annika/minilab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Red Ranger! GO!

Browse source
This commit is contained in:
Annika Merris 2026-06-02 00:30:56 +00:00
parent ce6b85bc09
commit 6afb19a45c
31 changed files with 675 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.vscode/settings.json vendored
View file

@ -1,3 +1,10 @@
{
"ansible.python.interpreterPath": "/usr/bin/python"
"ansible.python.interpreterPath": "/usr/bin/python",
"yaml.schemas": {
"https://www.schemastore.org/traefik-v2.json": [
"file:///workspaces/minilab/collections/ansible_collections/adhdgirl/minilab/roles/traefik/files/basic.yaml",
"file:///workspaces/minilab/collections/ansible_collections/adhdgirl/minilab/roles/traefik/files/umm.yaml",
"file:///workspaces/minilab/collections/ansible_collections/adhdgirl/minilab/roles/traefik/files/dynamic.yaml"
]
}
}

13
collections/ansible_collections/adhdgirl/minilab/roles/arr/files/homarr.yaml
View file

@ -11,3 +11,16 @@ services:
- SECRET_ENCRYPTION_KEY=${HOMARR_ENCRYPTION_KEY}
ports:
- "7575:7575"
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.homarr.rule: Host(`homarr.local.cobb.lgbt`)
traefik.http.routers.homarr.entryPoints: websecure
traefik.http.routers.homarr.tls.certResolver: letsEncrypt
traefik.http.routers.homarr.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

13
collections/ansible_collections/adhdgirl/minilab/roles/arr/files/lidarr.yaml
View file

@ -15,3 +15,16 @@ services:
volumes:
- /opt/arr/lidarr/config:/config
- /mnt/storage:/data
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.lidarr.rule: Host(`lidarr.local.cobb.lgbt`)
traefik.http.routers.lidarr.entryPoints: websecure
traefik.http.routers.lidarr.tls.certResolver: letsEncrypt
traefik.http.routers.lidarr.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

13
collections/ansible_collections/adhdgirl/minilab/roles/arr/files/prowlarr.yaml
View file

@ -14,3 +14,16 @@ services:
- WEBUI_PORTS=9696/tcp
volumes:
- /opt/arr/prowlarr/config:/config
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.prowlarr.rule: Host(`prowlarr.local.cobb.lgbt`)
traefik.http.routers.prowlarr.entryPoints: websecure
traefik.http.routers.prowlarr.tls.certResolver: letsEncrypt
traefik.http.routers.prowlarr.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

13
collections/ansible_collections/adhdgirl/minilab/roles/arr/files/radarr.yaml
View file

@ -15,3 +15,16 @@ services:
volumes:
- /opt/arr/radarr/config:/config
- /mnt/storage:/data
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.radarr.rule: Host(`radarr.local.cobb.lgbt`)
traefik.http.routers.radarr.entryPoints: websecure
traefik.http.routers.radarr.tls.certResolver: letsEncrypt
traefik.http.routers.radarr.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

13
collections/ansible_collections/adhdgirl/minilab/roles/arr/files/sabnzbd.yaml
View file

@ -13,3 +13,16 @@ services:
ports:
- 8081:8080
restart: unless-stopped
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.sabnzbd.rule: Host(`sabnzbd.local.cobb.lgbt`)
traefik.http.routers.sabnzbd.entryPoints: websecure
traefik.http.routers.sabnzbd.tls.certResolver: letsEncrypt
traefik.http.routers.sabnzbd.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

13
collections/ansible_collections/adhdgirl/minilab/roles/arr/files/sonarr.yaml
View file

@ -15,3 +15,16 @@ services:
volumes:
- /opt/arr/sonarr/config:/config
- /mnt/storage:/data
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.sonarr.rule: Host(`sonarr.local.cobb.lgbt`)
traefik.http.routers.sonarr.entryPoints: websecure
traefik.http.routers.sonarr.tls.certResolver: letsEncrypt
traefik.http.routers.sonarr.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

