apps: add pgrok

traefik: refactor macro, remove old traefik network remnants
apps: add woodpecker
2025-01-04 20:12:17 -08:00 · 2025-01-04 20:12:17 -08:00 · 2025-01-04 20:12:09 -08:00
24 changed files with 389 additions and 295 deletions
--- a/.idea/jsonSchemas.xml
+++ b/.idea/jsonSchemas.xml
@ -106,6 +106,16 @@
              <option name="applicationDefined" value="true" />
              <option name="patterns">
                <list>
+                  <Item>
+                    <option name="pattern" value="true" />
+                    <option name="path" value="*/compose.yml" />
+                    <option name="mappingKind" value="Pattern" />
+                  </Item>
+                  <Item>
+                    <option name="pattern" value="true" />
+                    <option name="path" value="*/compose.yml.j2" />
+                    <option name="mappingKind" value="Pattern" />
+                  </Item>
                  <Item>
                    <option name="pattern" value="true" />
                    <option name="path" value="*/docker-compose.yml" />
--- a/contrib/compose_helpers.j2
+++ b/contrib/compose_helpers.j2
@ -6,23 +6,38 @@ default:
      - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, subnet_index) }}
 {% endmacro %}

-{% macro traefik_labels(host, service="", port="", auth=false) %}
+{% macro traefik_labels(host, port='', path_prefix='', auth=false, wildcard=false) %}
+{% set name = host ~ (wildcard * '-*') ~ path_prefix -%}
+{% set tls_base = domain %}
+{% if wildcard -%}
+  {% set tls_base = host ~ '.' ~ domain %}
+{%- endif -%}
+
 traefik.enable=true
- traefik.http.routers.{{ host }}.rule=Host(`{{ host }}.{{ domain }}`)
- traefik.http.routers.{{ host }}.entrypoints=web
- traefik.http.routers.{{ host }}-tls.rule=Host(`{{ host }}.{{ domain }}`)
- traefik.http.routers.{{ host }}-tls.entrypoints=websecure
- traefik.http.routers.{{ host }}-tls.tls=true
- traefik.http.routers.{{ host }}-tls.tls.certresolver=letsencrypt
- traefik.http.routers.{{ host }}-tls.tls.domains.0.main={{ domain }}
- traefik.http.routers.{{ host }}-tls.tls.domains.0.sans=*.{{ domain }}
-{% if service -%}
- traefik.http.routers.{{ host }}.service={{ service }}
-{% endif %}
+- traefik.http.routers.r-{{ name }}.rule={{ host_rule(host, path_prefix, wildcard) }}
+- traefik.http.routers.r-{{ name }}.entrypoints=websecure
+- traefik.http.routers.r-{{ name }}.tls=true
+- traefik.http.routers.r-{{ name }}.tls.certresolver=letsencrypt
+- traefik.http.routers.r-{{ name }}.tls.domains.0.main={{ tls_base }}
+- traefik.http.routers.r-{{ name }}.tls.domains.0.sans=*.{{ tls_base }}
 {% if port -%}
- traefik.http.services.{{ host }}.loadbalancer.server.port={{ port }}
+- traefik.http.routers.r-{{ name }}.service=svc-{{ name }}
+- traefik.http.services.svc-{{ name }}.loadbalancer.server.port={{ port }}
 {% endif %}
 {% if auth -%}
- traefik.http.routers.{{ host }}-tls.middlewares=authentik@docker
+- traefik.http.routers.r-{{ name }}.middlewares=authentik@docker
 {% endif %}
 {% endmacro %}
+
+{% macro host_rule(host, path_prefix="", wildcard=false) %}
+{% if wildcard %}
+{# regular a.host prevents warnings from 'No domain found in rule HostRegexp' #}
+{# TODO: figure out this stupidity properly #}
+Host(`a.{{ host }}.{{ domain }}`) || HostRegexp(`^.+\.{{ host }}\.{{ domain | replace('.', '\.') }}$`)
+{%- else %}
+Host(`{{ host }}.{{ domain }}`)
+{%- endif %}
+{% if path_prefix -%}
+ && PathPrefix(`{{ path_prefix }}`)
+{%- endif %}
+{% endmacro %}
--- a/group_vars/alpina/vars.yml
+++ b/group_vars/alpina/vars.yml
@ -5,8 +5,6 @@ alpina_svc_path: ~/alpina
 base_volume_path: /mnt/dock
 media_volume_path: /mnt/media

-traefik_subnet: 172.16.122.0
-
 # Authentik
 authentik_db_password: "{{ vault_authentik_db_password }}"
 authentik_secret_key: "{{ vault_authentik_secret_key }}"
@ -18,6 +16,7 @@ auth_gitea_client_secret: "{{ vault_auth_gitea_client_secret }}"
 auth_nextcloud_client_secret: "{{ vault_auth_nextcloud_client_secret }}"
 arrstack_password: "{{ vault_arrstack_password }}"
 auth_vpgen_client_secret: "{{ vault_auth_vpgen_client_secret }}"
+auth_pgrok_client_secret: "{{ vault_auth_pgrok_client_secret }}"

