From fd04758d18f72c0e0e91ad1c93128d2136410929 Mon Sep 17 00:00:00 2001 From: Vladislav Ponomarev Date: Sat, 20 Apr 2024 19:43:28 +0700 Subject: [PATCH 1/4] not working savepoint start --- roles/nextcloud/defaults/main.yml | 7 ++++- roles/nextcloud/tasks/main.yml | 27 +++++++++++++--- roles/nextcloud_config/defaults/main.yml | 40 ++++++++++++------------ roles/nextcloud_config/tasks/main.yml | 2 +- 4 files changed, 50 insertions(+), 26 deletions(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 287b545..2ee6162 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -4,10 +4,15 @@ nextcloud_available_externally: "true" # directories nextcloud_data_directory: "{{ docker_home }}/nextcloud" +nextcloud_files_directory: "{{ files_home }}/" + +nextcloud_container: "nextcloud" +nextcloud_version: "28.0.4" nextcloud_subdomain: "nextcloud" -# username / passwords nextcloud_sql_user: "nextcloud-user" nextcloud_sql_password: "nextcloud-pass" nextcloud_redis_password: "nextcloud-redis" +# nextcloud_uid: "{{ admin_uid }}" +# nextcloud_gid: "{{ admin_gid }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 800eb09..ccc0598 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -1,18 +1,34 @@ --- +- name: Delete Nextcloud directories + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ nextcloud_data_directory }}/postgres" + - "{{ nextcloud_data_directory }}/redis" + - name: Create Nextcloud directories file: path: "{{ item }}" state: directory with_items: - - "{{ nextcloud_data_directory }}/nextcloud" - "{{ nextcloud_data_directory }}/postgres" - "{{ nextcloud_data_directory }}/redis" +- name: Create Nextcloud files directory + file: + path: "{{ item }}" + state: directory + mode: 0770 + with_items: + - "{{ nextcloud_files_directory }}" + - name: Nextcloud Redis Docker Container docker_container: name: nextcloud-redis image: redis:7-alpine pull: true + recreate: yes restart_policy: unless-stopped volumes: - "{{ nextcloud_data_directory }}/redis:/var/lib/redis" @@ -20,7 +36,8 @@ - name: Nextcloud Postgres Docker Container docker_container: name: nextcloud-postgres - image: postgres:14-alpine + image: postgres:15-alpine + recreate: yes pull: true volumes: - "{{ nextcloud_data_directory }}/postgres:/var/lib/postgresql/data" @@ -33,13 +50,14 @@ - name: Nextcloud Docker Container docker_container: name: nextcloud - image: nextcloud:25 + image: "{{ nextcloud_container }}:{{ nextcloud_version }}" pull: true + recreate: yes volumes: - ./nextcloud:/var/www/html - ./nextcloud-apps:/var/www/html/custom_apps - ./nextcloud-config:/var/www/html/config - - "{{ nextcloud_data_directory }}/nextcloud:/var/www/html/data" + - "{{ nextcloud_files_directory }}/:/var/www/html/data" links: - nextcloud-postgres:postgres - nextcloud-redis:redis @@ -63,3 +81,4 @@ traefik.http.routers.nextcloud.middlewares: "my-headers@file,nextcloud_redirect" traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/ + traefik.http.services.nextcloud.loadbalancer.passhostheader: "true" diff --git a/roles/nextcloud_config/defaults/main.yml b/roles/nextcloud_config/defaults/main.yml index 1b08bac..b33b157 100644 --- a/roles/nextcloud_config/defaults/main.yml +++ b/roles/nextcloud_config/defaults/main.yml @@ -9,37 +9,37 @@ nextcloud_system_config: - "enabledPreviewProviders 0 --value='OC\\Preview\\PNG'" - "enabledPreviewProviders 1 --value='OC\\Preview\\JPEG'" - "enabledPreviewProviders 2 --value='OC\\Preview\\GIF'" - - "enabledPreviewProviders 3 --value='OC\\Preview\\BMP'" - - "enabledPreviewProviders 4 --value='OC\\Preview\\XBitmap'" - - "enabledPreviewProviders 5 --value='OC\\Preview\\MarkDown'" - - "enabledPreviewProviders 6 --value='OC\\Preview\\MP3'" - - "enabledPreviewProviders 7 --value='OC\\Preview\\TXT'" - - "enabledPreviewProviders 8 --value='OC\\Preview\\Illustrator'" - - "enabledPreviewProviders 9 --value='OC\\Preview\\Movie'" - - "enabledPreviewProviders 10 --value='OC\\Preview\\MSOffice2003'" - - "enabledPreviewProviders 11 --value='OC\\Preview\\MSOffice2007'" - - "enabledPreviewProviders 12 --value='OC\\Preview\\MSOfficeDoc'" - - "enabledPreviewProviders 13 --value='OC\\Preview\\OpenDocument'" + # - "enabledPreviewProviders 3 --value='OC\\Preview\\BMP'" + # - "enabledPreviewProviders 4 --value='OC\\Preview\\XBitmap'" + # - "enabledPreviewProviders 5 --value='OC\\Preview\\MarkDown'" + # - "enabledPreviewProviders 6 --value='OC\\Preview\\MP3'" + # - "enabledPreviewProviders 7 --value='OC\\Preview\\TXT'" + # - "enabledPreviewProviders 8 --value='OC\\Preview\\Illustrator'" + # - "enabledPreviewProviders 9 --value='OC\\Preview\\Movie'" + # - "enabledPreviewProviders 10 --value='OC\\Preview\\MSOffice2003'" + # - "enabledPreviewProviders 11 --value='OC\\Preview\\MSOffice2007'" + # - "enabledPreviewProviders 12 --value='OC\\Preview\\MSOfficeDoc'" + # - "enabledPreviewProviders 13 --value='OC\\Preview\\OpenDocument'" # - "enabledPreviewProviders 14 --value='OC\\Preview\\PDF'" - - "enabledPreviewProviders 15 --value='OC\\Preview\\Photoshop'" - - "enabledPreviewProviders 16 --value='OC\\Preview\\Postscript'" - - "enabledPreviewProviders 17 --value='OC\\Preview\\StarOffice'" - - "enabledPreviewProviders 18 --value='OC\\Preview\\SVG'" - - "enabledPreviewProviders 19 --value='OC\\Preview\\TIFF'" - - "enabledPreviewProviders 20 --value='OC\\Preview\\Font'" + # - "enabledPreviewProviders 15 --value='OC\\Preview\\Photoshop'" + # - "enabledPreviewProviders 16 --value='OC\\Preview\\Postscript'" + # - "enabledPreviewProviders 17 --value='OC\\Preview\\StarOffice'" + # - "enabledPreviewProviders 18 --value='OC\\Preview\\SVG'" + # - "enabledPreviewProviders 19 --value='OC\\Preview\\TIFF'" + # - "enabledPreviewProviders 20 --value='OC\\Preview\\Font'" - "preview_max_x --value='1024' --type=integer" - "preview_max_y --value='768' --type=integer" - "preview_max_scale_facto --value='1' --type=integer" - - "auth.bruteforce.protection.enabled --value=true --type=boolean" + - "auth.bruteforce.protection.enabled --value=false --type=boolean" - "trashbin_retention_obligation --value='auto,7'" - "skeletondirectory --value=''" - "defaultapp --value='file'" - - "activity_expire_days --value='14' --type=integer" + - "activity_expire_days --value='14' --type=integer" - "integrity.check.disabled --value=false --type=boolean" - "updater.release.channel --value=stable" - "loglevel --value=2 --type=integer" - "maintenance --value=false --type=boolean" - # - "theme --value=''" + # - "theme --value='dark'" nextcloud_app_config: - name: survey_client diff --git a/roles/nextcloud_config/tasks/main.yml b/roles/nextcloud_config/tasks/main.yml index c6fce68..4f6e613 100644 --- a/roles/nextcloud_config/tasks/main.yml +++ b/roles/nextcloud_config/tasks/main.yml @@ -44,7 +44,7 @@ - name: nextcloud cronjob cron: name: nextcloud cronjob - minute: "*/5" + minute: "*/45" user: root job: "docker exec --user www-data nextcloud php -f cron.php > /dev/null 2>&1" From fc41f361c390899dbc545fab84d2aa0290384eaa Mon Sep 17 00:00:00 2001 From: Vladislav Ponomarev Date: Sat, 20 Apr 2024 21:34:46 +0700 Subject: [PATCH 2/4] remove nextcloud --- README.md | 1 - Vagrantfile | 1 - group_vars/all.yml | 3 - inventories/sample/group_vars/sample.yml | 3 - provisioning.yml | 11 --- roles/cheatsheet/tasks/main.yml | 9 +- roles/doku/tasks/main.yml | 6 +- roles/dozzle/tasks/main.yml | 2 +- roles/filebrowser/tasks/main.yml | 2 +- roles/filerun/tasks/main.yml | 6 +- roles/glances/tasks/main.yml | 2 +- roles/hemmelig/tasks/main.yml | 2 +- roles/homer/tasks/main.yml | 2 +- roles/homer/templates/config.yml.j2 | 6 -- roles/mayurifag_github_io/tasks/main.yml | 2 +- roles/navidrome/tasks/main.yml | 2 +- roles/netdata/tasks/main.yml | 2 +- roles/nextcloud/defaults/main.yml | 18 ---- roles/nextcloud/tasks/main.yml | 84 ------------------- roles/nextcloud_config/defaults/main.yml | 58 ------------- roles/nextcloud_config/tasks/main.yml | 52 ------------ roles/ocis/tasks/main.yml | 2 +- roles/portainer/tasks/main.yml | 2 +- roles/traefik/tasks/main.yml | 8 ++ ...ure_headers.toml.j2 => my-headers.toml.j2} | 18 ++-- roles/wallabag/tasks/main.yml | 2 +- roles/whattocommit/tasks/main.yml | 2 +- roles/wireguard/tasks/main.yml | 2 +- 28 files changed, 37 insertions(+), 273 deletions(-) delete mode 100644 roles/nextcloud/defaults/main.yml delete mode 100644 roles/nextcloud/tasks/main.yml delete mode 100644 roles/nextcloud_config/defaults/main.yml delete mode 100644 roles/nextcloud_config/tasks/main.yml rename roles/traefik/templates/dynamic_configs/{secure_headers.toml.j2 => my-headers.toml.j2} (59%) diff --git a/README.md b/README.md index a586194..56ee974 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,6 @@ Host mayurifag-prod | mayurifag.github.io | | 8005 | | Navidrome | | 80 | | Netdata | | 19999 | -| Nextcloud | | 80 | | Owncloud Infinite Scale | | 9200 | | Portainer | | 9000 | | Shadowsocks-rust | (uses TLS) | 1080 | diff --git a/Vagrantfile b/Vagrantfile index 968eff2..0fac508 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -36,7 +36,6 @@ Vagrant.configure(2) do |config| homer.mayurifag.local mus.mayurifag.local netdata.mayurifag.local - nextcloud.mayurifag.local ocis.mayurifag.local portainer.mayurifag.local traefik.mayurifag.local diff --git a/group_vars/all.yml b/group_vars/all.yml index 77fc638..2220226 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -82,9 +82,6 @@ doku_subdomain: "doku" whattocommit_enabled: true whattocommit_subdomain: "commit" -nextcloud_enabled: true -nextcloud_subdomain: "nextcloud" - ocis_enabled: true ocis_subdomain: "ocis" diff --git a/inventories/sample/group_vars/sample.yml b/inventories/sample/group_vars/sample.yml index e965e76..86f5541 100644 --- a/inventories/sample/group_vars/sample.yml +++ b/inventories/sample/group_vars/sample.yml @@ -78,9 +78,6 @@ doku_subdomain: "doku" whattocommit_enabled: true whattocommit_subdomain: "commit" -nextcloud_enabled: true -nextcloud_subdomain: "nextcloud" - ocis_enabled: true ocis_subdomain: "ocis" diff --git a/provisioning.yml b/provisioning.yml index fda5c22..3fbeca9 100644 --- a/provisioning.yml +++ b/provisioning.yml @@ -83,11 +83,6 @@ - blocky when: (blocky_enabled | default(False)) - - role: nextcloud - tags: - - nextcloud - when: (nextcloud_enabled | default(False)) - - role: ocis tags: - ocis @@ -153,12 +148,6 @@ - navidrome when: (navidrome_enabled | default(False)) - # Nextcloud is unable to configure right after install and I dont want to wait untill il will be ok. So moved this section here. - - role: nextcloud_config - tags: - - nextcloud - when: (nextcloud_enabled | default(False)) - - role: geerlingguy.security - role: cheatsheet diff --git a/roles/cheatsheet/tasks/main.yml b/roles/cheatsheet/tasks/main.yml index 314ad5e..db8c12e 100644 --- a/roles/cheatsheet/tasks/main.yml +++ b/roles/cheatsheet/tasks/main.yml @@ -17,13 +17,6 @@ Dont forget to change SSH