13
collections/ansible_collections/adhdgirl/minilab/roles/arr/files/whisparr.yaml
View file

@ -15,3 +15,16 @@ services:
volumes:
- /opt/arr/whisparr/config:/config
- /mnt/storage:/data
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.whisparr.rule: Host(`whisparr.local.cobb.lgbt`)
traefik.http.routers.whisparr.entryPoints: websecure
traefik.http.routers.whisparr.tls.certResolver: letsEncrypt
traefik.http.routers.whisparr.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

11
collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml
View file

@ -9,6 +9,17 @@
- name: Ensure Caddy is running on this device
block:
- name: Load IP addresses for other hosts
tags: packages,caddy,network
ansible.builtin.set_fact:
caddy_adguard_address: "{{ hostvars['adguard']['ansible_host'] }}"
caddy_nemetona_address: "{{ hostvars['nemetona']['ansible_host'] }}"
caddy_pve_address: "{{ hostvars['pve']['ansible_host'] }}"
caddy_code_address: "{{ hostvars['stephanie']['ansible_host'] }}"
caddy_home_assistant_address: "{{ hostvars['home_assistant']['ansible_host'] }}"
caddy_frigate_address: "{{ hostvars['curren']['ansible_host'] }}"
caddy_truenas_address: "{{ hostvars['mors']['ansible_host'] }}"
cacheable: true
- name: Ensure presense of folders for Caddy Home
tags: packages,docker,caddy
ansible.builtin.file:

38
collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2
View file

@ -4,13 +4,13 @@
}
authentik.local.cobb.lgbt {
reverse_proxy 10.69.10.50:9000 {
reverse_proxy {{ caddy_nemetona_address }}:9000 {
trusted_proxies private_ranges
}
}
pve.local.cobb.lgbt {
reverse_proxy 10.69.1.7:8006 {
reverse_proxy {{ caddy_pve_address }}:8006 {
transport http {
tls_insecure_skip_verify
}
@ -18,7 +18,7 @@ pve.local.cobb.lgbt {
}
code.local.cobb.lgbt {
reverse_proxy 10.69.10.52:8443
reverse_proxy {{ caddy_code_address }}:8443
}
guac.local.cobb.lgbt {
@ -26,62 +26,62 @@ guac.local.cobb.lgbt {
not path /guacamole*
}
redir @notGuac /guacamole/
reverse_proxy 10.69.10.50:8080 {
reverse_proxy {{ caddy_nemetona_address }}:8080 {
flush_interval -1
}
}
homarr.local.cobb.lgbt {
reverse_proxy 10.69.10.50:7575
reverse_proxy {{ caddy_nemetona_address }}:7575
}
sabnzbd.local.cobb.lgbt {
reverse_proxy 10.69.10.50:8081
reverse_proxy {{ caddy_nemetona_address }}:8081
}
sonarr.local.cobb.lgbt {
reverse_proxy 10.69.10.50:8989
reverse_proxy {{ caddy_nemetona_address }}:8989
}
radarr.local.cobb.lgbt {
reverse_proxy 10.69.10.50:7878
reverse_proxy {{ caddy_nemetona_address }}:7878
}
prowlarr.local.cobb.lgbt {
reverse_proxy 10.69.10.50:9696
reverse_proxy {{ caddy_nemetona_address }}:9696
}
lidarr.local.cobb.lgbt {
reverse_proxy 10.69.10.50:8686
reverse_proxy {{ caddy_nemetona_address }}:8686
}
ha.local.cobb.lgbt {
reverse_proxy 10.69.10.199:8123
reverse_proxy {{ caddy_home_assistant_address }}:8123
}
ntfy.local.cobb.lgbt {
reverse_proxy 10.69.10.50:8085
reverse_proxy {{ caddy_nemetona_address }}:8085
}
truenas.local.cobb.lgbt {
reverse_proxy 10.69.10.30:443 {
reverse_proxy {{ caddy_truenas_address}}:443 {
transport http {
tls_insecure_skip_verify
}
}
}
termix.local.cobb.lgbt {
reverse_proxy 10.69.10.50:8082
reverse_proxy {{ caddy_nemetona_address }}:8082
}
frigate.local.cobb.lgbt {
reverse_proxy 10.69.10.51:8971 {
reverse_proxy {{ caddy_frigate_address }}:8971 {
transport http {
tls_insecure_skip_verify
}
}
}
immich.local.cobb.lgbt {
reverse_proxy 10.69.10.50:2283
reverse_proxy {{ caddy_nemetona_address }}:2283
}
readeck.local.cobb.lgbt {
reverse_proxy 10.69.10.50:8083
reverse_proxy {{ caddy_nemetona_address }}:8083
}
readeck.cobb.lgbt {
reverse_proxy 10.69.10.50:8083
reverse_proxy {{ caddy_nemetona_address }}:8083
}
cwa.local.cobb.lgbt {
reverse_proxy 10.69.10.50:8086
reverse_proxy {{ caddy_nemetona_address }}:8086
}