 auth_default_enrollment_group: vpgen

@ -62,3 +61,9 @@ vpgen_ip_max_index: 100
 vpgen_vpn_endpoint: "{{ vault_vpgen_vpn_endpoint }}"
 vpgen_vpn_dns: "{{ vault_vpgen_vpn_dns }}"
 vpgen_max_clients_per_user: 20
+
+# Woodpecker
+woodpecker_agent_secret: "{{ vault_woopecker_agent_secret }}"
+
+# Pgrok
+pgrok_db_password: "{{ vault_pgrok_db_password }}"
--- a/group_vars/alpina/vault.yml
+++ b/group_vars/alpina/vault.yml
@ -1,138 +1,154 @@
 $ANSIBLE_VAULT;1.1;AES256
-38376439643766303237356563616337663731366435613930393135383962666435313530663632
-3432326162343632613565393737363335306263653032300a643539393562376162333761376631
-62343731316430316638363338343966326635383930623339383339653936343765316439393233
-6562323634383363300a323233346338393764623363346139313661386433656337363332656230
-31306233643735333033316139363165373062363334363933396563366234316330646230353261
-62326539663337323036346533303031333730373061656563613535376162633138306634626462
-37313038356466336138643834643863393333373939616362636365366231383762633030313831
-33393139313336623437396161623437323163633362363137626262653462633737373062643735
-63353561313639393166306466346134623933323532636438656263663338376337376434356163
-64343239616632313566656664393136363337386464613932383961343134363233653039336137
-65656566306463313264646163646130323533666464323464643433313030346535346535323264
-34356433343739343166383034313935666139663239653662663734343139343035616134303730
-39643136623735666333646234346239303337333961343261383834393963386633633030633962
-61376132313532643730633865326130666565303631386262396366306565613665363934383335
-37376139616165396436663135373932653064656136356662363137653036383537613665393634
-38313063656637353630373634316564383362663335356364626161663163323362333937316461
-64336636386234623438613766316430353261346339313863306462393335636131363966363038
-66393561323335393063663838393466656331323433376461653838313638303564666662636438
-38663735616261656338626437336433613730353236636266316536656165303534353538316232
-62363063376464323932383261663537393263333266633461326536656533653661303335646431
-36616436396137343634373563386439653833306537373735353764346430616231313538636362
-30363430613839373761363032316137636432643339383561313637376339323836353161343639
-36316665656164396236383538346561306432333637393431393566333566633434393961663330
-32383833396238633966393837336564626135653733383863346161663364353062303931303931
-39653662373734643037393832643439653437353935666430373337643532346161376661633738
-61643431633431666535333463636461613166363238373138306565643533623039353031646634
-62383662663435346635373865633731393362623761313834393964623930646364366534333236
-35393138346433366435313066633436393561643263343534393034373161343834633261363933
-65376636393263663566653436633762643331336139653565663334373561353130653065653935
-31616337313764313532303934376236623833363433336335303262643135643339613839623231
-37343730616166323239653537313137373136626337333665633134363830626131353030393662
-31643366386365353336326133636434303636343637643539653131316133306132643133643364
-64636464373564383938663838613031626563613362626435383832346661306562343165643539
-66353431393032313262393566353833343632366139656234306561366139633431653133356165
-32363332636433626132666462626137653337646234646565303831646330333133353964626461
-37333265623865376562663365336339353036346135363062663534643537353331623630356264
-66386665333633383534313062623533383239383231333163663565633531666236306465633135
-36363164636165343863363866343437636630353863316633623761373232643262623762316162
-32613665306535626139366564616362393536336364666663333761383362393631316134373138
-32616665363164363639303538373539346239663261373731613464333734326436666433666539
-31656264326535626134323231646535656563363231633434636337323538343038303233363765
-61393164316237323533313336316530316431653731343261636265393361616464323536333130
-65346538306664663566666435393738323832396365363764333637613331356661306535376332
-62313533306365373737643835396364363737306631346161353031633531383364636563383237
-64633432386565356137333730313736393737303665326531356265376333663636393430386233
-33666532616632373061633063656136646533363034363330366231653936396166663134396139
-66393131653963386365656364666263666362316136333561326566626562616138383739346139
-62343035646435393136656434646138376331346164663562306166646132363230333538323536
-38643934613633373734653337666261356639353235326539356264633232343834633062336539
-31616536663730656163626437653932313564633938643163313765393731386533323465303831
-34353663363862363761643565633635373834623665653131613531373637386361636661376532
-64386435643966343034643763393461373961626134346539653865636161333962333463393734
-62343838363432396133326235323636613239326139376365353930373835313531326433326234
-66396537636162363865663433626230316362343334653735646637613130636436633132663538
-64623230303266373965616533346464373661363233613837613765343463306136623063313139
-31383039343462363536646636653736316362356565326538636331646235373162663332313961
-64623061636638666234623336656365383165626461323561343930316432313632316332306334
-61376430303835383934396266303564363230313735366464386134393265326334663633663632
-38643034393737303963643733656333316137646435653666353239373738373632383561646333
-65363865353362383832643238363332613931343038366563316163303764323936316466666364
-31373439383661656336653431666164393833643266656133383137376133636134643137663532
-33353531663336346562653339616430333133363232336461353937303435346337363932306133
-37623164343462363830323263323664303334633563313439376232303031633633316636383164
-66306238333432333635653435383138383339343837346134613630353335656335663062326132
-65323638343963623062663638366538363162343230323262616138373239653163623832313366
-65323834383631646164316363383636643437346435313030656362653332653635343066666232
-39346235383265326262306434383861653138393835663863383032363664323565316165646566
-61646238393062373131346536343533663839313831383335316363343465663130633133393436
-66333465633636353639663836376561353839613533346164366238353833636534633338313262
-30656433376362346333303630643639353262323532666238633764363132303161326638643761
-36616131636538613539383935613337643930333334613566393031646630383330656164363361
-37306536356164633831626362653364313164356235653464333633313263383032333439626434
-65376531396661636661303831393062666362623966353739303330393631323963373564353265
-61343862323737336238356231626561396333386264666563356235333339653538626130623936
-63326431316538346534313764356333396565666431633833613337323136643137306166623238
-66393561333137373964353935323930636237366433613038383761643665363330323865386133
-37623339613733353366656637383030623663313639363334656361623035643232626633313864
-36346564653766646333613763616163363462613937656534363461376235613064373039326165
-32666265383065636232613632333830633439653066653666663261646536663434393535613131
-30373062313765663038313534623165653833623330383032363063393239373234636630646561
-38633962363530666638666630316434613462656335613236363831313863613030636539356133
-66386133383433663964306661636131633236633935633236623530373864646363383534383735
-63633165626464333332303331333338313838393832626637626137316338643136336333633930
-61346436336635656639616261383666336330333862303139633137373362303033653432613039
-35623663353538323761623839623438646363313164356631386364356533346133333334326565
-32303837663261386463313535373765356166376165386535623838326431616564346632363732
-62373231356530346632373134343865303532326136653731633038353066623435336462303138
-37363039343433613939363663623135396636396433653362666164323237393664623564393532
-61376463336564396537366365373936333666373432376566323864343735636264643139643063
-66396230303336633438666234336434353866323637316334313162363734623763666338336234
-39303330343035333864396631323231363134646238323065356138633131323135613133356237
-34373562633430613062313261363939373632313838333934303165336562663839663833383763
-39316632656561653033613933373861366361353761346539306234366538373461373930306535
-66623430343336333033306135303639646566393336663538313430616364653933663536386535
-64323962353734356134656361663131376564626461386233643731393664353038626464313763
-64396265373737313134613962376334373965353338303363303935353538643561336461393032
-37356434343837376534663938366434343063643966643965346465636166363235643635333466
-38323664366366663363616664336165653264633437393636363866316262303432356461386330
-63326539626363333331366162363230626462656633653866383331333164663734633630353265
-63303832376230646136346261383965626633613739616330666232376366613332663839336531
-32343031336363663865643165666435623462376130326433316562363530343662366432313031
