diff --git a/ansible/dev-requirements.txt b/ansible/dev-requirements.txt index 17178a5..dbb6d94 100644 --- a/ansible/dev-requirements.txt +++ b/ansible/dev-requirements.txt @@ -1,3 +1,3 @@ -r requirements.txt ansible-lint==4.2.0 -yamllint==1.21.0 +yamllint==1.23.0 diff --git a/ansible/roles/intersect-docker/files/calibre/docker-compose.yml b/ansible/roles/intersect-docker/files/calibre/docker-compose.yml index fbb638c..7292cf2 100644 --- a/ansible/roles/intersect-docker/files/calibre/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/calibre/docker-compose.yml @@ -12,6 +12,6 @@ services: - ./config:/config - /srv/nextcloud-data/data/jake/files/EBooks:/books:ro labels: - - "traefik.enable=true" - - "traefik.http.routers.calibre.rule=Host(`calibre.jakehoward.tech`)" - - "traefik.http.routers.calibre.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.calibre.rule=Host(`calibre.jakehoward.tech`) + - traefik.http.routers.calibre.tls.certresolver=le diff --git a/ansible/roles/intersect-docker/files/emby/docker-compose.yml b/ansible/roles/intersect-docker/files/emby/docker-compose.yml index c65286c..2b86967 100644 --- a/ansible/roles/intersect-docker/files/emby/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/emby/docker-compose.yml @@ -16,6 +16,6 @@ services: - 8096:8096 restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.emby.rule=Host(`media.jakehoward.tech`)" - - "traefik.http.routers.emby.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.emby.rule=Host(`media.jakehoward.tech`) + - traefik.http.routers.emby.tls.certresolver=le diff --git a/ansible/roles/intersect-docker/files/gitea/docker-compose.yml b/ansible/roles/intersect-docker/files/gitea/docker-compose.yml index 18e32dc..6807246 100644 --- a/ansible/roles/intersect-docker/files/gitea/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/gitea/docker-compose.yml @@ -9,10 +9,10 @@ services: - USER_UID={{ docker_user.id }} - USER_GID={{ docker_user.id }} labels: - - "traefik.enable=true" - - "traefik.http.routers.gitea.rule=(Host(`git.theorangeone.net`) || Host(`git.0rng.one`))" - - "traefik.http.routers.gitea.tls.certresolver=le" - - "traefik.http.services.gitea-gitea.loadbalancer.server.port=3000" + - traefik.enable=true + - traefik.http.routers.gitea.rule=(Host(`git.theorangeone.net`) || Host(`git.0rng.one`)) + - traefik.http.routers.gitea.tls.certresolver=le + - traefik.http.services.gitea-gitea.loadbalancer.server.port=3000 ports: - "{{ wireguard.clients.intersect.ip }}:3022:3022" volumes: diff --git a/ansible/roles/intersect-docker/files/gotify/docker-compose.yml b/ansible/roles/intersect-docker/files/gotify/docker-compose.yml index 24abc93..956300d 100644 --- a/ansible/roles/intersect-docker/files/gotify/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/gotify/docker-compose.yml @@ -9,6 +9,6 @@ services: - ./data:/app/data restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.gotify.rule=Host(`gotify.jakehoward.tech`)" - - "traefik.http.routers.gotify.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.gotify.rule=Host(`gotify.jakehoward.tech`) + - traefik.http.routers.gotify.tls.certresolver=le diff --git a/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml b/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml index 577bd0c..38a2227 100644 --- a/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml @@ -11,8 +11,8 @@ services: - 33377:80 restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)" - - "traefik.http.routers.librespeed.tls.certresolver=le" - - "traefik.http.routers.librespeed.middlewares=librespeed-auth@docker" - - "traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }}" + - traefik.enable=true + - traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`) + - traefik.http.routers.librespeed.tls.certresolver=le + - traefik.http.routers.librespeed.middlewares=librespeed-auth@docker + - traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }} diff --git a/ansible/roles/intersect-docker/files/nextcloud/docker-compose.yml