apps: add vpgen

.idea/alpina.iml

@@ -4,7 +4,7 @@
     <content url="file://$MODULE_DIR$">
       <excludeFolder url="file://$MODULE_DIR$/venv" />
     </content>
-    <orderEntry type="jdk" jdkName="Poetry (alpina)" jdkType="Python SDK" />
+    <orderEntry type="inheritedJdk" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
   <component name="PyDocumentationSettings">

.idea/jsonSchemas.xml

@@ -106,16 +106,6 @@
               <option name="applicationDefined" value="true" />
               <option name="patterns">
                 <list>
-                  <Item>
-                    <option name="pattern" value="true" />
-                    <option name="path" value="*/compose.yml" />
-                    <option name="mappingKind" value="Pattern" />
-                  </Item>
-                  <Item>
-                    <option name="pattern" value="true" />
-                    <option name="path" value="*/compose.yml.j2" />
-                    <option name="mappingKind" value="Pattern" />
-                  </Item>
                   <Item>
                     <option name="pattern" value="true" />
                     <option name="path" value="*/docker-compose.yml" />

Makefile

@@ -1,23 +1,19 @@
 .POSIX:
 .PHONY: *
 .EXPORT_ALL_VARIABLES:
-MAKEFLAGS += -r # no use of built-in rules
 
 env ?= staging
 vault_id ?= alpina@contrib/rbw-client.sh
 
-playbook_cmd := poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env}
+clean_desired ?= false
 
-all: site services
+all: site
 
 setup:
 	poetry install --quiet
 
 site: setup
-	 $(playbook_cmd) site.yml
+	poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} --extra-vars "clean_desired_arg=${clean_desired}" site.yml
 
 services: setup
-	$(playbook_cmd) services.yml
+	poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} services.yml
-
-clean: setup
-	$(playbook_cmd) clean.yml

clean.yml

@@ -1,3 +0,0 @@
-- hosts: alpina
-  roles:
-    - clean

contrib/compose_helpers.j2

@@ -6,38 +6,23 @@ default:
       - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, subnet_index) }}
 {% endmacro %}
 
-{% macro traefik_labels(host, port='', path_prefix='', auth=false, wildcard=false) %}
+{% macro traefik_labels(host, service="", port="", auth=false) %}
-{% set name = host ~ (wildcard * '-*') ~ path_prefix -%}
-{% set tls_base = domain %}
-{% if wildcard -%}
-  {% set tls_base = host ~ '.' ~ domain %}
-{%- endif -%}
-
 traefik.enable=true
-- traefik.http.routers.r-{{ name }}.rule={{ host_rule(host, path_prefix, wildcard) }}
+- traefik.http.routers.{{ host }}.rule=Host(`{{ host }}.{{ domain }}`)
-- traefik.http.routers.r-{{ name }}.entrypoints=websecure
+- traefik.http.routers.{{ host }}.entrypoints=web
-- traefik.http.routers.r-{{ name }}.tls=true
+- traefik.http.routers.{{ host }}-tls.rule=Host(`{{ host }}.{{ domain }}`)
-- traefik.http.routers.r-{{ name }}.tls.certresolver=letsencrypt
+- traefik.http.routers.{{ host }}-tls.entrypoints=websecure
-- traefik.http.routers.r-{{ name }}.tls.domains.0.main={{ tls_base }}
+- traefik.http.routers.{{ host }}-tls.tls=true
-- traefik.http.routers.r-{{ name }}.tls.domains.0.sans=*.{{ tls_base }}
+- traefik.http.routers.{{ host }}-tls.tls.certresolver=letsencrypt
+- traefik.http.routers.{{ host }}-tls.tls.domains.0.main={{ domain }}
+- traefik.http.routers.{{ host }}-tls.tls.domains.0.sans=*.{{ domain }}
+{% if service -%}
+- traefik.http.routers.{{ host }}.service={{ service }}
+{% endif %}
 {% if port -%}
-- traefik.http.routers.r-{{ name }}.service=svc-{{ name }}
+- traefik.http.services.{{ host }}.loadbalancer.server.port={{ port }}
-- traefik.http.services.svc-{{ name }}.loadbalancer.server.port={{ port }}
 {% endif %}
 {% if auth -%}
-- traefik.http.routers.r-{{ name }}.middlewares=authentik@docker
+- traefik.http.routers.{{ host }}-tls.middlewares=authentik@docker
 {% endif %}
 {% endmacro %}
-
-{% macro host_rule(host, path_prefix="", wildcard=false) %}
-{% if wildcard %}
-{# regular a.host prevents warnings from 'No domain found in rule HostRegexp' #}
-{# TODO: figure out this stupidity properly #}
-Host(`a.{{ host }}.{{ domain }}`) || HostRegexp(`^.+\.{{ host }}\.{{ domain | replace('.', '\.') }}$`)
-{%- else %}
-Host(`{{ host }}.{{ domain }}`)
-{%- endif %}
-{% if path_prefix -%}
- && PathPrefix(`{{ path_prefix }}`)
-{%- endif %}
-{% endmacro %}

group_vars/alpina/vars.yml

@@ -5,15 +5,12 @@ alpina_svc_path: ~/alpina
 base_volume_path: /mnt/dock
 media_volume_path: /mnt/media
 
-docker_ipv6_subnet: "{{ \
+traefik_subnet: 172.16.122.0
-          ansible_default_ipv6.address \
-          | ansible.utils.ipsubnet(64) \
-          | ansible.utils.ipsubnet(72, docker_ipv6_index) \
-        }}"
 
 # Authentik
 authentik_db_password: "{{ vault_authentik_db_password }}"
 authentik_secret_key: "{{ vault_authentik_secret_key }}"
+
 authentik_sendgrid_api_key: "{{ vault_authentik_sendgrid_api_key }}"
 
 auth_grafana_client_secret: "{{ vault_auth_grafana_client_secret }}"
@@ -21,10 +18,8 @@ auth_minio_client_secret: "{{ vault_auth_minio_client_secret }}"
 auth_gitea_client_secret: "{{ vault_auth_gitea_client_secret }}"
 auth_nextcloud_client_secret: "{{ vault_auth_nextcloud_client_secret }}"
 arrstack_password: "{{ vault_arrstack_password }}"
+auth_vpgen_client_id: "vpgen"
 auth_vpgen_client_secret: "{{ vault_auth_vpgen_client_secret }}"
-auth_pgrok_client_secret: "{{ vault_auth_pgrok_client_secret }}"
-
-auth_default_enrollment_group: vpgen
 
 # Minio
 minio_password: "{{ vault_minio_password }}"
@@ -67,9 +62,3 @@ vpgen_ip_max_index: 100
 vpgen_vpn_endpoint: "{{ vault_vpgen_vpn_endpoint }}"
 vpgen_vpn_dns: "{{ vault_vpgen_vpn_dns }}"
 vpgen_max_clients_per_user: 20
-
-# Woodpecker
-woodpecker_agent_secret: "{{ vault_woopecker_agent_secret }}"
-
-# Pgrok
-pgrok_db_password: "{{ vault_pgrok_db_password }}"