13
collections/ansible_collections/adhdgirl/minilab/roles/calibre/templates/docker-compose.yaml.j2
View file

@ -34,3 +34,16 @@ services:
# cap_add:
# - NET_BIND_SERVICE
restart: unless-stopped
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.calibre.rule: Host(`calibre.local.cobb.lgbt`)
traefik.http.routers.calibre.entryPoints: websecure
traefik.http.routers.calibre.tls.certResolver: letsEncrypt
traefik.http.routers.calibre.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

22
collections/ansible_collections/adhdgirl/minilab/roles/immich/files/docker-compose.yaml
View file

@ -31,6 +31,15 @@ services:
restart: always
healthcheck:
disable: false
networks:
- traefik
- immich-internal
labels:
traefik.enable: "true"
traefik.http.routers.immich.rule: Host(`immich.local.cobb.lgbt`)
traefik.http.routers.immich.entryPoints: websecure
traefik.http.routers.immich.tls.certResolver: letsEncrypt
traefik.http.routers.immich.observability.metrics: "true"
immich-machine-learning:
container_name: immich_machine_learning
@ -47,6 +56,8 @@ services:
restart: always
healthcheck:
disable: false
networks:
- immich-internal
redis:
container_name: immich_redis
@ -54,6 +65,8 @@ services:
healthcheck:
test: redis-cli ping || exit 1
restart: always
networks:
- immich-internal
database:
container_name: immich_postgres
@ -72,6 +85,15 @@ services:
restart: always
healthcheck:
disable: false
networks:
- immich-internal
volumes:
model-cache:
networks:
traefik:
name: traefik
external: true
immich-internal:
name: immich-internal

14
collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/docker-compose.yaml.j2
View file

@ -13,6 +13,8 @@ services:
ports:
- 8085:80
- 8025:25
networks:
- traefik
healthcheck: # optional: remember to adapt the host:port to your environment
test:
[
@ -25,3 +27,15 @@ services:
start_period: 40s
restart: unless-stopped
init: true # needed, if healthcheck is used. Prevents zombie processes
labels:
traefik.enable: 'true'
traefik.http.routers.ntfy.rule: Host(`ntfy.local.cobb.lgbt`)
traefik.http.routers.ntfy.entryPoints: websecure
traefik.http.routers.ntfy.tls.certResolver: letsEncrypt
traefik.http.routers.ntfy.observability.metrics: 'true'
traefik.http.services.ntfy.loadBalancer.server.port: 80
networks:
traefik:
name: traefik
external: true

13
collections/ansible_collections/adhdgirl/minilab/roles/readeck/files/docker-compose.yaml
View file

