Added ntfy and That other app... cloudflare's tunnel thing!

collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml

@@ -41,6 +41,7 @@
       community.docker.docker_compose_v2:
         project_src: /opt/caddy
         pull: policy
+        recreate: always
 
   rescue:
     - name: Set that this task failed

collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2

@@ -53,3 +53,6 @@ lidarr.local.cobb.lgbt {
 ha.local.cobb.lgbt {
     reverse_proxy 10.69.2.13:8123
 }
+ntfy.local.cobb.lgbt {
+    reverse_proxy 10.69.2.52:8085
+}

collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/files/docker-compose.yaml

@@ -0,0 +1,10 @@
+---
+services:
+  cloudflared:
+    image: cloudflare/cloudflared:latest
+    container_name: cloudflare-tunnel
+    restart: always
+    command: tunnel run
+    env_file:
+      - path: ./.env
+        required: true

collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/tasks/main.yaml

@@ -0,0 +1,46 @@
+---
+- name: Load distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "{{ ansible_facts['distribution'] }}.yaml"
+      skip: true
+
+- name: Ensure cloudflared is running and configured on this device
+  block:
+    - name: Ensure presense of folders for cloudflared
+      tags: packages,docker,cloudflared
+      ansible.builtin.file:
+        path: /opt/cloudflared
+        state: directory
+        recurse: true
+        owner: 1000
+        group: 1000
+        mode: "0644"
+    - name: Ensure compose files are properly loaded on the server
+      tags: packages,docker,cloudflared
+      ansible.builtin.copy:
+        src: "docker-compose.yaml"
+        dest: "/opt/cloudflared/docker-compose.yaml"
+        owner: 1000
+        group: 1000
+        mode: u=rw,g=r,o=r
+    - name: Ensure environment file is available on the server
+      tags: packages,cloudflared
+      ansible.builtin.template:
+        src: env.j2
+        dest: /opt/cloudflared/.env
+        owner: 1000
+        group: 1000
+        mode: "0600"
+    - name: Ensure docker containers are pulled and running
+      tags: packages,docker,cloudflared
+      community.docker.docker_compose_v2:
+        project_src: /opt/cloudflared
+        pull: policy
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true

collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/templates/env.j2

@@ -0,0 +1 @@
+TUNNEL_TOKEN={{ cloudflared_tunnel_token }}

collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/vars/main.yaml

@@ -0,0 +1,16 @@
+---
+cloudflared_tunnel_token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62323939303466396563353432386135326366343135383632346463306336623938323532656136
+          6463633532343134396438396634373038613331623334300a326531383565333635663533393234
+          65343639376563326366303330343232666262333963393665323763303533383431623635653132
+          6137646434346335300a396238653535656665653761653738666334666166313564373632396137
+          62326262373361323162653265396237623637333838643837343434613734643865326135386339
+          35383933646531396135393237363238656435376261663235356264376363313461613862326531
+          31303136323562623137663535656366356263633433643739663733343732336663396262383436
+          61636662616432373734663139316262316534323936353864646330303730323739386135633536
+          37336235396333343437303238656637323135613332613661363963653431346238626463313532
+          37323661373562383661306630613838376334343563346138363138356234353963373462306163
+          38333534323238313766653862383664386265663733383036343961376666316239393731326531
+          37356233626261393030626366313431333461306661373164336635633436306138343430376264
+          62663866333430616162366138343237396432346634616165363262653662323564