b/ansible/roles/intersect-docker/files/nextcloud/docker-compose.yml index c48b2d0..8ff1891 100644 --- a/ansible/roles/intersect-docker/files/nextcloud/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/nextcloud/docker-compose.yml @@ -18,13 +18,13 @@ services: tmpfs: - /config/log labels: - - "traefik.enable=true" - - "traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`)" - - "traefik.http.routers.nextcloud.tls.certresolver=le" - - "traefik.http.services.nextcloud-nextcloud.loadbalancer.server.port=443" - - "traefik.http.services.nextcloud-nextcloud.loadbalancer.server.scheme=https" - - "traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552000" - - "traefik.http.routers.nextcloud.middlewares=nextcloud-hsts@docker" + - traefik.enable=true + - traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`) + - traefik.http.routers.nextcloud.tls.certresolver=le + - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.port=443 + - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.scheme=https + - traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552000 + - traefik.http.routers.nextcloud.middlewares=nextcloud-hsts@docker db: image: postgres:12-alpine @@ -63,9 +63,9 @@ services: cap_add: - MKNOD environment: - - "domain=intersect\\.jakehoward\\.tech" + - domain=intersect\\.jakehoward\\.tech labels: - - "traefik.enable=true" - - "traefik.http.routers.collabora.rule=Host(`collabora.jakehoward.tech`)" - - "traefik.http.routers.collabora.tls.certresolver=le" - - "traefik.http.services.collabora-nextcloud.loadbalancer.server.scheme=https" + - traefik.enable=true + - traefik.http.routers.collabora.rule=Host(`collabora.jakehoward.tech`) + - traefik.http.routers.collabora.tls.certresolver=le + - traefik.http.services.collabora-nextcloud.loadbalancer.server.scheme=https diff --git a/ansible/roles/intersect-docker/files/pihole/docker-compose.yml b/ansible/roles/intersect-docker/files/pihole/docker-compose.yml index 4bb2a34..9081eeb 100644 --- a/ansible/roles/intersect-docker/files/pihole/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/pihole/docker-compose.yml @@ -15,8 +15,8 @@ services: - ./dnsmasq.d/:/etc/dnsmasq.d/ restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.pihole.rule=Host(`pihole.jakehoward.tech`)" - - "traefik.http.routers.pihole.tls.certresolver=le" - - "traefik.http.routers.pihole.middlewares=internal-only@file" - - "traefik.http.services.pihole-pihole.loadbalancer.server.port=80" + - traefik.enable=true + - traefik.http.routers.pihole.rule=Host(`pihole.jakehoward.tech`) + - traefik.http.routers.pihole.tls.certresolver=le + - traefik.http.routers.pihole.middlewares=internal-only@file + - traefik.http.services.pihole-pihole.loadbalancer.server.port=80 diff --git a/ansible/roles/intersect-docker/files/synapse/docker-compose.yml b/ansible/roles/intersect-docker/files/synapse/docker-compose.yml index b0a8c34..91e9a63 100644 --- a/ansible/roles/intersect-docker/files/synapse/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/synapse/docker-compose.yml @@ -16,10 +16,10 @@ services: expose: - 8008 labels: - - "traefik.enable=true" - - "traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`)" - - "traefik.http.routers.synapse.tls.certresolver=le" - - "traefik.http.routers.synapse.entrypoints=web-secure,matrix" + - traefik.enable=true + - traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`) + - traefik.http.routers.synapse.tls.certresolver=le + - traefik.http.routers.synapse.entrypoints=web-secure,matrix db: image: postgres:12-alpine diff --git a/ansible/roles/intersect-docker/files/synapse/homeserver.yml b/ansible/roles/intersect-docker/files/synapse/homeserver.yml index 700bd0d..d4d0370 100644 --- a/ansible/roles/intersect-docker/files/synapse/homeserver.yml +++ b/ansible/roles/intersect-docker/files/synapse/homeserver.yml @@ -108,15 +108,15 @@ pid_file: /data/homeserver.pid # listed here, since they correspond to unroutable addresses.) # federation_ip_range_blacklist: - - '127.0.0.0/8' - - '10.0.0.0/8' - - '172.16.0.0/12' - - '192.168.0.0/16' - - '100.64.0.0/10' - - '169.254.0.0/16' - - '::1/128' - - 