Compare commits
No commits in common. "3a6b9a242a86b788d4307a69483aea70fa643c85" and "2b0160e57a0e96425caa862145a9083b59a6268e" have entirely different histories.
3a6b9a242a
...
2b0160e57a
@ -174,6 +174,31 @@ secret_gvm_pass: !vault |
|
||||
6637306661373339350a633038336339306639386539336163386530376662663663653966336633
|
||||
65383335323339366637633934323632666638366265353839306432373365376530
|
||||
|
||||
# For gulagbot
|
||||
secret_gulagbot_db_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63386534643137613234643962663831353461356464363732613030626364366661626134643837
|
||||
6466653931366539656662323330333363633732613061360a306565643932613635353435663039
|
||||
61386334626437323934366634343162643932393834313235356664623537636162376464613061
|
||||
3966393761626133320a646465376235346239333036326530363538306238626438653232623632
|
||||
37616561326538636534393533613037336665333865613735646532656163373233
|
||||
secret_gulagbot_discord_token: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37613664393766353738353139323365346639393538653834643633613564646537616532316336
|
||||
6532636639333062643631316234386533613862353232390a656634383663623064326666313861
|
||||
35373034363332363064613165313034666166666233363963646333306138346463613166396438
|
||||
6138366330623562330a636637326335383333643230333565366263383361333936346638363163
|
||||
63343237616363376135303938373833373531306433633536613464363664303861353630313366
|
||||
34356463653362613561373830373235633034656566633032653931316465316438363532396363
|
||||
333735353435383566323463303566646637
|
||||
secret_gulagbot_test_db_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30623364333066613265343462633566663866643264303532343561326461383565326565333230
|
||||
6263663530656438306165636438613037333563646432610a323830383034313639653661353266
|
||||
66656339653239383562356230383566393135363261356365626166333863653961366532393661
|
||||
6132366438346531650a383463396339366330393930633066663039336433313731663337383234
|
||||
36623133613438666633626262633230643862636366393135303163323661303537
|
||||
|
||||
# For gitea
|
||||
secret_gitea_9iron_db_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
|
@ -4,6 +4,13 @@
|
||||
docker_apt_arch: arm64
|
||||
|
||||
# DB secrets
|
||||
secret_gulagbot_local_db_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30623364333066613265343462633566663866643264303532343561326461383565326565333230
|
||||
6263663530656438306165636438613037333563646432610a323830383034313639653661353266
|
||||
66656339653239383562356230383566393135363261356365626166333863653961366532393661
|
||||
6132366438346531650a383463396339366330393930633066663039336433313731663337383234
|
||||
36623133613438666633626262633230643862636366393135303163323661303537
|
||||
secret_grafana_local_db_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
32326333383035393665316566363266623130313435353165613463336663393634353261623738
|
||||
|
@ -98,6 +98,8 @@
|
||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
||||
- record: git.desu.ltd
|
||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
||||
- record: gitlab.desu.ltd
|
||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
