From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 25 Jun 2023 09:52:36 -0400 Subject: Initial Commit --- .ansible-lint | 3 + Jenkinsfile | 23 + README.md | 97 + ansible.cfg | 8 + data/authelia/authelia-authrequest.conf | 25 + data/authelia/authelia-location.conf | 36 + data/authelia/authelia.conf | 61 + data/authelia/configuration.yml | 300 ++ data/authelia/proxy.conf | 35 + data/bookstack/bookstack.conf.j2 | 27 + data/cadvisor/cadvisor.conf | 34 + data/chronyd/chrony.conf | 59 + data/docker/daemon.json | 7 + data/drawio/drawio.conf | 34 + data/firefly/firefly.conf.j2 | 75 + data/freshrss/freshrss.conf | 38 + data/game_server/lightdm.conf | 8 + data/game_server/sunshine_proxy.conf | 24 + data/game_server/xinitrc | 107 + data/gitea/app.ini | 103 + data/gitea/gitea.conf | 30 + data/grafana/grafana.conf | 134 + data/grafana/grafana.ini.j2 | 1268 +++++ data/grafana/main.json | 5176 ++++++++++++++++++++ data/home_assistant/configuration.yaml | 16 + data/home_assistant/home_assistant.conf.j2 | 38 + data/homer/config.yml | 194 + data/homer/homer.conf | 34 + data/homer/png/3cx.png | Bin 0 -> 52040 bytes data/homer/png/SHODAN.jpg | Bin 0 -> 32227 bytes data/homer/png/adguardhome.png | Bin 0 -> 3511 bytes data/homer/png/adminer.png | Bin 0 -> 10244 bytes data/homer/png/airsonic.png | Bin 0 -> 27546 bytes data/homer/png/alarmpi.png | Bin 0 -> 4569 bytes data/homer/png/alertmanager.png | Bin 0 -> 30103 bytes data/homer/png/alltube.png | Bin 0 -> 59953 bytes data/homer/png/amazon.png | Bin 0 -> 46453 bytes data/homer/png/amd.png | Bin 0 -> 28457 bytes data/homer/png/amvd.png | Bin 0 -> 16597 bytes data/homer/png/ansible.png | Bin 0 -> 9029 bytes data/homer/png/archivebox.png | Bin 0 -> 4831 bytes data/homer/png/archiveteamwarrior.png | Bin 0 -> 8742 bytes data/homer/png/argocd.png | Bin 0 -> 43662 bytes data/homer/png/ariang.png | Bin 0 -> 13576 bytes data/homer/png/artifactory.png | Bin 0 -> 2665 bytes data/homer/png/authelia.png | Bin 0 -> 54179 bytes data/homer/png/avmfritzbox.png | Bin 0 -> 11242 bytes data/homer/png/awx.png | Bin 0 -> 81865 bytes data/homer/png/azure.png | Bin 0 -> 15224 bytes data/homer/png/azuredns.png | Bin 0 -> 15292 bytes data/homer/png/bacula.png | Bin 0 -> 6492 bytes data/homer/png/badge.png | Bin 0 -> 14768 bytes data/homer/png/baikal.png | Bin 0 -> 1967 bytes data/homer/png/bastillion.png | Bin 0 -> 4082 bytes data/homer/png/bazarr.png | Bin 0 -> 15324 bytes data/homer/png/beats.png | Bin 0 -> 16663 bytes data/homer/png/bithumen.png | Bin 0 -> 3835 bytes data/homer/png/bitwarden.png | Bin 0 -> 16971 bytes data/homer/png/blueiris.png | Bin 0 -> 197462 bytes data/homer/png/booksonic.png | Bin 0 -> 34768 bytes data/homer/png/bookstack.png | Bin 0 -> 3245 bytes data/homer/png/box.png | Bin 0 -> 107979 bytes data/homer/png/brewpi.png | Bin 0 -> 13019 bytes data/homer/png/buxfer.png | Bin 0 -> 5995 bytes data/homer/png/cabot.png | Bin 0 -> 10764 bytes data/homer/png/cadvisor.png | Bin 0 -> 14106 bytes data/homer/png/calibreweb.png | Bin 0 -> 1583 bytes data/homer/png/cardigann.png | Bin 0 -> 1075 bytes data/homer/png/cgit.png | Bin 0 -> 1366 bytes data/homer/png/checkmk.png | Bin 0 -> 4192 bytes data/homer/png/chevereto.png | Bin 0 -> 8380 bytes data/homer/png/chowdown.png | Bin 0 -> 26579 bytes data/homer/png/chronograf.png | Bin 0 -> 17902 bytes data/homer/png/chudnick.com.png | Bin 0 -> 15861 bytes data/homer/png/clarkson.png | Bin 0 -> 3773 bytes data/homer/png/cloudcmd.png | Bin 0 -> 18884 bytes data/homer/png/cockpit.png | Bin 0 -> 10017 bytes data/homer/png/cockpitcms.png | Bin 0 -> 3738 bytes data/homer/png/code.png | Bin 0 -> 32885 bytes data/homer/png/codeserver.png | Bin 0 -> 2465 bytes data/homer/png/codimd.png | Bin 0 -> 686 bytes data/homer/png/concourse.png | Bin 0 -> 9329 bytes data/homer/png/couchpotato.png | Bin 0 -> 42776 bytes data/homer/png/cpanel.png | Bin 0 -> 2769 bytes data/homer/png/cryptpad.png | Bin 0 -> 10031 bytes data/homer/png/cyberchef.png | Bin 0 -> 5970 bytes data/homer/png/deemix.png | Bin 0 -> 68591 bytes data/homer/png/deluge.png | Bin 0 -> 4187 bytes data/homer/png/directus.png | Bin 0 -> 3006 bytes data/homer/png/docker.png | Bin 0 -> 17182 bytes data/homer/png/docspell.png | Bin 0 -> 3525 bytes data/homer/png/dokuwiki.png | Bin 0 -> 16014 bytes data/homer/png/domoticz.png | Bin 0 -> 8189 bytes data/homer/png/dozzle.png | Bin 0 -> 2417 bytes data/homer/png/drawio.png | Bin 0 -> 4944 bytes data/homer/png/drone.png | Bin 0 -> 50256 bytes data/homer/png/droppy.png | Bin 0 -> 3173 bytes data/homer/png/duplicacy.png | Bin 0 -> 19131 bytes data/homer/png/duplicati.png | Bin 0 -> 7431 bytes data/homer/png/ebay.png | Bin 0 -> 26348 bytes data/homer/png/elastic.png | Bin 0 -> 1208 bytes data/homer/png/elasticsearch.png | Bin 0 -> 33255 bytes data/homer/png/element.png | Bin 0 -> 26433 bytes data/homer/png/emby.png | Bin 0 -> 2270 bytes data/homer/png/embystat.png | Bin 0 -> 6216 bytes data/homer/png/emq.png | Bin 0 -> 5474 bytes data/homer/png/erste-george.png | Bin 0 -> 8173 bytes data/homer/png/erste.png | Bin 0 -> 6102 bytes data/homer/png/esphome.png | Bin 0 -> 1177 bytes data/homer/png/evebox.png | Bin 0 -> 9484 bytes data/homer/png/facebook-messenger.png | Bin 0 -> 7660 bytes data/homer/png/facebook.png | Bin 0 -> 9674 bytes data/homer/png/filebrowser.png | Bin 0 -> 14063 bytes data/homer/png/filerun.png | Bin 0 -> 15814 bytes data/homer/png/firefly.png | Bin 0 -> 62508 bytes data/homer/png/firefoxsend.png | Bin 0 -> 13216 bytes data/homer/png/flexget.png | Bin 0 -> 33135 bytes data/homer/png/flood.png | Bin 0 -> 16173 bytes data/homer/png/foldingathome.png | Bin 0 -> 9723 bytes data/homer/png/freeipa.png | Bin 0 -> 49701 bytes data/homer/png/freenas.png | Bin 0 -> 2192 bytes data/homer/png/freepbx.png | Bin 0 -> 51100 bytes data/homer/png/freshrss.png | Bin 0 -> 12552 bytes data/homer/png/ghost.png | Bin 0 -> 1819 bytes data/homer/png/gitea.png | Bin 0 -> 13863 bytes data/homer/png/github.png | Bin 0 -> 3224 bytes data/homer/png/gitlab.png | Bin 0 -> 12975 bytes data/homer/png/glances.png | Bin 0 -> 3123 bytes data/homer/png/gogs.png | Bin 0 -> 20249 bytes data/homer/png/google-calendar.png | Bin 0 -> 7040 bytes data/homer/png/google-keep.png | Bin 0 -> 5640 bytes data/homer/png/google-mail.png | Bin 0 -> 4858 bytes data/homer/png/googlemaps.png | Bin 0 -> 65044 bytes data/homer/png/gotify.png | Bin 0 -> 19188 bytes data/homer/png/grafana.png | Bin 0 -> 30484 bytes data/homer/png/grav.png | Bin 0 -> 1360 bytes data/homer/png/graylog.png | Bin 0 -> 3573 bytes data/homer/png/grocy.png | Bin 0 -> 2661 bytes data/homer/png/guacamole.png | Bin 0 -> 10534 bytes data/homer/png/handbrake.png | Bin 0 -> 18907 bytes data/homer/png/haproxy.png | Bin 0 -> 12464 bytes data/homer/png/hasura.png | Bin 0 -> 11153 bytes data/homer/png/hdhomerun.png | Bin 0 -> 4213 bytes data/homer/png/headphones.png | Bin 0 -> 8948 bytes data/homer/png/healthchecks.png | Bin 0 -> 10895 bytes data/homer/png/heimdall.png | Bin 0 -> 11840 bytes data/homer/png/home-assistant.png | Bin 0 -> 47969 bytes data/homer/png/homebridge.png | Bin 0 -> 133806 bytes data/homer/png/homer.png | Bin 0 -> 88703 bytes data/homer/png/hp.png | Bin 0 -> 30144 bytes data/homer/png/hubitat.png | Bin 0 -> 23735 bytes data/homer/png/huginn.png | Bin 0 -> 51187 bytes data/homer/png/hugo.png | Bin 0 -> 7993 bytes data/homer/png/hydra.png | Bin 0 -> 26955 bytes data/homer/png/icecast.png | Bin 0 -> 8692 bytes data/homer/png/icinga.png | Bin 0 -> 39686 bytes data/homer/png/idrac.png | Bin 0 -> 3789 bytes data/homer/png/ilo.png | Bin 0 -> 5816 bytes data/homer/png/infoblox.png | Bin 0 -> 3206 bytes data/homer/png/invidious.png | Bin 0 -> 45432 bytes data/homer/png/invoiceninja.png | Bin 0 -> 4765 bytes data/homer/png/iobroker.png | Bin 0 -> 3428 bytes data/homer/png/irc.png | Bin 0 -> 100138 bytes data/homer/png/jackett.png | Bin 0 -> 24159 bytes data/homer/png/jaeger.png | Bin 0 -> 8382 bytes data/homer/png/jdownloader.png | Bin 0 -> 52501 bytes data/homer/png/jeedom.png | Bin 0 -> 3623 bytes data/homer/png/jellyfin.png | Bin 0 -> 21925 bytes data/homer/png/jenkins.png | Bin 0 -> 6453 bytes data/homer/png/jitsimeet.png | Bin 0 -> 65889 bytes data/homer/png/joomla.png | Bin 0 -> 2015 bytes data/homer/png/joplin.png | Bin 0 -> 22996 bytes data/homer/png/kanboard.png | Bin 0 -> 2215 bytes data/homer/png/kavita.png | Bin 0 -> 18275 bytes data/homer/png/keila.png | Bin 0 -> 39333 bytes data/homer/png/keycloak.png | Bin 0 -> 30410 bytes data/homer/png/kibana.png | Bin 0 -> 8839 bytes data/homer/png/kimai.png | Bin 0 -> 66299 bytes data/homer/png/kitana.png | Bin 0 -> 5026 bytes data/homer/png/kodi.png | Bin 0 -> 1716 bytes data/homer/png/komga.png | Bin 0 -> 43137 bytes data/homer/png/krusader.png | Bin 0 -> 27708 bytes data/homer/png/kubernetes-dashboard.png | Bin 0 -> 14851 bytes data/homer/png/kutt.png | Bin 0 -> 79849 bytes data/homer/png/lazylibrarian.png | Bin 0 -> 12549 bytes data/homer/png/leantime.png | Bin 0 -> 7201 bytes data/homer/png/lemonldapng.png | Bin 0 -> 7322 bytes data/homer/png/letencrypt.png | Bin 0 -> 21241 bytes data/homer/png/librenms.png | Bin 0 -> 4046 bytes data/homer/png/librephotos.png | Bin 0 -> 7461 bytes data/homer/png/librespeed.png | Bin 0 -> 9466 bytes data/homer/png/lidarr.png | Bin 0 -> 44323 bytes data/homer/png/listmonk.png | Bin 0 -> 9000 bytes data/homer/png/logstash.png | Bin 0 -> 16516 bytes data/homer/png/loki.png | Bin 0 -> 20829 bytes data/homer/png/longhorn.png | Bin 0 -> 26391 bytes data/homer/png/lychee.png | Bin 0 -> 28252 bytes data/homer/png/mailcow.png | Bin 0 -> 25277 bytes data/homer/png/mailhog.png | Bin 0 -> 1188 bytes data/homer/png/mainsail.png | Bin 0 -> 2316 bytes data/homer/png/mak.png | Bin 0 -> 9755 bytes data/homer/png/mattermost.png | Bin 0 -> 4945 bytes data/homer/png/mayanedms.png | Bin 0 -> 2580 bytes data/homer/png/mcmyadmin.png | Bin 0 -> 8239 bytes data/homer/png/mealie.png | Bin 0 -> 64032 bytes data/homer/png/mediawiki.png | Bin 0 -> 9247 bytes data/homer/png/medusa.png | Bin 0 -> 3715 bytes data/homer/png/meraki.png | Bin 0 -> 8311 bytes data/homer/png/microsoft-todo.png | Bin 0 -> 14832 bytes data/homer/png/mikrotik.png | Bin 0 -> 80148 bytes data/homer/png/mineos.png | Bin 0 -> 17034 bytes data/homer/png/miniflux.png | Bin 0 -> 592 bytes data/homer/png/minio.png | Bin 0 -> 36803 bytes data/homer/png/molecule.png | Bin 0 -> 35447 bytes data/homer/png/mongodb.png | Bin 0 -> 87280 bytes data/homer/png/monica.png | Bin 0 -> 21987 bytes data/homer/png/monit.png | Bin 0 -> 16823 bytes data/homer/png/motioneye.png | Bin 0 -> 14671 bytes data/homer/png/mqtt.png | Bin 0 -> 37463 bytes data/homer/png/mylar.png | Bin 0 -> 34567 bytes data/homer/png/n8n.png | Bin 0 -> 6749 bytes data/homer/png/nagios.png | Bin 0 -> 23818 bytes data/homer/png/navidrome.png | Bin 0 -> 14638 bytes data/homer/png/ncore.png | Bin 0 -> 17343 bytes data/homer/png/nessus.png | Bin 0 -> 2455 bytes data/homer/png/netatmo.png | Bin 0 -> 12788 bytes data/homer/png/netboot.png | Bin 0 -> 2986 bytes data/homer/png/netbootxyz.png | Bin 0 -> 17004 bytes data/homer/png/netbox.png | Bin 0 -> 29060 bytes data/homer/png/netdata.png | Bin 0 -> 1913 bytes data/homer/png/nextcloud.png | Bin 0 -> 6078 bytes data/homer/png/nginx.png | Bin 0 -> 61836 bytes data/homer/png/nginxproxymanager.png | Bin 0 -> 9069 bytes data/homer/png/nodered.png | Bin 0 -> 46516 bytes data/homer/png/nowshowing.png | Bin 0 -> 11763 bytes data/homer/png/ntop.png | Bin 0 -> 32436 bytes data/homer/png/nxfilter.png | Bin 0 -> 1084 bytes data/homer/png/nzbget.png | Bin 0 -> 4685 bytes data/homer/png/nzbhydra.png | Bin 0 -> 5372 bytes data/homer/png/octoprint.png | Bin 0 -> 22247 bytes data/homer/png/omada.png | Bin 0 -> 38231 bytes data/homer/png/ombi.png | Bin 0 -> 9264 bytes data/homer/png/omnidb.png | Bin 0 -> 9648 bytes data/homer/png/onlyoffice.png | Bin 0 -> 36365 bytes data/homer/png/openhab.png | Bin 0 -> 4851 bytes data/homer/png/openmaptiler.png | Bin 0 -> 2753 bytes data/homer/png/openmediavault.png | Bin 0 -> 2721 bytes data/homer/png/openspeedtest.png | Bin 0 -> 8144 bytes data/homer/png/opensprinkler.png | Bin 0 -> 3322 bytes data/homer/png/openvpn.png | Bin 0 -> 4428 bytes data/homer/png/openwrt.png | Bin 0 -> 29980 bytes