          6263663530656438306165636438613037333563646432610a323830383034313639653661353266
+          66656339653239383562356230383566393135363261356365626166333863653961366532393661
+          6132366438346531650a383463396339366330393930633066663039336433313731663337383234
+          36623133613438666633626262633230643862636366393135303163323661303537
+
 # For gitea
 secret_gitea_9iron_db_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256

inventories/production/group_vars/manufacturers_raspi.yml

@@ -4,6 +4,13 @@
 docker_apt_arch: arm64
 
 # DB secrets
+secret_gulagbot_local_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30623364333066613265343462633566663866643264303532343561326461383565326565333230
+          6263663530656438306165636438613037333563646432610a323830383034313639653661353266
+          66656339653239383562356230383566393135363261356365626166333863653961366532393661
+          6132366438346531650a383463396339366330393930633066663039336433313731663337383234
+          36623133613438666633626262633230643862636366393135303163323661303537
 secret_grafana_local_db_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           32326333383035393665316566363266623130313435353165613463336663393634353261623738

playbooks/local_dns.yml

@@ -98,6 +98,8 @@
           value: vm-general-1.ashburn.mgmt.desu.ltd
         - record: git.desu.ltd
           value: vm-general-1.ashburn.mgmt.desu.ltd
+        - record: gitlab.desu.ltd
+          value: vm-general-1.ashburn.mgmt.desu.ltd
         - record: matrix.desu.ltd
           value: vm-general-1.ashburn.mgmt.desu.ltd
         - record: movie.desu.ltd

playbooks/prod_db.yml

@@ -33,6 +33,8 @@
             password: "{{ secret_gitea_db_pass }}"
           - name: gitlab-desultd
             password: "{{ secret_gitlab_db_pass }}"
+          - name: gulagbot-test
+            password: "{{ secret_gulagbot_test_db_pass }}"
           - name: nagios
             password: "{{ secret_postgresql_monitoring_password }}"
           - name: netbox-desultd
@@ -56,6 +58,8 @@
             owner: gitea-desultd
           - name: gitlab-desultd
             owner: gitlab-desultd
+          - name: gulagbot-test
+            owner: gulagbot-test
           - name: netbox-desultd
             owner: netbox-desultd
           - name: nextcloud-desultd

playbooks/prod_web.yml

@@ -31,9 +31,16 @@
         - web/srv.yml
         - web/synapse.yml
         - web/transmission.yml
+        - web/sb-mirror.yml
         - game/factorio.yml
+        - game/minecraft-create-extra.yml
         - game/minecraft-vanilla.yml
+        - game/minecraft-prominence2.yml
+        - game/minecraft-stoneblock.yml
+        - game/minecraft-aofabric.yml
         - game/minecraft-direwolf20.yml
+        - game/palworld.yml
+        - game/satisfactory.yml
         - game/zomboid.yml
       tags: [ always ]
   roles:

playbooks/tasks/app/gulagbot.yml

@@ -0,0 +1,16 @@
+# vim:ft=ansible:
+- name: docker deploy gulagbot
+  docker_container:
+    name: gulagbot
+    image: rehashedsalt/gulagbot:latest
+    env:
+      DISCORD_TOKEN: "{{ secret_gulagbot_discord_token }}"
+      GULAG_DEBUG: "false"
+      GULAG_HUMILIATION: "3"
+      GULAG_SCORE_MIN: "-3"
+      GULAG_SCORE_MAX: "15"
+      PGHOST: eth0.vm-psql-1.home.mgmt.desu.ltd
+      PGDATABASE: gulagbot-desultd
+      PGUSER: gulagbot-desultd
+      PGPASSWORD: "{{ secret_gulagbot_db_pass }}"
+  tags: [ docker, gulagbot, stalin ]

