diff --git a/inventory/my-cluster/group_vars/all.yml b/inventory/my-cluster/group_vars/all.yml index 3de3ae8..28b90bc 100644 --- a/inventory/my-cluster/group_vars/all.yml +++ b/inventory/my-cluster/group_vars/all.yml @@ -348,3 +348,43 @@ outline_oidc_client_secret: !vault | 64313137366365356138646465353737393437383666313237633931323363643165653535323632 38363636306436663033353636353966353861333665343739383665373932616464313136363536 626161313635316364666462646563313636 + +ghostfolio_redis_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32396532363432653261333937366434396564643237663432383464653337396439373532346230 + 3531323930356139646537383765336533363939643836370a613162643862663536333630383530 + 30313330393439666538363361373962616231353839326237376363313134643933663465613135 + 3664363834623538330a313334656366653735373263623330333738663264613733353966653664 + 39326133383663323534643534393664393161376264323439623065633064306566656534353537 + 66383534353936323630656332323637656539326430626534623762646334323332396462633066 + 626431336435363264663965636463323832 + +ghostfolio_postgres_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 66666338343830336235303530663133623435313933666432303938396333363333366261636238 + 3664323432653364333833336465393936386239303537660a343332343566373436346639313034 + 32353439313764376230333138643336663933633139373166323439353365633835323464303832 + 3135303338356534330a663237303561633263333763633634613933326337646135616630393461 + 65326139666138663133636634366436333461313430323639313165366432666539373136663366 + 65323763353639393262643138366565396232623633336539616136656536653963313139386236 + 626435396261393961303036653435366139 + +ghostfolio_token_salt: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64346334626434336666643263636566393261393732626431346636326663663939366166323231 + 6661636230616136346363363935666263393964323035320a636337383839383363346431656362 + 30303739326439663132396164333266323264326633363733653430616133656566386664623162 + 6662313236376563330a383137643130353335393137633730623030393030303061343139343166 + 38353363336435353638616330626531333363633632376563316531613939306666656164333066 + 37373634386266323730316333393262653631383035303337366264353265623630303666366331 + 646237333736346138666663626164316239 + +ghostfolio_jwt: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33346639313831613566373961356466343336396339366233633333613961353565383661376137 + 6535336132396366623761373330643935356565386138630a363131633430356239353434386363 + 61383666313065663365363932616261303063336236326333643364313361623632636364343330 + 6439373562333535610a363465623465333166336332316134383630646234333766653030346663 + 39653234323065663539333661383230363339306566363836636239363036656231616130313930 + 38393132626531386631633536333633653866626364376134613862623338653664336563653031 + 643433306266643631353535336639343231 diff --git a/inventory/my-cluster/host_vars/n8n b/inventory/my-cluster/host_vars/ghostfolio similarity index 100% rename from inventory/my-cluster/host_vars/n8n rename to inventory/my-cluster/host_vars/ghostfolio diff --git a/inventory/my-cluster/host_vars/epona b/inventory/my-cluster/host_vars/purah similarity index 87% rename from inventory/my-cluster/host_vars/epona rename to inventory/my-cluster/host_vars/purah index 3dab0bc..2ffafb9 100644 --- a/inventory/my-cluster/host_vars/epona +++ b/inventory/my-cluster/host_vars/purah @@ -1,7 +1,7 @@ --- ansible_user: root -ansible_host: 10.0.2.2 +ansible_host: 10.0.2.8 ansible_ssh_pass: "{{ proxmox_api_password }}" ip_addr: 10.0.2.2 diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index 0768d4f..ae20805 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -20,11 +20,11 @@ outline nginx-proxy-manager upsnap geoguessr -n8n +ghostfolio [baremetal] mipha -epona +purah revali yuga impa diff --git a/playbook-ghostfolio.yml b/playbook-ghostfolio.yml new file mode 100644 index 0000000..59f9787 --- /dev/null +++ b/playbook-ghostfolio.yml @@ -0,0 +1,27 @@ +--- +# - hosts: localhost +# become: yes +# roles: +# - role: ghostfolio/provision/delete +# vars: +# vmid: 640 +# - role: ghostfolio/provision/create +# vars: +# vmid: 640 +# - role: ghostfolio/provision/start +# vars: +# vmid: 640 + +- hosts: purah + become: yes + roles: + - role: ghostfolio/enable-ssh + vars: + vmid: 640 + +- hosts: ghostfolio + become: yes + roles: + - role: ghostfolio/update + - role: ghostfolio/install-docker + - role: ghostfolio/install-app diff --git a/playbook-n8n.yml b/playbook-n8n.yml deleted file mode 100644 index e67e0a6..0000000 --- a/playbook-n8n.