CaZzzer/alpina
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: CaZzzer:feature/docker-volumes-zfs
Branches Tags
CaZzzer:master CaZzzer:feature/bws CaZzzer:feature/obsidian-livesync CaZzzer:feature/auth CaZzzer:feature/monitoring-1 CaZzzer:feature/monitoring CaZzzer:feature/db CaZzzer:feature/docker-volumes-zfs CaZzzer:feature/zfs-backups
...
pull from: CaZzzer:feature/monitoring-1
Branches Tags
CaZzzer:master CaZzzer:feature/bws CaZzzer:feature/obsidian-livesync CaZzzer:feature/auth CaZzzer:feature/monitoring-1 CaZzzer:feature/monitoring CaZzzer:feature/db CaZzzer:feature/docker-volumes-zfs CaZzzer:feature/zfs-backups

55 Commits
feature/do ... feature/mo

Author SHA1 Message Date
Yuri Tatishchev
1a49b22efd monitoring: remove discord webhook secret 2024-10-30 16:11:49 -07:00
Yuri Tatishchev
531febffe2 monitoring: prepare for merge to master 2024-10-30 16:03:39 -07:00
Yuri Tatishchev
929a6619c8 monitoring: readme for grafanalib 2024-10-30 15:20:13 -07:00
Yuri Tatishchev
e8fe6adca3 (WIP) monitoring: container, node dashboard improvements; separate common.py logic 2024-10-23 22:40:40 -07:00
Yuri Tatishchev
e6cdae8e6b (WIP) monitoring: unbreak prometheus by removing alert shit 2024-10-23 15:56:03 -07:00
Yuri Tatishchev
6a22c3f815 (WIP) monitoring: attempt at container alerts 2024-10-23 15:56:03 -07:00
Yuri Tatishchev
f9b0288038 (WIP) monitoring: containers dashboard 2024-10-23 15:56:02 -07:00
Yuri Tatishchev
d8bef9a23d WIP: containers dashboard - loki logs 2024-10-23 15:53:04 -07:00
Yuri Tatishchev
581346f019 WIP: monitoring improvements - containers dashboard 2024-10-23 15:53:04 -07:00
Yuri Tatishchev
6504100cd5 WIP: monitoring improvements 2024-10-23 15:53:00 -07:00
Yuri Tatishchev
dd0330c85a monitoring: loki, cadvisor config optimizations 2024-10-23 15:35:54 -07:00
Yuri Tatishchev
40fbdc414e monitoring: update loki schema 2024-10-22 23:16:41 -07:00
Iurii Tatishchev
aaca0f94f8 monitoring: remove jaeger 
Possible to add it back with a proper database, but all-in-one keeps everything in memory.
 2024-07-25 13:16:52 -07:00
Iurii Tatishchev
97b812eb10 updates: nextcloud refactor to apache image instead of nginx 2024-06-30 18:57:41 -07:00
Iurii Tatishchev
97d1db61d8 updates: postgres upgrade, data migration process 2024-06-30 13:53:46 -07:00
Iurii Tatishchev
a8bc344aa2 updates: traefik to v3 2024-06-29 17:28:17 -07:00
Iurii Tatishchev
f9d590170d refactor: switch deployment from command to community.docker.docker_compose_v2 2024-06-28 22:55:05 -07:00
Iurii Tatishchev
e1f3a22a23 refactor: simplify stack templates, move vars into group_vars/alpina 
this vault setup for injective sensitive variables uses the approach described in https://docs.ansible.com/ansible/10/tips_tricks/ansible_tips_tricks.html#keep-vaulted-variables-safely-visible
 2024-06-28 22:39:49 -07:00
Iurii Tatishchev
f3c6c61130 updates: prepare for upgrade to debian 12 2024-06-27 16:37:50 -07:00
Iurii Tatishchev
ef40b1ba7d updates: ansible, gluetun config 2024-06-26 21:16:46 -07:00
Iurii Tatishchev
2e22d4c7f2 monitoring: increase prometheus tsdb retention time from 15d to 30d 2024-03-31 12:27:07 -07:00
Iurii Tatishchev
bc963f28ee arrstack: gluetun config updates 2024-03-31 12:21:41 -07:00
Iurii Tatishchev
5b1e346282 updates: nextcloud, gitea 2023-12-22 13:07:21 -08:00
Iurii Tatishchev
8061a2773f fix: add alpina/__init__.py to stop poetry from complaining 2023-12-22 13:05:05 -08:00
Iurii Tatishchev
3dba4e6fe9 authentik, monitoring: add uptime-kuma with authentik proxy blueprint 2023-11-23 18:53:42 -08:00
Iurii Tatishchev
d54193e0d5 refactor: add clean_desired flag to Makefile for site.yml playbook 2023-11-23 18:53:36 -08:00
Iurii Tatishchev
6c05da2b58 authentik, monitoring: add grafana oauth blueprint and provisioning 2023-11-19 00:44:35 -08:00
Iurii Tatishchev
50ca5d6d0d monitoring: add jaeger tracing all-in-one 2023-11-17 22:35:41 -08:00
Iurii Tatishchev
3d1a509681 authentik: default auth flow modifications, add passwordless flow 2023-11-15 14:58:22 -08:00
Iurii Tatishchev
be14ddd5fc authentik: add icon urls to apps and arrstack 2023-11-15 14:58:21 -08:00
Iurii Tatishchev
b15b1fca40 arrstack: minor gluetun setup fixes 2023-11-15 14:58:21 -08:00
Iurii Tatishchev
eed1b78625 minio: remove broken healthcheck 2023-11-09 21:30:09 -08:00
Iurii Tatishchev
405d837407 arrstack: change VPN Provider ProtonVPN -> AirVPN 2023-11-09 21:29:03 -08:00
Iurii Tatishchev
18c1d96b0a refactor: qbit custom wireguard config replaced with gluetun 2023-11-09 21:26:48 -08:00
Iurii Tatishchev
74679ed8e5 fix: traefik secrets 2023-10-26 00:12:35 -07:00
Iurii Tatishchev
d2401f11f4 updates: nextcloud, gitea 2023-10-07 18:52:01 -07:00
Iurii Tatishchev
30a2744830 monitoring: add traefik to prometheus 2023-07-09 17:57:16 -07:00
Iurii Tatishchev
de37042061 updates: authentik, nextcloud, gitea, jellyfin 2023-07-05 17:58:16 -07:00
Iurii Tatishchev
6a92053232 monitoring: add cadvisor to prometheus 2023-07-05 17:56:52 -07:00
Iurii Tatishchev
1ef7f1cf6e monitoring: add initial implementation of influxdb 2023-04-15 23:15:14 -07:00
Iurii Tatishchev
9844a1ab5c monitoring: add initial implementation of prometheus 2023-04-15 23:15:02 -07:00
Iurii Tatishchev
bd8e1b8e38 monitoring: add initial stack with grafana, loki, and promtail 2023-04-07 19:52:20 -07:00
Iurii Tatishchev
40964c0f60 add basic minio stack 2023-04-05 04:42:48 -07:00
Iurii Tatishchev
145c5db29f refactor: move all service roles into a single alpina role 2023-04-04 23:14:06 -07:00
Iurii Tatishchev
ec335e5d3c authentik: add support for basic http auth on arrstack 2023-04-04 02:46:51 -07:00
Iurii Tatishchev
659d5ffebc initial ipv6 deployment 2023-04-04 01:54:45 -07:00
Iurii Tatishchev
40de9b87a1 prepare for ipv6 deployment 2023-04-03 17:07:46 -07:00
Iurii Tatishchev
20ce67472d fix: add authentik blueprints for partly automated configuration 2023-04-03 01:41:34 -07:00
Iurii Tatishchev
7e94d27824 add authentik blueprints for partly automated configuration 2023-04-02 16:19:56 -07:00
Iurii Tatishchev
de566c0395 add authentik with basic configuration 2023-04-02 16:19:33 -07:00
Iurii Tatishchev
a5370f49f5 add prowlarr to replace jackett 2023-03-31 01:24:32 -07:00
Iurii Tatishchev
c3f6bd2ea9 refactor: add https and acme to traefik 2023-03-31 01:24:28 -07:00
Iurii Tatishchev
ed426593d4 refactor: move to Debian on truenas scale 2023-03-31 01:23:32 -07:00
Iurii Tatishchev
a6c370b85a refactor: static internal traefik network config 2023-03-31 01:22:27 -07:00
Iurii Tatishchev
a0d52958e8 fix: remove quotes from docker .env files because they are not parsed properly 2023-03-24 03:11:28 -07:00
96 changed files with 3077 additions and 921 deletions
Expand all files Collapse all files

7
.idea/alpina.iml generated
View File

@@ -4,7 +4,7 @@
<content url="file://$MODULE_DIR$">
<excludeFolder url="file://$MODULE_DIR$/venv" />
</content>
<orderEntry type="jdk" jdkName="Poetry (alpina)" jdkType="Python SDK" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
<component name="PyDocumentationSettings">
@@ -23,9 +23,8 @@
<option name="TEMPLATE_CONFIGURATION" value="Jinja2" />
<option name="TEMPLATE_FOLDERS">
<list>
<option value="$MODULE_DIR$/roles/traefik/templates" />
<option value="$MODULE_DIR$/roles/gitea/templates" />
<option value="$MODULE_DIR$/roles/nextcloud/templates" />
<option value="$MODULE_DIR$/roles/docker_host/templates" />
<option value="$MODULE_DIR$/roles/alpina/templates" />
</list>
</option>
</component>

130
.idea/jsonSchemas.xml generated
View File

@@ -3,6 +3,58 @@
<component name="JsonSchemaMappingsProjectConfiguration">
<state>
<map>
<entry key="Ansible Tasks File">
<value>
<SchemaInfo>
<option name="name" value="Ansible Tasks File" />
<option name="relativePathToSchema" value="https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks" />
<option name="applicationDefined" value="true" />
<option name="patterns">
<list>
<Item>
<option name="pattern" value="true" />
<option name="path" value="*/tasks/*.yml" />
<option name="mappingKind" value="Pattern" />
</Item>
</list>
</option>
</SchemaInfo>
</value>
</entry>
<entry key="Authentik Blueprint">
<value>
<SchemaInfo>
<option name="generatedName" value="New Schema" />
<option name="name" value="Authentik Blueprint" />
<option name="relativePathToSchema" value="https://goauthentik.io/blueprints/schema.json" />
<option name="patterns">
<list>
<Item>
<option name="directory" value="true" />
<option name="path" value="roles/alpina/collections/services/authentik/templates/blueprints" />
<option name="mappingKind" value="Directory" />
</Item>
</list>
</option>
</SchemaInfo>
</value>
</entry>
<entry key="Loki">
<value>
<SchemaInfo>
<option name="name" value="Loki" />
<option name="relativePathToSchema" value="https://json.schemastore.org/loki.json" />
<option name="applicationDefined" value="true" />
<option name="patterns">
<list>
<Item>
<option name="path" value="roles/alpina/templates/services/monitoring/loki_config/loki-config.yaml.j2" />
</Item>
</list>
</option>
</SchemaInfo>
</value>
</entry>
<entry key="Traefik v2">
<value>
<SchemaInfo>
@@ -12,7 +64,9 @@
<option name="patterns">
<list>
<Item>
<option name="path" value="roles/traefik/templates/traefik.yml.j2" />
<option name="pattern" value="true" />
<option name="path" value="*/traefik.yml.j2" />
<option name="mappingKind" value="Pattern" />
</Item>
</list>
</option>
@@ -28,9 +82,77 @@
<option name="patterns">
<list>
<Item>
<option name="directory" value="true" />
<option name="path" value="roles/traefik/templates/rules" />
<option name="mappingKind" value="Directory" />
<option name="path" value="file://$APPLICATION_CONFIG_DIR$/scratches/scratch.yml" />
</Item>
<Item>
<option name="path" value="file://$APPLICATION_CONFIG_DIR$/scratches/scratch_1.yml" />
</Item>
<Item>
<option name="path" value="file:///run/user/1000/kio-fuse-kipURF/sftp/root@debbi.lab.home/mnt/dock/traefik/rules/hello-world.yml" />
</Item>
<Item>
<option name="path" value="roles/alpina/templates/services/traefik/rules/traefik-dash.yml.j2" />
</Item>
</list>
</option>
</SchemaInfo>
</value>
</entry>
<entry key="docker-compose.yml">
<value>
<SchemaInfo>
<option name="name" value="docker-compose.yml" />
<option name="relativePathToSchema" value="https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json" />
<option name="applicationDefined" value="true" />
<option name="patterns">
<list>
<Item>
<option name="pattern" value="true" />
<option name="path" value="*/docker-compose.yml" />
<option name="mappingKind" value="Pattern" />
</Item>
<Item>
<option name="pattern" value="true" />
<option name="path" value="*/docker-compose.yml.j2" />
<option name="mappingKind" value="Pattern" />
</Item>
</list>
</option>
</SchemaInfo>
</value>
</entry>
<entry key="prometheus.json">
<value>
<SchemaInfo>
<option name="name" value="prometheus.json" />
<option name="relativePathToSchema" value="https://json.schemastore.org/prometheus.json" />
<option name="applicationDefined" value="true" />
<option name="patterns">
<list>
<Item>
<option name="path" value="roles/alpina/collections/services/monitoring/templates/prometheus_config/prometheus.yml.j2" />
</Item>
<Item>
<option name="path" value="roles/alpina/templates/services/monitoring/prometheus_config/prometheus.yml.j2" />
</Item>
</list>
</option>
</SchemaInfo>
</value>
</entry>
<entry key="prometheus.rules.json">
<value>
<SchemaInfo>
<option name="name" value="prometheus.rules.json" />
<option name="relativePathToSchema" value="https://json.schemastore.org/prometheus.rules.json" />
<option name="applicationDefined" value="true" />
<option name="patterns">
<list>
<Item>
<option name="path" value="roles/alpina/templates/services/monitoring/prometheus_config/container-alerts.yml" />
</Item>
<Item>
<option name="path" value="roles/alpina/templates/services/monitoring/prometheus_config/container.alerts.yml" />
</Item>
</list>
</option>

3
.idea/misc.xml generated
View File

@@ -1,4 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="Black">
<option name="sdkName" value="Poetry (alpina) (2)" />
</component>
<component name="ProjectRootManager" version="2" project-jdk-name="Poetry (alpina)" project-jdk-type="Python SDK" />
</project>

8
Makefile
View File

@@ -1,15 +1,19 @@
.POSIX:
.PHONY: *
.EXPORT_ALL_VARIABLES:
env ?= staging
vault_id ?= alpina@contrib/rbw-client.sh
clean_desired ?= false
all: site
setup:
poetry install
poetry install --quiet
site: setup
poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} site.yml
poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} --extra-vars "clean_desired_arg=${clean_desired}" site.yml
services: setup
poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} services.yml

74
README.md
View File

@@ -1,3 +1,75 @@
# Alpina
A home for configuring all of my homelab containers on an Alpine Linux machine.
A home for configuring all of my homelab containers on a Debian Linux machine.
This assumes a Debian Linux machine with Docker and Docker Compose installed.
My particular setup is based on a [jailmaker](https://github.com/Jip-Hop/jailmaker) container
running on top of TrueNAS SCALE, separating all the docker stuff from the appliance.
# Notes
## Monitoring
The monitoring stack is set up to monitor all the containers and the host.
This is a work in progress, Grafana is set up with grafanalib, a Python library that generates Grafana dashboards.
The dashboards are generated from Python scripts in
[grafana_config/dashboards](roles/alpina/templates/services/monitoring/grafana_config/dashboards).
This requires a custom grafana image, which is built from the
[Dockerfile](roles/alpina/templates/services/monitoring/Dockerfile).
This also means it has to be manually rebuilt whenever the dashboards are updated.
From the services/monitoring directory, run:
```bash
docker compose up -d --build --force-recreate grafana
```
## IPv6
The current configuration is designed to work with IPv6.
However, because of how (not properly) I'm doing the subnetting
from the host's network, NDP doesn't work.
This means that container IPs are not accessible from other hosts on the local network.
I simply have a static route on my router to the container subnet,
that uses the IP of this host as the gateway.
This is a limitation of my current ISP, I only have a single /64 subnet for my lab network.
I'd like to get a /56 or /48, perhaps using Hurricane Electric's tunnel broker.
*Sigh* ISPs being stingy with the 2^48 prefixes they're afraid of running out of.
## Upgrading Postgres
Upgrading the postgres container for a given stack requires a dump and restore.
After making a snapshot or backup of postgres data directory,
in the compose directory for a given stack, run the following commands:
```bash
docker compose down
docker compose up -d <db_service>
docker compose exec -it <db_service> pg_dumpall -U <db_user> | tee /tmp/dump.sql
docker compose down
rm -r <postgres_data_dir>/* # as root
# Edit the docker-compose.yml file to use the new postgres image
docker compose up -d <db_service>
# For some reason, compose exec doesn't like the input redirection
docker exec -i <db_container_name> psql -U <db_user> < /tmp/dump.sql
docker compose up -d
rm /tmp/dump.sql
```
Additionally, if upgrading from postgres <= 13, it is necessary to upgrade the
password hashes. This can be done by running the following command:
```bash
docker compose exec -it <db_service> psql -U <db_user> -c "\password"
```
## Nextcloud
Nextcloud requires some additional work to set up notify_push.
- Initially, comment out the notify_push service in the docker compose.
- Set up nextcloud and install the Client Push (notify_push) app.
- Uncomment the notify_push service in the docker compose and `up -d` the stack.
- ```bash
docker compose exec app ./occ notify_push:setup https://nc.<domain>/push
```
I should probably get around to automating this at some point.

