authentik: enrollment flow improvements, add option to use GitHub/Google OAuth

.idea/alpina.iml

@@ -4,7 +4,7 @@
     <content url="file://$MODULE_DIR$">
       <excludeFolder url="file://$MODULE_DIR$/venv" />
     </content>
-    <orderEntry type="jdk" jdkName="Poetry (alpina)" jdkType="Python SDK" />
+    <orderEntry type="inheritedJdk" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
   <component name="PyDocumentationSettings">

.idea/jsonSchemas.xml

@@ -106,16 +106,6 @@
               <option name="applicationDefined" value="true" />
               <option name="patterns">
                 <list>
-                  <Item>
-                    <option name="pattern" value="true" />
-                    <option name="path" value="*/compose.yml" />
-                    <option name="mappingKind" value="Pattern" />
-                  </Item>
-                  <Item>
-                    <option name="pattern" value="true" />
-                    <option name="path" value="*/compose.yml.j2" />
-                    <option name="mappingKind" value="Pattern" />
-                  </Item>
                   <Item>
                     <option name="pattern" value="true" />
                     <option name="path" value="*/docker-compose.yml" />

Makefile

@@ -1,23 +1,19 @@
 .POSIX:
 .PHONY: *
 .EXPORT_ALL_VARIABLES:
-MAKEFLAGS += -r # no use of built-in rules
 
 env ?= staging
 vault_id ?= alpina@contrib/rbw-client.sh
 
-playbook_cmd := poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env}
+clean_desired ?= false
 
-all: site services
+all: site
 
 setup:
 	poetry install --quiet
 
 site: setup
-	 $(playbook_cmd) site.yml
+	poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} --extra-vars "clean_desired_arg=${clean_desired}" site.yml
 
 services: setup
-	$(playbook_cmd) services.yml
-
-clean: setup
-	$(playbook_cmd) clean.yml
+	poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} services.yml

clean.yml

@@ -1,3 +0,0 @@
-- hosts: alpina
-  roles:
-    - clean

contrib/compose_helpers.j2

@@ -6,38 +6,23 @@ default:
       - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, subnet_index) }}
 {% endmacro %}
 
-{% macro traefik_labels(host, port='', path_prefix='', auth=false, wildcard=false) %}
-{% set name = host ~ (wildcard * '-*') ~ path_prefix -%}
-{% set tls_base = domain %}
-{% if wildcard -%}
-  {% set tls_base = host ~ '.' ~ domain %}
-{%- endif -%}
-
+{% macro traefik_labels(host, service="", port="", auth=false) %}
 traefik.enable=true
-- traefik.http.routers.r-{{ name }}.rule={{ host_rule(host, path_prefix, wildcard) }}
-- traefik.http.routers.r-{{ name }}.entrypoints=websecure
-- traefik.http.routers.r-{{ name }}.tls=true
-- traefik.http.routers.r-{{ name }}.tls.certresolver=letsencrypt
-- traefik.http.routers.r-{{ name }}.tls.domains.0.main={{ tls_base }}
-- traefik.http.routers.r-{{ name }}.tls.domains.0.sans=*.{{ tls_base }}
+- traefik.http.routers.{{ host }}.rule=Host(`{{ host }}.{{ domain }}`)
+- traefik.http.routers.{{ host }}.entrypoints=web
+- traefik.http.routers.{{ host }}-tls.rule=Host(`{{ host }}.{{ domain }}`)
+- traefik.http.routers.{{ host }}-tls.entrypoints=websecure
+- traefik.http.routers.{{ host }}-tls.tls=true
+- traefik.http.routers.{{ host }}-tls.tls.certresolver=letsencrypt
+- traefik.http.routers.{{ host }}-tls.tls.domains.0.main={{ domain }}
+- traefik.http.routers.{{ host }}-tls.tls.domains.0.sans=*.{{ domain }}
+{% if service -%}
+- traefik.http.routers.{{ host }}.service={{ service }}
+{% endif %}
 {% if port -%}
-- traefik.http.routers.r-{{ name }}.service=svc-{{ name }}
-- traefik.http.services.svc-{{ name }}.loadbalancer.server.port={{ port }}
+- traefik.http.services.{{ host }}.loadbalancer.server.port={{ port }}
 {% endif %}
 {% if auth -%}
-- traefik.http.routers.r-{{ name }}.middlewares=authentik@docker
+- traefik.http.routers.{{ host }}-tls.middlewares=authentik@docker
 {% endif %}
 {% endmacro %}
-
-{% macro host_rule(host, path_prefix="", wildcard=false) %}
-{% if wildcard %}
-{# regular a.host prevents warnings from 'No domain found in rule HostRegexp' #}
-{# TODO: figure out this stupidity properly #}
-Host(`a.{{ host }}.{{ domain }}`) || HostRegexp(`^.+\.{{ host }}\.{{ domain | replace('.', '\.') }}$`)
-{%- else %}
-Host(`{{ host }}.{{ domain }}`)
-{%- endif %}
-{% if path_prefix -%}
- && PathPrefix(`{{ path_prefix }}`)
-{%- endif %}
-{% endmacro %}

group_vars/alpina/vars.yml

@@ -5,15 +5,12 @@ alpina_svc_path: ~/alpina
 base_volume_path: /mnt/dock
 media_volume_path: /mnt/media
 
-docker_ipv6_subnet: "{{ \
-          ansible_default_ipv6.address \
-          | ansible.utils.ipsubnet(64) \
-          | ansible.utils.ipsubnet(72, docker_ipv6_index) \
-        }}"
+traefik_subnet: 172.16.122.0
 
 # Authentik
 authentik_db_password: "{{ vault_authentik_db_password }}"
 authentik_secret_key: "{{ vault_authentik_secret_key }}"
+
 authentik_sendgrid_api_key: "{{ vault_authentik_sendgrid_api_key }}"
 
 auth_grafana_client_secret: "{{ vault_auth_grafana_client_secret }}"
@@ -22,9 +19,6 @@ auth_gitea_client_secret: "{{ vault_auth_gitea_client_secret }}"
 auth_nextcloud_client_secret: "{{ vault_auth_nextcloud_client_secret }}"
 arrstack_password: "{{ vault_arrstack_password }}"
 auth_vpgen_client_secret: "{{ vault_auth_vpgen_client_secret }}"
-auth_pgrok_client_secret: "{{ vault_auth_pgrok_client_secret }}"
-
-auth_default_enrollment_group: vpgen
 
 # Minio
 minio_password: "{{ vault_minio_password }}"
@@ -57,8 +51,6 @@ redis_password: "{{ vault_redis_password }}"
 nextcloud_sendgrid_api_key: "{{ vault_nextcloud_sendgrid_api_key }}"
 
 # VPGen
-vpgen_auth_invite_token: "{{ vault_vpgen_auth_invite_token }}"
-
 vpgen_opnsense_api_url: https://opnsense.cazzzer.com
 vpgen_opnsense_api_key: "{{ vault_vpgen_opnsense_api_key }}"
 vpgen_opnsense_api_secret: "{{ vault_vpgen_opnsense_api_secret }}"
@@ -69,13 +61,3 @@ vpgen_ip_max_index: 100
 vpgen_vpn_endpoint: "{{ vault_vpgen_vpn_endpoint }}"
 vpgen_vpn_dns: "{{ vault_vpgen_vpn_dns }}"
 vpgen_max_clients_per_user: 20
-
-# Woodpecker
-woodpecker_agent_secret: "{{ vault_woopecker_agent_secret }}"
-
-# Pgrok
-pgrok_db_password: "{{ vault_pgrok_db_password }}"
-
-# Minecruft
-
-minecruft_cf_api_key: "{{ vault_minecruft_cf_api_key }}"