group_vars/alpina/vault.yml

@@ -1,154 +1,138 @@
 $ANSIBLE_VAULT;1.1;AES256
-64326366396663613133333430356565636565363066383339646533623964613638613932633865
+38376439643766303237356563616337663731366435613930393135383962666435313530663632
-3435613234306336376565623861303864323735323533360a656533303734646630343964666666
+3432326162343632613565393737363335306263653032300a643539393562376162333761376631
-65396638373733353833333736626465336663323934373461303564376531623066303062646630
+62343731316430316638363338343966326635383930623339383339653936343765316439393233
-6362633163653936390a626138656361663635336533376563373139663538663037306336333865
+6562323634383363300a323233346338393764623363346139313661386433656337363332656230
-63393263646665663664333162656532373064336361346133383064383035333831653563393337
+31306233643735333033316139363165373062363334363933396563366234316330646230353261
-39306138623764366131303332653839653061393530353235613563376430666337656336386262
+62326539663337323036346533303031333730373061656563613535376162633138306634626462
-64363731656230323832616437633735343662376637303334343161343165636137623434613636
+37313038356466336138643834643863393333373939616362636365366231383762633030313831
-35666439383036633761353062613464363264633231306138636362643434333338303238616364
+33393139313336623437396161623437323163633362363137626262653462633737373062643735
-35636430626536633264616233303462363839653436323138613836633336383438393364373338
+63353561313639393166306466346134623933323532636438656263663338376337376434356163
-37623539306635636462363239396231663264613034646165393031343763643265363235623736
+64343239616632313566656664393136363337386464613932383961343134363233653039336137
-37383439313066386139373736396465323962663131383664393939373862336231306266653832
+65656566306463313264646163646130323533666464323464643433313030346535346535323264
-61663037613535663138333565613066663938616432356434323531383837363931393837323634
+34356433343739343166383034313935666139663239653662663734343139343035616134303730
-66353436303065323266386264353436393266363136326531646438326130613865663132353164
+39643136623735666333646234346239303337333961343261383834393963386633633030633962
-30366434373164623037613931393634613065383737643863343939373063376530633938346434
+61376132313532643730633865326130666565303631386262396366306565613665363934383335
-62633432636430366361616636313337366238303566303566616363653336643736333636663737
+37376139616165396436663135373932653064656136356662363137653036383537613665393634
-38316330646266636633323162346231353337626133663939306131653434326533326162663963
+38313063656637353630373634316564383362663335356364626161663163323362333937316461
-34666262313232663564356633393162653639653739323639396562613362313663383736393438
+64336636386234623438613766316430353261346339313863306462393335636131363966363038
-31373930393465356535303236343934663238373764303333663634666338643666646665326563
+66393561323335393063663838393466656331323433376461653838313638303564666662636438
-34376164303538336133613630623466656466663266326432343439613235376463326661663131
+38663735616261656338626437336433613730353236636266316536656165303534353538316232
-38373533313661333431343638346334303736306237653336633366313831626466633430373865
+62363063376464323932383261663537393263333266633461326536656533653661303335646431
-32646536643862646135653434343337373563666532333561316232393063306365363631623262
+36616436396137343634373563386439653833306537373735353764346430616231313538636362
-31313538306264623030353230326330666234303138646237613435633637373837656565623538
+30363430613839373761363032316137636432643339383561313637376339323836353161343639
-33616233623366346237376563613430663835653432653834353835376338643236663266646462
+36316665656164396236383538346561306432333637393431393566333566633434393961663330
-62316438356233383965616434393737306132306538396564396431376661323135353137316534
+32383833396238633966393837336564626135653733383863346161663364353062303931303931
-63353663343338353339373163343737333835363363316563393538353266653033383136646437
+39653662373734643037393832643439653437353935666430373337643532346161376661633738
-37626661383531363233656663616630316361373438616232313131316234386665653262313937
+61643431633431666535333463636461613166363238373138306565643533623039353031646634
-61366536613731663231616663393735303535326636383066333330386233306534656237653561
+62383662663435346635373865633731393362623761313834393964623930646364366534333236
-33336639356331313636363865313836306137333439613365636132356631653437316161346230
+35393138346433366435313066633436393561643263343534393034373161343834633261363933
-64643736323437396663653937633634633230386164333239616261616332323137643764383335
+65376636393263663566653436633762643331336139653565663334373561353130653065653935
-64613966653764623031323961386530383731316464386131393264346261356331666165623738
+31616337313764313532303934376236623833363433336335303262643135643339613839623231
-62643564323134393630336566343834356265316264393530356633356466313831623262363730
+37343730616166323239653537313137373136626337333665633134363830626131353030393662
-66373232353439616539643433653435643931623430633338623737643039306532343234646333
+31643366386365353336326133636434303636343637643539653131316133306132643133643364
-34393536333730626136313039646364626235616233323137386137383565326461393635353838
+64636464373564383938663838613031626563613362626435383832346661306562343165643539
-35616530383765373431626130386165663538663861653064646363633465326364353533646137
+66353431393032313262393566353833343632366139656234306561366139633431653133356165
-62326435353239363164383236333236643430396561396231323130376264646139666264356138
+32363332636433626132666462626137653337646234646565303831646330333133353964626461
-35353466396335336532363566323738373932643634363763633832353462663836636465626434
+37333265623865376562663365336339353036346135363062663534643537353331623630356264
-38656332626236626335386166333835306666643438376330373936656639313933373635333436
+66386665333633383534313062623533383239383231333163663565633531666236306465633135
-30633731376166376232363834346632633261353361323563376162343063343065643439306231
+36363164636165343863363866343437636630353863316633623761373232643262623762316162
-30666131373361633862363833373366313733626161643932306332613230393636636138363337
+32613665306535626139366564616362393536336364666663333761383362393631316134373138
-61666565633931376639613262666332363037373337663430343939333431303732636434633934
+32616665363164363639303538373539346239663261373731613464333734326436666433666539
-35386130386363333431636363336130336430633839653231363935313930393037306536336563
+31656264326535626134323231646535656563363231633434636337323538343038303233363765
-36653462383432366337646266313139346536666230386565333364383330653333353765326136
+61393164316237323533313336316530316431653731343261636265393361616464323536333130
-33626236333765333863363265346561643835373235393361643234386336656134353731393033
+65346538306664663566666435393738323832396365363764333637613331356661306535376332
-34316430383933626434343839333065333166386233316132373138666534653434653033356135
+62313533306365373737643835396364363737306631346161353031633531383364636563383237
-31366539346538336639626363396636646135386266386138356362616464316630313437386265
+64633432386565356137333730313736393737303665326531356265376333663636393430386233
-30353361626338633961366633333631383366316331333635613738366139633863376331333435
+33666532616632373061633063656136646533363034363330366231653936396166663134396139
-39376239336532343937346563646331366136666130646336366537366534323961363930663438
+66393131653963386365656364666263666362316136333561326566626562616138383739346139
-65333663613030336131663665343234616231306130663761643163646233353265333030396333
+62343035646435393136656434646138376331346164663562306166646132363230333538323536
-30326436396163343732313430373135323332326161623566633932303537666564633834623863
+38643934613633373734653337666261356639353235326539356264633232343834633062336539
-66353039626565646539313763373864623638323765313065646133646430666162616533323036
+31616536663730656163626437653932313564633938643163313765393731386533323465303831
-64313238633264623465313961656563643536313435313162376339353532363232613637343463
+34353663363862363761643565633635373834623665653131613531373637386361636661376532
-33343066303465643930613364356635333234363563653731663137306337346630653637656566
+64386435643966343034643763393461373961626134346539653865636161333962333463393734
-30323537356264356137643637646265643537303263373964346165656266623263636331323130
+62343838363432396133326235323636613239326139376365353930373835313531326433326234
-31396433346561666331616639306131623261353763343638663931623161343133616639633561
+66396537636162363865663433626230316362343334653735646637613130636436633132663538
-36646266643636613564346663666633313665386137323266633330333862313637386330643937
+64623230303266373965616533346464373661363233613837613765343463306136623063313139
-33393561376331316235323961636462363661383466663635323464366238386531393466316361
+31383039343462363536646636653736316362356565326538636331646235373162663332313961
-30396434666335346232643738396638633239323935636637343838353364656662663666303366
+64623061636638666234623336656365383165626461323561343930316432313632316332306334
-37663666373839613837313335366635363634623133653463626466316435303538303632633762
+61376430303835383934396266303564363230313735366464386134393265326334663633663632
-66366538303630336630663365663831313562383334666435383831376564333438633364343861
+38643034393737303963643733656333316137646435653666353239373738373632383561646333
-35343462653233636265336266386637636261666331316666663966313666383965303163656238
+65363865353362383832643238363332613931343038366563316163303764323936316466666364
-66343932323939363339323664366334386166373139363866353161396235366466306466636439
+31373439383661656336653431666164393833643266656133383137376133636134643137663532
-36313039313263643739353230313362353263626236393239656164656334653363623965653936
+33353531663336346562653339616430333133363232336461353937303435346337363932306133
-65386165663361313066646532393939383165316239653335623965346363613335396639653134
+37623164343462363830323263323664303334633563313439376232303031633633316636383164
-36346164383439636237306233333166383233376462633136383933666161643734303032313530
+66306238333432333635653435383138383339343837346134613630353335656335663062326132
-62343866316162393766626261393635643564366431383164626236653062336466343634323432
+65323638343963623062663638366538363162343230323262616138373239653163623832313366
-38343663623261343535616536613961636564376563303064623537303233373366326136353665
+65323834383631646164316363383636643437346435313030656362653332653635343066666232
-33336532633161623638303761383034306265613230323433326133653035303661626234353931
+39346235383265326262306434383861653138393835663863383032363664323565316165646566
-31646530383637626231313965343138303565303030316132613930306137313465616664646230
+61646238393062373131346536343533663839313831383335316363343465663130633133393436
-30353163626562396566653261643336653832663635333963343539396366346132353465386463
+66333465633636353639663836376561353839613533346164366238353833636534633338313262
-33666365363639343066653330326233373035313433316264373236366565643931616335643762
+30656433376362346333303630643639353262323532666238633764363132303161326638643761
-63306165393166396437646366303837316235643562366464326530373230633664653235363136
+36616131636538613539383935613337643930333334613566393031646630383330656164363361
-31333938616139653261656132663439323066636135303430383662333639306265633436326666
+37306536356164633831626362653364313164356235653464333633313263383032333439626434
-62353936663463343864383432636465373737666239613033383538396338303533636663393339
+65376531396661636661303831393062666362623966353739303330393631323963373564353265
-63633561343135343339393063636163373936323461303734613766626539343363363365643632
+61343862323737336238356231626561396333386264666563356235333339653538626130623936
-66306630303634353230393933353333346166303436333038303637313162626464373334373063
+63326431316538346534313764356333396565666431633833613337323136643137306166623238
-38313438633365316562363564316138393531633661323139343938633636373534386465643631
+66393561333137373964353935323930636237366433613038383761643665363330323865386133
-35396261643865393531366432343265663363336562643366623062343331306431663461393066
+37623339613733353366656637383030623663313639363334656361623035643232626633313864
-32633732333634383462383061623334306332326466306666626131363461343436393966633233
+36346564653766646333613763616163363462613937656534363461376235613064373039326165
-31656538633733303264663239643639326235316561386564613563383930383336386664363135
+32666265383065636232613632333830633439653066653666663261646536663434393535613131
-39616263313036646630373233636534376361386230386235363636643835636538663930633630
+30373062313765663038313534623165653833623330383032363063393239373234636630646561
-38656664383138373138626639666230623635613137666533353233333636323062666432313434
+38633962363530666638666630316434613462656335613236363831313863613030636539356133
-37666132303233353438346439653965626434663136386631313337633636653464396566323532
+66386133383433663964306661636131633236633935633236623530373864646363383534383735
-39366434373830343764346138613665373536656164363637663037663534633963336230663439
+63633165626464333332303331333338313838393832626637626137316338643136336333633930
-38373138336666633934643537383131333034316135343738623435643630653661633432363161
+61346436336635656639616261383666336330333862303139633137373362303033653432613039
-37373837303838343566626662656231306438613538333733323632616132343563376533663539
+35623663353538323761623839623438646363313164356631386364356533346133333334326565
-64653262646463613739313737356139666666623963636261336433396363636632333933393463
+32303837663261386463313535373765356166376165386535623838326431616564346632363732
-63653366666536323536666264343931373961356361646434623461316630626133376639613362
+62373231356530346632373134343865303532326136653731633038353066623435336462303138
-38333836653332346134616134313164313965613531343630383764636161653730656332616238
+37363039343433613939363663623135396636396433653362666164323237393664623564393532
-31393132363064663431316165346135343861653462383162353063653837393566356161333535
+61376463336564396537366365373936333666373432376566323864343735636264643139643063
-35343133646632343164336364623337393138343630643737643531346566636633646438396162
+66396230303336633438666234336434353866323637316334313162363734623763666338336234
-31393632303661323363346164636331626638326437383035363930656635316236366434623236
+39303330343035333864396631323231363134646238323065356138633131323135613133356237
-33633136303533636239666434323962333134366461363037343463623437363961353962346236
+34373562633430613062313261363939373632313838333934303165336562663839663833383763
-66313838643238323136356135346564363732656666363431653061663863616537663035373631
+39316632656561653033613933373861366361353761346539306234366538373461373930306535
-34613262363065333162353039613762386130353930316161613061633164383539623263323865
+66623430343336333033306135303639646566393336663538313430616364653933663536386535
-30313566613365656563353236386334636335366663643034316435376532333438643166663536
+64323962353734356134656361663131376564626461386233643731393664353038626464313763
-38363363373330326132336363363039396563396435366131353933393434373336363033343265
+64396265373737313134613962376334373965353338303363303935353538643561336461393032
-30613539366436643631303933376137386635366166663930303331623238633034326631656366
+37356434343837376534663938366434343063643966643965346465636166363235643635333466
-31356337303834356334633636333832363837343735396632356365613439383061366232383462
+38323664366366663363616664336165653264633437393636363866316262303432356461386330
-62613934373535626639363230366266343762643232623933613265356436656364363835323062
+63326539626363333331366162363230626462656633653866383331333164663734633630353265
-32393062386432323562313734346133393465316135316135366331653161636261316364643632
+63303832376230646136346261383965626633613739616330666232376366613332663839336531
-36326161653937336562643034636638666265386264623133626335616633353239333965656632
+32343031336363663865643165666435623462376130326433316562363530343662366432313031
-31323134393230303733623732313836373465383535626434383638666135313237633731613763
+63626538656633346563663735323030363231643933326337613634376531636235333339373633
-64343066336662643264663130363962626435626332626464396137386538333731373238616636
+66353362333265343964353966383363613336636536393734363363623363316532653533633434
-66313931666466306133643666363862626438343634353336376566333533393936363866626233
+39333162303834353362323362656630343733653336613065333462626637303264653361393462
-63616633373536633138393563323636343035343564626236383064376135656638616534353431
+32336238326535383662636465383832346438333230666662633430303964343236626331623536
-31643063346631636666333065386339663363623431653532643065363636303764666333393761
+65383666316431646538396661386332323037383666336138666135613763363633343934663836
-36313439303765356532393832633637636336643036306333663935393734663662346435396466
+32656362323631303732613235663135633939643165626231373162643963613637626235613365
-37376537323262653033356336363835666231363661653133666361383065343063643061376164
+32326266323431636434633234333730373836373039666137663232323539396364373061393232
-32333530376530326662373738333363373631663536373961373965373263346635643762396666
+30646432666365333336333836313333363537363163383034656136383164663331373632313564
-61396632343464343735623531653831393735666331316162353430353134383430393865383662
+34353731363338323438366464663938393632626530323537306233613866356234323364373766
-66656264376564343636386263333934313364373564616134623863613439636537613764376434
+34326662656263383864613538326536626133386532303932326362376632363631356535393937
-65313964303539376131396339356238363735363766616365306133393464613131643166646437
+33346462336636656165316166363364343330383337636361656438383661333366633532616131
-39353961393036646164663865633633373465653766386230333762643735363734633633363461
+37313033623430663039626131303933316561666233613666636433363537373264653331323136
-62613332346336633833663862333230363161663636646232343761356338393639613035646438
+66663532653233373735326333333738663931343735306262353831303330633136623966316431
-32663465303138613731303961633565616239633033333361613861623161353032353661363062
+39316462313066336536623438626163383139343532313932316435356431323865373035343465
-39316262363738383163366332373438636539623365353232316536363130333438613031653665
+30346237393531353833616136323431376530333635633632666431313938643539363831313539
-62366334653036353566333663353862303335656266613134633731633535313730303539306334
+38396338336136363165323135663836336139623865666631663237616664636233653663383965
-63393431306265373234313939373133363961626265626633343631613931636132653635376634
+39623665656563316334323738323730306631636565393662313536353565383033653365663461
-61366262336239656638343438646231653030666638383239313834363334663661316235366162
+38326432353166376438356238386161396638666131636536356333393563613461373263346538
-34346438386461633366353838346664663832323436333737306566333164323066313931643630
+36656138353762323662363061613764633466303566353338626666646533616137393336333333
-33363733356231326636646133366136663431343038643265633136626363343131656463373264
+30393733316636353266653039346237363830333831383535646531616130353534633062643135
-65363833353831656638303439623636373062383235363966356332343163616336643735306466
+64373533646462313035383236333866313866366130663863363162613234393762646662666233
-65663366643030626437326439633665333564623065633431636232393465623365636565363230
+30653666353333366365343036643462346361303536363935396133343166303339623461376563
-38393664653432383539376363366462386438663137363562323231663661353635383866373761
+39333163636466646534356337656431376663623833303235303534633634386665636162346634
-66303165323861626538353236366533336533333939376232313038343331663833303864356235
+34646665633639663763316339663539663261333436363935316334656330313835616138626237
-64383664376237346465626339336536393537323665653766363464393133323637646264643830
+35623363393532633937653132303635396536646635633062393661616538303631663136363038
-32376435623666383633383636323862376166623938346239363339336333373531376433383032
+35623539303963383063343338653130643233636537356264323238633839303337383665393333
-39656466363761376565653936366430363638623332636532383431373334386436373737323163
+36303330393638643464646535653833626531343634626531396261363139326336623765623039
-61616230396135353831343139346464623261303231633035353264626232393933393732393634
+32613237636366376463343766303964336661363432646436373963626537373137396661633766
-35353531626532626334613836623633636265613963613064626334363436336664363633653636
+63633830663035663764303634643662333464353234646232343066306131336533396435313239
-64366262336134653932386236663161623639626562303135386532366261396134613664653037
+66366630643564313665306130656463633065646430373334336664633264353336376439666137
-63656665393835653831366464386236303239363338623338653833653430323135333063616266
+65366537366462623136353539373961333238373733663837373430663865643334393565333861
-61383539613066623563616139666261373066316662636633613561366466623032386434366137
+35363035343561633164613631633532623164376339633630393633396437333034376339656538
-63643030653538623039353934373531633034386665303866623835356433353666653831326464
+32653030626434326632386635383739663932393331333062656565303939373566653031613839
-32323134323333386563316230656362396635656461643061393562393766633736613361373637
+31363162666330393232646562333833633266643165316464623533623539356339333365623966
-65663763373139343162643431353039613565333639336530666164343239653461623734303538
+65323638396531346261303835373138333262323466656263643737343734303237303638353036
-30613432363233353335373539653439313333353537343733616432316338343836336539613832
+3733
-63353363373536333731636431336433333061336537353231656430343434613836383264663634
-38346165373533663330373964303161373331316666633865333538656136656637346266313237
-30376135656230353464643262633837336465376434323166663731346130626338613138656161
-34623765316239363863626139333536376534396563623631643231616266656238383763386137
-30313162373338653131623464396362666163656638656164656131616631373833373936373539
-37633861306362383762363733333233623134616565383037336539343937633663356262376133
-38656630343136613337663164643338323261613033383564353330306465663932653566376465
-63613933626164303466366539303863366263366638663830333861663734616439316463373537
-66396433663764336630643038323964656131393731623733393133653432663763326662643137
-38323130336137356263303961363562623235343765356366353964396636306235616435663932
-39663732313066663834616664336631376639336536323230333462386636333234373063336535
-66633238666639643632383666666136383834313162396265386466643130313736653239653231
-64613637646539626432613532633231343634363263363331346434613833376532323366643063
-61386565316132386162663539623164626234383665336234653534336461623632636461323934
-66653966656230366166363535656261363534636136376566333566313564363361316563653638
-61643361383263643833636639643362613134623464346537386237616464626265

inventories/prod/group_vars/all.yml

@@ -0,0 +1 @@
+domain: cazzzer.com

inventories/prod/group_vars/alpina/vars.yml

@@ -1,8 +1,6 @@
 # Environment specific variables (prod)
 
