Alpha Chen 11 months ago
parent 995ed3504b
commit 9c1c82017a
Signed by: alpha
SSH Key Fingerprint: SHA256:3fOT8fiYQG/aK9ntivV3Bqtg8AYQ7q4nV6ZgihOA20g

@ -0,0 +1,88 @@
# https://www.parseable.com/docs/log-ingestion/agents/logstash
- name: Set up Parseable
hosts: lotus-land-story
vars_files:
- vars.yml
tasks:
- name: Create directories for volume mounting
ansible.builtin.file:
path: /mnt/lotus-land-story/parseable/{{ item }}
state: directory
mode: "0755"
loop:
- data
- staging
# https://www.parseable.com/logstash/logstash.conf
- name: Configure Logstash
ansible.builtin.copy:
dest: /mnt/lotus-land-story/parseable/logstash.conf
content: |
output {
http {
id => "parseable"
format => "json_batch"
codec => "json"
url => "http://parseable:8000/api/v1/ingest"
headers => {
"Authorization" => "Basic YWRtaW46YWRtaW4="
"x-p-stream" => "logstash"
}
http_method => "post"
http_compression => false
automatic_retries => 5
retry_non_idempotent => true
connect_timeout => 30
keepalive => false
content_type => "application/json"
}
}
mode: "0644"
- name: Get docker network
community.docker.docker_network:
name: lotus_land_story
register: docker_network
# https://www.parseable.com/logstash/docker-compose.yaml
- name: Run Parseable
community.docker.docker_container:
restart: true
name: parseable
image: parseable/parseable:v0.7.3
command:
- parseable
- local-store
env:
P_FS_DIR: /parseable/data
P_STAGING_DIR: /parseable/staging
P_USERNAME: admin
P_PASSWORD: admin
P_OIDC_CLIENT_ID: parseable
P_OIDC_CLIENT_SECRET: "{{ parseable.oidc_secret }}"
P_OIDC_ISSUER: https://auth.{{ domain }}
P_ORIGIN_URI: https://logs.{{ domain }}
volumes:
- ./data:/parseable/data
- ./staging:/parseable/staging
restart_policy: unless-stopped
networks:
- name: lotus_land_story
- name: Run Logstash
community.docker.docker_container:
restart: true
name: logstash
image: docker.elastic.co/logstash/logstash-oss:8.12.0
command: logstash -f /etc/logstash/conf.d/logstash.conf
env:
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
volumes:
- /mnt/lotus-land-story/parseable/logstash.conf:/etc/logstash/conf.d/logstash.conf
restart_policy: unless-stopped
networks:
- name: lotus_land_story
# vim: ft=yaml.ansible

@ -38,6 +38,7 @@ auth.{{ domain }} {
search.{{ domain }} {
forward_auth authelia:9091 {
uri /api/verify?rd=https://auth.{{ domain }}
# copy_headers Remote-User
# This import needs to be included if you're relying on a trusted proxies configuration.
import trusted_proxy_list
@ -95,4 +96,8 @@ paperless.{{ domain }} {
}
}
logs.{{ domain }} {
reverse_proxy parseable:8000
}
# vim: ts=4

@ -1,3 +1,5 @@
# https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets
theme: auto
jwt_secret: {{ authelia.jwt_secret }}
default_redirection_url: https://auth.{{ domain }}/
@ -18,6 +20,7 @@ access_control:
default_policy: deny
rules:
- domain: "*.{{ domain }}"
# policy: one_factor
policy: two_factor
session:
@ -42,48 +45,59 @@ identity_providers:
issuer_private_key: |
{{ authelia.oidc_private_key | indent(6) }}
clients:
- id: grafana
description: Grafana
secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
public: false
# authorization_policy: two_factor
redirect_uris:
- https://grafana.{{ domain }}/login/generic_oauth
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
- id: tailscale
description: Tailscale
secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0
redirect_uris:
- https://login.tailscale.com/a/oauth_response
scopes:
- openid
- email
- profile
- id: gitea
description: Gitea
secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0
public: false
# authorization_policy: two_factor
redirect_uris:
- https://git.{{ domain }}/user/oauth2/authelia/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
- id: miniflux
description: Miniflux
secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w
public: false
redirect_uris:
- https://rss.{{ domain }}/oauth2/oidc/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
- id: grafana
description: Grafana
secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
public: false
redirect_uris:
- https://grafana.{{ domain }}/login/generic_oauth
scopes:
- openid
- profile
- groups
- email
- id: tailscale
description: Tailscale
secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0
redirect_uris:
- https://login.tailscale.com/a/oauth_response
scopes:
- openid
- email
- profile
- id: gitea
description: Gitea
secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0
public: false
redirect_uris:
- https://git.{{ domain }}/user/oauth2/authelia/callback
scopes:
- openid
- email
- profile
- id: miniflux
description: Miniflux
secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w
public: false
redirect_uris:
- https://rss.{{ domain }}/oauth2/oidc/callback
scopes:
- openid
- email
- profile
- id: parseable
description: Parseable
secret: $argon2id$v=19$m=65536,t=3,p=4$glcGbEsVvimlXW08i18Mbg$5VsdS3E8897Dsb1n+BMO5SAy1a1Sq9jeCLcTADTMGtA
public: false
redirect_uris:
- https://logs.{{ domain }}/api/v1/o/code
scopes:
- openid
- email
- profile
- groups

@ -2,7 +2,12 @@ users:
alpha:
disabled: false
displayname: "Alpha"
password: "$argon2id$v=19$m=65536,t=3,p=4$JHtyy/vVD+37neJUjy5Shw$6GODmDOXW/v7cfhqwuEp30bVSCWLT5R3OEe/Gi5FGX0" # yamllint disable-line rule:line-length
password: "$argon2id$v=19$m=65536,t=3,p=4$JHtyy/vVD+37neJUjy5Shw$6GODmDOXW/v7cfhqwuEp30bVSCWLT5R3OEe/Gi5FGX0" # yamllint disable-line rule:line-length
email: alpha@kejadlen.dev
groups:
- admins
lydia:
disabled: false
displayname: "Lydia"
password: "$argon2id$v=19$m=65536,t=3,p=4$ALAevUUnRK1hcwf5jp1OkA$aSwuYjEMrbtcAGfhsclL901QKF5S+6u42NQFG7S8DkI" # yamllint disable-line rule:line-length
email: lydia.islan@gmail.com

Loading…
Cancel
Save