@ -15,3 +15,16 @@ services:
interval: 30s
timeout: 2s
retries: 3
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.readeck.rule: Host(`readeck.local.cobb.lgbt`)
traefik.http.routers.readeck.entryPoints: websecure
traefik.http.routers.readeck.tls.certResolver: letsEncrypt
traefik.http.routers.readeck.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

55
collections/ansible_collections/adhdgirl/minilab/roles/technitium/templates/docker-compose_yaml.j2 Normal file
View file

@ -0,0 +1,55 @@
services:
dns-server:
container_name: dns-server
hostname: dns-server
image: docker.io/technitium/dns-server:latest
ports:
# - "5380:5380/tcp" #DNS web console (HTTP)
# - "53443:53443/tcp" #DNS web console (HTTPS)
- "53:53/udp" #DNS service
- "53:53/tcp" #DNS service
# - "853:853/udp" #DNS-over-QUIC service
# - "853:853/tcp" #DNS-over-TLS service
# - "443:443/udp" #DNS-over-HTTPS service (HTTP/3)
# - "443:443/tcp" #DNS-over-HTTPS service (HTTP/1.1, HTTP/2)
# - "80:80/tcp" #DNS-over-HTTP service (use with reverse proxy or certbot certificate renewal)
# - "8053:8053/tcp" #DNS-over-HTTP service (use with reverse proxy)
# - "67:67/udp" #DHCP service
environment:
- DNS_SERVER_DOMAIN=local.cobb.lgbt #The primary domain name used by this DNS Server to identify itself.
- DNS_SERVER_ADMIN_PASSWORD=${SERVER_ADMIN_PASSWORD} #DNS web console admin user password.
# - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
# - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
# - DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES=172.17.0.1,127.0.0.1 #Comma separated list of network interface IP addresses that you want the web service to listen on for requests. The "172.17.0.1" address is the built-in Docker bridge. The "[::]" is the default value if not specified. Note! This must be used only with "host" network mode.
- DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380 #The TCP port number for the DNS web console over HTTP protocol.
# - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
- DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH=/etc/dns/tls/cert.pfx #The file path to the TLS certificate for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PASSWORD=password #The password for the TLS certificate for the DNS web console.
- DNS_SERVER_WEB_SERVICE_HTTP_TO_TLS_REDIRECT=false #Enables HTTP to HTTPS redirection for the DNS web console.
- DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=true #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
- DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
# - DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2 #Comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.
# - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
# - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
- DNS_SERVER_ENABLE_BLOCKING=true #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
# - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
# - DNS_SERVER_BLOCK_LIST_URLS= #A comma separated list of block list URLs.
- DNS_SERVER_FORWARDERS=1.1.1.1, 9.9.9.9 #Comma separated list of forwarder addresses.
- DNS_SERVER_FORWARDER_PROTOCOL=Udp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
- DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
- DNS_SERVER_LOG_FOLDER_PATH=/var/log/technitium/dns #The folder path on the server where the log files should be saved.
# - DNS_SERVER_LOG_MAX_LOG_FILE_DAYS=365 #Max number of days to keep the log files. Log files older than the specified number of days will be deleted automatically. Set 0 to disable auto delete.
# - DNS_SERVER_STATS_ENABLE_IN_MEMORY_STATS=false #This option will enable in-memory stats and only Last Hour data will be available on Dashboard. No stats data will be stored on disk.
# - DNS_SERVER_STATS_MAX_STAT_FILE_DAYS=365 #Max number of days to keep the dashboard stats. Stat files older than the specified number of days will be deleted automatically. Set 0 to disable auto delete.
volumes:
- config:/etc/dns
- logs:/var/log/technitium/dns
restart: unless-stopped
sysctls:
- net.ipv4.ip_local_port_range=1024 65535 #remove when using "host" network mode
volumes:
config:
logs:

17
collections/ansible_collections/adhdgirl/minilab/roles/termix/files/docker-compose.yaml
View file