group_vars/alpina/vault.yml

@@ -1,165 +1,138 @@
 $ANSIBLE_VAULT;1.1;AES256
-31623438643264373065653633306538336133623864643438653630353265376138613361393466
-3464643166633332666230353734333363623030646564310a313134336539343436626234626364
-62336366323433346165373666656466616434613565323632353033323161363533356133613732
-3464353362333362350a633937313036336438393462396538613764636337386166613861613439
-39656466383833646236383062396130306563633861396234383462306331663136396331333433
-37303737626533666530393632616130313734653331353364616135633664343035303631343266
-65356133376438393639643931636561616434333637393264343832613035653034363863653233
-35313035303731316431313634643638666339396139333565663464633131393266333036316437
-32363661303534306535326130313139366466393634373762393165393735613563396230636538
-37623665373538633237373235396430333539343232363931656463363866363539326464613337
-65303932396666383235616162333564626231656361353133326333663039303331613433613030
-38353366393466343334656130306131626330613934313865343039616462363137336238303262
-64393931353466643466373331396536386231363233396339326637643662613438376666386661
-34346530346533643364636665313633633635656564333436346531623564646534646566623135
-30613036616662643461623561623837386538633231383736376462363836313538393036356164
-61323664666663313838313033336664363062646562336561663138393635626134613036623332
-39396137306531366464643862376238643238336230626533653033376361653839323962373162
-65373463643235626463316362356161323737623335633832353663613661636436626632313634
-39333033393861306333356335623439653432626336376133646432633332393639323230306435
-66376631313033643336373430616638393366313538316239386430393064613430666330363233
-39343234663635623764646332666634346437333264636339616431666330313138623734326364
-34336335353763396238353633333837616534303537303565323264383963616362643761363332
-61326566656337373437353236363865376661376462346430626639623561326435613131626330
-64643361323533633462313330333536343739393461616264653737626432343362393232613166
-35376631666537373765343035616333323663376363613563336366623235643536356134353434
-63363337366461623762653964396534336530373134333364633037343739393134616230363033
-66666231346362313561323432376164316439646263333131306335333533353939363763653964
-36656164623838323638663363336666343766383865393461653435666539663339656239303861
-65353032623966653239393234646664633132306163323438343436343365353361653638376637
-34393734316166393234313536656533326337616564663732353735343130646265386635363439
-33393331656538346563623031623861396437613437663437326134656535633362323039396232
-35346135633235623933393239373361376535376332666338626538353333303038666239643837
-30356265313235626330613931323538303362626330333162323062326139353661326536633239
-38386336613362646465313635613432666436663938353733313365353137333830333362393365
-66623961336335633365386339643437303933346432376466643562623232336461306231623038
-63646566636434616364613230316238363563623364643138316135326166613939343464633462
-36326338343234643338333737313434366461306435643165353030323939333635666435353639
-32346563353037653231373836656261623162356138393861313463616532653039396138383436
-38646462636464336564663633333631323731623663383138613231643861323932613466326439
-31666535313136613632383833323134613639623836653635326336363531363832303633323731
-61646630353462363932396661613639353538343136653433656132323637313434306136306366
-66336164643431333564623965623064326139646664383965656636393564366535343365616634
-31366665396330663864323666386431633439323933306538316231663066323565386132326563
-64376434333636373362613937323632356261326439653736336331323233653063613661633539
-39323261363333666461393166353362656630633262373661636535363863323664666438306633
-61643865323634643063636631366165373230303533323338333832643364663066333131383436
-32623662373439636164633939623164396666613138623632333532636634303633356638393537
-31343933313965326238643331653635373430636236656433363039383263366363626565326462
-30336631656431643262613663376331353631333563623361373231643439646465333261303862
-36343766323033356536623931306365313363343232343538396561636133643365663933306231
-31666362313935346336333662643237326137336263633934663663656636663836626364643966
-34653830356163616636306536303030393634343062623538383239636365373663343463306262
-62666536393332316365646630636232376165313266353138346536663435313063663466343533
-35323238323466323663396563636361353833663636383234383533356362626232353632633665
-31323865303935643765323663383730643462376464626566663562323339613037373761326632
-33623636353832323735383866366534663561623136633639653232313564383639653833623532
-32326535306661383433656436633031626235373466383633366663376537306530616438383361
-65363838663965333831636166316464383964656431383161313838303736656130363132623664
-32656232363933616532643461353565366438323166323237393434333630633830366562396531
-35626564306634376364333332326539613839346639336561303038653937306339376161393763
-30356464646435653237643065643264326630656366656138376566636161323261663366343462
-62643837336133316262306261363238316533326436343631643031623731353563323836336533
-66613737306232366339653962613136326430353732373034623130306539366431363864626535
-38346166613864396434616663393837613466666436613730373466653532663561386533343635
-37336233383337343266663037333133373036373435303432313265663539343961653665363762
-64323761376632393638356235316362366630323039323336316262343663343563383839363165
-38346161303931613832316333353130303637373638636561366134636137376537393538306532
-66343133616333353664353062613862656439636161653864343734663537663762626539636138
-32643361623135363539663865643935666263373432656138383966393162656164363734626332
-61626634643135323262616465393332366235333637393937646531386562313338363431336135
-30316632326637393431323538376663336136323438636463656639623238353533633336376534
-32303566643264373861323030303033393939326161613037333162363864653839643966393939
-34353765653765393336393338663761626663366136303136353932386231346331363961363930
-39383131366466633365376635636231363639656238613737356630363734646166336432303535
-34313938663864303730373331643437613636356139363934343261306666326437353737336466
-30653139656335356133376239386666393166613062303233396330386462633666336532663765
-36343230663035353638633662343035656639633433363165346539396661646635653562653161
-31363161346565356164343530363731353935663563643532363535343266623935646663336333
-35313065663439313535623430333533303964663263643064393331363035376635663964646138
-63366361393531326132623236636333626334333433383531653161663961636430663964636561
-36333463636334323834336435663636623133306434646530336332386265613962663132663737
-31393537336162336532613239666332646436363266313632653538366561643137393332643065
-32643264396135653439613632613332393937336230303131343465346232353261646536633130
-35626363363763623839343566376633323765353934356431313537323332323736656635613039
-39383039366437356535396133396336666330396566373961653762633965373761393633336165
-39613261306465353634336666363138343830653939666637353330303234393632306166626633
-62336531373636656130363731363334313731376561636466643638363530353363323730643232
-31643636623363646233613733326630646235383539393834303864383039313934383633613232
-33376433656561356337666638353038353362363936366561323966653862303837663264623039
-36353966626362373531333939633934373266313831663337383464616237386361303166383634
-61643434633964373634646436623861646266366530313535663361626438323530343361313430
-31663066323232353130333732616663373361666661333561343133353837353766623230623963
-32323936373336646131653166633365323963616339643630623962663866373038393034623632
-35656130383562353734666162666264626138363265626263666661346465333130373764653262
-65623939623831633265346638626134386131303339386434343466656565373538613934653035
-31663265646266656432333739653439356134366663346366373139353562303964333537396361
-35353132636266613965313232326439366231653535653861653131373936303439303662643261
-32623662636565396632376437633064663032393538323432393764383062643835616563656535
-31386366393839643931656334633930343535326462623761353762396264323362326231643336
-32633534323661666239366563633837666161643438643033303732623237356139333739663135
-36343732656263313536383136663832323130393031313265326439383061666264333461373134
-34616163643839373663306630343861613663643030643437373833643239633539616565636233
-66303234303036616438356563663636633833396137323462316363613864663536343137303064
-32623030616562313131343536373435353636353161346337303337633135343262336164336632
-39343736313165626562353665613061626461393130373735303533636239376533636137396331
-37346234396364333537623034333430616133396363656164393337396338613766336433396464
-36346664383838386366366537306333306436383235316535623631343438633232313234613036
-36396564353833626566316130343439653562313863653761383564643162386362383138356530
-63376336616266623133323031353966623830633135316636383863333266333136303839373333
-35366130306431636362636162333661343939386463373936313866646162396138626663353765
-61666463653939373363393463656537653965313735653863323965666237353230316135346138
-34373637326366363033393830386164643530313937663031363932343637323836363932303832
-30316163393431663436643638313233643664333461623932356231383636633536393133666463
-38303030633866383866356262386235623034666161326632633735396162653437643533313034
-35306134343731376563383662353463386164323633643231386339356263663534613061306632
-37646338653633366530323837386333393335323664306265643235346366613164303962643433
-66303964346339663364633631656434626361396564666366333165396436666632663364336431
-31376435396134646665353135636138663733363565393833336464653465303961373262393932
-63396461653133396633376130326463313465363161633861653964313639666534633434393032
-38383334386432353630316336313839363362643533356433636665623235366664326139346430
-35646435356131666230383966383230336336623935336431653562363863643739373962366230
-32373661313832313963373263613764336635616239393063346232666364623631373839303632
-66386462666166616465336538313335323461316162346461613163643363313732366331313166
-39646535393235383633323663333865383462623162393665336132303334326138303431616665
-35633864373530613762396632303737653535663538316237663538646465313038373961616361
-39643866363563643133346437643038393361373938633935363332346236353362363238353365
-38393632336139313937616536633839383830376131633561383237313264373739626661646139
-32613465613933623062653362646439343035376261613361356233363631636539653062613138
-65633235656534633135633434336233303031333135363838666361306238323530643838386264
-33666639613931313239306539313131313530353836306361643665666231663966316237613134
-30303437376132373034366534383435626139623162653335636434373665623034376163633239
-39326332396631333965373337653239356237656235393765303236366565326536313732353137
-32623036343831383335336539303439303864666561323463393162353536303235626631373363
-37346338393336363038643430313037373164336264633838656231343331356266386266376563
-31633561376166343939326534383363393738613837653135663765366464306336326663333566
-61613339373234303838633639396562313930643339633733663030323761343737323862343232
-64343233326330306662653535633539393566626565306530363161343731613439383362393738
-61303339373565643036396563376230376464636632316265326165333761656164626632303235
-61353962613731633238643937343166343261363337303731633134373238643062643133633434
-37306265373666613131316332663066363834663864396364373637613632376539616363623963
-31356264393335366266613339343233383830643364356435316432613566316365326130333531
-64366536383937306437386538643338306662633739363231616438633465613563336564616363
-64363130326337383734666435336333656136326663336637336231623637633738323863636437
-39373766646333363433383130336336626163616564376336633833633835653231333239656462
-63316263313931626333663832653939616436643964613061343866303035653830633734643631
-35316533383333616332313938653762623435353161653061633732386365303138656466313238
-30616666666433333237313835623764373361633938396361393930393832323763373533356565
-65393261393363623435346463343537386531643439383764626239356530346666346633313332
-61656639616361396562633137666631613062303031343734313738313735346237613233363833