playbooks/tasks/app/octoprint.yml

@@ -0,0 +1,17 @@
+# vim:ft=ansible:
+# https://github.com/OctoPrint/octoprint-docker/blob/master/docker-compose.yml
+- name: docker deploy octoprint
+  docker_container:
+    name: octoprint
+    image: octoprint/octoprint:latest
+    privileged: yes
+    network_mode: host
+    env:
+      ENABLE_MJPG_STREAMER: "true"
+    volumes:
+      # I know this is strictly speaking a "bad thing", but this device is an
+      # appliance so whatever.
+      - /dev:/dev
+      - /etc/localtime:/etc/localtime:ro
+      - /data/octoprint:/octoprint
+  tags: [ docker, octoprint ]

playbooks/tasks/app/syncthing.yml

@@ -0,0 +1,20 @@
+# vim:ft=ansible:
+- name: docker deploy syncthing
+  docker_container:
+    name: syncthing
+    image: linuxserver/syncthing:latest
+    env:
+      PUID: "1000"
+      PGID: "1000"
+      TZ: America/Chicago
+    networks:
+      - name: web
+        aliases: [ "syncthing" ]
+    volumes:
+      - /data/syncthing/config:/config
+      - /data/syncthing/data:/data
+    ports:
+      - 22000:22000/tcp
+      - 22000:22000/udp
+      - 21027:21027/udp
+  tags: [ docker, syncthing ]

playbooks/tasks/app/vaultwarden.yml

@@ -0,0 +1,18 @@
+# vim:ft=ansible:
+- name: docker deploy vaultwarden
+  docker_container:
+    # https://github.com/dani-garcia/vaultwarden/wiki/Which-container-image-to-use
+    name: vaultwarden
+    state: absent
+    image: vaultwarden/server:alpine
+    pull: yes
+    restart_policy: unless-stopped
+    env:
+      DATABASE_URL: "postgresql://vaultwarden-desultd:{{ secret_vaultwarden_db_pass }}@10.0.0.2:5432/vaultwarden-desultd"
+      SIGNUPS_ALLOWED: "false"
+    volumes:
+      - /data/vaultwarden:/data
+    networks:
+      - name: web
+        aliases: [ "vaultwarden" ]
+  tags: [ docker, vaultwarden ]

playbooks/tasks/game/css.yml

@@ -0,0 +1,19 @@
+# vim:ft=ansible:
+- name: docker deploy css
+  docker_container:
+    name: css
+    state: started
+    image: foxylion/steam-css
+    restart_policy: unless-stopped
+    command: "/home/steam/entrypoint.sh update"
+    pull: yes
+    ports:
+      - "1200:1200"
+      - "26901:26901/udp"
+      - "27005:27005/udp"
+      - "27015:27015"
+      - "27015:27015/udp"
+      - "27020:27020/udp"
+    volumes:
+      - /data/css/server.cfg:/home/steam/css/cstrike/cfg/my-server.cfg
+  tags: [ docker, css ]

playbooks/tasks/game/gmod.yml

@@ -0,0 +1,25 @@
+# vim:ft=ansible:
+- name: docker deploy gmod
+  docker_container:
+    name: gmod
+    state: started
+    image: hackebein/garrysmod
+    restart_policy: unless-stopped
+    pull: yes
+    tty: yes
+    env:
+      AUTHKEY: "{{ steam_apikey }}"
+      GAMEMODE: prop_hunt
+      MAP: ph_islandhouse
+      WORKSHOP: "2155532035"
+      WORKSHOPDL: "2155532035"
+    ports:
+      - "1200:1200"
+      - "26901:26901/udp"
+      - "27005:27005/udp"
+      - "27015:27015"
+      - "27015:27015/udp"
+      - "27020:27020/udp"
+    volumes:
+      - /data/gmod:/opt/overlay
+  tags: [ docker, gmod ]

