diff --git a/inventories/prod/group_vars/all.yml b/inventories/prod/group_vars/all.yml index c65bd85..5f8c39d 100644 --- a/inventories/prod/group_vars/all.yml +++ b/inventories/prod/group_vars/all.yml @@ -2,12 +2,39 @@ domain: cazzzer.com wg_privkey: !vault | $ANSIBLE_VAULT;1.2;AES256;alpina - 61393332313539313434346432313864386536393330383137303765616661366462353863646461 - 3533323061306232316235623830373432343332396437640a343465623565303730363464616363 - 31376561363064353261313030626662653064313366656266393639323731373566323633366331 - 3964373763396665380a663930363232626165306434613835313436646565313266363432646265 - 36626264356332383663613731633333333539313133613365613738613339313134626463653131 - 3830353835306265333736373766326362363032383363633666 + 31663639306133623739366363353430303338656137386434303862346434633665333434613931 + 3430313162333937636234313761366337393431616630330a393962643962353234343431653439 + 35323966643531386538643636623439636633326638316233386266343964333563306330383437 + 6132333063626365330a353232366464636663633236383563343834316164636434613639363765 + 37653738663463303236333232663338623034363737643138303238663033323361373064343334 + 3762303565343765393332626565333637643462353631343833 + +wg_psk: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 31353436343638306237623864633533626662376362656531616665356333326238353533306438 + 3164646631633464313966353533633137643234333264650a666134613666613262323461306131 + 32383438363566653766613337363236616139616661343930656362636366346133353137366639 + 3762623635386330320a643465396563666562383261623964396431366466663766303939336434 + 61626434363763303637316165343566383064613663626339366635343537646130323731376461 + 6231346162313465323739623939306436656438336565336436 + +wg_addresses: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 66306130383462373166306561663431366262626537393330373061616636306433323734643632 + 6332363262346630353338626632353039636666636264340a616537363638386635383934303533 + 34376136636334616332626161386435333031363931616331363232313338346234316361383033 + 3236626331333032390a353466323863326565386531643335653565386433613431623337313666 + 32643065653763643563623232313262316534326266386135633463623966636532356463653765 + 32656333623032633263643539336537313536326263303465373066633738353832363064306465 + 353636666162393734333338653834366333 + +fw_vpn_input_ports: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 36353933613361353132366636386138616336323437616366613164633036343234313338303830 + 3662663462346134343338363264303030663935393865650a666161633163383437373139663362 + 35666633363762633135616630336239623065366266633335623832323762613565376166383131 + 6163646561353335360a386664386166626134366339393566613461626230323836646139316463 + 3938 github_consumer_key: 32d5cae58d744c56fcc9 github_consumer_secret: !vault | diff --git a/inventories/staging/group_vars/all.yml b/inventories/staging/group_vars/all.yml index 11b4a27..ee55778 100644 --- a/inventories/staging/group_vars/all.yml +++ b/inventories/staging/group_vars/all.yml @@ -2,12 +2,39 @@ domain: lab.cazzzer.com wg_privkey: !vault | $ANSIBLE_VAULT;1.2;AES256;alpina - 65323564393964323564366665663835383263313266306132313063353866336330666335363835 - 3537633434346631343266633964646362646263633961610a356664326330646338373336636536 - 37616631373936623732663462373437383032306362623431383832343238613331643233353262 - 6136343930636233310a323162396239316330616164313438303832636661666363363731366135 - 39383461633966396638356632656635346166363633613261333333346435336633366339316231 - 3262343033633438383538366135356239303939643262353137 + 31333936633664396332303835396261626463383139326538356363303832323533643636383364 + 3364613639616462313462313361363836396338623636660a376230646137346536393330393837 + 64363065396332316262386330313534636135303264636532373432356265383337306365363531 + 6533343563393062640a366364346136353361653033383731613764363762663865643031303663 + 62623562636563633038366465636430656231323431643236323461333134623633613464393439 + 3331663962646534353931336630333961616134343931343534 + +wg_psk: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 31393235386262363733633063393031396532336161613138353931616364616165613131336138 + 3861323766326233383836613233333332306166633138300a373164306664393061643135646662 + 30626536646562363263303238663430393361653566306134373633626534643038326566616237 + 3233363838343466640a306364663738346235323535643465663330616235373266383233646263 + 31373332613461376235343431396431633733653865636636363733303466366430316431663730 + 6537663563613233353838303738653532633136663430383961 + +wg_addresses: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 36613639386139353965346134663431343032626637326238303830653335633062633936373938 + 3633636637613033303362343038653262626165636537350a356136363730643738383264306662 + 34363731313730613164646138653235653363303033663637386230373161623965326265663439 + 6365643730373235320a323065336535356636646131666262636133643435633237396331653833 + 63393836393162623164633130393034643364373838313939346438623761326364316337343066 + 30643131636636643038366634663137643436323833326362373666393563316235306533373039 + 636233633762303639373239353661343162 + +fw_vpn_input_ports: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 39326564343633633465376363396633396332636664383539373230633033383161626434643435 + 3539336531356336663638626630613934323162313639610a626637393637363837636631666534 + 38663031306536323866336365373565633634666561663636653938643538336630393061326564 + 3863363030346530630a343138623664323336353036343430323261393036373563393762663530 + 3730 github_consumer_key: dbacb8621c37320eb745 github_consumer_secret: !vault | diff --git a/roles/alpina/collections/apps/arrstack/app_config.yml b/roles/alpina/collections/apps/arrstack/app_config.yml index 5e7b5e2..2540438 100644 --- a/roles/alpina/collections/apps/arrstack/app_config.yml +++ b/roles/alpina/collections/apps/arrstack/app_config.yml @@ -1,13 +1,8 @@ $ANSIBLE_VAULT;1.2;AES256;alpina -63346463363535316637363430646637633164656432643064663166636233343766623539343466 -3362346266633930313332353836663633616366646135340a343461663237363031343563323630 -32373734383739376437373836613465636462313262356666616264383137643734373032326236 -6564393337346263660a663331303334653165383930653938356539663861646638343536383637 -33343962663965623131306365323265336564633866653639393930346132613664306631356237 -31323132383737383462386237343866303231396137383139316536373537373937616339333130 -39656332633730333462663931643366333131393466303031633439323234343234393062336262 -35383939343037393266333736396563666238633163316631326432353430616430663665313765 -35623064366632336635323236353837636562663161633837663564376266336433333733663533 -65656532663739613033653662386366616432333032303336663733346439616561626532303237 -61613231383435353532383232356434663735373463666430396336646637303964643563646532 -31613163633538653432 \ No newline at end of file +66613933613334643836373939636238303035626535666161323634323837623565383337666232 +6166363839626433636231323434633164643033633466650a393032356231306436663563613734 +37316438306536316438383236373431333931373933323361623162323363623332333130653366 +6363616430353835620a366666303230313239393430326538346436626239663431316639633139 +33663261303864326162313235663536363332633731383636663165313061343863373333396536 +31336234306337393730343861636232643561356165393664633537623662353830613338363833 +306537353361653834656134383632306239 \ No newline at end of file diff --git a/roles/alpina/collections/apps/arrstack/templates/.env.gluetun.j2 b/roles/alpina/collections/apps/arrstack/templates/.env.gluetun.j2 index 5df57bb..a777884 100644 --- a/roles/alpina/collections/apps/arrstack/templates/.env.gluetun.j2 +++ b/roles/alpina/collections/apps/arrstack/templates/.env.gluetun.j2 @@ -1,19 +1,31 @@ +## ProtonVPN OpenVPN #VPN_SERVICE_PROVIDER=protonvpn #OPENVPN_USER=+pmp #OPENVPN_PASSWORD= #SERVER_HOSTNAMES=node-us-160.protonvpn.net,node-us-161.protonvpn.net #VPN_PORT_FORWARDING=on -VPN_SERVICE_PROVIDER=custom +## ProtonVPN WireGuard +#VPN_SERVICE_PROVIDER=custom +#VPN_TYPE=wireguard +#VPN_ENDPOINT_IP= +#VPN_ENDPOINT_PORT= +#WIREGUARD_PUBLIC_KEY= +#WIREGUARD_PRIVATE_KEY= +#WIREGUARD_PRESHARED_KEY= +#WIREGUARD_ADDRESSES= +#VPN_DNS_ADDRESS= +#VPN_PORT_FORWARDING=on +#VPN_PORT_FORWARDING_PROVIDER=protonvpn + +## AirVPN +VPN_SERVICE_PROVIDER=airvpn VPN_TYPE=wireguard -VPN_ENDPOINT_IP={{ wg_peer_ip }} -VPN_ENDPOINT_PORT={{ wg_peer_port }} +SERVER_CITIES=Los Angeles WIREGUARD_PUBLIC_KEY={{ wg_peer_pubkey }} WIREGUARD_PRIVATE_KEY={{ wg_privkey }} -WIREGUARD_PRESHARED_KEY= -WIREGUARD_ADDRESSES={{ wg_address }} -VPN_DNS_ADDRESS={{ wg_dns }} -VPN_PORT_FORWARDING=on -VPN_PORT_FORWARDING_PROVIDER=protonvpn +WIREGUARD_PRESHARED_KEY={{ wg_psk }} +WIREGUARD_ADDRESSES={{ wg_addresses }} +FIREWALL_VPN_INPUT_PORTS={{ fw_vpn_input_ports }} -#FIREWALL_OUTBOUND_SUBNETS=192.168.144.0/24 +#FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/8,{{ docker_ipv6_subnet }} diff --git a/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 b/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 index e09781b..551c449 100644 --- a/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 +++ b/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2 @@ -38,25 +38,6 @@ services: - {{ media_volume_path }}/Plex:/media/Plex - {{ media_volume_path }}/iso-img:/media/iso-img - {# https://github.com/qdm12/gluetun/issues/1488#issuecomment-1489597284 -#} - {# Even though it should work without this, there is no way to manually set the router in qbittorrent. -#} - {# So you get 'UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[10.2.0.2]: no router found"' -#} - qbittorrent_natmap: - container_name: qbittorrent_natmap - image: ghcr.io/soxfor/qbittorrent-natmap:latest - restart: unless-stopped - environment: - - QBITTORRENT_SERVER=10.2.0.2 - - VPN_GATEWAY=10.2.0.1 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - network_mode: "service:gluetun" - depends_on: - gluetun: - condition: service_healthy - qbittorrent: - condition: service_started - prowlarr: image: linuxserver/prowlarr:latest container_name: prowlarr