-39663036653865346336653734306631303563343563663438643533626638363463353731386132
-62326538613237616264623936393530613366303632643939336539333138626464383964663838
-34363763663732336536656162393635306563633662636664323563363161386261313230393766
-66373037343135616531653938633931643539386433633037623138613639653238303936383930
-62333564663537653764653638663465326462323838613838643034363238343339396663333835
-62396161373531646132663931356638643331626135376432633531383564393335316534313266
-62613935313661303636303762336166323064633837396435363937623238333461396235636534
-31616461303334363361376334306366633133633965646138623663623137393634613465376663
-33613836316365393136333639643035333238373535643932353330316161363733333439356532
-31343935376564333938613630616437343864336632356435326265363761643339653638666139
-30613035393830616263353338393334353635333534336165396266326462373036653663393863
-61323838363831663434636236636463633362633136653662623863323737626163613863643566
-63363933336533386666636632656661303033326535613234336264376337376139353831386364
-64643331353934323761623264353030653265336462356233313864343233323866333262363536
-36346630396536663565
+38376439643766303237356563616337663731366435613930393135383962666435313530663632
+3432326162343632613565393737363335306263653032300a643539393562376162333761376631
+62343731316430316638363338343966326635383930623339383339653936343765316439393233
+6562323634383363300a323233346338393764623363346139313661386433656337363332656230
+31306233643735333033316139363165373062363334363933396563366234316330646230353261
+62326539663337323036346533303031333730373061656563613535376162633138306634626462
+37313038356466336138643834643863393333373939616362636365366231383762633030313831
+33393139313336623437396161623437323163633362363137626262653462633737373062643735
+63353561313639393166306466346134623933323532636438656263663338376337376434356163
+64343239616632313566656664393136363337386464613932383961343134363233653039336137
+65656566306463313264646163646130323533666464323464643433313030346535346535323264
+34356433343739343166383034313935666139663239653662663734343139343035616134303730
+39643136623735666333646234346239303337333961343261383834393963386633633030633962
+61376132313532643730633865326130666565303631386262396366306565613665363934383335
+37376139616165396436663135373932653064656136356662363137653036383537613665393634
+38313063656637353630373634316564383362663335356364626161663163323362333937316461
+64336636386234623438613766316430353261346339313863306462393335636131363966363038
+66393561323335393063663838393466656331323433376461653838313638303564666662636438
+38663735616261656338626437336433613730353236636266316536656165303534353538316232
+62363063376464323932383261663537393263333266633461326536656533653661303335646431
+36616436396137343634373563386439653833306537373735353764346430616231313538636362
+30363430613839373761363032316137636432643339383561313637376339323836353161343639
+36316665656164396236383538346561306432333637393431393566333566633434393961663330
+32383833396238633966393837336564626135653733383863346161663364353062303931303931
+39653662373734643037393832643439653437353935666430373337643532346161376661633738
+61643431633431666535333463636461613166363238373138306565643533623039353031646634
+62383662663435346635373865633731393362623761313834393964623930646364366534333236
+35393138346433366435313066633436393561643263343534393034373161343834633261363933
+65376636393263663566653436633762643331336139653565663334373561353130653065653935
+31616337313764313532303934376236623833363433336335303262643135643339613839623231
+37343730616166323239653537313137373136626337333665633134363830626131353030393662
+31643366386365353336326133636434303636343637643539653131316133306132643133643364
+64636464373564383938663838613031626563613362626435383832346661306562343165643539
+66353431393032313262393566353833343632366139656234306561366139633431653133356165
+32363332636433626132666462626137653337646234646565303831646330333133353964626461
+37333265623865376562663365336339353036346135363062663534643537353331623630356264
+66386665333633383534313062623533383239383231333163663565633531666236306465633135
+36363164636165343863363866343437636630353863316633623761373232643262623762316162
+32613665306535626139366564616362393536336364666663333761383362393631316134373138
+32616665363164363639303538373539346239663261373731613464333734326436666433666539
+31656264326535626134323231646535656563363231633434636337323538343038303233363765
+61393164316237323533313336316530316431653731343261636265393361616464323536333130
+65346538306664663566666435393738323832396365363764333637613331356661306535376332
+62313533306365373737643835396364363737306631346161353031633531383364636563383237
+64633432386565356137333730313736393737303665326531356265376333663636393430386233
+33666532616632373061633063656136646533363034363330366231653936396166663134396139
+66393131653963386365656364666263666362316136333561326566626562616138383739346139
+62343035646435393136656434646138376331346164663562306166646132363230333538323536
+38643934613633373734653337666261356639353235326539356264633232343834633062336539
+31616536663730656163626437653932313564633938643163313765393731386533323465303831
+34353663363862363761643565633635373834623665653131613531373637386361636661376532
+64386435643966343034643763393461373961626134346539653865636161333962333463393734
+62343838363432396133326235323636613239326139376365353930373835313531326433326234
+66396537636162363865663433626230316362343334653735646637613130636436633132663538
+64623230303266373965616533346464373661363233613837613765343463306136623063313139
+31383039343462363536646636653736316362356565326538636331646235373162663332313961
+64623061636638666234623336656365383165626461323561343930316432313632316332306334
+61376430303835383934396266303564363230313735366464386134393265326334663633663632
+38643034393737303963643733656333316137646435653666353239373738373632383561646333
+65363865353362383832643238363332613931343038366563316163303764323936316466666364
+31373439383661656336653431666164393833643266656133383137376133636134643137663532
+33353531663336346562653339616430333133363232336461353937303435346337363932306133
+37623164343462363830323263323664303334633563313439376232303031633633316636383164
+66306238333432333635653435383138383339343837346134613630353335656335663062326132
+65323638343963623062663638366538363162343230323262616138373239653163623832313366
+65323834383631646164316363383636643437346435313030656362653332653635343066666232
+39346235383265326262306434383861653138393835663863383032363664323565316165646566
+61646238393062373131346536343533663839313831383335316363343465663130633133393436
+66333465633636353639663836376561353839613533346164366238353833636534633338313262
+30656433376362346333303630643639353262323532666238633764363132303161326638643761
+36616131636538613539383935613337643930333334613566393031646630383330656164363361
+37306536356164633831626362653364313164356235653464333633313263383032333439626434
+65376531396661636661303831393062666362623966353739303330393631323963373564353265
+61343862323737336238356231626561396333386264666563356235333339653538626130623936
+63326431316538346534313764356333396565666431633833613337323136643137306166623238
+66393561333137373964353935323930636237366433613038383761643665363330323865386133
+37623339613733353366656637383030623663313639363334656361623035643232626633313864
+36346564653766646333613763616163363462613937656534363461376235613064373039326165
+32666265383065636232613632333830633439653066653666663261646536663434393535613131
+30373062313765663038313534623165653833623330383032363063393239373234636630646561
+38633962363530666638666630316434613462656335613236363831313863613030636539356133
+66386133383433663964306661636131633236633935633236623530373864646363383534383735
+63633165626464333332303331333338313838393832626637626137316338643136336333633930
+61346436336635656639616261383666336330333862303139633137373362303033653432613039
+35623663353538323761623839623438646363313164356631386364356533346133333334326565
+32303837663261386463313535373765356166376165386535623838326431616564346632363732
+62373231356530346632373134343865303532326136653731633038353066623435336462303138
+37363039343433613939363663623135396636396433653362666164323237393664623564393532
+61376463336564396537366365373936333666373432376566323864343735636264643139643063
+66396230303336633438666234336434353866323637316334313162363734623763666338336234
+39303330343035333864396631323231363134646238323065356138633131323135613133356237
+34373562633430613062313261363939373632313838333934303165336562663839663833383763
+39316632656561653033613933373861366361353761346539306234366538373461373930306535
+66623430343336333033306135303639646566393336663538313430616364653933663536386535
+64323962353734356134656361663131376564626461386233643731393664353038626464313763
+64396265373737313134613962376334373965353338303363303935353538643561336461393032
+37356434343837376534663938366434343063643966643965346465636166363235643635333466
+38323664366366663363616664336165653264633437393636363866316262303432356461386330
+63326539626363333331366162363230626462656633653866383331333164663734633630353265
+63303832376230646136346261383965626633613739616330666232376366613332663839336531
+32343031336363663865643165666435623462376130326433316562363530343662366432313031
+63626538656633346563663735323030363231643933326337613634376531636235333339373633
+66353362333265343964353966383363613336636536393734363363623363316532653533633434
+39333162303834353362323362656630343733653336613065333462626637303264653361393462
+32336238326535383662636465383832346438333230666662633430303964343236626331623536
+65383666316431646538396661386332323037383666336138666135613763363633343934663836
+32656362323631303732613235663135633939643165626231373162643963613637626235613365
+32326266323431636434633234333730373836373039666137663232323539396364373061393232
+30646432666365333336333836313333363537363163383034656136383164663331373632313564
+34353731363338323438366464663938393632626530323537306233613866356234323364373766
+34326662656263383864613538326536626133386532303932326362376632363631356535393937
+33346462336636656165316166363364343330383337636361656438383661333366633532616131
+37313033623430663039626131303933316561666233613666636433363537373264653331323136
+66663532653233373735326333333738663931343735306262353831303330633136623966316431
+39316462313066336536623438626163383139343532313932316435356431323865373035343465
+30346237393531353833616136323431376530333635633632666431313938643539363831313539
+38396338336136363165323135663836336139623865666631663237616664636233653663383965
+39623665656563316334323738323730306631636565393662313536353565383033653365663461
+38326432353166376438356238386161396638666131636536356333393563613461373263346538
+36656138353762323662363061613764633466303566353338626666646533616137393336333333
+30393733316636353266653039346237363830333831383535646531616130353534633062643135
+64373533646462313035383236333866313866366130663863363162613234393762646662666233
+30653666353333366365343036643462346361303536363935396133343166303339623461376563
+39333163636466646534356337656431376663623833303235303534633634386665636162346634
+34646665633639663763316339663539663261333436363935316334656330313835616138626237
+35623363393532633937653132303635396536646635633062393661616538303631663136363038
+35623539303963383063343338653130643233636537356264323238633839303337383665393333
+36303330393638643464646535653833626531343634626531396261363139326336623765623039
+32613237636366376463343766303964336661363432646436373963626537373137396661633766
+63633830663035663764303634643662333464353234646232343066306131336533396435313239
+66366630643564313665306130656463633065646430373334336664633264353336376439666137
+65366537366462623136353539373961333238373733663837373430663865643334393565333861
+35363035343561633164613631633532623164376339633630393633396437333034376339656538
+32653030626434326632386635383739663932393331333062656565303939373566653031613839
+31363162666330393232646562333833633266643165316464623533623539356339333365623966
+65323638396531346261303835373138333262323466656263643737343734303237303638353036
+3733