-63626538656633346563663735323030363231643933326337613634376531636235333339373633
-66353362333265343964353966383363613336636536393734363363623363316532653533633434
-39333162303834353362323362656630343733653336613065333462626637303264653361393462
-32336238326535383662636465383832346438333230666662633430303964343236626331623536
-65383666316431646538396661386332323037383666336138666135613763363633343934663836
-32656362323631303732613235663135633939643165626231373162643963613637626235613365
-32326266323431636434633234333730373836373039666137663232323539396364373061393232
-30646432666365333336333836313333363537363163383034656136383164663331373632313564
-34353731363338323438366464663938393632626530323537306233613866356234323364373766
-34326662656263383864613538326536626133386532303932326362376632363631356535393937
-33346462336636656165316166363364343330383337636361656438383661333366633532616131
-37313033623430663039626131303933316561666233613666636433363537373264653331323136
-66663532653233373735326333333738663931343735306262353831303330633136623966316431
-39316462313066336536623438626163383139343532313932316435356431323865373035343465
-30346237393531353833616136323431376530333635633632666431313938643539363831313539
-38396338336136363165323135663836336139623865666631663237616664636233653663383965
-39623665656563316334323738323730306631636565393662313536353565383033653365663461
-38326432353166376438356238386161396638666131636536356333393563613461373263346538
-36656138353762323662363061613764633466303566353338626666646533616137393336333333
-30393733316636353266653039346237363830333831383535646531616130353534633062643135
-64373533646462313035383236333866313866366130663863363162613234393762646662666233
-30653666353333366365343036643462346361303536363935396133343166303339623461376563
-39333163636466646534356337656431376663623833303235303534633634386665636162346634
-34646665633639663763316339663539663261333436363935316334656330313835616138626237
-35623363393532633937653132303635396536646635633062393661616538303631663136363038
-35623539303963383063343338653130643233636537356264323238633839303337383665393333
-36303330393638643464646535653833626531343634626531396261363139326336623765623039
-32613237636366376463343766303964336661363432646436373963626537373137396661633766
-63633830663035663764303634643662333464353234646232343066306131336533396435313239
-66366630643564313665306130656463633065646430373334336664633264353336376439666137
-65366537366462623136353539373961333238373733663837373430663865643334393565333861
-35363035343561633164613631633532623164376339633630393633396437333034376339656538
-32653030626434326632386635383739663932393331333062656565303939373566653031613839
-31363162666330393232646562333833633266643165316464623533623539356339333365623966
-65323638396531346261303835373138333262323466656263643737343734303237303638353036
-3733
+64326366396663613133333430356565636565363066383339646533623964613638613932633865
+3435613234306336376565623861303864323735323533360a656533303734646630343964666666
+65396638373733353833333736626465336663323934373461303564376531623066303062646630
+6362633163653936390a626138656361663635336533376563373139663538663037306336333865
+63393263646665663664333162656532373064336361346133383064383035333831653563393337
+39306138623764366131303332653839653061393530353235613563376430666337656336386262
+64363731656230323832616437633735343662376637303334343161343165636137623434613636
+35666439383036633761353062613464363264633231306138636362643434333338303238616364
+35636430626536633264616233303462363839653436323138613836633336383438393364373338
+37623539306635636462363239396231663264613034646165393031343763643265363235623736
+37383439313066386139373736396465323962663131383664393939373862336231306266653832
+61663037613535663138333565613066663938616432356434323531383837363931393837323634
+66353436303065323266386264353436393266363136326531646438326130613865663132353164
+30366434373164623037613931393634613065383737643863343939373063376530633938346434
+62633432636430366361616636313337366238303566303566616363653336643736333636663737
+38316330646266636633323162346231353337626133663939306131653434326533326162663963
+34666262313232663564356633393162653639653739323639396562613362313663383736393438
+31373930393465356535303236343934663238373764303333663634666338643666646665326563
+34376164303538336133613630623466656466663266326432343439613235376463326661663131
+38373533313661333431343638346334303736306237653336633366313831626466633430373865
+32646536643862646135653434343337373563666532333561316232393063306365363631623262
+31313538306264623030353230326330666234303138646237613435633637373837656565623538
+33616233623366346237376563613430663835653432653834353835376338643236663266646462
+62316438356233383965616434393737306132306538396564396431376661323135353137316534
+63353663343338353339373163343737333835363363316563393538353266653033383136646437
+37626661383531363233656663616630316361373438616232313131316234386665653262313937
+61366536613731663231616663393735303535326636383066333330386233306534656237653561
+33336639356331313636363865313836306137333439613365636132356631653437316161346230
+64643736323437396663653937633634633230386164333239616261616332323137643764383335
+64613966653764623031323961386530383731316464386131393264346261356331666165623738
+62643564323134393630336566343834356265316264393530356633356466313831623262363730
+66373232353439616539643433653435643931623430633338623737643039306532343234646333
+34393536333730626136313039646364626235616233323137386137383565326461393635353838
+35616530383765373431626130386165663538663861653064646363633465326364353533646137
+62326435353239363164383236333236643430396561396231323130376264646139666264356138
+35353466396335336532363566323738373932643634363763633832353462663836636465626434
+38656332626236626335386166333835306666643438376330373936656639313933373635333436
+30633731376166376232363834346632633261353361323563376162343063343065643439306231
+30666131373361633862363833373366313733626161643932306332613230393636636138363337
+61666565633931376639613262666332363037373337663430343939333431303732636434633934
+35386130386363333431636363336130336430633839653231363935313930393037306536336563
+36653462383432366337646266313139346536666230386565333364383330653333353765326136
+33626236333765333863363265346561643835373235393361643234386336656134353731393033
+34316430383933626434343839333065333166386233316132373138666534653434653033356135
+31366539346538336639626363396636646135386266386138356362616464316630313437386265
+30353361626338633961366633333631383366316331333635613738366139633863376331333435
+39376239336532343937346563646331366136666130646336366537366534323961363930663438
+65333663613030336131663665343234616231306130663761643163646233353265333030396333
+30326436396163343732313430373135323332326161623566633932303537666564633834623863
+66353039626565646539313763373864623638323765313065646133646430666162616533323036
+64313238633264623465313961656563643536313435313162376339353532363232613637343463
+33343066303465643930613364356635333234363563653731663137306337346630653637656566
+30323537356264356137643637646265643537303263373964346165656266623263636331323130
+31396433346561666331616639306131623261353763343638663931623161343133616639633561
+36646266643636613564346663666633313665386137323266633330333862313637386330643937
+33393561376331316235323961636462363661383466663635323464366238386531393466316361
+30396434666335346232643738396638633239323935636637343838353364656662663666303366
+37663666373839613837313335366635363634623133653463626466316435303538303632633762
+66366538303630336630663365663831313562383334666435383831376564333438633364343861
+35343462653233636265336266386637636261666331316666663966313666383965303163656238
+66343932323939363339323664366334386166373139363866353161396235366466306466636439
+36313039313263643739353230313362353263626236393239656164656334653363623965653936
+65386165663361313066646532393939383165316239653335623965346363613335396639653134
+36346164383439636237306233333166383233376462633136383933666161643734303032313530
+62343866316162393766626261393635643564366431383164626236653062336466343634323432
+38343663623261343535616536613961636564376563303064623537303233373366326136353665
+33336532633161623638303761383034306265613230323433326133653035303661626234353931
+31646530383637626231313965343138303565303030316132613930306137313465616664646230
+30353163626562396566653261643336653832663635333963343539396366346132353465386463
+33666365363639343066653330326233373035313433316264373236366565643931616335643762
+63306165393166396437646366303837316235643562366464326530373230633664653235363136