configuration (user, etc.) $ ssh mayurifag-prod - ### Nextcloud - - - Remove all files - - Settings: Language/Locale; Accessibility -> Dark Theme - - Disable apps: Collaborative tags, Usage survey, First run wizard, Monitoring - - Enable apps: News, Notes, Keeweb, Calendar, Contacts, Tasks - ### Wallabag Change default user's password from `wallabag:wallabag` into anything else. @@ -38,7 +31,7 @@ Set dark theme Enable API - ### Files Nextcloud/Filerun + ### Files Filerun You have to sync files now via app. Setup iOS/Android/Mac/Win(?) Sync bookmarks via floccus diff --git a/roles/doku/tasks/main.yml b/roles/doku/tasks/main.yml index 2607163..43226f6 100644 --- a/roles/doku/tasks/main.yml +++ b/roles/doku/tasks/main.yml @@ -5,11 +5,11 @@ image: amerkurev/doku pull: true volumes: - - '/var/run/docker.sock:/var/run/docker.sock:ro' - - '/:/hostroot:ro' + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "/:/hostroot:ro" restart_policy: unless-stopped labels: traefik.enable: "{{ doku_available_externally }}" traefik.http.routers.doku.rule: "Host(`{{ doku_subdomain }}.{{ server_hostname }}`)" traefik.http.services.doku.loadbalancer.server.port: "9090" - traefik.http.routers.doku.middlewares: "auth@file,my-headers@file" + traefik.http.routers.doku.middlewares: "auth,my-headers" diff --git a/roles/dozzle/tasks/main.yml b/roles/dozzle/tasks/main.yml index f2ed1a5..6a193c5 100644 --- a/roles/dozzle/tasks/main.yml +++ b/roles/dozzle/tasks/main.yml @@ -16,4 +16,4 @@ traefik.enable: "{{ dozzle_available_externally }}" traefik.http.routers.dozzle.rule: "Host(`{{ dozzle_subdomain }}.{{ server_hostname }}`)" traefik.http.services.dozzle.loadbalancer.server.port: "8080" - traefik.http.routers.dozzle.middlewares: "my-headers@file" + traefik.http.routers.dozzle.middlewares: "my-headers" diff --git a/roles/filebrowser/tasks/main.yml b/roles/filebrowser/tasks/main.yml index 725c727..e7d21b7 100644 --- a/roles/filebrowser/tasks/main.yml +++ b/roles/filebrowser/tasks/main.yml @@ -58,4 +58,4 @@ traefik.enable: "{{ filebrowser_available_externally }}" traefik.http.routers.filebrowser.rule: "Host(`{{ filebrowser_subdomain }}.{{ server_hostname }}`)" traefik.http.services.filebrowser.loadbalancer.server.port: "80" - traefik.http.routers.filebrowser.middlewares: "my-headers@file" + traefik.http.routers.filebrowser.middlewares: "my-headers" diff --git a/roles/filerun/tasks/main.yml b/roles/filerun/tasks/main.yml index 10d041a..b1e8c12 100644 --- a/roles/filerun/tasks/main.yml +++ b/roles/filerun/tasks/main.yml @@ -56,8 +56,8 @@ FR_DB_PASS: "{{ filerun_sql_password }}" APACHE_RUN_USER: www-data APACHE_RUN_GROUP: www-data - APACHE_RUN_USER_ID: '33' - APACHE_RUN_GROUP_ID: '33' + APACHE_RUN_USER_ID: "33" + APACHE_RUN_GROUP_ID: "33" restart_policy: unless-stopped labels: traefik.enable: "{{ filerun_available_externally }}" @@ -65,5 +65,5 @@ traefik.http.routers.filerun.rule: "Host(`{{ filerun_subdomain }}.{{ server_hostname }}`)" traefik.frontend.rule: "Host:{{ filerun_subdomain }}.{{ server_hostname }}" traefik.http.services.filerun.loadbalancer.server.port: "80" - traefik.http.routers.filerun.middlewares: "my-headers@file,frameOptionsSameOrigin" + traefik.http.routers.filerun.middlewares: "my-headers,frameOptionsSameOrigin" traefik.http.middlewares.frameOptionsSameOrigin.headers.customFrameOptionsValue: "sameorigin" diff --git a/roles/glances/tasks/main.yml b/roles/glances/tasks/main.yml index 72b3ee9..eb14ce2 100644 --- a/roles/glances/tasks/main.yml +++ b/roles/glances/tasks/main.yml @@ -16,4 +16,4 @@ traefik.enable: "{{ glances_available_externally }}" traefik.http.routers.glances.rule: "Host(`{{ glances_subdomain }}.{{ server_hostname }}`)" traefik.http.services.glances.loadbalancer.server.port: "61208" - traefik.http.routers.glances.middlewares: "auth@file,my-headers@file" + traefik.http.routers.glances.middlewares: "auth,my-headers" diff --git a/roles/hemmelig/tasks/main.yml b/roles/hemmelig/tasks/main.yml index 79d4a9f..10ffb67 100644 --- a/roles/hemmelig/tasks/main.yml +++ b/roles/hemmelig/tasks/main.yml @@ -28,4 +28,4 @@ traefik.enable: "{{ hemmelig_available_externally }}" traefik.http.routers.hemmelig.rule: "Host(`{{ hemmelig_subdomain }}.{{ server_hostname }}`)" traefik.http.services.hemmelig.loadbalancer.server.port: "3000" - traefik.http.routers.hemmelig.middlewares: "my-headers@file" + traefik.http.routers.hemmelig.middlewares: "my-headers" diff --git a/roles/homer/tasks/main.yml b/roles/homer/tasks/main.yml index acb49af..d0646cc 100644 --- a/roles/homer/tasks/main.yml +++ b/roles/homer/tasks/main.yml @@ -24,4 +24,4 @@ traefik.enable: "true" traefik.http.routers.homer.rule: "Host(`{{ homer_subdomain }}.{{ server_hostname }}`)" traefik.http.services.homer.loadbalancer.server.port: "8080" - traefik.http.routers.homer.middlewares: "auth@file,my-headers@file" + traefik.http.routers.homer.middlewares: "auth,my-headers" diff --git a/roles/homer/templates/config.yml.j2 b/roles/homer/templates/config.yml.j2 index 73b0bde..14eea40 100644 --- a/roles/homer/templates/config.yml.j2 +++ b/roles/homer/templates/config.yml.j2 @@ -55,12 +55,6 @@ services: - name: "Services" icon: "fas fa-laptop-code" items: -{% if nextcloud_enabled == true %} - - name: "Nextcloud" - icon: "fas fa-cloud" - subtitle: "Auth need to configure" - url: "http://{{ nextcloud_subdomain }}.