inventories/prod/group_vars/all.yml

@@ -0,0 +1 @@
+domain: cazzzer.com

inventories/prod/group_vars/alpina/vars.yml

@@ -1,8 +1,6 @@
 # Environment specific variables (prod)
 
 ---
-domain: cazzzer.com
-
 docker_ipv6_index: 255
 
 # Arrstack VPN
@@ -20,7 +18,3 @@ google_consumer_secret: "{{ vault_google_consumer_secret }}"
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.100
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
-
-# Woodpecker
-woodpecker_gitea_client_id: 3b7515f3-6005-4512-a2ee-5464dba315f8
-woodpecker_gitea_client_secret: "{{ vault_woodpecker_gitea_client_secret }}"

inventories/prod/group_vars/alpina/vault.yml

@@ -1,32 +1,27 @@
 $ANSIBLE_VAULT;1.1;AES256
-36313835643238353932323631323439626432316436346533376365633332313963666433313333
-6134633133636133623130376237373462383164396338380a316463396139653161366536636336
-64346664356538366538363239306631326464633635316161663963326635656430326637333963
-6462633236353132300a323062353639646238663737353461633733636530613036316364353864
-34326534376639643734303137613866393464306334336566653134333765356361386436323939
-35393535303635376162386266396431313739663961643061623037343463303637623130623131
-31653761616639613964386432643561376637316435333064343837636463303033333432636234
-39323735373161616133396566316266383165343033666530376333626264643531613334363634
-35393766623361346461333764666139366632306362613362376133363239656562346263643066
-65616538366532346537383432663766366161633234373562623531356339666661346164306563
-35343339386631383462656466303563376237386137346437323634626163353464356462346364
-35373061636237383335396231326563366230663566333665326338303564326263316630666233
-65303930663862313137333630353837363265333532303133306466643462626662613166326132
-66346439333739653965346236313766346532356233333164633538326135643662623533646561
-65626530386333303362343830653430653866336261623566616362313739303939656364656363
-37336331353766633534653936626139303061623531323362346564363665663438646533646166
-62376534653562373138656465666133353235313935626534383537643436376665613865303363
-62326562396361306131616363363866316232623635353663323537366563333239383636643763
-35623366663463303831323730363036306363643364303532326339353633393739306366396331
-33313230656431623462376135623438633164323064653866646165643263383832353138633931
-66306463346361646561376334613837383762366365666638643434383034376339643239646463
-66343461363233626635323535336462666339323032616136396239396534346434623238396330
-37653665643366323362313136386231396532323035363963623738346564356435303263303832
-37346532366432363638363330316464366361313461626535616165333433343835393565633766
-32663162386562373035333335303332323136613233613431386265626337653939326435396262
-61303631633838613962346663326232636438393563396230306361333335383462653432383766
-35376662353262303635316635363130383032366530396439613861653037383234363831333562
-37343332646534353838626366623361636261393865363633303631613837323733626264643835
-63376430613234386463336234623062656534643863656434386134616265333666613939393331
-39333166393538306135313431303831623063363533326330633062653333313733653831383736
-613864303461323739336563356161353234
+64376262343730306465343137353235393430646535633031646432363631643061656336313962
+6661643832613835353937313832393762613430616338360a356137373036343037316635666366
+62643132656233663933353239653438316238353363326539353038383436613038356137643836
+6265373939326266640a376162333266313333653339383533303639393932373266356361313763
+65346235626430323232393161643932316161383564393663343039626431366130353066636265
+63643639383162326235373636393435316338393431393166663835623739356562633435373438
+30393630623261353134313038643464306637383738303163353937316261313263613264393939
+37363037616230623732663866656665666664393835313836393237303234303866393437393833
+34376335353133613938663861323062623763323463316563363439623030653033373538323436
+38333863353333323364396431373030386636366330323562663831376531333661613337303835
+35643464396332333436633036326563613863636238353837643965303862636665303362336162
+34623430353061613364643436343736613734326332316465356333626534303166636638336236
+36613362666337616635316330396635616165346666396465303861386162353836333332663931
+64663838646332316363376339666632336238613365636666623137663564313665363461393163
+35303735613734393439376339396466643065316432383236393633376461316534623535396464
+62386464396534333561323539646336623464623033333835356439353632373033373736393134
+30666435306632336433383562303238363361313735323439366638333033653761393061303130
+36633536356264376366383335623534323436383361373037383931313766353534363663336462
+39353064306439306135623863643163393762333366303665623432386462333466626535613464
+65613031666530303163353534323032396264666464303639383038343537303839633831373039
+61323437313737623530663532626530613935353431306138623239386136323334636163343432
+65633933643630643634336639393866353739653638656366356163343132656666336232643731
+65363639623262613132646366353235626237646532373233626162643434396362313033653637
+36333035646634616138313863386637346466393262363833313135343964666630623736343666
+64373638333066343666306334366332366530623138306636633166613739363635303138633434
+3439326265613564666639363362643037653733393336363232

inventories/prod/hosts

@@ -1,2 +1,2 @@
 [alpina]
-debbi.sys.cazzzer.com
+debbi.lab.home

inventories/staging/group_vars/all.yml

@@ -0,0 +1 @@
+domain: lab.cazzzer.com

inventories/staging/group_vars/alpina/vars.yml

@@ -1,8 +1,6 @@
 # Environment specific variables (staging)
 
 ---
-domain: lab.cazzzer.com
-
 docker_ipv6_index: 254
 
 # Arrstack VPN
@@ -20,7 +18,3 @@ google_consumer_secret: "{{ vault_google_consumer_secret }}"
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.50
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
-
-# Woodpecker
-woodpecker_gitea_client_id: c7122416-b160-498b-8021-8f2837552588
-woodpecker_gitea_client_secret: "{{ vault_woodpecker_gitea_client_secret }}"