0
roles/jackett/vars/app_config.yml → alpina/__init__.py
View File

28
contrib/compose_helpers.j2 Normal file
View File

@@ -0,0 +1,28 @@
{% macro default_network(subnet_index) %}
default:
enable_ipv6: true
ipam:
config:
- subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, subnet_index) }}
{% endmacro %}
{% macro traefik_labels(host, service="", port="", auth=false) %}
traefik.enable=true
- traefik.http.routers.{{ host }}.rule=Host(`{{ host }}.{{ domain }}`)
- traefik.http.routers.{{ host }}.entrypoints=web
- traefik.http.routers.{{ host }}-tls.rule=Host(`{{ host }}.{{ domain }}`)
- traefik.http.routers.{{ host }}-tls.entrypoints=websecure
- traefik.http.routers.{{ host }}-tls.tls=true
- traefik.http.routers.{{ host }}-tls.tls.certresolver=letsencrypt
- traefik.http.routers.{{ host }}-tls.tls.domains.0.main={{ domain }}
- traefik.http.routers.{{ host }}-tls.tls.domains.0.sans=*.{{ domain }}
{% if service -%}
- traefik.http.routers.{{ host }}.service={{ service }}
{% endif %}
{% if port -%}
- traefik.http.services.{{ host }}.loadbalancer.server.port={{ port }}
{% endif %}
{% if auth -%}
- traefik.http.routers.{{ host }}-tls.middlewares=authentik@docker
{% endif %}
{% endmacro %}

35
contrib/docker_compose_template_task_list.yml
View File

@@ -1,35 +0,0 @@
# https://stackoverflow.com/questions/41667864/can-the-templates-module-handle-multiple-templates-directories
- name: Ensure service directory exists
file:
path: "{{ current_svc_path }}"
state: directory
mode: "500"
- name: Ensure directory structure exists
file:
path: "{{ current_svc_path }}/{{ item.path }}"
state: directory
mode: "500"
with_community.general.filetree: "{{ templates_source }}"
when: item.state == "directory"
- name: Include app config variables
include_vars:
file: "{{ role_path }}/vars/app_config.yml"
- name: Generate {{ current_svc_name }} deployment from templates
template:
src: "{{ item.src }}"
dest: "{{ current_svc_path }}/{{ item.path | regex_replace('\\.j2$', '') }}"
mode: "400"
with_community.general.filetree: "{{ templates_source }}"
when: item.state == "file"
- name: Deploy docker-compose for {{ current_svc_name }}
community.docker.docker_compose:
project_src: "{{ current_svc_path }}"
state: present
pull: true
remove_orphans: true

48
group_vars/alpina/vars.yml Normal file
View File

@@ -0,0 +1,48 @@
# Shared variables between environments
---
alpina_svc_path: ~/alpina
base_volume_path: /mnt/dock
media_volume_path: /mnt/media
traefik_subnet: 172.16.122.0
# Authentik
authentik_db_password: "{{ vault_authentik_db_password }}"
authentik_secret_key: "{{ vault_authentik_secret_key }}"
authentik_sendgrid_api_key: "{{ vault_authentik_sendgrid_api_key }}"
auth_grafana_client_secret: "{{ vault_auth_grafana_client_secret }}"
arrstack_password: "{{ vault_arrstack_password }}"
# Minio
minio_password: "{{ vault_minio_password }}"
# Monitoring
## auth_grafana_client_secret:
influxdb_admin_password: "{{ vault_influxdb_admin_password }}"
influxdb_admin_token: "{{ vault_influxdb_admin_token }}"
# Traefik
acme_email: "{{ vault_acme_email }}"
cloudflare_api_token: "{{ vault_cloudflare_api_token }}"
# Arrstack
wg_peer_pubkey: "{{ vault_wg_peer_pubkey }}"
vpn_server_names: "{{ vault_vpn_server_names }}"
# Gitea
gitea_db_password: "{{ vault_gitea_db_password }}"
gitea_sendgrid_api_key: "{{ vault_gitea_sendgrid_api_key }}"
## Security
secret_key: "{{ vault_secret_key }}"
internal_token: "{{ vault_internal_token }}"
jwt_secret: "{{ vault_jwt_secret }}"
# Jellyfin
# Nextcloud
nextcloud_db_password: "{{ vault_nextcloud_db_password }}"
redis_password: "{{ vault_redis_password }}"
nextcloud_sendgrid_api_key: "{{ vault_nextcloud_sendgrid_api_key }}"

88
group_vars/alpina/vault.yml Normal file
View File

@@ -0,0 +1,88 @@
$ANSIBLE_VAULT;1.1;AES256
66313038633762313266633234323232303734353935383962356166316262303532666530653432
6639323962333630623362663535306136633937316666610a393739383862626234636235626563
39333239663065303536633839306530626132633136383236643430653037353032653938386565
6164623333306630620a663539643737393637653466643162383930376636653366333062346432
35633666303436313139626337316337636335393636343137616661363030373264386534303762
32646336313635386439623932636537613365633561306165396535393862363764326436666337
65393363343230656635666666613139336432613563383730363030643630643861393035393033
30383866366563663337333330333132646631613764303261616336326439386133386431666233
61663866653839623634313836306362383066653135333535643630343939323235613963393837
38623439353038643130646664373063656130333533633936643066363030313534373038646166
37633739353562303631663565626636393136636332313932396237393866343762386565626164
63393932656533366137353864343238646234346461323162653465326334333136303333313362
33646362613436643733643763623337386661346531666136623635303166633838353132386264
66386136616531633138316631663437306130626665626333386137356431326334323361383737
37393465626264386336373936323564333031356562393239623636616338626563323065316634
31313461343030323637363432666130306338353934633164316332613065303237326234666264
35383666636236393030353732663866363738613463633832313336356637613838336263343330
34343061386539633635323565613061373930326665636361316636363232626239343233376238
36653834646132333938373637346633613365626636303836646435306166316138666139626134
36356663333237646234393437396334663366396630393562303536323866376432643539646264
36343433633563396363623435323466386337313762643136316665663936366232366233666165
31656531643230363231313166343461373462663536333165633432326634623435623762616665
63343534396232303266303062666563636432323739656434653138366437303030393535343930
38326562336338663565343762313132303138383461353034326638376230623232313365363038
38663830336131306336336162383335616132666239343931643838376165643063383034363761
62633034396163306539383039316164333664316566376436653432383837363437653766643933
61333830653263306366306234653166636634333162386362333734626338333766363939643335
66613466626130363233393738663763636665656632336634333963636436643430613430316439
66333964636233613233393434633938333964376334346637303135346334653536393635393563
34316230353838626566326436323836373630356138323632383635663432336563316464633637
62316361323138653234616634633633326231626462313964326339353839663738656132393731
36353030633637373633376134373739646639623264346362363030383064323336346538356264
32373739616166633462623134353538363036323833393837393335396131316233373335356531
36613262303639633031306238376165366432653664613233663562326336303433646664616337
66356334633863383631376365383634326430623165383337336166326662623738383966663436
34343136326332626536653963656534336366376366326636353364333437383435633335313535
65343831333562616362373832666136633764303731323632333032376634636663626364373765
61306339306439666362656361653837313038616538646637383734386435646539303565366332
63366630303139623464323539303365393666333230646138393131336131626635333466333633
62393261313539363836643666343735653466616433396333326439663931663666333164643465
31393930343733313062643366643661313532636432616338666361623964303961363730643531
38613934646238666663336233356631323738663962336634623436613564616535623161303664
65366464636235356435333666643036316639646437376463366562346231386436663736633364
30316138393062363162353962313366323936323433396332383337326530326538653764336536
61646232313633626632643530636565376435343562663338613336353533666165613665323564
36396339383637643532633630613135653262306662383737353939636533646531656639643733
39353464336161623266646533633837373334336535663532646439316533393436333430653133
32353066386562653563313733343233303534396663656233656462636661356331346134306332
30633862643232333362353238633632336135623861383931653334333161623764333865613135
30633830636136306335646338613261616265653166393939306365306261313933363639363333
39303063633033336637306233326232373665623430386332333765326539653035336565313330
30343836336165313932626633326565356664393162363561326466623133313663616161383166
66646230383033336630363536623734653764333665383261663362633339356462626161373061
30316138653563616563303762663166366230313062626631623964323434663561303939333934
63313037386264653866373535643233666339663433616438363237613733633633363236396438
64353664333634396531346465623064626338613136666161666663323762333135316265326662
66376237316563333834383431323033366135383937383465666666613835303938393936303764
38636239303535326166363261386339356330366533323938333066386236396665356362383134
37323066666233633035666262366133396134633165633633386233633166313465623335626536
37333931666135333638306665633539613362646633623831386538646262383565396633323037
39306561666238643438616238356632633165343732663261663836623333356165343663613239
35303436633666376637366233323662613933313234646265633738663561386664333462656238
39393662633037663764663639396132636337323636633631353565616666663463393663373465
35373731643164373065623138346432396661613065303230386634393864336333356134366464
30653438653933323839326539613038326461623735393361346230333835326631356134376366
32626230643163393932356231623365653832333237353237303438616439323463376539333236
64663166306536353262613731373136633432376564636331396435313735616638306363643762
61623038633564356165353562336462396138313534393636653233373732343437383632313266
66343434633431383162633135313639656666386139306165343536333265623633373062363038
36326236366130303034633339626235353661316237613232333432336264373131376364323334
34343039623165663861363463323466333863333764663439366233636132656238363961623463
66363336633061363237623238383338323430616261303430313535396666636165356166363166
38376363396636643239636238666532396537623737623538383130623239666630376661303536
36613334663164303361366165653964323132393135376666646663323538653066326461333932
65663730626164636334626264393539623637313661383963663733383636363663386665386332
65363735646633613762343230653731646261653937633032383332653264643532386263333865
31373435313230346336616230306336643763613439666365303363613865313331366537316431
35613439643036663136303164626134646332333465383264353036353564333035633262303166
34393138343463646532323136623562386237376333636531626561393633376238393138303239
66386365303166383736323435336432383634616239353565623962333939373266376632333734
62356230323531316564316439376137346431636462303062333933303965616232313739643665
33653962333037306333363534313933666163393465306534653837303164346333333665353032
66336333656335353239356232383561663831323763376663666365383834353166373461383631
38666665343036353437323961636534303537386266303133356465633262393132333134663034
66303939393562633363373131303730663634303162396565656266613163646331333230306234
37366137323230613331623239383765383230633134306466633839363765633961626265356365
623166373834383030373932623664303765

2
group_vars/docker_hosts.yml
View File

@@ -1,2 +0,0 @@
---
my_svc_path: ~/services

14
inventories/prod/group_vars/alpina/vars.yml Normal file
View File

@@ -0,0 +1,14 @@
# Environment specific variables (prod)
---
docker_ipv6_index: 255
# Arrstack VPN
wg_privkey: "{{ vault_wg_privkey }}"
wg_psk: "{{ vault_wg_psk }}"
wg_addresses: "{{ vault_wg_addresses }}"
fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
# Authentik GitHub OAuth
github_consumer_key: 32d5cae58d744c56fcc9
github_consumer_secret: "{{ vault_github_consumer_secret }}"

21
inventories/prod/group_vars/alpina/vault.yml Normal file
View File

@@ -0,0 +1,21 @@
$ANSIBLE_VAULT;1.1;AES256
61656162363565633436373135333536623561663136303736393865623830633539376362363363
3938333137343336626634346262363964316563643261310a366538363037343965363766646535
61636239326464373039333462653562373933396665393039633266326234663335363337666439
6137323332303533640a383062383135633762323561313666636566306531306636633466316536
66623731626266333731303336323733343336626366343833633365616330343565363035323039
35313961383131616133386663376331336639633137383137346164353632653939363266613562
36316631366661353632386230306532633862393963663465383862653964646462666334396666
66626636353539316266343937623662613336616331626439306538363764636366656635356639
30663535393366383261333832356237373230663037373638303161303534636230616464636265
37623938303638646233346338616239393838396433313063343065386666323264646461373032
63376661646139316430303533643063336634333364643231336130613638626431623732646434
63643833353164313465633333646232653761356333323933396666323837656334343866363762
39646263653137356632323534356631366531636530613736343438393136363835373435636230
30313163386335353935663432323033326235653963653930396235373863373232666334326661
34336632666365666563326366376461386130343965363832343430396537323734363533353065
64313837623366356261383437306465633730353332636561333462356363326132313933653234
66363634333664333433613466396639306436353035346134373430663532373934343861323262
30666664336336393835346234316238613839326436363162626439376530306133343530303365
65393030633237333166336637363435646435323736353461333932366638333264333239373733
30623062643336643431

4
inventories/prod/hosts
View File

@@ -1,2 +1,2 @@
[docker_hosts]
root@alpina.lab.home
[alpina]
debbi.lab.home

14
inventories/staging/group_vars/alpina/vars.yml Normal file
View File

@@ -0,0 +1,14 @@
# Environment specific variables (staging)
---
docker_ipv6_index: 254
# Arrstack VPN
wg_privkey: "{{ vault_wg_privkey }}"
wg_psk: "{{ vault_wg_psk }}"
wg_addresses: "{{ vault_wg_addresses }}"
fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
# Authentik GitHub OAuth
github_consumer_key: dbacb8621c37320eb745
github_consumer_secret: "{{ vault_github_consumer_secret }}"

21
inventories/staging/group_vars/alpina/vault.yml Normal file
View File

@@ -0,0 +1,21 @@
$ANSIBLE_VAULT;1.1;AES256
63633535633462326534626562373461373363643166383961303861623531663263323534366537
3263633238646439306430356365623233313838326639350a386633363434623737313565316535
33393734633937333637373432366132323366343836393538366339626235613937323066613666
3737393262646333390a623331333461373563313166323232343234616538623433376166313532
32323834346336336164343938303062336438643566343866316164643535663039326331646465
36666162393365323633646635333666613030386265306238633434303234336439646663356363
63323638373035326465633934326363316364616539613462653232393465633233366666373664
66616361646564303530356331323864343966633736643434653237316236363063613634646438
35303238646632616465643264316164363139393834626362326538613033656464323435396638
31346631653764303332386331663361623766333332366537313634636333346538653537346631
62363438303036386530633236376633326162336434343861346261373835653735323161323965
62353965373164616537346134303232363033323134323130316439386339613966646330666533
65346239383230646565346133663530613462363532663562326136376233303638323332326630
35656432363563653663616236393932663637323139666664636237336136366438656666633865
66353162656364356638313236643131613830393838636264663833343461373963613431656364
32303331623033303433333631313038316336653638656638373031653234356164333363336532
37316334353463376562643138346633613633353536653939376564333166323931353634333736
63616133663266383339323562343265613461623865623263623139396163343065623264366230
32633362336335396562366563363830636133376238646433386236666461333731353337386333
61323931643766326338