 ---
-domain: cazzzer.com
-
 docker_ipv6_index: 255
 
 # Arrstack VPN
@@ -11,16 +9,10 @@ wg_psk: "{{ vault_wg_psk }}"
 wg_addresses: "{{ vault_wg_addresses }}"
 fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
 
-# Authentik External OAuth
+# Authentik GitHub OAuth
 github_consumer_key: 32d5cae58d744c56fcc9
 github_consumer_secret: "{{ vault_github_consumer_secret }}"
-google_consumer_key: 606830535764-9vc8mjta87g9974pb7qasp82cpoc1d3a.apps.googleusercontent.com
-google_consumer_secret: "{{ vault_google_consumer_secret }}"
 
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.100
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
-
-# Woodpecker
-woodpecker_gitea_client_id: 3b7515f3-6005-4512-a2ee-5464dba315f8
-woodpecker_gitea_client_secret: "{{ vault_woodpecker_gitea_client_secret }}"

inventories/prod/group_vars/alpina/vault.yml

@@ -1,32 +1,24 @@
 $ANSIBLE_VAULT;1.1;AES256
-36313835643238353932323631323439626432316436346533376365633332313963666433313333
+63353634643462306366336162646431616335613961343464626166303837363565393136373433
-6134633133636133623130376237373462383164396338380a316463396139653161366536636336
+3663373337303837353564383531393462343064353534370a666333363166636137396634613139
-64346664356538366538363239306631326464633635316161663963326635656430326637333963
+62313762373332303334666530333731653231663263663930633265333665383661643037303737
-6462633236353132300a323062353639646238663737353461633733636530613036316364353864
+3239666139623937390a373066376363663865373266623831653964366565623138643138353866
-34326534376639643734303137613866393464306334336566653134333765356361386436323939
+35343633323032326331393263316434396335643732363337643262373663646339663836623235
-35393535303635376162386266396431313739663961643061623037343463303637623130623131
+61356534393435303336313636646665366238303539343835343761633230383261333864396465
-31653761616639613964386432643561376637316435333064343837636463303033333432636234
+34336166346261613061616336633166383338623561626662333665323462623064666531633833
-39323735373161616133396566316266383165343033666530376333626264643531613334363634
+34333735343934356365306135386430646539366561666334393065363532393636653031393237
-35393766623361346461333764666139366632306362613362376133363239656562346263643066
+38633437383961376162366430393761366231636437316139373334623964396236643761306363
-65616538366532346537383432663766366161633234373562623531356339666661346164306563
+33653761356632643334333932346664353037366638363835663435363162396333616535363730
-35343339386631383462656466303563376237386137346437323634626163353464356462346364
+61623539363130633330303462613861393965643066303338353531346433363962373761623235
-35373061636237383335396231326563366230663566333665326338303564326263316630666233
+36313838323830333966326331656435653837363530353837636465333434666266373639626534
-65303930663862313137333630353837363265333532303133306466643462626662613166326132
+37663633353962336237316433653763616333333165343630346637346137613338333363653231
-66346439333739653965346236313766346532356233333164633538326135643662623533646561
+36326163343839363936613334373430326531646464626230616634663530343265356166346165
-65626530386333303362343830653430653866336261623566616362313739303939656364656363
+61306263613937626565626165616336626131636234643062306530326235646532313962626438
-37336331353766633534653936626139303061623531323362346564363665663438646533646166
+61363333373034313563373831633339653365663831376463663839333233616635656137333561
-62376534653562373138656465666133353235313935626534383537643436376665613865303363
+36396639393835316133393737313164353939336134623666396265396535353861643263366235
-62326562396361306131616363363866316232623635353663323537366563333239383636643763
+62323137306235633061386630636235613636393033333631633231316337393430383438643462
-35623366663463303831323730363036306363643364303532326339353633393739306366396331
+63343630353134363633383331373437623631333532663536643937616636666433623861643639
-33313230656431623462376135623438633164323064653866646165643263383832353138633931
+63653532626337333136313932396164393733333038396235313133326338356234363363633962
-66306463346361646561376334613837383762366365666638643434383034376339643239646463
+34336562396138333535363165343764363336316238323364326539343738633831636536306139
-66343461363233626635323535336462666339323032616136396239396534346434623238396330
+38653766656430353035396166616133343666303231363039386635363536306531343932656261
-37653665643366323362313136386231396532323035363963623738346564356435303263303832
+623162633233343566376630303538636664
-37346532366432363638363330316464366361313461626535616165333433343835393565633766
-32663162386562373035333335303332323136613233613431386265626337653939326435396262
-61303631633838613962346663326232636438393563396230306361333335383462653432383766
-35376662353262303635316635363130383032366530396439613861653037383234363831333562
-37343332646534353838626366623361636261393865363633303631613837323733626264643835
-63376430613234386463336234623062656534643863656434386134616265333666613939393331
-39333166393538306135313431303831623063363533326330633062653333313733653831383736
-613864303461323739336563356161353234

inventories/staging/group_vars/all.yml

@@ -0,0 +1 @@
+domain: lab.cazzzer.com

inventories/staging/group_vars/alpina/vars.yml

@@ -1,8 +1,6 @@
 # Environment specific variables (staging)
 
 ---
-domain: lab.cazzzer.com
-
 docker_ipv6_index: 254
 
 # Arrstack VPN
@@ -11,16 +9,10 @@ wg_psk: "{{ vault_wg_psk }}"
 wg_addresses: "{{ vault_wg_addresses }}"
 fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
 
-# Authentik External OAuth
+# Authentik GitHub OAuth
 github_consumer_key: dbacb8621c37320eb745
 github_consumer_secret: "{{ vault_github_consumer_secret }}"
-google_consumer_key: 606830535764-pec4b3sa2tohim3u9jl2jmnl1see46q1.apps.googleusercontent.com
-google_consumer_secret: "{{ vault_google_consumer_secret }}"
 
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.50
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
-
-# Woodpecker
-woodpecker_gitea_client_id: c7122416-b160-498b-8021-8f2837552588
-woodpecker_gitea_client_secret: "{{ vault_woodpecker_gitea_client_secret }}"

inventories/staging/group_vars/alpina/vault.yml

@@ -1,32 +1,24 @@
 $ANSIBLE_VAULT;1.1;AES256
-36343339366166383430383235626463376339653331333635623936653135633633353064613634
+63633035373836396362626539323363363132366230343762366437326339343535663361633430
-3263306161376232356634363532653266366665333364650a636365393465383165306563346132
+3039646662343464303663313631313361306136613461340a313836363237376238343232613463
-37653564633630653635353464333939353266396562316663653933373065353536333130383065
+36633962613233386261366536333664346132396266383064353065353936653038346534343433
-3864353332303164320a316439313164663736636465366539643131303663343861333164613561
+3734333932666436660a346539643637316432343761393635333265656165313464656631653236
-37383965373964313535313335643164376164323263613539643933333035323837373662303030
+37303637333564383036623664616237313466643836663632363461353462386638326361396535
-66636465303566313334386435326433653032383962353739643861346161323738636366396239
+34353639303734323633306266356134393832366132633132383361336138643961663362616132
-39623336336234376339343562656362323932383265313161396435346530663330353266323433
+65356338353837623531383566363666633565646537353937656463343832613031633630306462
-66396538313365653963323164306464663565303364386466666636346533633661333634313236
+62313335353065323939366536356161653339316265373362376138396636626361643435386234
-33623936616239613264613730363039366561646535633239633564656166343162303633373366
+61633732383963653935363137346466623163396231303430346338323761643237383461303932
-37656163333838656533363735383332626632353237613666396633363531666366336630613064
+36663263633730346362386366663135653735303161383166633631333862303261356132303461
-66626561663766376531313666663963643766393965653564333062653139336230356330383464
+34633432633663623136303337613335643636356530626336366361373736333336366230346265
-38343562383430303132663964303736623238386562323033623861303432363363373934643332
+31396463363639303431386439303163643037376262616437643438323162653134643837363430
-63363239323664333131306237336134613137653136633932356238343733393632616464366134
+66336331636466383063656632306566346531336161653136623938616564333333326566616364
-33623038363032653134626337663863366663383433633134326239616136656139366535613565
+62383935616637656132373664343730653239396634313530633665633736653365366136656265
-61646330356330396236303566363834613236653733643162666536303435643133346633353632
+39343833333836323133376465376164323530643438353234353938663733323433373531636335
-62386135303262353332643135636164303963616234626132356161663463366434323864626261
+64366232613637636537626139656130303663353266363064666464373665336238383763616436
-33356536626263626261343937386666396561306334346435316262333431353234303836356563
+30303032393830333730353837656237666564346430613531653466646534613536353433613634
-31343566373935396633636133616265346235396333396664333534336162323039623937656336
+62653538366638366565633261346431396639663435356531366537353737363761356530643635
-36656133383966613333646336613039626563353862646238376461373264633233313836333062
+61653438346434363834653131646661366338633431303862333732326262626366633034323137
-30343134363862626630393035643762376435346532306462363437646238333463396230666465
+30323636616333356430346365643630366162323133376135366663343265346234346161306431
-64386365393063613139313164366562643066323461313364393265393638643137386561633530
+35383736336664636561623262643162636130366162326536656231653165386230333562383466
-65643861386531323836306339386462656530383533363831323461303131396666626464303136
+66323863656566396639316263376233613162396265373235306662663665613663626565623761
-64343865616235616366633136393662623862383961323338366435396334653538303830616166
+663938383964623436306662666663303330
-39636164613466313033643639366635323666666235653633333436613133343962353664313838
-64356466393239666131363964643461346633313030643061643938643232343334313731636463
-37396637643232353539626239306463623237623534366666396164613135356136313534663231
-36613662653237343061316463386231656136383636393034333666633063613731316162333464
-64313866633062623530326233633166343434636639346565346337396461393637383333366435
-62393030383963396638653230613431623837353461313630343333376131616239313164336234
-62323739316536353835613032303438623230626563303934626466303934613566656232323663
-643265386333313065333737613438316532

poetry.lock

@@ -1,28 +1,28 @@
-# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
 
 [[package]]
 name = "ansible"
-version = "11.1.0"
+version = "10.5.0"
 description = "Radically simple IT automation"
 optional = false
-python-versions = ">=3.11"
+python-versions = ">=3.10"
 files = [
-    {file = "ansible-11.1.0-py3-none-any.whl", hash = "sha256:bbaf7073993f019fc0293fc8b76c7b215081831957c28eb020f12c270a16e8f0"},
+    {file = "ansible-10.5.0-py3-none-any.whl", hash = "sha256:1d10bddba58f1edd0fe0b8e0387e0fafc519535066bb3c919c33b6ea3ec32a0f"},
-    {file = "ansible-11.1.0.tar.gz", hash = "sha256:d01b425990d960d2a33fc378e1b73dbca1c0e28bc22f4056ab6b3c8e9ae74fba"},
+    {file = "ansible-10.5.0.tar.gz", hash = "sha256:ba2045031a7d60c203b6e5fe1f8eaddd53ae076f7ada910e636494384135face"},
 ]
 
 [package.dependencies]
-ansible-core = ">=2.18.1,<2.19.0"
+ansible-core = ">=2.17.5,<2.18.0"
 
 [[package]]
 name = "ansible-core"
-version = "2.18.1"
+version = "2.17.5"
 description = "Radically simple IT automation"
 optional = false
-python-versions = ">=3.11"
+python-versions = ">=3.10"
 files = [
-    {file = "ansible_core-2.18.1-py3-none-any.whl", hash = "sha256:4a312e416e09c7271188d6b8e2b1062fc6834fefd6a1814d0e02fb8aadb3e1ba"},
+    {file = "ansible_core-2.17.5-py3-none-any.whl", hash = "sha256:10f165b475cf2bc8d886e532cadb32c52ee6a533649793101d3166bca9bd3ea3"},
-    {file = "ansible_core-2.18.1.tar.gz", hash = "sha256:14cac1f92bbdae881cb0616eddeb17925e8cb507e486087975e724533d9de74f"},
+    {file = "ansible_core-2.17.5.tar.gz", hash = "sha256:ae7f51fd13dc9d57c9bcd43ef23f9c255ca8f18f4b5c0011a4f9b724d92c5a8e"},
 ]
 
 [package.dependencies]
@@ -52,19 +52,19 @@ release = ["twine"]
 
 [[package]]
 name = "attrs"
-version = "24.3.0"
+version = "24.2.0"
 description = "Classes Without Boilerplate"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.7"
 files = [
-    {file = "attrs-24.3.0-py3-none-any.whl", hash = "sha256:ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308"},
+    {file = "attrs-24.2.0-py3-none-any.whl", hash = "sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"},
-    {file = "attrs-24.3.0.tar.gz", hash = "sha256:8f5c07333d543103541ba7be0e2ce16eeee8130cb0b3f9238ab904ce1e85baff"},
+    {file = "attrs-24.2.0.tar.gz", hash = "sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346"},
 ]
 
 [package.extras]
 benchmark = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-codspeed", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
 cov = ["cloudpickle", "coverage[toml] (>=5.3)", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
-dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit-uv", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
 docs = ["cogapp", "furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
 tests = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
 tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
@@ -150,51 +150,51 @@ pycparser = "*"
 