inventories/staging/group_vars/alpina/vault.yml

@@ -1,32 +1,27 @@
 $ANSIBLE_VAULT;1.1;AES256
-36343339366166383430383235626463376339653331333635623936653135633633353064613634
-3263306161376232356634363532653266366665333364650a636365393465383165306563346132
-37653564633630653635353464333939353266396562316663653933373065353536333130383065
-3864353332303164320a316439313164663736636465366539643131303663343861333164613561
-37383965373964313535313335643164376164323263613539643933333035323837373662303030
-66636465303566313334386435326433653032383962353739643861346161323738636366396239
-39623336336234376339343562656362323932383265313161396435346530663330353266323433
-66396538313365653963323164306464663565303364386466666636346533633661333634313236
-33623936616239613264613730363039366561646535633239633564656166343162303633373366
-37656163333838656533363735383332626632353237613666396633363531666366336630613064
-66626561663766376531313666663963643766393965653564333062653139336230356330383464
-38343562383430303132663964303736623238386562323033623861303432363363373934643332
-63363239323664333131306237336134613137653136633932356238343733393632616464366134
-33623038363032653134626337663863366663383433633134326239616136656139366535613565
-61646330356330396236303566363834613236653733643162666536303435643133346633353632
-62386135303262353332643135636164303963616234626132356161663463366434323864626261
-33356536626263626261343937386666396561306334346435316262333431353234303836356563
-31343566373935396633636133616265346235396333396664333534336162323039623937656336
-36656133383966613333646336613039626563353862646238376461373264633233313836333062
-30343134363862626630393035643762376435346532306462363437646238333463396230666465
-64386365393063613139313164366562643066323461313364393265393638643137386561633530
-65643861386531323836306339386462656530383533363831323461303131396666626464303136
-64343865616235616366633136393662623862383961323338366435396334653538303830616166
-39636164613466313033643639366635323666666235653633333436613133343962353664313838
-64356466393239666131363964643461346633313030643061643938643232343334313731636463
-37396637643232353539626239306463623237623534366666396164613135356136313534663231
-36613662653237343061316463386231656136383636393034333666633063613731316162333464
-64313866633062623530326233633166343434636639346565346337396461393637383333366435
-62393030383963396638653230613431623837353461313630343333376131616239313164336234
-62323739316536353835613032303438623230626563303934626466303934613566656232323663
-643265386333313065333737613438316532
+66646463303166643563376162636432643963336537343738383763653232316661383864373761
+3539643230626437623736353630663865376630663765650a666266663366393833396461303665
+61663961623036383039323239333361396564343836363662326237666464363439643336613336
+6562666639313461330a613831316232623963396136343638643133376430373634316133653432
+65633339623833303866343130386433633065326466333636353362306362663830333934393364
+35613338316631333438623230623131626431633930313664616237396666326665633965373333
+33636234666561656333623836633562363130346665623839353734616437303562623530613432
+31313037366232613335613262336334393966326139633332613733326335383130316265613038
+35366162623737666331636435643234383634663964666465666563396262336134306636343830
+30373831393232373664666564316134316266376134323538366130383962396566386161303461
+31336333633135323631373763346631656132346334356233303630643166323565393736336236
+39343231313132316663613734323833303935333162643862623632316662653736303266336635
+37316435633464343761656262326538633730616239366330363736323761653061306139623335
+33363066383636633461353534396433653161393132313034373165653563646234653764306539
+32653239613566653762613364653863313334653437646166643537633530613463653966383538
+37343834326162393739333066623066613566313265626562333537366230393938613931366638
+36316364383361366461396136353063363233353865373062643963646266643763363938376265
+34623333316264383035373266313437353161666537376535333830616435383830366166316136
+33643132316534383466343366303764633031353961363033663662636364613132343862653066
+39376136323662383866666136656361396263666338623133346436353938316464346363303761
+39656133653736646137396437396133373765376337623832653232383531663930663037323462
+66373630633737356138333532333265393964313739336363663265613363636464623232316539
+37353164393965616363346666303330613438306136363037313065666662656535356437663262
+37306264626431396336326362653764316536396366393533336164663861366462653964656465
+64366139333535383065643033343632323837633036323439376134373966613739626261376436
+3133326138613735316230353965656239303263386638373339

inventories/staging/hosts

@@ -1,2 +1,2 @@
 [alpina]
-etappi.sys.cazzzer.com
+etappi.lab.home

poetry.lock

@@ -1,30 +1,28 @@
-# This file is automatically @generated by Poetry 2.1.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.4 and should not be changed by hand.
 
 [[package]]
 name = "ansible"
-version = "11.6.0"
+version = "10.7.0"
 description = "Radically simple IT automation"
 optional = false
-python-versions = ">=3.11"
-groups = ["main"]
+python-versions = ">=3.10"
 files = [
-    {file = "ansible-11.6.0-py3-none-any.whl", hash = "sha256:5b9c19d6a1080011c14c821bc7e6f8fd5b2a392219cbf2ced9be05e6d447d8cd"},
-    {file = "ansible-11.6.0.tar.gz", hash = "sha256:934a948caa3ec1a3eb277e7ab1638b808b074a6e0c46045794cde7b637e275d8"},
+    {file = "ansible-10.7.0-py3-none-any.whl", hash = "sha256:0089f08e047ceb70edd011be009f5c6273add613fbe491e9697c0556c989d8ea"},
+    {file = "ansible-10.7.0.tar.gz", hash = "sha256:59d29e3de1080e740dfa974517d455217601b16d16880314d9be26145c68dc22"},
 ]
 
 [package.dependencies]
-ansible-core = ">=2.18.6,<2.19.0"
+ansible-core = ">=2.17.7,<2.18.0"
 
 [[package]]
 name = "ansible-core"
-version = "2.18.6"
+version = "2.17.7"
 description = "Radically simple IT automation"
 optional = false
-python-versions = ">=3.11"
-groups = ["main"]
+python-versions = ">=3.10"
 files = [
-    {file = "ansible_core-2.18.6-py3-none-any.whl", hash = "sha256:12a34749a7b20f0f1536bd3e3b2e137341867e4642e351273e96647161f595c0"},
-    {file = "ansible_core-2.18.6.tar.gz", hash = "sha256:25bb20ce1516a1b7307831b263cef684043b3720711466bd9d4164e5fd576557"},
+    {file = "ansible_core-2.17.7-py3-none-any.whl", hash = "sha256:64d4f0a006687a5621aa80dca54fd0c5ae75145b7aac8c1b8d7f07a1399c4705"},
+    {file = "ansible_core-2.17.7.tar.gz", hash = "sha256:3aaab735d6c4e2d6239bc326800dc0ecda2a1490caa8455b41084ec0bc54dacf"},
 ]
 
 [package.dependencies]
@@ -40,7 +38,6 @@ version = "2.1.0"
 description = "R/W an ansible-vault yaml file"
 optional = false
 python-versions = "*"
-groups = ["main"]
 files = [
     {file = "ansible-vault-2.1.0.tar.gz", hash = "sha256:5ce8fdb5470f1449b76bf07ae2abc56480dad48356ae405c85b686efb64dbd5e"},
 ]
@@ -50,28 +47,27 @@ ansible = "*"
 setuptools = "*"
 
 [package.extras]
-dev = ["black ; python_version >= \"3.6\"", "flake8 ; python_version >= \"3.6\"", "isort[pyproject] ; python_version >= \"3.6\"", "pytest"]
+dev = ["black", "flake8", "isort[pyproject]", "pytest"]
 release = ["twine"]
 
 [[package]]
 name = "attrs"
-version = "25.1.0"
+version = "24.3.0"
 description = "Classes Without Boilerplate"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
-    {file = "attrs-25.1.0-py3-none-any.whl", hash = "sha256:c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a"},
-    {file = "attrs-25.1.0.tar.gz", hash = "sha256:1c97078a80c814273a76b2a298a932eb681c87415c11dee0a6921de7f1b02c3e"},
+    {file = "attrs-24.3.0-py3-none-any.whl", hash = "sha256:ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308"},
+    {file = "attrs-24.3.0.tar.gz", hash = "sha256:8f5c07333d543103541ba7be0e2ce16eeee8130cb0b3f9238ab904ce1e85baff"},
 ]
 
 [package.extras]
-benchmark = ["cloudpickle ; platform_python_implementation == \"CPython\"", "hypothesis", "mypy (>=1.11.1) ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pympler", "pytest (>=4.3.0)", "pytest-codspeed", "pytest-mypy-plugins ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pytest-xdist[psutil]"]
-cov = ["cloudpickle ; platform_python_implementation == \"CPython\"", "coverage[toml] (>=5.3)", "hypothesis", "mypy (>=1.11.1) ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pytest-xdist[psutil]"]
-dev = ["cloudpickle ; platform_python_implementation == \"CPython\"", "hypothesis", "mypy (>=1.11.1) ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pre-commit-uv", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pytest-xdist[psutil]"]
+benchmark = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-codspeed", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+cov = ["cloudpickle", "coverage[toml] (>=5.3)", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit-uv", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
 docs = ["cogapp", "furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
-tests = ["cloudpickle ; platform_python_implementation == \"CPython\"", "hypothesis", "mypy (>=1.11.1) ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pytest-xdist[psutil]"]
-tests-mypy = ["mypy (>=1.11.1) ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\"", "pytest-mypy-plugins ; platform_python_implementation == \"CPython\" and python_version >= \"3.10\""]
+tests = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
 
 [[package]]
 name = "cffi"
@@ -79,8 +75,6 @@ version = "1.17.1"
 description = "Foreign Function Interface for Python calling C code."
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
-markers = "platform_python_implementation != \"PyPy\""
 files = [
     {file = "cffi-1.17.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"},
     {file = "cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67"},
@@ -156,56 +150,51 @@ pycparser = "*"
 