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- hosts: localhost - become: yes - roles: - - role: n8n/provision/delete - vars: - vmid: 640 - - role: n8n/provision/create - vars: - vmid: 640 - - role: n8n/provision/start - vars: - vmid: 640 - -- hosts: impa - become: yes - roles: - - role: n8n/enable-ssh - vars: - vmid: 640 - -- hosts: n8n - become: yes - roles: - - role: n8n/update - - role: n8n/install-docker - - role: n8n/install-app diff --git a/roles/geoguessr/provision/create/tasks/main.yml b/roles/geoguessr/provision/create/tasks/main.yml index dab9e76..7efb9d9 100644 --- a/roles/geoguessr/provision/create/tasks/main.yml +++ b/roles/geoguessr/provision/create/tasks/main.yml @@ -8,7 +8,7 @@ api_host: 10.0.2.2 password: "{{ lxc_password }}" hostname: geoguessr - ostemplate: "local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst" + ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" netif: "{'net0':'name=eth0,\ gw=10.0.0.1,\ ip=10.0.2.39/21,\ diff --git a/roles/n8n/enable-ssh/tasks/main.yml b/roles/ghostfolio/enable-ssh/tasks/main.yml similarity index 100% rename from roles/n8n/enable-ssh/tasks/main.yml rename to roles/ghostfolio/enable-ssh/tasks/main.yml diff --git a/roles/n8n/install-app/tasks/main.yml b/roles/ghostfolio/install-app/tasks/main.yml similarity index 100% rename from roles/n8n/install-app/tasks/main.yml rename to roles/ghostfolio/install-app/tasks/main.yml diff --git a/roles/ghostfolio/install-app/templates/.env b/roles/ghostfolio/install-app/templates/.env new file mode 100644 index 0000000..548bba0 --- /dev/null +++ b/roles/ghostfolio/install-app/templates/.env @@ -0,0 +1,16 @@ +COMPOSE_PROJECT_NAME=ghostfolio + +# CACHE +REDIS_HOST=localhost +REDIS_PORT=6379 +REDIS_PASSWORD={{ ghostfolio_redis_pass }} + +# POSTGRES +POSTGRES_DB=ghostfolio-db +POSTGRES_USER=ghostfolio +POSTGRES_PASSWORD={{ ghostfolio_postgres_pass }} + +# VARIOUS +ACCESS_TOKEN_SALT={{ ghostfolio_token_salt }} +DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer +JWT_SECRET_KEY={{ ghostfolio_jwt }} \ No newline at end of file diff --git a/roles/ghostfolio/install-app/templates/docker-compose.yml b/roles/ghostfolio/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..57268a6 --- /dev/null +++ b/roles/ghostfolio/install-app/templates/docker-compose.yml @@ -0,0 +1,64 @@ +services: + ghostfolio: + image: docker.io/ghostfolio/ghostfolio:latest + init: true + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + env_file: + - .env + environment: + DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer + REDIS_HOST: redis + REDIS_PASSWORD: ${REDIS_PASSWORD} + ports: + - 3333:3333 + depends_on: + postgres: + condition: service_healthy + redis: + condition: service_healthy + healthcheck: + test: ['CMD-SHELL', 'curl -f http://localhost:3333/api/v1/health'] + interval: 10s + timeout: 5s + retries: 5 + + postgres: + image: docker.io/library/postgres:15 + cap_drop: + - ALL + cap_add: + - CHOWN + - DAC_READ_SEARCH + - FOWNER + - SETGID + - SETUID + security_opt: + - no-new-privileges:true + env_file: + - .env + healthcheck: + test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}'] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - /data/postgres:/var/lib/postgresql/data + + redis: + image: docker.io/library/redis:alpine + user: '999:1000' + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + env_file: + - .env + command: ['redis-server', '--requirepass', $REDIS_PASSWORD] + healthcheck: + test: ['CMD-SHELL', 'redis-cli --pass $REDIS_PASSWORD ping | grep PONG'] + interval: 10s + timeout: 5s + retries: 5 diff --git a/roles/n8n/install-docker/tasks/main.yml b/roles/ghostfolio/install-docker/tasks/main.yml similarity index 100% rename from roles/n8n/install-docker/tasks/main.yml rename to roles/ghostfolio/install-docker/tasks/main.yml diff --git a/roles/n8n/provision/create/tasks/main.yml b/roles/ghostfolio/provision/create/tasks/main.yml similarity index 73% rename from roles/n8n/provision/create/tasks/main.yml rename to roles/ghostfolio/provision/create/tasks/main.yml index 7aa6226..31a88b2 100644 --- a/roles/n8n/provision/create/tasks/main.yml +++ b/roles/ghostfolio/provision/create/tasks/main.yml @@ -2,13 +2,13 @@ - name: Create container community.general.proxmox: vmid: 640 - node: impa + node: purah api_user: root@pam api_password: "{{ proxmox_api_password }}" api_host: 10.0.2.2 password: "{{ lxc_password }}" - hostname: n8n - ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst" + hostname: ghostfolio + ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" netif: "{'net0':'name=eth0,\ gw=10.0.0.1,\ ip=10.0.2.40/21,\ @@ -24,7 +24,7 @@ - nesting=1 - keyctl=1 mounts: '{ - "mp0":"ssd250:2,mp=/data,backup=1" + "mp0":"purah-mirror-860gb:10,mp=/data,backup=1" }' - disk: ssd250:10 + disk: purah-mirror-860gb:20 force: yes diff --git a/roles/n8n/provision/delete/tasks/main.yml b/roles/ghostfolio/provision/delete/tasks/main.yml similarity index 100% rename from roles/n8n/provision/delete/tasks/main.yml rename to roles/ghostfolio/provision/delete/tasks/main.yml diff --git a/roles/n8n/provision/start/tasks/main.yml b/roles/ghostfolio/provision/start/tasks/main.yml similarity index 100% rename from roles/n8n/provision/start/tasks/main.yml rename to roles/ghostfolio/provision/start/tasks/main.yml diff --git a/roles/n8n/update/tasks/main.yml b/roles/ghostfolio/update/tasks/main.yml similarity index 100% rename from roles/n8n/update/tasks/main.yml rename to roles/ghostfolio/update/tasks/main.yml diff --git a/roles/immich/provision/create/tasks/main.yml b/roles/immich/provision/create/tasks/main.yml index a982b76..37c77ca 100644 --- a/roles/immich/provision/create/tasks/main.yml +++ b/roles/immich/provision/create/tasks/main.yml @@ -8,7 +8,7 @@ api_host: 10.0.2.2 password: "{{ lxc_password }}" hostname: immich - ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst" + ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" netif: "{'net0':'name=eth0,\ gw=10.0.0.1,\ ip=10.0.2.18/21,\ diff --git a/roles/n8n/install-app/templates/.env b/roles/n8n/install-app/templates/.env deleted file mode 100644 index c96d5d0..0000000 --- a/roles/n8n/install-app/templates/.env +++ /dev/null @@ -1 +0,0 @@ -WEBHOOK_URL=https://n8n.lino.cooking/ \ No newline at end of file diff --git a/roles/n8n/install-app/templates/docker-compose.yml b/roles/n8n/install-app/templates/docker-compose.yml deleted file mode 100644 index c380e22..0000000 --- a/roles/n8n/install-app/templates/docker-compose.yml +++ /dev/null @@ -1,12 +0,0 @@ -version: "3" -services: - n8n: - container_name: n8n - image: docker.n8n.io/n8nio/n8n - restart: always - env_file: - - .env - ports: - - 5678:5678 - volumes: - - /data/n8n:/home/node/.n8n \ No newline at end of file diff --git a/roles/nginx-proxy-manager/provision/create/tasks/main.yml b/roles/nginx-proxy-manager/provision/create/tasks/main.yml index 08f7a41..5c71205 100644 --- a/roles/nginx-proxy-manager/provision/create/tasks/main.yml +++ b/roles/nginx-proxy-manager/provision/create/tasks/main.yml @@ -8,7 +8,7 @@ api_host: 10.0.2.2 password: "{{ lxc_password }}" hostname: nginx-proxy-manager - ostemplate: "local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst" + ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" netif: "{'net0':'name=eth0,\ gw=10.0.0.1,\ ip=10.0.2.37/21,\ diff --git a/roles/swag/install-app/templates/n8n.subdomain.conf b/roles/swag/install-app/templates/stocks.subdomain.conf similarity index 73% rename from roles/swag/install-app/templates/n8n.subdomain.conf rename to roles/swag/install-app/templates/stocks.subdomain.conf index 501f05b..1d7c42b 100755 --- a/roles/swag/install-app/templates/n8n.subdomain.conf +++ b/roles/swag/install-app/templates/stocks.subdomain.conf @@ -7,7 +7,7 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name n8n.*; + server_name stocks.*; include /config/nginx/ssl.conf; @@ -17,7 +17,7 @@ server { #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) - # include /config/nginx/authelia-server.conf; + include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; @@ -31,7 +31,7 @@ server { #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) - # include /config/nginx/authelia-location.conf; + include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; @@ -39,9 +39,18 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 10.0.2.40; - set $upstream_port 5678; + set $upstream_port 3333; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } -} \ No newline at end of file + + location ~ (/stocks)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.40; + set $upstream_port 3333; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/roles/upsnap/provision/create/tasks/main.yml b/roles/upsnap/provision/create/tasks/main.yml index a7b1356..5ec0cb3 100644 --- a/roles/upsnap/provision/create/tasks/main.yml +++ b/roles/upsnap/provision/create/tasks/main.yml @@ -8,7 +8,7 @@ api_host: 10.0.2.2 password: "{{ lxc_password }}" hostname: upsnap - ostemplate: "local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst" + ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" netif: "{'net0':'name=eth0,\ gw=10.0.0.1,\ ip=10.0.2.38/21,\