data/homer/png/opnsense.png | Bin 0 -> 28281 bytes data/homer/png/osticket.png | Bin 0 -> 4219 bytes data/homer/png/overseerr.png | Bin 0 -> 36653 bytes data/homer/png/owncloud.png | Bin 0 -> 5005 bytes data/homer/png/ownphotos.png | Bin 0 -> 2814 bytes data/homer/png/pagerduty.png | Bin 0 -> 7505 bytes data/homer/png/paloaltonetworks.png | Bin 0 -> 3167 bytes data/homer/png/paperless-ng.png | Bin 0 -> 14675 bytes data/homer/png/papermerge.png | Bin 0 -> 165076 bytes data/homer/png/partkeepr.png | Bin 0 -> 3160 bytes data/homer/png/peertube.png | Bin 0 -> 4178 bytes data/homer/png/pfsense.png | Bin 0 -> 114048 bytes data/homer/png/pgadmin.png | Bin 0 -> 9988 bytes data/homer/png/phantombot.png | Bin 0 -> 40093 bytes data/homer/png/photoprism.png | Bin 0 -> 21536 bytes data/homer/png/photostructure.png | Bin 0 -> 96463 bytes data/homer/png/photoview.png | Bin 0 -> 178807 bytes data/homer/png/phpldapadmin.png | Bin 0 -> 28909 bytes data/homer/png/phpmyadmin.png | Bin 0 -> 10147 bytes data/homer/png/piaware.png | Bin 0 -> 9477 bytes data/homer/png/pihole.png | Bin 0 -> 67394 bytes data/homer/png/pingdom.png | Bin 0 -> 22125 bytes data/homer/png/piwigo.png | Bin 0 -> 29077 bytes data/homer/png/plausible.png | Bin 0 -> 75359 bytes data/homer/png/pleroma.png | Bin 0 -> 1144 bytes data/homer/png/plesk.png | Bin 0 -> 3813 bytes data/homer/png/plex.png | Bin 0 -> 73866 bytes data/homer/png/plexdrive.png | Bin 0 -> 20970 bytes data/homer/png/plexrequests.png | Bin 0 -> 3521 bytes data/homer/png/plume.png | Bin 0 -> 4382 bytes data/homer/png/podify.png | Bin 0 -> 37410 bytes data/homer/png/portainer.png | Bin 0 -> 14272 bytes data/homer/png/portus.png | Bin 0 -> 29684 bytes data/homer/png/postgres.png | Bin 0 -> 60635 bytes data/homer/png/printer.png | Bin 0 -> 2081 bytes data/homer/png/privatebin.png | Bin 0 -> 5522 bytes data/homer/png/projectsend.png | Bin 0 -> 3611 bytes data/homer/png/prometheus.png | Bin 0 -> 44193 bytes data/homer/png/prowlarr.png | Bin 0 -> 56027 bytes data/homer/png/proxmox.png | Bin 0 -> 6679 bytes data/homer/png/prtg.png | Bin 0 -> 5055 bytes data/homer/png/psitransfer.png | Bin 0 -> 1169 bytes data/homer/png/pterodactyl.png | Bin 0 -> 110637 bytes data/homer/png/pyload.png | Bin 0 -> 38040 bytes data/homer/png/qbittorrent.png | Bin 0 -> 31453 bytes data/homer/png/qnap.png | Bin 0 -> 3015 bytes data/homer/png/rabbitmq.png | Bin 0 -> 31047 bytes data/homer/png/radarr.png | Bin 0 -> 91825 bytes data/homer/png/radicale.png | Bin 0 -> 9951 bytes data/homer/png/rainloop.png | Bin 0 -> 4605 bytes data/homer/png/rancher.png | Bin 0 -> 2177 bytes data/homer/png/raneto.png | Bin 0 -> 126003 bytes data/homer/png/rclone.png | Bin 0 -> 4101 bytes data/homer/png/readarr.png | Bin 0 -> 23550 bytes data/homer/png/recalbox.png | Bin 0 -> 2380 bytes data/homer/png/redis.png | Bin 0 -> 37626 bytes data/homer/png/requestrr.png | Bin 0 -> 9121 bytes data/homer/png/resiliosync.png | Bin 0 -> 6805 bytes data/homer/png/riot.png | Bin 0 -> 13534 bytes data/homer/png/rocketchat.png | Bin 0 -> 5656 bytes data/homer/png/rompya.png | Bin 0 -> 20866 bytes data/homer/png/rook.png | Bin 0 -> 23059 bytes data/homer/png/roundcube.png | Bin 0 -> 45693 bytes data/homer/png/router.png | Bin 0 -> 4435 bytes data/homer/png/rspamd.png | Bin 0 -> 8401 bytes data/homer/png/rstudioserver.png | Bin 0 -> 3385 bytes data/homer/png/rundeck.png | Bin 0 -> 893 bytes data/homer/png/runeaudio.png | Bin 0 -> 4978 bytes data/homer/png/rutorrent.png | Bin 0 -> 5654 bytes data/homer/png/sabnzbd.png | Bin 0 -> 5287 bytes data/homer/png/scrutiny.png | Bin 0 -> 44993 bytes data/homer/png/seafile.png | Bin 0 -> 8980 bytes data/homer/png/searxmetasearchengine.png | Bin 0 -> 9463 bytes data/homer/png/serviio.png | Bin 0 -> 3496 bytes data/homer/png/shaarli.png | Bin 0 -> 6422 bytes data/homer/png/shinobi.png | Bin 0 -> 24457 bytes data/homer/png/sickbeard.png | Bin 0 -> 17672 bytes data/homer/png/sickchill.png | Bin 0 -> 13804 bytes data/homer/png/sickgear.png | Bin 0 -> 13363 bytes data/homer/png/sinusbot.png | Bin 0 -> 16451 bytes data/homer/png/slack.png | Bin 0 -> 27837 bytes data/homer/png/snibox.png | Bin 0 -> 6092 bytes data/homer/png/sonarqube.png | Bin 0 -> 3966 bytes data/homer/png/sonarr.png | Bin 0 -> 35159 bytes data/homer/png/sourcegraph.png | Bin 0 -> 7500 bytes data/homer/png/splunk.png | Bin 0 -> 11311 bytes data/homer/png/spotweb.png | Bin 0 -> 5328 bytes data/homer/png/squidex.png | Bin 0 -> 8246 bytes data/homer/png/statping.png | Bin 0 -> 45022 bytes data/homer/png/strapi.png | Bin 0 -> 5253 bytes data/homer/png/streama.png | Bin 0 -> 1532 bytes data/homer/png/sunshine.png | Bin 0 -> 18686 bytes data/homer/png/synclounge.png | Bin 0 -> 8578 bytes data/homer/png/syncthing.png | Bin 0 -> 19975 bytes data/homer/png/synology.png | Bin 0 -> 5217 bytes data/homer/png/taiga.png | Bin 0 -> 7975 bytes data/homer/png/tandoorrecipes.png | Bin 0 -> 6676 bytes data/homer/png/tasmoadmin.png | Bin 0 -> 888 bytes data/homer/png/tasmota.png | Bin 0 -> 2432 bytes data/homer/png/tautulli.png | Bin 0 -> 29051 bytes data/homer/png/tdarr.png | Bin 0 -> 21853 bytes data/homer/png/teedy.png | Bin 0 -> 26743 bytes data/homer/png/thanos.png | Bin 0 -> 15265 bytes data/homer/png/theia.png | Bin 0 -> 13841 bytes data/homer/png/thelounge.png | Bin 0 -> 4329 bytes data/homer/png/tinytinyrss.png | Bin 0 -> 12215 bytes data/homer/png/tplink.png | Bin 0 -> 17219 bytes data/homer/png/traccar.png | Bin 0 -> 7929 bytes data/homer/png/traefik.png | Bin 0 -> 37646 bytes data/homer/png/transmission.png | Bin 0 -> 8313 bytes data/homer/png/trilium.png | Bin 0 -> 16344 bytes data/homer/png/truenas.png | Bin 0 -> 3796 bytes data/homer/png/tubearchivist.png | Bin 0 -> 16951 bytes data/homer/png/tubesync.png | Bin 0 -> 15953 bytes data/homer/png/tvheadend.png | Bin 0 -> 3811 bytes data/homer/png/ubooquity.png | Bin 0 -> 11584 bytes data/homer/png/ultimateguitar.png | Bin 0 -> 33562 bytes data/homer/png/unifi.png | Bin 0 -> 186692 bytes data/homer/png/unraid.png | Bin 0 -> 13669 bytes data/homer/png/updog.png | Bin 0 -> 10888 bytes data/homer/png/urbackup.png | Bin 0 -> 2952 bytes data/homer/png/valetudo.png | Bin 0 -> 79289 bytes data/homer/png/vault.png | Bin 0 -> 14587 bytes data/homer/png/vikunja.png | Bin 0 -> 11543 bytes data/homer/png/virtualradarserver.png | Bin 0 -> 31512 bytes data/homer/png/vmware.png | Bin 0 -> 8477 bytes data/homer/png/vmwarehorizon.png | Bin 0 -> 13380 bytes data/homer/png/volumio.png | Bin 0 -> 9859 bytes data/homer/png/wallabag.png | Bin 0 -> 18060 bytes data/homer/png/wanikani.png | Bin 0 -> 19142 bytes data/homer/png/watcher.png | Bin 0 -> 6418 bytes data/homer/png/watchtower.png | Bin 0 -> 116149 bytes data/homer/png/webdav.png | Bin 0 -> 15969 bytes data/homer/png/webmin.png | Bin 0 -> 9548 bytes data/homer/png/webtools.png | Bin 0 -> 14342 bytes data/homer/png/wekan.png | Bin 0 -> 54896 bytes data/homer/png/wetty.png | Bin 0 -> 24101 bytes data/homer/png/wggenweb.png | Bin 0 -> 9929 bytes data/homer/png/whoami.png | Bin 0 -> 9743 bytes data/homer/png/wikijs.png | Bin 0 -> 12419 bytes data/homer/png/wireguard.png | Bin 0 -> 73201 bytes data/homer/png/wizarr.png | Bin 0 -> 37856 bytes data/homer/png/wordpress.png | Bin 0 -> 14376 bytes data/homer/png/xbrowsersync.png | Bin 0 -> 48213 bytes data/homer/png/xigmanas.png | Bin 0 -> 16562 bytes data/homer/png/xteve.png | Bin 0 -> 3499 bytes data/homer/png/xwiki.png | Bin 0 -> 6237 bytes data/homer/png/yacht.png | Bin 0 -> 13391 bytes data/homer/png/ynab.png | Bin 0 -> 5870 bytes data/homer/png/youtube.png | Bin 0 -> 15908 bytes data/homer/png/youtubedl.png | Bin 0 -> 3998 bytes data/homer/png/zabbix.png | Bin 0 -> 2442 bytes data/homer/png/zigbee2mqtt.png | Bin 0 -> 25352 bytes data/homer/png/znc.png | Bin 0 -> 24480 bytes data/homer/png/zoneminder.png | Bin 0 -> 65487 bytes data/homer/png/zulip.png | Bin 0 -> 5887 bytes data/homer/png/zwavejs.png | Bin 0 -> 26171 bytes data/homer/svg/adguardhome.svg | 99 + data/homer/svg/adminer.svg | 217 + data/homer/svg/bazarr.svg | 9 + data/homer/svg/caddy.svg | 1 + data/homer/svg/calibreweb.svg | 9 + data/homer/svg/changedetection.svg | 1 + data/homer/svg/cloudflare.svg | 10 + data/homer/svg/discord.svg | 6 + data/homer/svg/filebrowser.svg | 147 + data/homer/svg/filerun.svg | 7 + data/homer/svg/freshrss.svg | 12 + data/homer/svg/grocy.svg | 33 + data/homer/svg/hedgedoc.svg | 20 + data/homer/svg/home-assistant.svg | 54 + data/homer/svg/kavita.svg | 124 + data/homer/svg/mailcow.svg | 3 + data/homer/svg/mealie.svg | 1148 +++++ data/homer/svg/mkb_bank.svg | 11 + data/homer/svg/ntop.svg | 26 + data/homer/svg/overseerr.svg | 90 + data/homer/svg/pagerduty.svg | Bin 0 -> 521 bytes data/homer/svg/portainer.svg | 1 + data/homer/svg/prowlarr.svg | 296 ++ data/homer/svg/pywttr-docker.svg | 101 + data/homer/svg/radicale.svg | 10 + data/homer/svg/searxng.svg | 56 + data/homer/svg/sonarr.svg | 9 + data/homer/svg/text-generation-webui.svg | 10 + data/homer/svg/thanos.svg | 1 + data/homer/svg/xbrowsersync.svg | 168 + data/influxdb/influxdb.conf | 30 + data/invidious/invidious.conf.j2 | 34 + data/invidious/invidious.env | 11 + data/jellyfin/jellyfin.conf | 68 + data/jenkins/configuration.yml.j2 | 163 + data/jenkins/jenkins.conf | 85 + data/kanboard/config.php | 59 + data/kanboard/kanboard.conf.j2 | 34 + data/lidarr/lidarr.conf.j2 | 36 + data/loki/config.yml | 54 + data/loki/loki.conf | 21 + data/msmtp_mta/msmtprc | 11 + data/navidrome/navidrome.conf | 34 + data/nextcloud/nextcloud.conf | 45 + data/photoprism/photoprism.conf | 41 + data/pihole-exporter/pihole-exporter.conf | 27 + data/pihole/pihole_unbound.conf | 35 + data/pihole/setupVars.conf | 10 + data/prometheus-blackbox-exporter/blackbox.yml | 62 + data/prometheus-nginx-exporter/defaults | 1 + data/prometheus-nginx-exporter/metrics.conf | 14 + data/prometheus-server/defaults | 1 + data/prometheus-server/prometheus.yml | 168 + data/promtail/config.yml | 30 + data/promtail/config_standard.yml | 28 + data/prowlarr/prowlarr.conf.j2 | 36 + data/pywttr_docker/pywttr_docker.conf.j2 | 33 + data/qbittorrent/qbittorrent.conf.j2 | 34 + data/radarr/radarr.conf.j2 | 36 + data/readarr/readarr.conf.j2 | 36 + data/searxng/searxng.conf | 48 + data/searxng/settings.yml | 74 + data/searxng/uwsgi.ini | 50 + data/sonarr/sonarr.conf.j2 | 36 + data/text_generation/text_generation.conf.j2 | 37 + data/vaultwarden/vaultwarden.conf.j2 | 39 + group_vars/all/vars.yml | 570 +++ renovate.json | 11 + requirements.yml | 5 + roles/linux_base/defaults/main.yml | 1 + roles/linux_base/handlers/main.yml | 16 + roles/linux_base/tasks/main.yml | 57 + roles/proxmox/cloudinit_guest/defaults/main.yml | 7 + roles/proxmox/cloudinit_guest/tasks/main.yml | 80 + roles/proxmox/debian_cloudinit/defaults/main.yml | 8 + roles/proxmox/debian_cloudinit/tasks/main.yml | 115 + roles/proxmox/fedora_cloudinit/defaults/main.yml | 8 + roles/proxmox/fedora_cloudinit/tasks/main.yml | 122 + roles/proxmox/proxmox_backup_server/tasks/main.yml | 42 + roles/proxmox/pve_backup/tasks/main.yml | 17 + roles/proxmox/system/defaults/main.yml | 8 + roles/proxmox/system/tasks/main.yml | 30 + roles/proxmox/system/tasks/proxmox_repo.yml | 8 + roles/proxmox/system/tasks/user.yml | 28 + roles/services/chronyd/handlers/main.yml | 4 + roles/services/chronyd/tasks/main.yml | 30 + .../containers/arr_stack/handlers/main.yml | 4 + .../containers/arr_stack/tasks/gluetun.yml | 105 + .../services/containers/arr_stack/tasks/lidarr.yml | 93 + roles/services/containers/arr_stack/tasks/main.yml | 130 + .../containers/arr_stack/tasks/prowlarr.yml | 92 + .../containers/arr_stack/tasks/qbittorrent.yml | 94 + .../services/containers/arr_stack/tasks/radarr.yml | 93 + .../containers/arr_stack/tasks/readarr.yml | 93 + .../services/containers/arr_stack/tasks/sonarr.yml | 93 + .../services/containers/authelia/handlers/main.yml | 4 + roles/services/containers/authelia/tasks/main.yml | 283 ++ .../containers/bookstack/handlers/main.yml | 4 + roles/services/containers/bookstack/tasks/main.yml | 118 + .../services/containers/cadvisor/handlers/main.yml | 4 + roles/services/containers/cadvisor/tasks/main.yml | 90 + roles/services/containers/drawio/handlers/main.yml | 4 + roles/services/containers/drawio/tasks/main.yml | 149 + .../services/containers/firefly/handlers/main.yml | 4 + roles/services/containers/firefly/tasks/main.yml | 172 + .../services/containers/freshrss/handlers/main.yml | 4 + roles/services/containers/freshrss/tasks/main.yml | 101 + roles/services/containers/gitea/handlers/main.yml | 4 + roles/services/containers/gitea/tasks/main.yml | 171 + .../containers/home_assistant/handlers/main.yml | 4 + .../containers/home_assistant/tasks/main.yml | 86 + roles/services/containers/homer/handlers/main.yml | 4 + roles/services/containers/homer/tasks/main.yml | 122 + .../containers/invidious/handlers/main.yml | 29 + roles/services/containers/invidious/tasks/main.yml | 124 + .../services/containers/jellyfin/handlers/main.yml | 4 + roles/services/containers/jellyfin/tasks/main.yml | 159 + .../services/containers/kanboard/handlers/main.yml | 18 + roles/services/containers/kanboard/tasks/main.yml | 93 + .../containers/navidrome/handlers/main.yml | 4 + roles/services/containers/navidrome/tasks/main.yml | 117 + .../containers/nextcloud/handlers/main.yml | 4 + roles/services/containers/nextcloud/tasks/main.yml | 184 + .../containers/photoprism/defaults/main.yml | 10 + .../containers/photoprism/handlers/main.yml | 4 + .../services/containers/photoprism/tasks/main.yml | 115 + .../containers/pihole_exporter/tasks/main.yml | 97 + .../containers/pywttr_docker/handlers/main.yml | 18 + .../containers/pywttr_docker/tasks/main.yml | 74 + roles/services/containers/renovate/tasks/main.yml | 87 + .../services/containers/searxng/handlers/main.yml | 4 + roles/services/containers/searxng/tasks/main.yml | 170 + .../containers/text_generation/handlers/main.yml | 29 + .../containers/text_generation/tasks/main.yml | 89 + .../containers/vaultwarden/handlers/main.yml | 4 + .../services/containers/vaultwarden/tasks/main.yml | 79 + roles/services/docker_rootless/defaults/main.yml | 18 + roles/services/docker_rootless/handlers/main.yml | 6 + roles/services/docker_rootless/tasks/main.yml | 93 + roles/services/freeipa/client/defaults/main.yml | 0 roles/services/freeipa/client/tasks/main.yml | 4 + roles/services/freeipa/server/defaults/main.yml | 1 + roles/services/freeipa/server/tasks/main.yml | 43 + roles/services/game_server/handlers/main.yml | 71 + roles/services/game_server/tasks/main.yml | 223 + roles/services/jenkins/handlers/main.yml | 13 + roles/services/jenkins/tasks/main.yml | 184 + .../services/monitoring/grafana/defaults/main.yml | 5 + .../services/monitoring/grafana/handlers/main.yml | 13 + roles/services/monitoring/grafana/tasks/main.yml | 125 + .../services/monitoring/influxdb/defaults/main.yml | 6 + .../services/monitoring/influxdb/handlers/main.yml | 4 + roles/services/monitoring/influxdb/tasks/main.yml | 19 + roles/services/monitoring/loki/handlers/main.yml | 8 + roles/services/monitoring/loki/tasks/main.yml | 80 + .../prometheus/blackbox-exporter/tasks/main.yml | 0 .../prometheus/nginx_exporter/defaults/main.yml | 4 + .../prometheus/nginx_exporter/handlers/main.yml | 9 + .../prometheus/nginx_exporter/tasks/main.yml | 44 + .../prometheus/node_exporter/defaults/main.yml | 4 + .../prometheus/node_exporter/tasks/main.yml | 28 + .../monitoring/prometheus/server/defaults/main.yml | 6 + .../monitoring/prometheus/server/tasks/main.yml | 79 + .../services/monitoring/promtail/handlers/main.yml | 39 + roles/services/monitoring/promtail/tasks/main.yml | 151 + roles/services/msmtp_mta/tasks/main.yml | 11 + roles/services/pihole/handlers/main.yml | 14 + roles/services/pihole/tasks/main.yml | 80 + roles/services/ssh/tasks/main.yml | 46 + roles/services/unattended_upgrades/tasks/main.yml | 63 + run.yml | 89 + 579 files changed, 18625 insertions(+) create mode 100644 .ansible-lint create mode 100644 Jenkinsfile create mode 100644 README.md create mode 100644 ansible.cfg create mode 100644 data/authelia/authelia-authrequest.conf create mode 100644 data/authelia/authelia-location.conf create mode 100644 data/authelia/authelia.conf create mode 100644 data/authelia/configuration.yml create mode 100644 data/authelia/proxy.conf create mode 100644 data/bookstack/bookstack.conf.j2 create mode 100644 data/cadvisor/cadvisor.conf create mode 100644 data/chronyd/chrony.conf create mode 100644 data/docker/daemon.json create mode 100644 data/drawio/drawio.conf create mode 100644 data/firefly/firefly.conf.j2 create mode 100644 data/freshrss/freshrss.conf create mode 100644 data/game_server/lightdm.conf create mode 100644 data/game_server/sunshine_proxy.conf create mode 100644 data/game_server/xinitrc create mode 100644 data/gitea/app.ini create mode 100644 data/gitea/gitea.conf create mode 100644 data/grafana/grafana.conf create mode 100644 data/grafana/grafana.ini.j2 create mode 100644 data/grafana/main.json create mode 100644 data/home_assistant/configuration.yaml create mode 100644 data/home_assistant/home_assistant.conf.j2 create mode 100644 data/homer/config.yml create mode 100644 data/homer/homer.conf create mode 100644 data/homer/png/3cx.png create mode 100644 data/homer/png/SHODAN.jpg create mode 100644 data/homer/png/adguardhome.png create mode 100644 data/homer/png/adminer.png create mode 100644 data/homer/png/airsonic.png create mode 100644 data/homer/png/alarmpi.png create mode 100644 data/homer/png/alertmanager.png create mode 100644 data/homer/png/alltube.png create mode 100644 data/homer/png/amazon.png create mode 100644 data/homer/png/amd.png create mode 100644 data/homer/png/amvd.png create mode 100644 data/homer/png/ansible.png create mode 100644 data/homer/png/archivebox.png create mode 100644 data/homer/png/archiveteamwarrior.png create mode 100644 data/homer/png/argocd.png create mode 100644 data/homer/png/ariang.png create mode 100644 data/homer/png/artifactory.png create mode 100644 data/homer/png/authelia.png create mode 100644 data/homer/png/avmfritzbox.png create mode 100644 data/homer/png/awx.png create mode 100644 data/homer/png/azure.png create mode 100644 data/homer/png/azuredns.png create mode 100644 data/homer/png/bacula.png create mode 100644 data/homer/png/badge.png create mode 100644 data/homer/png/baikal.png create mode 100644 data/homer/png/bastillion.png create mode 100644 data/homer/png/bazarr.png create mode 100644 data/homer/png/beats.png create mode 100644 data/homer/png/bithumen.png create mode 100644 data/homer/png/bitwarden.png create mode 100644 data/homer/png/blueiris.png create mode 100644 data/homer/png/booksonic.png create mode 100644 data/homer/png/bookstack.png create mode 100644 data/homer/png/box.png create mode 100644 data/homer/png/brewpi.png create mode 100644 data/homer/png/buxfer.png create mode 100644 data/homer/png/cabot.png create mode 100644 data/homer/png/cadvisor.png create mode 100644 data/homer/png/calibreweb.png create mode 100644 data/homer/png/cardigann.png create mode 100644 data/homer/png/cgit.png create mode 100644 data/homer/png/checkmk.png create mode 100644 data/homer/png/chevereto.png create mode 100644 data/homer/png/chowdown.png create mode 100644 data/homer/png/chronograf.png create mode 100644 data/homer/png/chudnick.com.png create mode 100644 data/homer/png/clarkson.png create mode 100644 data/homer/png/cloudcmd.png create mode 100644 data/homer/png/cockpit.png create mode 100644 data/homer/png/cockpitcms.png create mode 100644 data/homer/png/code.png create mode 100644 data/homer/png/codeserver.png create mode 100644 data/homer/png/codimd.png create mode 100644 data/homer/png/concourse.png create mode 100644 data/homer/png/couchpotato.png create mode 100644 data/homer/png/cpanel.png create mode 100644 data/homer/png/cryptpad.png create mode 100644 data/homer/png/cyberchef.png create mode 100644 data/homer/png/deemix.png create mode 100644 data/homer/png/deluge.png create mode 100644 data/homer/png/directus.png create mode 100644 data/homer/png/docker.png create mode 100644 data/homer/png/docspell.png create mode 100644 data/homer/png/dokuwiki.png create mode 100644 data/homer/png/domoticz.png create mode 100644 data/homer/png/dozzle.png create mode 100644 data/homer/png/drawio.png create mode 100644 data/homer/png/drone.png create mode 100644 data/homer/png/droppy.png create mode 100644 data/homer/png/duplicacy.png create mode 100644 data/homer/png/duplicati.png create mode 100644 data/homer/png/ebay.png create mode 100644 data/homer/png/elastic.png create mode 100644 data/homer/png/elasticsearch.png create mode 100644 data/homer/png/element.png create mode 100644 data/homer/png/emby.png create mode 100644 data/homer/png/embystat.png create mode 100644 data/homer/png/emq.png create mode 100644 data/homer/png/erste-george.png create mode 100644 data/homer/png/erste.png create mode 100644 data/homer/png/esphome.png create mode 100644 data/homer/png/evebox.png create mode 100644 data/homer/png/facebook-messenger.png create mode 100644 data/homer/png/facebook.png create mode 100644 data/homer/png/filebrowser.png create mode 100644 data/homer/png/filerun.png create mode 100644 data/homer/png/firefly.png create mode 100644 data/homer/png/firefoxsend.png create mode 100644 data/homer/png/flexget.png create mode 100644 data/homer/png/flood.png create mode 100644 data/homer/png/foldingathome.png create mode 100644 data/homer/png/freeipa.png create mode 100644 data/homer/png/freenas.png create mode 100644 data/homer/png/freepbx.png create mode 100644 data/homer/png/freshrss.png create mode 100644 data/homer/png/ghost.png create mode 100644 data/homer/png/gitea.png create mode 100644 data/homer/png/github.png create mode 100644 data/homer/png/gitlab.png create mode 100644 data/homer/png/glances.png create mode 100644 data/homer/png/gogs.png create mode 100644 data/homer/png/google-calendar.png create mode 100644 data/homer/png/google-keep.png create mode 100644 data/homer/png/google-mail.png create mode 100644 data/homer/png/googlemaps.png create mode 100644 data/homer/png/gotify.png create mode 100644 data/homer/png/grafana.png create mode 100644 data/homer/png/grav.png create mode 100644 data/homer/png/graylog.png create mode 100644 data/homer/png/grocy.png create mode 100644 data/homer/png/guacamole.png create mode 100644 data/homer/png/handbrake.png create mode 100644 data/homer/png/haproxy.png create mode 100644 data/homer/png/hasura.png create mode 100644 data/homer/png/hdhomerun.png create mode 100644 data/homer/png/headphones.png create mode 100644 data/homer/png/healthchecks.png create mode 100644 data/homer/png/heimdall.png create mode 100644 data/homer/png/home-assistant.png create mode 100644 data/homer/png/homebridge.png create mode 100644 data/homer/png/homer.png create mode 100644 data/homer/png/hp.png create mode 100644 data/homer/png/hubitat.png create mode 100644 data/homer/png/huginn.png create mode 100644 data/homer/png/hugo.png create mode 100644 data/homer/png/hydra.png create mode 100644 data/homer/png/icecast.png create mode 100644 data/homer/png/icinga.png create mode 100644 data/homer/png/idrac.png create mode 100644 data/homer/png/ilo.png create mode 100644 data/homer/png/infoblox.png create mode 100644 data/homer/png/invidious.png create mode 100644 data/homer/png/invoiceninja.png create mode 100644 data/homer/png/iobroker.png create mode 100644 data/homer/png/irc.png create mode 100644 data/homer/png/jackett.png create mode 100644 data/homer/png/jaeger.png create mode 100644 data/homer/png/jdownloader.png create mode 100644 data/homer/png/jeedom.png create mode 100644 data/homer/png/jellyfin.png create mode 100644 data/homer/png/jenkins.png create mode 100644 data/homer/png/jitsimeet.png create mode 100644 data/homer/png/joomla.png create mode 100644 data/homer/png/joplin.png create mode 100644 data/homer/png/kanboard.png create mode 100644 data/homer/png/kavita.png create mode 100644 data/homer/png/keila.png create mode 100644 data/homer/png/keycloak.png create mode 100644 data/homer/png/kibana.png create mode 100644 data/homer/png/kimai.png create mode 100644 data/homer/png/kitana.png create mode 100644 data/homer/png/kodi.png create mode 100644 data/homer/png/komga.png create mode 100644 data/homer/png/krusader.png create mode 100644 data/homer/png/kubernetes-dashboard.png create mode 100644 data/homer/png/kutt.png create mode 100644 data/homer/png/lazylibrarian.png create mode 