+31333938616139653261656132663439323066636135303430383662333639306265633436326666
+62353936663463343864383432636465373737666239613033383538396338303533636663393339
+63633561343135343339393063636163373936323461303734613766626539343363363365643632
+66306630303634353230393933353333346166303436333038303637313162626464373334373063
+38313438633365316562363564316138393531633661323139343938633636373534386465643631
+35396261643865393531366432343265663363336562643366623062343331306431663461393066
+32633732333634383462383061623334306332326466306666626131363461343436393966633233
+31656538633733303264663239643639326235316561386564613563383930383336386664363135
+39616263313036646630373233636534376361386230386235363636643835636538663930633630
+38656664383138373138626639666230623635613137666533353233333636323062666432313434
+37666132303233353438346439653965626434663136386631313337633636653464396566323532
+39366434373830343764346138613665373536656164363637663037663534633963336230663439
+38373138336666633934643537383131333034316135343738623435643630653661633432363161
+37373837303838343566626662656231306438613538333733323632616132343563376533663539
+64653262646463613739313737356139666666623963636261336433396363636632333933393463
+63653366666536323536666264343931373961356361646434623461316630626133376639613362
+38333836653332346134616134313164313965613531343630383764636161653730656332616238
+31393132363064663431316165346135343861653462383162353063653837393566356161333535
+35343133646632343164336364623337393138343630643737643531346566636633646438396162
+31393632303661323363346164636331626638326437383035363930656635316236366434623236
+33633136303533636239666434323962333134366461363037343463623437363961353962346236
+66313838643238323136356135346564363732656666363431653061663863616537663035373631
+34613262363065333162353039613762386130353930316161613061633164383539623263323865
+30313566613365656563353236386334636335366663643034316435376532333438643166663536
+38363363373330326132336363363039396563396435366131353933393434373336363033343265
+30613539366436643631303933376137386635366166663930303331623238633034326631656366
+31356337303834356334633636333832363837343735396632356365613439383061366232383462
+62613934373535626639363230366266343762643232623933613265356436656364363835323062
+32393062386432323562313734346133393465316135316135366331653161636261316364643632
+36326161653937336562643034636638666265386264623133626335616633353239333965656632
+31323134393230303733623732313836373465383535626434383638666135313237633731613763
+64343066336662643264663130363962626435626332626464396137386538333731373238616636
+66313931666466306133643666363862626438343634353336376566333533393936363866626233
+63616633373536633138393563323636343035343564626236383064376135656638616534353431
+31643063346631636666333065386339663363623431653532643065363636303764666333393761
+36313439303765356532393832633637636336643036306333663935393734663662346435396466
+37376537323262653033356336363835666231363661653133666361383065343063643061376164
+32333530376530326662373738333363373631663536373961373965373263346635643762396666
+61396632343464343735623531653831393735666331316162353430353134383430393865383662
+66656264376564343636386263333934313364373564616134623863613439636537613764376434
+65313964303539376131396339356238363735363766616365306133393464613131643166646437
+39353961393036646164663865633633373465653766386230333762643735363734633633363461
+62613332346336633833663862333230363161663636646232343761356338393639613035646438
+32663465303138613731303961633565616239633033333361613861623161353032353661363062
+39316262363738383163366332373438636539623365353232316536363130333438613031653665
+62366334653036353566333663353862303335656266613134633731633535313730303539306334
+63393431306265373234313939373133363961626265626633343631613931636132653635376634
+61366262336239656638343438646231653030666638383239313834363334663661316235366162
+34346438386461633366353838346664663832323436333737306566333164323066313931643630
+33363733356231326636646133366136663431343038643265633136626363343131656463373264
+65363833353831656638303439623636373062383235363966356332343163616336643735306466
+65663366643030626437326439633665333564623065633431636232393465623365636565363230
+38393664653432383539376363366462386438663137363562323231663661353635383866373761
+66303165323861626538353236366533336533333939376232313038343331663833303864356235
+64383664376237346465626339336536393537323665653766363464393133323637646264643830
+32376435623666383633383636323862376166623938346239363339336333373531376433383032
+39656466363761376565653936366430363638623332636532383431373334386436373737323163
+61616230396135353831343139346464623261303231633035353264626232393933393732393634
+35353531626532626334613836623633636265613963613064626334363436336664363633653636
+64366262336134653932386236663161623639626562303135386532366261396134613664653037
+63656665393835653831366464386236303239363338623338653833653430323135333063616266
+61383539613066623563616139666261373066316662636633613561366466623032386434366137
+63643030653538623039353934373531633034386665303866623835356433353666653831326464
+32323134323333386563316230656362396635656461643061393562393766633736613361373637
+65663763373139343162643431353039613565333639336530666164343239653461623734303538
+30613432363233353335373539653439313333353537343733616432316338343836336539613832
+63353363373536333731636431336433333061336537353231656430343434613836383264663634
+38346165373533663330373964303161373331316666633865333538656136656637346266313237
+30376135656230353464643262633837336465376434323166663731346130626338613138656161
+34623765316239363863626139333536376534396563623631643231616266656238383763386137
+30313162373338653131623464396362666163656638656164656131616631373833373936373539
+37633861306362383762363733333233623134616565383037336539343937633663356262376133
+38656630343136613337663164643338323261613033383564353330306465663932653566376465
+63613933626164303466366539303863366263366638663830333861663734616439316463373537
+66396433663764336630643038323964656131393731623733393133653432663763326662643137
+38323130336137356263303961363562623235343765356366353964396636306235616435663932
+39663732313066663834616664336631376639336536323230333462386636333234373063336535
+66633238666639643632383666666136383834313162396265386466643130313736653239653231
+64613637646539626432613532633231343634363263363331346434613833376532323366643063
+61386565316132386162663539623164626234383665336234653534336461623632636461323934
+66653966656230366166363535656261363534636136376566333566313564363361316563653638
+61643361383263643833636639643362613134623464346537386237616464626265
--- a/inventories/prod/group_vars/alpina/vars.yml
+++ b/inventories/prod/group_vars/alpina/vars.yml
@ -18,3 +18,7 @@ google_consumer_secret: "{{ vault_google_consumer_secret }}"
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.100
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
+
+# Woodpecker
+woodpecker_gitea_client_id: 3b7515f3-6005-4512-a2ee-5464dba315f8
+woodpecker_gitea_client_secret: "{{ vault_woodpecker_gitea_client_secret }}"
--- a/inventories/prod/group_vars/alpina/vault.yml
+++ b/inventories/prod/group_vars/alpina/vault.yml
@ -1,27 +1,32 @@
 $ANSIBLE_VAULT;1.1;AES256
-64376262343730306465343137353235393430646535633031646432363631643061656336313962
-6661643832613835353937313832393762613430616338360a356137373036343037316635666366
-62643132656233663933353239653438316238353363326539353038383436613038356137643836
-6265373939326266640a376162333266313333653339383533303639393932373266356361313763
-65346235626430323232393161643932316161383564393663343039626431366130353066636265
-63643639383162326235373636393435316338393431393166663835623739356562633435373438
-30393630623261353134313038643464306637383738303163353937316261313263613264393939
-37363037616230623732663866656665666664393835313836393237303234303866393437393833
-34376335353133613938663861323062623763323463316563363439623030653033373538323436
-38333863353333323364396431373030386636366330323562663831376531333661613337303835
-35643464396332333436633036326563613863636238353837643965303862636665303362336162
-34623430353061613364643436343736613734326332316465356333626534303166636638336236
-36613362666337616635316330396635616165346666396465303861386162353836333332663931
-64663838646332316363376339666632336238613365636666623137663564313665363461393163
-35303735613734393439376339396466643065316432383236393633376461316534623535396464
-62386464396534333561323539646336623464623033333835356439353632373033373736393134
-30666435306632336433383562303238363361313735323439366638333033653761393061303130
-36633536356264376366383335623534323436383361373037383931313766353534363663336462