4
inventories/staging/hosts
View File

@@ -1,2 +1,2 @@
[docker_hosts]
root@etapp.lab.home
[alpina]
etappi.lab.home

595
poetry.lock generated
View File

@@ -1,30 +1,28 @@
# This file is automatically @generated by Poetry 1.4.0 and should not be changed by hand.
# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
[[package]]
name = "ansible"
version = "7.3.0"
version = "10.5.0"
description = "Radically simple IT automation"
category = "main"
optional = false
python-versions = ">=3.9"
python-versions = ">=3.10"
files = [
{file = "ansible-7.3.0-py3-none-any.whl", hash = "sha256:5039bf0fe4cbb9dcc3dbefe464fe2fa7fe75d8548814f00c478d5fe90c3e3979"},
{file = "ansible-7.3.0.tar.gz", hash = "sha256:56c2fd97487b2cc83e39e895d8dfad8b2a5df34d490394a15735ebcfdc45f5be"},
{file = "ansible-10.5.0-py3-none-any.whl", hash = "sha256:1d10bddba58f1edd0fe0b8e0387e0fafc519535066bb3c919c33b6ea3ec32a0f"},
{file = "ansible-10.5.0.tar.gz", hash = "sha256:ba2045031a7d60c203b6e5fe1f8eaddd53ae076f7ada910e636494384135face"},
]
[package.dependencies]
ansible-core = ">=2.14.3,<2.15.0"
ansible-core = ">=2.17.5,<2.18.0"
[[package]]
name = "ansible-core"
version = "2.14.3"
version = "2.17.5"
description = "Radically simple IT automation"
category = "main"
optional = false
python-versions = ">=3.9"
python-versions = ">=3.10"
files = [
{file = "ansible-core-2.14.3.tar.gz", hash = "sha256:093a4bc4a1259eaeb56ea37ec1d33cf1836c88f39281d89197f8d3480e068a58"},
{file = "ansible_core-2.14.3-py3-none-any.whl", hash = "sha256:a4b36bfdd7aa3534d449e9ae6a9fd82d8e513fda8caaf5d18e1e27d217151c8c"},
{file = "ansible_core-2.17.5-py3-none-any.whl", hash = "sha256:10f165b475cf2bc8d886e532cadb32c52ee6a533649793101d3166bca9bd3ea3"},
{file = "ansible_core-2.17.5.tar.gz", hash = "sha256:ae7f51fd13dc9d57c9bcd43ef23f9c255ca8f18f4b5c0011a4f9b724d92c5a8e"},
]
[package.dependencies]
@@ -32,80 +30,119 @@ cryptography = "*"
jinja2 = ">=3.0.0"
packaging = "*"
PyYAML = ">=5.1"
resolvelib = ">=0.5.3,<0.9.0"
resolvelib = ">=0.5.3,<1.1.0"
[[package]]
name = "cffi"
version = "1.15.1"
description = "Foreign Function Interface for Python calling C code."
category = "main"
name = "ansible-vault"
version = "2.1.0"
description = "R/W an ansible-vault yaml file"
optional = false
python-versions = "*"
files = [
{file = "cffi-1.15.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2"},
{file = "cffi-1.15.1-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2"},
{file = "cffi-1.15.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914"},
{file = "cffi-1.15.1-cp27-cp27m-win32.whl", hash = "sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3"},
{file = "cffi-1.15.1-cp27-cp27m-win_amd64.whl", hash = "sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e"},
{file = "cffi-1.15.1-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162"},
{file = "cffi-1.15.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b"},
{file = "cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21"},
{file = "cffi-1.15.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185"},
{file = "cffi-1.15.1-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd"},
{file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc"},
{file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f"},
{file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e"},
{file = "cffi-1.15.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4"},
{file = "cffi-1.15.1-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01"},
{file = "cffi-1.15.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e"},
{file = "cffi-1.15.1-cp310-cp310-win32.whl", hash = "sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2"},
{file = "cffi-1.15.1-cp310-cp310-win_amd64.whl", hash = "sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d"},
{file = "cffi-1.15.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac"},
{file = "cffi-1.15.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83"},
{file = "cffi-1.15.1-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9"},
{file = "cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c"},
{file = "cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325"},
{file = "cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c"},
{file = "cffi-1.15.1-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef"},
{file = "cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8"},
{file = "cffi-1.15.1-cp311-cp311-win32.whl", hash = "sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d"},
{file = "cffi-1.15.1-cp311-cp311-win_amd64.whl", hash = "sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104"},
{file = "cffi-1.15.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7"},
{file = "cffi-1.15.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6"},
{file = "cffi-1.15.1-cp36-cp36m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d"},
{file = "cffi-1.15.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a"},
{file = "cffi-1.15.1-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405"},
{file = "cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e"},
{file = "cffi-1.15.1-cp36-cp36m-win32.whl", hash = "sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf"},
{file = "cffi-1.15.1-cp36-cp36m-win_amd64.whl", hash = "sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497"},
{file = "cffi-1.15.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375"},
{file = "cffi-1.15.1-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e"},
{file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82"},
{file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b"},
{file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c"},
{file = "cffi-1.15.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426"},
{file = "cffi-1.15.1-cp37-cp37m-win32.whl", hash = "sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9"},
{file = "cffi-1.15.1-cp37-cp37m-win_amd64.whl", hash = "sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045"},
{file = "cffi-1.15.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3"},
{file = "cffi-1.15.1-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a"},
{file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5"},
{file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca"},
{file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02"},
{file = "cffi-1.15.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192"},
{file = "cffi-1.15.1-cp38-cp38-win32.whl", hash = "sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314"},
{file = "cffi-1.15.1-cp38-cp38-win_amd64.whl", hash = "sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5"},
{file = "cffi-1.15.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585"},
{file = "cffi-1.15.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0"},
{file = "cffi-1.15.1-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415"},
{file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d"},
{file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984"},
{file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35"},
{file = "cffi-1.15.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27"},
{file = "cffi-1.15.1-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76"},
{file = "cffi-1.15.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3"},
{file = "cffi-1.15.1-cp39-cp39-win32.whl", hash = "sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee"},
{file = "cffi-1.15.1-cp39-cp39-win_amd64.whl", hash = "sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c"},
{file = "cffi-1.15.1.tar.gz", hash = "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9"},
{file = "ansible-vault-2.1.0.tar.gz", hash = "sha256:5ce8fdb5470f1449b76bf07ae2abc56480dad48356ae405c85b686efb64dbd5e"},
]
[package.dependencies]
ansible = "*"
setuptools = "*"
[package.extras]
dev = ["black", "flake8", "isort[pyproject]", "pytest"]
release = ["twine"]
[[package]]
name = "attrs"
version = "24.2.0"
description = "Classes Without Boilerplate"
optional = false
python-versions = ">=3.7"
files = [
{file = "attrs-24.2.0-py3-none-any.whl", hash = "sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"},
{file = "attrs-24.2.0.tar.gz", hash = "sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346"},
]
[package.extras]
benchmark = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-codspeed", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
cov = ["cloudpickle", "coverage[toml] (>=5.3)", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
docs = ["cogapp", "furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
tests = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
[[package]]
name = "cffi"
version = "1.17.1"
description = "Foreign Function Interface for Python calling C code."
optional = false
python-versions = ">=3.8"
files = [
{file = "cffi-1.17.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"},
{file = "cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67"},
{file = "cffi-1.17.1-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382"},
{file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702"},
{file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3"},
{file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6"},
{file = "cffi-1.17.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17"},
{file = "cffi-1.17.1-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8"},
{file = "cffi-1.17.1-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e"},
{file = "cffi-1.17.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be"},
{file = "cffi-1.17.1-cp310-cp310-win32.whl", hash = "sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c"},
{file = "cffi-1.17.1-cp310-cp310-win_amd64.whl", hash = "sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15"},
{file = "cffi-1.17.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401"},
{file = "cffi-1.17.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf"},
{file = "cffi-1.17.1-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4"},
{file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41"},
{file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1"},
{file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6"},
{file = "cffi-1.17.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d"},
{file = "cffi-1.17.1-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6"},
{file = "cffi-1.17.1-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f"},
{file = "cffi-1.17.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b"},
{file = "cffi-1.17.1-cp311-cp311-win32.whl", hash = "sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655"},
{file = "cffi-1.17.1-cp311-cp311-win_amd64.whl", hash = "sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0"},
{file = "cffi-1.17.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4"},
{file = "cffi-1.17.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c"},
{file = "cffi-1.17.1-cp312-cp312-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36"},
{file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5"},
{file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff"},
{file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99"},
{file = "cffi-1.17.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93"},
{file = "cffi-1.17.1-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3"},
{file = "cffi-1.17.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8"},
{file = "cffi-1.17.1-cp312-cp312-win32.whl", hash = "sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65"},
{file = "cffi-1.17.1-cp312-cp312-win_amd64.whl", hash = "sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903"},
{file = "cffi-1.17.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e"},
{file = "cffi-1.17.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2"},
{file = "cffi-1.17.1-cp313-cp313-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3"},
{file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683"},
{file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5"},
{file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4"},
{file = "cffi-1.17.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd"},
{file = "cffi-1.17.1-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed"},
{file = "cffi-1.17.1-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9"},
{file = "cffi-1.17.1-cp313-cp313-win32.whl", hash = "sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d"},
{file = "cffi-1.17.1-cp313-cp313-win_amd64.whl", hash = "sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a"},
{file = "cffi-1.17.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b"},
{file = "cffi-1.17.1-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964"},
{file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9"},
{file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc"},
{file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c"},
{file = "cffi-1.17.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1"},
{file = "cffi-1.17.1-cp38-cp38-win32.whl", hash = "sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8"},
{file = "cffi-1.17.1-cp38-cp38-win_amd64.whl", hash = "sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1"},
{file = "cffi-1.17.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16"},
{file = "cffi-1.17.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36"},
{file = "cffi-1.17.1-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8"},
{file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576"},
{file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87"},
{file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0"},
{file = "cffi-1.17.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3"},
{file = "cffi-1.17.1-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595"},
{file = "cffi-1.17.1-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a"},
{file = "cffi-1.17.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e"},
{file = "cffi-1.17.1-cp39-cp39-win32.whl", hash = "sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7"},
{file = "cffi-1.17.1-cp39-cp39-win_amd64.whl", hash = "sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662"},
{file = "cffi-1.17.1.tar.gz", hash = "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824"},
]
[package.dependencies]
@@ -113,60 +150,79 @@ pycparser = "*"
[[package]]
name = "cryptography"
version = "39.0.2"
version = "43.0.1"
description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
category = "main"
optional = false
python-versions = ">=3.6"
files = [
{file = "cryptography-39.0.2-cp36-abi3-macosx_10_12_universal2.whl", hash = "sha256:2725672bb53bb92dc7b4150d233cd4b8c59615cd8288d495eaa86db00d4e5c06"},
{file = "cryptography-39.0.2-cp36-abi3-macosx_10_12_x86_64.whl", hash = "sha256:23df8ca3f24699167daf3e23e51f7ba7334d504af63a94af468f468b975b7dd7"},
{file = "cryptography-39.0.2-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:eb40fe69cfc6f5cdab9a5ebd022131ba21453cf7b8a7fd3631f45bbf52bed612"},
{file = "cryptography-39.0.2-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bc0521cce2c1d541634b19f3ac661d7a64f9555135e9d8af3980965be717fd4a"},
{file = "cryptography-39.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ffd394c7896ed7821a6d13b24657c6a34b6e2650bd84ae063cf11ccffa4f1a97"},
{file = "cryptography-39.0.2-cp36-abi3-manylinux_2_24_x86_64.whl", hash = "sha256:e8a0772016feeb106efd28d4a328e77dc2edae84dfbac06061319fdb669ff828"},
{file = "cryptography-39.0.2-cp36-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:8f35c17bd4faed2bc7797d2a66cbb4f986242ce2e30340ab832e5d99ae60e011"},
{file = "cryptography-39.0.2-cp36-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:b49a88ff802e1993b7f749b1eeb31134f03c8d5c956e3c125c75558955cda536"},
{file = "cryptography-39.0.2-cp36-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:5f8c682e736513db7d04349b4f6693690170f95aac449c56f97415c6980edef5"},
{file = "cryptography-39.0.2-cp36-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:d7d84a512a59f4412ca8549b01f94be4161c94efc598bf09d027d67826beddc0"},
{file = "cryptography-39.0.2-cp36-abi3-win32.whl", hash = "sha256:c43ac224aabcbf83a947eeb8b17eaf1547bce3767ee2d70093b461f31729a480"},
{file = "cryptography-39.0.2-cp36-abi3-win_amd64.whl", hash = "sha256:788b3921d763ee35dfdb04248d0e3de11e3ca8eb22e2e48fef880c42e1f3c8f9"},
{file = "cryptography-39.0.2-pp38-pypy38_pp73-macosx_10_12_x86_64.whl", hash = "sha256:d15809e0dbdad486f4ad0979753518f47980020b7a34e9fc56e8be4f60702fac"},
{file = "cryptography-39.0.2-pp38-pypy38_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:50cadb9b2f961757e712a9737ef33d89b8190c3ea34d0fb6675e00edbe35d074"},
{file = "cryptography-39.0.2-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:103e8f7155f3ce2ffa0049fe60169878d47a4364b277906386f8de21c9234aa1"},
{file = "cryptography-39.0.2-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:6236a9610c912b129610eb1a274bdc1350b5df834d124fa84729ebeaf7da42c3"},
{file = "cryptography-39.0.2-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:e944fe07b6f229f4c1a06a7ef906a19652bdd9fd54c761b0ff87e83ae7a30354"},
{file = "cryptography-39.0.2-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:35d658536b0a4117c885728d1a7032bdc9a5974722ae298d6c533755a6ee3915"},
{file = "cryptography-39.0.2-pp39-pypy39_pp73-manylinux_2_24_x86_64.whl", hash = "sha256:30b1d1bfd00f6fc80d11300a29f1d8ab2b8d9febb6ed4a38a76880ec564fae84"},
{file = "cryptography-39.0.2-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:e029b844c21116564b8b61216befabca4b500e6816fa9f0ba49527653cae2108"},
{file = "cryptography-39.0.2-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:fa507318e427169ade4e9eccef39e9011cdc19534f55ca2f36ec3f388c1f70f3"},
{file = "cryptography-39.0.2-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:8bc0008ef798231fac03fe7d26e82d601d15bd16f3afaad1c6113771566570f3"},
{file = "cryptography-39.0.2.tar.gz", hash = "sha256:bc5b871e977c8ee5a1bbc42fa8d19bcc08baf0c51cbf1586b0e87a2694dde42f"},
]
[package.dependencies]
cffi = ">=1.12"
[package.extras]
docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"]
docstest = ["pyenchant (>=1.6.11)", "sphinxcontrib-spelling (>=4.0.1)", "twine (>=1.12.0)"]
pep8test = ["black", "check-manifest", "mypy", "ruff", "types-pytz", "types-requests"]
sdist = ["setuptools-rust (>=0.11.4)"]
ssh = ["bcrypt (>=3.1.5)"]
test = ["hypothesis (>=1.11.4,!=3.79.2)", "iso8601", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-shard (>=0.1.2)", "pytest-subtests", "pytest-xdist", "pytz"]
test-randomorder = ["pytest-randomly"]
tox = ["tox"]
[[package]]
name = "jinja2"
version = "3.1.2"
description = "A very fast and expressive template engine."
category = "main"
optional = false
python-versions = ">=3.7"
files = [
{file = "Jinja2-3.1.2-py3-none-any.whl", hash = "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"},
{file = "Jinja2-3.1.2.tar.gz", hash = "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"},
{file = "cryptography-43.0.1-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d"},
{file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:27e613d7077ac613e399270253259d9d53872aaf657471473ebfc9a52935c062"},
{file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:68aaecc4178e90719e95298515979814bda0cbada1256a4485414860bd7ab962"},
{file = "cryptography-43.0.1-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:de41fd81a41e53267cb020bb3a7212861da53a7d39f863585d13ea11049cf277"},
{file = "cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f98bf604c82c416bc829e490c700ca1553eafdf2912a91e23a79d97d9801372a"},
{file = "cryptography-43.0.1-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:61ec41068b7b74268fa86e3e9e12b9f0c21fcf65434571dbb13d954bceb08042"},
{file = "cryptography-43.0.1-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:014f58110f53237ace6a408b5beb6c427b64e084eb451ef25a28308270086494"},
{file = "cryptography-43.0.1-cp37-abi3-win32.whl", hash = "sha256:2bd51274dcd59f09dd952afb696bf9c61a7a49dfc764c04dd33ef7a6b502a1e2"},
{file = "cryptography-43.0.1-cp37-abi3-win_amd64.whl", hash = "sha256:666ae11966643886c2987b3b721899d250855718d6d9ce41b521252a17985f4d"},
{file = "cryptography-43.0.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:ac119bb76b9faa00f48128b7f5679e1d8d437365c5d26f1c2c3f0da4ce1b553d"},
{file = "cryptography-43.0.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1bbcce1a551e262dfbafb6e6252f1ae36a248e615ca44ba302df077a846a8806"},
{file = "cryptography-43.0.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58d4e9129985185a06d849aa6df265bdd5a74ca6e1b736a77959b498e0505b85"},
{file = "cryptography-43.0.1-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:d03a475165f3134f773d1388aeb19c2d25ba88b6a9733c5c590b9ff7bbfa2e0c"},
{file = "cryptography-43.0.1-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:511f4273808ab590912a93ddb4e3914dfd8a388fed883361b02dea3791f292e1"},
{file = "cryptography-43.0.1-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:80eda8b3e173f0f247f711eef62be51b599b5d425c429b5d4ca6a05e9e856baa"},
{file = "cryptography-43.0.1-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:38926c50cff6f533f8a2dae3d7f19541432610d114a70808f0926d5aaa7121e4"},
{file = "cryptography-43.0.1-cp39-abi3-win32.whl", hash = "sha256:a575913fb06e05e6b4b814d7f7468c2c660e8bb16d8d5a1faf9b33ccc569dd47"},
{file = "cryptography-43.0.1-cp39-abi3-win_amd64.whl", hash = "sha256:d75601ad10b059ec832e78823b348bfa1a59f6b8d545db3a24fd44362a1564cb"},
{file = "cryptography-43.0.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:ea25acb556320250756e53f9e20a4177515f012c9eaea17eb7587a8c4d8ae034"},
{file = "cryptography-43.0.1-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:c1332724be35d23a854994ff0b66530119500b6053d0bd3363265f7e5e77288d"},
{file = "cryptography-43.0.1-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:fba1007b3ef89946dbbb515aeeb41e30203b004f0b4b00e5e16078b518563289"},
{file = "cryptography-43.0.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:5b43d1ea6b378b54a1dc99dd8a2b5be47658fe9a7ce0a58ff0b55f4b43ef2b84"},
{file = "cryptography-43.0.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:88cce104c36870d70c49c7c8fd22885875d950d9ee6ab54df2745f83ba0dc365"},
{file = "cryptography-43.0.1-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:9d3cdb25fa98afdd3d0892d132b8d7139e2c087da1712041f6b762e4f807cc96"},
{file = "cryptography-43.0.1-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:e710bf40870f4db63c3d7d929aa9e09e4e7ee219e703f949ec4073b4294f6172"},
{file = "cryptography-43.0.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:7c05650fe8023c5ed0d46793d4b7d7e6cd9c04e68eabe5b0aeea836e37bdcec2"},
{file = "cryptography-43.0.1.tar.gz", hash = "sha256:203e92a75716d8cfb491dc47c79e17d0d9207ccffcbcb35f598fbe463ae3444d"},
]
[package.dependencies]
cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""}
[package.extras]
docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"]
docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"]
nox = ["nox"]
pep8test = ["check-sdist", "click", "mypy", "ruff"]
sdist = ["build"]
ssh = ["bcrypt (>=3.1.5)"]
test = ["certifi", "cryptography-vectors (==43.0.1)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"]
test-randomorder = ["pytest-randomly"]
[[package]]
name = "grafanalib"
version = "0.7.1"
description = "Library for building Grafana dashboards"
optional = false
python-versions = "*"
files = [
{file = "grafanalib-0.7.1-py3-none-any.whl", hash = "sha256:6fab5d7b837a1f2d1322ef762cd52e565ec0422707a7512765c59f668bdceb58"},
{file = "grafanalib-0.7.1.tar.gz", hash = "sha256:3d92bb4e92ae78fe4e21c5b252ab51f4fdcacd8523ba5a44545b897b2a375b83"},
]
[package.dependencies]
attrs = ">=15.2.0"
[package.extras]
dev = ["flake8", "pytest"]
[[package]]
name = "jinja2"
version = "3.1.4"
description = "A very fast and expressive template engine."
optional = false
python-versions = ">=3.7"
files = [
{file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
{file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
]
[package.dependencies]
@@ -177,148 +233,181 @@ i18n = ["Babel (>=2.7)"]
[[package]]
name = "markupsafe"
version = "2.1.2"
version = "3.0.1"
description = "Safely add untrusted strings to HTML/XML markup."
category = "main"
optional = false
python-versions = ">=3.7"
python-versions = ">=3.9"
files = [
{file = "MarkupSafe-2.1.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:665a36ae6f8f20a4676b53224e33d456a6f5a72657d9c83c2aa00765072f31f7"},
{file = "MarkupSafe-2.1.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:340bea174e9761308703ae988e982005aedf427de816d1afe98147668cc03036"},
{file = "MarkupSafe-2.1.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:22152d00bf4a9c7c83960521fc558f55a1adbc0631fbb00a9471e097b19d72e1"},
{file = "MarkupSafe-2.1.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:28057e985dace2f478e042eaa15606c7efccb700797660629da387eb289b9323"},
{file = "MarkupSafe-2.1.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ca244fa73f50a800cf8c3ebf7fd93149ec37f5cb9596aa8873ae2c1d23498601"},
{file = "MarkupSafe-2.1.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:d9d971ec1e79906046aa3ca266de79eac42f1dbf3612a05dc9368125952bd1a1"},
{file = "MarkupSafe-2.1.2-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:7e007132af78ea9df29495dbf7b5824cb71648d7133cf7848a2a5dd00d36f9ff"},
{file = "MarkupSafe-2.1.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:7313ce6a199651c4ed9d7e4cfb4aa56fe923b1adf9af3b420ee14e6d9a73df65"},
{file = "MarkupSafe-2.1.2-cp310-cp310-win32.whl", hash = "sha256:c4a549890a45f57f1ebf99c067a4ad0cb423a05544accaf2b065246827ed9603"},
{file = "MarkupSafe-2.1.2-cp310-cp310-win_amd64.whl", hash = "sha256:835fb5e38fd89328e9c81067fd642b3593c33e1e17e2fdbf77f5676abb14a156"},
{file = "MarkupSafe-2.1.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:2ec4f2d48ae59bbb9d1f9d7efb9236ab81429a764dedca114f5fdabbc3788013"},
{file = "MarkupSafe-2.1.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:608e7073dfa9e38a85d38474c082d4281f4ce276ac0010224eaba11e929dd53a"},
{file = "MarkupSafe-2.1.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:65608c35bfb8a76763f37036547f7adfd09270fbdbf96608be2bead319728fcd"},