 [[package]]
 name = "cryptography"
-version = "44.0.1"
+version = "44.0.0"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = "!=3.9.0,!=3.9.1,>=3.7"
-groups = ["main"]
 files = [
-    {file = "cryptography-44.0.1-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:bf688f615c29bfe9dfc44312ca470989279f0e94bb9f631f85e3459af8efc009"},
-    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dd7c7e2d71d908dc0f8d2027e1604102140d84b155e658c20e8ad1304317691f"},
-    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:887143b9ff6bad2b7570da75a7fe8bbf5f65276365ac259a5d2d5147a73775f2"},
-    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:322eb03ecc62784536bc173f1483e76747aafeb69c8728df48537eb431cd1911"},
-    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:21377472ca4ada2906bc313168c9dc7b1d7ca417b63c1c3011d0c74b7de9ae69"},
-    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:df978682c1504fc93b3209de21aeabf2375cb1571d4e61907b3e7a2540e83026"},
-    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:eb3889330f2a4a148abead555399ec9a32b13b7c8ba969b72d8e500eb7ef84cd"},
-    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:8e6a85a93d0642bd774460a86513c5d9d80b5c002ca9693e63f6e540f1815ed0"},
-    {file = "cryptography-44.0.1-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:6f76fdd6fd048576a04c5210d53aa04ca34d2ed63336d4abd306d0cbe298fddf"},
-    {file = "cryptography-44.0.1-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:6c8acf6f3d1f47acb2248ec3ea261171a671f3d9428e34ad0357148d492c7864"},
-    {file = "cryptography-44.0.1-cp37-abi3-win32.whl", hash = "sha256:24979e9f2040c953a94bf3c6782e67795a4c260734e5264dceea65c8f4bae64a"},
-    {file = "cryptography-44.0.1-cp37-abi3-win_amd64.whl", hash = "sha256:fd0ee90072861e276b0ff08bd627abec29e32a53b2be44e41dbcdf87cbee2b00"},
-    {file = "cryptography-44.0.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:a2d8a7045e1ab9b9f803f0d9531ead85f90c5f2859e653b61497228b18452008"},
-    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b8272f257cf1cbd3f2e120f14c68bff2b6bdfcc157fafdee84a1b795efd72862"},
-    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1e8d181e90a777b63f3f0caa836844a1182f1f265687fac2115fcf245f5fbec3"},
-    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:436df4f203482f41aad60ed1813811ac4ab102765ecae7a2bbb1dbb66dcff5a7"},
-    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:4f422e8c6a28cf8b7f883eb790695d6d45b0c385a2583073f3cec434cc705e1a"},
-    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:72198e2b5925155497a5a3e8c216c7fb3e64c16ccee11f0e7da272fa93b35c4c"},
-    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:2a46a89ad3e6176223b632056f321bc7de36b9f9b93b2cc1cccf935a3849dc62"},
-    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:53f23339864b617a3dfc2b0ac8d5c432625c80014c25caac9082314e9de56f41"},
-    {file = "cryptography-44.0.1-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:888fcc3fce0c888785a4876ca55f9f43787f4c5c1cc1e2e0da71ad481ff82c5b"},
-    {file = "cryptography-44.0.1-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:00918d859aa4e57db8299607086f793fa7813ae2ff5a4637e318a25ef82730f7"},
-    {file = "cryptography-44.0.1-cp39-abi3-win32.whl", hash = "sha256:9b336599e2cb77b1008cb2ac264b290803ec5e8e89d618a5e978ff5eb6f715d9"},
-    {file = "cryptography-44.0.1-cp39-abi3-win_amd64.whl", hash = "sha256:e403f7f766ded778ecdb790da786b418a9f2394f36e8cc8b796cc056ab05f44f"},
-    {file = "cryptography-44.0.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:1f9a92144fa0c877117e9748c74501bea842f93d21ee00b0cf922846d9d0b183"},
-    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:610a83540765a8d8ce0f351ce42e26e53e1f774a6efb71eb1b41eb01d01c3d12"},
-    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:5fed5cd6102bb4eb843e3315d2bf25fede494509bddadb81e03a859c1bc17b83"},
-    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:f4daefc971c2d1f82f03097dc6f216744a6cd2ac0f04c68fb935ea2ba2a0d420"},
-    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:94f99f2b943b354a5b6307d7e8d19f5c423a794462bde2bf310c770ba052b1c4"},
-    {file = "cryptography-44.0.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:d9c5b9f698a83c8bd71e0f4d3f9f839ef244798e5ffe96febfa9714717db7af7"},
-    {file = "cryptography-44.0.1.tar.gz", hash = "sha256:f51f5705ab27898afda1aaa430f34ad90dc117421057782022edf0600bec5f14"},
+    {file = "cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123"},
+    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b15492a11f9e1b62ba9d73c210e2416724633167de94607ec6069ef724fad092"},
+    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:831c3c4d0774e488fdc83a1923b49b9957d33287de923d58ebd3cec47a0ae43f"},
+    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:761817a3377ef15ac23cd7834715081791d4ec77f9297ee694ca1ee9c2c7e5eb"},
+    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:3c672a53c0fb4725a29c303be906d3c1fa99c32f58abe008a82705f9ee96f40b"},
+    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:4ac4c9f37eba52cb6fbeaf5b59c152ea976726b865bd4cf87883a7e7006cc543"},
+    {file = "cryptography-44.0.0-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:ed3534eb1090483c96178fcb0f8893719d96d5274dfde98aa6add34614e97c8e"},
+    {file = "cryptography-44.0.0-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:f3f6fdfa89ee2d9d496e2c087cebef9d4fcbb0ad63c40e821b39f74bf48d9c5e"},
+    {file = "cryptography-44.0.0-cp37-abi3-win32.whl", hash = "sha256:eb33480f1bad5b78233b0ad3e1b0be21e8ef1da745d8d2aecbb20671658b9053"},
+    {file = "cryptography-44.0.0-cp37-abi3-win_amd64.whl", hash = "sha256:abc998e0c0eee3c8a1904221d3f67dcfa76422b23620173e28c11d3e626c21bd"},
+    {file = "cryptography-44.0.0-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:660cb7312a08bc38be15b696462fa7cc7cd85c3ed9c576e81f4dc4d8b2b31591"},
+    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1923cb251c04be85eec9fda837661c67c1049063305d6be5721643c22dd4e2b7"},
+    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:404fdc66ee5f83a1388be54300ae978b2efd538018de18556dde92575e05defc"},
+    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:c5eb858beed7835e5ad1faba59e865109f3e52b3783b9ac21e7e47dc5554e289"},
+    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f53c2c87e0fb4b0c00fa9571082a057e37690a8f12233306161c8f4b819960b7"},
+    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:9e6fc8a08e116fb7c7dd1f040074c9d7b51d74a8ea40d4df2fc7aa08b76b9e6c"},
+    {file = "cryptography-44.0.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:d2436114e46b36d00f8b72ff57e598978b37399d2786fd39793c36c6d5cb1c64"},
+    {file = "cryptography-44.0.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a01956ddfa0a6790d594f5b34fc1bfa6098aca434696a03cfdbe469b8ed79285"},
+    {file = "cryptography-44.0.0-cp39-abi3-win32.whl", hash = "sha256:eca27345e1214d1b9f9490d200f9db5a874479be914199194e746c893788d417"},
+    {file = "cryptography-44.0.0-cp39-abi3-win_amd64.whl", hash = "sha256:708ee5f1bafe76d041b53a4f95eb28cdeb8d18da17e597d46d7833ee59b97ede"},
+    {file = "cryptography-44.0.0-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:37d76e6863da3774cd9db5b409a9ecfd2c71c981c38788d3fcfaf177f447b731"},
+    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:f677e1268c4e23420c3acade68fac427fffcb8d19d7df95ed7ad17cdef8404f4"},
+    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:f5e7cb1e5e56ca0933b4873c0220a78b773b24d40d186b6738080b73d3d0a756"},
+    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:8b3e6eae66cf54701ee7d9c83c30ac0a1e3fa17be486033000f2a73a12ab507c"},
+    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:be4ce505894d15d5c5037167ffb7f0ae90b7be6f2a98f9a5c3442395501c32fa"},
+    {file = "cryptography-44.0.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:62901fb618f74d7d81bf408c8719e9ec14d863086efe4185afd07c352aee1d2c"},
+    {file = "cryptography-44.0.0.tar.gz", hash = "sha256:cd4e834f340b4293430701e772ec543b0fbe6c2dea510a5286fe0acabe153a02"},
 ]
 
 [package.dependencies]
 cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""}
 
 [package.extras]
-docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=3.0.0) ; python_version >= \"3.8\""]
+docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=3.0.0)"]
 docstest = ["pyenchant (>=3)", "readme-renderer (>=30.0)", "sphinxcontrib-spelling (>=7.3.1)"]
-nox = ["nox (>=2024.4.15)", "nox[uv] (>=2024.3.2) ; python_version >= \"3.8\""]
-pep8test = ["check-sdist ; python_version >= \"3.8\"", "click (>=8.0.1)", "mypy (>=1.4)", "ruff (>=0.3.6)"]
+nox = ["nox (>=2024.4.15)", "nox[uv] (>=2024.3.2)"]
+pep8test = ["check-sdist", "click (>=8.0.1)", "mypy (>=1.4)", "ruff (>=0.3.6)"]
 sdist = ["build (>=1.0.0)"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi (>=2024)", "cryptography-vectors (==44.0.1)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
+test = ["certifi (>=2024)", "cryptography-vectors (==44.0.0)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]
 
