Compare commits

..

No commits in common. "3a6b9a242a86b788d4307a69483aea70fa643c85" and "2b0160e57a0e96425caa862145a9083b59a6268e" have entirely different histories.

20 changed files with 314 additions and 4 deletions

View File

@ -174,6 +174,31 @@ secret_gvm_pass: !vault |
6637306661373339350a633038336339306639386539336163386530376662663663653966336633
65383335323339366637633934323632666638366265353839306432373365376530
# For gulagbot
secret_gulagbot_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
63386534643137613234643962663831353461356464363732613030626364366661626134643837
6466653931366539656662323330333363633732613061360a306565643932613635353435663039
61386334626437323934366634343162643932393834313235356664623537636162376464613061
3966393761626133320a646465376235346239333036326530363538306238626438653232623632
37616561326538636534393533613037336665333865613735646532656163373233
secret_gulagbot_discord_token: !vault |
$ANSIBLE_VAULT;1.1;AES256
37613664393766353738353139323365346639393538653834643633613564646537616532316336
6532636639333062643631316234386533613862353232390a656634383663623064326666313861
35373034363332363064613165313034666166666233363963646333306138346463613166396438
6138366330623562330a636637326335383333643230333565366263383361333936346638363163
63343237616363376135303938373833373531306433633536613464363664303861353630313366
34356463653362613561373830373235633034656566633032653931316465316438363532396363
333735353435383566323463303566646637
secret_gulagbot_test_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
30623364333066613265343462633566663866643264303532343561326461383565326565333230
6263663530656438306165636438613037333563646432610a323830383034313639653661353266
66656339653239383562356230383566393135363261356365626166333863653961366532393661
6132366438346531650a383463396339366330393930633066663039336433313731663337383234
36623133613438666633626262633230643862636366393135303163323661303537
# For gitea
secret_gitea_9iron_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256

View File

@ -4,6 +4,13 @@
docker_apt_arch: arm64
# DB secrets
secret_gulagbot_local_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
30623364333066613265343462633566663866643264303532343561326461383565326565333230
6263663530656438306165636438613037333563646432610a323830383034313639653661353266
66656339653239383562356230383566393135363261356365626166333863653961366532393661
6132366438346531650a383463396339366330393930633066663039336433313731663337383234
36623133613438666633626262633230643862636366393135303163323661303537
secret_grafana_local_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
32326333383035393665316566363266623130313435353165613463336663393634353261623738

View File

@ -98,6 +98,8 @@
value: vm-general-1.ashburn.mgmt.desu.ltd
- record: git.desu.ltd
value: vm-general-1.ashburn.mgmt.desu.ltd
- record: gitlab.desu.ltd
value: vm-general-1.ashburn.mgmt.desu.ltd
- record: matrix.desu.ltd
value: vm-general-1.ashburn.mgmt.desu.ltd
- record: movie.desu.ltd

View File

@ -33,6 +33,8 @@
password: "{{ secret_gitea_db_pass }}"
- name: gitlab-desultd
password: "{{ secret_gitlab_db_pass }}"
- name: gulagbot-test
password: "{{ secret_gulagbot_test_db_pass }}"
- name: nagios
password: "{{ secret_postgresql_monitoring_password }}"
- name: netbox-desultd
@ -56,6 +58,8 @@
owner: gitea-desultd
- name: gitlab-desultd
owner: gitlab-desultd
- name: gulagbot-test
owner: gulagbot-test
- name: netbox-desultd
owner: netbox-desultd
- name: nextcloud-desultd

View File

@ -31,9 +31,11 @@
- web/srv.yml
- web/synapse.yml
- web/transmission.yml
- web/sb-mirror.yml
- game/factorio.yml
- game/minecraft-vanilla.yml
- game/minecraft-direwolf20.yml
- game/satisfactory.yml
- game/zomboid.yml
tags: [ always ]
roles:

View File

@ -0,0 +1,16 @@
# vim:ft=ansible:
- name: docker deploy gulagbot
docker_container:
name: gulagbot
image: rehashedsalt/gulagbot:latest
env:
DISCORD_TOKEN: "{{ secret_gulagbot_discord_token }}"
GULAG_DEBUG: "false"
GULAG_HUMILIATION: "3"
GULAG_SCORE_MIN: "-3"
GULAG_SCORE_MAX: "15"
PGHOST: eth0.vm-psql-1.home.mgmt.desu.ltd
PGDATABASE: gulagbot-desultd
PGUSER: gulagbot-desultd
PGPASSWORD: "{{ secret_gulagbot_db_pass }}"
tags: [ docker, gulagbot, stalin ]