 [[package]]
 name = "cryptography"
-version = "44.0.0"
+version = "43.0.1"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
-python-versions = "!=3.9.0,!=3.9.1,>=3.7"
+python-versions = ">=3.7"
 files = [
-    {file = "cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123"},
+    {file = "cryptography-43.0.1-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b15492a11f9e1b62ba9d73c210e2416724633167de94607ec6069ef724fad092"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:27e613d7077ac613e399270253259d9d53872aaf657471473ebfc9a52935c062"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:831c3c4d0774e488fdc83a1923b49b9957d33287de923d58ebd3cec47a0ae43f"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:68aaecc4178e90719e95298515979814bda0cbada1256a4485414860bd7ab962"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:761817a3377ef15ac23cd7834715081791d4ec77f9297ee694ca1ee9c2c7e5eb"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:de41fd81a41e53267cb020bb3a7212861da53a7d39f863585d13ea11049cf277"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:3c672a53c0fb4725a29c303be906d3c1fa99c32f58abe008a82705f9ee96f40b"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f98bf604c82c416bc829e490c700ca1553eafdf2912a91e23a79d97d9801372a"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:4ac4c9f37eba52cb6fbeaf5b59c152ea976726b865bd4cf87883a7e7006cc543"},
+    {file = "cryptography-43.0.1-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:61ec41068b7b74268fa86e3e9e12b9f0c21fcf65434571dbb13d954bceb08042"},
-    {file = "cryptography-44.0.0-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:ed3534eb1090483c96178fcb0f8893719d96d5274dfde98aa6add34614e97c8e"},
+    {file = "cryptography-43.0.1-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:014f58110f53237ace6a408b5beb6c427b64e084eb451ef25a28308270086494"},
-    {file = "cryptography-44.0.0-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:f3f6fdfa89ee2d9d496e2c087cebef9d4fcbb0ad63c40e821b39f74bf48d9c5e"},
+    {file = "cryptography-43.0.1-cp37-abi3-win32.whl", hash = "sha256:2bd51274dcd59f09dd952afb696bf9c61a7a49dfc764c04dd33ef7a6b502a1e2"},
-    {file = "cryptography-44.0.0-cp37-abi3-win32.whl", hash = "sha256:eb33480f1bad5b78233b0ad3e1b0be21e8ef1da745d8d2aecbb20671658b9053"},
+    {file = "cryptography-43.0.1-cp37-abi3-win_amd64.whl", hash = "sha256:666ae11966643886c2987b3b721899d250855718d6d9ce41b521252a17985f4d"},
-    {file = "cryptography-44.0.0-cp37-abi3-win_amd64.whl", hash = "sha256:abc998e0c0eee3c8a1904221d3f67dcfa76422b23620173e28c11d3e626c21bd"},
+    {file = "cryptography-43.0.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:ac119bb76b9faa00f48128b7f5679e1d8d437365c5d26f1c2c3f0da4ce1b553d"},
-    {file = "cryptography-44.0.0-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:660cb7312a08bc38be15b696462fa7cc7cd85c3ed9c576e81f4dc4d8b2b31591"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1bbcce1a551e262dfbafb6e6252f1ae36a248e615ca44ba302df077a846a8806"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1923cb251c04be85eec9fda837661c67c1049063305d6be5721643c22dd4e2b7"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58d4e9129985185a06d849aa6df265bdd5a74ca6e1b736a77959b498e0505b85"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:404fdc66ee5f83a1388be54300ae978b2efd538018de18556dde92575e05defc"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:d03a475165f3134f773d1388aeb19c2d25ba88b6a9733c5c590b9ff7bbfa2e0c"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:c5eb858beed7835e5ad1faba59e865109f3e52b3783b9ac21e7e47dc5554e289"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:511f4273808ab590912a93ddb4e3914dfd8a388fed883361b02dea3791f292e1"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f53c2c87e0fb4b0c00fa9571082a057e37690a8f12233306161c8f4b819960b7"},
+    {file = "cryptography-43.0.1-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:80eda8b3e173f0f247f711eef62be51b599b5d425c429b5d4ca6a05e9e856baa"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:9e6fc8a08e116fb7c7dd1f040074c9d7b51d74a8ea40d4df2fc7aa08b76b9e6c"},
+    {file = "cryptography-43.0.1-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:38926c50cff6f533f8a2dae3d7f19541432610d114a70808f0926d5aaa7121e4"},
-    {file = "cryptography-44.0.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:d2436114e46b36d00f8b72ff57e598978b37399d2786fd39793c36c6d5cb1c64"},
+    {file = "cryptography-43.0.1-cp39-abi3-win32.whl", hash = "sha256:a575913fb06e05e6b4b814d7f7468c2c660e8bb16d8d5a1faf9b33ccc569dd47"},
-    {file = "cryptography-44.0.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a01956ddfa0a6790d594f5b34fc1bfa6098aca434696a03cfdbe469b8ed79285"},
+    {file = "cryptography-43.0.1-cp39-abi3-win_amd64.whl", hash = "sha256:d75601ad10b059ec832e78823b348bfa1a59f6b8d545db3a24fd44362a1564cb"},
-    {file = "cryptography-44.0.0-cp39-abi3-win32.whl", hash = "sha256:eca27345e1214d1b9f9490d200f9db5a874479be914199194e746c893788d417"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:ea25acb556320250756e53f9e20a4177515f012c9eaea17eb7587a8c4d8ae034"},
-    {file = "cryptography-44.0.0-cp39-abi3-win_amd64.whl", hash = "sha256:708ee5f1bafe76d041b53a4f95eb28cdeb8d18da17e597d46d7833ee59b97ede"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:c1332724be35d23a854994ff0b66530119500b6053d0bd3363265f7e5e77288d"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:37d76e6863da3774cd9db5b409a9ecfd2c71c981c38788d3fcfaf177f447b731"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:fba1007b3ef89946dbbb515aeeb41e30203b004f0b4b00e5e16078b518563289"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:f677e1268c4e23420c3acade68fac427fffcb8d19d7df95ed7ad17cdef8404f4"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:5b43d1ea6b378b54a1dc99dd8a2b5be47658fe9a7ce0a58ff0b55f4b43ef2b84"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:f5e7cb1e5e56ca0933b4873c0220a78b773b24d40d186b6738080b73d3d0a756"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:88cce104c36870d70c49c7c8fd22885875d950d9ee6ab54df2745f83ba0dc365"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:8b3e6eae66cf54701ee7d9c83c30ac0a1e3fa17be486033000f2a73a12ab507c"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:9d3cdb25fa98afdd3d0892d132b8d7139e2c087da1712041f6b762e4f807cc96"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:be4ce505894d15d5c5037167ffb7f0ae90b7be6f2a98f9a5c3442395501c32fa"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:e710bf40870f4db63c3d7d929aa9e09e4e7ee219e703f949ec4073b4294f6172"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:62901fb618f74d7d81bf408c8719e9ec14d863086efe4185afd07c352aee1d2c"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:7c05650fe8023c5ed0d46793d4b7d7e6cd9c04e68eabe5b0aeea836e37bdcec2"},
-    {file = "cryptography-44.0.0.tar.gz", hash = "sha256:cd4e834f340b4293430701e772ec543b0fbe6c2dea510a5286fe0acabe153a02"},
+    {file = "cryptography-43.0.1.tar.gz", hash = "sha256:203e92a75716d8cfb491dc47c79e17d0d9207ccffcbcb35f598fbe463ae3444d"},
 ]
 
 [package.dependencies]
 cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""}
 
 [package.extras]
-docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=3.0.0)"]
+docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"]
-docstest = ["pyenchant (>=3)", "readme-renderer (>=30.0)", "sphinxcontrib-spelling (>=7.3.1)"]
+docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"]
-nox = ["nox (>=2024.4.15)", "nox[uv] (>=2024.3.2)"]
+nox = ["nox"]
-pep8test = ["check-sdist", "click (>=8.0.1)", "mypy (>=1.4)", "ruff (>=0.3.6)"]
+pep8test = ["check-sdist", "click", "mypy", "ruff"]
-sdist = ["build (>=1.0.0)"]
+sdist = ["build"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi (>=2024)", "cryptography-vectors (==44.0.0)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
+test = ["certifi", "cryptography-vectors (==43.0.1)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"]
 test-randomorder = ["pytest-randomly"]
 
 [[package]]
@@ -216,13 +216,13 @@ dev = ["flake8", "pytest"]
 
 [[package]]
 name = "jinja2"
-version = "3.1.5"
+version = "3.1.4"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
+    {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
-    {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
+    {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
 ]
 
 [package.dependencies]
@@ -233,72 +233,72 @@ i18n = ["Babel (>=2.7)"]
 
 [[package]]
 name = "markupsafe"
-version = "3.0.2"
+version = "3.0.1"
 description = "Safely add untrusted strings to HTML/XML markup."
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:db842712984e91707437461930e6011e60b39136c7331e971952bb30465bc1a1"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3ffb4a8e7d46ed96ae48805746755fadd0909fea2306f93d5d8233ba23dda12a"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:67c519635a4f64e495c50e3107d9b4075aec33634272b5db1cde839e07367589"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:48488d999ed50ba8d38c581d67e496f955821dc183883550a6fbc7f1aefdc170"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f31ae06f1328595d762c9a2bf29dafd8621c7d3adc130cbb46278079758779ca"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:80fcbf3add8790caddfab6764bde258b5d09aefbe9169c183f88a7410f0f6dea"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:3341c043c37d78cc5ae6e3e305e988532b072329639007fd408a476642a89fd6"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:cb53e2a99df28eee3b5f4fea166020d3ef9116fdc5764bc5117486e6d1211b25"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-win32.whl", hash = "sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-win32.whl", hash = "sha256:db15ce28e1e127a0013dfb8ac243a8e392db8c61eae113337536edb28bdc1f97"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:4ffaaac913c3f7345579db4f33b0020db693f302ca5137f106060316761beea9"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:26627785a54a947f6d7336ce5963569b5d75614619e75193bdb4e06e21d447ad"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b954093679d5750495725ea6f88409946d69cfb25ea7b4c846eef5044194f583"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:973a371a55ce9ed333a3a0f8e0bcfae9e0d637711534bcb11e130af2ab9334e7"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:244dbe463d5fb6d7ce161301a03a6fe744dac9072328ba9fc82289238582697b"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d98e66a24497637dd31ccab090b34392dddb1f2f811c4b4cd80c230205c074a3"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ad91738f14eb8da0ff82f2acd0098b6257621410dcbd4df20aaa5b4233d75a50"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:7044312a928a66a4c2a22644147bc61a199c1709712069a344a3fb5cfcf16915"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:a4792d3b3a6dfafefdf8e937f14906a51bd27025a36f4b188728a73382231d91"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-win32.whl", hash = "sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-win32.whl", hash = "sha256:fa7d686ed9883f3d664d39d5a8e74d3c5f63e603c2e3ff0abcba23eac6542635"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:9ba25a71ebf05b9bb0e2ae99f8bc08a07ee8e98c612175087112656ca0f5c8bf"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:8ae369e84466aa70f3154ee23c1451fda10a8ee1b63923ce76667e3077f2b0c4"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40f1e10d51c92859765522cbd79c5c8989f40f0419614bcdc5015e7b6bf97fc5"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5a4cb365cb49b750bdb60b846b0c0bc49ed62e59a76635095a179d440540c346"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ee3941769bd2522fe39222206f6dd97ae83c442a94c90f2b7a25d847d40f4729"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:62fada2c942702ef8952754abfc1a9f7658a4d5460fabe95ac7ec2cbe0d02abc"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:4c2d64fdba74ad16138300815cfdc6ab2f4647e23ced81f59e940d7d4a1469d9"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:fb532dd9900381d2e8f48172ddc5a59db4c445a11b9fab40b3b786da40d3b56b"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:0f84af7e813784feb4d5e4ff7db633aba6c8ca64a833f61d8e4eade234ef0c38"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-win32.whl", hash = "sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-win32.whl", hash = "sha256:cbf445eb5628981a80f54087f9acdbf84f9b7d862756110d172993b9a5ae81aa"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:a10860e00ded1dd0a65b83e717af28845bb7bd16d8ace40fe5531491de76b79f"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:e81c52638315ff4ac1b533d427f50bc0afc746deb949210bc85f05d4f15fd772"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:312387403cd40699ab91d50735ea7a507b788091c416dd007eac54434aee51da"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2ae99f31f47d849758a687102afdd05bd3d3ff7dbab0a8f1587981b58a76152a"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c97ff7fedf56d86bae92fa0a646ce1a0ec7509a7578e1ed238731ba13aabcd1c"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a7420ceda262dbb4b8d839a4ec63d61c261e4e77677ed7c66c99f4e7cb5030dd"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:45d42d132cff577c92bfba536aefcfea7e26efb975bd455db4e6602f5c9f45e7"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:4c8817557d0de9349109acb38b9dd570b03cc5014e8aabf1cbddc6e81005becd"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:6a54c43d3ec4cf2a39f4387ad044221c66a376e58c0d0e971d47c475ba79c6b5"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-win32.whl", hash = "sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-win32.whl", hash = "sha256:c91b394f7601438ff79a4b93d16be92f216adb57d813a78be4446fe0f6bc2d8c"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-win_amd64.whl", hash = "sha256:fe32482b37b4b00c7a52a07211b479653b7fe4f22b2e481b9a9b099d8a430f2f"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:17b2aea42a7280db02ac644db1d634ad47dcc96faf38ab304fe26ba2680d359a"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:852dc840f6d7c985603e60b5deaae1d89c56cb038b577f6b5b8c808c97580f1d"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0778de17cff1acaeccc3ff30cd99a3fd5c50fc58ad3d6c0e0c4c58092b859396"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:800100d45176652ded796134277ecb13640c1a537cad3b8b53da45aa96330453"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d06b24c686a34c86c8c1fba923181eae6b10565e4d80bdd7bc1c8e2f11247aa4"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:33d1c36b90e570ba7785dacd1faaf091203d9942bc036118fab8110a401eb1a8"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:beeebf760a9c1f4c07ef6a53465e8cfa776ea6a2021eda0d0417ec41043fe984"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:bbde71a705f8e9e4c3e9e33db69341d040c827c7afa6789b14c6e16776074f5a"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-win32.whl", hash = "sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-win32.whl", hash = "sha256:82b5dba6eb1bcc29cc305a18a3c5365d2af06ee71b123216416f7e20d2a84e5b"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-win_amd64.whl", hash = "sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-win_amd64.whl", hash = "sha256:730d86af59e0e43ce277bb83970530dd223bf7f2a838e086b50affa6ec5f9295"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:eaa0a10b7f72326f1372a713e73c3f739b524b3af41feb43e4921cb529f5929a"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:4935dd7883f1d50e2ffecca0aa33dc1946a94c8f3fdafb8df5c330e48f71b132"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:48032821bbdf20f5799ff537c7ac3d1fba0ba032cfc06194faffa8cda8b560ff"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e9393357f19954248b00bed7c56f29a25c930593a77630c719653d51e7669c2a"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1a9d3f5f0901fdec14d8d2f66ef7d035f2157240a433441719ac9a3fba440b13"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:40621d60d0e58aa573b68ac5e2d6b20d44392878e0bfc159012a5787c4e35bc8"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:88b49a3b9ff31e19998750c38e030fc7bb937398b1f78cfa599aaef92d693144"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f94190df587738280d544971500b9cafc9b950d32efcb1fba9ac10d84e6aa4e6"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cfad01eed2c2e0c01fd0ecd2ef42c492f7f93902e39a42fc9ee1692961443a29"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b6a387d61fe41cdf7ea95b38e9af11cfb1a63499af2759444b99185c4ab33f5b"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:1225beacc926f536dc82e45f8a4d68502949dc67eea90eab715dea3a21c1b5f0"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:8ad4ad1429cd4f315f32ef263c1342166695fad76c100c5d979c45d5570ed58b"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:3169b1eefae027567d1ce6ee7cae382c57fe26e82775f460f0b2778beaad66c0"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:e24bfe89c6ac4c31792793ad9f861b8f6dc4546ac6dc8f1c9083c7c4f2b335cd"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:eb7972a85c54febfb25b5c4b4f3af4dcc731994c7da0d8a0b4a6eb0640e1d178"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:2a4b34a8d14649315c4bc26bbfa352663eb51d146e35eef231dd739d54a5430a"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-win32.whl", hash = "sha256:8c4e8c3ce11e1f92f6536ff07154f9d49677ebaaafc32db9db4620bc11ed480f"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-win32.whl", hash = "sha256:242d6860f1fd9191aef5fae22b51c5c19767f93fb9ead4d21924e0bcb17619d8"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-win_amd64.whl", hash = "sha256:6e296a513ca3d94054c2c881cc913116e90fd030ad1c656b3869762b754f5f8a"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:93e8248d650e7e9d49e8251f883eed60ecbc0e8ffd6349e18550925e31bd029b"},
-    {file = "markupsafe-3.0.2.tar.gz", hash = "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0"},
+    {file = "markupsafe-3.0.1.tar.gz", hash = "sha256:3e683ee4f5d0fa2dde4db77ed8dd8a876686e3fc417655c2ece9a90576905344"},
 ]
 
