lino/k3s-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Add swag container

Browse Source
This commit is contained in:
Lino Silva
2023-03-20 14:56:20 +00:00
parent fbd6e53083
commit cfecd0afd8
37 changed files with 1564 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
inventory/my-cluster/group_vars/all.yml
+11
View File
@@ -81,3 +81,14 @@ cloudflare_api_key: !vault |
6631393564333230370a303634643030346166383235643666356164393232643832333238313664 6631393564333230370a303634643030346166383235643666356164393232643832333238313664
38346161306138653735303861646638653830633938326566663136393862643264353437623963 38346161306138653735303861646638653830633938326566663136393862643264353437623963
3462616435653132623563316231343739333761653365333437 3462616435653132623563316231343739333761653365333437
dns_cloudflare_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
61306235353261303235646331356666643339393164333762303730646563646633626466306436
6565303031366262303161323536323236613861373536330a346564306238633461363765623030
33343566363163623532386463616431313865316563616162336633353162316134363266363263
6331353838343662380a303565643337653164613637323131363037613861306535326538333030
64313165343933343535623731393536396332613336316239363764653565346535666531656433
6131646439656638323561643264613834356662363332323835
dns_cloudflare_email: cloudflare@lino.cooking
inventory/my-cluster/host_vars/swag
+5
View File
@@ -0,0 +1,5 @@
---
ansible_user: root
ansible_host: 10.0.2.15
ansible_ssh_pass: "{{ proxmox_api_password }}"
inventory/my-cluster/hosts.ini
+13 -10
View File
@@ -1,3 +1,5 @@
frigate
[master] [master]
mipha mipha
epona epona
@@ -5,17 +7,14 @@ yuga
[node] [node]
revali revali
daruk ; daruk
tingle ; tingle
impa ; impa
[k3s_cluster:children] [k3s_cluster:children]
master master
node node
[lxc]
frigate
[lxc:children] [lxc:children]
k3s_cluster k3s_cluster
@@ -23,7 +22,7 @@ k3s_cluster
mipha mipha
epona epona
revali revali
daruk ; daruk
yuga yuga
[pihole] [pihole]
@@ -31,6 +30,10 @@ epona-pihole
revali-pihole revali-pihole
urbosa-pihole urbosa-pihole
[raspi] ; [raspi]
tingle ; tingle
impa ; impa
[ingress]
swag
authelia
playbook-swag.yml
+19
View File
@@ -0,0 +1,19 @@
---
- hosts: localhost
become: yes
roles:
- role: swag/provision/delete
- role: swag/provision/create
- role: swag/provision/start
- hosts: mipha
become: yes
roles:
- role: swag/provision/enable-ssh
- hosts: swag
become: yes
roles:
- role: swag/update
- role: swag/install-docker
- role: swag/install-app
roles/swag/install-app/tasks/main.yml
+57
View File
@@ -0,0 +1,57 @@
---
- name: Create directory for docker-compose
ansible.builtin.file:
path: /root/docker/swag/
state: directory
mode: "0755"
- name: Copy docker-compose file
template:
src: "docker-compose.yml"
dest: /root/docker/swag/docker-compose.yml
owner: root
group: root
mode: 0755
- name: Run docker-compose
ansible.builtin.shell:
args:
cmd: docker compose up -d
chdir: /root/docker/swag/
- name: Wait for config folder to be created
wait_for:
path: "/data/config/dns-conf/"
delay: 10
timeout: 30
state: present
- name: Copy cloudflare.ini
template:
src: "cloudflare.ini"
dest: /data/config/dns-conf/cloudflare.ini
owner: root
group: root
mode: 0755
- name: Copy proxy confs
copy:
src: "{{ item }}"
dest: /data/config/nginx/proxy-confs/
owner: root
group: root
mode: 0755
with_fileglob:
- "templates/*.conf"
- name: Stop swag
ansible.builtin.shell:
args:
cmd: docker compose down
chdir: /root/docker/swag/
- name: Start swag
ansible.builtin.shell:
args:
cmd: docker compose up -d
chdir: /root/docker/swag/
roles/swag/install-app/templates/authelia.subdomain.conf
+39
View File
@@ -0,0 +1,39 @@
## Version 2023/02/12
# make sure that your authelia container is named authelia
# make sure that your dns has a cname set for authelia
# the default authelia-server and authelia-location confs included with swag rely on
# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary.