100644 data/homer/png/leantime.png create mode 100644 data/homer/png/lemonldapng.png create mode 100644 data/homer/png/letencrypt.png create mode 100644 data/homer/png/librenms.png create mode 100644 data/homer/png/librephotos.png create mode 100644 data/homer/png/librespeed.png create mode 100644 data/homer/png/lidarr.png create mode 100644 data/homer/png/listmonk.png create mode 100644 data/homer/png/logstash.png create mode 100644 data/homer/png/loki.png create mode 100644 data/homer/png/longhorn.png create mode 100644 data/homer/png/lychee.png create mode 100644 data/homer/png/mailcow.png create mode 100644 data/homer/png/mailhog.png create mode 100644 data/homer/png/mainsail.png create mode 100644 data/homer/png/mak.png create mode 100644 data/homer/png/mattermost.png create mode 100644 data/homer/png/mayanedms.png create mode 100644 data/homer/png/mcmyadmin.png create mode 100644 data/homer/png/mealie.png create mode 100644 data/homer/png/mediawiki.png create mode 100644 data/homer/png/medusa.png create mode 100644 data/homer/png/meraki.png create mode 100644 data/homer/png/microsoft-todo.png create mode 100644 data/homer/png/mikrotik.png create mode 100644 data/homer/png/mineos.png create mode 100644 data/homer/png/miniflux.png create mode 100644 data/homer/png/minio.png create mode 100644 data/homer/png/molecule.png create mode 100644 data/homer/png/mongodb.png create mode 100644 data/homer/png/monica.png create mode 100644 data/homer/png/monit.png create mode 100644 data/homer/png/motioneye.png create mode 100644 data/homer/png/mqtt.png create mode 100644 data/homer/png/mylar.png create mode 100644 data/homer/png/n8n.png create mode 100644 data/homer/png/nagios.png create mode 100644 data/homer/png/navidrome.png create mode 100644 data/homer/png/ncore.png create mode 100644 data/homer/png/nessus.png create mode 100644 data/homer/png/netatmo.png create mode 100644 data/homer/png/netboot.png create mode 100644 data/homer/png/netbootxyz.png create mode 100644 data/homer/png/netbox.png create mode 100644 data/homer/png/netdata.png create mode 100644 data/homer/png/nextcloud.png create mode 100644 data/homer/png/nginx.png create mode 100644 data/homer/png/nginxproxymanager.png create mode 100644 data/homer/png/nodered.png create mode 100644 data/homer/png/nowshowing.png create mode 100644 data/homer/png/ntop.png create mode 100644 data/homer/png/nxfilter.png create mode 100644 data/homer/png/nzbget.png create mode 100644 data/homer/png/nzbhydra.png create mode 100644 data/homer/png/octoprint.png create mode 100644 data/homer/png/omada.png create mode 100644 data/homer/png/ombi.png create mode 100644 data/homer/png/omnidb.png create mode 100644 data/homer/png/onlyoffice.png create mode 100644 data/homer/png/openhab.png create mode 100644 data/homer/png/openmaptiler.png create mode 100644 data/homer/png/openmediavault.png create mode 100644 data/homer/png/openspeedtest.png create mode 100644 data/homer/png/opensprinkler.png create mode 100644 data/homer/png/openvpn.png create mode 100644 data/homer/png/openwrt.png create mode 100644 data/homer/png/opnsense.png create mode 100644 data/homer/png/osticket.png create mode 100644 data/homer/png/overseerr.png create mode 100644 data/homer/png/owncloud.png create mode 100644 data/homer/png/ownphotos.png create mode 100644 data/homer/png/pagerduty.png create mode 100644 data/homer/png/paloaltonetworks.png create mode 100644 data/homer/png/paperless-ng.png create mode 100644 data/homer/png/papermerge.png create mode 100644 data/homer/png/partkeepr.png create mode 100644 data/homer/png/peertube.png create mode 100644 data/homer/png/pfsense.png create mode 100644 data/homer/png/pgadmin.png create mode 100644 data/homer/png/phantombot.png create mode 100644 data/homer/png/photoprism.png create mode 100644 data/homer/png/photostructure.png create mode 100644 data/homer/png/photoview.png create mode 100644 data/homer/png/phpldapadmin.png create mode 100644 data/homer/png/phpmyadmin.png create mode 100644 data/homer/png/piaware.png create mode 100644 data/homer/png/pihole.png create mode 100644 data/homer/png/pingdom.png create mode 100644 data/homer/png/piwigo.png create mode 100644 data/homer/png/plausible.png create mode 100644 data/homer/png/pleroma.png create mode 100644 data/homer/png/plesk.png create mode 100644 data/homer/png/plex.png create mode 100644 data/homer/png/plexdrive.png create mode 100644 data/homer/png/plexrequests.png create mode 100644 data/homer/png/plume.png create mode 100644 data/homer/png/podify.png create mode 100644 data/homer/png/portainer.png create mode 100644 data/homer/png/portus.png create mode 100644 data/homer/png/postgres.png create mode 100644 data/homer/png/printer.png create mode 100644 data/homer/png/privatebin.png create mode 100644 data/homer/png/projectsend.png create mode 100644 data/homer/png/prometheus.png create mode 100644 data/homer/png/prowlarr.png create mode 100644 data/homer/png/proxmox.png create mode 100644 data/homer/png/prtg.png create mode 100644 data/homer/png/psitransfer.png create mode 100644 data/homer/png/pterodactyl.png create mode 100644 data/homer/png/pyload.png create mode 100644 data/homer/png/qbittorrent.png create mode 100644 data/homer/png/qnap.png create mode 100644 data/homer/png/rabbitmq.png create mode 100644 data/homer/png/radarr.png create mode 100644 data/homer/png/radicale.png create mode 100644 data/homer/png/rainloop.png create mode 100644 data/homer/png/rancher.png create mode 100644 data/homer/png/raneto.png create mode 100644 data/homer/png/rclone.png create mode 100644 data/homer/png/readarr.png create mode 100644 data/homer/png/recalbox.png create mode 100644 data/homer/png/redis.png create mode 100644 data/homer/png/requestrr.png create mode 100644 data/homer/png/resiliosync.png create mode 100644 data/homer/png/riot.png create mode 100644 data/homer/png/rocketchat.png create mode 100644 data/homer/png/rompya.png create mode 100644 data/homer/png/rook.png create mode 100644 data/homer/png/roundcube.png create mode 100644 data/homer/png/router.png create mode 100644 data/homer/png/rspamd.png create mode 100644 data/homer/png/rstudioserver.png create mode 100644 data/homer/png/rundeck.png create mode 100644 data/homer/png/runeaudio.png create mode 100644 data/homer/png/rutorrent.png create mode 100644 data/homer/png/sabnzbd.png create mode 100644 data/homer/png/scrutiny.png create mode 100644 data/homer/png/seafile.png create mode 100644 data/homer/png/searxmetasearchengine.png create mode 100644 data/homer/png/serviio.png create mode 100644 data/homer/png/shaarli.png create mode 100644 data/homer/png/shinobi.png create mode 100644 data/homer/png/sickbeard.png create mode 100644 data/homer/png/sickchill.png create mode 100644 data/homer/png/sickgear.png create mode 100644 data/homer/png/sinusbot.png create mode 100644 data/homer/png/slack.png create mode 100644 data/homer/png/snibox.png create mode 100644 data/homer/png/sonarqube.png create mode 100644 data/homer/png/sonarr.png create mode 100644 data/homer/png/sourcegraph.png create mode 100644 data/homer/png/splunk.png create mode 100644 data/homer/png/spotweb.png create mode 100644 data/homer/png/squidex.png create mode 100644 data/homer/png/statping.png create mode 100644 data/homer/png/strapi.png create mode 100644 data/homer/png/streama.png create mode 100644 data/homer/png/sunshine.png create mode 100644 data/homer/png/synclounge.png create mode 100644 data/homer/png/syncthing.png create mode 100644 data/homer/png/synology.png create mode 100644 data/homer/png/taiga.png create mode 100644 data/homer/png/tandoorrecipes.png create mode 100644 data/homer/png/tasmoadmin.png create mode 100644 data/homer/png/tasmota.png create mode 100644 data/homer/png/tautulli.png create mode 100644 data/homer/png/tdarr.png create mode 100644 data/homer/png/teedy.png create mode 100644 data/homer/png/thanos.png create mode 100644 data/homer/png/theia.png create mode 100644 data/homer/png/thelounge.png create mode 100644 data/homer/png/tinytinyrss.png create mode 100644 data/homer/png/tplink.png create mode 100644 data/homer/png/traccar.png create mode 100644 data/homer/png/traefik.png create mode 100644 data/homer/png/transmission.png create mode 100644 data/homer/png/trilium.png create mode 100644 data/homer/png/truenas.png create mode 100644 data/homer/png/tubearchivist.png create mode 100644 data/homer/png/tubesync.png create mode 100644 data/homer/png/tvheadend.png create mode 100644 data/homer/png/ubooquity.png create mode 100644 data/homer/png/ultimateguitar.png create mode 100644 data/homer/png/unifi.png create mode 100644 data/homer/png/unraid.png create mode 100644 data/homer/png/updog.png create mode 100644 data/homer/png/urbackup.png create mode 100644 data/homer/png/valetudo.png create mode 100644 data/homer/png/vault.png create mode 100644 data/homer/png/vikunja.png create mode 100644 data/homer/png/virtualradarserver.png create mode 100644 data/homer/png/vmware.png create mode 100644 data/homer/png/vmwarehorizon.png create mode 100644 data/homer/png/volumio.png create mode 100644 data/homer/png/wallabag.png create mode 100644 data/homer/png/wanikani.png create mode 100644 data/homer/png/watcher.png create mode 100644 data/homer/png/watchtower.png create mode 100644 data/homer/png/webdav.png create mode 100644 data/homer/png/webmin.png create mode 100644 data/homer/png/webtools.png create mode 100644 data/homer/png/wekan.png create mode 100644 data/homer/png/wetty.png create mode 100644 data/homer/png/wggenweb.png create mode 100644 data/homer/png/whoami.png create mode 100644 data/homer/png/wikijs.png create mode 100644 data/homer/png/wireguard.png create mode 100644 data/homer/png/wizarr.png create mode 100644 data/homer/png/wordpress.png create mode 100644 data/homer/png/xbrowsersync.png create mode 100644 data/homer/png/xigmanas.png create mode 100644 data/homer/png/xteve.png create mode 100644 data/homer/png/xwiki.png create mode 100644 data/homer/png/yacht.png create mode 100644 data/homer/png/ynab.png create mode 100644 data/homer/png/youtube.png create mode 100644 data/homer/png/youtubedl.png create mode 100644 data/homer/png/zabbix.png create mode 100644 data/homer/png/zigbee2mqtt.png create mode 100644 data/homer/png/znc.png create mode 100644 data/homer/png/zoneminder.png create mode 100644 data/homer/png/zulip.png create mode 100644 data/homer/png/zwavejs.png create mode 100644 data/homer/svg/adguardhome.svg create mode 100644 data/homer/svg/adminer.svg create mode 100644 data/homer/svg/bazarr.svg create mode 100644 data/homer/svg/caddy.svg create mode 100644 data/homer/svg/calibreweb.svg create mode 100644 data/homer/svg/changedetection.svg create mode 100644 data/homer/svg/cloudflare.svg create mode 100644 data/homer/svg/discord.svg create mode 100644 data/homer/svg/filebrowser.svg create mode 100644 data/homer/svg/filerun.svg create mode 100644 data/homer/svg/freshrss.svg create mode 100644 data/homer/svg/grocy.svg create mode 100644 data/homer/svg/hedgedoc.svg create mode 100644 data/homer/svg/home-assistant.svg create mode 100644 data/homer/svg/kavita.svg create mode 100644 data/homer/svg/mailcow.svg create mode 100644 data/homer/svg/mealie.svg create mode 100644 data/homer/svg/mkb_bank.svg create mode 100644 data/homer/svg/ntop.svg create mode 100644 data/homer/svg/overseerr.svg create mode 100644 data/homer/svg/pagerduty.svg create mode 100644 data/homer/svg/portainer.svg create mode 100644 data/homer/svg/prowlarr.svg create mode 100644 data/homer/svg/pywttr-docker.svg create mode 100644 data/homer/svg/radicale.svg create mode 100644 data/homer/svg/searxng.svg create mode 100644 data/homer/svg/sonarr.svg create mode 100644 data/homer/svg/text-generation-webui.svg create mode 100644 data/homer/svg/thanos.svg create mode 100644 data/homer/svg/xbrowsersync.svg create mode 100644 data/influxdb/influxdb.conf create mode 100644 data/invidious/invidious.conf.j2 create mode 100644 data/invidious/invidious.env create mode 100644 data/jellyfin/jellyfin.conf create mode 100644 data/jenkins/configuration.yml.j2 create mode 100644 data/jenkins/jenkins.conf create mode 100644 data/kanboard/config.php create mode 100644 data/kanboard/kanboard.conf.j2 