 [[package]]
@@ -317,13 +317,13 @@ nicer-shell = ["ipython"]
 
 [[package]]
 name = "packaging"
-version = "24.2"
+version = "24.1"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "packaging-24.2-py3-none-any.whl", hash = "sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"},
+    {file = "packaging-24.1-py3-none-any.whl", hash = "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"},
-    {file = "packaging-24.2.tar.gz", hash = "sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"},
+    {file = "packaging-24.1.tar.gz", hash = "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002"},
 ]
 
 [[package]]
@@ -418,25 +418,25 @@ test = ["commentjson", "packaging", "pytest"]
 
 [[package]]
 name = "setuptools"
-version = "75.7.0"
+version = "75.1.0"
 description = "Easily download, build, install, upgrade, and uninstall Python packages"
 optional = false
-python-versions = ">=3.9"
+python-versions = ">=3.8"
 files = [
-    {file = "setuptools-75.7.0-py3-none-any.whl", hash = "sha256:84fb203f278ebcf5cd08f97d3fb96d3fbed4b629d500b29ad60d11e00769b183"},
+    {file = "setuptools-75.1.0-py3-none-any.whl", hash = "sha256:35ab7fd3bcd95e6b7fd704e4a1539513edad446c097797f2985e0e4b960772f2"},
-    {file = "setuptools-75.7.0.tar.gz", hash = "sha256:886ff7b16cd342f1d1defc16fc98c9ce3fde69e087a4e1983d7ab634e5f41f4f"},
+    {file = "setuptools-75.1.0.tar.gz", hash = "sha256:d59a21b17a275fb872a9c3dae73963160ae079f1049ed956880cd7c09b120538"},
 ]
 
 [package.extras]
-check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.8.0)"]
+check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.5.2)"]
-core = ["importlib_metadata (>=6)", "jaraco.collections", "jaraco.functools (>=4)", "jaraco.text (>=3.7)", "more_itertools", "more_itertools (>=8.8)", "packaging", "packaging (>=24.2)", "platformdirs (>=4.2.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
+core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.collections", "jaraco.functools", "jaraco.text (>=3.7)", "more-itertools", "more-itertools (>=8.8)", "packaging", "packaging (>=24)", "platformdirs (>=2.6.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
 cover = ["pytest-cov"]
 doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
 enabler = ["pytest-enabler (>=2.2)"]
-test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.7.2)", "jaraco.test (>=5.5)", "packaging (>=24.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
+test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
-type = ["importlib_metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (==1.14.*)", "pytest-mypy"]
+type = ["importlib-metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (==1.11.*)", "pytest-mypy"]
 
 [metadata]
 lock-version = "2.0"
-python-versions = "^3.11"
+python-versions = "^3.10"
-content-hash = "7c5b28e1b7fc5cf1c55fedf89a01f26e9246b9d1baa1441d51a8693697b6767a"
+content-hash = "334448cb0c7d192f0e10987a995ecefca5e136733cce4dd15dcc2238f1c371c8"

pyproject.toml

@@ -6,8 +6,8 @@ authors = ["Iurii Tatishchev <itatishch@gmail.com>"]
 readme = "README.md"
 
 [tool.poetry.dependencies]
-python = "^3.11"
+python = "^3.10"
-ansible = "^11.1.0"
+ansible = "^10.1.0"
 ansible-vault = "^2.1.0"
 netaddr = "^1.3.0"
 

roles/alpina/tasks/deploy_compose_stack.yml

@@ -11,7 +11,7 @@
     path: "{{ current_stack_dest }}/{{ item.path }}"
     state: directory
     mode: "755"
-  loop: "{{ query('community.general.filetree', current_stack_source) }}"
+  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
   when: item.state == "directory"
 
 - name: Generate {{ current_stack_name }} deployment from templates
@@ -19,7 +19,7 @@
     src: "{{ item.src }}"
     dest: "{{ current_stack_dest }}/{{ item.path | regex_replace('\\.j2$', '') }}"
     mode: "644"
-  loop: "{{ query('community.general.filetree', current_stack_source) }}"
+  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
   when: item.state == "file" and item.path | regex_search('\\.j2$')
 
 - name: Generate {{ current_stack_name }} deployment from static files
@@ -27,7 +27,7 @@
     src: "{{ item.src }}"
     dest: "{{ current_stack_dest }}/{{ item.path }}"
     mode: "644"
-  loop: "{{ query('community.general.filetree', current_stack_source) }}"
+  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
   when: item.state == "file" and not item.path | regex_search('\\.j2$')
 
 - name: Deploy docker-compose for {{ current_stack_name }}

roles/alpina/tasks/main.yml

@@ -28,11 +28,8 @@
     collection: apps
     stacks:
       - gitea
-      - woodpecker
       - nextcloud
       - jellyfin
       - arrstack
       - vpgen
-      - pgrok
-      - obsidian-livesync
   import_tasks: deploy_collection.yml

roles/alpina/templates/apps/arrstack/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(249) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   gluetun:
@@ -9,13 +11,14 @@ services:
     container_name: gluetun
     cap_add:
       - NET_ADMIN
-    devices:
-      - /dev/net/tun:/dev/net/tun
     sysctls:
       - net.ipv6.conf.all.disable_ipv6=0
     env_file:
       - .env.gluetun
     restart: unless-stopped
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/gluetun:/gluetun
 
@@ -46,6 +49,9 @@ services:
     restart: unless-stopped
     depends_on:
       - qbittorrent
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/config/prowlarr:/config
 
@@ -57,6 +63,9 @@ services:
     restart: unless-stopped
     depends_on:
       - qbittorrent
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/config/sonarr:/config
       - {{ base_volume_path }}/arrstack/downloads:/downloads
@@ -70,6 +79,9 @@ services:
     restart: unless-stopped
     depends_on:
       - qbittorrent
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/config/radarr:/config
       - {{ base_volume_path }}/arrstack/downloads:/downloads

roles/alpina/templates/apps/gitea/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(199) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   server:
@@ -12,6 +14,9 @@ services:
     restart: unless-stopped
     env_file:
       - .env.gitea
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/gitea/gitea:/data
     depends_on:
@@ -22,5 +27,7 @@ services:
     restart: unless-stopped
     env_file:
       - .env.db
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/gitea/postgres:/var/lib/postgresql/data

roles/alpina/templates/apps/jellyfin/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(197) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   jellyfin:
@@ -12,6 +14,9 @@ services:
     restart: unless-stopped
     env_file:
       - .env.jellyfin
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/jellyfin/config:/config
       - {{ base_volume_path }}/jellyfin/cache:/cache

roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2

@@ -2,6 +2,9 @@
 
 networks:
   {{ helpers.default_network(198) | indent(2) }}
+  traefik_traefik:
+    external: true
+
 
 services:
   app:
@@ -15,6 +18,8 @@ services:
       - redis
     env_file:
       - .env.nextcloud
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
       - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
@@ -27,6 +32,8 @@ services:
     depends_on:
       - app
     entrypoint: /cron.sh
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
       - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
@@ -35,8 +42,16 @@ services:
   notify_push:
     image: nextcloud:${NEXTCLOUD_VERSION}
     container_name: nextcloud_notify_push
+    {# TODO: Refactor this and minio -#}
     labels:
-      - {{ helpers.traefik_labels('nc', port='7867', path_prefix='/push') | indent(6) }}
+      - traefik.enable=true
+      - traefik.http.routers.nc-notify.rule=Host(`nc.{{ domain }}`) && PathPrefix(`/push`)
+      - traefik.http.routers.nc-notify.entrypoints=websecure
+      - traefik.http.routers.nc-notify.tls=true
+      - traefik.http.routers.nc-notify.tls.certresolver=letsencrypt
+      - traefik.http.routers.nc-notify.tls.domains.0.main={{ domain }}
+      - traefik.http.routers.nc-notify.tls.domains.0.sans=*.{{ domain }}
+      - traefik.http.services.nc-notify.loadbalancer.server.port=7867
     restart: unless-stopped
     user: www-data
     env_file:
@@ -53,6 +68,8 @@ services:
     restart: unless-stopped
     env_file:
       - .env.db
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/nextcloud/db:/var/lib/postgresql/data
 
@@ -62,6 +79,8 @@ services:
     restart: unless-stopped
     env_file:
       - .env.redis
+    networks:
+      - default
     command:
       - sh
       - -c

roles/alpina/templates/apps/obsidian-livesync/compose.yml.j2

@@ -1,30 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(199) | indent(2) }}
-
-services:
-  couchdb:
-    image: couchdb
-    container_name: obsidian-livesync
-    # user: 1000:1000
-    environment:
-      - COUCHDB_USER=hi
-      - COUCHDB_PASSWORD=3hCtyJ3bPFjxxGu4
-    volumes:
-      - {{ base_volume_path }}/obsidian-livesync:/opt/couchdb/data
-    # Ports not needed when already passed to Traefik
-    #ports:
-    #  - 5984:5984
-    restart: unless-stopped
-    labels:
-      - {{ helpers.traefik_labels('obsidian-livesync', port='5984') | indent(6) }}
-      - traefik.http.routers.r-obsidian-livesync.middlewares=obsidiancors
-      - # https://github.com/vrtmrz/obsidian-livesync/blob/main/docs/setup_own_server.md
-      # The part needed for CORS to work on Traefik 2.x starts here
-      - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowmethods=GET,PUT,POST,HEAD,DELETE"
-      - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowheaders=accept,authorization,content-type,origin,referer"
-      - "traefik.http.middlewares.obsidiancors.headers.accesscontrolalloworiginlist=app://obsidian.md,capacitor://localhost,http://localhost"
-      - "traefik.http.middlewares.obsidiancors.headers.accesscontrolmaxage=3600"
-      - "traefik.http.middlewares.obsidiancors.headers.addvaryheader=true"
-      - "traefik.http.middlewares.obsidiancors.headers.accessControlAllowCredentials=true"

