adding jinja templates and adding encrypted files

3 years ago · 490f2662c1
parent 30501babc1
commit 490f2662c1
7 changed files with 101 additions and 28 deletions
--- a/roles/setup_hosted_services/defaults/main-vault.yml
+++ b/roles/setup_hosted_services/defaults/main-vault.yml
@ -0,0 +1,24 @@
+$ANSIBLE_VAULT;1.1;AES256
+34303937666432373666386464363363616138323364316661303139346439313734653936346661
+3132663235346134336538636365333733333631343237650a386439386338656164396563373639
+33326139656239373133636538643162323930306465626436376237393564303063333731383234
+3363663435623766320a646633643164313630653730643366366533666139626565346139353666
+38613363306531326237646663316131366363323437633436383536633262353365623434633432
+34346538333536343336303635373230323038326162646331666238383363336563353637303130
+38666566666534623837323136383165316135643034373134666265373839646165333663366662
+36636439313639623562663062316462643438303031663065333861626231623132643630353739
+37333735663065366432383139383265666161633466646661656163306635343732613835633165
+39326131333930313830306363343131653632613131613161333235363035663662373036323634
+61316366633666346638616262353234346232366132346266303433653665636136383463613630
+31393263373336376130326237663466653431366330646262363535653862373538366636356534
+66376163316532653038396332316366666136666430613734653535643038653163343838396464
+63616666656538376537653832393665356438316336323865323561303664303730303235326264
+35356338643763303864616238623733663163626633386634326539656433343839363136343865
+33343333623961343338656463386435643165616665313032646365376231646461626533633830
+31623736333863356630623964373565343633393030666161626164656666386163386662636666
+34326537303631393834306165613435616430613931343237383632316533306363303165366233
+30633361373863353366353861666665383562646236643666366336306332666261613462373861
+64353234346137333738336235326230353531613532636664393561393334623064333032323665
+31336134313439656362313166633364303639653866623162393362656661393563386434653134
+63616637656236663632633339613432323335316535663531633639343732306661626565356561
+323064636133396263656461336634336562
--- a/roles/setup_hosted_services/defaults/main.yml
+++ b/roles/setup_hosted_services/defaults/main.yml
@ -1,16 +1,16 @@
 ---
 docker_compose_directory: /etc/docker-compose
 services:
-  - name: gitea
-  - name: mealie
-  - name: linkding
-  - name: overseerr
-  - name: nextcloud
-  - name: dashboards
-  - name: nginx-proxy-manager
-  - name: plex
-  - name: uptime-kuma
-  - name: vpn-stack
+#  - name: gitea
+#  - name: mealie
+#  - name: linkding
+#  - name: overseerr
+#  - name: nextcloud
+#  - name: dashboards
+#  - name: nginx-proxy-manager
+#  - name: plex
+#  - name: uptime-kuma
+#  - name: vpn-stack
  - name: docker-volume-backup
  - name: mariadb
  - name: photoprism
--- a/roles/setup_hosted_services/tasks/main.yml
+++ b/roles/setup_hosted_services/tasks/main.yml
@ -1,3 +1,6 @@
+- name: Include all defaults
+  include_vars: defaults/main-vault.yml
+
 - name: Docker | Pull images
  docker_image:
    name: "{{item}}"
@ -13,18 +16,12 @@
    mode: '0755'
  with_items: "{{services}}"

- name: Docker Compose | Copy Docker Compose Files
-  copy:
-    src: "{{item.name}}/docker-compose.yml"
+- name: Docker Compose | Template Docker Compose Files
+  template:
+    src: "{{item.name}}.j2"
    dest: "{{docker_compose_directory}}/{{item.name}}/docker-compose.yml"
  with_items: "{{services}}"

- name: Docker Compose | Copy Stack Env File
-  copy:
-    src: "{{item.name}}/stack.env"
-    dest: "{{docker_compose_directory}}/{{item.name}}/stack.env"
-  with_items: "{{services}}"
-

 - name: Config Files | Create a directory if it does not exist
  file:
--- a/roles/setup_hosted_services/files/docker-volume-backup/docker-compose.yml
+++ b/roles/setup_hosted_services/files/docker-volume-backup/docker-compose.yml
@ -16,14 +16,13 @@ services:
      - --modes
      - "filesystem,s3"
    environment:
-      AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
-      AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
-      AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
-      AWS_BUCKET: ${AWS_BUCKET}
-      AWS_ENDPOINT: ${AWS_ENDPOINT}
+      AWS_ACCESS_KEY_ID: {{ docker_volume_backup.aws_access_key_id }}
+      AWS_SECRET_ACCESS_KEY: {{ docker_volume_backup.aws_secret_access_key }}
+      AWS_DEFAULT_REGION: {{ docker_volume_backup.aws_default_region }}
+      AWS_BUCKET: {{ docker_volume_backup.aws_bucket }}
+      AWS_ENDPOINT: {{ docker_volume_backup.aws_endpoint }}