{{ server_hostname }}" -{% endif %} {% if filerun_enabled == true %} - name: "Filerun" icon: "fas fa-cloud" diff --git a/roles/mayurifag_github_io/tasks/main.yml b/roles/mayurifag_github_io/tasks/main.yml index 5b90b51..0767c6c 100644 --- a/roles/mayurifag_github_io/tasks/main.yml +++ b/roles/mayurifag_github_io/tasks/main.yml @@ -10,4 +10,4 @@ traefik.enable: "{{ mayurifag_github_io_available_externally }}" traefik.http.routers.mayurifag_github_io.rule: "Host(`{{ server_hostname }}`)" traefik.http.services.mayurifag_github_io.loadbalancer.server.port: "8005" - traefik.http.routers.mayurifag_github_io.middlewares: "my-headers@file" + traefik.http.routers.mayurifag_github_io.middlewares: "my-headers" diff --git a/roles/navidrome/tasks/main.yml b/roles/navidrome/tasks/main.yml index 21ad4a5..c508267 100644 --- a/roles/navidrome/tasks/main.yml +++ b/roles/navidrome/tasks/main.yml @@ -35,4 +35,4 @@ traefik.enable: "{{ navidrome_available_externally }}" traefik.http.routers.navidrome.rule: "Host(`{{ navidrome_subdomain }}.{{ server_hostname }}`)" traefik.http.services.navidrome.loadbalancer.server.port: "4533" - traefik.http.routers.navidrome.middlewares: "my-headers@file" + traefik.http.routers.navidrome.middlewares: "my-headers" diff --git a/roles/netdata/tasks/main.yml b/roles/netdata/tasks/main.yml index cdb3da2..b1536d4 100644 --- a/roles/netdata/tasks/main.yml +++ b/roles/netdata/tasks/main.yml @@ -27,4 +27,4 @@ traefik.enable: "{{ netdata_available_externally }}" traefik.http.routers.netdata.rule: "Host(`{{ netdata_subdomain }}.{{ server_hostname }}`)" traefik.http.services.netdata.loadbalancer.server.port: "19999" - traefik.http.routers.netdata.middlewares: "auth@file,my-headers@file" + traefik.http.routers.netdata.middlewares: "auth,my-headers" diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml deleted file mode 100644 index 2ee6162..0000000 --- a/roles/nextcloud/defaults/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -nextcloud_enabled: true -nextcloud_available_externally: "true" - -# directories -nextcloud_data_directory: "{{ docker_home }}/nextcloud" -nextcloud_files_directory: "{{ files_home }}/" - -nextcloud_container: "nextcloud" -nextcloud_version: "28.0.4" - -nextcloud_subdomain: "nextcloud" - -nextcloud_sql_user: "nextcloud-user" -nextcloud_sql_password: "nextcloud-pass" -nextcloud_redis_password: "nextcloud-redis" -# nextcloud_uid: "{{ admin_uid }}" -# nextcloud_gid: "{{ admin_gid }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml deleted file mode 100644 index ccc0598..0000000 --- a/roles/nextcloud/tasks/main.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -- name: Delete Nextcloud directories - file: - path: "{{ item }}" - state: absent - with_items: - - "{{ nextcloud_data_directory }}/postgres" - - "{{ nextcloud_data_directory }}/redis" - -- name: Create Nextcloud directories - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ nextcloud_data_directory }}/postgres" - - "{{ nextcloud_data_directory }}/redis" - -- name: Create Nextcloud files directory - file: - path: "{{ item }}" - state: directory - mode: 0770 - with_items: - - "{{ nextcloud_files_directory }}" - -- name: Nextcloud Redis Docker Container - docker_container: - name: nextcloud-redis - image: redis:7-alpine - pull: true - recreate: yes - restart_policy: unless-stopped - volumes: - - "{{ nextcloud_data_directory }}/redis:/var/lib/redis" - -- name: Nextcloud Postgres Docker Container - docker_container: - name: nextcloud-postgres - image: postgres:15-alpine - recreate: yes - pull: true - volumes: - - "{{ nextcloud_data_directory }}/postgres:/var/lib/postgresql/data" - env: - POSTGRES_DB: "nextcloud" - POSTGRES_USER: "{{ nextcloud_sql_user }}" - POSTGRES_PASSWORD: "{{ nextcloud_sql_password }}" - restart_policy: unless-stopped - -- name: Nextcloud Docker Container - docker_container: - name: nextcloud - image: "{{ nextcloud_container }}:{{ nextcloud_version }}" - pull: true - recreate: yes - volumes: - - ./nextcloud:/var/www/html - - ./nextcloud-apps:/var/www/html/custom_apps - - ./nextcloud-config:/var/www/html/config - - "{{ nextcloud_files_directory }}/:/var/www/html/data" - links: - - nextcloud-postgres:postgres - - nextcloud-redis:redis - env: - TZ: "{{ server_timezone }}" - REDIS_HOST: "redis" - POSTGRES_HOST: "postgres" - POSTGRES_DB: "nextcloud" - POSTGRES_USER: "{{ nextcloud_sql_user }}" - POSTGRES_PASSWORD: "{{ nextcloud_sql_password }}" - NEXTCLOUD_TRUSTED_DOMAINS: "localhost,{{ nextcloud_subdomain }}.{{ server_hostname }}" - NEXTCLOUD_ADMIN_USER: "{{ admin_username }}" - NEXTCLOUD_ADMIN_PASSWORD: "{{ admin_userpassword }}" - OVERWRITEPROTOCOL: "{{ 'https' if enable_tls else 'http' }}" - OVERWRITEHOST: "{{ nextcloud_subdomain }}.{{ server_hostname }}" - restart_policy: unless-stopped - labels: - traefik.enable: "{{ nextcloud_available_externally }}" - traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_subdomain }}.