Stocks

2024-10-12 20:48:09 +01:00
parent 2e868a6015
commit c487d5cec4
22 changed files with 173 additions and 57 deletions
@@ -348,3 +348,43 @@ outline_oidc_client_secret: !vault |
          64313137366365356138646465353737393437383666313237633931323363643165653535323632
          38363636306436663033353636353966353861333665343739383665373932616464313136363536
          626161313635316364666462646563313636
+
+ghostfolio_redis_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32396532363432653261333937366434396564643237663432383464653337396439373532346230
+          3531323930356139646537383765336533363939643836370a613162643862663536333630383530
+          30313330393439666538363361373962616231353839326237376363313134643933663465613135
+          3664363834623538330a313334656366653735373263623330333738663264613733353966653664
+          39326133383663323534643534393664393161376264323439623065633064306566656534353537
+          66383534353936323630656332323637656539326430626534623762646334323332396462633066
+          626431336435363264663965636463323832
+
+ghostfolio_postgres_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          66666338343830336235303530663133623435313933666432303938396333363333366261636238
+          3664323432653364333833336465393936386239303537660a343332343566373436346639313034
+          32353439313764376230333138643336663933633139373166323439353365633835323464303832
+          3135303338356534330a663237303561633263333763633634613933326337646135616630393461
+          65326139666138663133636634366436333461313430323639313165366432666539373136663366
+          65323763353639393262643138366565396232623633336539616136656536653963313139386236
+          626435396261393961303036653435366139
+
+ghostfolio_token_salt: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64346334626434336666643263636566393261393732626431346636326663663939366166323231
+          6661636230616136346363363935666263393964323035320a636337383839383363346431656362
+          30303739326439663132396164333266323264326633363733653430616133656566386664623162
+          6662313236376563330a383137643130353335393137633730623030393030303061343139343166
+          38353363336435353638616330626531333363633632376563316531613939306666656164333066
+          37373634386266323730316333393262653631383035303337366264353265623630303666366331
+          646237333736346138666663626164316239
+
+ghostfolio_jwt: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          33346639313831613566373961356466343336396339366233633333613961353565383661376137
+          6535336132396366623761373330643935356565386138630a363131633430356239353434386363
+          61383666313065663365363932616261303063336236326333643364313361623632636364343330
+          6439373562333535610a363465623465333166336332316134383630646234333766653030346663
+          39653234323065663539333661383230363339306566363836636239363036656231616130313930
+          38393132626531386631633536333633653866626364376134613862623338653664336563653031
+          643433306266643631353535336639343231
@@ -1,7 +1,7 @@
 ---

 ansible_user: root
-ansible_host: 10.0.2.2
+ansible_host: 10.0.2.8
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.2

@@ -20,11 +20,11 @@ outline
 nginx-proxy-manager
 upsnap
 geoguessr
-n8n
+ghostfolio