create mode 100644 data/lidarr/lidarr.conf.j2 create mode 100644 data/loki/config.yml create mode 100644 data/loki/loki.conf create mode 100644 data/msmtp_mta/msmtprc create mode 100644 data/navidrome/navidrome.conf create mode 100644 data/nextcloud/nextcloud.conf create mode 100644 data/photoprism/photoprism.conf create mode 100644 data/pihole-exporter/pihole-exporter.conf create mode 100644 data/pihole/pihole_unbound.conf create mode 100644 data/pihole/setupVars.conf create mode 100644 data/prometheus-blackbox-exporter/blackbox.yml create mode 100644 data/prometheus-nginx-exporter/defaults create mode 100644 data/prometheus-nginx-exporter/metrics.conf create mode 100644 data/prometheus-server/defaults create mode 100644 data/prometheus-server/prometheus.yml create mode 100644 data/promtail/config.yml create mode 100644 data/promtail/config_standard.yml create mode 100644 data/prowlarr/prowlarr.conf.j2 create mode 100644 data/pywttr_docker/pywttr_docker.conf.j2 create mode 100644 data/qbittorrent/qbittorrent.conf.j2 create mode 100644 data/radarr/radarr.conf.j2 create mode 100644 data/readarr/readarr.conf.j2 create mode 100644 data/searxng/searxng.conf create mode 100644 data/searxng/settings.yml create mode 100644 data/searxng/uwsgi.ini create mode 100644 data/sonarr/sonarr.conf.j2 create mode 100644 data/text_generation/text_generation.conf.j2 create mode 100644 data/vaultwarden/vaultwarden.conf.j2 create mode 100644 group_vars/all/vars.yml create mode 100644 renovate.json create mode 100644 requirements.yml create mode 100644 roles/linux_base/defaults/main.yml create mode 100644 roles/linux_base/handlers/main.yml create mode 100644 roles/linux_base/tasks/main.yml create mode 100644 roles/proxmox/cloudinit_guest/defaults/main.yml create mode 100644 roles/proxmox/cloudinit_guest/tasks/main.yml create mode 100644 roles/proxmox/debian_cloudinit/defaults/main.yml create mode 100644 roles/proxmox/debian_cloudinit/tasks/main.yml create mode 100644 roles/proxmox/fedora_cloudinit/defaults/main.yml create mode 100644 roles/proxmox/fedora_cloudinit/tasks/main.yml create mode 100644 roles/proxmox/proxmox_backup_server/tasks/main.yml create mode 100644 roles/proxmox/pve_backup/tasks/main.yml create mode 100644 roles/proxmox/system/defaults/main.yml create mode 100644 roles/proxmox/system/tasks/main.yml create mode 100644 roles/proxmox/system/tasks/proxmox_repo.yml create mode 100644 roles/proxmox/system/tasks/user.yml create mode 100644 roles/services/chronyd/handlers/main.yml create mode 100644 roles/services/chronyd/tasks/main.yml create mode 100644 roles/services/containers/arr_stack/handlers/main.yml create mode 100644 roles/services/containers/arr_stack/tasks/gluetun.yml create mode 100644 roles/services/containers/arr_stack/tasks/lidarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/main.yml create mode 100644 roles/services/containers/arr_stack/tasks/prowlarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/qbittorrent.yml create mode 100644 roles/services/containers/arr_stack/tasks/radarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/readarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/sonarr.yml create mode 100644 roles/services/containers/authelia/handlers/main.yml create mode 100644 roles/services/containers/authelia/tasks/main.yml create mode 100644 roles/services/containers/bookstack/handlers/main.yml create mode 100644 roles/services/containers/bookstack/tasks/main.yml create mode 100644 roles/services/containers/cadvisor/handlers/main.yml create mode 100644 roles/services/containers/cadvisor/tasks/main.yml create mode 100644 roles/services/containers/drawio/handlers/main.yml create mode 100644 roles/services/containers/drawio/tasks/main.yml create mode 100644 roles/services/containers/firefly/handlers/main.yml create mode 100644 roles/services/containers/firefly/tasks/main.yml create mode 100644 roles/services/containers/freshrss/handlers/main.yml create mode 100644 roles/services/containers/freshrss/tasks/main.yml create mode 100644 roles/services/containers/gitea/handlers/main.yml create mode 100644 roles/services/containers/gitea/tasks/main.yml create mode 100644 roles/services/containers/home_assistant/handlers/main.yml create mode 100644 roles/services/containers/home_assistant/tasks/main.yml create mode 100644 roles/services/containers/homer/handlers/main.yml create mode 100644 roles/services/containers/homer/tasks/main.yml create mode 100644 roles/services/containers/invidious/handlers/main.yml create mode 100644 roles/services/containers/invidious/tasks/main.yml create mode 100644 roles/services/containers/jellyfin/handlers/main.yml create mode 100644 roles/services/containers/jellyfin/tasks/main.yml create mode 100644 roles/services/containers/kanboard/handlers/main.yml create mode 100644 roles/services/containers/kanboard/tasks/main.yml create mode 100644 roles/services/containers/navidrome/handlers/main.yml create mode 100644 roles/services/containers/navidrome/tasks/main.yml create mode 100644 roles/services/containers/nextcloud/handlers/main.yml create mode 100644 roles/services/containers/nextcloud/tasks/main.yml create mode 100644 roles/services/containers/photoprism/defaults/main.yml create mode 100644 roles/services/containers/photoprism/handlers/main.yml create mode 100644 roles/services/containers/photoprism/tasks/main.yml create mode 100644 roles/services/containers/pihole_exporter/tasks/main.yml create mode 100644 roles/services/containers/pywttr_docker/handlers/main.yml create mode 100644 roles/services/containers/pywttr_docker/tasks/main.yml create mode 100644 roles/services/containers/renovate/tasks/main.yml create mode 100644 roles/services/containers/searxng/handlers/main.yml create mode 100644 roles/services/containers/searxng/tasks/main.yml create mode 100644 roles/services/containers/text_generation/handlers/main.yml create mode 100644 roles/services/containers/text_generation/tasks/main.yml create mode 100644 roles/services/containers/vaultwarden/handlers/main.yml create mode 100644 roles/services/containers/vaultwarden/tasks/main.yml create mode 100644 roles/services/docker_rootless/defaults/main.yml create mode 100644 roles/services/docker_rootless/handlers/main.yml create mode 100644 roles/services/docker_rootless/tasks/main.yml create mode 100644 roles/services/freeipa/client/defaults/main.yml create mode 100644 roles/services/freeipa/client/tasks/main.yml create mode 100644 roles/services/freeipa/server/defaults/main.yml create mode 100644 roles/services/freeipa/server/tasks/main.yml create mode 100644 roles/services/game_server/handlers/main.yml create mode 100644 roles/services/game_server/tasks/main.yml create mode 100644 roles/services/jenkins/handlers/main.yml create mode 100644 roles/services/jenkins/tasks/main.yml create mode 100644 roles/services/monitoring/grafana/defaults/main.yml create mode 100644 roles/services/monitoring/grafana/handlers/main.yml create mode 100644 roles/services/monitoring/grafana/tasks/main.yml create mode 100644 roles/services/monitoring/influxdb/defaults/main.yml create mode 100644 roles/services/monitoring/influxdb/handlers/main.yml create mode 100644 roles/services/monitoring/influxdb/tasks/main.yml create mode 100644 roles/services/monitoring/loki/handlers/main.yml create mode 100644 roles/services/monitoring/loki/tasks/main.yml create mode 100644 roles/services/monitoring/prometheus/blackbox-exporter/tasks/main.yml create mode 100644 roles/services/monitoring/prometheus/nginx_exporter/defaults/main.yml create mode 100644 roles/services/monitoring/prometheus/nginx_exporter/handlers/main.yml create mode 100644 roles/services/monitoring/prometheus/nginx_exporter/tasks/main.yml create mode 100644 roles/services/monitoring/prometheus/node_exporter/defaults/main.yml create mode 100644 roles/services/monitoring/prometheus/node_exporter/tasks/main.yml create mode 100644 roles/services/monitoring/prometheus/server/defaults/main.yml create mode 100644 roles/services/monitoring/prometheus/server/tasks/main.yml create mode 100644 roles/services/monitoring/promtail/handlers/main.yml create mode 100644 roles/services/monitoring/promtail/tasks/main.yml create mode 100644 roles/services/msmtp_mta/tasks/main.yml create mode 100644 roles/services/pihole/handlers/main.yml create mode 100644 roles/services/pihole/tasks/main.yml create mode 100644 roles/services/ssh/tasks/main.yml create mode 100644 roles/services/unattended_upgrades/tasks/main.yml create mode 100644 run.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..e652a03 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +skip_list: + - '403' + - '204' diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..3cbfdd0 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,23 @@ +pipeline { + agent any + stages { + stage('Checkout') { + steps { + checkout scm + } + } + + stage('Deploy') { + when { branch 'master' } + steps { + sh 'ansible-galaxy install -r requirements.yml' + ansiblePlaybook become: true, credentialsId: 'jenkins_freeipa_ssh', disableHostKeyChecking: true, installation: 'Default', inventory: 'inventory.yml', playbook: 'run.yml', vaultCredentialsId: 'ansible_vault' + } + } + } + post { + always { + recordIssues enabledForFailure: true, tools: [ansibleLint(pattern: '**/run.yml')] + } + } +} diff --git a/README.md b/README.md new file mode 100644 index 0000000..b948a56 --- /dev/null +++ b/README.md @@ -0,0 +1,97 @@ +# homelab\_iac + +A complete Ansible infrastructure as code representation of my homelab +featuring many custom roles and a playbook to tie it all together. + +# Using + +## Replica +This repo will not work for you immediately after cloning. Please +continue reading to understand why. You may clone this repo and then +use it as is after filling in the missing pieces for your environment +to achieve a replica of my setup. + +## Individual Roles +Alternatively, if you are only interested in a role or two, you can copy +the file structure of the role(s) you are interested in to your own project. +Roles should be entirely self contained other than dependence on variables +stored in the global variable file. + +# Omissions +In this public mirror I have decided to omit several files either due +to their sensitivity or their specificity to my environment. + +## Commit History +I did not originally intend for this repo to be public and so +previous commits contained plaintext sensitive info. Therefore +this public mirror will not contain my commit history and will instead +start as a snapshot of my configuration at the time of the initial commit. + +## Inventory +I have not included my inventory.yml file in this mirror. +Please consult the Ansible docs on creating an inventory file +before attempting to use this repo. + +## Secrets +I have purposefully not included my Ansible vault containing various secrets +in this public mirror. So if you clone this repo and attempt to run the playbook +you will get errors about missing variables. Below is a list of variables +that will need to be defined in order for the playbook to run properly. +It is highly advised but not mandatory to keep these variables in an +Ansible vault. + +- proxmox\_password +- ipabackup\_password +- ci\_password +- ipaadmin\_principal +- ipaadmin\_password +- ipafulladmin\_password +- grafana\_password +- grafana\_smtp\_password +- influx\_password +- pihole\_password +- pihole\_api\_token +- authelia\_jwt\_secret +- authelia\_session\_secret +- authelia\_encryption\_key +- authelia\_oidc\_hmac +- authelia\_oidc\_cert +- authelia\_oidc\_key +- authelia\_smtp\_password +- authelia\_ldap\_password +- gitea\_client\_secret +- jenkins\_client\_secret +- nextcloud\_client\_secret +- jellyfin\_client\_secret +- bookstack\_client\_secret +- navidrome\_encryptionkey +- msmtp\_mta\_email\_password +- invidious\_postgres\_password +- gitea\_internal\_token +- gitea\_lfs\_jwt\_secret +- jenkins\_ipa\_password +- docker\_registry\_password +- pbs\_admin\_password +- pbs\_password +- nextcloud\_postgres\_password +- nextcloud\_admin\_password +- renovate\_token +- jenkins\_password +- jenkins\_apikey +- jenkins\_privkey +- jenkins\_vault +- jenkins\_oic\_secret +- jenkins\_oic\_escapehatch +- jenkins\_metrics\_key +- photoprism\_admin\_password +- wireguard\_privkey +- wireguard\_addrs +- gluetun\_cities +- nginx\_key +- bookstack\_mysql\_root\_password +- bookstack\_mysql\_password +- bookstack\_oidc\_secret +- firefly\_postgres\_password +- firefly\_app\_key +- firefly\_cron\_token +- firefly\_access\_token diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..91fcbcf --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,8 @@ +[defaults] +deprecation_warnings=False +devel_warnings=False +callback_whitelist = profile_roles, profile_tasks +default_become=True +become=True +host_key_checking=False +roles_path=roles diff --git a/data/authelia/authelia-authrequest.conf b/data/authelia/authelia-authrequest.conf new file mode 100644 index 0000000..8d629bf --- /dev/null +++ b/data/authelia/authelia-authrequest.conf @@ -0,0 +1,25 @@ +## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. +auth_request /authelia; + +## Set the $target_url variable based on the original request. + +## Comment this line if you're using nginx without the http_set_misc module. +#set_escape_uri $target_url $scheme://$http_host$request_uri; + +## Uncomment this line if you're using NGINX without the http_set_misc module. +set $target_url $scheme://$http_host$request_uri; + +## Save the upstream response headers from Authelia to variables. +auth_request_set $user $upstream_http_remote_user; +auth_request_set $groups $upstream_http_remote_groups; +auth_request_set $name $upstream_http_remote_name; +auth_request_set $email $upstream_http_remote_email; + +## Inject the response headers from the variables into the request made to the backend. +proxy_set_header Remote-User $user; +proxy_set_header Remote-Groups $groups; +proxy_set_header Remote-Name $name; +proxy_set_header Remote-Email $email; + +## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. +error_page 401 =302 https://auth.chudnick.com/?rd=$target_url; diff --git a/data/authelia/authelia-location.conf b/data/authelia/authelia-location.conf new file mode 100644 index 0000000..43504e9 --- /dev/null +++ b/data/authelia/authelia-location.conf @@ -0,0 +1,36 @@ +set $upstream_authelia http://127.0.0.1:9091/api/verify; + +## Virtual endpoint created by nginx to forward auth requests. +location /authelia { + ## Essential Proxy Configuration + internal; + proxy_pass $upstream_authelia; + + ## Headers + ## The headers starting with X-* are required. + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header X-Original-Method $request_method; + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Uri $request_uri; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Content-Length ""; + proxy_set_header Connection ""; + + ## Basic Proxy Configuration + proxy_pass_request_body off; + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Timeout if the real server is dead + proxy_redirect http:// $scheme://; + proxy_http_version 1.1; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; + proxy_buffers 4 32k; + client_body_buffer_size 128k; + + ## Advanced Proxy Configuration + send_timeout 5m; + proxy_read_timeout 240; + proxy_send_timeout 240; + proxy_connect_timeout 240; +} diff --git a/data/authelia/authelia.conf b/data/authelia/authelia.conf new file mode 100644 index 0000000..5f3a573 --- /dev/null +++ b/data/authelia/authelia.conf @@ -0,0 +1,61 @@ +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + ssl_stapling on; + ssl_stapling_verify on; + + server_name auth.chudnick.com; + + location / { + ## Headers + proxy_set_header Host $host; + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Uri $request_uri; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Connection ""; + + ## Basic Proxy Configuration + client_body_buffer_size 128k; + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + proxy_redirect http:// $scheme://; + proxy_http_version 1.1; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; + proxy_buffers 64 256k; + + ## Trusted Proxies Configuration + real_ip_header X-Forwarded-For; + real_ip_recursive on; + + ## Advanced Proxy Configuration + send_timeout 5m; + proxy_read_timeout 360; + proxy_send_timeout 360; + proxy_connect_timeout 360; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9091; + } + + location /metrics { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9959; + } + + location /api/verify { + proxy_pass http://127.0.0.1:9091; + } + +} + +server { + listen 80; + listen [::]:80; + server_name auth.chudnick.com; + return 301 https://$host$request_uri; +} + diff --git a/data/authelia/configuration.yml b/data/authelia/configuration.yml new file mode 100644 index 0000000..c4fc923 --- /dev/null +++ b/data/authelia/configuration.yml @@ -0,0 +1,300 @@ +theme: dark +default_redirection_url: https://auth.chudnick.com + +server: + host: 0.0.0.0 + port: 9091 + read_buffer_size: 10485760 + +log: + level: info + keep_stdout: true + +authentication_backend: + password_reset: + disable: true + ldap: + implementation: freeipa + url: ldap://192.168.20.20 + timeout: 5s + start_tls: false + base_dn: DC=home,DC=local + user: UID=authelia,CN=users,CN=accounts,DC=home,DC=local + +access_control: + default_policy: deny + rules: + - domain: auth.chudnick.com + policy: bypass + + # bypass subsonic api endpoint + - domain: "music.chudnick.com" + resources: "^/rest/.*$" + policy: bypass + + # bypass metrics endpoint for monitoring server + - domain: "music.chudnick.com" + resources: "^/metrics$" + networks: + - '192.168.20.32' + policy: bypass + + - domain: "music.chudnick.com" + policy: one_factor + + # bypass mobile client api + - domain: "rss.chudnick.com" + resources: "/api/.*$" + policy: bypass + + - domain: "rss.chudnick.com" + resources: + - "/" + - "/i/.*$" + policy: one_factor + + - domain: "invidious.chudnick.com" + policy: one_factor + + # bypass grafana connection to prometheus + - domain: "monitoring.chudnick.com" + resources: "^/prometheus/api.*" + networks: + - '127.0.0.1' + - '192.168.20.32' + policy: bypass + + - domain: "monitoring.chudnick.com" + resources: "^/prometheus.*" + policy: one_factor + + # bypass metrics endpoint for monitoring server + - domain: "cadvisor.chudnick.com" + resources: "/metrics" + networks: + - '192.168.20.32' + policy: bypass + + - domain: "cadvisor.chudnick.com" + policy: one_factor + + - domain: "drawio.chudnick.com" + policy: one_factor + + # bypass grafana connection to loki + - domain: "logs.chudnick.com" + networks: + - '127.0.0.1' + - '192.168.20.32' + policy: bypass + + # bypass loki log push + - domain: "logs.chudnick.com" + resources: "/loki/api/v1/push" + policy: bypass + + - domain: "logs.chudnick.com" + policy: one_factor + + - domain: "dashboard.chudnick.com" + policy: one_factor + + - domain: "photos.chudnick.com" + policy: one_factor + + - domain: "qbittorrent.chudnick.com" + policy: one_factor + + - domain: "sonarr.chudnick.com" + policy: one_factor + + - domain: "radarr.chudnick.com" + policy: one_factor + + - domain: "lidarr.chudnick.com" + policy: one_factor + + - domain: "readarr.chudnick.com" + policy: one_factor + + - domain: "prowlarr.chudnick.com" + policy: one_factor + + - domain: "weather.chudnick.com" + policy: one_factor + + - domain: "gpt.chudnick.com" + policy: one_factor + + - domain: "tasks.chudnick.com" + policy: one_factor + + - domain: "finances.chudnick.com" + policy: one_factor + + - domain: "finimporter.chudnick.com" + policy: one_factor + + - domain: "homeassistant.chudnick.com" + policy: one_factor + + - domain: "vaultwarden.chudnick.com" + resources: "^/admin.*$" + subject: 'group:vaultwarden-admins' + policy: two_factor + +totp: + issuer: auth.chudnick.com + algorithm: sha1 + digits: 6 + period: 30 + skew: 1 + secret_size: 32 + +session: + name: authelia_session + expiration: 3600 + inactivity: 300 + domain: "chudnick.com" + + redis: + host: redis_authelia + port: 6379 + +regulation: + max_retries: 3 + find_time: 120 + ban_time: 300 + +storage: + local: + path: /config/db.sqlite3 + +telemetry: + metrics: + enabled: true + address: "tcp://0.0.0.0:9959" + buffers: + read: 4096 + write: 4096 + timeouts: + read: 2s + write: 2s + idle: 30s + +notifier: + disable_startup_check: false + smtp: + host: mail.chudnick.com + port: 465 + timeout: 5s + username: authelia + sender: "Authelia " + identifier: "auth.chudnick.com" + subject: "[Authelia] {title}" + startup_check_address: "sam@chudnick.com" + +ntp: + address: "netservices.home.local:123" + +identity_providers: + oidc: + clients: + - id: gitea + description: gitea + secret: '$plaintext${{ gitea_client_secret }}' + public: false + authorization_policy: one_factor + redirect_uris: + - https://gitea.chudnick.com/user/oauth2/authelia/callback + scopes: + - openid + - profile + - email + - groups + userinfo_signing_algorithm: none + pre_configured_consent_duration: 4w + grant_types: + - refresh_token + - authorization_code + response_types: + - code + response_modes: + - form_post + - query + - fragment + + - id: grafana + description: grafana + secret: '$plaintext${{ grafana_client_secret }}' + public: false + authorization_policy: one_factor + pre_configured_consent_duration: 4w + redirect_uris: + - https://monitoring.chudnick.com/grafana/login/generic_oauth + scopes: + - openid + - profile + - groups + - email + userinfo_signing_algorithm: none + + - id: nextcloud + description: NextCloud + secret: '$plaintext${{ nextcloud_client_secret }}' + public: false + authorization_policy: one_factor + pre_configured_consent_duration: 4w + redirect_uris: + - https://nextcloud.chudnick.com/apps/oidc_login/oidc + scopes: + - openid + - profile + - email + - groups + userinfo_signing_algorithm: none + + - id: jenkins + description: Jenkins + secret: '$plaintext${{ jenkins_client_secret }}' + public: false + authorization_policy: one_factor + pre_configured_consent_duration: 4w + redirect_uris: + - https://jenkins.chudnick.com/securityRealm/finishLogin + scopes: + - openid + - profile + - email + - groups + - offline_access + userinfo_signing_algorithm: none + + - id: jellyfin + description: jellyfin + secret: '$plaintext${{ jellyfin_client_secret }}' + public: false + authorization_policy: one_factor + pre_configured_consent_duration: 4w + redirect_uris: + - https://jellyfin.chudnick.com/sso/OID/r/authelia + scopes: + - openid + - groups + - profile + userinfo_signing_algorithm: none + + - id: bookstack + description: bookstack + secret: '$plaintext${{ bookstack_client_secret }}' + public: false + authorization_policy: one_factor + pre_configured_consent_duration: 4w + redirect_uris: + - https://wiki.chudnick.com/oidc/callback + scopes: + - openid + - groups + - profile + - email + userinfo_signing_algorithm: none diff --git a/data/authelia/proxy.conf b/data/authelia/proxy.conf new file mode 100644 index 0000000..4098bb2 --- /dev/null +++ b/data/authelia/proxy.conf @@ -0,0 +1,35 @@ +## Headers +proxy_set_header Host $host; +proxy_set_header X-Original-URL $scheme://$http_host$request_uri; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Host $http_host; +proxy_set_header X-Forwarded-Uri $request_uri; +proxy_set_header X-Forwarded-Ssl on; +proxy_set_header X-Forwarded-For $remote_addr; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header Connection ""; + +## Basic Proxy Configuration +client_body_buffer_size 128k; +proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ## Timeout if the real server is dead. +proxy_redirect http:// $scheme://; +proxy_http_version 1.1; +proxy_cache_bypass $cookie_session; +proxy_no_cache $cookie_session; +proxy_buffers 64 256k; + +## Trusted Proxies Configuration +## Please read the following documentation before configuring this: +## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies +# set_real_ip_from 10.0.0.0/8; +# set_real_ip_from 172.16.0.0/12; +# set_real_ip_from 192.168.0.0/16; +# set_real_ip_from fc00::/7; +real_ip_header X-Forwarded-For; +real_ip_recursive on; + +## Advanced Proxy Configuration +send_timeout 5m; +proxy_read_timeout 360; +proxy_send_timeout 360; +proxy_connect_timeout 360; diff --git a/data/bookstack/bookstack.conf.j2 b/data/bookstack/bookstack.conf.j2 new file mode 100644 index 0000000..0dd6f63 --- /dev/null +++ b/data/bookstack/bookstack.conf.j2 @@ -0,0 +1,27 @@ +server { + listen 