# But if you'd like to use authelia via subdomain, you can enable this proxy and set
# the $authelia_backed variable in the authelia-server.conf.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name authelia.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app authelia;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/authelia)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app authelia;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/bazarr.subdomain.conf
+56
View File
@@ -0,0 +1,56 @@
## Version 2023/02/05
# make sure that your bazarr container is named bazarr
# make sure that your dns has a cname set for bazarr
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bazarr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bazarr;
set $upstream_port 6767;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bazarr)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bazarr;
set $upstream_port 6767;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/changedetection.subdomain.conf
+46
View File
@@ -0,0 +1,46 @@
## Version 2023/02/05
# make sure that your changedetection container is named changedetection
# make sure that your dns has a cname set for changedetection
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name changedetection.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app changedetection;
set $upstream_port 5000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/cloud.subdomain.conf
+38
View File
@@ -0,0 +1,38 @@
## Version 2023/02/05
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => ['swag'],
# 'overwrite.cli.url' => 'https://nextcloud.example.com/',
# 'overwritehost' => 'nextcloud.example.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.example.com',
# ),
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cloud.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nextcloud;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options;
proxy_max_temp_file_size 2048m;
}
}
roles/swag/install-app/templates/cloudflare.ini
+2
View File
@@ -0,0 +1,2 @@
dns_cloudflare_email = {{ dns_cloudflare_email }}
dns_cloudflare_api_key = {{ dns_cloudflare_api_key }}
roles/swag/install-app/templates/dashboard.subdomain.conf
+112
View File
@@ -0,0 +1,112 @@
## Version 2022/03/19
# Make sure that your dns has a cname set for dashboard
server {
listen 81;
server_name _;
root /dashboard/www;
index index.php;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
try_files $uri $uri/ /index.php?$args =404;
}
location ~ \.php$ {
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name dashboard.*;
root /dashboard/www;
index index.php;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
try_files $uri $uri/ /index.php?$args =404;
}
location ~ \.php$ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
roles/swag/install-app/templates/docker-compose.yml
+32
View File
@@ -0,0 +1,32 @@
version: "3.1"
services:
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Lisbon
- URL=lino.cooking
- SUBDOMAINS=wildcard
- VALIDATION=dns
- DNSPLUGIN=cloudflare
- CERTPROVIDER=letsencrypt
- EMAIL=okulto+swag@gmail.com
- ONLY_SUBDOMAINS=false
- MAXMINDDB_LICENSE_KEY=5sfHzlxz9pXsvrlz
- DOCKER_MODS=linuxserver/mods:swag-dashboard
volumes:
- /data/config:/config
ports:
- 443:443
- 80:80
restart: unless-stopped
networks:
- reverse-proxy
networks:
reverse-proxy:
external: true
roles/swag/install-app/templates/frigate.subdomain.conf
Executable
+42
View File
@@ -0,0 +1,42 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name frigate.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 10.0.2.14;
set $upstream_port 5000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/gitea.subdomain.conf
+51
View File
@@ -0,0 +1,51 @@
## Version 2023/02/05
# make sure that your gitea container is named gitea
# make sure that your dns has a cname set for gitea
# edit the following parameters in /data/gitea/conf/app.ini
# [server]
# SSH_DOMAIN = gitea.server.com
# ROOT_URL = https://gitea.server.com/
# DOMAIN = gitea.server.com
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gitea.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gitea;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/homeassistant.subdomain.conf
+64
View File
@@ -0,0 +1,64 @@
## Version 2023/02/05
# make sure that your homeassistant container is named homeassistant
# make sure that your dns has a cname set for homeassistant
# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml
# https://www.home-assistant.io/integrations/http/#trusted_proxies
# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults.
