Alpha Chen 10 months ago
parent 995ed3504b
commit 9c1c82017a
Signed by: alpha
SSH Key Fingerprint: SHA256:3fOT8fiYQG/aK9ntivV3Bqtg8AYQ7q4nV6ZgihOA20g

@ -0,0 +1,88 @@
# https://www.parseable.com/docs/log-ingestion/agents/logstash
- name: Set up Parseable
hosts: lotus-land-story
vars_files:
- vars.yml
tasks:
- name: Create directories for volume mounting
ansible.builtin.file:
path: /mnt/lotus-land-story/parseable/{{ item }}
state: directory
mode: "0755"
loop:
- data
- staging
# https://www.parseable.com/logstash/logstash.conf
- name: Configure Logstash
ansible.builtin.copy:
dest: /mnt/lotus-land-story/parseable/logstash.conf
content: |
output {
http {
id => "parseable"
format => "json_batch"
codec => "json"
url => "http://parseable:8000/api/v1/ingest"
headers => {
"Authorization" => "Basic YWRtaW46YWRtaW4="
"x-p-stream" => "logstash"
}
http_method => "post"
http_compression => false
automatic_retries => 5
retry_non_idempotent => true
connect_timeout => 30
keepalive => false
content_type => "application/json"
}
}
mode: "0644"
- name: Get docker network
community.docker.docker_network:
name: lotus_land_story
register: docker_network
# https://www.parseable.com/logstash/docker-compose.yaml
- name: Run Parseable
community.docker.docker_container:
restart: true
name: parseable
image: parseable/parseable:v0.7.3
command:
- parseable
- local-store
env:
P_FS_DIR: /parseable/data
P_STAGING_DIR: /parseable/staging
P_USERNAME: admin
P_PASSWORD: admin
P_OIDC_CLIENT_ID: parseable
P_OIDC_CLIENT_SECRET: "{{ parseable.oidc_secret }}"
P_OIDC_ISSUER: https://auth.{{ domain }}
P_ORIGIN_URI: https://logs.{{ domain }}
volumes:
- ./data:/parseable/data
- ./staging:/parseable/staging
restart_policy: unless-stopped
networks:
- name: lotus_land_story
- name: Run Logstash
community.docker.docker_container:
restart: true
name: logstash
image: docker.elastic.co/logstash/logstash-oss:8.12.0
command: logstash -f /etc/logstash/conf.d/logstash.conf
env:
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
volumes:
- /mnt/lotus-land-story/parseable/logstash.conf:/etc/logstash/conf.d/logstash.conf
restart_policy: unless-stopped
networks:
- name: lotus_land_story
# vim: ft=yaml.ansible

@ -38,6 +38,7 @@ auth.{{ domain }} {
search.{{ domain }} { search.{{ domain }} {
forward_auth authelia:9091 { forward_auth authelia:9091 {
uri /api/verify?rd=https://auth.{{ domain }} uri /api/verify?rd=https://auth.{{ domain }}
# copy_headers Remote-User
# This import needs to be included if you're relying on a trusted proxies configuration. # This import needs to be included if you're relying on a trusted proxies configuration.
import trusted_proxy_list import trusted_proxy_list
@ -95,4 +96,8 @@ paperless.{{ domain }} {
} }
} }
logs.{{ domain }} {
reverse_proxy parseable:8000
}
# vim: ts=4 # vim: ts=4

@ -1,3 +1,5 @@
# https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets
theme: auto theme: auto
jwt_secret: {{ authelia.jwt_secret }} jwt_secret: {{ authelia.jwt_secret }}
default_redirection_url: https://auth.{{ domain }}/ default_redirection_url: https://auth.{{ domain }}/
@ -18,6 +20,7 @@ access_control:
default_policy: deny default_policy: deny
rules: rules:
- domain: "*.{{ domain }}" - domain: "*.{{ domain }}"
# policy: one_factor
policy: two_factor policy: two_factor
session: session:
@ -42,11 +45,11 @@ identity_providers:
issuer_private_key: | issuer_private_key: |
{{ authelia.oidc_private_key | indent(6) }} {{ authelia.oidc_private_key | indent(6) }}
clients: clients:
- id: grafana - id: grafana
description: Grafana description: Grafana
secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
public: false public: false
# authorization_policy: two_factor
redirect_uris: redirect_uris:
- https://grafana.{{ domain }}/login/generic_oauth - https://grafana.{{ domain }}/login/generic_oauth
scopes: scopes:
@ -54,7 +57,7 @@ identity_providers:
- profile - profile
- groups - groups
- email - email
userinfo_signing_algorithm: none
- id: tailscale - id: tailscale
description: Tailscale description: Tailscale
secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0 secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0
@ -64,18 +67,18 @@ identity_providers:
- openid - openid
- email - email
- profile - profile
- id: gitea - id: gitea
description: Gitea description: Gitea
secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0 secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0
public: false public: false
# authorization_policy: two_factor
redirect_uris: redirect_uris:
- https://git.{{ domain }}/user/oauth2/authelia/callback - https://git.{{ domain }}/user/oauth2/authelia/callback
scopes: scopes:
- openid - openid
- email - email
- profile - profile
userinfo_signing_algorithm: none
- id: miniflux - id: miniflux
description: Miniflux description: Miniflux
secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w
@ -86,4 +89,15 @@ identity_providers:
- openid - openid
- email - email
- profile - profile
userinfo_signing_algorithm: none
- id: parseable
description: Parseable
secret: $argon2id$v=19$m=65536,t=3,p=4$glcGbEsVvimlXW08i18Mbg$5VsdS3E8897Dsb1n+BMO5SAy1a1Sq9jeCLcTADTMGtA
public: false
redirect_uris:
- https://logs.{{ domain }}/api/v1/o/code
scopes:
- openid
- email
- profile
- groups

@ -6,3 +6,8 @@ users:
email: alpha@kejadlen.dev email: alpha@kejadlen.dev
groups: groups:
- admins - admins
lydia:
disabled: false
displayname: "Lydia"
password: "$argon2id$v=19$m=65536,t=3,p=4$ALAevUUnRK1hcwf5jp1OkA$aSwuYjEMrbtcAGfhsclL901QKF5S+6u42NQFG7S8DkI" # yamllint disable-line rule:line-length
email: lydia.islan@gmail.com

Loading…
Cancel
Save