playbooks/tasks/game/minecraft-aofabric.yml

@@ -1,21 +1,21 @@
 # vim:ft=ansible:
-- name: docker deploy minecraft - create farming and delights
+- name: docker deploy minecraft - all the fabric
   docker_container:
-    name: minecraft-createfarming
+    name: minecraft-aofabric
-    state: started
+    state: absent
     image: itzg/minecraft-server:latest
     restart_policy: unless-stopped
     pull: yes
     env:
       EULA: "true"
-      MODRINTH_PROJECT: "https://modrinth.com/modpack/create-farmersdelight/version/1.0.0"
+      MODRINTH_PROJECT: "https://modrinth.com/modpack/all-the-fabric-5/version/v5.4"
       TYPE: "MODRINTH"
       VERSION: "1.20.1"
-      MAX_MEMORY: "6G"
+      MAX_MEMORY: "8G"
     ports:
       - "25565:25565/tcp"
       - "25565:25565/udp"
       - "24454:24454/udp"
     volumes:
-      - /data/minecraft/createfarming:/data
+      - /data/minecraft/aofabric:/data
   tags: [ docker, minecraft ]

playbooks/tasks/game/minecraft-create-extra.yml

@@ -0,0 +1,20 @@
+# vim:ft=ansible:
+- name: docker deploy minecraft - create extra
+  docker_container:
+    name: minecraft-create-extra
+    state: absent
+    image: itzg/minecraft-server:latest
+    restart_policy: unless-stopped
+    pull: yes
+    env:
+      EULA: "true"
+      MODRINTH_PROJECT: "https://modrinth.com/modpack/create-extra/version/1.0.0"
+      TYPE: "MODRINTH"
+      VERSION: "1.19.2"
+    ports:
+      - "25565:25565/tcp"
+      - "25565:25565/udp"
+      - "24454:24454/udp"
+    volumes:
+      - /data/minecraft/create-extra:/data
+  tags: [ docker, minecraft ]

playbooks/tasks/game/minecraft-prominence2.yml

@@ -0,0 +1,21 @@
+# vim:ft=ansible:
+- name: docker deploy minecraft - prominence 2
+  docker_container:
+    name: minecraft-prominence
+    state: absent
+    image: itzg/minecraft-server:latest
+    restart_policy: unless-stopped
+    pull: yes
+    env:
+      EULA: "true"
+      CF_SERVER_MOD: "/modpacks/1.20.1-prominence2-1.3.5/server.zip"
+      TYPE: "CURSEFORGE"
+      MEMORY: "8G"
+    ports:
+      - "25565:25565/tcp"
+      - "25565:25565/udp"
+      - "24454:24454/udp"
+    volumes:
+      - /data/srv/packs:/modpacks
+      - /data/minecraft/prominence:/data
+  tags: [ docker, minecraft, prominence, prom ]

playbooks/tasks/game/minecraft-stoneblock.yml

@@ -0,0 +1,19 @@
+# vim:ft=ansible:
+- name: docker deploy minecraft - stoneblock
+  docker_container:
+    name: minecraft-stoneblock
+    state: absent
+    image: itzg/minecraft-server:latest
+    restart_policy: unless-stopped
+    pull: yes
+    env:
+      EULA: "true"
+      FTB_MODPACK_ID: "100"
+      TYPE: "FTBA"
+      MEMORY: "8G"
+    ports:
+      - "25566:25565/tcp"
+      - "25566:25565/udp"
+    volumes:
+      - /data/minecraft/stoneblock:/data
+  tags: [ docker, minecraft, stoneblock ]

playbooks/tasks/game/palworld.yml

@@ -0,0 +1,26 @@
+# vim:ft=ansible:
+- name: docker deploy palworld
+  docker_container:
+    name: palworld
+    state: absent
+    image: thijsvanloef/palworld-server-docker:latest
+    restart_policy: unless-stopped
+    pull: yes
+    env:
+      ADMIN_PASSWORD: "balltoucher69"
+      COMMUNITY: "false"
+      MULTITHREADING: "true"
+      PUID: "1000"
+      PGID: "1000"
+      PORT: "8211"
+      PLAYERS: "8"
+      RCON_ENABLED: "false"
+      SERVER_NAME: "The Salty Spitoon"
+      SERVER_PASSWORD: "dicks"
+      UPDATE_ON_BOOT: "true"
+    ports:
+      - '8211:8211/udp'
+      - '27015:27015/udp'
+    volumes:
+      - /data/palworld/:/palworld
+  tags: [ docker, palworld ]