@ -5,8 +5,21 @@ services:
container_name: termix
restart: unless-stopped
ports:
- '8082:8080'
- "8082:8080"
volumes:
- /opt/termix/data:/app/data
environment:
PORT: '8080'
PORT: "8080"
networks:
- traefik
labels:
traefik.enable: "true"
traefik.http.routers.termix.rule: Host(`termix.local.cobb.lgbt`)
traefik.http.routers.termix.entryPoints: websecure
traefik.http.routers.termix.tls.certResolver: letsEncrypt
traefik.http.routers.termix.observability.metrics: "true"
networks:
traefik:
name: traefik
external: true

55
collections/ansible_collections/adhdgirl/minilab/roles/traefik/files/routers.yaml Normal file
View file

@ -0,0 +1,55 @@
---
http:
routers:
dashboard:
entryPoints:
- websecure
rule: "Host(`traefik-dashboard.local.cobb.lgbt`)"
tls:
certResolver: letsEncrypt
observability:
metrics: true
service: api@internal
middlewares:
- known-ips@file
- dashboard-auth@file
proxmox:
entryPoints:
- websecure
rule: "Host(`pve.local.cobb.lgbt`)"
tls:
certResolver: letsEncrypt
observability:
metrics: true
service: proxmox@file
middlewares:
- known-ips@file
home-assistant:
entryPoints:
- websecure
rule: "Host(`ha.local.cobb.lgbt`)"
tls:
certResolver: letsEncrypt
observability:
metrics: true
service: home-assistant@file
truenas:
entryPoints:
- websecure
rule: "Host(`truenas.local.cobb.lgbt`)"
tls:
certResolver: letsEncrypt
observability:
metrics: true
service: truenas@file
middlewares:
- known-ips@file
frigate:
entryPoints:
- websecure
rule: "Host(`frigate.local.cobb.lgbt`)"
tls:
certResolver: letsEncrypt
observability:
metrics: true
service: frigate@file

68
collections/ansible_collections/adhdgirl/minilab/roles/traefik/tasks/main.yaml Normal file
View file

@ -0,0 +1,68 @@
---
- name: Load distro-specific variables
ansible.builtin.include_vars: "{{ item }}"
tags: always
with_first_found:
- files:
- "{{ ansible_facts['distribution'] }}.yaml"
skip: true
- name: Ensure Traefik is running on this device
block:
- name: Load IP addresses for other hosts
tags: packages,traefik,network
ansible.builtin.set_fact:
traefik_adguard_address: "{{ hostvars['adguard']['ansible_host'] }}"
traefik_nemetona_address: "{{ hostvars['nemetona']['ansible_host'] }}"
traefik_pve_address: "{{ hostvars['pve']['ansible_host'] }}"
traefik_code_address: "{{ hostvars['stephanie']['ansible_host'] }}"
traefik_home_assistant_address: "{{ hostvars['home_assistant']['ansible_host'] }}"
traefik_frigate_address: "{{ hostvars['curren']['ansible_host'] }}"
traefik_truenas_address: "{{ hostvars['mors']['ansible_host'] }}"
cacheable: true
- name: Ensure presense of folders for Traefik
tags: packages,docker,traefik
ansible.builtin.file:
path: "/opt/traefik/{{ item }}"
state: directory
recurse: true
owner: 1000
group: 1000
loop:
- dynamic
- lets-encrypt
- name: Ensure config templates are available
tags: traefik,settings
ansible.builtin.template:
src: "{{ item.src }}"
dest: "/opt/traefik/{{ item.dest }}"
owner: 1000
group: 1000
mode: u=rw,g=r,o=r
loop:
- { src: "traefik-compose.j2", dest: "docker-compose.yaml" }
- { src: "cloudflare.env.j2", dest: "cloudflare.env" }
- { src: "traefik.yaml.j2", dest: "traefik.yaml" }
- { src: "middlewares.yaml.j2", dest: "dynamic/middlewares.yaml" }
- { src: "services.yaml.j2", dest: "dynamic/services.yaml" }
- name: Ensure dynamic configs are available to the server
tags: traefik,settings
ansible.builtin.copy:
src: "{{ item }}"
dest: /opt/traefik/dynamic/{{ item }}
owner: 1000
group: 1000
mode: u=rw,g=r,o=r
loop:
- routers.yaml
- name: Ensure docker containers are pulled and running
tags: docker,traefik
community.docker.docker_compose_v2:
project_src: /opt/traefik
pull: policy
recreate: always
rescue:
- name: Set that this task failed # noqa: var-naming[no-role-prefix]
ansible.builtin.set_fact:
task_failed: true