#
# http:
# use_x_forwarded_for: true
# trusted_proxies:
# - 172.16.0.0/12
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name homeassistant.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 10.0.2.100;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^/(api|local|media)/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 10.0.2.100;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/immich.subdomain.conf
Executable
+42
View File
@@ -0,0 +1,42 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name immich.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app immich_proxy;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/lidarr.subdomain.conf
+56
View File
@@ -0,0 +1,56 @@
## Version 2023/02/05
# make sure that your lidarr container is named lidarr
# make sure that your dns has a cname set for lidarr
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name lidarr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app lidarr;
set $upstream_port 8686;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/lidarr)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app lidarr;
set $upstream_port 8686;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/mealie.subdomain.conf
+45
View File
@@ -0,0 +1,45 @@
## Version 2023/02/05
# Ensure your DNS has a CNAME set for mealie and that mealie container is named.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name recipes.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app mealie;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/metube.subdomain.conf
+46
View File
@@ -0,0 +1,46 @@
## Version 2023/02/05
# make sure that your metube container is named metube
# make sure that your dns has a cname set for metube
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name yt.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app metube;
set $upstream_port 8081;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/minio.subdomain.conf
Executable
+42
View File
@@ -0,0 +1,42 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name minio.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app minio;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/overseerr.subdomain.conf
+56
View File
@@ -0,0 +1,56 @@
## Version 2023/02/12
# make sure that your overseerr container is named overseerr
# make sure that your dns has a cname set for overseerr
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name overseerr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app overseerr;
set $upstream_port 5055;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/overseerr)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app overseerr;
set $upstream_port 5055;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/paperless.subdomain.conf
+45
View File
@@ -0,0 +1,45 @@
## Version 2023/02/05
# Ensure your DNS has a CNAME set for mealie and that mealie container is named.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name paperless.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app paperless-app;
set $upstream_port 8000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/plex.subdomain.conf
+64
View File
@@ -0,0 +1,64 @@
## Version 2023/02/05
# make sure that your plex container is named plex
# make sure that your dns has a cname set for plex
# if plex is running in bridge mode and the container is named "plex", the below config should work as is
# if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex
# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
proxy_redirect off;
proxy_buffering off;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 10.0.2.10;
set $upstream_port 32400;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
}
}
roles/swag/install-app/templates/portainer.subdomain.conf
+58
View File
@@ -0,0 +1,58 @@
## Version 2023/02/12
# make sure that your portainer container is named portainer
# make sure that your dns has a cname set for portainer
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name portainer.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
location ~ (/portainer)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
}
roles/swag/install-app/templates/prowlarr.subdomain.conf
+54
View File
@@ -0,0 +1,54 @@
## Version 2023/02/05
# make sure that your prowlarr container is named prowlarr
# make sure that your dns has a cname set for prowlarr
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name prowlarr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/prowlarr)?(/[0-9]+)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/proxmox-backups.subdomain.conf
Executable
+42
View File
@@ -0,0 +1,42 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name proxmox-backup.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 10.0.2.102;
set $upstream_port 8007;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/proxmox.subdomain.conf
Executable
+42
View File
@@ -0,0 +1,42 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name proxmox.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 10.0.2.2;
set $upstream_port 8006;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/radarr.subdomain.conf
+56
View File
@@ -0,0 +1,56 @@
## Version 2023/02/05
# make sure that your radarr container is named radarr
# make sure that your dns has a cname set for radarr
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name radarr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app radarr;
set $upstream_port 7878;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/radarr)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app radarr;
set $upstream_port 7878;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/sonarr.subdomain.conf
+56
View File
@@ -0,0 +1,56 @@
## Version 2023/02/05
# make sure that your sonarr container is named sonarr
# make sure that your dns has a cname set for sonarr
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name sonarr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarr;
set $upstream_port 8989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/sonarr)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarr;
set $upstream_port 8989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/transmission.subdomain.conf