playbooks/tasks/game/satisfactory.yml

@@ -0,0 +1,17 @@
+# vim:ft=ansible:
+- name: docker deploy satisfactory
+  docker_container:
+    name: satisfactory
+    state: absent
+    image: wolveix/satisfactory-server:latest
+    restart_policy: unless-stopped
+    pull: yes
+    env:
+      MAXPLAYERS: "8"
+    ports:
+      - '7777:7777/udp'
+      - '15000:15000/udp'
+      - '15777:15777/udp'
+    volumes:
+      - /data/satisfactory/config:/config
+  tags: [ docker, satisfactory ]

playbooks/tasks/game/scpsl.yml

@@ -0,0 +1,18 @@
+# vim:ft=ansible:
+# https://github.com/mkrupczak3/SCP-SECRET-LAB-DOCKER
+# Kinda forked it and changed a few settings tho
+- name: docker deploy scpsl
+  docker_container:
+    name: scpsl
+    state: started
+    image: rehashedsalt/scpsl:latest
+    restart_policy: unless-stopped
+    pull: yes
+    ports:
+      - "7777-7784:7777-7784/udp"
+      - "7777-7784:7777-7784"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /data/scpsl/steamcmd:/home/steam/steamcmd
+      - /data/scpsl/scp_server:/home/steam/scp_server
+  tags: [ docker, scpsl ]

playbooks/tasks/game/starbound.yml

@@ -0,0 +1,15 @@
+# vim:ft=ansible:
+- name: docker deploy starbound
+  docker_container:
+    name: starbound
+    state: absent
+    image: didstopia/starbound-server
+    restart_policy: unless-stopped
+    pull: yes
+    env:
+      SKIP_STEAMCMD: "true"
+    ports:
+      - "21025:21025"
+    volumes:
+      - /data/starbound/main:/steamcmd/starbound
+  tags: [ docker, starbound ]

playbooks/tasks/web/gitlab.yml

@@ -0,0 +1,29 @@
+# vim:ft=ansible:
+- name: docker deploy gitlab
+  docker_container:
+    name: gitlab
+    image: gitlab/gitlab-ce:latest
+    log_driver: journald
+    env:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://gitlab.desu.ltd'
+        gitlab_rails['gitlab_shell_ssh_port'] = 2224
+        gitlab_rails['db_adapter'] = 'postgresql'
+        gitlab_rails['db_database'] = 'gitlab-desultd'
+        gitlab_rails['db_encoding'] = 'unicode'
+        gitlab_rails['db_host'] = '10.0.0.2'
+        gitlab_rails['db_password'] = '{{ secret_gitlab_db_pass }}'
+        gitlab_rails['db_username'] = 'gitlab-desultd'
+        nginx['listen_port'] = 80
+        nginx['listen_https'] = false
+        postgresql['enable'] = false
+    ports:
+      - 2224:22/tcp
+    networks:
+      - name: web
+        aliases: [ "gitlab" ]
+    volumes:
+      - /data/gitlab/config:/etc/gitlab
+      - /data/gitlab/logs:/var/log/gitlab
+      - /data/gitlab/data:/var/opt/gitlab
+  tags: [ docker, gitlab ]

playbooks/tasks/web/jellyfin.yml

@@ -0,0 +1,34 @@
+# vim:ft=ansible:
+- name: docker deploy jellyfin
+  docker_compose:
+    project_name: jellyfin
+    definition:
+      version: "2.1"
+      services:
+        jellyfin:
+          image: jellyfin/jellyfin:unstable
+          container_name: jellyfin
+          restart: unless-stopped
+          deploy:
+            resources:
+              reservations:
+                devices:
+                  - capabilities: [ gpu ]
+          environment:
+            NVIDIA_DRIVER_CAPABILITIES: all
+            NVIDIA_VISIBLE_DEVICES: all
+          networks:
+            web:
+              aliases:
+                - jellyfin
+          ports:
+            - 8096:8096
+          volumes:
+            - /data/jellyfin/config:/config
+            - /data/jellyfin/cache:/cache
+            - /data/shared/media:/media
+      networks:
+        web:
+          external: yes
+          name: web
+  tags: [ docker, jellyfin ]