||||
- record: matrix.desu.ltd
|
||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
||||
- record: movie.desu.ltd
|
||||
|
@ -33,6 +33,8 @@
|
||||
password: "{{ secret_gitea_db_pass }}"
|
||||
- name: gitlab-desultd
|
||||
password: "{{ secret_gitlab_db_pass }}"
|
||||
- name: gulagbot-test
|
||||
password: "{{ secret_gulagbot_test_db_pass }}"
|
||||
- name: nagios
|
||||
password: "{{ secret_postgresql_monitoring_password }}"
|
||||
- name: netbox-desultd
|
||||
@ -56,6 +58,8 @@
|
||||
owner: gitea-desultd
|
||||
- name: gitlab-desultd
|
||||
owner: gitlab-desultd
|
||||
- name: gulagbot-test
|
||||
owner: gulagbot-test
|
||||
- name: netbox-desultd
|
||||
owner: netbox-desultd
|
||||
- name: nextcloud-desultd
|
||||
|
@ -31,9 +31,11 @@
|
||||
- web/srv.yml
|
||||
- web/synapse.yml
|
||||
- web/transmission.yml
|
||||
- web/sb-mirror.yml
|
||||
- game/factorio.yml
|
||||
- game/minecraft-vanilla.yml
|
||||
- game/minecraft-direwolf20.yml
|
||||
- game/satisfactory.yml
|
||||
- game/zomboid.yml
|
||||
tags: [ always ]
|
||||
roles:
|
||||
|
16
playbooks/tasks/app/gulagbot.yml
Normal file
16
playbooks/tasks/app/gulagbot.yml
Normal file
@ -0,0 +1,16 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy gulagbot
|
||||
docker_container:
|
||||
name: gulagbot
|
||||
image: rehashedsalt/gulagbot:latest
|
||||
env:
|
||||
DISCORD_TOKEN: "{{ secret_gulagbot_discord_token }}"
|
||||
GULAG_DEBUG: "false"
|
||||
GULAG_HUMILIATION: "3"
|
||||
GULAG_SCORE_MIN: "-3"
|
||||
GULAG_SCORE_MAX: "15"
|
||||
PGHOST: eth0.vm-psql-1.home.mgmt.desu.ltd
|
||||
PGDATABASE: gulagbot-desultd
|
||||
PGUSER: gulagbot-desultd
|
||||
PGPASSWORD: "{{ secret_gulagbot_db_pass }}"
|
||||
tags: [ docker, gulagbot, stalin ]
|
17
playbooks/tasks/app/octoprint.yml
Normal file
17
playbooks/tasks/app/octoprint.yml
Normal file
@ -0,0 +1,17 @@
|
||||
# vim:ft=ansible:
|
||||
# https://github.com/OctoPrint/octoprint-docker/blob/master/docker-compose.yml
|
||||
- name: docker deploy octoprint
|
||||
docker_container:
|
||||
name: octoprint
|
||||
image: octoprint/octoprint:latest
|
||||
privileged: yes
|
||||
network_mode: host
|
||||
env:
|
||||
ENABLE_MJPG_STREAMER: "true"
|
||||
volumes:
|
||||
# I know this is strictly speaking a "bad thing", but this device is an
|
||||
# appliance so whatever.
|
||||
- /dev:/dev
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /data/octoprint:/octoprint
|
||||
tags: [ docker, octoprint ]
|
20
playbooks/tasks/app/syncthing.yml
Normal file
20
playbooks/tasks/app/syncthing.yml
Normal file
@ -0,0 +1,20 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy syncthing
|
||||
docker_container:
|
||||
name: syncthing
|
||||
image: linuxserver/syncthing:latest
|
||||
env:
|
||||
PUID: "1000"
|
||||
PGID: "1000"
|
||||
TZ: America/Chicago
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "syncthing" ]
|
||||
volumes:
|
||||
- /data/syncthing/config:/config
|
||||
- /data/syncthing/data:/data
|
||||
ports:
|
||||
- 22000:22000/tcp
|
||||
- 22000:22000/udp
|
||||
- 21027:21027/udp
|
||||
tags: [ docker, syncthing ]
|
18
playbooks/tasks/app/vaultwarden.yml
Normal file
18
playbooks/tasks/app/vaultwarden.yml