{file = "MarkupSafe-2.1.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f2bfb563d0211ce16b63c7cb9395d2c682a23187f54c3d79bfec33e6705473c6"},
{file = "MarkupSafe-2.1.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:da25303d91526aac3672ee6d49a2f3db2d9502a4a60b55519feb1a4c7714e07d"},
{file = "MarkupSafe-2.1.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:9cad97ab29dfc3f0249b483412c85c8ef4766d96cdf9dcf5a1e3caa3f3661cf1"},
{file = "MarkupSafe-2.1.2-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:085fd3201e7b12809f9e6e9bc1e5c96a368c8523fad5afb02afe3c051ae4afcc"},
{file = "MarkupSafe-2.1.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:1bea30e9bf331f3fef67e0a3877b2288593c98a21ccb2cf29b74c581a4eb3af0"},
{file = "MarkupSafe-2.1.2-cp311-cp311-win32.whl", hash = "sha256:7df70907e00c970c60b9ef2938d894a9381f38e6b9db73c5be35e59d92e06625"},
{file = "MarkupSafe-2.1.2-cp311-cp311-win_amd64.whl", hash = "sha256:e55e40ff0cc8cc5c07996915ad367fa47da6b3fc091fdadca7f5403239c5fec3"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:a6e40afa7f45939ca356f348c8e23048e02cb109ced1eb8420961b2f40fb373a"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cf877ab4ed6e302ec1d04952ca358b381a882fbd9d1b07cccbfd61783561f98a"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:63ba06c9941e46fa389d389644e2d8225e0e3e5ebcc4ff1ea8506dce646f8c8a"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f1cd098434e83e656abf198f103a8207a8187c0fc110306691a2e94a78d0abb2"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:55f44b440d491028addb3b88f72207d71eeebfb7b5dbf0643f7c023ae1fba619"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:a6f2fcca746e8d5910e18782f976489939d54a91f9411c32051b4aab2bd7c513"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:0b462104ba25f1ac006fdab8b6a01ebbfbce9ed37fd37fd4acd70c67c973e460"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-win32.whl", hash = "sha256:7668b52e102d0ed87cb082380a7e2e1e78737ddecdde129acadb0eccc5423859"},
{file = "MarkupSafe-2.1.2-cp37-cp37m-win_amd64.whl", hash = "sha256:6d6607f98fcf17e534162f0709aaad3ab7a96032723d8ac8750ffe17ae5a0666"},
{file = "MarkupSafe-2.1.2-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:a806db027852538d2ad7555b203300173dd1b77ba116de92da9afbc3a3be3eed"},
{file = "MarkupSafe-2.1.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:a4abaec6ca3ad8660690236d11bfe28dfd707778e2442b45addd2f086d6ef094"},
{file = "MarkupSafe-2.1.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f03a532d7dee1bed20bc4884194a16160a2de9ffc6354b3878ec9682bb623c54"},
{file = "MarkupSafe-2.1.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4cf06cdc1dda95223e9d2d3c58d3b178aa5dacb35ee7e3bbac10e4e1faacb419"},
{file = "MarkupSafe-2.1.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:22731d79ed2eb25059ae3df1dfc9cb1546691cc41f4e3130fe6bfbc3ecbbecfa"},
{file = "MarkupSafe-2.1.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:f8ffb705ffcf5ddd0e80b65ddf7bed7ee4f5a441ea7d3419e861a12eaf41af58"},
{file = "MarkupSafe-2.1.2-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:8db032bf0ce9022a8e41a22598eefc802314e81b879ae093f36ce9ddf39ab1ba"},
{file = "MarkupSafe-2.1.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:2298c859cfc5463f1b64bd55cb3e602528db6fa0f3cfd568d3605c50678f8f03"},
{file = "MarkupSafe-2.1.2-cp38-cp38-win32.whl", hash = "sha256:50c42830a633fa0cf9e7d27664637532791bfc31c731a87b202d2d8ac40c3ea2"},
{file = "MarkupSafe-2.1.2-cp38-cp38-win_amd64.whl", hash = "sha256:bb06feb762bade6bf3c8b844462274db0c76acc95c52abe8dbed28ae3d44a147"},
{file = "MarkupSafe-2.1.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:99625a92da8229df6d44335e6fcc558a5037dd0a760e11d84be2260e6f37002f"},
{file = "MarkupSafe-2.1.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:8bca7e26c1dd751236cfb0c6c72d4ad61d986e9a41bbf76cb445f69488b2a2bd"},
{file = "MarkupSafe-2.1.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:40627dcf047dadb22cd25ea7ecfe9cbf3bbbad0482ee5920b582f3809c97654f"},
{file = "MarkupSafe-2.1.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:40dfd3fefbef579ee058f139733ac336312663c6706d1163b82b3003fb1925c4"},
{file = "MarkupSafe-2.1.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:090376d812fb6ac5f171e5938e82e7f2d7adc2b629101cec0db8b267815c85e2"},
{file = "MarkupSafe-2.1.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:2e7821bffe00aa6bd07a23913b7f4e01328c3d5cc0b40b36c0bd81d362faeb65"},
{file = "MarkupSafe-2.1.2-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:c0a33bc9f02c2b17c3ea382f91b4db0e6cde90b63b296422a939886a7a80de1c"},
{file = "MarkupSafe-2.1.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:b8526c6d437855442cdd3d87eede9c425c4445ea011ca38d937db299382e6fa3"},
{file = "MarkupSafe-2.1.2-cp39-cp39-win32.whl", hash = "sha256:137678c63c977754abe9086a3ec011e8fd985ab90631145dfb9294ad09c102a7"},
{file = "MarkupSafe-2.1.2-cp39-cp39-win_amd64.whl", hash = "sha256:0576fe974b40a400449768941d5d0858cc624e3249dfd1e0c33674e5c7ca7aed"},
{file = "MarkupSafe-2.1.2.tar.gz", hash = "sha256:abcabc8c2b26036d62d4c746381a6f7cf60aafcc653198ad678306986b09450d"},
{file = "MarkupSafe-3.0.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:db842712984e91707437461930e6011e60b39136c7331e971952bb30465bc1a1"},
{file = "MarkupSafe-3.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3ffb4a8e7d46ed96ae48805746755fadd0909fea2306f93d5d8233ba23dda12a"},
{file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:67c519635a4f64e495c50e3107d9b4075aec33634272b5db1cde839e07367589"},
{file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:48488d999ed50ba8d38c581d67e496f955821dc183883550a6fbc7f1aefdc170"},
{file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f31ae06f1328595d762c9a2bf29dafd8621c7d3adc130cbb46278079758779ca"},
{file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:80fcbf3add8790caddfab6764bde258b5d09aefbe9169c183f88a7410f0f6dea"},
{file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:3341c043c37d78cc5ae6e3e305e988532b072329639007fd408a476642a89fd6"},
{file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:cb53e2a99df28eee3b5f4fea166020d3ef9116fdc5764bc5117486e6d1211b25"},
{file = "MarkupSafe-3.0.1-cp310-cp310-win32.whl", hash = "sha256:db15ce28e1e127a0013dfb8ac243a8e392db8c61eae113337536edb28bdc1f97"},
{file = "MarkupSafe-3.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:4ffaaac913c3f7345579db4f33b0020db693f302ca5137f106060316761beea9"},
{file = "MarkupSafe-3.0.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:26627785a54a947f6d7336ce5963569b5d75614619e75193bdb4e06e21d447ad"},
{file = "MarkupSafe-3.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b954093679d5750495725ea6f88409946d69cfb25ea7b4c846eef5044194f583"},
{file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:973a371a55ce9ed333a3a0f8e0bcfae9e0d637711534bcb11e130af2ab9334e7"},
{file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:244dbe463d5fb6d7ce161301a03a6fe744dac9072328ba9fc82289238582697b"},
{file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d98e66a24497637dd31ccab090b34392dddb1f2f811c4b4cd80c230205c074a3"},
{file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ad91738f14eb8da0ff82f2acd0098b6257621410dcbd4df20aaa5b4233d75a50"},
{file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:7044312a928a66a4c2a22644147bc61a199c1709712069a344a3fb5cfcf16915"},
{file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:a4792d3b3a6dfafefdf8e937f14906a51bd27025a36f4b188728a73382231d91"},
{file = "MarkupSafe-3.0.1-cp311-cp311-win32.whl", hash = "sha256:fa7d686ed9883f3d664d39d5a8e74d3c5f63e603c2e3ff0abcba23eac6542635"},
{file = "MarkupSafe-3.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:9ba25a71ebf05b9bb0e2ae99f8bc08a07ee8e98c612175087112656ca0f5c8bf"},
{file = "MarkupSafe-3.0.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:8ae369e84466aa70f3154ee23c1451fda10a8ee1b63923ce76667e3077f2b0c4"},
{file = "MarkupSafe-3.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40f1e10d51c92859765522cbd79c5c8989f40f0419614bcdc5015e7b6bf97fc5"},
{file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5a4cb365cb49b750bdb60b846b0c0bc49ed62e59a76635095a179d440540c346"},
{file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ee3941769bd2522fe39222206f6dd97ae83c442a94c90f2b7a25d847d40f4729"},
{file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:62fada2c942702ef8952754abfc1a9f7658a4d5460fabe95ac7ec2cbe0d02abc"},
{file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:4c2d64fdba74ad16138300815cfdc6ab2f4647e23ced81f59e940d7d4a1469d9"},
{file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:fb532dd9900381d2e8f48172ddc5a59db4c445a11b9fab40b3b786da40d3b56b"},
{file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:0f84af7e813784feb4d5e4ff7db633aba6c8ca64a833f61d8e4eade234ef0c38"},
{file = "MarkupSafe-3.0.1-cp312-cp312-win32.whl", hash = "sha256:cbf445eb5628981a80f54087f9acdbf84f9b7d862756110d172993b9a5ae81aa"},
{file = "MarkupSafe-3.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:a10860e00ded1dd0a65b83e717af28845bb7bd16d8ace40fe5531491de76b79f"},
{file = "MarkupSafe-3.0.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:e81c52638315ff4ac1b533d427f50bc0afc746deb949210bc85f05d4f15fd772"},
{file = "MarkupSafe-3.0.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:312387403cd40699ab91d50735ea7a507b788091c416dd007eac54434aee51da"},
{file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2ae99f31f47d849758a687102afdd05bd3d3ff7dbab0a8f1587981b58a76152a"},
{file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c97ff7fedf56d86bae92fa0a646ce1a0ec7509a7578e1ed238731ba13aabcd1c"},
{file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a7420ceda262dbb4b8d839a4ec63d61c261e4e77677ed7c66c99f4e7cb5030dd"},
{file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:45d42d132cff577c92bfba536aefcfea7e26efb975bd455db4e6602f5c9f45e7"},
{file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:4c8817557d0de9349109acb38b9dd570b03cc5014e8aabf1cbddc6e81005becd"},
{file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:6a54c43d3ec4cf2a39f4387ad044221c66a376e58c0d0e971d47c475ba79c6b5"},
{file = "MarkupSafe-3.0.1-cp313-cp313-win32.whl", hash = "sha256:c91b394f7601438ff79a4b93d16be92f216adb57d813a78be4446fe0f6bc2d8c"},
{file = "MarkupSafe-3.0.1-cp313-cp313-win_amd64.whl", hash = "sha256:fe32482b37b4b00c7a52a07211b479653b7fe4f22b2e481b9a9b099d8a430f2f"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:17b2aea42a7280db02ac644db1d634ad47dcc96faf38ab304fe26ba2680d359a"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:852dc840f6d7c985603e60b5deaae1d89c56cb038b577f6b5b8c808c97580f1d"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0778de17cff1acaeccc3ff30cd99a3fd5c50fc58ad3d6c0e0c4c58092b859396"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:800100d45176652ded796134277ecb13640c1a537cad3b8b53da45aa96330453"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d06b24c686a34c86c8c1fba923181eae6b10565e4d80bdd7bc1c8e2f11247aa4"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:33d1c36b90e570ba7785dacd1faaf091203d9942bc036118fab8110a401eb1a8"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:beeebf760a9c1f4c07ef6a53465e8cfa776ea6a2021eda0d0417ec41043fe984"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:bbde71a705f8e9e4c3e9e33db69341d040c827c7afa6789b14c6e16776074f5a"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-win32.whl", hash = "sha256:82b5dba6eb1bcc29cc305a18a3c5365d2af06ee71b123216416f7e20d2a84e5b"},
{file = "MarkupSafe-3.0.1-cp313-cp313t-win_amd64.whl", hash = "sha256:730d86af59e0e43ce277bb83970530dd223bf7f2a838e086b50affa6ec5f9295"},
{file = "MarkupSafe-3.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:4935dd7883f1d50e2ffecca0aa33dc1946a94c8f3fdafb8df5c330e48f71b132"},
{file = "MarkupSafe-3.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e9393357f19954248b00bed7c56f29a25c930593a77630c719653d51e7669c2a"},
{file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:40621d60d0e58aa573b68ac5e2d6b20d44392878e0bfc159012a5787c4e35bc8"},
{file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f94190df587738280d544971500b9cafc9b950d32efcb1fba9ac10d84e6aa4e6"},
{file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b6a387d61fe41cdf7ea95b38e9af11cfb1a63499af2759444b99185c4ab33f5b"},
{file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:8ad4ad1429cd4f315f32ef263c1342166695fad76c100c5d979c45d5570ed58b"},
{file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:e24bfe89c6ac4c31792793ad9f861b8f6dc4546ac6dc8f1c9083c7c4f2b335cd"},
{file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:2a4b34a8d14649315c4bc26bbfa352663eb51d146e35eef231dd739d54a5430a"},
{file = "MarkupSafe-3.0.1-cp39-cp39-win32.whl", hash = "sha256:242d6860f1fd9191aef5fae22b51c5c19767f93fb9ead4d21924e0bcb17619d8"},
{file = "MarkupSafe-3.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:93e8248d650e7e9d49e8251f883eed60ecbc0e8ffd6349e18550925e31bd029b"},
{file = "markupsafe-3.0.1.tar.gz", hash = "sha256:3e683ee4f5d0fa2dde4db77ed8dd8a876686e3fc417655c2ece9a90576905344"},
]
[[package]]
name = "packaging"
version = "23.0"
description = "Core utilities for Python packages"
category = "main"
name = "netaddr"
version = "1.3.0"
description = "A network address manipulation library for Python"
optional = false
python-versions = ">=3.7"
files = [
{file = "packaging-23.0-py3-none-any.whl", hash = "sha256:714ac14496c3e68c99c29b00845f7a2b85f3bb6f1078fd9f72fd20f0570002b2"},
{file = "packaging-23.0.tar.gz", hash = "sha256:b6ad297f8907de0fa2fe1ccbd26fdaf387f5f47c7275fedf8cce89f99446cf97"},
{file = "netaddr-1.3.0-py3-none-any.whl", hash = "sha256:c2c6a8ebe5554ce33b7d5b3a306b71bbb373e000bbbf2350dd5213cc56e3dbbe"},
{file = "netaddr-1.3.0.tar.gz", hash = "sha256:5c3c3d9895b551b763779ba7db7a03487dc1f8e3b385af819af341ae9ef6e48a"},
]
[package.extras]
nicer-shell = ["ipython"]
[[package]]
name = "packaging"
version = "24.1"
description = "Core utilities for Python packages"
optional = false
python-versions = ">=3.8"
files = [
{file = "packaging-24.1-py3-none-any.whl", hash = "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"},
{file = "packaging-24.1.tar.gz", hash = "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002"},
]
[[package]]
name = "pycparser"
version = "2.21"
version = "2.22"
description = "C parser in Python"
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
python-versions = ">=3.8"
files = [
{file = "pycparser-2.21-py2.py3-none-any.whl", hash = "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9"},
{file = "pycparser-2.21.tar.gz", hash = "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"},
{file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"},
{file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"},
]
[[package]]
name = "pyyaml"
version = "6.0"
version = "6.0.2"
description = "YAML parser and emitter for Python"
category = "main"
optional = false
python-versions = ">=3.6"
python-versions = ">=3.8"
files = [
{file = "PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53"},
{file = "PyYAML-6.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c"},
{file = "PyYAML-6.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc"},
{file = "PyYAML-6.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b"},
{file = "PyYAML-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5"},
{file = "PyYAML-6.0-cp310-cp310-win32.whl", hash = "sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513"},
{file = "PyYAML-6.0-cp310-cp310-win_amd64.whl", hash = "sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a"},
{file = "PyYAML-6.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d4b0ba9512519522b118090257be113b9468d804b19d63c71dbcf4a48fa32358"},
{file = "PyYAML-6.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:81957921f441d50af23654aa6c5e5eaf9b06aba7f0a19c18a538dc7ef291c5a1"},
{file = "PyYAML-6.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:afa17f5bc4d1b10afd4466fd3a44dc0e245382deca5b3c353d8b757f9e3ecb8d"},
{file = "PyYAML-6.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:dbad0e9d368bb989f4515da330b88a057617d16b6a8245084f1b05400f24609f"},
{file = "PyYAML-6.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:432557aa2c09802be39460360ddffd48156e30721f5e8d917f01d31694216782"},
{file = "PyYAML-6.0-cp311-cp311-win32.whl", hash = "sha256:bfaef573a63ba8923503d27530362590ff4f576c626d86a9fed95822a8255fd7"},
{file = "PyYAML-6.0-cp311-cp311-win_amd64.whl", hash = "sha256:01b45c0191e6d66c470b6cf1b9531a771a83c1c4208272ead47a3ae4f2f603bf"},
{file = "PyYAML-6.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86"},
{file = "PyYAML-6.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f"},
{file = "PyYAML-6.0-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92"},
{file = "PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4"},
{file = "PyYAML-6.0-cp36-cp36m-win32.whl", hash = "sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293"},
{file = "PyYAML-6.0-cp36-cp36m-win_amd64.whl", hash = "sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57"},
{file = "PyYAML-6.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c"},
{file = "PyYAML-6.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0"},
{file = "PyYAML-6.0-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4"},
{file = "PyYAML-6.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9"},
{file = "PyYAML-6.0-cp37-cp37m-win32.whl", hash = "sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737"},
{file = "PyYAML-6.0-cp37-cp37m-win_amd64.whl", hash = "sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d"},
{file = "PyYAML-6.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b"},
{file = "PyYAML-6.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba"},
{file = "PyYAML-6.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34"},
{file = "PyYAML-6.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287"},
{file = "PyYAML-6.0-cp38-cp38-win32.whl", hash = "sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78"},
{file = "PyYAML-6.0-cp38-cp38-win_amd64.whl", hash = "sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07"},
{file = "PyYAML-6.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b"},
{file = "PyYAML-6.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174"},
{file = "PyYAML-6.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803"},
{file = "PyYAML-6.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3"},
{file = "PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0"},
{file = "PyYAML-6.0-cp39-cp39-win32.whl", hash = "sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb"},
{file = "PyYAML-6.0-cp39-cp39-win_amd64.whl", hash = "sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c"},
{file = "PyYAML-6.0.tar.gz", hash = "sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"},
{file = "PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"},
{file = "PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf"},
{file = "PyYAML-6.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237"},
{file = "PyYAML-6.0.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b"},
{file = "PyYAML-6.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed"},
{file = "PyYAML-6.0.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180"},
{file = "PyYAML-6.0.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68"},
{file = "PyYAML-6.0.2-cp310-cp310-win32.whl", hash = "sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99"},
{file = "PyYAML-6.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e"},
{file = "PyYAML-6.0.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774"},
{file = "PyYAML-6.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee"},
{file = "PyYAML-6.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c"},
{file = "PyYAML-6.0.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317"},
{file = "PyYAML-6.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85"},
{file = "PyYAML-6.0.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4"},
{file = "PyYAML-6.0.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e"},
{file = "PyYAML-6.0.2-cp311-cp311-win32.whl", hash = "sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5"},
{file = "PyYAML-6.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44"},
{file = "PyYAML-6.0.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab"},
{file = "PyYAML-6.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725"},
{file = "PyYAML-6.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5"},
{file = "PyYAML-6.0.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425"},
{file = "PyYAML-6.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476"},
{file = "PyYAML-6.0.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48"},
{file = "PyYAML-6.0.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b"},
{file = "PyYAML-6.0.2-cp312-cp312-win32.whl", hash = "sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4"},
{file = "PyYAML-6.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8"},
{file = "PyYAML-6.0.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba"},
{file = "PyYAML-6.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1"},
{file = "PyYAML-6.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133"},
{file = "PyYAML-6.0.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484"},
{file = "PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5"},
{file = "PyYAML-6.0.2-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc"},
{file = "PyYAML-6.0.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652"},
{file = "PyYAML-6.0.2-cp313-cp313-win32.whl", hash = "sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183"},
{file = "PyYAML-6.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563"},
{file = "PyYAML-6.0.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:24471b829b3bf607e04e88d79542a9d48bb037c2267d7927a874e6c205ca7e9a"},
{file = "PyYAML-6.0.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d7fded462629cfa4b685c5416b949ebad6cec74af5e2d42905d41e257e0869f5"},
{file = "PyYAML-6.0.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d84a1718ee396f54f3a086ea0a66d8e552b2ab2017ef8b420e92edbc841c352d"},
{file = "PyYAML-6.0.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9056c1ecd25795207ad294bcf39f2db3d845767be0ea6e6a34d856f006006083"},
{file = "PyYAML-6.0.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:82d09873e40955485746739bcb8b4586983670466c23382c19cffecbf1fd8706"},
{file = "PyYAML-6.0.2-cp38-cp38-win32.whl", hash = "sha256:43fa96a3ca0d6b1812e01ced1044a003533c47f6ee8aca31724f78e93ccc089a"},
{file = "PyYAML-6.0.2-cp38-cp38-win_amd64.whl", hash = "sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff"},
{file = "PyYAML-6.0.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:688ba32a1cffef67fd2e9398a2efebaea461578b0923624778664cc1c914db5d"},
{file = "PyYAML-6.0.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:a8786accb172bd8afb8be14490a16625cbc387036876ab6ba70912730faf8e1f"},
{file = "PyYAML-6.0.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d8e03406cac8513435335dbab54c0d385e4a49e4945d2909a581c83647ca0290"},
{file = "PyYAML-6.0.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12"},
{file = "PyYAML-6.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3b1fdb9dc17f5a7677423d508ab4f243a726dea51fa5e70992e59a7411c89d19"},
{file = "PyYAML-6.0.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:0b69e4ce7a131fe56b7e4d770c67429700908fc0752af059838b1cfb41960e4e"},
{file = "PyYAML-6.0.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:a9f8c2e67970f13b16084e04f134610fd1d374bf477b17ec1599185cf611d725"},
{file = "PyYAML-6.0.2-cp39-cp39-win32.whl", hash = "sha256:6395c297d42274772abc367baaa79683958044e5d3835486c16da75d2a694631"},
{file = "PyYAML-6.0.2-cp39-cp39-win_amd64.whl", hash = "sha256:39693e1f8320ae4f43943590b49779ffb98acb81f788220ea932a6b6c51004d8"},
{file = "pyyaml-6.0.2.tar.gz", hash = "sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e"},
]
[[package]]
name = "resolvelib"
version = "0.8.1"
version = "1.0.1"
description = "Resolve abstract dependencies into concrete ones"
category = "main"
optional = false
python-versions = "*"
files = [
{file = "resolvelib-0.8.1-py2.py3-none-any.whl", hash = "sha256:d9b7907f055c3b3a2cfc56c914ffd940122915826ff5fb5b1de0c99778f4de98"},
{file = "resolvelib-0.8.1.tar.gz", hash = "sha256:c6ea56732e9fb6fca1b2acc2ccc68a0b6b8c566d8f3e78e0443310ede61dbd37"},
{file = "resolvelib-1.0.1-py2.py3-none-any.whl", hash = "sha256:d2da45d1a8dfee81bdd591647783e340ef3bcb104b54c383f70d422ef5cc7dbf"},
{file = "resolvelib-1.0.1.tar.gz", hash = "sha256:04ce76cbd63fded2078ce224785da6ecd42b9564b1390793f64ddecbe997b309"},
]
[package.extras]
@@ -327,7 +416,27 @@ lint = ["black", "flake8", "isort", "mypy", "types-requests"]
release = ["build", "towncrier", "twine"]
test = ["commentjson", "packaging", "pytest"]
[[package]]
name = "setuptools"
version = "75.1.0"
description = "Easily download, build, install, upgrade, and uninstall Python packages"
optional = false
python-versions = ">=3.8"
files = [
{file = "setuptools-75.1.0-py3-none-any.whl", hash = "sha256:35ab7fd3bcd95e6b7fd704e4a1539513edad446c097797f2985e0e4b960772f2"},
{file = "setuptools-75.1.0.tar.gz", hash = "sha256:d59a21b17a275fb872a9c3dae73963160ae079f1049ed956880cd7c09b120538"},
]
[package.extras]
check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.5.2)"]
core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.collections", "jaraco.functools", "jaraco.text (>=3.7)", "more-itertools", "more-itertools (>=8.8)", "packaging", "packaging (>=24)", "platformdirs (>=2.6.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
cover = ["pytest-cov"]
doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
enabler = ["pytest-enabler (>=2.2)"]
test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
type = ["importlib-metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (==1.11.*)", "pytest-mypy"]
[metadata]
lock-version = "2.0"
python-versions = "^3.10"
content-hash = "fdbbbb1f3c9578e994fc064c9036557f370fe659bb84e4a5cf5ad29247968141"
content-hash = "334448cb0c7d192f0e10987a995ecefca5e136733cce4dd15dcc2238f1c371c8"