443 ssl; + server_name {{ bookstack_server_name }}; + + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_stapling on; + ssl_stapling_verify on; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + location / { + proxy_pass http://127.0.0.1:{{ bookstack_external_port }}/; + } + +} + +server { + listen 80; + listen [::]:80; + server_name {{ bookstack_server_name }}; + return 301 https://$host$request_uri; +} diff --git a/data/cadvisor/cadvisor.conf b/data/cadvisor/cadvisor.conf new file mode 100644 index 0000000..62ffd48 --- /dev/null +++ b/data/cadvisor/cadvisor.conf @@ -0,0 +1,34 @@ +server { + listen 443 ssl; + server_name cadvisor.chudnick.com; + + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_stapling on; + ssl_stapling_verify on; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + # authelia + include /etc/nginx/snippets/authelia-location.conf; + + location / { + # authelia + include /etc/nginx/snippets/proxy.conf; + include /etc/nginx/snippets/authelia-authrequest.conf; + + proxy_pass http://127.0.0.1:8004/; + } + +} + +server { + listen 80; + listen [::]:80; + server_name cadvisor.chudnick.com; + return 301 https://$host$request_uri; +} diff --git a/data/chronyd/chrony.conf b/data/chronyd/chrony.conf new file mode 100644 index 0000000..59d71f6 --- /dev/null +++ b/data/chronyd/chrony.conf @@ -0,0 +1,59 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +# Use Debian vendor zone. +pool 2.debian.pool.ntp.org iburst + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC + +# Allow usage as NTP server from local network +allow 192.168.30.0/24 +allow 192.168.20.0/24 +allow 192.168.10.0/24 +allow 127.0.0.1/8 + +# Serve time even if not synchronized to an external time source +local stratum 10 + +# Require authentication for NTP sources +#authselectmode require diff --git a/data/docker/daemon.json b/data/docker/daemon.json new file mode 100644 index 0000000..ba71dfc --- /dev/null +++ b/data/docker/daemon.json @@ -0,0 +1,7 @@ +{ + "log-driver": "loki", + "log-opts": { + "loki-url": "https://logs.chudnick.com/loki/api/v1/push", + "loki-batch-size": "400" + } +} diff --git a/data/drawio/drawio.conf b/data/drawio/drawio.conf new file mode 100644 index 0000000..3c374cc --- /dev/null +++ b/data/drawio/drawio.conf @@ -0,0 +1,34 @@ +server { + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + ssl_stapling on; + ssl_stapling_verify on; + + server_name drawio.chudnick.com; + + # Security Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + # authelia + include /etc/nginx/snippets/authelia-location.conf; + + location / { + #authelia + include /etc/nginx/snippets/proxy.conf; + include /etc/nginx/snippets/authelia-authrequest.conf; + + proxy_pass http://127.0.0.1:8400; + } +} + +server { + listen 80; + listen [::]:80; + server_name drawio.chudnick.com; + return 301 https://$host$request_uri; +} + diff --git a/data/firefly/firefly.conf.j2 b/data/firefly/firefly.conf.j2 new file mode 100644 index 0000000..d3bc9a1 --- /dev/null +++ b/data/firefly/firefly.conf.j2 @@ -0,0 +1,75 @@ +server { + listen 443 ssl; + server_name {{ firefly_server_name }}; + + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_stapling on; + ssl_stapling_verify on; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always; + + # authelia + include /etc/nginx/snippets/authelia-location.conf; + + + location / { + #authelia + include /etc/nginx/snippets/proxy.conf; + include /etc/nginx/snippets/authelia-authrequest.conf; + + proxy_pass http://127.0.0.1:{{ firefly_external_port }}/; + } + +} + +server { + listen 80; + listen [::]:80; + server_name {{ firefly_server_name }}; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name {{ firefly_importer_server_name }}; + + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_stapling on; + ssl_stapling_verify on; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always; + + # authelia + include /etc/nginx/snippets/authelia-location.conf; + + location / { + #authelia + include /etc/nginx/snippets/proxy.conf; + include /etc/nginx/snippets/authelia-authrequest.conf; + + proxy_buffer_size 128k; + proxy_busy_buffers_size 256k; + + proxy_pass http://127.0.0.1:{{ firefly_importer_external_port }}/; + } + +} + +server { + listen 80; + listen [::]:80; + server_name {{ firefly_importer_server_name }}; + return 301 https://$host$request_uri; +} diff --git a/data/freshrss/freshrss.conf b/data/freshrss/freshrss.conf new file mode 100644 index 0000000..eecc2e3 --- /dev/null +++ b/data/freshrss/freshrss.conf @@ -0,0 +1,38 @@ +server { + listen 443 ssl; + server_name rss.chudnick.com; + + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_stapling on; + ssl_stapling_verify on; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + # authelia + include /etc/nginx/snippets/authelia-location.conf; + + location / { + #authelia + include /etc/nginx/snippets/proxy.conf; + include /etc/nginx/snippets/authelia-authrequest.conf; + + proxy_pass http://127.0.0.1:8090/; + + # Forward the Authorization header for the Google Reader API. + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } + +} + +server { + listen 80; + listen [::]:80; + server_name rss.chudnick.com; + return 301 https://$host$request_uri; +} diff --git a/data/game_server/lightdm.conf b/data/game_server/lightdm.conf new file mode 100644 index 0000000..eaf4d09 --- /dev/null +++ b/data/game_server/lightdm.conf @@ -0,0 +1,8 @@ +[LightDM] +[SeatDefaults] +autologin-user=gamer +autologin-user-timeout=0 +user-session=/usr/bin/startxfce4 +[Seat:*] +[XDMCPServer] +[VNCServer] diff --git a/data/game_server/sunshine_proxy.conf b/data/game_server/sunshine_proxy.conf new file mode 100644 index 0000000..8e3fb69 --- /dev/null +++ b/data/game_server/sunshine_proxy.conf @@ -0,0 +1,24 @@ +server { + listen 443 ssl; + server_name games.chudnick.com; + + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + location / { + proxy_pass http://127.0.0.1:47990/; + } + +} + +server { + listen 80; + listen [::]:80; + server_name games.chudnick.com; + return 301 https://$host$request_uri; +} diff --git a/data/game_server/xinitrc b/data/game_server/xinitrc new file mode 100644 index 0000000..19ac175 --- /dev/null +++ b/data/game_server/xinitrc @@ -0,0 +1,107 @@ +#!/bin/sh + +# fix broken $UID on some system... +if test "x$UID" = "x"; then + if test -x /usr/xpg4/bin/id; then + UID=`/usr/xpg4/bin/id -u`; + else + UID=`id -u`; + fi +fi + +# set $XDG_MENU_PREFIX to "xfce-" so that "xfce-applications.menu" is picked +# over "applications.menu" in all Xfce applications. +if test "x$XDG_MENU_PREFIX" = "x"; then + XDG_MENU_PREFIX="xfce-" + export XDG_MENU_PREFIX +fi + +# set DESKTOP_SESSION so that one can detect easily if an Xfce session is running +if test "x$DESKTOP_SESSION" = "x"; then + DESKTOP_SESSION="xfce" + export DESKTOP_SESSION +fi + +# set XDG_CURRENT_DESKTOP so that Qt 5 applications can identify user set Xfce theme +if test "x$XDG_CURRENT_DESKTOP" = "x"; then + XDG_CURRENT_DESKTOP="XFCE" + export XDG_CURRENT_DESKTOP +fi + +# $XDG_CONFIG_HOME defines the base directory relative to which user specific +# configuration files should be stored. If $XDG_CONFIG_HOME is either not set +# or empty, a default equal to $HOME/.config should be used. +if test "x$XDG_CONFIG_HOME" = "x" ; then + XDG_CONFIG_HOME=$HOME/.config +fi +[ -d "$XDG_CONFIG_HOME" ] || mkdir "$XDG_CONFIG_HOME" + +# $XDG_CACHE_HOME defines the base directory relative to which user specific +# non-essential data files should be stored. If $XDG_CACHE_HOME is either not +# set or empty, a default equal to $HOME/.cache should be used. +if test "x$XDG_CACHE_HOME" = "x" ; then + XDG_CACHE_HOME=$HOME/.cache +fi +[ -d "$XDG_CACHE_HOME" ] || mkdir "$XDG_CACHE_HOME" + +# set up XDG user directores. see +# http://freedesktop.org/wiki/Software/xdg-user-dirs +if command -v xdg-user-dirs-update >/dev/null 2>&1; then + xdg-user-dirs-update +fi + +# For now, start with an empty list +XRESOURCES="" + +# Has to go prior to merging Xft.xrdb, as its the "Defaults" file +test -r "/etc/xdg/xfce4/Xft.xrdb" && XRESOURCES="$XRESOURCES /etc/xdg/xfce4/Xft.xrdb" +test -r $HOME/.Xdefaults && XRESOURCES="$XRESOURCES $HOME/.Xdefaults" + +BASEDIR=$XDG_CONFIG_HOME/xfce4 +if test -r "$BASEDIR/Xft.xrdb"; then + XRESOURCES="$XRESOURCES $BASEDIR/Xft.xrdb" +elif test -r "$XFCE4HOME/Xft.xrdb"; then + mkdir -p "$BASEDIR" + cp "$XFCE4HOME/Xft.xrdb" "$BASEDIR"/ + XRESOURCES="$XRESOURCES $BASEDIR/Xft.xrdb" +fi + +# merge in X cursor settings +test -r "$BASEDIR/Xcursor.xrdb" && XRESOURCES="$XRESOURCES $BASEDIR/Xcursor.xrdb" + +# ~/.Xresources contains overrides to the above +test -r "$HOME/.Xresources" && XRESOURCES="$XRESOURCES $HOME/.Xresources" + +# load all X resources (adds /dev/null to avoid an empty list that would hang the process) +cat /dev/null $XRESOURCES | xrdb -merge - + +# load local modmap +test -r $HOME/.Xmodmap && xmodmap $HOME/.Xmodmap + +# if XAUTHLOCALHOSTNAME is not set in systemd user session, starting of xfce4-notifyd, DISPLAY etc. will fail +if command -v systemctl >/dev/null 2>&1 && systemctl --user list-jobs >/dev/null 2>&1; then # user session is running + dbus-update-activation-environment --systemd XAUTHLOCALHOSTNAME=$XAUTHLOCALHOSTNAME +fi + + +# check if we start xfce4-session with ck-launch-session. this is only +# required for starting from a console, not a login manager +if test "x$XFCE4_SESSION_WITH_CK" = "x1"; then + if command -v ck-launch-session >/dev/null 2>&1; then + exec ck-launch-session xfce4-session + else + echo + echo "You have tried to start Xfce with consolekit support, but" + echo "ck-launch-session is not installed." + echo "Aborted startup..." + echo + exit 1 + fi +else + # start xfce4-session normally + systemctl --user start sunshine + exec xfce4-session +fi + +# if we got here, then exec failed +exit 1 diff --git a/data/gitea/app.ini b/data/gitea/app.ini new file mode 100644 index 0000000..84f9647 --- /dev/null +++ b/data/gitea/app.ini @@ -0,0 +1,103 @@ +APP_NAME = Gitea: Git with a cup of tea +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories +ENABLE_PUSH_CREATE_USER = true +DEFAULT_PUSH_CREATE_PRIVATE = false + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = gitea.chudnick.com +SSH_DOMAIN = gitea.chudnick.com +HTTP_PORT = 3000 +ROOT_URL = https://gitea.chudnick.com/ +DISABLE_SSH = false +SSH_PORT = 22 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_JWT_SECRET = +OFFLINE_MODE = false + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = sqlite3 +HOST = localhost:3306 +NAME = gitea +USER = root +PASSWD = +LOG_SQL = false +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[attachment] +PATH = /data/gitea/attachments + +[log] +MODE = console +LEVEL = info +ROUTER = console +ROOT_PATH = /data/gitea/log + +[security] +INSTALL_LOCK = true +SECRET_KEY = +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * +INTERNAL_TOKEN = +PASSWORD_HASH_ALGO = pbkdf2 + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[lfs] +PATH = /data/git/lfs + +[mailer] +ENABLED = false + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[webhook] +ALLOWED_HOST_LIST = jenkins.chudnick.com + +[metrics] +ENABLED = true diff --git a/data/gitea/gitea.conf b/data/gitea/gitea.conf new file mode 100644 index 0000000..1b862a4 --- /dev/null +++ b/data/gitea/gitea.conf @@ -0,0 +1,30 @@ +server { + listen 443 ssl; + server_name gitea.chudnick.com; + + ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_stapling on; + ssl_stapling_verify on; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + location / { + proxy_pass http://127.0.0.1:8003/; + } + + # for docker image push + client_max_body_size 500M; + +} + +server { + listen 80; + listen [::]:80; + server_name gitea.chudnick.com; + return 301 https://$host$request_uri; +} diff --git a/data/grafana/grafana.conf b/data/grafana/grafana.conf new file mode 100644 index 0000000..9fcc1b0 --- /dev/null +++ b/data/grafana/grafana.conf @@ -0,0 +1,134 @@ +# this is required to proxy Grafana Live WebSocket connections. +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream grafana { + server localhost:3000; +} + +server { + listen 443 ssl; + server_name monitoring.chudnick.com + root /usr/share/nginx/html; + index index.html index.htm; + + ssl_certificate "/etc/nginx/tls/fullchain.pem"; + ssl_certificate_key "/etc/nginx/tls/privkey.pem"; + + location /grafana { + proxy_set_header Host $http_host; + proxy_pass http://localhost:3000; + } + + # Proxy Grafana Live WebSocket connections. + location /grafana/api/live/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_pass http://localhost:3000; + } + + # Restrict access to metrics + location /grafana/metrics { + allow 127.0.0.1; + allow 192.168.20.32; + allow 192.168.10.254; + deny all; + proxy_set_header Host $http_host; + proxy_pass http://localhost:3000; + } + + + # Prometheus + + set $upstream_authelia https://auth.chudnick.com/api/verify; + resolver 192.168.20.34; + + ## Virtual endpoint created by nginx to forward auth requests. + location /authelia { + ## Essential Proxy Configuration + internal; + proxy_pass $upstream_authelia; + + ## Headers + ## The headers starting with X-* are required. + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header X-Original-Method $request_method; + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Uri $request_uri; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Content-Length ""; + proxy_set_header Connection ""; + + ## Basic Proxy Configuration + proxy_pass_request_body off; + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + proxy_redirect http:// $scheme://; + proxy_http_version 1.1; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; + proxy_buffers 4 32k; + client_body_buffer_size 128k; + + ## Advanced Proxy Configuration + send_timeout 5m; + proxy_read_timeout 240; + proxy_send_timeout 240; + proxy_connect_timeout 240; + } + + + location /prometheus { + # Authelia config + proxy_set_header Host $host; + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Uri $request_uri; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Connection ""; + client_body_buffer_size 128k; + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + proxy_redirect http:// $scheme://; + proxy_http_version 1.1; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; + proxy_buffers 64 256k; + real_ip_header X-Forwarded-For; + real_ip_recursive on; + send_timeout 5m; + proxy_read_timeout 360; + proxy_send_timeout 360; + proxy_connect_timeout 360; + + # Authelia request + auth_request /authelia; + set $target_url $scheme://$http_host$request_uri; + auth_request_set $user $upstream_http_remote_user; + auth_request_set $groups $upstream_http_remote_groups; + auth_request_set $name $upstream_http_remote_name; + auth_request_set $email $upstream_http_remote_email; + proxy_set_header Remote-User $user; + proxy_set_header Remote-Groups $groups; + proxy_set_header Remote-Name $name; + proxy_set_header Remote-Email $email; + error_page 401 =302 https://auth.chudnick.com/?rd=$target_url; + + proxy_pass http://127.0.0.1:9090/prometheus; + } + +} + +server { + listen 80; + return 301 https://$host$request_uri; + server_name monitoring.chudnick.com; + return 404; +} diff --git a/data/grafana/grafana.ini.j2 b/data/grafana/grafana.ini.j2 new file mode 100644 index 0000000..c24cc6a --- /dev/null +++ b/data/grafana/grafana.ini.j2 @@ -0,0 +1,1268 @@ +##################### Grafana Configuration Defaults ##################### + +# possible values : production, development +app_mode = production + +# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty +instance_name = ${HOSTNAME} + +# force migration will run migrations that might cause dataloss +force_migration = false + +#################################### Paths ############################### +[paths] +# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) +data = /var/lib/grafana + +# Temporary files in `data` directory older than given duration will be removed +temp_data_lifetime = 24h + +# Directory where grafana can store logs +logs = /var/log/grafana + +# Directory where grafana will automatically scan and look for plugins +plugins = /var/lib/grafana/plugins + +# folder that contains provisioning config files that grafana will apply on startup and while running. +provisioning = /etc/grafana/provisioning + +#################################### Server ############################## +[server] +# Protocol (http, https, h2, socket) +protocol = http + +# The ip address to bind to, empty will bind to all interfaces +http_addr = + +# The http port to use +http_port = 3000 + +# The public facing domain name used to access grafana from a browser +domain = monitoring.chudnick.com/grafana + +# Redirect to correct domain if host header does not match domain +# Prevents DNS rebinding attacks +enforce_domain = false + +# The full public facing url +root_url = https://monitoring.chudnick.com/grafana + +# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons. +serve_from_sub_path = true + +# Log web requests +router_logging = false + +# the path relative working path +static_root_path = public + +# enable gzip +enable_gzip = false + +# https certs & key file + +# Unix socket path +socket = /tmp/grafana.sock + +# CDN Url +cdn_url = + +# Sets the maximum time in minutes before timing out read of an incoming request and closing idle connections. +# `0` means there is no timeout for reading the request. +read_timeout = 0 + +#################################### Database ############################ +[database] +# You can configure the database connection by specifying type, host, name, user and password +# as separate properties or as on string using the url property. + +# Either "mysql", "postgres" or "sqlite3", it's your choice +type = sqlite3 +host = 127.0.0.1:3306 +name = grafana +user = root +# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" +password = +# Use either URL or the previous fields to configure the database +# Example: mysql://user:secret@host:port/database +url = + +# Max idle conn setting default is 2 +max_idle_conn = 2 + +# Max conn setting default is 0 (mean not set) +max_open_conn = + +# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) +conn_max_lifetime = 14400 + +# Set to true to log the sql calls and execution times. +log_queries = + +# For "postgres", use either "disable", "require" or "verify-full" +# For "mysql", use either "true", "false", or "skip-verify". +ssl_mode = disable + +# Database drivers may support different transaction isolation levels. +# Currently, only "mysql" driver supports isolation levels. +# If the value is empty - driver's default isolation level is applied. +# For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE". +isolation_level = + +ca_cert_path = +client_key_path = +client_cert_path = +server_cert_name = + +# For "sqlite3" only, path relative to data_path setting +path = grafana.db + +# For "sqlite3" only. cache mode setting used for connecting to the database +cache_mode = private + +# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0. +locking_attempt_timeout_sec = 0 + +#################################### Cache server ############################# +[remote_cache] +# Either "redis", "memcached" or "database" default is "database" +type = database + +# cache connectionstring options +# database: will use Grafana primary database. +# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'. +# memcache: 127.0.0.1:11211 +connstr = + +#################################### Data proxy ########################### +[dataproxy] + +# This enables data proxy logging, default is false +logging = false + +# How long the data proxy waits to read the headers of the response before timing out, default is 30 seconds. +# This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set. +timeout = 30 + +# How long the data proxy waits to establish a TCP connection before timing out, default is 10 seconds. +dialTimeout = 10 + +# How many seconds the data proxy waits before sending a keepalive request. +keep_alive_seconds = 30 + +# How many seconds the data proxy waits for a successful TLS Handshake before timing out. +tls_handshake_timeout_seconds = 10 + +# How many seconds the data proxy will wait for a server's first response headers after +# fully writing the request headers if the request has an "Expect: 100-continue" +# header. A value of 0 will result in the body being sent immediately, without +# waiting for the server to approve. +expect_continue_timeout_seconds = 1 + +# Optionally limits the total number of connections per host, including connections in the dialing, +# active, and idle states. On limit violation, dials will block. +# A value of zero (0) means no limit. +max_conns_per_host = 0 + +# The maximum number of idle connections that Grafana will keep alive. +max_idle_connections = 100 + +# How many seconds the data proxy keeps an idle connection open before timing out. +idle_conn_timeout_seconds = 90 + +# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request. +send_user_header = false + +# Limit the amount of bytes that will be read/accepted from responses of outgoing HTTP requests. +response_limit = 0 + +# Limits the number of rows that Grafana will process from SQL data sources. +row_limit = 1000000 + +#################################### Analytics ########################### +[analytics] +# Server reporting, sends usage counters to stats.grafana.org every 24 hours. +# No ip addresses are being tracked, only simple counters to track +# running instances, dashboard and error counts. It is very helpful to us. +# Change this option to false to disable reporting. +reporting_enabled = false + +# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs +reporting_distributor = + +# Set to false to disable all checks to https://grafana.com +# for new versions of grafana. The check is used +# in some UI views to notify that a grafana update exists. +# This option does not cause any auto updates, nor send any information +# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version. +check_for_updates = false + +# Set to false to disable all checks to https://grafana.com +# for new versions of plugins. The check is used +# in some UI views to notify that a plugin update exists. +# This option does not cause any auto updates, nor send any information +# only a GET request to https://grafana.com to get the latest versions. +check_for_plugin_updates = false + +# Google Analytics universal tracking code, only enabled if you specify an id here +google_analytics_ua_id = + +# Google Tag Manager ID, only enabled if you specify an id here +google_tag_manager_id = + +# Rudderstack write key, enabled only if rudderstack_data_plane_url is also set +rudderstack_write_key = + +# Rudderstack data plane url, enabled only if rudderstack_write_key is also set +rudderstack_data_plane_url = + +# Rudderstack SDK url, optional, only valid if rudderstack_write_key and rudderstack_data_plane_url is also set +rudderstack_sdk_url = + +# Rudderstack Config url, optional, used by Rudderstack SDK to fetch source config +rudderstack_config_url = + +# Application Insights connection string. Specify an URL string to enable this feature. +application_insights_connection_string = + +# Optional. Specifies an Application Insights endpoint URL where the endpoint string is wrapped in backticks ``. +application_insights_endpoint_url = + +# Controls if the UI contains any links to user feedback forms +feedback_links_enabled = false + +#################################### Security ############################ +[security] +# disable creation of admin user on first start of grafana +disable_initial_admin_creation = true + +# used for signing +secret_key = SW2YcwTIb9zpOOhoPsMm + +# current key provider used for envelope encryption, default to static value specified by secret_key +encryption_provider = secretKey.v1 + +# list of configured key providers, space separated (Enterprise only): e.g., awskms.v1 azurekv.v1 +available_encryption_providers = + +# disable gravatar profile images +disable_gravatar = true + +# data source proxy whitelist (ip_or_domain:port separated by spaces) +data_source_proxy_whitelist = + +# disable protection against brute force login attempts +disable_brute_force_login_protection = true + +# set to true if you host Grafana behind HTTPS. default is false. +cookie_secure = true + +# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled" +cookie_samesite = strict + +# set to true if you want to allow browsers to render Grafana in a ,