'fe80::/64' - - 'fc00::/7' + - 127.0.0.0/8 + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 100.64.0.0/10 + - 169.254.0.0/16 + - ::1/128 + - fe80::/64 + - fc00::/7 # List of ports that Synapse should listen on, their purpose and their # configuration. @@ -469,7 +469,7 @@ acme: # Again, you may want to change this if you are forwarding connections # through Apache/Nginx/etc. # - bind_addresses: ['::', '0.0.0.0'] + bind_addresses: ["::", 0.0.0.0] # How many days remaining on a certificate before it is renewed. # reprovision_threshold: 30 diff --git a/ansible/roles/intersect-docker/files/torrent/docker-compose.yml b/ansible/roles/intersect-docker/files/torrent/docker-compose.yml index 49418b6..bbc113c 100644 --- a/ansible/roles/intersect-docker/files/torrent/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/torrent/docker-compose.yml @@ -15,10 +15,10 @@ services: - 8112:8112 restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.deluge.rule=Host(`deluge.jakehoward.tech`)" - - "traefik.http.routers.deluge.tls.certresolver=le" - - "traefik.http.routers.deluge.middlewares=internal-only@file" + - traefik.enable=true + - traefik.http.routers.deluge.rule=Host(`deluge.jakehoward.tech`) + - traefik.http.routers.deluge.tls.certresolver=le + - traefik.http.routers.deluge.middlewares=internal-only@file tor-socks-proxy: image: peterdavehello/tor-socks-proxy:latest diff --git a/ansible/roles/intersect-docker/files/tt-rss/docker-compose.yml b/ansible/roles/intersect-docker/files/tt-rss/docker-compose.yml index 2c6b35a..8b4660d 100644 --- a/ansible/roles/intersect-docker/files/tt-rss/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/tt-rss/docker-compose.yml @@ -12,9 +12,9 @@ services: - ./config:/config restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`)" - - "traefik.http.routers.tt-rss.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`) + - traefik.http.routers.tt-rss.tls.certresolver=le db: image: postgres:12-alpine diff --git a/ansible/roles/intersect-docker/files/wallabag/docker-compose.yml b/ansible/roles/intersect-docker/files/wallabag/docker-compose.yml index e43fb75..b3237f8 100644 --- a/ansible/roles/intersect-docker/files/wallabag/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/wallabag/docker-compose.yml @@ -12,9 +12,9 @@ services: - ./data:/var/www/wallabag/data - ./images:/var/www/wallabag/images labels: - - "traefik.enable=true" - - "traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`)" - - "traefik.http.routers.wallabag.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`) + - traefik.http.routers.wallabag.tls.certresolver=le redis: image: redis:6-alpine diff --git a/ansible/roles/intersect-docker/files/web-rng/docker-compose.yml b/ansible/roles/intersect-docker/files/web-rng/docker-compose.yml index 33e8526..70c1bf8 100644 --- a/ansible/roles/intersect-docker/files/web-rng/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/web-rng/docker-compose.yml @@ -6,6 +6,6 @@ services: container_name: web-rng restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.web-rng.rule=Host(`rng.theorangeone.net`)" - - "traefik.http.routers.web-rng.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.web-rng.rule=Host(`rng.theorangeone.net`) + - traefik.http.routers.web-rng.tls.certresolver=le diff --git a/ansible/roles/intersect-docker/files/whoami/docker-compose.yml b/ansible/roles/intersect-docker/files/whoami/docker-compose.yml index a4de573..4a8d94d 100644 --- a/ansible/roles/intersect-docker/files/whoami/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/whoami/docker-compose.yml @@ -6,6 +6,6 @@ services: container_name: whoami restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`)" - - "traefik.http.routers.whoami.