7
pyproject.toml
View File

@@ -7,7 +7,12 @@ readme = "README.md"
[tool.poetry.dependencies]
python = "^3.10"
ansible = "^7.3.0"
ansible = "^10.1.0"
ansible-vault = "^2.1.0"
netaddr = "^1.3.0"
[tool.poetry.dev-dependencies]
grafanalib = "^0.7.1"
[build-system]

15
roles/alpina/tasks/deploy_collection.yml Normal file
View File

@@ -0,0 +1,15 @@
- name: Ensure {{ collection }} collection directory exists
file:
path: "{{ alpina_svc_path }}/{{ collection }}"
state: directory
mode: "700"
- name: Deploy docker compose stacks for {{ collection }}
vars:
current_stack_name: "{{ stack }}"
current_stack_dest: "{{ alpina_svc_path }}/{{ collection }}/{{ stack }}"
current_stack_source: "{{ role_path }}/templates/{{ collection }}/{{ stack }}"
include_tasks: deploy_compose_stack.yml
loop: "{{ stacks }}"
loop_control:
loop_var: stack

42
roles/alpina/tasks/deploy_compose_stack.yml Normal file
View File

@@ -0,0 +1,42 @@
# https://stackoverflow.com/questions/41667864/can-the-templates-module-handle-multiple-templates-directories
- name: Ensure {{ stack }} stack directory exists
file:
path: "{{ current_stack_dest }}"
state: directory
mode: "700"
- name: Ensure directory structure exists
file:
path: "{{ current_stack_dest }}/{{ item.path }}"
state: directory
mode: "755"
loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
when: item.state == "directory"
- name: Generate {{ current_stack_name }} deployment from templates
template:
src: "{{ item.src }}"
dest: "{{ current_stack_dest }}/{{ item.path | regex_replace('\\.j2$', '') }}"
mode: "644"
loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
when: item.state == "file" and item.path | regex_search('\\.j2$')
- name: Generate {{ current_stack_name }} deployment from static files
copy:
src: "{{ item.src }}"
dest: "{{ current_stack_dest }}/{{ item.path }}"
mode: "644"
loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
when: item.state == "file" and not item.path | regex_search('\\.j2$')
- name: Deploy docker-compose for {{ current_stack_name }}
community.docker.docker_compose_v2:
project_src: "{{ current_stack_dest }}"
state: present
pull: always
remove_orphans: yes
register: docker_compose_output
# - debug:
# var: docker_compose_output

34
roles/alpina/tasks/main.yml Normal file
View File

@@ -0,0 +1,34 @@
- name: Register uid of remote user
command: id -u
register: remote_uid_command
changed_when: false
- name: Set fact for uid
set_fact:
remote_uid: "{{ remote_uid_command.stdout }}"
- name: Ensure alpina directory exists
file:
state: directory
path: "{{ alpina_svc_path }}"
mode: "700"
- name: Deploy collection services
vars:
collection: services
stacks:
- traefik
- monitoring
- authentik
- minio
import_tasks: deploy_collection.yml
- name: Deploy collection apps
vars:
collection: apps
stacks:
- gitea
- nextcloud
- jellyfin
- arrstack
import_tasks: deploy_collection.yml

33
roles/alpina/templates/apps/arrstack/.env.gluetun.j2 Normal file
View File

@@ -0,0 +1,33 @@
## ProtonVPN OpenVPN
#VPN_SERVICE_PROVIDER=protonvpn
#OPENVPN_USER=+pmp
#OPENVPN_PASSWORD=
#SERVER_HOSTNAMES=node-us-160.protonvpn.net,node-us-161.protonvpn.net
#VPN_PORT_FORWARDING=on
## ProtonVPN WireGuard
#VPN_SERVICE_PROVIDER=custom
#VPN_TYPE=wireguard
#VPN_ENDPOINT_IP=
#VPN_ENDPOINT_PORT=
#WIREGUARD_PUBLIC_KEY=
#WIREGUARD_PRIVATE_KEY=
#WIREGUARD_PRESHARED_KEY=
#WIREGUARD_ADDRESSES=
#VPN_DNS_ADDRESS=
#VPN_PORT_FORWARDING=on
#VPN_PORT_FORWARDING_PROVIDER=protonvpn
## AirVPN
VPN_SERVICE_PROVIDER=airvpn
VPN_TYPE=wireguard
SERVER_NAMES={{ vpn_server_names }}
WIREGUARD_PUBLIC_KEY={{ wg_peer_pubkey }}
WIREGUARD_PRIVATE_KEY={{ wg_privkey }}
WIREGUARD_PRESHARED_KEY={{ wg_psk }}
WIREGUARD_ADDRESSES={{ wg_addresses }}
FIREWALL_VPN_INPUT_PORTS={{ fw_vpn_input_ports }}
UPDATER_PERIOD=24h
#FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/8,{{ docker_ipv6_subnet }}

88
roles/alpina/templates/apps/arrstack/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,88 @@
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
{{ helpers.default_network(249) | indent(2) }}
traefik_traefik:
external: true
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
env_file:
- .env.gluetun
restart: unless-stopped
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/arrstack/gluetun:/gluetun
qbittorrent:
image: linuxserver/qbittorrent:latest
container_name: qbittorrent
labels:
- {{ helpers.traefik_labels('qbit', port='8080', auth=true) | indent(6) }}
restart: unless-stopped
environment:
{# Keeping this for debugging purposes -#}
- DOCKER_MODS=linuxserver/mods:universal-package-install
network_mode: service:gluetun
volumes:
- {{ base_volume_path }}/arrstack/config/qbittorrent:/config
- {{ base_volume_path }}/arrstack/downloads:/downloads
- {{ media_volume_path }}/Plex:/media/Plex
- {{ media_volume_path }}/iso-img:/media/iso-img
depends_on:
gluetun:
condition: service_healthy
prowlarr:
image: linuxserver/prowlarr:latest
container_name: prowlarr
labels:
- {{ helpers.traefik_labels('prowlarr', port='9696', auth=true) | indent(6) }}
restart: unless-stopped
depends_on:
- qbittorrent
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/arrstack/config/prowlarr:/config
sonarr:
image: linuxserver/sonarr:latest
container_name: sonarr
labels:
- {{ helpers.traefik_labels('sonarr', port='8989', auth=true) | indent(6) }}
restart: unless-stopped
depends_on:
- qbittorrent
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/arrstack/config/sonarr:/config
- {{ base_volume_path }}/arrstack/downloads:/downloads
- {{ media_volume_path }}/Plex:/media/Plex
radarr:
image: linuxserver/radarr:latest
container_name: radarr
labels:
- {{ helpers.traefik_labels('radarr', port='7878', auth=true) | indent(6) }}
restart: unless-stopped
depends_on:
- qbittorrent
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/arrstack/config/radarr:/config
- {{ base_volume_path }}/arrstack/downloads:/downloads
- {{ media_volume_path }}/Plex:/media/Plex

3
roles/alpina/templates/apps/gitea/.env.db.j2 Normal file
View File

@@ -0,0 +1,3 @@
POSTGRES_USER=gitea
POSTGRES_DB=gitea
POSTGRES_PASSWORD={{ gitea_db_password }}

29
roles/alpina/templates/apps/gitea/.env.gitea.j2 Normal file
View File

@@ -0,0 +1,29 @@
GITEA____APP_NAME=CazGitea
# Database
GITEA__database__DB_TYPE=postgres
GITEA__database__HOST=db:5432
GITEA__database__NAME=gitea
GITEA__database__USER=gitea
GITEA__database__PASSWD={{ gitea_db_password }}
# Server
GITEA__server__ROOT_URL=https://gitea.{{ domain }}/
GITEA__server__DISABLE_SSH=true
# Mail
GITEA__mailer__ENABLED=true
GITEA__mailer__SMTP_ADDR=smtp.sendgrid.net
GITEA__mailer__SMTP_PORT=587
GITEA__mailer__FROM=gitea@cazzzer.com
GITEA__mailer__USER=apikey
GITEA__mailer__PASSWD={{ gitea_sendgrid_api_key }}
# Security
GITEA__security__SECRET_KEY={{ secret_key }}
GITEA__security__INTERNAL_TOKEN={{ internal_token }}
GITEA__oauth2__JWT_SECRET={{ jwt_secret }}
# Indexer
GITEA__indexer__REPO_INDEXER_ENABLED=true

20
roles/gitea/templates/docker-compose.yml.j2 → roles/alpina/templates/apps/gitea/docker-compose.yml.j2
View File

@@ -1,22 +1,16 @@
version: "3.9"
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
default:
{{ helpers.default_network(199) | indent(2) }}
traefik_traefik:
external: true
volumes:
gitea:
postgres:
services:
server:
image: gitea/gitea:1.18
image: gitea/gitea:1.22
container_name: gitea_server
labels:
- traefik.enable=true
- traefik.http.routers.gitea.rule=Host(`gitea.{{ domain }}`)
- traefik.http.services.gitea.loadbalancer.server.port=3000
- {{ helpers.traefik_labels('gitea', port='3000') | indent(6) }}
restart: unless-stopped
env_file:
- .env.gitea
@@ -24,11 +18,11 @@ services:
- default
- traefik_traefik
volumes:
- gitea:/data
- {{ base_volume_path }}/gitea/gitea:/data
depends_on:
- db
db:
image: postgres:14-alpine
image: postgres:16-alpine
container_name: gitea_db
restart: unless-stopped
env_file:
@@ -36,4 +30,4 @@ services:
networks:
- default
volumes:
- postgres:/var/lib/postgresql/data
- {{ base_volume_path }}/gitea/postgres:/var/lib/postgresql/data

1
roles/alpina/templates/apps/jellyfin/.env.jellyfin.j2 Normal file
View File

@@ -0,0 +1 @@
JELLYFIN_PublishedServerUrl=https://jellyfin.{{ domain }}

28
roles/alpina/templates/apps/jellyfin/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,28 @@
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
{{ helpers.default_network(197) | indent(2) }}
traefik_traefik:
external: true
services:
jellyfin:
image: jellyfin/jellyfin:latest
container_name: jellyfin_jellyfin
labels:
- {{ helpers.traefik_labels('jellyfin', port='8096') | indent(6) }}
restart: unless-stopped
env_file:
- .env.jellyfin
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/jellyfin/config:/config
- {{ base_volume_path }}/jellyfin/cache:/cache
- {{ media_volume_path }}/Plex/media:/data/media:ro
- {{ media_volume_path }}/other_videos:/data/other_videos:ro
tmpfs:
- /tmp/transcodes
devices:
- /dev/dri:/dev/dri

2
roles/nextcloud/templates/.env.db.j2 → roles/alpina/templates/apps/nextcloud/.env.db.j2
View File

@@ -1,3 +1,3 @@
POSTGRES_USER=nextcloud
POSTGRES_DB=nextcloud
POSTGRES_PASSWORD="{{ db_password }}"
POSTGRES_PASSWORD={{ nextcloud_db_password }}

1
roles/alpina/templates/apps/nextcloud/.env.j2 Normal file
View File

@@ -0,0 +1 @@
NEXTCLOUD_VERSION=29-apache

24
roles/alpina/templates/apps/nextcloud/.env.nextcloud.j2 Normal file
View File

@@ -0,0 +1,24 @@
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD={{ nextcloud_db_password }}
POSTGRES_HOST=db
NEXTCLOUD_TRUSTED_DOMAINS=nc.{{ domain }}
REDIS_HOST=redis
REDIS_HOST_PASSWORD={{ redis_password }}
SMTP_HOST=smtp.sendgrid.net
SMTP_SECURE=tls
SMTP_PORT=587
SMTP_AUTHTYPE=LOGIN
SMTP_NAME=apikey
SMTP_PASSWORD={{ nextcloud_sendgrid_api_key }}
MAIL_FROM_ADDRESS=nc
MAIL_DOMAIN=cazzzer.com
# host IPv4 and IPv6 addresses, loopback for notify_push
TRUSTED_PROXIES={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} {{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }} 127.0.0.1 ::1
OVERWRITEHOST=nc.{{ domain }}
OVERWRITEPROTOCOL=https
OVERWRITECLIURL=https://nc.{{ domain }}

4
roles/alpina/templates/apps/nextcloud/.env.notify_push Normal file
View File

@@ -0,0 +1,4 @@
DATABASE_URL=postgres://nextcloud:{{ nextcloud_db_password }}@db/nextcloud
DATABASE_PREFIX=oc_
REDIS_URL=redis://:{{ redis_password }}@redis
NEXTCLOUD_URL=http://localhost