Normal file
@ -0,0 +1,18 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy vaultwarden
|
||||
docker_container:
|
||||
# https://github.com/dani-garcia/vaultwarden/wiki/Which-container-image-to-use
|
||||
name: vaultwarden
|
||||
state: absent
|
||||
image: vaultwarden/server:alpine
|
||||
pull: yes
|
||||
restart_policy: unless-stopped
|
||||
env:
|
||||
DATABASE_URL: "postgresql://vaultwarden-desultd:{{ secret_vaultwarden_db_pass }}@10.0.0.2:5432/vaultwarden-desultd"
|
||||
SIGNUPS_ALLOWED: "false"
|
||||
volumes:
|
||||
- /data/vaultwarden:/data
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "vaultwarden" ]
|
||||
tags: [ docker, vaultwarden ]
|
19
playbooks/tasks/game/css.yml
Normal file
19
playbooks/tasks/game/css.yml
Normal file
@ -0,0 +1,19 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy css
|
||||
docker_container:
|
||||
name: css
|
||||
state: started
|
||||
image: foxylion/steam-css
|
||||
restart_policy: unless-stopped
|
||||
command: "/home/steam/entrypoint.sh update"
|
||||
pull: yes
|
||||
ports:
|
||||
- "1200:1200"
|
||||
- "26901:26901/udp"
|
||||
- "27005:27005/udp"
|
||||
- "27015:27015"
|
||||
- "27015:27015/udp"
|
||||
- "27020:27020/udp"
|
||||
volumes:
|
||||
- /data/css/server.cfg:/home/steam/css/cstrike/cfg/my-server.cfg
|
||||
tags: [ docker, css ]
|
25
playbooks/tasks/game/gmod.yml
Normal file
25
playbooks/tasks/game/gmod.yml
Normal file
@ -0,0 +1,25 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy gmod
|
||||
docker_container:
|
||||
name: gmod
|
||||
state: started
|
||||
image: hackebein/garrysmod
|
||||
restart_policy: unless-stopped
|
||||
pull: yes
|
||||
tty: yes
|
||||
env:
|
||||
AUTHKEY: "{{ steam_apikey }}"
|
||||
GAMEMODE: prop_hunt
|
||||
MAP: ph_islandhouse
|
||||
WORKSHOP: "2155532035"
|
||||
WORKSHOPDL: "2155532035"
|
||||
ports:
|
||||
- "1200:1200"
|
||||
- "26901:26901/udp"
|
||||
- "27005:27005/udp"
|
||||
- "27015:27015"
|
||||
- "27015:27015/udp"
|
||||
- "27020:27020/udp"
|
||||
volumes:
|
||||
- /data/gmod:/opt/overlay
|
||||
tags: [ docker, gmod ]
|
17
playbooks/tasks/game/satisfactory.yml
Normal file
17
playbooks/tasks/game/satisfactory.yml
Normal file
@ -0,0 +1,17 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy satisfactory
|
||||
docker_container:
|
||||
name: satisfactory
|
||||
state: absent
|
||||
image: wolveix/satisfactory-server:latest
|
||||
restart_policy: unless-stopped
|
||||
pull: yes
|
||||
env:
|
||||
MAXPLAYERS: "8"
|
||||
ports:
|
||||
- '7777:7777/udp'
|
||||
- '15000:15000/udp'
|
||||
- '15777:15777/udp'
|
||||
volumes:
|
||||
- /data/satisfactory/config:/config
|
||||
tags: [ docker, satisfactory ]
|
18
playbooks/tasks/game/scpsl.yml
Normal file
18
playbooks/tasks/game/scpsl.yml
Normal file
@ -0,0 +1,18 @@
|
||||
# vim:ft=ansible:
|
||||
# https://github.com/mkrupczak3/SCP-SECRET-LAB-DOCKER
|
||||
# Kinda forked it and changed a few settings tho
|
||||
- name: docker deploy scpsl
|
||||
docker_container:
|
||||
name: scpsl
|
||||
state: started
|
||||
image: rehashedsalt/scpsl:latest
|
||||
restart_policy: unless-stopped
|
||||
pull: yes
|
||||
ports:
|
||||
- "7777-7784:7777-7784/udp"
|
||||
- "7777-7784:7777-7784"