collections/ansible_collections/adhdgirl/minilab/roles/ntfy/tasks/main.yaml

@@ -0,0 +1,55 @@
+---
+- name: Load distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "{{ ansible_facts['distribution'] }}.yaml"
+      skip: true
+
+- name: Ensure ntfy is running on this device
+  block:
+    - name: Ensure presense of folders for ntfy
+      tags: packages,docker,ntfy
+      ansible.builtin.file:
+        path: /opt/ntfy/config
+        state: directory
+        recurse: true
+        owner: 1000
+        group: 1000
+        mode: "0755"
+    - name: Ensure presense of folders for ntfy
+      tags: packages,docker,ntfy
+      ansible.builtin.file:
+        path: /opt/ntfy/cache/
+        state: directory
+        recurse: true
+        owner: 1000
+        group: 1000
+        mode: "0755"
+    - name: Ensure compose files are properly loaded on the server
+      tags: packages,docker,ntfy
+      ansible.builtin.template:
+        src: docker-compose.yaml.j2
+        dest: /opt/ntfy/docker-compose.yaml
+        owner: 1000
+        group: 1000
+        mode: "0644"
+    - name: Ensure ntfy config is available for container
+      tags: packages,ntfy
+      ansible.builtin.template:
+        src: ntfy-config.yaml.j2
+        dest: /opt/ntfy/config/server.yml
+        owner: 1000
+        group: 1000
+        mode: "0644"
+    - name: Ensure docker containers are pulled and running
+      tags: packages,docker,ntfy
+      community.docker.docker_compose_v2:
+        project_src: /opt/ntfy
+        pull: policy
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true

collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/docker-compose.yaml.j2

@@ -0,0 +1,26 @@
+---
+services:
+  ntfy:
+    image: binwiederhier/ntfy:{{ ntfy_image_tag }}
+    container_name: ntfy
+    command: serve --debug
+    environment:
+      - TZ=America/New_York # optional: set desired timezone
+    user: 1000:1000 # optional: replace with your own user/group or uid/gid
+    volumes:
+      - /opt/ntfy/cache/ntfy:/var/cache/ntfy
+      - /opt/ntfy/config:/etc/ntfy
+    ports:
+      - 8085:80
+    healthcheck: # optional: remember to adapt the host:port to your environment
+      test:
+        [
+          "CMD-SHELL",
+          "wget -q --tries=1 http://{{ ntfy_host_and_port }}/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1",
+        ]
+      interval: 60s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    restart: unless-stopped
+    init: true # needed, if healthcheck is used. Prevents zombie processes

collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/ntfy-config.yaml.j2

@@ -0,0 +1,16 @@
+base_url: "https://ntfy.cobb.lgbt"
+log_level: "debug"
+attachment_cache_dir: "/var/cache/ntfy/attachments"
+auth_file: "/etc/ntfy/user.db"
+auth_default_access: "deny-all"
+auth_users:
+  - "adhdgirl:{{ ntfy_adhdgirl_pwd }}:admin"
+  - "servers:{{ ntfy_servers_pwd }}:user"
+auth_tokens:
+  - "adhdgirl:{{ ntfy_adhdgirl_token }}"
+  - "servers:{{ ntfy_servers_token }}:Server Alerts"
+auth_access:
+  - "servers:server_alerts:rw"
+  - "*:server_alerts:deny-all"
+  - "*:up*:write-only"
+behind_proxy: true

collections/ansible_collections/adhdgirl/minilab/roles/ntfy/vars/main.yaml

@@ -0,0 +1,6 @@
+ntfy_image_tag: v2.16
+ntfy_host_and_port: 10.69.2.52:8085
+ntfy_adhdgirl_pwd: $2a$10$oWYoIjSNo9X7I8S7UTUCEuXD2RjP66Jv.I7fkEDIRc05ssd8b/l9u
+ntfy_servers_pwd: $2a$10$E4fd4Q/CXp/qmTjbdwfbMOnJRpGY6f8MWSAopEfgbMqZIdZWNzgrm
+ntfy_adhdgirl_token: tk_lhmrd5ija9aelyr51zirpc8l8zjia
+ntfy_servers_token: tk_7vo6ttnjev0f3a10x9zu8geyix2ua

minilab.yaml

@@ -55,3 +55,5 @@
     - adhdgirl.minilab.authentik
     - adhdgirl.minilab.caddy
     - adhdgirl.minilab.arr
+    - adhdgirl.minilab.ntfy
+    - adhdgirl.minilab.cloudflared