playbooks/tasks/web/peertube.yml

@@ -0,0 +1,23 @@
+# vim:ft=ansible:
+- name: docker deploy peertube
+  docker_container:
+    name: peertube
+    image: chocobozzz/peertube:production-buster
+    env:
+      POSTGRES_DB: peertube_cowfee
+      PEERTUBE_DB: peertube_cowfee
+      PEERTUBE_DB_USERNAME: peertube-cowfee
+      PEERTUBE_DB_PASSWORD: "{{ secret_peertube_db_pass }}"
+      PEERTUBE_DB_HOSTNAME: 192.168.164.156
+      PEERTUBE_ADMIN_EMAIL: rehashedsalt@cock.li
+      PEERTUBE_WEBSERVER_HOSTNAME: tube.cowfee.moe
+      PEERTUBE_TRUST_PROXY: '["127.0.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]'
+    networks:
+      - name: web
+        aliases: [ "peertube" ]
+    ports:
+      - "1935:1935"
+    volumes:
+      - /data/peertube/data:/data
+      - /data/peertube/config:/config
+  tags: [ docker, peertube ]

playbooks/tasks/web/pleroma.yml

@@ -2,14 +2,10 @@
 - name: docker deploy pleroma
   docker_container:
     name: pleroma
-    # Note: this container is defunct
-    # Switch to this: https://github.com/angristan/docker-pleroma
     image: jordemort/pleroma
     state: absent
     env:
       TZ: "America/Chicago"
-      # This value is wrong because we're on Hetzner now, which is on a 10.0.0.0/8
-      # In fact, most of these envvars are wrong
       POSTGRES_HOST: 192.168.164.156
       POSTGRES_DB: pleroma_cowfee
       POSTGRES_USER: pleroma-cowfee

playbooks/tasks/web/sb-mirror.yml

@@ -0,0 +1,20 @@
+# vim:ft=ansible:
+- name: docker deploy sb-mirror
+  docker_container:
+    name: sb-mirror
+    image: mchangrh/sb-mirror
+    state: absent
+    # Enable me if you want the mirror public
+    # https://github.com/mchangrh/sb-mirror
+    # Should be port 873
+#    networks:
+#      - name: web
+#        aliases: [ "sb-mirror" ]
+    volumes:
+      - /data/sb-mirror/mirror:/mirror
+      - /data/sb-export/export:/export
+    env:
+      CSVLINT: "TRUE"
+      MIRROR: "TRUE"
+      VALIDATE: "TRUE"
+  tags: [ docker, sb-mirror ]

roles/desktop/defaults/main.yml

@@ -19,6 +19,7 @@ desktop_apt_keys_keyserver:
 desktop_apt_keys_keyserver_extra: []
 
 desktop_apt_keys_url:
+  - "https://syncthing.net/release-key.txt" # Syncthing
   - "https://packages.riot.im/debian/riot-im-archive-keyring.gpg" # Element
   - "https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg " # Spotify
   - "https://packages.cloud.google.com/apt/doc/apt-key.gpg" # kubectl https://kubernetes.io/docs/tasks/tools/install-kubectl/
@@ -28,6 +29,7 @@ desktop_apt_keys_url_extra: []
 
 desktop_apt_repos:
   - "deb http://repository.spotify.com stable non-free" # Spotify
+  - "deb https://apt.syncthing.net/ syncthing stable" # Syncthing
   - "deb https://packages.riot.im/debian/ default main" # Element
   - "deb https://apt.kubernetes.io/ kubernetes-xenial main" # Kubernetes
   - "deb https://baltocdn.com/helm/stable/debian/ all main" # Helm
@@ -122,6 +124,7 @@ desktop_apt_packages:
   - retroarch                           # Emulators are legitimate competition
   - spotify-client                      # Moosucc
   - steam-installer                     # Steam is an important part of one's life
+  - syncthing-gtk                       # Also pulls in syncthing and is very neato burrito
   - torbrowser-launcher                 # Useful utility
   - virt-manager                        # Important to manage VMs
   - vulkan-tools                        # Pulls in Vulkan support for things like DXVK