roles/alpina/templates/apps/pgrok/compose.yml.j2

@@ -1,31 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(194) | indent(2) }}
-
-#  https://github.com/pgrok/pgrok/blob/main/docs/admin/docker.md#docker-compose
-services:
-  server:
-    image: ghcr.io/pgrok/pgrokd:latest
-    container_name: pgrok_server
-    labels:
-      - {{ helpers.traefik_labels('pgrok', port='3320') | indent(6) }}
-      - {{ helpers.traefik_labels('pgrok', port='3000', wildcard=true) | indent(6) }}
-    restart: unless-stopped
-    volumes:
-      - ./pgrokd.yml:/var/opt/pgrokd/pgrokd.yml
-    ports:
-      - "2222:2222"
-    depends_on:
-      - db
-
-  db:
-    image: postgres:17-alpine
-    container_name: pgrok_db
-    restart: unless-stopped
-    volumes:
-      - {{ base_volume_path }}/pgrok/postgres:/var/lib/postgresql/data
-    environment:
-      POSTGRES_DB: pgrok
-      POSTGRES_USER: pgrok
-      POSTGRES_PASSWORD: "{{ pgrok_db_password }}"

roles/alpina/templates/apps/pgrok/pgrokd.yml.j2

@@ -1,29 +0,0 @@
-external_url: "https://pgrok.{{ domain }}"
-web:
-  port: 3320
-proxy:
-  port: 3000
-  scheme: https
-  domain: "pgrok.{{ domain }}"
-sshd:
-  port: 2222
-
-database:
-  host: db
-  port: 5432
-  user: pgrok
-  password: "{{ pgrok_db_password }}"
-  database: pgrok
-
-identity_provider:
-  type: oidc
-  display_name: Authentik
-  issuer: "https://auth.{{ domain }}/application/o/pgrok/"
-  client_id: "pgrok"
-  client_secret: "{{ auth_pgrok_client_secret }}"
-  field_mapping:
-    identifier: "preferred_username"
-    display_name: "name"
-    email: "email"
-# # The required domain name, "field_mapping.email" is required to set for this to work.
-  #  required_domain: "example.com"

roles/alpina/templates/apps/vpgen/.env.vpgen.j2

@@ -1,8 +1,9 @@
 DATABASE_URL=file:/data/vpgen.db
 
 AUTH_DOMAIN=auth.{{ domain }}
-AUTH_CLIENT_ID=vpgen
+AUTH_CLIENT_ID={{ auth_vpgen_client_id }}
 AUTH_CLIENT_SECRET={{ auth_vpgen_client_secret }}
+AUTH_REDIRECT_URL=https://vpgen.{{ domain }}/auth/authentik/callback
 
 OPNSENSE_API_URL={{ vpgen_opnsense_api_url }}
 OPNSENSE_API_KEY={{ vpgen_opnsense_api_key }}

roles/alpina/templates/apps/woodpecker/compose.yml.j2

@@ -1,35 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(195) | indent(2) }}
-
-services:
-  woodpecker-server:
-    image: woodpeckerci/woodpecker-server:latest
-    container_name: woodpecker_server
-    labels:
-      - {{ helpers.traefik_labels('woodpecker', port='8000') | indent(6) }}
-    restart: unless-stopped
-    volumes:
-      - {{ base_volume_path }}/woodpecker/data:/var/lib/woodpecker
-    environment:
-      - WOODPECKER_OPEN=true
-      - WOODPECKER_HOST=https://woodpecker.{{ domain }}
-      - WOODPECKER_GITEA=true
-      - WOODPECKER_GITEA_URL=https://gitea.{{ domain }}
-      - WOODPECKER_GITEA_CLIENT={{ woodpecker_gitea_client_id }}
-      - WOODPECKER_GITEA_SECRET={{ woodpecker_gitea_client_secret }}
-      - WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}
-
-  woodpecker-agent:
-    image: woodpeckerci/woodpecker-agent:latest
-    container_name: woodpecker_agent
-    restart: unless-stopped
-    depends_on:
-      - woodpecker-server
-    volumes:
-      - {{ base_volume_path }}/woodpecker/agent_config:/etc/woodpecker
-      - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      - WOODPECKER_SERVER=woodpecker-server:9000
-      - WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}

roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2

@@ -1,225 +0,0 @@
-version: 1
-metadata:
-  labels:
-    blueprints.goauthentik.io/instantiate: "true"
-  name: Alpina - Enrollment by Invitation (Internal)
-entries:
-  # Flow for internal enrollment by invitation
-  - identifiers:
-      slug: enrollment-internal-invitation-flow
-    model: authentik_flows.flow
-    id: flow
-    attrs:
-      name: Alpina Enrollment Flow
-      title: Sign Up
-      designation: enrollment
-      authentication: require_unauthenticated
-
-  # Prompt fields
-  - identifiers:
-      name: alpina-enrollment-field-name
-    model: authentik_stages_prompt.prompt
-    id: prompt-field-name
-    attrs:
-      field_key: name
-      label: Name
-      type: text
-      required: true
-      placeholder: Name
-      placeholder_expression: false
-      order: 0
-  - identifiers:
-      name: alpina-enrollment-field-password
-    model: authentik_stages_prompt.prompt
-    id: prompt-field-password
-    attrs:
-      field_key: password
-      label: Password
-      type: password
-      required: true
-      placeholder: Password
-      placeholder_expression: false
-      order: 1
-  - identifiers:
-      name: alpina-enrollment-field-password-repeat
-    model: authentik_stages_prompt.prompt
-    id: prompt-field-password-repeat
-    attrs:
-      field_key: password_repeat
-      label: Password (repeat)
-      type: password
-      required: true
-      placeholder: Password (repeat)
-      placeholder_expression: false
-      order: 2
-
-  # Flow stages
-  - identifiers:
-      name: alpina-enrollment-invitation
-    model: authentik_stages_invitation.invitationstage
-    id: enrollment-invitation
-  - identifiers:
-      name: alpina-enrollment-identification-oauth
-    model: authentik_stages_identification.identificationstage
-    id: enrollment-identification-oauth
-    attrs:
-      user_fields:
-        - email
-      pretend_user_exists: true
-      show_matched_user: false
-      sources:
-        - !Find [authentik_sources_oauth.oauthsource, [slug, github-enrollment]]
-        - !Find [authentik_sources_oauth.oauthsource, [slug, google-enrollment]]
-  - identifiers:
-      name: alpina-enrollment-deny-existing-email
-    model: authentik_stages_deny.denystage
-    id: enrollment-deny-existing-email
-    attrs:
-      deny_message: "An account with this email already exists"
-  - identifiers:
-      name: alpina-enrollment-prompt-name-password
-    model: authentik_stages_prompt.promptstage
-    id: enrollment-prompt-name-password
-    attrs:
-      fields:
-        - !KeyOf prompt-field-name
-        - !KeyOf prompt-field-password
-        - !KeyOf prompt-field-password-repeat
-      validation_policies:
-        - !Find [authentik_policies_password.passwordpolicy, [name, default-password-change-password-policy]]
-  - identifiers:
-      name: alpina-enrollment-user-write
-    model: authentik_stages_user_write.userwritestage
-    id: enrollment-user-write
-    attrs:
-      user_type: internal
-      create_users_group: !Find [authentik_core.group, [name, {{ auth_default_enrollment_group }}]]
-  - identifiers:
-      name: alpina-enrollment-email-verify
-    model: authentik_stages_email.emailstage
-    id: enrollment-email-verify
-    attrs:
-      use_global_settings: true
-      template: email/account_confirmation.html
-      activate_user_on_success: true
-  - identifiers:
-      name: alpina-enrollment-user-login
-    model: authentik_stages_user_login.userloginstage
-    id: enrollment-user-login
-
-  # Policies
-  - identifiers:
-      name: alpina-enrollment-invited-used-policy
-    model: authentik_policies_event_matcher.eventmatcherpolicy
-    id: enrollment-invited-used-policy
-    attrs:
-      action: invitation_used
-  - identifiers:
-      name: alpina-enrollment-unique-email-policy
-    model: authentik_policies_expression.expressionpolicy
-    id: enrollment-unique-email-policy
-    attrs:
-      expression: |
-        # https://docs.goauthentik.io/docs/customize/policies/expression/unique_email
-        from authentik.core.models import User
-        email = request.context["flow_plan"].context["pending_user"].email
-
-        if User.objects.filter(email=email).exists():
-          ak_message("Email address in use")
-          return False
-
-        if request.context["flow_plan"].context.get("prompt_data") is None:
-          request.context["flow_plan"].context["prompt_data"] = {}
-
-        request.context["flow_plan"].context["prompt_data"]["email"] = email
-        request.context["flow_plan"].context["prompt_data"]["username"] = email
-        return True
-
-  - identifiers:
-      name: alpina-enrollment-user-write-add-groups-policy
-    model: authentik_policies_expression.expressionpolicy
-    id: enrollment-user-write-add-groups-policy
-    attrs:
-        expression: |
-          # https://docs.goauthentik.io/docs/add-secure-apps/flows-stages/stages/user_write
-          from authentik.core.models import Group
-          ak_logger.info("Adding groups", request=request, prompt_data=request.context["prompt_data"], invitation=request.context.get("invitation"))
-
-          requested_groups = request.context["prompt_data"].get("alpina_add_groups")
-          if requested_groups is None:
-            return True
-
-          groups = []
-          for group_name in requested_groups:
-            group, _ = Group.objects.get_or_create(name=group_name)
-            groups.append(group)
-
-          # ["groups"] *must* be set to an array of Group objects, names alone are not enough.
-          request.context["flow_plan"].context["groups"] = groups
-          return True
-
-  # Flow stage bindings
-  - identifiers:
-      target: !KeyOf flow
-      stage: !KeyOf enrollment-invitation
-      order: 0
-    model: authentik_flows.flowstagebinding
-    id: enrollment-invitation-binding
-  - identifiers:
-      target: !KeyOf flow
-      stage: !KeyOf enrollment-identification-oauth
-      order: 1
-    model: authentik_flows.flowstagebinding
-  - identifiers:
-      target: !KeyOf flow
-      stage: !KeyOf enrollment-deny-existing-email
-      order: 2
-    model: authentik_flows.flowstagebinding
-    id: enrollment-deny-existing-email-binding
-  - identifiers:
-      target: !KeyOf flow
-      stage: !KeyOf enrollment-prompt-name-password
-      order: 10
-    model: authentik_flows.flowstagebinding
-  - identifiers:
-      target: !KeyOf flow
-      stage: !KeyOf enrollment-user-write
-      order: 20
-    model: authentik_flows.flowstagebinding
-    id: enrollment-user-write-binding
-  - identifiers:
-      target: !KeyOf flow
-      stage: !KeyOf enrollment-email-verify
-      order: 30
-    model: authentik_flows.flowstagebinding
-  - identifiers:
-      target: !KeyOf flow
-      stage: !KeyOf enrollment-user-login
-      order: 100
-    model: authentik_flows.flowstagebinding
-
-  # Stage policy bindings
-  # Log used invitations
-  - identifiers:
-      target: !KeyOf enrollment-invitation-binding
-      policy: !KeyOf enrollment-invited-used-policy
-      order: 0
-    model: authentik_policies.policybinding
-    attrs:
-      negate: true
-  # Deny existing email addresses
-  - identifiers:
-      target: !KeyOf enrollment-deny-existing-email-binding
-      policy: !KeyOf enrollment-unique-email-policy
-      order: 0
-    model: authentik_policies.policybinding
-    attrs:
-      negate: true
-  # Add groups to user from invitation "alpina_add_groups" field
-  # This only work for email sign up, as the invitation flow context isn't
-  # preserved for the default-source-enrollment flow
-  - identifiers:
-      target: !KeyOf enrollment-user-write-binding
-      policy: !KeyOf enrollment-user-write-add-groups-policy
-      order: 0
-    model: authentik_policies.policybinding

roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2

@@ -1,79 +0,0 @@
-version: 1
-metadata:
-  labels:
-    blueprints.goauthentik.io/instantiate: "true"
-  name: Alpina - External OAuth
-entries:
-  {% set sources = {
-    "GitHub": {
-      "provider_type": "github",
-      "consumer_key": github_consumer_key,
-      "consumer_secret": github_consumer_secret,
-    },
-    "Google": {
-      "provider_type": "google",
-      "consumer_key": google_consumer_key,
-      "consumer_secret": google_consumer_secret,
-    },
-  } -%}
-  {% for source in sources.keys() -%}
-  - identifiers:
-      slug: {{ source | lower }}-auth
-    model: authentik_sources_oauth.oauthsource
-    attrs:
-      provider_type: {{ sources[source]["provider_type"] }}
-      name: {{ source }} (Auth Only)
-      consumer_key: {{ sources[source]["consumer_key"] }}
-      consumer_secret: {{ sources[source]["consumer_secret"] }}
-      user_matching_mode: email_link
-      user_path_template: goauthentik.io/sources/%(slug)s
-      authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
-  - identifiers:
-      slug: {{ source | lower }}-enrollment
-    model: authentik_sources_oauth.oauthsource
-    attrs:
-      provider_type: {{ sources[source]["provider_type"] }}
-      name: {{ source }} (Auth and Enrollment)
-      consumer_key: {{ sources[source]["consumer_key"] }}
-      consumer_secret: {{ sources[source]["consumer_secret"] }}
-      user_matching_mode: email_link
-      user_path_template: goauthentik.io/sources/%(slug)s
-      authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
-      enrollment_flow: !Find [authentik_flows.flow, [slug, default-source-enrollment]]
-  {% endfor %}
-
-  # Modify default source enrollment to use email as username
-  - identifiers:
-      slug: default-source-enrollment
-    model: authentik_flows.flow
-    id: source-enrollment-flow
-    attrs:
-      policy_engine_mode: all
-  - identifiers:
-      name: alpina-email-as-username-policy
-    model: authentik_policies_expression.expressionpolicy
-    id: email-as-username-policy
-    attrs:
-      expression: |
-        # https://docs.goauthentik.io/docs/users-sources/sources/social-logins/google/#username-mapping
-        email = request.context["prompt_data"].get("email")
-        # Direct set username to email
-        request.context["prompt_data"]["username"] = email
-        # Set username to email without domain
-        # request.context["prompt_data"]["username"] = email.split("@")[0]
-        return True
-  - identifiers:
-      policy: !KeyOf email-as-username-policy
-      target: !KeyOf source-enrollment-flow
-    model: authentik_policies.policybinding
-    attrs:
-      order: 0
-
-  # Modify default source enrollment to create internal users
-  # with the internal user type and the users group
-  - identifiers:
-      name: default-source-enrollment-write
-    model: authentik_stages_user_write.userwritestage
-    attrs:
-      user_type: internal
-      create_users_group: !Find [authentik_core.group, [name, {{ auth_default_enrollment_group }}]]

roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2

@@ -33,20 +33,6 @@ entries:
       "ui_group": "Apps",
       "allowed_for_groups": ["admins", "users"],
     },
-    "VPGen": {
-      "redirect_uri": "https://vpgen."~ domain ~"/auth/authentik/callback",
-      "icon": "https://vpgen."~ domain ~"/favicon.png",
-      "client_secret": auth_vpgen_client_secret,
-      "ui_group": "Apps",
-      "allowed_for_groups": ["admins", "users", "vpgen"],
-    },
-    "Pgrok": {
-      "redirect_uri": "https://pgrok."~ domain ~"/-/oidc/callback",
-      "icon": "https://pgrok."~ domain ~"/pgrok.svg",
-      "client_secret": auth_pgrok_client_secret,
-      "ui_group": "Apps",
-      "allowed_for_groups": ["admins", "users"],
-    },
   } -%}
   {% for app in apps.keys() -%}
   - identifiers:

roles/alpina/templates/services/authentik/blueprints/default-authentication.yaml.j2