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/hdds/backups:/backups
      - /tmp:/tmp
-
--- a/roles/setup_hosted_services/files/mariadb/docker-compose.yml
+++ b/roles/setup_hosted_services/files/mariadb/docker-compose.yml
@ -13,7 +13,7 @@ services:
      - data:/var/lib/mysql
      - config:/etc/mysql/conf.d
    environment:
-      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_ROOT_PASSWORD={{ mariadb.mysql_root_password }}

  adminer:
    restart: unless-stopped
--- a/roles/setup_hosted_services/templates/photoprism.j2
+++ b/roles/setup_hosted_services/templates/photoprism.j2
@ -0,0 +1,53 @@
+version: '3.5'
+services:
+  photoprism:
+    image: photoprism/photoprism:latest
+    container_name: photoprism
+    restart: unless-stopped
+    security_opt:
+      - seccomp:unconfined
+      - apparmor:unconfined
+    ports:
+      - "2342:2342" # HTTP port (host:container)
+    environment:
+      PHOTOPRISM_ADMIN_PASSWORD: {{ photoprism.admin_password }}        # INITIAL PASSWORD FOR "admin" USER, MINIMUM 8 CHARACTERS
+      PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
+      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # public server URL incl http:// or https:// and /path, :port is optional
+      PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
+      PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
+      PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic
+      PHOTOPRISM_READONLY: "false"                   # do not modify originals directory (reduced functionality)
+      PHOTOPRISM_EXPERIMENTAL: "false"               # enables experimental features
+      PHOTOPRISM_DISABLE_CHOWN: "false"              # disables updating storage permissions via chmod and chown on startup
+      PHOTOPRISM_DISABLE_WEBDAV: "false"             # disables built-in WebDAV server
+      PHOTOPRISM_DISABLE_SETTINGS: "false"           # disables settings UI and API
+      PHOTOPRISM_DISABLE_TENSORFLOW: "false"         # disables all features depending on TensorFlow
+      PHOTOPRISM_DISABLE_FACES: "false"              # disables face detection and recognition (requires TensorFlow)
+      PHOTOPRISM_DISABLE_CLASSIFICATION: "false"     # disables image classification (requires TensorFlow)
+      PHOTOPRISM_DISABLE_RAW: "false"                # disables indexing and conversion of RAW files
+      PHOTOPRISM_RAW_PRESETS: "false"                # enables applying user presets when converting RAW files (reduces performance)
+      PHOTOPRISM_JPEG_QUALITY: 85                    # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
+      PHOTOPRISM_DETECT_NSFW: "false"                # automatically flags photos as private that MAY be offensive (requires TensorFlow)
+      PHOTOPRISM_UPLOAD_NSFW: "true"                 # allows uploads that MAY be offensive (no effect without TensorFlow)
+      PHOTOPRISM_DATABASE_DRIVER: "mysql"            # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
+      PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"     # MariaDB or MySQL database server (hostname:port)
+      PHOTOPRISM_DATABASE_NAME: "photoprism"         # MariaDB or MySQL database schema name
+      PHOTOPRISM_DATABASE_USER: "photoprism"         # MariaDB or MySQL database user name
+      PHOTOPRISM_DATABASE_PASSWORD: {{ photoprism.database_password }}         # MariaDB or MySQL database user password
+      PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
+      PHOTOPRISM_SITE_DESCRIPTION: ""                # meta site description
+      PHOTOPRISM_SITE_AUTHOR: ""                     # meta site author
+    ## Share hardware devices with FFmpeg and TensorFlow (optional):
+    devices:
+      - "/dev/dri:/dev/dri"                         # Intel QSV
+    working_dir: "/photoprism" # do not change or remove
+    volumes:
+      - "/mnt/hdds/photoprism/originals:/photoprism/originals"               # Original media files (DO NOT REMOVE)
+      - "/mnt/hdds/photoprism/import:/photoprism/import"                  # *Optional* base folder from which files can be imported to originals
+      - "/mnt/hdds/photoprism/storage:/photoprism/storage"                  # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
+
+
+networks:
+  default:
+    name: nextcloud_net
+    external: true