1
collections/ansible_collections/adhdgirl/minilab/roles/traefik/templates/cloudflare.env.j2 Normal file
View file

@ -0,0 +1 @@
CF_DNS_API_TOKEN={{ traefik_cobblgbt_key }}

27
collections/ansible_collections/adhdgirl/minilab/roles/traefik/templates/middlewares.yaml.j2 Normal file
View file

@ -0,0 +1,27 @@
---
http:
middlewares:
redirect:
redirectScheme:
scheme: https
corsAll:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
accessControlAllowHeaders:
- "*"
accessControlAllowOriginList:
- "*"
accessControlMaxAge: 100
addVaryHeader: true
known-ips:
ipallowlist:
sourcerange:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/24
dashboard-auth:
basicauth:
users: "admin:{{ traefik_dashboard_basicauth }}"

29
collections/ansible_collections/adhdgirl/minilab/roles/traefik/templates/services.yaml.j2 Normal file
View file

@ -0,0 +1,29 @@
---
http:
serversTransports:
insecureTransport:
insecureSkipVerify: true
services:
proxmox:
loadBalancer:
passHostHeader: true
servers:
- url: "http://{{ traefik_pve_address }}:9000"
home-assistant:
loadBalancer:
servers:
- url: "http://{{ traefik_home_assistant_address }}:8123"
coder:
loadBalancer:
servers:
- url: "http://{{ traefik_code_address }}:8443"
truenas:
loadBalancer:
serversTransport: insecureTransport
servers:
- url: "https://{{ traefik_truenas_address }}:443"
frigate:
loadBalancer:
serversTransport: insecureTransport
servers:
- url: "https://{{ traefik_frigate_address }}:8971"

29
collections/ansible_collections/adhdgirl/minilab/roles/traefik/templates/traefik-compose.j2 Normal file
View file

@ -0,0 +1,29 @@
---
services:
traefik:
image: traefik:v3.7
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- traefik
ports:
- "80:80"
- "443:443"
env_file:
- path: /opt/traefik/cloudflare.env
required: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /opt/traefik/dynamic:/dynamic:ro
- /opt/traefik/lets-encrypt:/lets-encrypt
- /opt/traefik/traefik.yaml:/traefik.yaml
command:
- "--configfile=/traefik.yaml"
labels:
- "traefik.enable=true"
networks:
traefik:
name: traefik

58
collections/ansible_collections/adhdgirl/minilab/roles/traefik/templates/traefik.yaml.j2 Normal file
View file

@ -0,0 +1,58 @@
---
log:
level: DEBUG
accessLog:
filters:
statusCodes:
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"
api:
dashboard: true
insecure: false
metrics:
prometheus: {}
providers:
docker:
watch: true
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
network: traefik
file:
directory: /dynamic
watch: true
redis:
endpoints:
- "nemetona.local.cobb.lgbt:6379"
username: traefik
password: {{ traefik_valkey_auth_pass }}
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
observability:
accessLogs: false
metrics: false
tracing: false
websecure:
address: :443
http:
tls: {}
certificatesResolvers:
letsEncrypt:
acme:
dnsChallenge:
provider: cloudflare
email: annika@adhdgirl.dev
storage: /lets-encrypt/acme.json
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory

30
collections/ansible_collections/adhdgirl/minilab/roles/traefik/vars/main.yaml Normal file
View file