@@ -48,8 +48,7 @@ entries:
       passwordless_flow: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
       sources:
         - !Find [authentik_core.source, [slug, authentik-built-in]]
-        - !Find [authentik_sources_oauth.oauthsource, [slug, github-auth]]
+        - !Find [authentik_sources_oauth.oauthsource, [slug, github]]
-        - !Find [authentik_sources_oauth.oauthsource, [slug, google-auth]]
 
     # Enable compatibility mode for the default authentication flow for better autofill support
   - identifiers:

roles/alpina/templates/services/authentik/blueprints/default-groups.yaml.j2

@@ -38,8 +38,3 @@ entries:
         return {
           "policy": policy,
         }
-
-  - identifiers:
-      name: "vpgen"
-    model: authentik_core.group
-    id: "vpgen"

roles/alpina/templates/services/authentik/blueprints/github-oauth.yaml.j2

@@ -0,0 +1,25 @@
+version: 1
+metadata:
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+  name: Alpina - GitHub OAuth
+entries:
+  - identifiers:
+      slug: github
+    model: authentik_sources_oauth.oauthsource
+    attrs:
+      name: GitHub
+      slug: github
+      access_token_url: https://github.com/login/oauth/access_token
+      additional_scopes: openid read:org
+      authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
+      authorization_url: https://github.com/login/oauth/authorize
+      consumer_key: {{ github_consumer_key }}
+      consumer_secret: {{ github_consumer_secret }}
+      enabled: true
+      enrollment_flow: !Find [authentik_flows.flow, [slug, default-source-enrollment]]
+      policy_engine_mode: any
+      profile_url: https://api.github.com/user
+      provider_type: github
+      user_matching_mode: email_link
+      user_path_template: goauthentik.io/sources/%(slug)s

roles/alpina/templates/services/authentik/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(253) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   server:
@@ -15,11 +17,13 @@ services:
     restart: unless-stopped
     # Port forward is needed because traefik can't resolve the container name from the host network
     ports:
-      - "127.0.0.1:9000:9000"
+      - "9000:9000"
-      - "[::1]:9000:9000"
     command: server
     env_file:
       - .env.authentik
+    networks:
+      - default
+      - traefik_traefik
 
   worker:
     image: ghcr.io/goauthentik/server:latest

roles/alpina/templates/services/minio/compose.yml.j2

@@ -1,19 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(252) | indent(2) }}
-
-services:
-  minio:
-    image: minio/minio:latest
-    container_name: minio
-    labels:
-      - {{ helpers.traefik_labels('minio', port='9090') | indent(6) }}
-      - {{ helpers.traefik_labels('s3', port='9000') | indent(6) }}
-      - {{ helpers.traefik_labels('s3', port='9000', wildcard=true) | indent(6) }}
-    restart: unless-stopped
-    command: server --console-address ":9090" /data
-    env_file:
-      - .env.minio
-    volumes:
-      - {{ base_volume_path }}/minio/data:/data

roles/alpina/templates/services/minio/docker-compose.yml.j2

@@ -0,0 +1,32 @@
+{% import 'contrib/compose_helpers.j2' as helpers with context %}
+
+networks:
+  {{ helpers.default_network(252) | indent(2) }}
+  traefik_traefik:
+    external: true
+
+services:
+  minio:
+    image: minio/minio:latest
+    container_name: minio
+    labels:
+      - {{ helpers.traefik_labels('minio', port='9090') | indent(6) }}
+      - traefik.http.routers.minio.service=minio
+      - traefik.http.routers.minio-tls.service=minio
+      - traefik.http.routers.minio-s3.rule=Host(`s3.{{ domain }}`) || HostRegexp(`^.+[.]s3[.]{{ domain }}`)
+      - traefik.http.routers.minio-s3.entrypoints=websecure
+      - traefik.http.routers.minio-s3.tls=true
+      - traefik.http.routers.minio-s3.tls.certresolver=letsencrypt
+      - traefik.http.routers.minio-s3.tls.domains.0.main=s3.{{ domain }}
+      - traefik.http.routers.minio-s3.tls.domains.0.sans=*.s3.{{ domain }}
+      - traefik.http.routers.minio-s3.service=minio-s3
+      - traefik.http.services.minio-s3.loadbalancer.server.port=9000
+    restart: unless-stopped
+    command: server --console-address ":9090" /data
+    env_file:
+      - .env.minio
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/minio/data:/data

roles/alpina/templates/services/monitoring/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(251) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   grafana:
@@ -15,6 +17,9 @@ services:
     restart: unless-stopped
     # Needed to make config files readable (not anymore, TODO: remove)
     user: "{{ remote_uid }}"
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/monitoring/grafana:/var/lib/grafana
       - ./grafana_config/grafana.ini:/etc/grafana/grafana.ini:ro
@@ -31,8 +36,7 @@ services:
       - -config.file=/etc/loki/loki-config.yaml
     # Port forward is needed because not possible to resolve the container name from the host network
     ports:
-      - "127.0.0.1:3100:3100"
+      - 3100:3100
-      - "[::1]:3100:3100"
     volumes:
       - {{ base_volume_path }}/monitoring/loki:/loki
       - ./loki_config:/etc/loki:ro
@@ -99,6 +103,9 @@ services:
     restart: unless-stopped
     env_file:
       - .env.influxdb
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/monitoring/influxdb:/var/lib/influxdb2
 

roles/alpina/templates/services/monitoring/grafana_config/dashboards/common.py

@@ -1,81 +1,27 @@
-from attrs import define
+from grafanalib.core import Template
-from grafanalib.core import Template, TimeSeries, Dashboard, HIDE_VARIABLE, Target
 
-CONF_SUPPORT_LOKI = True
+# TODO: consider default params for common params like line width, show points, tooltip
-CONF_SUPPORT_ZFS = True
 
-CONF_DATASOURCE_VAR_PROM = 'prom_datasource'
+PrometheusTemplate = Template(
-CONF_DATASOURCE_VAR_LOKI = 'loki_datasource'
+    name='datasource',
-
-prom_datasource = f'${{{CONF_DATASOURCE_VAR_PROM}}}'
-loki_datasource = f'${{{CONF_DATASOURCE_VAR_LOKI}}}'
-
-prom_template = Template(
-    name=CONF_DATASOURCE_VAR_PROM,
     type='datasource',
     label='Prometheus',
     query='prometheus',
-    hide=HIDE_VARIABLE,
 )
 
-loki_template = Template(
+# TODO: this slightly less (clown emoji), normal Target gave me errors in grafana
-    name=CONF_DATASOURCE_VAR_LOKI,
-    type='datasource',
-    label='Loki',
-    query='loki',
-    hide=HIDE_VARIABLE,
-)
-
-
-@define
-class MyDashboard(Dashboard):
-    """Wrapper class for Dashboard with some default values"""
-    timezone: str = 'browser'
-    sharedCrosshair: bool = True
-
-
-@define
-class MyTimeSeries(TimeSeries):
-    """Wrapper class for TimeSeries with some default values and custom fields"""
-    fillOpacity: int = 10
-    lineWidth: int = 1
-    showPoints: str = 'never'
-    tooltipMode: str = 'multi'
-    maxDataPoints: int = None
-
-    # new fields
-    axisCenteredZero: bool = False
-
-    def to_json_data(self):
-        data = super().to_json_data()
-        data['fieldConfig']['defaults']['custom']['axisCenteredZero'] = self.axisCenteredZero
-        return data
-
-
-@define
-class PromTarget(Target):
-    """Wrapper class for Target with default prometheus datasource"""
-    datasource: str = prom_datasource
-
-
-@define
 class LokiTarget(object):
-    """Custom class for Loki Target, because normal Target gave errors in grafana"""
+    def __init__(self, loki_datasource, expr, legendFormat, refId):
-    expr: str
+        self.loki_datasource = loki_datasource
-    legendFormat: str
+        self.expr = expr
-    datasource: str = loki_datasource
+        self.legendFormat = legendFormat
-    refId: str = None
+        self.refId = refId
-    queryType: str = 'range'
 
     def to_json_data(self):
         return {
-            'datasource': self.datasource,
+            'datasource': self.loki_datasource,
             'expr': self.expr,
             'legendFormat': self.legendFormat,
             'refId': self.refId,
-            'queryType': self.queryType,
+            'queryType': 'range',
         }
-
-
-def filter_none(l: list):
-    return [i for i in l if i is not None]

roles/alpina/templates/services/monitoring/grafana_config/dashboards/containers.dashboard.py

@@ -1,10 +1,16 @@
-from grafanalib.core import GridPos, Templating, Template, Logs
+from grafanalib.core import (
+    Dashboard, TimeSeries,
+    Target, GridPos,
+    Templating, Template, REFRESH_ON_TIME_RANGE_CHANGE, Logs
+)
 from grafanalib.formatunits import BYTES_IEC, SECONDS, BYTES_SEC_IEC
 
-from common import LokiTarget, prom_template, loki_template, MyTimeSeries, MyDashboard, CONF_SUPPORT_LOKI, filter_none, \
+from common import LokiTarget, PrometheusTemplate
-    prom_datasource, PromTarget
 
-dashboard = MyDashboard(
+prom_datasource='${datasource}'
+loki_datasource='loki'
+
+dashboard = Dashboard(
     title='Containers',
     uid='containers',
     description='Data for compose projects from default Prometheus datasource collected by Cadvisor',
@@ -12,9 +18,8 @@ dashboard = MyDashboard(
         'linux',
         'docker',
     ],
-    templating=Templating(list=filter_none([
+    templating=Templating(list=[
-        prom_template,
+        PrometheusTemplate,
-        loki_template if CONF_SUPPORT_LOKI else None,
         Template(
             name='compose_project',
             label='Compose Project',
@@ -22,6 +27,7 @@ dashboard = MyDashboard(
             query='label_values({__name__=~"container.*"}, container_label_com_docker_compose_project)',
             includeAll=True,
             multi=True,
+            refresh=REFRESH_ON_TIME_RANGE_CHANGE,
         ),
         Template(
             name='container_name',
@@ -30,6 +36,7 @@ dashboard = MyDashboard(
             query='label_values({__name__=~"container.*", container_label_com_docker_compose_project=~"$compose_project"}, name)',
             includeAll=True,
             multi=True,
+            refresh=REFRESH_ON_TIME_RANGE_CHANGE,
         ),
         Template(
             name='logs_query',
@@ -37,48 +44,67 @@ dashboard = MyDashboard(
             query='',
             type='textbox',
         ),
-    ])),
+    ]),
-    panels=filter_none([
+    timezone='browser',
-        MyTimeSeries(
+    panels=[
+        TimeSeries(
             title='Container Memory Usage',
             unit=BYTES_IEC,
             gridPos=GridPos(h=8, w=12, x=0, y=0),
-            tooltipSort='desc',
+            lineWidth=2,
+            fillOpacity=10,
+            showPoints='never',
             stacking={'mode': 'normal'},
+            tooltipMode='all',
+            tooltipSort='desc',
             targets=[
-                PromTarget(
+                Target(
+                    datasource=prom_datasource,
                     expr='max by (name) (container_memory_usage_bytes{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"})',
                     legendFormat='{{ name }}',
+                    refId='A',
                 ),
             ],
         ),
-        MyTimeSeries(
+        TimeSeries(
             title='Container CPU Usage',
             unit=SECONDS,
             gridPos=GridPos(h=8, w=12, x=12, y=0),
+            lineWidth=2,
+            fillOpacity=10,
+            showPoints='never',
+            tooltipMode='all',
             tooltipSort='desc',
-            stacking={'mode': 'normal'},
             targets=[
-                PromTarget(
+                Target(
-                    expr='max by (name) (irate(container_cpu_usage_seconds_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
+                    datasource=prom_datasource,
+                    expr='max by (name) (rate(container_cpu_usage_seconds_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
                     legendFormat='{{ name }}',
+                    refId='A',
                 ),
             ],
         ),
-        MyTimeSeries(
+        TimeSeries(
             title='Container Network Traffic',
             unit=BYTES_SEC_IEC,
             gridPos=GridPos(h=8, w=12, x=0, y=8),
+            lineWidth=2,
+            fillOpacity=10,
+            showPoints='never',
+            tooltipMode='all',
             tooltipSort='desc',
-            axisCenteredZero=True,
             targets=[
-                PromTarget(
+                Target(
-                    expr='max by (name) (irate(container_network_receive_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
+                    datasource=prom_datasource,
+                    expr='max by (name) (rate(container_network_receive_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
                     legendFormat="rx {{ name }}",
+                    refId='A',
                 ),
-                PromTarget(
+                Target(
-                    expr='-max by (name) (irate(container_network_transmit_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
+                    datasource=prom_datasource,
+                    expr='-max by (name) (rate(container_network_transmit_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
                     legendFormat="tx {{ name }}",
+                    refId='B',
                 ),
             ],
         ),
@@ -92,10 +118,12 @@ dashboard = MyDashboard(
             dedupStrategy='numbers',
             targets=[
                 LokiTarget(
+                    loki_datasource=loki_datasource,
                     expr='{compose_project=~"$compose_project", container_name=~"$container_name"} |= `$logs_query`',
                     legendFormat='{{ container_name }}',
+                    refId='A',
                 ),
             ],
-        ) if CONF_SUPPORT_LOKI else None,
+        ),
-    ]),
+    ],
 ).auto_panel_ids()

roles/alpina/templates/services/monitoring/grafana_config/dashboards/node.dashboard.py