1
roles/alpina/templates/apps/nextcloud/.env.redis.j2 Normal file
View File

@@ -0,0 +1 @@
REDIS_PASSWORD={{ redis_password }}

87
roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,87 @@
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
{{ helpers.default_network(198) | indent(2) }}
traefik_traefik:
external: true
services:
app:
image: nextcloud:${NEXTCLOUD_VERSION}
container_name: nextcloud_app
labels:
- {{ helpers.traefik_labels('nc', port='80') | indent(6) }}
restart: unless-stopped
depends_on:
- db
- redis
env_file:
- .env.nextcloud
networks:
- default
volumes:
- {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
- {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
- {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data
cron:
image: nextcloud:${NEXTCLOUD_VERSION}
container_name: nextcloud_cron
restart: unless-stopped
depends_on:
- app
entrypoint: /cron.sh
networks:
- default
volumes:
- {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
- {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
- {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data
notify_push:
image: nextcloud:${NEXTCLOUD_VERSION}
container_name: nextcloud_notify_push
{# TODO: Refactor this and minio -#}
labels:
- traefik.enable=true
- traefik.http.routers.nc-notify.rule=Host(`nc.{{ domain }}`) && PathPrefix(`/push`)
- traefik.http.routers.nc-notify.entrypoints=websecure
- traefik.http.routers.nc-notify.tls=true
- traefik.http.routers.nc-notify.tls.certresolver=letsencrypt
- traefik.http.routers.nc-notify.tls.domains.0.main={{ domain }}
- traefik.http.routers.nc-notify.tls.domains.0.sans=*.{{ domain }}
- traefik.http.services.nc-notify.loadbalancer.server.port=7867
restart: unless-stopped
user: www-data
env_file:
- .env.notify_push
network_mode: service:app
entrypoint:
- /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push
volumes:
- {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
db:
image: postgres:16-alpine
container_name: nextcloud_db
restart: unless-stopped
env_file:
- .env.db
networks:
- default
volumes:
- {{ base_volume_path }}/nextcloud/db:/var/lib/postgresql/data
redis:
image: redis:alpine
container_name: nextcloud_redis
restart: unless-stopped
env_file:
- .env.redis
networks:
- default
command:
- sh
- -c
- redis-server --requirepass $$REDIS_PASSWORD

21
roles/alpina/templates/services/authentik/.env.authentik.j2 Normal file
View File

@@ -0,0 +1,21 @@
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_REDIS__HOST=redis
AUTHENTIK_POSTGRESQL__HOST=postgres
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}
AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
AUTHENTIK_EMAIL__HOST=smtp.sendgrid.net
AUTHENTIK_EMAIL__PORT=587
AUTHENTIK_EMAIL__USERNAME=apikey
AUTHENTIK_EMAIL__PASSWORD={{ authentik_sendgrid_api_key }}
AUTHENTIK_EMAIL__USE_TLS=true
AUTHENTIK_EMAIL__TIMEOUT=10
AUTHENTIK_EMAIL__FROM=auth@cazzzer.com
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL=false
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false

3
roles/alpina/templates/services/authentik/.env.db.j2 Normal file
View File

@@ -0,0 +1,3 @@
POSTGRES_USER=authentik
POSTGRES_DB=authentik
POSTGRES_PASSWORD={{ authentik_db_password }}

50
roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2 Normal file
View File

@@ -0,0 +1,50 @@
version: 1
metadata:
labels:
blueprints.goauthentik.io/instantiate: "true"
name: Alpina - OAuth2 Apps
entries:
{% set apps = {
"Gitea": {
"redirect_uris": "https://gitea."~ domain ~"/user/oauth2/Authentik/callback",
"icon": "https://gitea."~ domain ~"/assets/img/logo.svg",
},
"Nextcloud": {
"redirect_uris": "https://nc."~ domain ~"/apps/sociallogin/custom_oidc/authentik",
"icon": "https://nc."~ domain ~"/apps/theming/favicon",
},
} -%}
{% for app in apps.keys() -%}
- identifiers:
name: {{ app }}
model: authentik_providers_oauth2.oauth2provider
id: {{ app | lower }}
attrs:
access_code_validity: minutes=1
access_token_validity: minutes=5
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
client_type: confidential
issuer_mode: per_provider
sub_mode: hashed_user_id
property_mappings:
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
redirect_uris: {{ apps[app]["redirect_uris"] }}
refresh_token_validity: days=30
signing_key: !Find [authentik_crypto.certificatekeypair, [name, "authentik Self-signed Certificate"]]
- identifiers:
slug: {{ app | lower }}
model: authentik_core.application
id: {{ app | lower }}
attrs:
name: {{ app }}
group: "Apps"
meta_description: "Hello, I'm {{ app }}!"
meta_publisher: Alpina
icon: "{{ apps[app]["icon"] }}"
open_in_new_tab: true
policy_engine_mode: any
provider: !KeyOf {{ app | lower }}
{% endfor %}

115
roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2 Normal file
View File

@@ -0,0 +1,115 @@
version: 1
metadata:
labels:
blueprints.goauthentik.io/instantiate: "true"
name: Alpina - Proxied Apps
entries:
- identifiers:
name: arrstack
model: authentik_core.group
id: arrstack
attrs:
arrstack_username: "arr"
arrstack_password: "{{ arrstack_password }}"
# TODO: Probably refactor this into a jinja macro
{% set apps = {
"uptime-kuma": {
"host": "uptime",
"name": "Uptime Kuma",
"icon": "https://uptime."~ domain ~"/icon.svg",
"unauthenticated_paths": "^/icon.svg$",
"group": "Services",
"create_admin_group": true,
},
"qbit": {
"host": "qbit",
"name": "qBit",
"icon": "https://qbit."~ domain ~"/images/qbittorrent-tray.svg",
"unauthenticated_paths": "^/images/qbittorrent-tray.svg$",
"group": "Arrstack",
"create_admin_group": false,
},
"prowlarr": {
"host": "prowlarr",
"name": "Prowlarr",
"icon": "https://prowlarr."~ domain ~"/Content/Images/logo.svg",
"unauthenticated_paths": "^/Content/Images/logo.svg$",
"group": "Arrstack",
"create_admin_group": false,
},
"sonarr": {
"host": "sonarr",
"name": "Sonarr",
"icon": "https://sonarr."~ domain ~"/Content/Images/logo.svg",
"unauthenticated_paths": "^/Content/Images/logo.svg$",
"group": "Arrstack",
"create_admin_group": false,
},
"radarr": {
"host": "radarr",
"name": "Radarr",
"icon": "https://radarr."~ domain ~"/Content/Images/logo.svg",
"unauthenticated_paths": "^/Content/Images/logo.svg$",
"group": "Arrstack",
"create_admin_group": false,
},
} -%}
{% for app in apps.keys() -%}
- identifiers:
name: {{ apps[app]["name"] }}
model: authentik_providers_proxy.proxyprovider
id: {{ app }}
attrs:
authorization_flow: !Find [authentik_flows.flow, [ slug, default-provider-authorization-implicit-consent ] ]
mode: forward_single
external_host: "https://{{ apps[app]["host"] }}.{{ domain }}/"
skip_path_regex: "{{ apps[app]["unauthenticated_paths"] }}"
- identifiers:
slug: {{ app }}
model: authentik_core.application
attrs:
name: {{ apps[app]["name"] }}
group: {{ apps[app]["group"] }}
meta_description: "Hello, I'm {{ apps[app]["name"] }}!"
meta_publisher: Alpina
icon: "{{ apps[app]["icon"] }}"
open_in_new_tab: true
provider: !KeyOf {{ app }}
{% if apps[app]["create_admin_group"] -%}
- identifiers:
name: "{{ apps[app]["name"] }} Admins"
model: authentik_core.group
id: "{{ app }} Admins"
- identifiers:
group: !KeyOf "{{ app }} Admins"
target: !Find [authentik_core.application, [ slug, {{ app }}] ]
model: authentik_policies.policybinding
attrs:
order: 0
{% endif %}
{% if apps[app]["group"] == "Arrstack" -%}
- identifiers:
group: !KeyOf arrstack
target: !Find [authentik_core.application, [slug, {{ app }}]]
model: authentik_policies.policybinding
attrs:
order: 0
{% endif %}
{% endfor %}
- identifiers:
managed: goauthentik.io/outposts/embedded
name: authentik Embedded Outpost
model: authentik_outposts.outpost
attrs:
providers:
{% for app in apps.keys() -%}
- !KeyOf {{ app }}
{% endfor %}

58
roles/alpina/templates/services/authentik/blueprints/default-authentication.yaml.j2 Normal file
View File

@@ -0,0 +1,58 @@
version: 1
metadata:
labels:
blueprints.goauthentik.io/instantiate: "true"
name: Alpina - Default Authentication Modifications
entries:
# Add a new flow for passwordless WebAuthn authentication
- identifiers:
slug: authentication-passwordless-flow
model: authentik_flows.flow
attrs:
designation: authentication
name: WebAuthn Authentication Flow
title: Sign in with a passkey
# Add a new stage to the flow to validate just WebAuthn devices
- identifiers:
name: webauthn-validation
model: authentik_stages_authenticator_validate.authenticatorvalidatestage
attrs:
device_classes:
- webauthn
not_configured_action: deny
webauthn_user_verification: required
# Stage bindings for passwordless flow,
# 1. Validate WebAuthn key
- identifiers:
order: 10
stage: !Find [authentik_stages_authenticator_validate.authenticatorvalidatestage, [name, webauthn-validation]]
target: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
model: authentik_flows.flowstagebinding
# 2. Finish authenticating user
- identifiers:
order: 100
stage: !Find [authentik_stages_user_login.userloginstage, [name, default-authentication-login]]
target: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
model: authentik_flows.flowstagebinding
# Some modifications to the default identification stage
- identifiers:
name: default-authentication-identification
model: authentik_stages_identification.identificationstage
attrs:
# Allow username and password fields to be on the same page
password_stage: !Find [authentik_stages_password.passwordstage, [name, default-authentication-password]]
# Add a button to use the passwordless WebAuthn flow
passwordless_flow: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
sources:
- !Find [authentik_core.source, [slug, authentik-built-in]]
- !Find [authentik_sources_oauth.oauthsource, [slug, github]]
# Enable compatibility mode for the default authentication flow for better autofill support
- identifiers:
slug: default-authentication-flow
model: authentik_flows.flow
attrs:
compatibility_mode: true

25
roles/alpina/templates/services/authentik/blueprints/github-oauth.yaml.j2 Normal file
View File

@@ -0,0 +1,25 @@
version: 1
metadata:
labels:
blueprints.goauthentik.io/instantiate: "true"
name: Alpina - GitHub OAuth
entries:
- identifiers:
slug: github
model: authentik_sources_oauth.oauthsource
attrs:
name: GitHub
slug: github
access_token_url: https://github.com/login/oauth/access_token
additional_scopes: openid read:org
authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
authorization_url: https://github.com/login/oauth/authorize
consumer_key: {{ github_consumer_key }}
consumer_secret: {{ github_consumer_secret }}
enabled: true
enrollment_flow: !Find [authentik_flows.flow, [slug, default-source-enrollment]]
policy_engine_mode: any
profile_url: https://api.github.com/user
provider_type: github
user_matching_mode: email_link
user_path_template: goauthentik.io/sources/%(slug)s

56
roles/alpina/templates/services/authentik/blueprints/services-oauth2.yaml.j2 Normal file
View File

@@ -0,0 +1,56 @@
version: 1
metadata:
labels:
blueprints.goauthentik.io/instantiate: "true"
name: Alpina - OAuth2 Services
entries:
{% set apps = {
"Grafana": {
"redirect_uris": "https://grafana."~ domain ~"/login/generic_oauth",
"icon": "https://grafana."~ domain ~"/public/img/grafana_icon.svg",
"client_secret": auth_grafana_client_secret,
},
} -%}
# TODO: Add Minio
{% for app in apps.keys() -%}
- identifiers:
name: {{ app }}
model: authentik_providers_oauth2.oauth2provider
id: {{ app | lower }}
attrs:
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
client_type: confidential
client_id: {{ app | lower }}
client_secret: {{ apps[app]["client_secret"] }}
property_mappings:
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
redirect_uris: {{ apps[app]["redirect_uris"] }}
- identifiers:
slug: {{ app | lower }}
model: authentik_core.application
attrs:
name: {{ app }}
group: "Services"
meta_description: "Hello, I'm {{ app }}!"
meta_publisher: Alpina
icon: "{{ apps[app]["icon"] }}"
open_in_new_tab: true
provider: !KeyOf {{ app | lower }}
- identifiers:
name: "{{ app }} Admins"
model: authentik_core.group
id: "{{ app }} Admins"
- identifiers:
group: !KeyOf "{{ app }} Admins"
target: !Find [authentik_core.application, [slug, {{ app | lower }}]]
model: authentik_policies.policybinding
attrs:
order: 0
{% endfor %}

66
roles/alpina/templates/services/authentik/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,66 @@
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
{{ helpers.default_network(253) | indent(2) }}
traefik_traefik:
external: true
services:
server:
image: ghcr.io/goauthentik/server:latest
container_name: authentik_server
labels:
- {{ helpers.traefik_labels('auth', port='9000') | indent(6) }}
- traefik.http.middlewares.authentik.forwardauth.address=http://localhost:9000/outpost.goauthentik.io/auth/traefik
- traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=Authorization,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
restart: unless-stopped
# Port forward is needed because traefik can't resolve the container name from the host network
ports:
- "9000:9000"
command: server
env_file:
- .env.authentik
networks:
- default
- traefik_traefik
worker:
image: ghcr.io/goauthentik/server:latest
container_name: authentik_worker
restart: unless-stopped
command: worker
env_file:
- .env.authentik
volumes:
- ./blueprints:/blueprints/alpina
- {{ base_volume_path }}/authentik/certs:/certs
postgres:
image: postgres:16-alpine
container_name: authentik_postgres
restart: unless-stopped
env_file:
- .env.db
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- {{ base_volume_path }}/authentik/postgres:/var/lib/postgresql/data
redis:
image: redis:alpine
container_name: authentik_redis
restart: unless-stopped
command: --save 60 1 --loglevel warning
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- {{ base_volume_path }}/authentik/redis:/data

15
roles/alpina/templates/services/minio/.env.minio.j2 Normal file
View File

@@ -0,0 +1,15 @@
MINIO_ROOT_USER=minio
MINIO_ROOT_PASSWORD={{ minio_password }}
MINIO_DOMAIN=s3.{{ domain }}
MINIO_SERVER_URL=https://s3.{{ domain }}
MINIO_BROWSER_REDIRECT_URL=https://minio.{{ domain }}
#MINIO_IDENTITY_OPENID_CONFIG_URL=https://auth.{{ domain }}/application/o/minio/.well-known/openid-configuration
#MINIO_IDENTITY_OPENID_CLIENT_ID=
#MINIO_IDENTITY_OPENID_CLIENT_SECRET=
#MINIO_IDENTITY_OPENID_CLAIM_NAME=
#MINIO_IDENTITY_OPENID_CLAIM_PREFIX=
#MINIO_IDENTITY_OPENID_SCOPES=
#MINIO_IDENTITY_OPENID_REDIRECT_URI=
#MINIO_IDENTITY_OPENID_COMMENT=

32
roles/alpina/templates/services/minio/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,32 @@
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
{{ helpers.default_network(252) | indent(2) }}
traefik_traefik:
external: true
services:
minio:
image: minio/minio:latest
container_name: minio
labels:
- {{ helpers.traefik_labels('minio', port='9090') | indent(6) }}
- traefik.http.routers.minio.service=minio
- traefik.http.routers.minio-tls.service=minio
- traefik.http.routers.minio-s3.rule=Host(`s3.{{ domain }}`) || HostRegexp(`^.+[.]s3[.]{{ domain }}`)
- traefik.http.routers.minio-s3.entrypoints=websecure
- traefik.http.routers.minio-s3.tls=true
- traefik.http.routers.minio-s3.tls.certresolver=letsencrypt
- traefik.http.routers.minio-s3.tls.domains.0.main=s3.{{ domain }}
- traefik.http.routers.minio-s3.tls.domains.0.sans=*.s3.{{ domain }}
- traefik.http.routers.minio-s3.service=minio-s3
- traefik.http.services.minio-s3.loadbalancer.server.port=9000
restart: unless-stopped
command: server --console-address ":9090" /data
env_file:
- .env.minio
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/minio/data:/data

7
roles/alpina/templates/services/monitoring/.env.influxdb.j2 Normal file
View File

@@ -0,0 +1,7 @@
DOCKER_INFLUXDB_INIT_MODE=setup
DOCKER_INFLUXDB_INIT_ORG=home
DOCKER_INFLUXDB_INIT_BUCKET=influx
DOCKER_INFLUXDB_INIT_USERNAME=CaZzzer
DOCKER_INFLUXDB_INIT_PASSWORD={{ influxdb_admin_password }}
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ influxdb_admin_token }}
DOCKER_INFLUXDB_INIT_RETENTION=1w

17
roles/alpina/templates/services/monitoring/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
FROM python:3-alpine AS builder
RUN pip install grafanalib
COPY ./grafana_config/dashboards /dashboards
# Required for grafanalib to find the shared python files like common.py
# https://github.com/weaveworks/grafanalib/issues/58
ENV PYTHONPATH=/dashboards
RUN generate-dashboards /dashboards/*.dashboard.py
FROM grafana/grafana:latest
#COPY ./grafana_config /etc/grafana
COPY ./grafana_config/dashboards/*.yaml /etc/grafana/provisioning/dashboards
COPY --from=builder /dashboards/*.json /etc/grafana/provisioning/dashboards

120
roles/alpina/templates/services/monitoring/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,120 @@
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
{{ helpers.default_network(251) | indent(2) }}
traefik_traefik:
external: true
services:
grafana:
{# image: grafana/grafana:latest#}
build:
context: .
dockerfile: Dockerfile
container_name: grafana
labels:
- {{ helpers.traefik_labels('grafana', port='3000') | indent(6) }}
restart: unless-stopped
# Needed to make config files readable (not anymore, TODO: remove)
user: "{{ remote_uid }}"
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/monitoring/grafana:/var/lib/grafana
- ./grafana_config/grafana.ini:/etc/grafana/grafana.ini:ro
- ./grafana_config/datasources:/etc/grafana/provisioning/datasources:ro
{# - ./grafana_config:/etc/grafana:ro#}
loki:
image: grafana/loki:latest
container_name: loki
restart: unless-stopped
# Needed to make config files readable (not anymore, TODO: remove)
user: "{{ remote_uid }}"
command:
- -config.file=/etc/loki/loki-config.yaml
# Port forward is needed because not possible to resolve the container name from the host network
ports:
- 3100:3100
volumes:
- {{ base_volume_path }}/monitoring/loki:/loki
- ./loki_config:/etc/loki:ro
tmpfs:
- /tmp/loki
promtail:
image: grafana/promtail:latest
container_name: promtail
restart: unless-stopped
command:
- -config.file=/etc/promtail/promtail-config.yaml
ports:
- 514:514
volumes:
- ./promtail_config:/etc/promtail:ro
- /var/log:/var/log:ro
tmpfs:
- /tmp
prometheus:
image: prom/prometheus:latest
container_name: prometheus
restart: unless-stopped
# Needed to make config files readable (not anymore, TODO: remove)
user: "{{ remote_uid }}"
command:
- --config.file=/etc/prometheus/prometheus.yml
- --storage.tsdb.retention.time=30d
- --web.external-url=https://prom.{{ domain }}/
volumes:
- ./prometheus_config:/etc/prometheus:ro
- {{ base_volume_path }}/monitoring/prometheus_configs:/etc/prometheus/extra:ro
- {{ base_volume_path }}/monitoring/prometheus:/prometheus
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
restart: unless-stopped
network_mode: host
pid: host
volumes:
- /:/host:ro,rslave
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
restart: unless-stopped
command:
- --docker_only=true
- --store_container_labels=false
- --whitelisted_container_labels=com.docker.compose.project,com.docker.compose.service
- --enable_metrics=cpu,cpuLoad,diskIO,memory,network,oom_event,process
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
influxdb:
image: influxdb:2.7-alpine
container_name: influxdb
labels:
- {{ helpers.traefik_labels('influxdb', port='8086') | indent(6) }}
restart: unless-stopped
env_file:
- .env.influxdb
networks:
- default
- traefik_traefik
volumes:
- {{ base_volume_path }}/monitoring/influxdb:/var/lib/influxdb2
uptime-kuma:
image: louislam/uptime-kuma:1
container_name: uptime-kuma
labels:
- {{ helpers.traefik_labels('uptime', port='3001', auth=true) | indent(6) }}
restart: unless-stopped
volumes:
- {{ base_volume_path }}/monitoring/uptime-kuma:/app/data