+66
View File
@@ -0,0 +1,66 @@
## Version 2023/02/05
# Make sure that DNS has a cname set for transmission
#
# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they
# rely on the HTTP Status Text to determine if they should add the
# X-Transmission-Session-Id header or not. HTTP/2 does not return this text
# so jQuery responses are empty. This causes RPCs to fail.
#
# If your extension is affected, you can remove http2 from the default server
# in /config/nginx/site-confs/default or listen on a different port that has
# no http2 servers defined. Better yet, submit a bug report with the
# extension developer to fix their extensions to support HTTP/2.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name transmission.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app transmission;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_pass_header X-Transmission-Session-Id;
}
location ~ (/transmission)?/rpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app transmission;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-app/templates/vaultwarden.subdomain.conf
+100
View File
@@ -0,0 +1,100 @@
## Version 2023/02/13
# make sure that your vaultwarden container is named vaultwarden
# make sure that your dns has a cname set for vaultwarden
# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name pwds.*;
include /config/nginx/ssl.conf;
client_max_body_size 128M;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/pwds)?/admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/pwds)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/pwds)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 3012;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/pwds)?/notifications/hub/negotiate {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
roles/swag/install-docker/tasks/main.yml
+31
View File
@@ -0,0 +1,31 @@
---
- name: Get convenience script
uri:
url: "https://get.docker.com"
method: GET
dest: /tmp/get-docker.sh
mode: a+x
creates: /tmp/get-docker.sh
- name: Execute script
ansible.builtin.shell: /tmp/get-docker.sh
- name: Ensure group "docker" exists
ansible.builtin.group:
name: docker
state: present
- name: Add root user to docker group
ansible.builtin.user:
name: root
groups: docker
append: yes
- name: Enable docker on startup
ansible.builtin.shell: |
systemctl enable docker.service
systemctl enable containerd.service
- name: Create reverse-proxy network
ansible.builtin.shell: |
docker network create reverse-proxy
roles/swag/provision/create/tasks/main.yml
+28
View File
@@ -0,0 +1,28 @@
---
- name: Create container
community.general.proxmox:
vmid: 606
node: mipha
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: 10.0.2.2
password: "{{ lxc_password }}"
hostname: swag
ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
netif: "{'net0':'name=eth0,\
gw=10.0.0.1,\
ip=10.0.2.15/21,\
hwaddr=cc:c6:cf:de:17:75,\
bridge=vmbr0'}"
cores: 1
memory: 6144
unprivileged: no
swap: 0
searchdomain: "home"
onboot: 1
mounts: '{"mp0":"local-lvm:5,mp=/data,backup=1"}'
features:
- nesting=1
- keyctl=1
disk: local-lvm:30
force: yes
roles/swag/provision/delete/tasks/main.yml
+26
View File
@@ -0,0 +1,26 @@
---
- name: Stop container
community.general.proxmox:
vmid: 606
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: 10.0.2.2
state: stopped
ignore_errors: true
timeout: 90
- name: Remove containers
community.general.proxmox:
vmid: 606
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: 10.0.2.2
state: absent
ignore_errors: true
timeout: 90
- name: Remove .ssh/known_hosts lines
ansible.builtin.lineinfile:
path: /Users/lino.silva/.ssh/known_hosts
state: absent
regexp: "^10.0.2.15"
roles/swag/provision/enable-ssh/tasks/main.yml
+8
View File
@@ -0,0 +1,8 @@
---
# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
- name: Allow SSH into LXC
ansible.builtin.command: lxc-attach -n 606 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
- name: Restart SSH Service
ansible.builtin.command: lxc-attach -n 606 service ssh restart
roles/swag/provision/start/tasks/main.yml
+8
View File
@@ -0,0 +1,8 @@
---
- name: Start deployments
community.general.proxmox:
vmid: 606
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: 10.0.2.2
state: started
roles/swag/update/tasks/main.yml
+6
View File
@@ -0,0 +1,6 @@
---
- name: Update all packages to their latest version
become: true
ansible.builtin.apt:
update_cache: yes
upgrade: full