View File

@ -0,0 +1,17 @@
# vim:ft=ansible:
# https://github.com/OctoPrint/octoprint-docker/blob/master/docker-compose.yml
- name: docker deploy octoprint
docker_container:
name: octoprint
image: octoprint/octoprint:latest
privileged: yes
network_mode: host
env:
ENABLE_MJPG_STREAMER: "true"
volumes:
# I know this is strictly speaking a "bad thing", but this device is an
# appliance so whatever.
- /dev:/dev
- /etc/localtime:/etc/localtime:ro
- /data/octoprint:/octoprint
tags: [ docker, octoprint ]

View File

@ -0,0 +1,20 @@
# vim:ft=ansible:
- name: docker deploy syncthing
docker_container:
name: syncthing
image: linuxserver/syncthing:latest
env:
PUID: "1000"
PGID: "1000"
TZ: America/Chicago
networks:
- name: web
aliases: [ "syncthing" ]
volumes:
- /data/syncthing/config:/config
- /data/syncthing/data:/data
ports:
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
tags: [ docker, syncthing ]

View File

@ -0,0 +1,18 @@
# vim:ft=ansible:
- name: docker deploy vaultwarden
docker_container:
# https://github.com/dani-garcia/vaultwarden/wiki/Which-container-image-to-use
name: vaultwarden
state: absent
image: vaultwarden/server:alpine
pull: yes
restart_policy: unless-stopped
env:
DATABASE_URL: "postgresql://vaultwarden-desultd:{{ secret_vaultwarden_db_pass }}@10.0.0.2:5432/vaultwarden-desultd"
SIGNUPS_ALLOWED: "false"
volumes:
- /data/vaultwarden:/data
networks:
- name: web
aliases: [ "vaultwarden" ]
tags: [ docker, vaultwarden ]

View File

@ -0,0 +1,19 @@
# vim:ft=ansible:
- name: docker deploy css
docker_container:
name: css
state: started
image: foxylion/steam-css
restart_policy: unless-stopped
command: "/home/steam/entrypoint.sh update"
pull: yes
ports:
- "1200:1200"
- "26901:26901/udp"
- "27005:27005/udp"
- "27015:27015"
- "27015:27015/udp"
- "27020:27020/udp"
volumes:
- /data/css/server.cfg:/home/steam/css/cstrike/cfg/my-server.cfg
tags: [ docker, css ]

View File

@ -0,0 +1,25 @@
# vim:ft=ansible:
- name: docker deploy gmod
docker_container:
name: gmod
state: started
image: hackebein/garrysmod
restart_policy: unless-stopped
pull: yes
tty: yes
env:
AUTHKEY: "{{ steam_apikey }}"
GAMEMODE: prop_hunt
MAP: ph_islandhouse
WORKSHOP: "2155532035"
WORKSHOPDL: "2155532035"
ports:
- "1200:1200"
- "26901:26901/udp"
- "27005:27005/udp"
- "27015:27015"
- "27015:27015/udp"
- "27020:27020/udp"
volumes:
- /data/gmod:/opt/overlay
tags: [ docker, gmod ]

View File

@ -0,0 +1,17 @@
# vim:ft=ansible:
- name: docker deploy satisfactory
docker_container:
name: satisfactory
state: absent
image: wolveix/satisfactory-server:latest
restart_policy: unless-stopped
pull: yes
env:
MAXPLAYERS: "8"
ports:
- '7777:7777/udp'
- '15000:15000/udp'
- '15777:15777/udp'
volumes:
- /data/satisfactory/config:/config
tags: [ docker, satisfactory ]

View File

@ -0,0 +1,18 @@
# vim:ft=ansible:
# https://github.com/mkrupczak3/SCP-SECRET-LAB-DOCKER
# Kinda forked it and changed a few settings tho
- name: docker deploy scpsl
docker_container:
name: scpsl
state: started
image: rehashedsalt/scpsl:latest
restart_policy: unless-stopped
pull: yes
ports:
- "7777-7784:7777-7784/udp"
- "7777-7784:7777-7784"
volumes:
- /etc/localtime:/etc/localtime:ro
- /data/scpsl/steamcmd:/home/steam/steamcmd
- /data/scpsl/scp_server:/home/steam/scp_server
tags: [ docker, scpsl ]

View File

@ -0,0 +1,15 @@
# vim:ft=ansible:
- name: docker deploy starbound
docker_container:
name: starbound
state: absent
image: didstopia/starbound-server
restart_policy: unless-stopped
pull: yes
env:
SKIP_STEAMCMD: "true"
ports:
- "21025:21025"
volumes:
- /data/starbound/main:/steamcmd/starbound
tags: [ docker, starbound ]