9
roles/alpina/templates/services/monitoring/grafana_config/dashboards/alpina.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: 1
providers:
- name: "Grafana"
org_id: 1
folder: "Alpina"
type: "file"
options:
path: "/etc/grafana/provisioning/dashboards"

27
roles/alpina/templates/services/monitoring/grafana_config/dashboards/common.py Normal file
View File

@@ -0,0 +1,27 @@
from grafanalib.core import Template
# TODO: consider default params for common params like line width, show points, tooltip
PrometheusTemplate = Template(
name='datasource',
type='datasource',
label='Prometheus',
query='prometheus',
)
# TODO: this slightly less (clown emoji), normal Target gave me errors in grafana
class LokiTarget(object):
def __init__(self, loki_datasource, expr, legendFormat, refId):
self.loki_datasource = loki_datasource
self.expr = expr
self.legendFormat = legendFormat
self.refId = refId
def to_json_data(self):
return {
'datasource': self.loki_datasource,
'expr': self.expr,
'legendFormat': self.legendFormat,
'refId': self.refId,
'queryType': 'range',
}

129
roles/alpina/templates/services/monitoring/grafana_config/dashboards/containers.dashboard.py Normal file
View File

@@ -0,0 +1,129 @@
from grafanalib.core import (
Dashboard, TimeSeries,
Target, GridPos,
Templating, Template, REFRESH_ON_TIME_RANGE_CHANGE, Logs
)
from grafanalib.formatunits import BYTES_IEC, SECONDS, BYTES_SEC_IEC
from common import LokiTarget, PrometheusTemplate
prom_datasource='${datasource}'
loki_datasource='loki'
dashboard = Dashboard(
title='Containers',
uid='containers',
description='Data for compose projects from default Prometheus datasource collected by Cadvisor',
tags=[
'linux',
'docker',
],
templating=Templating(list=[
PrometheusTemplate,
Template(
name='compose_project',
label='Compose Project',
dataSource=prom_datasource,
query='label_values({__name__=~"container.*"}, container_label_com_docker_compose_project)',
includeAll=True,
multi=True,
refresh=REFRESH_ON_TIME_RANGE_CHANGE,
),
Template(
name='container_name',
label='Container',
dataSource=prom_datasource,
query='label_values({__name__=~"container.*", container_label_com_docker_compose_project=~"$compose_project"}, name)',
includeAll=True,
multi=True,
refresh=REFRESH_ON_TIME_RANGE_CHANGE,
),
Template(
name='logs_query',
label='Log Search',
query='',
type='textbox',
),
]),
timezone='browser',
panels=[
TimeSeries(
title='Container Memory Usage',
unit=BYTES_IEC,
gridPos=GridPos(h=8, w=12, x=0, y=0),
lineWidth=2,
fillOpacity=10,
showPoints='never',
stacking={'mode': 'normal'},
tooltipMode='all',
tooltipSort='desc',
targets=[
Target(
datasource=prom_datasource,
expr='max by (name) (container_memory_usage_bytes{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"})',
legendFormat='{{ name }}',
refId='A',
),
],
),
TimeSeries(
title='Container CPU Usage',
unit=SECONDS,
gridPos=GridPos(h=8, w=12, x=12, y=0),
lineWidth=2,
fillOpacity=10,
showPoints='never',
tooltipMode='all',
tooltipSort='desc',
targets=[
Target(
datasource=prom_datasource,
expr='max by (name) (rate(container_cpu_usage_seconds_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
legendFormat='{{ name }}',
refId='A',
),
],
),
TimeSeries(
title='Container Network Traffic',
unit=BYTES_SEC_IEC,
gridPos=GridPos(h=8, w=12, x=0, y=8),
lineWidth=2,
fillOpacity=10,
showPoints='never',
tooltipMode='all',
tooltipSort='desc',
targets=[
Target(
datasource=prom_datasource,
expr='max by (name) (rate(container_network_receive_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
legendFormat="rx {{ name }}",
refId='A',
),
Target(
datasource=prom_datasource,
expr='-max by (name) (rate(container_network_transmit_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
legendFormat="tx {{ name }}",
refId='B',
),
],
),
Logs(
title='',
gridPos=GridPos(h=8, w=12, x=12, y=8),
showLabels=True,
showCommonLabels=True,
wrapLogMessages=True,
prettifyLogMessage=True,
dedupStrategy='numbers',
targets=[
LokiTarget(
loki_datasource=loki_datasource,
expr='{compose_project=~"$compose_project", container_name=~"$container_name"} |= `$logs_query`',
legendFormat='{{ container_name }}',
refId='A',
),
],
),
],
).auto_panel_ids()

51
roles/alpina/templates/services/monitoring/grafana_config/dashboards/example.dashboard.py Normal file
View File

@@ -0,0 +1,51 @@
from grafanalib.core import (
Dashboard, TimeSeries, GaugePanel,
Target, GridPos,
OPS_FORMAT
)
dashboard = Dashboard(
title="Python generated example dashboard",
description="Example dashboard using the Random Walk and default Prometheus datasource",
tags=[
'example'
],
timezone="browser",
panels=[
TimeSeries(
title="Random Walk",
dataSource='default',
targets=[
Target(
datasource='grafana',
expr='example',
),
],
gridPos=GridPos(h=8, w=16, x=0, y=0),
),
GaugePanel(
title="Random Walk",
dataSource='default',
targets=[
Target(
datasource='grafana',
expr='example',
),
],
gridPos=GridPos(h=4, w=4, x=17, y=0),
),
TimeSeries(
title="Prometheus http requests",
dataSource='prometheus',
targets=[
Target(
expr='rate(prometheus_http_requests_total[5m])',
legendFormat="{{ handler }}",
refId='A',
),
],
unit=OPS_FORMAT,
gridPos=GridPos(h=8, w=16, x=0, y=10),
),
],
).auto_panel_ids()

139
roles/alpina/templates/services/monitoring/grafana_config/dashboards/node.dashboard.py Normal file
View File

@@ -0,0 +1,139 @@
from grafanalib.core import Dashboard, Templating, Template, TimeSeries, PERCENT_UNIT_FORMAT, GridPos, Target
from grafanalib.formatunits import BYTES_IEC
from common import PrometheusTemplate
from node_consts import CPU_BASIC_COLORS, MEMORY_BASIC_COLORS
dashboard = Dashboard(
title='Node Exporter',
uid='node',
description='Node Exporter (not quite full)',
tags=[
'linux',
],
timezone='browser',
templating=Templating(list=[
# Datasource
PrometheusTemplate,
# Job
Template(
name='job',
label='Job',
dataSource='${datasource}',
query='label_values(node_uname_info, job)',
),
# Instance
Template(
name='instance',
label='Instance',
dataSource='${datasource}',
query='label_values(node_uname_info{job="$job"}, instance)',
),
]),
panels=[
# CPU Basic
TimeSeries(
title='CPU Basic',
description='Basic CPU usage info',
unit=PERCENT_UNIT_FORMAT,
gridPos=GridPos(h=8, w=12, x=0, y=0),
lineWidth=1,
fillOpacity=30,
showPoints='never',
stacking={'mode': 'percent', 'group': 'A'},
tooltipMode='all',
tooltipSort='desc',
targets=[
Target(
datasource='${datasource}',
expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="system"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
legendFormat='Busy System',
refId='A',
),
Target(
datasource='${datasource}',
expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="user"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
legendFormat='Busy User',
refId='B',
),
Target(
datasource='${datasource}',
expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="iowait"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
legendFormat='Busy Iowait',
refId='C',
),
Target(
datasource='${datasource}',
expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode=~".*irq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
legendFormat='Busy IRQs',
refId='D',
),
Target(
datasource='${datasource}',
expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode!="idle",mode!="user",mode!="system",mode!="iowait",mode!="irq",mode!="softirq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
legendFormat='Busy Other',
refId='E',
),
Target(
datasource='${datasource}',
expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="idle"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
legendFormat='Idle',
refId='F',
),
],
# Extra JSON for the colors
extraJson=CPU_BASIC_COLORS,
),
# Memory Basic
TimeSeries(
title='Memory Basic',
description='Basic memory usage',
unit=BYTES_IEC,
gridPos=GridPos(h=8, w=12, x=12, y=0),
lineWidth=1,
fillOpacity=30,
showPoints='never',
stacking={'mode': 'normal', 'group': 'A'},
tooltipMode='all',
tooltipSort='desc',
targets=[
Target(
datasource='${datasource}',
expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"}',
format='time_series',
legendFormat='RAM Total',
refId='A',
),
Target(
datasource='${datasource}',
expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"} - node_memory_MemFree_bytes{instance="$instance",job="$job"} - (node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"})',
format='time_series',
legendFormat='RAM Used',
refId='B',
),
Target(
datasource='${datasource}',
expr='node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"}',
legendFormat='RAM Cache + Buffer',
refId='C',
),
Target(
datasource='${datasource}',
expr='node_memory_MemFree_bytes{instance="$instance",job="$job"}',
legendFormat='RAM Free',
refId='D',
),
Target(
datasource='${datasource}',
expr='(node_memory_SwapTotal_bytes{instance="$instance",job="$job"} - node_memory_SwapFree_bytes{instance="$instance",job="$job"})',
legendFormat='SWAP Used',
refId='E',
),
],
# Extra JSON for the colors
extraJson=MEMORY_BASIC_COLORS,
),
# TODO: Network Basic
# TODO: Disk Basic
],
).auto_panel_ids()

487
roles/alpina/templates/services/monitoring/grafana_config/dashboards/node_consts.py Normal file
View File

@@ -0,0 +1,487 @@
# TODO: Question life decisions (I'm not sure if this is good)
CPU_BASIC_COLORS = {
"fieldConfig": {
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Busy Iowait"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#890F02",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Idle"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#052B51",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Busy Iowait"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#890F02",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Idle"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#7EB26D",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Busy System"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#EAB839",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Busy User"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#0A437C",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Busy Other"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#6D1F62",
"mode": "fixed"
}
}
]
}
]
},
}
MEMORY_BASIC_COLORS = {
"fieldConfig": {
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Apps"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#629E51",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Buffers"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#614D93",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Cache"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#6D1F62",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Cached"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#511749",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Committed"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#508642",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Free"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#0A437C",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#CFFAFF",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Inactive"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#584477",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "PageTables"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#0A50A1",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Page_Tables"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#0A50A1",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "RAM_Free"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#E0F9D7",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "SWAP Used"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#BF1B00",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Slab"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#806EB7",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Slab_Cache"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#E0752D",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Swap"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#BF1B00",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Swap Used"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#BF1B00",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Swap_Cache"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#C15C17",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Swap_Free"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#2F575E",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Unused"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#EAB839",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "RAM Total"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#E0F9D7",
"mode": "fixed"
}
},
{
"id": "custom.fillOpacity",
"value": 0
},
{
"id": "custom.stacking",
"value": {
"group": False,
"mode": "normal"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "RAM Cache + Buffer"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#052B51",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "RAM Free"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#7EB26D",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Available"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#DEDAF7",
"mode": "fixed"
}
},
{
"id": "custom.fillOpacity",
"value": 0
},
{
"id": "custom.stacking",
"value": {
"group": False,
"mode": "normal"
}
}
]
}
]
}
}

29
roles/alpina/templates/services/monitoring/grafana_config/datasources/alpina.yaml.j2 Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
uid: loki
url: http://loki:3100
editable: false
- name: Prometheus
type: prometheus
access: proxy
uid: prometheus
url: http://prometheus:9090
editable: false
- name: InfluxDB
type: influxdb
access: proxy
uid: influxdb
url: http://influxdb:8086
jsonData:
version: Flux
organization: home
defaultBucket: influx
secureJsonData:
token: {{ influxdb_admin_token }}
editable: false

34
roles/alpina/templates/services/monitoring/grafana_config/grafana.ini.j2 Normal file
View File

@@ -0,0 +1,34 @@
[server]
domain = grafana.{{ domain }}
root_url = https://%(domain)s/
;[security]
;admin_user =
;admin_email =
;admin_password =
; https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/
[auth]
disable_login_form = true
signout_redirect_url = https://auth.{{ domain }}/application/o/grafana/end-session/
[auth.generic_oauth]
name = Authentik
enabled = true
allow_sign_up = true
client_id = grafana
client_secret = {{ auth_grafana_client_secret }}
scopes = openid profile email
auth_url = https://auth.{{ domain }}/application/o/authorize/
token_url = https://auth.{{ domain }}/application/o/token/
api_url = https://auth.{{ domain }}/application/o/userinfo/
email_attribute_path = email
login_attribute_path = preferred_username
name_attribute_path = name
# Optionally map user groups to Grafana roles
allow_assign_grafana_admin = true
role_attribute_path = contains(groups[*], 'Grafana Admins') && 'GrafanaAdmin' || 'Viewer'

30
roles/alpina/templates/services/monitoring/loki_config/loki-config.yaml.j2 Normal file
View File

@@ -0,0 +1,30 @@
auth_enabled: false
server:
http_listen_port: 3100
common:
path_prefix: /loki
# TODO: Consider setting up S3 for storage
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
schema_config:
configs:
- from: 2024-10-18
index:
period: 24h
prefix: index_
object_store: filesystem
schema: v13
store: tsdb
# TODO: Figure this out
# ruler:
# alertmanager_url: http://localhost:9093

0
roles/traefik/templates/.env.traefik.j2 → roles/alpina/templates/services/monitoring/prometheus_config/extra/.gitkeep
View File

46
roles/alpina/templates/services/monitoring/prometheus_config/prometheus.yml.j2 Normal file
View File

@@ -0,0 +1,46 @@
global:
scrape_interval: 15s
evaluation_interval: 15s
external_labels:
monitor: "{{ ansible_host }}"
scrape_configs:
- job_name: "prometheus"
static_configs:
- targets: ["localhost:9090"]
- job_name: "node"
static_configs:
- targets: ["{{ ansible_host }}:9100"]
- job_name: "cadvisor"
static_configs:
- targets: ["cadvisor:8080"]
- job_name: "traefik"
static_configs:
- targets: ["{{ ansible_host }}:8082"]
- job_name: "loki"
static_configs:
- targets: ["loki:3100"]
- job_name: "promtail"
static_configs:
- targets: ["promtail:9080"]
- job_name: 'demo'
static_configs:
- targets:
- 'demo.promlabs.com:10000'
- 'demo.promlabs.com:10001'
- 'demo.promlabs.com:10002'
rule_files:
- "/etc/prometheus/extra/rules/*.yml"
- "/etc/prometheus/extra/rules/*.json"
scrape_config_files:
- "/etc/prometheus/extra/scrape_configs/*.yml"
- "/etc/prometheus/extra/scrape_configs/*.json"

48
roles/alpina/templates/services/monitoring/promtail_config/promtail-config.yaml Normal file
View File

@@ -0,0 +1,48 @@
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
# local machine logs
- job_name: local
static_configs:
- targets:
- localhost
labels:
job: varlogs
__path__: /var/log/*log
# syslog target
- job_name: syslog
syslog:
listen_address: "0.0.0.0:514" # make sure you also expose this port on the container
idle_timeout: 60s
label_structured_data: yes
labels:
job: "syslog"
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'host'
- source_labels: ['__syslog_message_facility']
target_label: 'facility'
- source_labels: ['__syslog_message_severity']
target_label: 'severity'
- source_labels: ['__syslog_message_app_name']
target_label: 'app_name'
## docker logs
#- job_name: docker
# pipeline_stages:
# - docker: {}
# static_configs:
# - labels:
# job: docker
# __path__: /var/lib/docker/containers/*/*-json.log

1
roles/alpina/templates/services/traefik/.env.traefik.j2 Normal file
View File

@@ -0,0 +1 @@
CF_DNS_API_TOKEN={{ cloudflare_api_token }}

36
roles/alpina/templates/services/traefik/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,36 @@
{% import 'contrib/compose_helpers.j2' as helpers with context %}
networks:
traefik:
internal: true
enable_ipv6: true
ipam:
config:
# TODO: Consider removing traefik network, it shouldn't be needed with host networking
- subnet: {{ traefik_subnet }}/24
- subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, 255) }}
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
env_file:
- .env.traefik
network_mode: host
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- ./rules:/rules:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- {{ base_volume_path }}/traefik/rules:/rules/extra:ro
- {{ base_volume_path }}/traefik/logs:/logs
- {{ base_volume_path }}/traefik/acme:/acme
# This is mostly just so that the traefik network gets created
whoami:
image: containous/whoami
container_name: whoami
labels:
- {{ helpers.traefik_labels('whoami', port=80) | indent(6) }}
networks:
- traefik

25
roles/alpina/templates/services/traefik/rules/traefik-dash.yml.j2 Normal file
View File

@@ -0,0 +1,25 @@
http:
routers:
traefik-dash:
rule: "Host(`traefik.{{ domain }}`)"
entryPoints:
- web
service: traefik-dash
traefik-dash-tls:
rule: "Host(`traefik.{{ domain }}`)"
entryPoints:
- websecure
service: traefik-dash
tls:
certResolver: letsencrypt
domains:
- main: "{{ domain }}"
sans:
- "*.{{ domain }}"
services:
traefik-dash:
loadBalancer:
servers:
- url: "http://localhost:8080"

45
roles/alpina/templates/services/traefik/traefik.yml.j2 Normal file
View File

@@ -0,0 +1,45 @@
api:
insecure: true
log:
filePath: /logs/traefik.log
level: INFO
accessLog:
filePath: /logs/access.log
bufferingSize: 100
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
http3:
advertisedPort: 443
metrics:
address: ":8082"
metrics:
prometheus:
entryPoint: metrics
certificatesResolvers:
letsencrypt:
acme:
email: {{ acme_email }}
storage: "/acme/acme.json"
keyType: "EC384"
dnsChallenge:
provider: "cloudflare"
delayBeforeCheck: 10
resolvers:
- 1.1.1.1
- 8.8.8.8
- 9.9.9.9
providers:
docker:
exposedByDefault: false
network: traefik_traefik
file:
directory: /rules
watch: true