-39353064306439306135623863643163393762333366303665623432386462333466626535613464
-65613031666530303163353534323032396264666464303639383038343537303839633831373039
-61323437313737623530663532626530613935353431306138623239386136323334636163343432
-65633933643630643634336639393866353739653638656366356163343132656666336232643731
-65363639623262613132646366353235626237646532373233626162643434396362313033653637
-36333035646634616138313863386637346466393262363833313135343964666630623736343666
-64373638333066343666306334366332366530623138306636633166613739363635303138633434
-3439326265613564666639363362643037653733393336363232
+36313835643238353932323631323439626432316436346533376365633332313963666433313333
+6134633133636133623130376237373462383164396338380a316463396139653161366536636336
+64346664356538366538363239306631326464633635316161663963326635656430326637333963
+6462633236353132300a323062353639646238663737353461633733636530613036316364353864
+34326534376639643734303137613866393464306334336566653134333765356361386436323939
+35393535303635376162386266396431313739663961643061623037343463303637623130623131
+31653761616639613964386432643561376637316435333064343837636463303033333432636234
+39323735373161616133396566316266383165343033666530376333626264643531613334363634
+35393766623361346461333764666139366632306362613362376133363239656562346263643066
+65616538366532346537383432663766366161633234373562623531356339666661346164306563
+35343339386631383462656466303563376237386137346437323634626163353464356462346364
+35373061636237383335396231326563366230663566333665326338303564326263316630666233
+65303930663862313137333630353837363265333532303133306466643462626662613166326132
+66346439333739653965346236313766346532356233333164633538326135643662623533646561
+65626530386333303362343830653430653866336261623566616362313739303939656364656363
+37336331353766633534653936626139303061623531323362346564363665663438646533646166
+62376534653562373138656465666133353235313935626534383537643436376665613865303363
+62326562396361306131616363363866316232623635353663323537366563333239383636643763
+35623366663463303831323730363036306363643364303532326339353633393739306366396331
+33313230656431623462376135623438633164323064653866646165643263383832353138633931
+66306463346361646561376334613837383762366365666638643434383034376339643239646463
+66343461363233626635323535336462666339323032616136396239396534346434623238396330
+37653665643366323362313136386231396532323035363963623738346564356435303263303832
+37346532366432363638363330316464366361313461626535616165333433343835393565633766
+32663162386562373035333335303332323136613233613431386265626337653939326435396262
+61303631633838613962346663326232636438393563396230306361333335383462653432383766
+35376662353262303635316635363130383032366530396439613861653037383234363831333562
+37343332646534353838626366623361636261393865363633303631613837323733626264643835
+63376430613234386463336234623062656534643863656434386134616265333666613939393331
+39333166393538306135313431303831623063363533326330633062653333313733653831383736
+613864303461323739336563356161353234
--- a/inventories/staging/group_vars/alpina/vars.yml
+++ b/inventories/staging/group_vars/alpina/vars.yml
@ -18,3 +18,7 @@ google_consumer_secret: "{{ vault_google_consumer_secret }}"
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.50
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
+
+# Woodpecker
+woodpecker_gitea_client_id: c7122416-b160-498b-8021-8f2837552588
+woodpecker_gitea_client_secret: "{{ vault_woodpecker_gitea_client_secret }}"
--- a/inventories/staging/group_vars/alpina/vault.yml
+++ b/inventories/staging/group_vars/alpina/vault.yml
@ -1,27 +1,32 @@
 $ANSIBLE_VAULT;1.1;AES256
-66646463303166643563376162636432643963336537343738383763653232316661383864373761
-3539643230626437623736353630663865376630663765650a666266663366393833396461303665
-61663961623036383039323239333361396564343836363662326237666464363439643336613336
-6562666639313461330a613831316232623963396136343638643133376430373634316133653432
-65633339623833303866343130386433633065326466333636353362306362663830333934393364
-35613338316631333438623230623131626431633930313664616237396666326665633965373333
-33636234666561656333623836633562363130346665623839353734616437303562623530613432
-31313037366232613335613262336334393966326139633332613733326335383130316265613038
-35366162623737666331636435643234383634663964666465666563396262336134306636343830
-30373831393232373664666564316134316266376134323538366130383962396566386161303461
-31336333633135323631373763346631656132346334356233303630643166323565393736336236
-39343231313132316663613734323833303935333162643862623632316662653736303266336635
-37316435633464343761656262326538633730616239366330363736323761653061306139623335
-33363066383636633461353534396433653161393132313034373165653563646234653764306539
-32653239613566653762613364653863313334653437646166643537633530613463653966383538
-37343834326162393739333066623066613566313265626562333537366230393938613931366638
-36316364383361366461396136353063363233353865373062643963646266643763363938376265
-34623333316264383035373266313437353161666537376535333830616435383830366166316136
-33643132316534383466343366303764633031353961363033663662636364613132343862653066
-39376136323662383866666136656361396263666338623133346436353938316464346363303761
-39656133653736646137396437396133373765376337623832653232383531663930663037323462
-66373630633737356138333532333265393964313739336363663265613363636464623232316539
-37353164393965616363346666303330613438306136363037313065666662656535356437663262
-37306264626431396336326362653764316536396366393533336164663861366462653964656465
-64366139333535383065643033343632323837633036323439376134373966613739626261376436
-3133326138613735316230353965656239303263386638373339
+36343339366166383430383235626463376339653331333635623936653135633633353064613634
+3263306161376232356634363532653266366665333364650a636365393465383165306563346132
+37653564633630653635353464333939353266396562316663653933373065353536333130383065
+3864353332303164320a316439313164663736636465366539643131303663343861333164613561
+37383965373964313535313335643164376164323263613539643933333035323837373662303030
+66636465303566313334386435326433653032383962353739643861346161323738636366396239
+39623336336234376339343562656362323932383265313161396435346530663330353266323433
+66396538313365653963323164306464663565303364386466666636346533633661333634313236
+33623936616239613264613730363039366561646535633239633564656166343162303633373366
+37656163333838656533363735383332626632353237613666396633363531666366336630613064
+66626561663766376531313666663963643766393965653564333062653139336230356330383464
+38343562383430303132663964303736623238386562323033623861303432363363373934643332
+63363239323664333131306237336134613137653136633932356238343733393632616464366134
+33623038363032653134626337663863366663383433633134326239616136656139366535613565
+61646330356330396236303566363834613236653733643162666536303435643133346633353632
+62386135303262353332643135636164303963616234626132356161663463366434323864626261
+33356536626263626261343937386666396561306334346435316262333431353234303836356563
+31343566373935396633636133616265346235396333396664333534336162323039623937656336
+36656133383966613333646336613039626563353862646238376461373264633233313836333062
+30343134363862626630393035643762376435346532306462363437646238333463396230666465
+64386365393063613139313164366562643066323461313364393265393638643137386561633530
+65643861386531323836306339386462656530383533363831323461303131396666626464303136
+64343865616235616366633136393662623862383961323338366435396334653538303830616166
+39636164613466313033643639366635323666666235653633333436613133343962353664313838
+64356466393239666131363964643461346633313030643061643938643232343334313731636463
+37396637643232353539626239306463623237623534366666396164613135356136313534663231
+36613662653237343061316463386231656136383636393034333666633063613731316162333464
+64313866633062623530326233633166343434636639346565346337396461393637383333366435
+62393030383963396638653230613431623837353461313630343333376131616239313164336234
+62323739316536353835613032303438623230626563303934626466303934613566656232323663
+643265386333313065333737613438316532
--- a/roles/alpina/tasks/deploy_compose_stack.yml
+++ b/roles/alpina/tasks/deploy_compose_stack.yml
@ -11,7 +11,7 @@
    path: "{{ current_stack_dest }}/{{ item.path }}"
    state: directory
    mode: "755"
-  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
+  loop: "{{ query('community.general.filetree', current_stack_source) }}"
  when: item.state == "directory"

