From 6b7c894709e11e41f5dfaf1d79cc2dbc8c21d8ee Mon Sep 17 00:00:00 2001
From: Vladislav Ponomarev <farazeus@gmail.com>
Date: Tue, 24 Sep 2024 00:57:42 +0700
Subject: [PATCH] Update some information xd

---
 README.md                                     | 17 +++++++++--
 roles/ocis/defaults/main.yml                  |  2 +-
 roles/ocis/tasks/main.yml                     | 29 +++++++++++++------
 .../defaults/main.yml                         |  2 +-
 .../tasks/main.yml                            |  1 +
 5 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 0cd987b..0e6bbd2 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,9 @@ ansible-galaxy install -r requirements.yml
 #### TL;DR
 
 ```sh
-ansible-playbook -i inventories/my-provision/inventory provisioning.yml
+make deploy-prod
+# or
+make deploy-tag ocis # or other tag
 ```
 
 Maybe first you'll need to ssh and exec:
@@ -128,6 +130,8 @@ need to deploy my services once again.
 
 ### High priority
 
+* [ ] Sync time with ntp automatically, with notification if it's not synced. I
+  need it for some of my time-sensitive services.
 * [x] Some strange things with Traefik config. If problem with
   "my-headers@file" -> return "my-headers@file"
 * [ ] Log rotation for docker containers - or default settings after install
@@ -142,7 +146,9 @@ need to deploy my services once again.
 * [ ] ~~Uptime Kuma~~
 * [x] Blocky DNS
 * [ ] ~~Add systemd services - do I need them or I'm fine~~
-* [ ] Migrate to dashboard which is easy maintainable: flame (with labels) / https://gethomepage.dev/latest/
+* [ ] Migrate to dashboard which is easy maintainable: https://gethomepage.dev/latest/
+  * [ ] Should have docker labels services configuration and use authelia or
+    other auth cookies/etc. - documented
 * [ ] Add Authentik / Remove baseauth
 * [ ] ~~Add Cloudflare companion tiredofit/traefik-cloudflare-companion:latest docker~~
 * [ ] ~~Add Vikunja <https://vikunja.io/docs/full-docker-example/>~~
@@ -200,7 +206,8 @@ need to deploy my services once again.
 * [ ] Add Git (gitea/gitlab/else)
   * [ ] Add ci/cd runner for selfhosted git
 * [x] Add ~~bitwarden~~ Vaultwarden
-* [ ] Check security <https://github.com/docker/docker-bench-security> <https://github.com/quay/clair>
+* [ ] Check security <https://github.com/docker/docker-bench-security>
+  <https://github.com/quay/clair>
 * [ ] Make connection to docker through proxy fluencelabs/docker-socket-proxy
 * [x] Migrate from dante to something docker based
   * [x] <https://hub.docker.com/r/serjs/go-socks5-proxy/>
@@ -209,6 +216,10 @@ need to deploy my services once again.
   * [x] <https://github.com/dmirubtsov/ss-xray-docker>
   * [x] <https://habr.com/ru/post/358126/>
 * [ ] <https://hub.docker.com/r/linuxserver/librespeed>
+* [ ] <https://github.com/alexjustesen/speedtest-tracker> - check if compatible
+  with other providers + with homepage.dev + with traefik + with authelia
+* [ ] Rename `my-headers` to `secure-headers` in traefik config and all
+  containers
 
 ## Older implementation
 
diff --git a/roles/ocis/defaults/main.yml b/roles/ocis/defaults/main.yml
index 042dccc..4495fc4 100644
--- a/roles/ocis/defaults/main.yml
+++ b/roles/ocis/defaults/main.yml
@@ -6,6 +6,6 @@ ocis_available_externally: "true"
 ocis_data_directory: "{{ docker_home }}/ocis"
 
 ocis_container: "owncloud/ocis"
-ocis_version: "5.0.2"
+ocis_version: "5.0.6"
 
 ocis_subdomain: "ocis"
diff --git a/roles/ocis/tasks/main.yml b/roles/ocis/tasks/main.yml
index 7f6ee8c..64845b7 100644
--- a/roles/ocis/tasks/main.yml
+++ b/roles/ocis/tasks/main.yml
@@ -4,38 +4,49 @@
     path: "{{ ocis_data_directory }}"
     state: absent
 