97
roles/common/tasks/main.yml
View File

@@ -1,49 +1,70 @@
- name: Upgrade alpine packages
community.general.apk:
upgrade: yes
update_cache: yes
register: apk_upgrades
- name: Install alpine packages
community.general.apk:
- name: Install Debian packages
become: yes
ansible.builtin.apt:
name:
- qemu-guest-agent
- dhcpcd
- python3
- fish
- docker
- docker-compose
- docker-fish-completion
- docker-compose-fish-completion
- zfs
- zfs-utils-py
- docker-ce
- docker-compose-plugin
- firewalld
state: latest
- name: Upgrade Debian packages
become: yes
ansible.builtin.apt:
upgrade: dist
update_cache: yes
register: apk_installs
cache_valid_time: 3600
autoremove: yes
state: latest
register: apt_upgrades
- name: Enable qemu-guest-agent service
- name: Ensure firewalld is running
become: yes
service:
name: qemu-guest-agent
runlevel: boot
name: firewalld
state: started
enabled: yes
- name: Enable zfs-import service
service:
name: zfs-import
runlevel: sysinit
enabled: yes
- name: Allow SSH
become: yes
firewalld:
service: ssh
permanent: yes
state: enabled
immediate: yes
- name: Enable zfs-mount service
service:
name: zfs-mount
runlevel: sysinit
enabled: yes
- name: Allow Web
become: yes
firewalld:
service: http
permanent: yes
state: disabled
immediate: yes
- name: Enable docker service
service:
name: docker
enabled: yes
- name: Allow Web Secure
become: yes
firewalld:
service: https
permanent: yes
state: enabled
immediate: yes
- name: Allow 443 udp for http3
become: yes
firewalld:
port: 443/udp
permanent: yes
state: enabled
immediate: yes
- name: Allow 514 tcp for syslog
become: yes
firewalld:
port: 514/tcp
permanent: yes
state: enabled
immediate: yes
- name: Reboot if needed
reboot:
when: apk_upgrades.changed or apk_installs.changed
become: yes
ansible.builtin.reboot:
when: apt_upgrades.changed

73
roles/docker_host/tasks/main.yml
View File

@@ -1,5 +1,70 @@
- name: Create my service directory
- name: Get IPv6 subnet for Docker
set_fact:
docker_ipv6_subnet: "{{ \
ansible_default_ipv6.address \
| ansible.utils.ipsubnet(64) \
| ansible.utils.ipsubnet(72, docker_ipv6_index) \
}}"
- debug:
var: docker_ipv6_subnet
- name: Configure Docker daemon
become: yes
template:
src: "daemon.json.j2"
dest: "/etc/docker/daemon.json"
owner: root
group: root
mode: "0644"
register: docker_daemon_config
- name: Install Docker loki plugin for logs
community.docker.docker_plugin:
plugin_name: grafana/loki-docker-driver:latest
alias: loki
state: enable
- name: Remove docker0 from firewalld trusted zone
become: yes
firewalld:
zone: trusted
interface: docker0
permanent: yes
immediate: yes
state: disabled
register: docker0_firewalld
- name: Get list of running Docker containers
docker_host_info:
containers: yes
register: docker_container_list
when: clean_desired is true
- name: Stop all running Docker containers
docker_container:
name: "{{ item }}"
state: stopped
loop: "{{ docker_container_list.containers | map(attribute='Id') | list }}"
async: 300
poll: 0
when: clean_desired is true and docker_container_list.containers | length > 0
- name: Prune all Docker containers and networks
docker_prune:
containers: yes
networks: yes
when: clean_desired is true
- name: Clean alpina directory
file:
state: directory
path: "{{ my_svc_path }}"
mode: "700"
path: "{{ alpina_svc_path }}"
state: absent
when: clean_desired is true
- name: Restart Docker daemon
become: yes
service:
name: docker
state: restarted
when: docker_daemon_config.changed or docker0_firewalld.changed

10
roles/docker_host/templates/daemon.json.j2 Normal file
View File

@@ -0,0 +1,10 @@
{
"ipv6": true,
"fixed-cidr-v6": "{{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, 0) }}",
"log-driver": "loki",
"log-opts": {
"loki-url": "http://localhost:3100/loki/api/v1/push",
"loki-batch-size": "400",
"loki-retries": "5"
}
}

2
roles/gitea/tasks/main.yml
View File

@@ -1,2 +0,0 @@
- name: "Docker compose steps for {{ current_svc_name }}"
import_tasks: "{{ playbook_dir }}/contrib/docker_compose_template_task_list.yml"

3
roles/gitea/templates/.env.db.j2
View File

@@ -1,3 +0,0 @@
POSTGRES_USER=gitea
POSTGRES_DB=gitea
POSTGRES_PASSWORD="{{ db_password }}"

28
roles/gitea/templates/.env.gitea.j2
View File

@@ -1,28 +0,0 @@
GITEA____APP_NAME=CazGitea
# Database
GITEA__database__DB_TYPE=postgres
GITEA__database__HOST=db:5432
GITEA__database__NAME="{{ db_user }}"
GITEA__database__USER="{{ db_name }}"
GITEA__database__PASSWD="{{ db_password }}"
# Server
GITEA__server__ROOT_URL=https://gitea.{{ domain }}/
GITEA__server__DISABLE_SSH=true
# Mail
GITEA__mailer__ENABLED=true
GITEA__mailer__HOST=smtp.sendgrid.net:587
GITEA__mailer__FROM=gitea@cazzzer.com
GITEA__mailer__USER=apikey
GITEA__mailer__PASSWD="{{ sendgrid_api_key }}"
# Security
GITEA__security__SECRET_KEY="{{ secret_key }}"
GITEA__security__INTERNAL_TOKEN="{{ internal_token }}"
GITEA__oauth2__JWT_SECRET="{{ jwt_secret }}"
# Indexer
GITEA__indexer__REPO_INDEXER_ENABLED=true

27
roles/gitea/vars/app_config.yml
View File

@@ -1,27 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;alpina
35303032386566343430633238343936366234333434343763666231666232633539303232383534
3035346233346162373939333531613535353232626531640a646537616163353736653161326265
31336530316335623335353661373834613264326436303933326135396166346562343136353931
6439383039346465300a366266393130356630316630333336616565366562613038393239623738
65626664643630353236333932373337333363626337386163613464306638633964663264363964
30373661393531306662323134626664656233323762393037356434353066343830333033316365
65616636613437663737306263373066306361376630616331663031346434336663393862316464
62343339663461353934323063653566303932656264363562333136353665336263646230323832
35376666303531383961646234663230663634393135326664386665633538616233613866373965
64363361313232316336376631646662376565353536316438306361306261663532386564616566
61663534393035343233326562303863646165346538393761326335376165623964396130393831
64333665313461666335383134613831376138393061343238643661366439636534626265323865
35393035336632653038623438626366373733626331633866373935616531623664303063376562
31356332346164663364636235333461383437623161343338643839323765336237633266633864
64363234646533616439313638363865373364623637636537623666383664656630333533303233
64383734366666633832393230663739333435666138636462336332373061346239306136336263
39643666303863303035313738343664636536663939616335303834333834363739303938646665
66303637633239373461393434313036316563313132356432633337666537616363373830313034
61313538633663653230643262613333306361666131663036643162343966313365653566393235
36623832663034373734653664613038363137366437326565373761663963636336393536386435
30393831326134376639366661653439616138643438646363343632346131306532663439396534
32383661306539306635336262383563376561303862396532633362666266313562623336383235
36366565633734633639653239306331333237353233326563653930653739316230666362323931
39663931376562653530323434656436353166393836643238643632396430353034333034333665
62323338373839383132323537353431636537616366393965643463316164323034316536383961
6164333537633631646663333463306236613038326339643439

5
roles/gitea/vars/main.yml
View File

@@ -1,5 +0,0 @@
---
current_svc_name: gitea
current_svc_path: "{{ my_svc_path }}/{{ current_svc_name }}"
templates_source: "{{ role_path }}/templates"

2
roles/jackett/tasks/main.yml
View File

@@ -1,2 +0,0 @@
- name: "Docker compose steps for {{ current_svc_name }}"
import_tasks: "{{ playbook_dir }}/contrib/docker_compose_template_task_list.yml"

26
roles/jackett/templates/docker-compose.yml.j2
View File

@@ -1,26 +0,0 @@
version: "3.9"
networks:
default:
traefik_traefik:
external: true
volumes:
config:
torrent_blackhole:
services:
jackett:
image: linuxserver/jackett:latest
container_name: jackett
labels:
- traefik.enable=true
- traefik.http.routers.jackett.rule=Host(`jackett.{{ domain }}`)
- traefik.http.services.jackett.loadbalancer.server.port=9117
restart: unless-stopped
networks:
- default
- traefik_traefik
volumes:
- config:/config
- torrent_blackhole:/downloads

5
roles/jackett/vars/main.yml
View File

@@ -1,5 +0,0 @@
---
current_svc_name: jackett
current_svc_path: "{{ my_svc_path }}/{{ current_svc_name }}"
templates_source: "{{ role_path }}/templates"

2
roles/jellyfin/tasks/main.yml
View File

@@ -1,2 +0,0 @@
- name: "Docker compose steps for {{ current_svc_name }}"
import_tasks: "{{ playbook_dir }}/contrib/docker_compose_template_task_list.yml"

1
roles/jellyfin/templates/.env.jellyfin.j2
View File

@@ -1 +0,0 @@
JELLYFIN_PublishedServerUrl="https://jellyfin.{{ domain }}"

46
roles/jellyfin/templates/docker-compose.yml.j2
View File

@@ -1,46 +0,0 @@
version: "3.9"
networks:
default:
traefik_traefik:
external: true
volumes:
config:
cache:
media:
driver: local
driver_opts:
type: nfs
o: "addr=truenas.lab.home,nfsvers=4,ro,noatime"
device: ":/mnt/Mass-Storage-New/JailStorage/Plex/media"
other_videos:
driver: local
driver_opts:
type: nfs
o: "addr=truenas.lab.home,nfsvers=4,ro,noatime"
device: ":/mnt/Mass-Storage-New/syncThingData/Videos"
services:
jellyfin:
image: jellyfin/jellyfin:10.8.6
container_name: jellyfin_jellyfin
labels:
- traefik.enable=true
- traefik.http.routers.jellyfin.rule=Host(`jellyfin.{{ domain }}`)
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
restart: unless-stopped
env_file:
- .env.jellyfin
networks:
- default
- traefik_traefik
volumes:
- config:/config
- cache:/cache
- media:/data/media
- other_videos:/data/other_videos
tmpfs:
- /tmp/transcodes
devices:
- /dev/dri:/dev/dri

6
roles/jellyfin/vars/app_config.yml
View File

@@ -1,6 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;alpina
61626665353536663033663661393434616339396434383530306265363837313839303939623465
3634333839333530383464613966326238363738663637360a343837623832343232316565346131
66663831356162653363383131396665326531363430656539333866313031306537343864343262
3730643765633232620a643734623336646565663266656262343162613239306166386665333139
6366

5
roles/jellyfin/vars/main.yml
View File

@@ -1,5 +0,0 @@
---
current_svc_name: jellyfin
current_svc_path: "{{ my_svc_path }}/{{ current_svc_name }}"
templates_source: "{{ role_path }}/templates"

2
roles/nextcloud/tasks/main.yml
View File

@@ -1,2 +0,0 @@
- name: "Docker compose steps for {{ current_svc_name }}"
import_tasks: "{{ playbook_dir }}/contrib/docker_compose_template_task_list.yml"

1
roles/nextcloud/templates/.env.j2
View File

@@ -1 +0,0 @@
NEXTCLOUD_VERSION=25-fpm-alpine

18
roles/nextcloud/templates/.env.nextcloud.j2
View File

@@ -1,18 +0,0 @@
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD="{{ db_password }}"
POSTGRES_HOST=db
NEXTCLOUD_TRUSTED_DOMAINS="nc.{{ domain }}"
REDIS_HOST=redis
REDIS_HOST_PASSWORD="{{ redis_password }}"
SMTP_HOST=smtp.sendgrid.net
SMTP_SECURE=tls
SMTP_PORT=587
SMTP_AUTHTYPE=LOGIN
SMTP_NAME=apikey
SMTP_PASSWORD="{{ sendgrid_api_key }}"
MAIL_FROM_ADDRESS=nc
MAIL_DOMAIN=cazzzer.com

1
roles/nextcloud/templates/.env.redis.j2
View File

@@ -1 +0,0 @@
REDIS_PASSWORD="{{ redis_password }}"

96
roles/nextcloud/templates/docker-compose.yml.j2
View File

@@ -1,96 +0,0 @@
version: "3.9"
networks:
default:
traefik_traefik:
external: true
volumes:
nextcloud:
nextcloud_config:
nextcloud_data:
db:
services:
app:
image: nextcloud:${NEXTCLOUD_VERSION}
container_name: nextcloud_app
restart: unless-stopped
depends_on:
- db
- redis
env_file:
- .env.nextcloud
networks:
- default
volumes:
- nextcloud:/var/www/html
- nextcloud_config:/var/www/html/config
- nextcloud_data:/var/www/html/data
cron:
image: nextcloud:${NEXTCLOUD_VERSION}
container_name: nextcloud_cron
restart: unless-stopped
depends_on:
- app
entrypoint: /cron.sh
networks:
- default
volumes_from:
- app
notify_push:
image: nextcloud:${NEXTCLOUD_VERSION}
container_name: nextcloud_notify_push
restart: unless-stopped
depends_on:
- app
entrypoint:
- /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push
- /var/www/html/config/config.php
networks:
- default
volumes_from:
- app
db:
image: postgres:13-alpine
container_name: nextcloud_db
restart: unless-stopped
env_file:
- .env.db
networks:
- default
volumes:
- db:/var/lib/postgresql/data
redis:
image: redis:7-alpine
container_name: nextcloud_redis
restart: unless-stopped
env_file:
- .env.redis
networks:
- default
command:
- sh
- -c
- redis-server --requirepass $$REDIS_PASSWORD
web:
image: nginx:1.23-alpine
container_name: nextcloud_web
labels:
- traefik.enable=true
- traefik.http.routers.nextcloud.rule=Host(`nc.{{ domain }}`)
restart: unless-stopped
links:
- app
networks:
- traefik_traefik
- default
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
volumes_from:
- app

182
roles/nextcloud/templates/nginx.conf.j2
View File

@@ -1,182 +0,0 @@
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
location ^~ /push/ {
proxy_pass http://notify_push:7867/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}

14
roles/nextcloud/vars/app_config.yml
View File

@@ -1,14 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;alpina
65313636646233613364363933616361346639653939346337303832646339316632383966666237
3766396134383434613534373937663162393134306536300a626139373732393037346630333838
63663439353238643532316231623866396434303034313130386635623363353263626362376334
3933346434633662320a386432373465646432343338666561366161646335636232353133393933
65313364666564353039626238383033343765323730316633356139326666623135326131353864
32386237643538636538356261393164633137636235346564393930346539623731386633336339
31303466653936343166366164383134306232613236663735623834393963306331376435616365
31313866383730393063353335626164303632636331303830636530656131636139376633623439
63663639323964623231343066373538633336353561646230363363643762393634643435306164
31366364326237636365336363343264343562353337303235633034383635373934376334353336
61373065386639643064303431623162373665363937353832313561386134613834613935653964
64656339316165313936333736643030356366663162316462636662326134396539356262666536
64336133393937396330353234316563356337623733326264363333373536633833

6
roles/nextcloud/vars/main.yml
View File

@@ -1,6 +0,0 @@
---
# vars file for roles/nextcloud/
current_svc_name: nextcloud
current_svc_path: "{{ my_svc_path }}/{{ current_svc_name }}"
templates_source: "{{ role_path }}/templates"

2
roles/traefik/tasks/main.yml
View File

@@ -1,2 +0,0 @@
- name: "Docker compose steps for {{ current_svc_name }}"
import_tasks: "{{ playbook_dir }}/contrib/docker_compose_template_task_list.yml"

25
roles/traefik/templates/docker-compose.yml.j2
View File

@@ -1,25 +0,0 @@
version: "3.9"
networks:
traefik:
volumes:
logs:
services:
traefik:
image: traefik:v2.9
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "8080:8080"
env_file:
- .env.traefik
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- logs:/logs
- {{ current_svc_path }}/rules:/rules:ro

25
roles/traefik/templates/rules/app-sonarr.yml.j2
View File

@@ -1,25 +0,0 @@
http:
routers:
sonarr:
rule: "Host(`sonarr.{{ domain }}`)"
service: sonarr
radarr:
rule: "Host(`radarr.{{ domain }}`)"
service: radarr
serversTransports:
sonarrTransport:
insecureSkipVerify: true
forwardingTimeouts:
dialTimeout: "180s"
services:
sonarr:
loadBalancer:
servers:
- url: "http://sonarr.lab.home:8989"
serversTransport: "sonarrTransport"
radarr:
loadBalancer:
servers:
- url: "http://radarr.lab.home:7878"
serversTransport: "sonarrTransport"

24
roles/traefik/templates/traefik.yml.j2
View File

@@ -1,24 +0,0 @@
api:
insecure: true
log:
filePath: /logs/traefik.log
level: INFO
accessLog:
filePath: /logs/access.log
bufferingSize: 100
entryPoints:
web:
address: ":80"
forwardedHeaders:
trustedIPs:
- "172.16.0.0/12"
providers:
docker:
exposedByDefault: false
network: traefik_traefik
file:
directory: /rules
watch: true

0
roles/traefik/vars/app_config.yml
View File

5
roles/traefik/vars/main.yml
View File

@@ -1,5 +0,0 @@
---
current_svc_name: traefik
current_svc_path: "{{ my_svc_path }}/{{ current_svc_name }}"
templates_source: "{{ role_path }}/templates"

17
services.yml
View File

@@ -1,18 +1,15 @@
- hosts: docker_hosts
- hosts: alpina
roles:
- docker_host
- traefik
- nextcloud
- jellyfin
- gitea
- jackett
- alpina
post_tasks:
- name: Docker prune objects
docker_prune:
containers: yes
images: yes
containers: true
# Keep images for building grafana
images: true
images_filters:
dangling: false
until: "720h"
networks: true
volumes: true
builder_cache: true
builder_cache: false

6
site.yml
View File

@@ -1,6 +1,12 @@
- hosts: all
roles:
- common
pre_tasks:
- name: Set fact for clean desired of docker objects and compose files
set_fact:
# clean_desired_arg is an extra variable passed to the playbook
clean_desired: "{{ clean_desired_arg | bool }}"
- name: Install services
import_playbook: services.yml