{{ server_hostname }}`)" - traefik.http.services.nextcloud.loadbalancer.server.port: "80" - traefik.http.routers.nextcloud.middlewares: "my-headers@file,nextcloud_redirect" - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/ - traefik.http.services.nextcloud.loadbalancer.passhostheader: "true" diff --git a/roles/nextcloud_config/defaults/main.yml b/roles/nextcloud_config/defaults/main.yml deleted file mode 100644 index b33b157..0000000 --- a/roles/nextcloud_config/defaults/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -docker_occ_cmd: "docker exec --user www-data nextcloud php occ" - -nextcloud_system_config: - - "memcache.local --value='\\OC\\Memcache\\Redis'" - - "memcache.locking --value='\\OC\\Memcache\\Redis'" - - "filelocking.enabled --value=true --type=boolean" - - "enable_previews --value=true --type=boolean" - - "enabledPreviewProviders 0 --value='OC\\Preview\\PNG'" - - "enabledPreviewProviders 1 --value='OC\\Preview\\JPEG'" - - "enabledPreviewProviders 2 --value='OC\\Preview\\GIF'" - # - "enabledPreviewProviders 3 --value='OC\\Preview\\BMP'" - # - "enabledPreviewProviders 4 --value='OC\\Preview\\XBitmap'" - # - "enabledPreviewProviders 5 --value='OC\\Preview\\MarkDown'" - # - "enabledPreviewProviders 6 --value='OC\\Preview\\MP3'" - # - "enabledPreviewProviders 7 --value='OC\\Preview\\TXT'" - # - "enabledPreviewProviders 8 --value='OC\\Preview\\Illustrator'" - # - "enabledPreviewProviders 9 --value='OC\\Preview\\Movie'" - # - "enabledPreviewProviders 10 --value='OC\\Preview\\MSOffice2003'" - # - "enabledPreviewProviders 11 --value='OC\\Preview\\MSOffice2007'" - # - "enabledPreviewProviders 12 --value='OC\\Preview\\MSOfficeDoc'" - # - "enabledPreviewProviders 13 --value='OC\\Preview\\OpenDocument'" - # - "enabledPreviewProviders 14 --value='OC\\Preview\\PDF'" - # - "enabledPreviewProviders 15 --value='OC\\Preview\\Photoshop'" - # - "enabledPreviewProviders 16 --value='OC\\Preview\\Postscript'" - # - "enabledPreviewProviders 17 --value='OC\\Preview\\StarOffice'" - # - "enabledPreviewProviders 18 --value='OC\\Preview\\SVG'" - # - "enabledPreviewProviders 19 --value='OC\\Preview\\TIFF'" - # - "enabledPreviewProviders 20 --value='OC\\Preview\\Font'" - - "preview_max_x --value='1024' --type=integer" - - "preview_max_y --value='768' --type=integer" - - "preview_max_scale_facto --value='1' --type=integer" - - "auth.bruteforce.protection.enabled --value=false --type=boolean" - - "trashbin_retention_obligation --value='auto,7'" - - "skeletondirectory --value=''" - - "defaultapp --value='file'" - - "activity_expire_days --value='14' --type=integer" - - "integrity.check.disabled --value=false --type=boolean" - - "updater.release.channel --value=stable" - - "loglevel --value=2 --type=integer" - - "maintenance --value=false --type=boolean" - # - "theme --value='dark'" - -nextcloud_app_config: - - name: survey_client - state: disable - - name: firstrunwizard - state: disable - - name: admin_audit - state: enable - - name: files_pdfviewer - state: enable - - name: nextcloud_announcements - state: disable - - name: notifications - state: disable - - name: updatenotification - state: disable diff --git a/roles/nextcloud_config/tasks/main.yml b/roles/nextcloud_config/tasks/main.yml deleted file mode 100644 index 4f6e613..0000000 --- a/roles/nextcloud_config/tasks/main.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: Configure nextcloud - block: - - name: set nextcloud system config.php values - shell: "{{ docker_occ_cmd }} config:system:set {{ item }}" - loop: "{{ nextcloud_system_config }}" - - - name: "{{ item.state }} {{ item.name }} app" - shell: "{{ docker_occ_cmd }} app:{{ item.state }} {{ item.name }}" - loop: "{{ nextcloud_app_config }}" - - - name: backup jobs, upgrade apps and database tuning - shell: "{{ docker_occ_cmd }} {{ item }}" - loop: - - background:cron - - upgrade - - app:update --all - - db:add-missing-indices - - db:convert-filecache-bigint - -# maybe i should add restarting container or no? -- name: create optimize batch job - copy: - dest: /usr/local/bin/nextcloud_optimize.sh - owner: root - group: root - mode: 0750 - content: | - #!/bin/bash - docker exec nextcloud-redis redis-cli FLUSHALL - docker exec --user www-data nextcloud php occ files:scan --all - docker exec --user www-data nextcloud php occ files:scan-app-data - docker exec --user www-data nextcloud php occ preview:pre-generate - exit 0 - -- name: optimize nextcloud cronjob - cron: - name: nextcloud optimize - minute: "15" - hour: "01" - user: root - job: "/usr/local/bin/nextcloud_optimize.sh > /dev/null 2>&1" - -- name: nextcloud cronjob - cron: - name: nextcloud cronjob - minute: "*/45" - user: root - job: "docker exec --user www-data nextcloud php -f cron.php > /dev/null 2>&1" - -- name: run nextcloud cronjob once - shell: "docker exec --user www-data nextcloud php -f cron.php > /dev/null 2>&1" diff --git a/roles/ocis/tasks/main.yml b/roles/ocis/tasks/main.yml index ab4a731..1237df1 100644 --- a/roles/ocis/tasks/main.yml +++ b/roles/ocis/tasks/main.yml @@ -41,4 +41,4 @@ traefik.enable: "{{ ocis_available_externally }}" traefik.http.routers.ocis.rule: "Host(`{{ ocis_subdomain }}.{{ server_hostname }}`)" traefik.http.services.ocis.loadbalancer.server.port: "9200" - traefik.http.routers.ocis.middlewares: "my-headers@file" + traefik.http.routers.ocis.middlewares: "my-headers" diff --git a/roles/portainer/tasks/main.yml b/roles/portainer/tasks/main.yml index f3ca028..06d78c3 100644 --- a/roles/portainer/tasks/main.yml +++ b/roles/portainer/tasks/main.yml @@ -27,4 +27,4 @@ traefik.enable: "{{ portainer_available_externally }}" traefik.http.routers.portainer.rule: "Host(`{{ portainer_subdomain }}.