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /data/scpsl/steamcmd:/home/steam/steamcmd
|
||||
- /data/scpsl/scp_server:/home/steam/scp_server
|
||||
tags: [ docker, scpsl ]
|
15
playbooks/tasks/game/starbound.yml
Normal file
15
playbooks/tasks/game/starbound.yml
Normal file
@ -0,0 +1,15 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy starbound
|
||||
docker_container:
|
||||
name: starbound
|
||||
state: absent
|
||||
image: didstopia/starbound-server
|
||||
restart_policy: unless-stopped
|
||||
pull: yes
|
||||
env:
|
||||
SKIP_STEAMCMD: "true"
|
||||
ports:
|
||||
- "21025:21025"
|
||||
volumes:
|
||||
- /data/starbound/main:/steamcmd/starbound
|
||||
tags: [ docker, starbound ]
|
29
playbooks/tasks/web/gitlab.yml
Normal file
29
playbooks/tasks/web/gitlab.yml
Normal file
@ -0,0 +1,29 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy gitlab
|
||||
docker_container:
|
||||
name: gitlab
|
||||
image: gitlab/gitlab-ce:latest
|
||||
log_driver: journald
|
||||
env:
|
||||
GITLAB_OMNIBUS_CONFIG: |
|
||||
external_url 'https://gitlab.desu.ltd'
|
||||
gitlab_rails['gitlab_shell_ssh_port'] = 2224
|
||||
gitlab_rails['db_adapter'] = 'postgresql'
|
||||
gitlab_rails['db_database'] = 'gitlab-desultd'
|
||||
gitlab_rails['db_encoding'] = 'unicode'
|
||||
gitlab_rails['db_host'] = '10.0.0.2'
|
||||
gitlab_rails['db_password'] = '{{ secret_gitlab_db_pass }}'
|
||||
gitlab_rails['db_username'] = 'gitlab-desultd'
|
||||
nginx['listen_port'] = 80
|
||||
nginx['listen_https'] = false
|
||||
postgresql['enable'] = false
|
||||
ports:
|
||||
- 2224:22/tcp
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "gitlab" ]
|
||||
volumes:
|
||||
- /data/gitlab/config:/etc/gitlab
|
||||
- /data/gitlab/logs:/var/log/gitlab
|
||||
- /data/gitlab/data:/var/opt/gitlab
|
||||
tags: [ docker, gitlab ]
|
34
playbooks/tasks/web/jellyfin.yml
Normal file
34
playbooks/tasks/web/jellyfin.yml
Normal file
@ -0,0 +1,34 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy jellyfin
|
||||
docker_compose:
|
||||
project_name: jellyfin
|
||||
definition:
|
||||
version: "2.1"
|
||||
services:
|
||||
jellyfin:
|
||||
image: jellyfin/jellyfin:unstable
|
||||
container_name: jellyfin
|
||||
restart: unless-stopped
|
||||
deploy:
|
||||
resources:
|
||||
reservations:
|
||||
devices:
|
||||
- capabilities: [ gpu ]
|
||||
environment:
|
||||
NVIDIA_DRIVER_CAPABILITIES: all
|
||||
NVIDIA_VISIBLE_DEVICES: all
|
||||
networks:
|
||||
web:
|
||||
aliases:
|
||||
- jellyfin
|
||||
ports:
|
||||
- 8096:8096
|
||||
volumes:
|
||||
- /data/jellyfin/config:/config
|
||||
- /data/jellyfin/cache:/cache
|
||||
- /data/shared/media:/media
|
||||
networks:
|
||||
web:
|
||||
external: yes
|
||||
name: web
|
||||
tags: [ docker, jellyfin ]
|
23
playbooks/tasks/web/peertube.yml
Normal file
23
playbooks/tasks/web/peertube.yml
Normal file
@ -0,0 +1,23 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy peertube
|
||||
docker_container:
|
||||
name: peertube
|
||||
image: chocobozzz/peertube:production-buster
|
||||
env:
|
||||
POSTGRES_DB: peertube_cowfee
|
||||
PEERTUBE_DB: peertube_cowfee
|
||||
PEERTUBE_DB_USERNAME: peertube-cowfee
|
||||