 [[package]]
@@ -214,7 +203,6 @@ version = "0.7.1"
 description = "Library for building Grafana dashboards"
 optional = false
 python-versions = "*"
-groups = ["dev"]
 files = [
     {file = "grafanalib-0.7.1-py3-none-any.whl", hash = "sha256:6fab5d7b837a1f2d1322ef762cd52e565ec0422707a7512765c59f668bdceb58"},
     {file = "grafanalib-0.7.1.tar.gz", hash = "sha256:3d92bb4e92ae78fe4e21c5b252ab51f4fdcacd8523ba5a44545b897b2a375b83"},
@@ -232,7 +220,6 @@ version = "3.1.5"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
-groups = ["main"]
 files = [
     {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
     {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
@@ -250,7 +237,6 @@ version = "3.0.2"
 description = "Safely add untrusted strings to HTML/XML markup."
 optional = false
 python-versions = ">=3.9"
-groups = ["main"]
 files = [
     {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"},
     {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158"},
@@ -321,7 +307,6 @@ version = "1.3.0"
 description = "A network address manipulation library for Python"
 optional = false
 python-versions = ">=3.7"
-groups = ["main"]
 files = [
     {file = "netaddr-1.3.0-py3-none-any.whl", hash = "sha256:c2c6a8ebe5554ce33b7d5b3a306b71bbb373e000bbbf2350dd5213cc56e3dbbe"},
     {file = "netaddr-1.3.0.tar.gz", hash = "sha256:5c3c3d9895b551b763779ba7db7a03487dc1f8e3b385af819af341ae9ef6e48a"},
@@ -336,7 +321,6 @@ version = "24.2"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
 files = [
     {file = "packaging-24.2-py3-none-any.whl", hash = "sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"},
     {file = "packaging-24.2.tar.gz", hash = "sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"},
@@ -348,8 +332,6 @@ version = "2.22"
 description = "C parser in Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
-markers = "platform_python_implementation != \"PyPy\""
 files = [
     {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"},
     {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"},
@@ -361,7 +343,6 @@ version = "6.0.2"
 description = "YAML parser and emitter for Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
 files = [
     {file = "PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"},
     {file = "PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf"},
@@ -424,7 +405,6 @@ version = "1.0.1"
 description = "Resolve abstract dependencies into concrete ones"
 optional = false
 python-versions = "*"
-groups = ["main"]
 files = [
     {file = "resolvelib-1.0.1-py2.py3-none-any.whl", hash = "sha256:d2da45d1a8dfee81bdd591647783e340ef3bcb104b54c383f70d422ef5cc7dbf"},
     {file = "resolvelib-1.0.1.tar.gz", hash = "sha256:04ce76cbd63fded2078ce224785da6ecd42b9564b1390793f64ddecbe997b309"},
@@ -438,26 +418,25 @@ test = ["commentjson", "packaging", "pytest"]
 
 [[package]]
 name = "setuptools"
-version = "75.8.1"
+version = "75.6.0"
 description = "Easily download, build, install, upgrade, and uninstall Python packages"
 optional = false
 python-versions = ">=3.9"
-groups = ["main"]
 files = [
-    {file = "setuptools-75.8.1-py3-none-any.whl", hash = "sha256:3bc32c0b84c643299ca94e77f834730f126efd621de0cc1de64119e0e17dab1f"},
-    {file = "setuptools-75.8.1.tar.gz", hash = "sha256:65fb779a8f28895242923582eadca2337285f0891c2c9e160754df917c3d2530"},
+    {file = "setuptools-75.6.0-py3-none-any.whl", hash = "sha256:ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"},
+    {file = "setuptools-75.6.0.tar.gz", hash = "sha256:8199222558df7c86216af4f84c30e9b34a61d8ba19366cc914424cdbd28252f6"},
 ]
 
 [package.extras]
-check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1) ; sys_platform != \"cygwin\"", "ruff (>=0.8.0) ; sys_platform != \"cygwin\""]
-core = ["importlib_metadata (>=6) ; python_version < \"3.10\"", "jaraco.collections", "jaraco.functools (>=4)", "jaraco.text (>=3.7)", "more_itertools", "more_itertools (>=8.8)", "packaging", "packaging (>=24.2)", "platformdirs (>=4.2.2)", "tomli (>=2.0.1) ; python_version < \"3.11\"", "wheel (>=0.43.0)"]
+check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.7.0)"]
+core = ["importlib_metadata (>=6)", "jaraco.collections", "jaraco.functools (>=4)", "jaraco.text (>=3.7)", "more_itertools", "more_itertools (>=8.8)", "packaging", "packaging (>=24.2)", "platformdirs (>=4.2.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
 cover = ["pytest-cov"]
 doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
 enabler = ["pytest-enabler (>=2.2)"]
-test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21) ; python_version >= \"3.9\" and sys_platform != \"cygwin\"", "jaraco.envs (>=2.2)", "jaraco.path (>=3.7.2)", "jaraco.test (>=5.5)", "packaging (>=24.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf ; sys_platform != \"cygwin\"", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
-type = ["importlib_metadata (>=7.0.2) ; python_version < \"3.10\"", "jaraco.develop (>=7.21) ; sys_platform != \"cygwin\"", "mypy (==1.14.*)", "pytest-mypy"]
+test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test (>=5.5)", "packaging (>=24.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
+type = ["importlib_metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (>=1.12,<1.14)", "pytest-mypy"]
 
 [metadata]
-lock-version = "2.1"
-python-versions = "^3.11"
-content-hash = "aee53e668f5f3a99526ea72999ad57256351453f5331f71c0abf94b5bd74a0c3"
+lock-version = "2.0"
+python-versions = "^3.10"
+content-hash = "334448cb0c7d192f0e10987a995ecefca5e136733cce4dd15dcc2238f1c371c8"

poetry.toml

@@ -1,2 +0,0 @@
-[virtualenvs]
-in-project = true

pyproject.toml

@@ -6,12 +6,12 @@ authors = ["Iurii Tatishchev <itatishch@gmail.com>"]
 readme = "README.md"
 
 [tool.poetry.dependencies]
-python = "^3.11"
-ansible = "^11.1.0"
+python = "^3.10"
+ansible = "^10.1.0"
 ansible-vault = "^2.1.0"
 netaddr = "^1.3.0"
 
-[tool.poetry.group.dev.dependencies]
+[tool.poetry.dev-dependencies]
 grafanalib = "^0.7.1"
 
 

renovate.json

@@ -1,11 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:recommended"
-  ],
-  "docker-compose": {
-    "fileMatch": [
-      "(^|/)(?:docker-)?compose[^/]*\\.ya?ml(\\.j2)?$"
-    ]
-  }
-}

roles/alpina/tasks/deploy_compose_stack.yml

@@ -11,7 +11,7 @@
     path: "{{ current_stack_dest }}/{{ item.path }}"
     state: directory
     mode: "755"
-  loop: "{{ query('community.general.filetree', current_stack_source) }}"
+  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
   when: item.state == "directory"
 
 - name: Generate {{ current_stack_name }} deployment from templates
@@ -19,7 +19,7 @@
     src: "{{ item.src }}"
     dest: "{{ current_stack_dest }}/{{ item.path | regex_replace('\\.j2$', '') }}"
     mode: "644"
-  loop: "{{ query('community.general.filetree', current_stack_source) }}"
+  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
   when: item.state == "file" and item.path | regex_search('\\.j2$')
 
 - name: Generate {{ current_stack_name }} deployment from static files
@@ -27,7 +27,7 @@
     src: "{{ item.src }}"
     dest: "{{ current_stack_dest }}/{{ item.path }}"
     mode: "644"
-  loop: "{{ query('community.general.filetree', current_stack_source) }}"
+  loop: "{{ lookup('community.general.filetree', current_stack_source) }}"
   when: item.state == "file" and not item.path | regex_search('\\.j2$')
 
 - name: Deploy docker-compose for {{ current_stack_name }}

roles/alpina/tasks/main.yml

@@ -28,12 +28,8 @@
     collection: apps
     stacks:
       - gitea
-      - woodpecker
-      - syncthing
       - nextcloud
       - jellyfin
       - arrstack
       - vpgen
-      - pgrok
-      - minecruft
   import_tasks: deploy_collection.yml

roles/alpina/templates/apps/arrstack/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(249) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   gluetun:
@@ -9,13 +11,14 @@ services:
     container_name: gluetun
     cap_add:
       - NET_ADMIN
-    devices:
-      - /dev/net/tun:/dev/net/tun
     sysctls:
       - net.ipv6.conf.all.disable_ipv6=0
     env_file:
       - .env.gluetun
     restart: unless-stopped
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/gluetun:/gluetun
 
@@ -46,6 +49,9 @@ services:
     restart: unless-stopped
     depends_on:
       - qbittorrent
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/config/prowlarr:/config
 
