apps: add pgrok
This commit is contained in:
@@ -33,4 +33,5 @@
|
||||
- jellyfin
|
||||
- arrstack
|
||||
- vpgen
|
||||
- pgrok
|
||||
import_tasks: deploy_collection.yml
|
||||
|
||||
31
roles/alpina/templates/apps/pgrok/compose.yml.j2
Normal file
31
roles/alpina/templates/apps/pgrok/compose.yml.j2
Normal file
@@ -0,0 +1,31 @@
|
||||
{% import 'contrib/compose_helpers.j2' as helpers with context %}
|
||||
|
||||
networks:
|
||||
{{ helpers.default_network(194) | indent(2) }}
|
||||
|
||||
# https://github.com/pgrok/pgrok/blob/main/docs/admin/docker.md#docker-compose
|
||||
services:
|
||||
server:
|
||||
image: ghcr.io/pgrok/pgrokd:latest
|
||||
container_name: pgrok_server
|
||||
labels:
|
||||
- {{ helpers.traefik_labels('pgrok', port='3320') | indent(6) }}
|
||||
- {{ helpers.traefik_labels('pgrok', port='3000', wildcard=true) | indent(6) }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./pgrokd.yml:/var/opt/pgrokd/pgrokd.yml
|
||||
ports:
|
||||
- "2222:2222"
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
db:
|
||||
image: postgres:17-alpine
|
||||
container_name: pgrok_db
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- {{ base_volume_path }}/pgrok/postgres:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_DB: pgrok
|
||||
POSTGRES_USER: pgrok
|
||||
POSTGRES_PASSWORD: "{{ pgrok_db_password }}"
|
||||
29
roles/alpina/templates/apps/pgrok/pgrokd.yml.j2
Normal file
29
roles/alpina/templates/apps/pgrok/pgrokd.yml.j2
Normal file
@@ -0,0 +1,29 @@
|
||||
external_url: "https://pgrok.{{ domain }}"
|
||||
web:
|
||||
port: 3320
|
||||
proxy:
|
||||
port: 3000
|
||||
scheme: https
|
||||
domain: "pgrok.{{ domain }}"
|
||||
sshd:
|
||||
port: 2222
|
||||
|
||||
database:
|
||||
host: db
|
||||
port: 5432
|
||||
user: pgrok
|
||||
password: "{{ pgrok_db_password }}"
|
||||
database: pgrok
|
||||
|
||||
identity_provider:
|
||||
type: oidc
|
||||
display_name: Authentik
|
||||
issuer: "https://auth.{{ domain }}/application/o/pgrok/"
|
||||
client_id: "pgrok"
|
||||
client_secret: "{{ auth_pgrok_client_secret }}"
|
||||
field_mapping:
|
||||
identifier: "preferred_username"
|
||||
display_name: "name"
|
||||
email: "email"
|
||||
# # The required domain name, "field_mapping.email" is required to set for this to work.
|
||||
# required_domain: "example.com"
|
||||
@@ -40,6 +40,13 @@ entries:
|
||||
"ui_group": "Apps",
|
||||
"allowed_for_groups": ["admins", "users", "vpgen"],
|
||||
},
|
||||
"Pgrok": {
|
||||
"redirect_uri": "https://pgrok."~ domain ~"/-/oidc/callback",
|
||||
"icon": "https://pgrok."~ domain ~"/pgrok.svg",
|
||||
"client_secret": auth_pgrok_client_secret,
|
||||
"ui_group": "Apps",
|
||||
"allowed_for_groups": ["admins", "users"],
|
||||
},
|
||||
} -%}
|
||||
{% for app in apps.keys() -%}
|
||||
- identifiers:
|
||||
|
||||
@@ -64,6 +64,14 @@
|
||||
state: enabled
|
||||
immediate: yes
|
||||
|
||||
- name: Allow 2222 tcp for pgrok ssh tunnel
|
||||
become: yes
|
||||
firewalld:
|
||||
port: 2222/tcp
|
||||
permanent: yes
|
||||
state: enabled
|
||||
immediate: yes
|
||||
|
||||
- name: Reboot if needed
|
||||
become: yes
|
||||
ansible.builtin.reboot:
|
||||
|
||||
Reference in New Issue
Block a user