 [baremetal]
 mipha
-epona
+purah
 revali
 yuga
 impa
@@ -0,0 +1,27 @@
+---
+# - hosts: localhost
+#   become: yes
+#   roles:
+#     - role: ghostfolio/provision/delete
+#       vars:
+#         vmid: 640
+#     - role: ghostfolio/provision/create
+#       vars:
+#         vmid: 640
+#     - role: ghostfolio/provision/start
+#       vars:
+#         vmid: 640
+
+- hosts: purah
+  become: yes
+  roles:
+    - role: ghostfolio/enable-ssh
+      vars:
+        vmid: 640
+
+- hosts: ghostfolio
+  become: yes
+  roles:
+    - role: ghostfolio/update
+    - role: ghostfolio/install-docker
+    - role: ghostfolio/install-app
@@ -1,27 +0,0 @@
---
- hosts: localhost
-  become: yes
-  roles:
-    - role: n8n/provision/delete
-      vars:
-        vmid: 640
-    - role: n8n/provision/create
-      vars:
-        vmid: 640
-    - role: n8n/provision/start
-      vars:
-        vmid: 640
-
- hosts: impa
-  become: yes
-  roles:
-    - role: n8n/enable-ssh
-      vars:
-        vmid: 640
-
- hosts: n8n
-  become: yes
-  roles:
-    - role: n8n/update
-    - role: n8n/install-docker
-    - role: n8n/install-app
@@ -8,7 +8,7 @@
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: geoguessr
-    ostemplate: "local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst"
+    ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.39/21,\
@@ -0,0 +1,16 @@
+COMPOSE_PROJECT_NAME=ghostfolio
+
+# CACHE
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD={{ ghostfolio_redis_pass }}
+
+# POSTGRES
+POSTGRES_DB=ghostfolio-db
+POSTGRES_USER=ghostfolio
+POSTGRES_PASSWORD={{ ghostfolio_postgres_pass }}
+
+# VARIOUS
+ACCESS_TOKEN_SALT={{ ghostfolio_token_salt }}
+DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer
+JWT_SECRET_KEY={{ ghostfolio_jwt }}
@@ -0,0 +1,64 @@
+services:
+  ghostfolio:
+    image: docker.io/ghostfolio/ghostfolio:latest
+    init: true
+    cap_drop:
+      - ALL
+    security_opt:
+      - no-new-privileges:true
+    env_file:
+      - .env
+    environment:
+      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer
+      REDIS_HOST: redis
+      REDIS_PASSWORD: ${REDIS_PASSWORD}
+    ports:
+      - 3333:3333
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    healthcheck:
+      test: ['CMD-SHELL', 'curl -f http://localhost:3333/api/v1/health']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  postgres:
+    image: docker.io/library/postgres:15
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_READ_SEARCH
+      - FOWNER
+      - SETGID
+      - SETUID
+    security_opt:
+      - no-new-privileges:true
+    env_file:
+      - .env
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    volumes:
+      - /data/postgres:/var/lib/postgresql/data
+
+  redis:
+    image: docker.io/library/redis:alpine
+    user: '999:1000'
+    cap_drop:
+      - ALL
+    security_opt:
+      - no-new-privileges:true
+    env_file:
+      - .env
+    command: ['redis-server', '--requirepass', $REDIS_PASSWORD]
+    healthcheck:
+      test: ['CMD-SHELL', 'redis-cli --pass $REDIS_PASSWORD ping | grep PONG']
+      interval: 10s
+      timeout: 5s
+      retries: 5
@@ -2,13 +2,13 @@
 - name: Create container
  community.general.proxmox:
    vmid: 640
-    node: impa
+    node: purah
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
-    hostname: n8n
-    ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst"
+    hostname: ghostfolio
+    ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.40/21,\
@@ -24,7 +24,7 @@
      - nesting=1
      - keyctl=1
    mounts: '{
-      "mp0":"ssd250:2,mp=/data,backup=1"
+      "mp0":"purah-mirror-860gb:10,mp=/data,backup=1"
      }'
-    disk: ssd250:10
+    disk: purah-mirror-860gb:20
    force: yes
@@ -8,7 +8,7 @@
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: immich
-    ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst"
+    ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.18/21,\
@@ -1 +0,0 @@
-WEBHOOK_URL=https://n8n.lino.cooking/
@@ -1,12 +0,0 @@
-version: "3"
-services:
-  n8n:
-    container_name: n8n
-    image: docker.n8n.io/n8nio/n8n
-    restart: always
-    env_file:
-      - .env
-    ports:
-      - 5678:5678
-    volumes:
-      - /data/n8n:/home/node/.n8n 
@@ -8,7 +8,7 @@
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: nginx-proxy-manager
-    ostemplate: "local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst"
+    ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.37/21,\
@@ -7,7 +7,7 @@ server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

-    server_name n8n.*;
+    server_name stocks.*;

    include /config/nginx/ssl.conf;

@@ -17,7 +17,7 @@ server {
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
-    # include /config/nginx/authelia-server.conf;
+    include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;
@@ -31,7 +31,7 @@ server {
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
-        # include /config/nginx/authelia-location.conf;
+        include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;
@@ -39,9 +39,18 @@ server {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 10.0.2.40;
-        set $upstream_port 5678;
+        set $upstream_port 3333;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
+
+    location ~ (/stocks)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app 10.0.2.40;
+        set $upstream_port 3333;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
 }
@@ -8,7 +8,7 @@
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: upsnap
-    ostemplate: "local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst"
+    ostemplate: "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.38/21,\