{{ server_hostname }}`)" traefik.http.services.portainer.loadbalancer.server.port: "9000" - traefik.http.routers.portainer.middlewares: "my-headers@file" + traefik.http.routers.portainer.middlewares: "my-headers" diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index 03e9e75..588f102 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: Remove Traefik Config Directory + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ traefik_data_directory }}/dynamic_configs" + # - "{{ traefik_data_directory }}/letsencrypt" + - name: Create Traefik Directories file: path: "{{ item }}" diff --git a/roles/traefik/templates/dynamic_configs/secure_headers.toml.j2 b/roles/traefik/templates/dynamic_configs/my-headers.toml.j2 similarity index 59% rename from roles/traefik/templates/dynamic_configs/secure_headers.toml.j2 rename to roles/traefik/templates/dynamic_configs/my-headers.toml.j2 index c62aca5..f733682 100644 --- a/roles/traefik/templates/dynamic_configs/secure_headers.toml.j2 +++ b/roles/traefik/templates/dynamic_configs/my-headers.toml.j2 @@ -1,12 +1,12 @@ {% if enable_tls == true %} [http.middlewares.my-headers.headers] -sslRedirect = true -stsSeconds = 31536000 -stsIncludeSubdomains = true -stsPreload = true -forceSTSHeader = true -contentTypeNosniff = true -browserXssFilter = true + {# sslRedirect = true #} + stsSeconds = 31536000 + stsIncludeSubdomains = true + stsPreload = true + forceSTSHeader = true + contentTypeNosniff = true + browserXssFilter = true [tls.options.default] minVersion = "VersionTLS12" @@ -20,6 +20,6 @@ cipherSuites = [ curvePreferences = [ "CurveP521", "CurveP384" ] {% else %} [http.middlewares.my-headers.headers] - [http.middlewares.my-headers.headers.customResponseHeaders] - X-Custom-Response-Header = "fuck" +[http.middlewares.my-headers.headers.customResponseHeaders] +X-Custom-Response-Header = "fuck" {% endif %} diff --git a/roles/wallabag/tasks/main.yml b/roles/wallabag/tasks/main.yml index 608c564..0fcba01 100644 --- a/roles/wallabag/tasks/main.yml +++ b/roles/wallabag/tasks/main.yml @@ -23,4 +23,4 @@ traefik.enable: "{{ wallabag_available_externally }}" traefik.http.routers.wallabag.rule: "Host(`{{ wallabag_subdomain }}.{{ server_hostname }}`)" traefik.http.services.wallabag.loadbalancer.server.port: "80" - traefik.http.routers.wallabag.middlewares: "my-headers@file" + traefik.http.routers.wallabag.middlewares: "my-headers" diff --git a/roles/whattocommit/tasks/main.yml b/roles/whattocommit/tasks/main.yml index 94445d1..b07bcc5 100644 --- a/roles/whattocommit/tasks/main.yml +++ b/roles/whattocommit/tasks/main.yml @@ -9,4 +9,4 @@ traefik.enable: "{{ whattocommit_available_externally }}" traefik.http.routers.whattocommit.rule: "Host(`{{ whattocommit_subdomain }}.{{ server_hostname }}`)" traefik.http.services.whattocommit.loadbalancer.server.port: "8080" - traefik.http.routers.whattocommit.middlewares: "my-headers@file" + traefik.http.routers.whattocommit.middlewares: "my-headers" diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index dc73029..262ebbe 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -38,4 +38,4 @@ traefik.enable: "{{ wireguard_available_externally }}" traefik.http.routers.wg-easy.rule: "Host(`{{ wireguard_subdomain }}.{{ server_hostname }}`)" traefik.http.services.wg-easy.loadbalancer.server.port: "51821" - traefik.http.routers.wg-easy.middlewares: "my-headers@file" + traefik.http.routers.wg-easy.middlewares: "my-headers" From 13f406d4768594b9ff23c68a53a29020fda56909 Mon Sep 17 00:00:00 2001 From: Vladislav Ponomarev Date: Sat, 20 Apr 2024 22:33:54 +0700 Subject: [PATCH 3/4] Remove Filerun --- group_vars/all.yml | 3 -- inventories/sample/group_vars/sample.yml | 3 -- roles/cheatsheet/tasks/main.yml | 8 +-- roles/filerun/defaults/main.yml | 12 ----- roles/filerun/tasks/main.yml | 69 ------------------------ roles/filerun/templates/config.php.j2 | 7 --- roles/homer/templates/config.yml.j2 | 6 --- 7 files changed, 1 insertion(+), 107 deletions(-) delete mode 100644 roles/filerun/defaults/main.yml delete mode 100644 roles/filerun/tasks/main.yml delete mode 100644 roles/filerun/templates/config.php.j2 diff --git a/group_vars/all.yml b/group_vars/all.yml index 2220226..3662740 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -88,9 +88,6 @@ ocis_subdomain: "ocis" filebrowser_enabled: true filebrowser_subdomain: "fb" -filerun_enabled: true -filerun_subdomain: "filerun" - blocky_enabled: true navidrome_enabled: true diff --git a/inventories/sample/group_vars/sample.yml b/inventories/sample/group_vars/sample.yml index 86f5541..6d3887d 100644 --- a/inventories/sample/group_vars/sample.yml +++ b/inventories/sample/group_vars/sample.yml @@ -84,9 +84,6 @@ ocis_subdomain: "ocis" filebrowser_enabled: true filebrowser_subdomain: "fb" -filerun_enabled: true -filerun_subdomain: "filerun" - blocky_enabled: true navidrome_enabled: true diff --git a/roles/cheatsheet/tasks/main.yml b/roles/cheatsheet/tasks/main.yml index db8c12e..517ef97 100644 --- a/roles/cheatsheet/tasks/main.yml +++ b/roles/cheatsheet/tasks/main.yml @@ -25,13 +25,7 @@ Make user and add default docker entrypoint. - ### Filerun - - Change username - Set dark theme - Enable API - - ### Files Filerun + ### Files (Filebrowser/OCIS) You have to sync files now via app. Setup iOS/Android/Mac/Win(?) Sync bookmarks via floccus diff --git a/roles/filerun/defaults/main.yml b/roles/filerun/defaults/main.yml deleted file mode 100644 index 376a471..0000000 --- a/roles/filerun/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -filerun_enabled: true -filerun_available_externally: "true" - -# directories -filerun_data_directory: "/home/{{ admin_username }}/filerun" - -filerun_subdomain: "filerun" - -# username / passwords -filerun_sql_user: "filerun-user" -filerun_sql_password: "filerun-pass" diff --git a/roles/filerun/tasks/main.yml b/roles/filerun/tasks/main.yml deleted file mode 100644 index b1e8c12..0000000 --- a/roles/filerun/tasks/main.