View File

@ -0,0 +1,29 @@
# vim:ft=ansible:
- name: docker deploy gitlab
docker_container:
name: gitlab
image: gitlab/gitlab-ce:latest
log_driver: journald
env:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.desu.ltd'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_database'] = 'gitlab-desultd'
gitlab_rails['db_encoding'] = 'unicode'
gitlab_rails['db_host'] = '10.0.0.2'
gitlab_rails['db_password'] = '{{ secret_gitlab_db_pass }}'
gitlab_rails['db_username'] = 'gitlab-desultd'
nginx['listen_port'] = 80
nginx['listen_https'] = false
postgresql['enable'] = false
ports:
- 2224:22/tcp
networks:
- name: web
aliases: [ "gitlab" ]
volumes:
- /data/gitlab/config:/etc/gitlab
- /data/gitlab/logs:/var/log/gitlab
- /data/gitlab/data:/var/opt/gitlab
tags: [ docker, gitlab ]

View File

@ -0,0 +1,34 @@
# vim:ft=ansible:
- name: docker deploy jellyfin
docker_compose:
project_name: jellyfin
definition:
version: "2.1"
services:
jellyfin:
image: jellyfin/jellyfin:unstable
container_name: jellyfin
restart: unless-stopped
deploy:
resources:
reservations:
devices:
- capabilities: [ gpu ]
environment:
NVIDIA_DRIVER_CAPABILITIES: all
NVIDIA_VISIBLE_DEVICES: all
networks:
web:
aliases:
- jellyfin
ports:
- 8096:8096
volumes:
- /data/jellyfin/config:/config
- /data/jellyfin/cache:/cache
- /data/shared/media:/media
networks:
web:
external: yes
name: web
tags: [ docker, jellyfin ]

View File

@ -0,0 +1,23 @@
# vim:ft=ansible:
- name: docker deploy peertube
docker_container:
name: peertube
image: chocobozzz/peertube:production-buster
env:
POSTGRES_DB: peertube_cowfee
PEERTUBE_DB: peertube_cowfee
PEERTUBE_DB_USERNAME: peertube-cowfee
PEERTUBE_DB_PASSWORD: "{{ secret_peertube_db_pass }}"
PEERTUBE_DB_HOSTNAME: 192.168.164.156
PEERTUBE_ADMIN_EMAIL: rehashedsalt@cock.li
PEERTUBE_WEBSERVER_HOSTNAME: tube.cowfee.moe
PEERTUBE_TRUST_PROXY: '["127.0.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]'
networks:
- name: web
aliases: [ "peertube" ]
ports:
- "1935:1935"
volumes:
- /data/peertube/data:/data
- /data/peertube/config:/config
tags: [ docker, peertube ]

View File

@ -2,14 +2,10 @@
- name: docker deploy pleroma
docker_container:
name: pleroma
# Note: this container is defunct
# Switch to this: https://github.com/angristan/docker-pleroma
image: jordemort/pleroma
state: absent
env:
TZ: "America/Chicago"
# This value is wrong because we're on Hetzner now, which is on a 10.0.0.0/8
# In fact, most of these envvars are wrong
POSTGRES_HOST: 192.168.164.156
POSTGRES_DB: pleroma_cowfee
POSTGRES_USER: pleroma-cowfee

View File

@ -0,0 +1,20 @@
# vim:ft=ansible:
- name: docker deploy sb-mirror
docker_container:
name: sb-mirror
image: mchangrh/sb-mirror
state: absent
# Enable me if you want the mirror public
# https://github.com/mchangrh/sb-mirror
# Should be port 873
# networks:
# - name: web
# aliases: [ "sb-mirror" ]
volumes:
- /data/sb-mirror/mirror:/mirror
- /data/sb-export/export:/export
env:
CSVLINT: "TRUE"
MIRROR: "TRUE"
VALIDATE: "TRUE"
tags: [ docker, sb-mirror ]

View File

@ -19,6 +19,7 @@ desktop_apt_keys_keyserver:
desktop_apt_keys_keyserver_extra: []
desktop_apt_keys_url:
- "https://syncthing.net/release-key.txt" # Syncthing
- "https://packages.riot.im/debian/riot-im-archive-keyring.gpg" # Element
- "https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg " # Spotify
- "https://packages.cloud.google.com/apt/doc/apt-key.gpg" # kubectl https://kubernetes.io/docs/tasks/tools/install-kubectl/
@ -28,6 +29,7 @@ desktop_apt_keys_url_extra: []
desktop_apt_repos:
- "deb http://repository.spotify.com stable non-free" # Spotify
- "deb https://apt.syncthing.net/ syncthing stable" # Syncthing
- "deb https://packages.riot.im/debian/ default main" # Element
- "deb https://apt.kubernetes.io/ kubernetes-xenial main" # Kubernetes
- "deb https://baltocdn.com/helm/stable/debian/ all main" # Helm
@ -122,6 +124,7 @@ desktop_apt_packages:
- retroarch # Emulators are legitimate competition
- spotify-client # Moosucc
- steam-installer # Steam is an important part of one's life
- syncthing-gtk # Also pulls in syncthing and is very neato burrito
- torbrowser-launcher # Useful utility
- virt-manager # Important to manage VMs
- vulkan-tools # Pulls in Vulkan support for things like DXVK