@@ -1,159 +1,139 @@
-from grafanalib.core import Templating, Template, GridPos
+from grafanalib.core import Dashboard, Templating, Template, TimeSeries, PERCENT_UNIT_FORMAT, GridPos, Target
-from grafanalib.formatunits import BYTES_IEC, BITS_SEC, PERCENT_UNIT
+from grafanalib.formatunits import BYTES_IEC
 
-from common import prom_template, MyTimeSeries, MyDashboard, CONF_SUPPORT_ZFS, PromTarget, prom_datasource
+from common import PrometheusTemplate
+from node_consts import CPU_BASIC_COLORS, MEMORY_BASIC_COLORS
 
-dashboard = MyDashboard(
+dashboard = Dashboard(
     title='Node Exporter',
     uid='node',
     description='Node Exporter (not quite full)',
     tags=[
         'linux',
     ],
+    timezone='browser',
     templating=Templating(list=[
         # Datasource
-        prom_template,
+        PrometheusTemplate,
         # Job
         Template(
             name='job',
             label='Job',
-            dataSource=prom_datasource,
+            dataSource='${datasource}',
             query='label_values(node_uname_info, job)',
         ),
         # Instance
         Template(
             name='instance',
             label='Instance',
-            dataSource=prom_datasource,
+            dataSource='${datasource}',
             query='label_values(node_uname_info{job="$job"}, instance)',
         ),
     ]),
     panels=[
         # CPU Basic
-        MyTimeSeries(
+        TimeSeries(
             title='CPU Basic',
             description='Basic CPU usage info',
-            unit=PERCENT_UNIT,
+            unit=PERCENT_UNIT_FORMAT,
             gridPos=GridPos(h=8, w=12, x=0, y=0),
-            stacking={'mode': 'percent'},
+            lineWidth=1,
+            fillOpacity=30,
+            showPoints='never',
+            stacking={'mode': 'percent', 'group': 'A'},
+            tooltipMode='all',
+            tooltipSort='desc',
             targets=[
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="system"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy System',
+                    refId='A',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="user"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy User',
+                    refId='B',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="iowait"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy Iowait',
+                    refId='C',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode=~".*irq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy IRQs',
+                    refId='D',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job",  mode!="idle",mode!="user",mode!="system",mode!="iowait",mode!="irq",mode!="softirq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy Other',
+                    refId='E',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="idle"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Idle',
+                    refId='F',
                 ),
             ],
+            # Extra JSON for the colors
+            extraJson=CPU_BASIC_COLORS,
         ),
         # Memory Basic
-        MyTimeSeries(
+        TimeSeries(
             title='Memory Basic',
             description='Basic memory usage',
             unit=BYTES_IEC,
             gridPos=GridPos(h=8, w=12, x=12, y=0),
-            stacking={'mode': 'normal'},
+            lineWidth=1,
-            valueMin=0,
+            fillOpacity=30,
+            showPoints='never',
+            stacking={'mode': 'normal', 'group': 'A'},
+            tooltipMode='all',
+            tooltipSort='desc',
             targets=[
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"}',
                     format='time_series',
                     legendFormat='RAM Total',
+                    refId='A',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"} - node_memory_MemFree_bytes{instance="$instance",job="$job"} - (node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"})',
                     format='time_series',
                     legendFormat='RAM Used',
-                    hide=CONF_SUPPORT_ZFS,
+                    refId='B',
                 ),
-                PromTarget(
+                Target(
-                    expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"} - node_memory_MemFree_bytes{instance="$instance",job="$job"} - (node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"}) - node_zfs_arc_size{instance="$instance",job="$job"}',
+                    datasource='${datasource}',
-                    format='time_series',
-                    legendFormat='RAM Used',
-                    hide=not CONF_SUPPORT_ZFS,
-                ),
-                PromTarget(
                     expr='node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"}',
                     legendFormat='RAM Cache + Buffer',
+                    refId='C',
                 ),
-                PromTarget(
+                Target(
-                    expr='node_zfs_arc_size{instance="$instance",job="$job"}',
+                    datasource='${datasource}',
-                    legendFormat='ZFS Arc',
-                    hide=not CONF_SUPPORT_ZFS,
-                ),
-                PromTarget(
                     expr='node_memory_MemFree_bytes{instance="$instance",job="$job"}',
                     legendFormat='RAM Free',
+                    refId='D',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='(node_memory_SwapTotal_bytes{instance="$instance",job="$job"} - node_memory_SwapFree_bytes{instance="$instance",job="$job"})',
                     legendFormat='SWAP Used',
+                    refId='E',
                 ),
             ],
-            overrides=[
+            # Extra JSON for the colors
-                # Prevent total memory from being stacked
+            extraJson=MEMORY_BASIC_COLORS,
-                {
-                    'matcher': {
-                        'id': 'byName',
-                        'options': 'RAM Total'
-                    },
-                    'properties': [
-                        {
-                            'id': 'custom.stacking',
-                            'value': {'mode': 'none'}
-                        }
-                    ]
-                },
-            ],
-        ),
-        # Network Traffic Basic
-        MyTimeSeries(
-            title='Network Traffic Basic',
-            description='Basic network usage info per interface',
-            unit=BITS_SEC,
-            gridPos=GridPos(h=8, w=12, x=0, y=8),
-            tooltipSort='desc',
-            axisCenteredZero=True,
-            targets=[
-                PromTarget(
-                    expr='irate(node_network_receive_bytes_total{instance="$instance",job="$job"}[$__rate_interval]) * 8',
-                    legendFormat='rx {{ device }}',
-                ),
-                PromTarget(
-                    expr='-irate(node_network_transmit_bytes_total{instance="$instance",job="$job"}[$__rate_interval]) * 8',
-                    legendFormat='tx {{ device }}',
-                ),
-            ],
-        ),
-        # Disk Space Basic
-        MyTimeSeries(
-            title='Disk Space Used Basic',
-            description='Disk space used of all filesystems mounted',
-            unit=PERCENT_UNIT,
-            gridPos=GridPos(h=8, w=12, x=12, y=8),
-            targets=[
-                PromTarget(
-                    expr='1 - (node_filesystem_avail_bytes{instance="$instance",job="$job",device!~"rootfs"} / node_filesystem_size_bytes{instance="$instance",job="$job",device!~"rootfs"})',
-                    legendFormat='{{ mountpoint }}',
-                ),
-            ],
         ),
+        # TODO: Network Basic
+        # TODO: Disk Basic
     ],
 ).auto_panel_ids()

roles/alpina/templates/services/monitoring/grafana_config/dashboards/node_consts.py

@@ -0,0 +1,487 @@
+# TODO: Question life decisions (I'm not sure if this is good)
+
+CPU_BASIC_COLORS = {
+    "fieldConfig": {
+        "overrides": [
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy Iowait"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#890F02",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Idle"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#052B51",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy Iowait"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#890F02",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Idle"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#7EB26D",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy System"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#EAB839",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy User"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A437C",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy Other"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#6D1F62",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            }
+        ]
+    },
+}
+
+MEMORY_BASIC_COLORS = {
+    "fieldConfig": {
+        "overrides": [
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Apps"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#629E51",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Buffers"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#614D93",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Cache"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#6D1F62",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Cached"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#511749",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Committed"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#508642",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A437C",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#CFFAFF",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Inactive"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#584477",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "PageTables"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A50A1",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Page_Tables"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A50A1",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM_Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#E0F9D7",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "SWAP Used"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#BF1B00",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Slab"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#806EB7",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Slab_Cache"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#E0752D",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#BF1B00",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap Used"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#BF1B00",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap_Cache"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#C15C17",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap_Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#2F575E",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Unused"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#EAB839",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM Total"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#E0F9D7",
+                            "mode": "fixed"
+                        }
+                    },
+                    {
+                        "id": "custom.fillOpacity",
+                        "value": 0
+                    },
+                    {
+                        "id": "custom.stacking",
+                        "value": {
+                            "group": False,
+                            "mode": "normal"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM Cache + Buffer"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#052B51",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#7EB26D",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Available"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#DEDAF7",
+                            "mode": "fixed"
+                        }
+                    },
+                    {
+                        "id": "custom.fillOpacity",
+                        "value": 0
+                    },
+                    {
+                        "id": "custom.stacking",
+                        "value": {
+                            "group": False,
+                            "mode": "normal"
+                        }
+                    }
+                ]
+            }
+        ]
+    }
+}

roles/alpina/templates/services/traefik/docker-compose.yml.j2

@@ -1,7 +1,14 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
 
 networks:
-  {{ helpers.default_network(254) | indent(2) }}
+  traefik:
+    internal: true
+    enable_ipv6: true
+    ipam:
+      config:
+        # TODO: Consider removing traefik network, it shouldn't be needed with host networking
+        - subnet: {{ traefik_subnet }}/24
+        - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, 255) }}
 
 services:
   traefik:
@@ -18,8 +25,11 @@ services:
       - {{ base_volume_path }}/traefik/rules:/rules/extra:ro
       - {{ base_volume_path }}/traefik/acme:/acme
 
+  # This is mostly just so that the traefik network gets created
   whoami:
     image: containous/whoami
     container_name: whoami
     labels:
-      - {{ helpers.traefik_labels('whoami', port='80') | indent(6) }}
+      - {{ helpers.traefik_labels('whoami', port=80) | indent(6) }}
+    networks:
+      - traefik

roles/alpina/templates/services/traefik/traefik.yml.j2

@@ -36,6 +36,7 @@ certificatesResolvers:
 providers:
   docker:
     exposedByDefault: false
+    network: traefik_traefik
   file:
     directory: /rules
     watch: true

roles/clean/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: Get list of running Docker containers
-  docker_host_info:
-    containers: yes
-  register: docker_container_list
-
-- name: Stop all running Docker containers
-  docker_container:
-    name: "{{ item }}"
-    state: stopped
-  loop: "{{ docker_container_list.containers | map(attribute='Id') | list }}"
-  async: 300
-  poll: 0
-
-- name: Prune all Docker containers and networks
-  docker_prune:
-    containers: yes
-    networks: yes
-
-- name: Clean alpina directory
-  file:
-    path: "{{ alpina_svc_path }}"
-    state: absent

roles/common/tasks/main.yml

@@ -64,14 +64,6 @@
     state: enabled
     immediate: yes
 
-- name: Allow 2222 tcp for pgrok ssh tunnel
-  become: yes
-  firewalld:
-    port: 2222/tcp
-    permanent: yes
-    state: enabled
-    immediate: yes
-
 - name: Reboot if needed
   become: yes
   ansible.builtin.reboot:

roles/docker_host/tasks/main.yml

@@ -1,5 +1,12 @@
-- name: IPv6 subnet for Docker
+- name: Get IPv6 subnet for Docker
-  debug:
+  set_fact:
+    docker_ipv6_subnet: "{{ \
+      ansible_default_ipv6.address \
+      | ansible.utils.ipsubnet(64) \
+      | ansible.utils.ipsubnet(72, docker_ipv6_index) \
+    }}"
+
+- debug:
     var: docker_ipv6_subnet
 
 - name: Configure Docker daemon
@@ -28,6 +35,33 @@
     state: disabled
   register: docker0_firewalld
 
+- name: Get list of running Docker containers
+  docker_host_info:
+    containers: yes
+  register: docker_container_list
+  when: clean_desired is true
+
+- name: Stop all running Docker containers
+  docker_container:
+    name: "{{ item }}"
+    state: stopped
+  loop: "{{ docker_container_list.containers | map(attribute='Id') | list }}"
+  async: 300
+  poll: 0
+  when: clean_desired is true and docker_container_list.containers | length > 0
+
+- name: Prune all Docker containers and networks
+  docker_prune:
+    containers: yes
+    networks: yes
+  when: clean_desired is true
+
+- name: Clean alpina directory
+  file:
+    path: "{{ alpina_svc_path }}"
+    state: absent
+  when: clean_desired is true
+
 - name: Restart Docker daemon
   become: yes
   service:

services.yml

@@ -1,5 +1,6 @@
 - hosts: alpina
   roles:
+    - docker_host
     - alpina
   post_tasks:
     - name: Docker prune objects

site.yml

@@ -1,4 +1,12 @@
-- hosts: alpina
+- hosts: all
   roles:
     - common
-    - docker_host
+  pre_tasks:
+  - name: Set fact for clean desired of docker objects and compose files
+    set_fact:
+      # clean_desired_arg is an extra variable passed to the playbook
+      clean_desired: "{{ clean_desired_arg | bool }}"
+
+
+- name: Install services
+  import_playbook: services.yml