@ -0,0 +1,30 @@
---
traefik_cobblgbt_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
32396232646666616261393537613662386165353765323763353739343232323363636331656338
3133323662636436326535323637633261313163366237300a383865393032326331336335636262
30646461653832323262373863646261333865613763356365666130636262636430616238643538
3039316461356630620a323536643638396164303965346465356563326131663939633236343532
61363338313435316334616462376433643732343936316437656165373961306438393665343265
3132636333313635633533353461333236666561363865653236
traefik_valkey_auth_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
61343838393634376266333639646239363362396133363238393830306561626362623734333464
6634346639363361353965386339396331363463323265390a646565366634326539356631393838
30613564383635303731316365366262333530313030303866656235643061623263623133346264
3561316334363561630a663234383633336161383439633538316162656462653833343731373366
61323038656631663236666265383031376561653535653062666262633939396431336632393537
37346263393637653933373263346362383634363461363966393831643035383061326330343035
61333462313933333533626432666634633835373733613365623937346438663866396666373038
64643333663565636530363138643465613333313034656437366333643762316239376633303431
32366335663865316366626231633237326633393334343130343738326265303861663333353637
34373136303933383236326133633035326530626430393762383337373531643761393166643933
616361656162353561636639363637636137
traefik_dashboard_basicauth: !vault |
$ANSIBLE_VAULT;1.1;AES256
34376233363435633734353965336332346335613234336565653633333265386634336335303135
6265613466353333623830653764366234343036393463310a356338306162633661363939653633
64376562363633626366663663666436393739323131323464613263613462323664323664666562
3835363566666537340a353262366536626335653034623236306162633031616533653065613638
37303063393365306332656565393661653563343461396264396538616539643236656163303431
6533646238316539363632383936646339303162636137316263

27
collections/ansible_collections/adhdgirl/minilab/roles/udpbroadcastrelay/tasks/main.yaml Normal file
View file

@ -0,0 +1,27 @@
---
- name: Load distro-specific variables
ansible.builtin.include_vars: "{{ item }}"
tags: always
with_first_found:
- files:
- "{{ ansible_facts['distribution'] }}.yaml"
skip: true
- name: Ensure udpbroadcastrelay is properly built for and installed
block:
- name: Get current version
ansible.builtin.shell:
cmd:
"git describe --tags --exact-match 2>/dev/null || git rev-parse --short
HEAD"
chdir: { { udpbroadcastrelay_code_dir } }
register: udpbroadcastrelay_current_version
changed_when: false
failed_when: false
- name: Fetch source from github
tags: packages,git,network
ansible.builtin.git:
repo: ""
dest: "/opt/udpbroadcastrelay"
version: "{{ udpbroadcastrelay_tag }}"
register:

49
collections/ansible_collections/adhdgirl/minilab/roles/valkey/tasks/main.yaml Normal file
View file

@ -0,0 +1,49 @@
---
- name: Load distro-specific variables
ansible.builtin.include_vars: "{{ item }}"
tags: always
with_first_found:
- files:
- "{{ ansible_facts['distribution'] }}.yaml"
skip: true
- name: Ensure Valkey is running on this device
block:
- name: Ensure presense of folders for Valkey
tags: packages,docker,valkey
ansible.builtin.file:
path: "/opt/valkey/{{ item }}"
state: directory
recurse: true
owner: 1000
group: 1000
loop:
- persist
- config
- name: Ensure compose file is available on the server
tags: docker,valkey,settings
ansible.builtin.template:
src: valkey-compose.j2
dest: /opt/valkey/docker-compose.yaml
owner: 1000
group: 1000
mode: u=rw,g=r,o=r
- name: Ensure environment file is available on the server
tags: docker,valkey,settings
ansible.builtin.template:
src: valkey_conf.j2
dest: /opt/valkey/config/valkey.conf
owner: 1000
group: 1000
mode: u=rw,g=,o=
- name: Ensure docker containers are pulled and running
tags: docker,valkey
community.docker.docker_compose_v2:
project_src: /opt/valkey
pull: policy
recreate: always
rescue:
- name: Set that this task failed # noqa: var-naming[no-role-prefix]
ansible.builtin.set_fact:
task_failed: true

