Alpha Chen 10 months ago
parent 43bf24f5a8
commit 46e35eea82
Signed by: alpha
SSH Key Fingerprint: SHA256:3fOT8fiYQG/aK9ntivV3Bqtg8AYQ7q4nV6ZgihOA20g

@ -12,6 +12,7 @@
- name: Run hledger
community.docker.docker_container:
state: absent
restart: true
name: hledger
image: dastapov/hledger:1.31

@ -0,0 +1,46 @@
# https://docs.searxng.org/admin/installation-docker.html#installation-docker
- name: Set up SearXNG
hosts: lotus-land-story
vars_files:
- vars.yml
tasks:
- name: Get docker network
community.docker.docker_network:
name: lotus_land_story
register: docker_network
- name: Run SearXNG
community.docker.docker_container:
restart: true
name: searxng
image: searxng/searxng:2024.1.17-7c80807bb
env:
SEARXNG_BASE_URL: https://search.{{ domain }}
# DATABASE_URL: postgres://miniflux:{{ miniflux.db_password }}@host.docker.internal/miniflux
# RUN_MIGRATIONS: "1"
# CREATE_ADMIN: "1"
# ADMIN_USERNAME: alpha
# ADMIN_PASSWORD: "{{ miniflux.password }}"
# METRICS_COLLECTOR: "1"
# METRICS_ALLOWED_NETWORKS: "{{ docker_network.network.IPAM.Config[0].Subnet }}"
# OAUTH2_PROVIDER: oidc
# OAUTH2_CLIENT_ID: miniflux
# OAUTH2_CLIENT_SECRET: "{{ miniflux.oidc_secret }}"
# OAUTH2_REDIRECT_URL: https://rss.{{ domain }}/oauth2/oidc/callback
# OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://auth.{{ domain }}
# OAUTH2_USER_CREATION: "1"
# LOG_FORMAT: json
# LOG_LEVEL: info
restart_policy: unless-stopped
networks:
- name: lotus_land_story
etc_hosts:
host.docker.internal: host-gateway
handlers:
- name: Import restarts
ansible.builtin.import_tasks: restarts.yml
# vim: ft=yaml.ansible

@ -1,3 +1,9 @@
{
servers {
metrics
}
}
# https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
(trusted_proxy_list) {
trusted_proxies {{ trusted_proxies }}
@ -29,19 +35,23 @@ auth.{{ domain }} {
}
}
{{ hledger.subdomain }}.{{ domain }} {
forward_auth authelia:9091 {
uri /api/verify?rd=https://auth.{{ domain }}
# copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
## This import needs to be included if you're relying on a trusted proxies configuration.
import trusted_proxy_list
search.{{ domain }} {
reverse_proxy searxng:8080
}
reverse_proxy hledger:5000 {
import trusted_proxy_list
}
}
# {{ hledger.subdomain }}.{{ domain }} {
# forward_auth authelia:9091 {
# uri /api/verify?rd=https://auth.{{ domain }}
# # copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
# ## This import needs to be included if you're relying on a trusted proxies configuration.
# import trusted_proxy_list
# }
# reverse_proxy hledger:5000 {
# import trusted_proxy_list
# }
# }
books.{{ domain }} {
forward_auth authelia:9091 {

@ -104,7 +104,7 @@
# https://docs.syncthing.net/users/faq.html#inotify-limits
- name: Increase inotify limit for syncthing
lineinfile:
ansible.builtin.lineinfile:
path: /etc/sysctl.conf
regexp: '^fs.inotify.max_user_watches='
line: fs.inotify.max_user_watches=204800
@ -114,7 +114,7 @@
#
# https://github.com/ansible/ansible/issues/33960
- name: Save original host facts
set_fact:
ansible.builtin.set_fact:
"{{ item }}_original": "{{ lookup('vars', item) }}"
with_items:
- minio
@ -166,7 +166,7 @@
# - traefik.http.routers.mitmproxy-web.tls.certresolver=le
# - traefik.http.services.mitmproxy-web.loadbalancer.server.port=8081
pihole:
image: pihole/pihole:2023.11.0
image: pihole/pihole:2024.01.0
container_name: pihole
ports:
- 53:53/tcp

Loading…
Cancel
Save