 - name: Generate {{ current_stack_name }} deployment from templates
@ -19,7 +19,7 @@
    src: "{{ item.src }}"
    dest: "{{ current_stack_dest }}/{{ item.path | regex_replace('\\.j2$', '') }}"
    mode: "644"
-  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
+  loop: "{{ query('community.general.filetree', current_stack_source) }}"
  when: item.state == "file" and item.path | regex_search('\\.j2$')

 - name: Generate {{ current_stack_name }} deployment from static files
@ -27,7 +27,7 @@
    src: "{{ item.src }}"
    dest: "{{ current_stack_dest }}/{{ item.path }}"
    mode: "644"
-  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
+  loop: "{{ query('community.general.filetree', current_stack_source) }}"
  when: item.state == "file" and not item.path | regex_search('\\.j2$')

 - name: Deploy docker-compose for {{ current_stack_name }}
--- a/roles/alpina/tasks/main.yml
+++ b/roles/alpina/tasks/main.yml
@ -28,8 +28,10 @@
    collection: apps
    stacks:
      - gitea
+      - woodpecker
      - nextcloud
      - jellyfin
      - arrstack
      - vpgen
+      - pgrok
  import_tasks: deploy_collection.yml
--- a/roles/alpina/templates/apps/arrstack/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/arrstack/docker-compose.yml.j2
@ -2,8 +2,6 @@

 networks:
  {{ helpers.default_network(249) | indent(2) }}
-  traefik_traefik:
-    external: true

 services:
  gluetun:
@ -16,9 +14,6 @@ services:
    env_file:
      - .env.gluetun
    restart: unless-stopped
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/arrstack/gluetun:/gluetun

@ -49,9 +44,6 @@ services:
    restart: unless-stopped
    depends_on:
      - qbittorrent
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/arrstack/config/prowlarr:/config