15
collections/ansible_collections/adhdgirl/minilab/roles/valkey/templates/valkey-compose.j2 Normal file
View file

@ -0,0 +1,15 @@
---
services:
valkey:
image: valkey/valkey:9.1.0
container_name: valkey
restart: unless-stopped
user: 1000:1000
ports:
- "6379:6379"
volumes:
- /opt/valkey/persist:/data
- /opt/valkey/config:/usr/local/etc/valkey
command:
- "valkey-server"
- "/usr/local/etc/valkey/valkey.conf"

2
collections/ansible_collections/adhdgirl/minilab/roles/valkey/templates/valkey_conf.j2 Normal file
View file

@ -0,0 +1,2 @@
# Do config things
user traefik on +@all ~* &* >{{ valkey_traefik_auth_pass }}

14
collections/ansible_collections/adhdgirl/minilab/roles/valkey/vars/main.yaml Normal file
View file

@ -0,0 +1,14 @@
---
valkey_traefik_auth_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
61343838393634376266333639646239363362396133363238393830306561626362623734333464
6634346639363361353965386339396331363463323265390a646565366634326539356631393838
30613564383635303731316365366262333530313030303866656235643061623263623133346264
3561316334363561630a663234383633336161383439633538316162656462653833343731373366
61323038656631663236666265383031376561653535653062666262633939396431336632393537
37346263393637653933373263346362383634363461363966393831643035383061326330343035
61333462313933333533626432666634633835373733613365623937346438663866396666373038
64643333663565636530363138643465613333313034656437366333643762316239376633303431
32366335663865316366626231633237326633393334343130343738326265303861663333353637
34373136303933383236326133633035326530626430393762383337373531643761393166643933
616361656162353561636639363637636137

16
inventory/hosts.yaml
View file

@ -5,10 +5,6 @@ all:
ansible_host: 10.69.10.10
adguardpi:
ansible_host: 10.69.10.11
# maxim:
# ansible_host: 10.69.10.50
# pump:
# ansible_host: 10.69.10.51
fifi:
ansible_host: 10.69.10.100
knivi:
@ -27,6 +23,12 @@ all:
ansible_host: 10.69.10.51
emosen:
ansible_host: 10.69.10.54
pve:
ansible_host: 10.69.1.7
home_assistant:
ansible_host: 10.69.10.199
mors:
ansible_host: 10.69.10.30
children:
alpine:
hosts:
@ -38,26 +40,20 @@ all:
debian:
hosts:
adguardpi:
# maxim:
# pump:
fifi:
knivi:
reir:
# trady:
curren:
docker:
hosts:
adguard:
adguardpi:
# pump:
# trady:
stephanie:
nemetona:
curren:
ida:
unifi_controller:
hosts:
# pump:
adguard_servers:
hosts:
adguard:

6
minilab.yaml
View file

@ -49,11 +49,12 @@
- adhdgirl.minilab.coder
- name: Configure nemetona
hosts: nemetona
tags: docker,authentik,caddy
tags: docker,authentik,caddy,ntfy
become: true
roles:
- adhdgirl.minilab.traefik
- adhdgirl.minilab.authentik
- adhdgirl.minilab.caddy
# - adhdgirl.minilab.caddy
- adhdgirl.minilab.arr
- adhdgirl.minilab.ntfy
- adhdgirl.minilab.cloudflared
@ -61,6 +62,7 @@
- adhdgirl.minilab.immich
- adhdgirl.minilab.readeck
- adhdgirl.minilab.calibre
- adhdgirl.minilab.valkey
- name: Configure frigate
hosts: curren
tags: docker,frigate