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Delete Filerun directories - file: - path: "{{ filerun_data_directory }}" - state: absent - -- name: Create Filerun db directory - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ filerun_data_directory }}/" - - "{{ filerun_data_directory }}/db" - - "{{ filerun_data_directory }}/html" - - "{{ filerun_data_directory }}/html/customizables" - - "{{ filerun_data_directory }}/files" - -- name: Filerun MariaDB Docker Container - docker_container: - name: filerun-mariadb - image: mariadb:10.1 - pull: true - recreate: yes - volumes: - - "{{ filerun_data_directory }}/db:/var/lib/mysql" - env: - MYSQL_DATABASE: filerundb - MYSQL_USER: "{{ filerun_sql_user }}" - MYSQL_PASSWORD: "{{ filerun_sql_password }}" - MYSQL_ROOT_PASSWORD: "{{ admin_userpassword }}" - TZ: "{{ server_timezone }}" - restart_policy: unless-stopped - -- name: Template Filerun config.php - template: - src: config.php.j2 - dest: "{{ filerun_data_directory }}/html/customizables/config.php" - -- name: Filerun Docker Container - docker_container: - name: filerun - image: filerun/filerun - pull: true - recreate: yes - volumes: - - "{{ filerun_data_directory }}/html:/var/www/html" - - "{{ filerun_data_directory }}/files:/user-files" - links: - - filerun-mariadb:filerun-mariadb - env: - TZ: "{{ server_timezone }}" - FR_DB_HOST: filerun-mariadb - FR_DB_PORT: "3306" - FR_DB_NAME: filerundb - FR_DB_USER: "{{ filerun_sql_user }}" - FR_DB_PASS: "{{ filerun_sql_password }}" - APACHE_RUN_USER: www-data - APACHE_RUN_GROUP: www-data - APACHE_RUN_USER_ID: "33" - APACHE_RUN_GROUP_ID: "33" - restart_policy: unless-stopped - labels: - traefik.enable: "{{ filerun_available_externally }}" - traefik.backend: "filerun" - traefik.http.routers.filerun.rule: "Host(`{{ filerun_subdomain }}.{{ server_hostname }}`)" - traefik.frontend.rule: "Host:{{ filerun_subdomain }}.{{ server_hostname }}" - traefik.http.services.filerun.loadbalancer.server.port: "80" - traefik.http.routers.filerun.middlewares: "my-headers,frameOptionsSameOrigin" - traefik.http.middlewares.frameOptionsSameOrigin.headers.customFrameOptionsValue: "sameorigin" diff --git a/roles/filerun/templates/config.php.j2 b/roles/filerun/templates/config.php.j2 deleted file mode 100644 index 7b3ba7a..0000000 --- a/roles/filerun/templates/config.php.j2 +++ /dev/null @@ -1,7 +0,0 @@ - Date: Sun, 21 Apr 2024 02:19:41 +0700 Subject: [PATCH 4/4] Add syncthing + fix traefik --- README.md | 43 ++++++++++--------- Vagrantfile | 1 - provisioning.yml | 5 --- roles/filebrowser/defaults/main.yml | 3 +- roles/filebrowser/tasks/main.yml | 31 +++++++++++-- roles/navidrome/defaults/main.yml | 2 +- roles/traefik/defaults/main.yml | 2 +- .../alpn-dot-for-blocky.toml.j2 | 5 +++ .../dynamic_configs/my-headers.toml.j2 | 13 +++--- roles/traefik/templates/traefik.toml.j2 | 3 -- 10 files changed, 65 insertions(+), 43 deletions(-) create mode 100644 roles/traefik/templates/dynamic_configs/alpn-dot-for-blocky.toml.j2 diff --git a/README.md b/README.md index 56ee974..4d70c89 100644 --- a/README.md +++ b/README.md @@ -98,27 +98,26 @@ Host mayurifag-prod ## Applications List -| Name | Default endpoint | App. Port | -| ----------------------- | -------------------------------------------- | ------------- | -| Blocky | - | - | -| Doku | | 9090 | -| Dozzle | | 8080 | -| Filerun | | 80 [+3306 db] | -| Filebrowser | | 80 | -| Glances | | 61208/61209 | -| Go-socks5-proxy | (+auth) | 1080 | -| Homer | | 8080 | -| Hemmelig | | 3000 | -| mayurifag.github.io | | 8005 | -| Navidrome | | 80 | -| Netdata | | 19999 | -| Owncloud Infinite Scale | | 9200 | -| Portainer | | 9000 | -| Shadowsocks-rust | (uses TLS) | 1080 | -| Wallabag | | 80 | -| Watchtower | - | - | -| Wireguard-Easy | | 58172 | -| Whattocommit | | 8080 | +| Name | Default endpoint | App. Port | +| ----------------------- | -------------------------------------------- | ----------- | +| Blocky | - | - | +| Doku | | 9090 | +| Dozzle | | 8080 | +| Filebrowser | | 80 | +| Glances | | 61208/61209 | +| Go-socks5-proxy | (+auth) | 1080 | +| Homer | | 8080 | +| Hemmelig | | 3000 | +| mayurifag.github.io | | 8005 | +| Navidrome | | 80 | +| Netdata | | 19999 | +| Owncloud Infinite Scale | | 9200 | +| Portainer | | 9000 | +| Shadowsocks-rust | (uses TLS) | 1080 | +| Wallabag | | 80 | +| Watchtower | - | - | +| Wireguard-Easy | | 58172 | +| Whattocommit | | 8080 | ## TODO @@ -130,6 +129,8 @@ need to deploy my services once again. ### High priority +- [ ] Some strange things with Traefik config. If problem with "my-headers" -> + return "my-headers@file" - [ ] Log rotation for docker containers - [ ] ~~https://github.com/alexta69/metube~~ - [ ] ~~Add cleaning up apt-get to get extra 1GB~~ diff --git a/Vagrantfile b/Vagrantfile index 0fac508..32829e0 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -32,7 +32,6 @@ Vagrant.configure(2) do |config| dozzle.mayurifag.local glances.mayurifag.local fb.mayurifag.local - filerun.mayurifag.local homer.mayurifag.local mus.mayurifag.local netdata.mayurifag.local diff --git a/provisioning.yml b/provisioning.yml index 3fbeca9..4e7b4ba 100644 --- a/provisioning.yml +++ b/provisioning.yml @@ -133,11 +133,6 @@ - dozzle