From 46e35eea82f93c6d290e1ad4ca680f12644c7ede Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Wed, 17 Jan 2024 21:20:44 -0800 Subject: [PATCH] mu --- lotus-land-story/hledger.yml | 1 + lotus-land-story/searxng.yml | 46 ++++++++++++++++++++++++++++ lotus-land-story/templates/Caddyfile | 32 ++++++++++++------- on-fire-within/main.yml | 6 ++-- 4 files changed, 71 insertions(+), 14 deletions(-) create mode 100644 lotus-land-story/searxng.yml diff --git a/lotus-land-story/hledger.yml b/lotus-land-story/hledger.yml index 9d81579..ef03aab 100644 --- a/lotus-land-story/hledger.yml +++ b/lotus-land-story/hledger.yml @@ -12,6 +12,7 @@ - name: Run hledger community.docker.docker_container: + state: absent restart: true name: hledger image: dastapov/hledger:1.31 diff --git a/lotus-land-story/searxng.yml b/lotus-land-story/searxng.yml new file mode 100644 index 0000000..61181bb --- /dev/null +++ b/lotus-land-story/searxng.yml @@ -0,0 +1,46 @@ +# https://docs.searxng.org/admin/installation-docker.html#installation-docker + +- name: Set up SearXNG + hosts: lotus-land-story + vars_files: + - vars.yml + tasks: + + - name: Get docker network + community.docker.docker_network: + name: lotus_land_story + register: docker_network + + - name: Run SearXNG + community.docker.docker_container: + restart: true + name: searxng + image: searxng/searxng:2024.1.17-7c80807bb + env: + SEARXNG_BASE_URL: https://search.{{ domain }} + # DATABASE_URL: postgres://miniflux:{{ miniflux.db_password }}@host.docker.internal/miniflux + # RUN_MIGRATIONS: "1" + # CREATE_ADMIN: "1" + # ADMIN_USERNAME: alpha + # ADMIN_PASSWORD: "{{ miniflux.password }}" + # METRICS_COLLECTOR: "1" + # METRICS_ALLOWED_NETWORKS: "{{ docker_network.network.IPAM.Config[0].Subnet }}" + # OAUTH2_PROVIDER: oidc + # OAUTH2_CLIENT_ID: miniflux + # OAUTH2_CLIENT_SECRET: "{{ miniflux.oidc_secret }}" + # OAUTH2_REDIRECT_URL: https://rss.{{ domain }}/oauth2/oidc/callback + # OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://auth.{{ domain }} + # OAUTH2_USER_CREATION: "1" + # LOG_FORMAT: json + # LOG_LEVEL: info + restart_policy: unless-stopped + networks: + - name: lotus_land_story + etc_hosts: + host.docker.internal: host-gateway + + handlers: + - name: Import restarts + ansible.builtin.import_tasks: restarts.yml + +# vim: ft=yaml.ansible diff --git a/lotus-land-story/templates/Caddyfile b/lotus-land-story/templates/Caddyfile index 2e4952d..b8f3f76 100644 --- a/lotus-land-story/templates/Caddyfile +++ b/lotus-land-story/templates/Caddyfile @@ -1,3 +1,9 @@ +{ + servers { + metrics + } +} + # https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies (trusted_proxy_list) { trusted_proxies {{ trusted_proxies }} @@ -29,19 +35,23 @@ auth.{{ domain }} { } } -{{ hledger.subdomain }}.{{ domain }} { - forward_auth authelia:9091 { - uri /api/verify?rd=https://auth.{{ domain }} - # copy_headers Remote-User Remote-Groups Remote-Name Remote-Email +search.{{ domain }} { + reverse_proxy searxng:8080 +} - ## This import needs to be included if you're relying on a trusted proxies configuration. - import trusted_proxy_list - } +# {{ hledger.subdomain }}.{{ domain }} { +# forward_auth authelia:9091 { +# uri /api/verify?rd=https://auth.{{ domain }} +# # copy_headers Remote-User Remote-Groups Remote-Name Remote-Email - reverse_proxy hledger:5000 { - import trusted_proxy_list - } -} +# ## This import needs to be included if you're relying on a trusted proxies configuration. +# import trusted_proxy_list +# } + +# reverse_proxy hledger:5000 { +# import trusted_proxy_list +# } +# } books.{{ domain }} { forward_auth authelia:9091 { diff --git a/on-fire-within/main.yml b/on-fire-within/main.yml index 8c2c2c6..91320cf 100644 --- a/on-fire-within/main.yml +++ b/on-fire-within/main.yml @@ -104,7 +104,7 @@ # https://docs.syncthing.net/users/faq.html#inotify-limits - name: Increase inotify limit for syncthing - lineinfile: + ansible.builtin.lineinfile: path: /etc/sysctl.conf regexp: '^fs.inotify.max_user_watches=' line: fs.inotify.max_user_watches=204800 @@ -114,7 +114,7 @@ # # https://github.com/ansible/ansible/issues/33960 - name: Save original host facts - set_fact: + ansible.builtin.set_fact: "{{ item }}_original": "{{ lookup('vars', item) }}" with_items: - minio @@ -166,7 +166,7 @@ # - traefik.http.routers.mitmproxy-web.tls.certresolver=le # - traefik.http.services.mitmproxy-web.loadbalancer.server.port=8081 pihole: - image: pihole/pihole:2023.11.0 + image: pihole/pihole:2024.01.0 container_name: pihole ports: - 53:53/tcp