@ -63,9 +55,6 @@ services:
    restart: unless-stopped
    depends_on:
      - qbittorrent
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/arrstack/config/sonarr:/config
      - {{ base_volume_path }}/arrstack/downloads:/downloads
@ -79,9 +68,6 @@ services:
    restart: unless-stopped
    depends_on:
      - qbittorrent
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/arrstack/config/radarr:/config
      - {{ base_volume_path }}/arrstack/downloads:/downloads
--- a/roles/alpina/templates/apps/gitea/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/gitea/docker-compose.yml.j2
@ -2,8 +2,6 @@

 networks:
  {{ helpers.default_network(199) | indent(2) }}
-  traefik_traefik:
-    external: true

 services:
  server:
@ -14,9 +12,6 @@ services:
    restart: unless-stopped
    env_file:
      - .env.gitea
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/gitea/gitea:/data
    depends_on:
@ -27,7 +22,5 @@ services:
    restart: unless-stopped
    env_file:
      - .env.db
-    networks:
-      - default
    volumes:
      - {{ base_volume_path }}/gitea/postgres:/var/lib/postgresql/data
--- a/roles/alpina/templates/apps/jellyfin/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/jellyfin/docker-compose.yml.j2
@ -2,8 +2,6 @@

 networks:
  {{ helpers.default_network(197) | indent(2) }}
-  traefik_traefik:
-    external: true

 services:
  jellyfin:
@ -14,9 +12,6 @@ services:
    restart: unless-stopped
    env_file:
      - .env.jellyfin
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/jellyfin/config:/config
      - {{ base_volume_path }}/jellyfin/cache:/cache
--- a/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2
@ -2,9 +2,6 @@

 networks:
  {{ helpers.default_network(198) | indent(2) }}
-  traefik_traefik:
-    external: true
-

 services:
  app:
@ -18,8 +15,6 @@ services:
      - redis
    env_file:
      - .env.nextcloud
-    networks:
-      - default
    volumes:
      - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
      - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
@ -32,8 +27,6 @@ services:
    depends_on:
      - app
    entrypoint: /cron.sh
-    networks:
-      - default
    volumes:
      - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
      - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
@ -42,16 +35,8 @@ services:
  notify_push:
    image: nextcloud:${NEXTCLOUD_VERSION}
    container_name: nextcloud_notify_push
-    {# TODO: Refactor this and minio -#}
    labels:
-      - traefik.enable=true
-      - traefik.http.routers.nc-notify.rule=Host(`nc.{{ domain }}`) && PathPrefix(`/push`)
-      - traefik.http.routers.nc-notify.entrypoints=websecure
-      - traefik.http.routers.nc-notify.tls=true
-      - traefik.http.routers.nc-notify.tls.certresolver=letsencrypt
-      - traefik.http.routers.nc-notify.tls.domains.0.main={{ domain }}
-      - traefik.http.routers.nc-notify.tls.domains.0.sans=*.{{ domain }}
-      - traefik.http.services.nc-notify.loadbalancer.server.port=7867
+      - {{ helpers.traefik_labels('nc', port='7867', path_prefix='/push') | indent(6) }}
    restart: unless-stopped
    user: www-data
    env_file:
@ -68,8 +53,6 @@ services:
    restart: unless-stopped
    env_file:
      - .env.db
-    networks:
-      - default
    volumes:
      - {{ base_volume_path }}/nextcloud/db:/var/lib/postgresql/data

@ -79,8 +62,6 @@ services:
    restart: unless-stopped
    env_file:
      - .env.redis
-    networks:
-      - default
    command:
      - sh
      - -c
--- a/roles/alpina/templates/apps/pgrok/compose.yml.j2
+++ b/roles/alpina/templates/apps/pgrok/compose.yml.j2
@ -0,0 +1,31 @@
+{% import 'contrib/compose_helpers.j2' as helpers with context %}
+
+networks:
+  {{ helpers.default_network(194) | indent(2) }}
+
+#  https://github.com/pgrok/pgrok/blob/main/docs/admin/docker.md#docker-compose
+services:
+  server:
+    image: ghcr.io/pgrok/pgrokd:latest
+    container_name: pgrok_server
+    labels:
+      - {{ helpers.traefik_labels('pgrok', port='3320') | indent(6) }}
+      - {{ helpers.traefik_labels('pgrok', port='3000', wildcard=true) | indent(6) }}
+    restart: unless-stopped
+    volumes:
+      - ./pgrokd.yml:/var/opt/pgrokd/pgrokd.yml
+    ports:
+      - "2222:2222"
+    depends_on:
+      - db
+
+  db:
+    image: postgres:17-alpine
+    container_name: pgrok_db
+    restart: unless-stopped
+    volumes:
+      - {{ base_volume_path }}/pgrok/postgres:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: pgrok
+      POSTGRES_USER: pgrok
+      POSTGRES_PASSWORD: "{{ pgrok_db_password }}"
--- a/roles/alpina/templates/apps/pgrok/pgrokd.yml.j2
+++ b/roles/alpina/templates/apps/pgrok/pgrokd.yml.j2
@ -0,0 +1,29 @@
+external_url: "https://pgrok.{{ domain }}"
+web:
+  port: 3320
+proxy:
+  port: 3000
+  scheme: https
+  domain: "pgrok.{{ domain }}"
+sshd:
+  port: 2222
+
+database:
+  host: db
+  port: 5432
+  user: pgrok
+  password: "{{ pgrok_db_password }}"
+  database: pgrok
+
+identity_provider:
+  type: oidc
+  display_name: Authentik
+  issuer: "https://auth.{{ domain }}/application/o/pgrok/"
+  client_id: "pgrok"
+  client_secret: "{{ auth_pgrok_client_secret }}"
+  field_mapping:
+    identifier: "preferred_username"
+    display_name: "name"
+    email: "email"
+# # The required domain name, "field_mapping.email" is required to set for this to work.
+  #  required_domain: "example.com"
--- a/roles/alpina/templates/apps/woodpecker/compose.yml.j2
+++ b/roles/alpina/templates/apps/woodpecker/compose.yml.j2
@ -0,0 +1,35 @@
+{% import 'contrib/compose_helpers.j2' as helpers with context %}
+
+networks:
+  {{ helpers.default_network(195) | indent(2) }}
+
+services:
+  woodpecker-server:
+    image: woodpeckerci/woodpecker-server:latest
+    container_name: woodpecker_server
+    labels:
+      - {{ helpers.traefik_labels('woodpecker', port='8000') | indent(6) }}
+    restart: unless-stopped
+    volumes:
+      - {{ base_volume_path }}/woodpecker/data:/var/lib/woodpecker
+    environment:
+      - WOODPECKER_OPEN=true
+      - WOODPECKER_HOST=https://woodpecker.{{ domain }}
+      - WOODPECKER_GITEA=true
+      - WOODPECKER_GITEA_URL=https://gitea.{{ domain }}
+      - WOODPECKER_GITEA_CLIENT={{ woodpecker_gitea_client_id }}
+      - WOODPECKER_GITEA_SECRET={{ woodpecker_gitea_client_secret }}
+      - WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}
+
+  woodpecker-agent:
+    image: woodpeckerci/woodpecker-agent:latest
+    container_name: woodpecker_agent
+    restart: unless-stopped
+    depends_on:
+      - woodpecker-server
+    volumes:
+      - {{ base_volume_path }}/woodpecker/agent_config:/etc/woodpecker
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WOODPECKER_SERVER=woodpecker-server:9000
+      - WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}
--- a/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2
@ -40,6 +40,13 @@ entries:
      "ui_group": "Apps",
      "allowed_for_groups": ["admins", "users", "vpgen"],
    },
+    "Pgrok": {
+      "redirect_uri": "https://pgrok."~ domain ~"/-/oidc/callback",
+      "icon": "https://pgrok."~ domain ~"/pgrok.svg",
+      "client_secret": auth_pgrok_client_secret,
+      "ui_group": "Apps",
+      "allowed_for_groups": ["admins", "users"],
+    },
  } -%}
  {% for app in apps.keys() -%}
  - identifiers:
--- a/roles/alpina/templates/services/authentik/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/authentik/docker-compose.yml.j2
@ -2,8 +2,6 @@