when: (dozzle_enabled | default(False)) - - role: filerun - tags: - - filerun - when: (filerun_enabled | default(False)) - - role: hemmelig tags: - hemmelig diff --git a/roles/filebrowser/defaults/main.yml b/roles/filebrowser/defaults/main.yml index 3764925..52c9896 100644 --- a/roles/filebrowser/defaults/main.yml +++ b/roles/filebrowser/defaults/main.yml @@ -2,13 +2,14 @@ filebrowser_enabled: true filebrowser_available_externally: "true" -filebrowser_data_directory: "{{ files_home }}/filebrowser" +filebrowser_data_directory: "{{ docker_home }}/filebrowser" filebrowser_files_directory: "{{ files_home }}/" filebrowser_container: "filebrowser/filebrowser" filebrowser_version: "v2.28.0-s6" filebrowser_subdomain: "fb" +syncthing_subdomain: "st" filebroswer_uid: "{{ admin_uid }}" filebroswer_gid: "{{ admin_gid }}" diff --git a/roles/filebrowser/tasks/main.yml b/roles/filebrowser/tasks/main.yml index e7d21b7..75ecf44 100644 --- a/roles/filebrowser/tasks/main.yml +++ b/roles/filebrowser/tasks/main.yml @@ -10,10 +10,11 @@ state: directory owner: "{{ filebroswer_uid }}" group: "{{ filebroswer_gid }}" - mode: u+rw,g-wx,o-rwx + mode: u+rwx,g+rwx,o-rwx with_items: - "{{ filebrowser_files_directory }}" - "{{ filebrowser_data_directory }}/config" + - "{{ filebrowser_data_directory }}/syncthing_config" - name: Touch Filebrowser database file file: @@ -42,7 +43,7 @@ volumes: - "{{ filebrowser_data_directory }}/config/filebrowser.db:/database/filebrowser.db" - "{{ filebrowser_data_directory }}/config/settings.json:/config/settings.json" - - "{{ filebrowser_data_directory }}/files:/srv" + - "{{ filebrowser_files_directory }}/:/srv" env: TZ: "{{ server_timezone }}" PUID: "{{ filebroswer_uid }}" @@ -58,4 +59,28 @@ traefik.enable: "{{ filebrowser_available_externally }}" traefik.http.routers.filebrowser.rule: "Host(`{{ filebrowser_subdomain }}.{{ server_hostname }}`)" traefik.http.services.filebrowser.loadbalancer.server.port: "80" - traefik.http.routers.filebrowser.middlewares: "my-headers" + # traefik.http.routers.filebrowser.middlewares: "my-headers" + +- name: Syncthing Docker Container + docker_container: + name: syncthing + image: "linuxserver/syncthing" + pull: true + recreate: yes + volumes: + - "{{ filebrowser_data_directory }}/syncthing_config:/config" + - "{{ filebrowser_files_directory }}:/mnt" + env: + TZ: "{{ server_timezone }}" + PUID: "{{ filebroswer_uid }}" + PGID: "{{ filebroswer_gid }}" + ports: + # - "8384:8384" # web ui - we pass it through traefik + - "22000:22000" + - "21027:21027/udp" + restart_policy: unless-stopped + labels: + traefik.enable: "{{ filebrowser_available_externally }}" + traefik.http.routers.syncthing.rule: "Host(`{{ syncthing_subdomain }}.{{ server_hostname }}`)" + traefik.http.services.syncthing.loadbalancer.server.port: "8384" + # traefik.http.routers.syncthing.middlewares: "my-headers" diff --git a/roles/navidrome/defaults/main.yml b/roles/navidrome/defaults/main.yml index 531e7ea..a4111cc 100644 --- a/roles/navidrome/defaults/main.yml +++ b/roles/navidrome/defaults/main.yml @@ -5,7 +5,7 @@ navidrome_available_externally: "true" navidrome_subdomain: "mus" navidrome_data_directory: "/home/{{ admin_username }}/navidrome_data" -navidrome_music_directory: "{{ filerun_data_directory }}/files/Music" +# navidrome_music_directory: "{{ filerun_data_directory }}/files/Music" navidrome_user_and_group: "33:33" # www-data:www-data diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml index 94ecd01..1d7ce91 100644 --- a/roles/traefik/defaults/main.yml +++ b/roles/traefik/defaults/main.yml @@ -2,7 +2,7 @@ traefik_enabled: true traefik_data_directory: "{{ docker_home }}/traefik" -traefik_docker_image: traefik:v2.5 +traefik_docker_image: traefik:v3.0 traefik_log_level: "INFO" traefik_subdomain: "traefik" diff --git a/roles/traefik/templates/dynamic_configs/alpn-dot-for-blocky.toml.j2 b/roles/traefik/templates/dynamic_configs/alpn-dot-for-blocky.toml.j2 new file mode 100644 index 0000000..ad0df55 --- /dev/null +++ b/roles/traefik/templates/dynamic_configs/alpn-dot-for-blocky.toml.j2 @@ -0,0 +1,5 @@ +{% if enable_tls == true %} +[tls.options] + [tls.options.dot] + alpnProtocols = ["dot"] +{% endif %} diff --git a/roles/traefik/templates/dynamic_configs/my-headers.toml.j2 b/roles/traefik/templates/dynamic_configs/my-headers.toml.j2 index f733682..cb3247f 100644 --- a/roles/traefik/templates/dynamic_configs/my-headers.toml.j2 +++ b/roles/traefik/templates/dynamic_configs/my-headers.toml.j2 @@ -1,12 +1,11 @@ {% if enable_tls == true %} [http.middlewares.my-headers.headers] - {# sslRedirect = true #} - stsSeconds = 31536000 - stsIncludeSubdomains = true - stsPreload = true - forceSTSHeader = true - contentTypeNosniff = true - browserXssFilter = true +stsSeconds = 31536000 +stsIncludeSubdomains = true +stsPreload = true +forceSTSHeader = true +contentTypeNosniff = true +browserXssFilter = true [tls.options.default] minVersion = "VersionTLS12" diff --git a/roles/traefik/templates/traefik.toml.j2 b/roles/traefik/templates/traefik.toml.j2 index 5bd216f..965bdd4 100644 --- a/roles/traefik/templates/traefik.toml.j2 +++ b/roles/traefik/templates/traefik.toml.j2 @@ -39,7 +39,4 @@ defaultEntryPoints = ["http", "https"] [certificatesResolvers.letsencrypt.acme.dnsChallenge] provider = "{{ traefik_dns_provider }}" resolvers = ["1.1.1.1:53", "8.8.8.8:53"] -[tls.options] - [tls.options.dot] - alpnProtocols = ["dot"] {% endif %}