-- name: Create OCIS directories
+- name: Create OCIS files directory
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: "{{ admin_uid }}"
     group: "{{ admin_gid }}"
+    # mode: u=rwX,g=rwX,o=rwX
+    # recurse: yes
   with_items:
-    - "{{ ocis_data_directory }}/userfiles"
     - "{{ ocis_data_directory }}/config"
+    - "{{ ocis_data_directory }}/userfiles"
+    # - "{{ ocis_data_directory }}/metadata"
 
 - name: OCIS Docker Container
   community.docker.docker_container:
     name: ocis
     image: "{{ ocis_container }}:{{ ocis_version }}"
+    # user: "{{ admin_uid }}:{{ admin_gid }}"
     pull: true
     recreate: yes
     volumes:
       - "{{ ocis_data_directory }}/config:/etc/ocis"
       - "{{ ocis_data_directory }}/userfiles:/var/lib/ocis"
+      # - "{{ ocis_data_directory }}/metadata:/home/kf/tmp/posix-storage"
     entrypoint:
       - /bin/sh
     command: ["-c", "ocis init || true; ocis server"]
     env:
-      TZ: "{{ server_timezone }}"
-      OCIS_URL: "https://{{ ocis_subdomain }}.{{ server_hostname }}"
-      OCIS_LOG_LEVEL: "info"
-      OCIS_LOG_COLOR: "false"
-      PROXY_TLS: "false"
-      OCIS_INSECURE: "false"
-      PROXY_ENABLE_BASIC_AUTH: "false"
       IDM_ADMIN_PASSWORD: "{{ admin_userpassword }}"
       IDM_CREATE_DEMO_USERS: "false"
+      OCIS_INSECURE: "false"
+      OCIS_LOG_COLOR: "false"
+      OCIS_LOG_LEVEL: "error"
+      OCIS_URL: "https://{{ ocis_subdomain }}.{{ server_hostname }}"
+      PROXY_ENABLE_BASIC_AUTH: "false"
+      PROXY_TLS: "false"
+      TZ: "{{ server_timezone }}"
+      STORAGE_USERS_DRIVER: "posix"
+      STORAGE_USERS_POSIX_USE_SPACE_GROUPS: "true"
+      STORAGE_USERS_POSIX_WATCH_TYPE: "inotifywait"
+      STORAGE_USERS_ID_CACHE_STORE: "nats-js-kv"
+      STORAGE_USERS_ID_CACHE_STORE_NODES: "localhost:9233"
+      STORAGE_USERS_POSIX_ROOT: "/home/kf/tmp/posix-storage"
     restart_policy: unless-stopped
     labels:
       traefik.enable: "{{ ocis_available_externally }}"
diff --git a/roles/server_general_preparations/defaults/main.yml b/roles/server_general_preparations/defaults/main.yml
index 58ce358..c103087 100644
--- a/roles/server_general_preparations/defaults/main.yml
+++ b/roles/server_general_preparations/defaults/main.yml
@@ -50,6 +50,6 @@ sysctl_values:
   - { key: net.ipv4.tcp_fastopen, value: 3 }
   - { key: net.ipv4.tcp_tw_reuse, value: 1 }
   - { key: net.ipv4.tcp_tw_recycle, value: 0 }
-  # from 2ch.hk ss-rust further optimizations (tcp-bbr)
+  # from ss-rust further optimizations (tcp-bbr)
   - { key: net.core.default_qdisc, value: fq }
   - { key: net.ipv4.tcp_congestion_control, value: bbr }
diff --git a/roles/server_general_preparations/tasks/main.yml b/roles/server_general_preparations/tasks/main.yml
index a7092c4..d55bb44 100644
--- a/roles/server_general_preparations/tasks/main.yml
+++ b/roles/server_general_preparations/tasks/main.yml
@@ -7,6 +7,7 @@
   community.general.timezone:
     name: "{{ server_timezone }}"
 
+# TODO: why commented? fix
 # - name: Ensure the locale en_US.UTF-8 exists
 #   locale_gen:
 #     name: en_US.UTF-8