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`) + - traefik.http.routers.whoami.tls.certresolver=le diff --git a/ansible/roles/statping/files/docker-compose.yml b/ansible/roles/statping/files/docker-compose.yml index 320e9a0..5da4c7a 100644 --- a/ansible/roles/statping/files/docker-compose.yml +++ b/ansible/roles/statping/files/docker-compose.yml @@ -8,9 +8,9 @@ services: volumes: - ./statping:/app labels: - - "traefik.enable=true" - - "traefik.http.routers.statping.rule=Host(`stats.theorangeone.net`)" - - "traefik.http.routers.statping.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.statping.rule=Host(`stats.theorangeone.net`) + - traefik.http.routers.statping.tls.certresolver=le db: image: postgres:12-alpine diff --git a/ansible/roles/traefik/files/file-provider.yml b/ansible/roles/traefik/files/file-provider.yml index 0811eba..6893c53 100644 --- a/ansible/roles/traefik/files/file-provider.yml +++ b/ansible/roles/traefik/files/file-provider.yml @@ -3,9 +3,9 @@ http: internal-only: ipWhiteList: sourceRange: - - "10.0.0.0/8" - - "172.16.0.0/12" - - "192.168.0.0/16" + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 tls-redirect: redirectScheme: scheme: https diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml index 564a8fb..fd1c7d9 100644 --- a/ansible/roles/traefik/files/traefik.yml +++ b/ansible/roles/traefik/files/traefik.yml @@ -1,16 +1,16 @@ entryPoints: web: - address: ":80" + address: :80 proxyProtocol: trustedIPs: - "{{ wireguard.cidr }}" web-secure: - address: ":443" + address: :443 proxyProtocol: trustedIPs: - "{{ wireguard.cidr }}" matrix: - address: ":8448" + address: :8448 proxyProtocol: trustedIPs: - "{{ wireguard.cidr }}" diff --git a/ansible/roles/upload/files/docker-compose.yml b/ansible/roles/upload/files/docker-compose.yml index f4d89cf..0c08573 100644 --- a/ansible/roles/upload/files/docker-compose.yml +++ b/ansible/roles/upload/files/docker-compose.yml @@ -11,9 +11,9 @@ services: - MINIO_ACCESS_KEY={{ minio_access_key }} - MINIO_SECRET_KEY={{ minio_secret_key }} labels: - - "traefik.enable=true" - - "traefik.http.routers.upload.rule=Host(`upload.theorangeone.net`)" - - "traefik.http.routers.upload.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.upload.rule=Host(`upload.theorangeone.net`) + - traefik.http.routers.upload.tls.certresolver=le img: image: theorangeone/static-server:latest @@ -21,9 +21,9 @@ services: volumes: - ./data/img:/srv:ro labels: - - "traefik.enable=true" - - "traefik.http.routers.img.rule=Host(`img.theorangeone.net`) || Host(`img.0rng.one`)" - - "traefik.http.routers.img.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.img.rule=Host(`img.theorangeone.net`) || Host(`img.0rng.one`) + - traefik.http.routers.img.tls.certresolver=le bg: image: theorangeone/static-server:latest @@ -33,9 +33,9 @@ services: environment: - FANCY_INDEX=on labels: - - "traefik.enable=true" - - "traefik.http.routers.bg.rule=Host(`bg.theorangeone.net`)" - - "traefik.http.routers.bg.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.bg.rule=Host(`bg.theorangeone.net`) + - traefik.http.routers.bg.tls.certresolver=le dl: image: theorangeone/static-server:latest @@ -43,6 +43,6 @@ services: volumes: - ./data/download:/srv:ro labels: - - "traefik.enable=true" - - "traefik.http.routers.dl.rule=Host(`dl.theorangeone.net`) || Host(`dl.0rng.one`)" - - "traefik.http.routers.dl.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.dl.rule=Host(`dl.theorangeone.net`) || Host(`dl.0rng.one`) + - traefik.http.routers.dl.tls.certresolver=le diff --git a/ansible/roles/website/files/docker-compose.yml b/ansible/roles/website/files/docker-compose.yml index c7b7607..1bf1a79 100644 --- a/ansible/roles/website/files/docker-compose.yml +++ b/ansible/roles/website/files/docker-compose.yml @@ -10,9 +10,9 @@ services: - ./access.log:/var/log/nginx/access.log - ./report.html:/usr/share/nginx/html/stats/index.html:ro labels: - - "traefik.enable=true" - - "traefik.http.routers.website.rule=Host(`theorangeone.net`) || Host(`www.theorangeone.net`)" - - "traefik.http.routers.website.tls.certresolver=le" + - traefik.enable=true + - traefik.http.routers.website.rule=Host(`theorangeone.net`) || Host(`www.theorangeone.net`) + - traefik.http.routers.website.tls.certresolver=le stats: image: theorangeone/goaccess-static:latest