PEERTUBE_DB_PASSWORD: "{{ secret_peertube_db_pass }}"
|
||||
PEERTUBE_DB_HOSTNAME: 192.168.164.156
|
||||
PEERTUBE_ADMIN_EMAIL: rehashedsalt@cock.li
|
||||
PEERTUBE_WEBSERVER_HOSTNAME: tube.cowfee.moe
|
||||
PEERTUBE_TRUST_PROXY: '["127.0.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]'
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "peertube" ]
|
||||
ports:
|
||||
- "1935:1935"
|
||||
volumes:
|
||||
- /data/peertube/data:/data
|
||||
- /data/peertube/config:/config
|
||||
tags: [ docker, peertube ]
|
@ -2,14 +2,10 @@
|
||||
- name: docker deploy pleroma
|
||||
docker_container:
|
||||
name: pleroma
|
||||
# Note: this container is defunct
|
||||
# Switch to this: https://github.com/angristan/docker-pleroma
|
||||
image: jordemort/pleroma
|
||||
state: absent
|
||||
env:
|
||||
TZ: "America/Chicago"
|
||||
# This value is wrong because we're on Hetzner now, which is on a 10.0.0.0/8
|
||||
# In fact, most of these envvars are wrong
|
||||
POSTGRES_HOST: 192.168.164.156
|
||||
POSTGRES_DB: pleroma_cowfee
|
||||
POSTGRES_USER: pleroma-cowfee
|
||||
|
20
playbooks/tasks/web/sb-mirror.yml
Normal file
20
playbooks/tasks/web/sb-mirror.yml
Normal file
@ -0,0 +1,20 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy sb-mirror
|
||||
docker_container:
|
||||
name: sb-mirror
|
||||
image: mchangrh/sb-mirror
|
||||
state: absent
|
||||
# Enable me if you want the mirror public
|
||||
# https://github.com/mchangrh/sb-mirror
|
||||
# Should be port 873
|
||||
# networks:
|
||||
# - name: web
|
||||
# aliases: [ "sb-mirror" ]
|
||||
volumes:
|
||||
- /data/sb-mirror/mirror:/mirror
|
||||
- /data/sb-export/export:/export
|
||||
env:
|
||||
CSVLINT: "TRUE"
|
||||
MIRROR: "TRUE"
|
||||
VALIDATE: "TRUE"
|
||||
tags: [ docker, sb-mirror ]
|
@ -19,6 +19,7 @@ desktop_apt_keys_keyserver:
|
||||
desktop_apt_keys_keyserver_extra: []
|
||||
|
||||
desktop_apt_keys_url:
|
||||
- "https://syncthing.net/release-key.txt" # Syncthing
|
||||
- "https://packages.riot.im/debian/riot-im-archive-keyring.gpg" # Element
|
||||
- "https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg " # Spotify
|
||||
- "https://packages.cloud.google.com/apt/doc/apt-key.gpg" # kubectl https://kubernetes.io/docs/tasks/tools/install-kubectl/
|
||||
@ -28,6 +29,7 @@ desktop_apt_keys_url_extra: []
|
||||
|
||||
desktop_apt_repos:
|
||||
- "deb http://repository.spotify.com stable non-free" # Spotify
|
||||
- "deb https://apt.syncthing.net/ syncthing stable" # Syncthing
|
||||
- "deb https://packages.riot.im/debian/ default main" # Element
|
||||
- "deb https://apt.kubernetes.io/ kubernetes-xenial main" # Kubernetes
|
||||
- "deb https://baltocdn.com/helm/stable/debian/ all main" # Helm
|
||||
@ -122,6 +124,7 @@ desktop_apt_packages:
|
||||
- retroarch # Emulators are legitimate competition
|
||||
- spotify-client # Moosucc
|
||||
- steam-installer # Steam is an important part of one's life
|
||||
- syncthing-gtk # Also pulls in syncthing and is very neato burrito
|
||||
- torbrowser-launcher # Useful utility
|
||||
- virt-manager # Important to manage VMs
|
||||
- vulkan-tools # Pulls in Vulkan support for things like DXVK
|
||||
|
Loading…
Reference in New Issue
Block a user