 networks:
  {{ helpers.default_network(253) | indent(2) }}
-  traefik_traefik:
-    external: true

 services:
  server:
@ -21,9 +19,6 @@ services:
    command: server
    env_file:
      - .env.authentik
-    networks:
-      - default
-      - traefik_traefik

  worker:
    image: ghcr.io/goauthentik/server:latest
--- a/roles/alpina/templates/services/minio/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/minio/docker-compose.yml.j2
@ -2,8 +2,6 @@

 networks:
  {{ helpers.default_network(252) | indent(2) }}
-  traefik_traefik:
-    external: true

 services:
  minio:
@ -11,22 +9,11 @@ services:
    container_name: minio
    labels:
      - {{ helpers.traefik_labels('minio', port='9090') | indent(6) }}
-      - traefik.http.routers.minio.service=minio
-      - traefik.http.routers.minio-tls.service=minio
-      - traefik.http.routers.minio-s3.rule=Host(`s3.{{ domain }}`) || HostRegexp(`^.+[.]s3[.]{{ domain }}`)
-      - traefik.http.routers.minio-s3.entrypoints=websecure
-      - traefik.http.routers.minio-s3.tls=true
-      - traefik.http.routers.minio-s3.tls.certresolver=letsencrypt
-      - traefik.http.routers.minio-s3.tls.domains.0.main=s3.{{ domain }}
-      - traefik.http.routers.minio-s3.tls.domains.0.sans=*.s3.{{ domain }}
-      - traefik.http.routers.minio-s3.service=minio-s3
-      - traefik.http.services.minio-s3.loadbalancer.server.port=9000
+      - {{ helpers.traefik_labels('s3', port='9000') | indent(6) }}
+      - {{ helpers.traefik_labels('s3', port='9000', wildcard=true) | indent(6) }}
    restart: unless-stopped
    command: server --console-address ":9090" /data
    env_file:
      - .env.minio
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/minio/data:/data
--- a/roles/alpina/templates/services/monitoring/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/monitoring/docker-compose.yml.j2
@ -2,8 +2,6 @@

 networks:
  {{ helpers.default_network(251) | indent(2) }}
-  traefik_traefik:
-    external: true

 services:
  grafana:
@ -17,9 +15,6 @@ services:
    restart: unless-stopped
    # Needed to make config files readable (not anymore, TODO: remove)
    user: "{{ remote_uid }}"
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/monitoring/grafana:/var/lib/grafana
      - ./grafana_config/grafana.ini:/etc/grafana/grafana.ini:ro
@ -103,9 +98,6 @@ services:
    restart: unless-stopped
    env_file:
      - .env.influxdb
-    networks:
-      - default
-      - traefik_traefik
    volumes:
      - {{ base_volume_path }}/monitoring/influxdb:/var/lib/influxdb2

--- a/roles/alpina/templates/services/traefik/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/traefik/docker-compose.yml.j2
@ -1,14 +1,7 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}

 networks:
-  traefik:
-    internal: true
-    enable_ipv6: true
-    ipam:
-      config:
-        # TODO: Consider removing traefik network, it shouldn't be needed with host networking
-        - subnet: {{ traefik_subnet }}/24
-        - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, 255) }}
+  {{ helpers.default_network(254) | indent(2) }}

 services:
  traefik:
@ -25,11 +18,8 @@ services:
      - {{ base_volume_path }}/traefik/rules:/rules/extra:ro
      - {{ base_volume_path }}/traefik/acme:/acme

-  # This is mostly just so that the traefik network gets created
  whoami:
    image: containous/whoami
    container_name: whoami
    labels:
-      - {{ helpers.traefik_labels('whoami', port=80) | indent(6) }}
-    networks:
-      - traefik
+      - {{ helpers.traefik_labels('whoami', port='80') | indent(6) }}
--- a/roles/alpina/templates/services/traefik/traefik.yml.j2
+++ b/roles/alpina/templates/services/traefik/traefik.yml.j2
@ -36,7 +36,6 @@ certificatesResolvers:
 providers:
  docker:
    exposedByDefault: false
-    network: traefik_traefik
  file:
    directory: /rules
    watch: true
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -64,6 +64,14 @@
    state: enabled
    immediate: yes

+- name: Allow 2222 tcp for pgrok ssh tunnel
+  become: yes
+  firewalld:
+    port: 2222/tcp
+    permanent: yes
+    state: enabled
+    immediate: yes
+
 - name: Reboot if needed
  become: yes
  ansible.builtin.reboot:
Author	SHA1	Message	Date
Yuri Tatishchev	73c370b360	apps: add pgrok	2025-01-04 20:12:17 -08:00
Yuri Tatishchev	2d96ed9348	traefik: refactor macro, remove old traefik network remnants	2025-01-04 20:12:17 -08:00
Yuri Tatishchev	e86533701a	apps: add woodpecker	2025-01-04 20:12:09 -08:00