@@ -57,6 +63,9 @@ services:
     restart: unless-stopped
     depends_on:
       - qbittorrent
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/config/sonarr:/config
       - {{ base_volume_path }}/arrstack/downloads:/downloads
@@ -70,6 +79,9 @@ services:
     restart: unless-stopped
     depends_on:
       - qbittorrent
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/arrstack/config/radarr:/config
       - {{ base_volume_path }}/arrstack/downloads:/downloads

roles/alpina/templates/apps/gitea/.env.gitea.j2

@@ -25,7 +25,5 @@ GITEA__security__INTERNAL_TOKEN={{ internal_token }}
 
 GITEA__oauth2__JWT_SECRET={{ jwt_secret }}
 
-GITEA__webhook__ALLOWED_HOST_LIST="external,woodpecker.{{ domain }}"
-
 # Indexer
 GITEA__indexer__REPO_INDEXER_ENABLED=true

roles/alpina/templates/apps/gitea/docker-compose.yml.j2

@@ -2,16 +2,21 @@
 
 networks:
   {{ helpers.default_network(199) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   server:
-    image: gitea/gitea
+    image: gitea/gitea:1.22
     container_name: gitea_server
     labels:
       - {{ helpers.traefik_labels('gitea', port='3000') | indent(6) }}
     restart: unless-stopped
     env_file:
       - .env.gitea
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/gitea/gitea:/data
     depends_on:
@@ -22,5 +27,7 @@ services:
     restart: unless-stopped
     env_file:
       - .env.db
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/gitea/postgres:/var/lib/postgresql/data

roles/alpina/templates/apps/jellyfin/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(197) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   jellyfin:
@@ -12,6 +14,9 @@ services:
     restart: unless-stopped
     env_file:
       - .env.jellyfin
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/jellyfin/config:/config
       - {{ base_volume_path }}/jellyfin/cache:/cache

roles/alpina/templates/apps/minecruft/.env.minecruft.j2

@@ -1,25 +0,0 @@
-EULA=true
-
-CF_API_KEY="{{ minecruft_cf_api_key }}"
-TYPE=AUTO_CURSEFORGE
-CF_PAGE_URL=https://www.curseforge.com/minecraft/modpacks/create-arcane-engineering/files/4852034
-CF_EXCLUDE_MODS=591711
-CURSEFORGE_FILES=https://www.curseforge.com/minecraft/mc-mods/simple-voice-chat/files/7011546
-
-MEMORY=16G
-ENABLE_ROLLING_LOGS=true
-#TZ=America/New_York
-
-OVERRIDE_SERVER_PROPERTIES=true
-DIFFICULTY=normal
-MAX_TICK_TIME=-1
-ALLOW_FLIGHT=true
-OPS=Litoprobka,CaZzzer
-VIEW_DISTANCE=12
-MAX_PLAYERS=16
-PVP=false
-LEVEL_TYPE=normal
-LEVEL_SEED=133769
-MOTD="Remember the Cavendish"
-ONLINE_MODE=false
-SPAWN_PROTECTION=0

roles/alpina/templates/apps/minecruft/compose.yml.j2

@@ -1,13 +0,0 @@
-services:
-  minecruft:
-    image: itzg/minecraft-server:java17-alpine
-    container_name: minecruft
-    ports:
-      - 25565:25565
-      - 25565:25565/udp
-      - 24454:24454/udp
-    restart: unless-stopped
-    env_file: .env.minecruft
-    volumes:
-      - {{ base_volume_path }}/minecruft/data:/data
-      - {{ base_volume_path }}/minecruft/downloads:/downloads

roles/alpina/templates/apps/nextcloud/.env.j2

@@ -0,0 +1 @@
+NEXTCLOUD_VERSION=30-apache

roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2

@@ -2,10 +2,13 @@
 
 networks:
   {{ helpers.default_network(198) | indent(2) }}
+  traefik_traefik:
+    external: true
+
 
 services:
   app:
-    image: &nextcloud_image nextcloud:stable-apache
+    image: nextcloud:${NEXTCLOUD_VERSION}
     container_name: nextcloud_app
     labels:
       - {{ helpers.traefik_labels('nc', port='80') | indent(6) }}
@@ -15,28 +18,40 @@ services:
       - redis
     env_file:
       - .env.nextcloud
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
       - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
       - {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data
 
   cron:
-    image: *nextcloud_image
+    image: nextcloud:${NEXTCLOUD_VERSION}
     container_name: nextcloud_cron
     restart: unless-stopped
     depends_on:
       - app
     entrypoint: /cron.sh
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html
       - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config
       - {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data
 
   notify_push:
-    image: *nextcloud_image
+    image: nextcloud:${NEXTCLOUD_VERSION}
     container_name: nextcloud_notify_push
+    {# TODO: Refactor this and minio -#}
     labels:
-      - {{ helpers.traefik_labels('nc', port='7867', path_prefix='/push') | indent(6) }}
+      - traefik.enable=true
+      - traefik.http.routers.nc-notify.rule=Host(`nc.{{ domain }}`) && PathPrefix(`/push`)
+      - traefik.http.routers.nc-notify.entrypoints=websecure
+      - traefik.http.routers.nc-notify.tls=true
+      - traefik.http.routers.nc-notify.tls.certresolver=letsencrypt
+      - traefik.http.routers.nc-notify.tls.domains.0.main={{ domain }}
+      - traefik.http.routers.nc-notify.tls.domains.0.sans=*.{{ domain }}
+      - traefik.http.services.nc-notify.loadbalancer.server.port=7867
     restart: unless-stopped
     user: www-data
     env_file:
@@ -53,6 +68,8 @@ services:
     restart: unless-stopped
     env_file:
       - .env.db
+    networks:
+      - default
     volumes:
       - {{ base_volume_path }}/nextcloud/db:/var/lib/postgresql/data
 
@@ -62,6 +79,8 @@ services:
     restart: unless-stopped
     env_file:
       - .env.redis
+    networks:
+      - default
     command:
       - sh
       - -c

roles/alpina/templates/apps/pgrok/compose.yml.j2

@@ -1,31 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(194) | indent(2) }}
-
-#  https://github.com/pgrok/pgrok/blob/main/docs/admin/docker.md#docker-compose
-services:
-  server:
-    image: ghcr.io/pgrok/pgrokd:latest
-    container_name: pgrok_server
-    labels:
-      - {{ helpers.traefik_labels('pgrok', port='3320') | indent(6) }}
-      - {{ helpers.traefik_labels('pgrok', port='3000', wildcard=true) | indent(6) }}
-    restart: unless-stopped
-    volumes:
-      - ./pgrokd.yml:/var/opt/pgrokd/pgrokd.yml
-    ports:
-      - "2222:2222"
-    depends_on:
-      - db
-
-  db:
-    image: postgres:17-alpine
-    container_name: pgrok_db
-    restart: unless-stopped
-    volumes:
-      - {{ base_volume_path }}/pgrok/postgres:/var/lib/postgresql/data
-    environment:
-      POSTGRES_DB: pgrok
-      POSTGRES_USER: pgrok
-      POSTGRES_PASSWORD: "{{ pgrok_db_password }}"

roles/alpina/templates/apps/pgrok/pgrokd.yml.j2

@@ -1,29 +0,0 @@
-external_url: "https://pgrok.{{ domain }}"
-web:
-  port: 3320
-proxy:
-  port: 3000
-  scheme: https
-  domain: "pgrok.{{ domain }}"
-sshd:
-  port: 2222
-
-database:
-  host: db
-  port: 5432
-  user: pgrok
-  password: "{{ pgrok_db_password }}"
-  database: pgrok
-
-identity_provider:
-  type: oidc
-  display_name: Authentik
-  issuer: "https://auth.{{ domain }}/application/o/pgrok/"
-  client_id: "pgrok"
-  client_secret: "{{ auth_pgrok_client_secret }}"
-  field_mapping:
-    identifier: "preferred_username"
-    display_name: "name"
-    email: "email"
-# # The required domain name, "field_mapping.email" is required to set for this to work.
-  #  required_domain: "example.com"

roles/alpina/templates/apps/syncthing/compose.yml.j2

@@ -1,16 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(193) | indent(2) }}
-
-services:
-  syncthing:
-    image: linuxserver/syncthing
-    container_name: syncthing
-    labels:
-      - {{ helpers.traefik_labels('sync', port='8384', auth=true) | indent(6) }}
-    restart: unless-stopped
-    network_mode: host
-    volumes:
-      - {{ base_volume_path }}/syncthing/config:/config
-      - {{ base_volume_path }}/syncthing/data:/data

roles/alpina/templates/apps/vpgen/.env.vpgen.j2

@@ -1,17 +1,8 @@
 DATABASE_URL=file:/data/vpgen.db
 
-PUBLIC_AUTH_AUTHENTIK_ENABLE=1
-AUTH_AUTHENTIK_REQUIRE_INVITE=0
-AUTH_AUTHENTIK_DOMAIN="auth.{{ domain }}"
-AUTH_AUTHENTIK_CLIENT_ID=vpgen
-AUTH_AUTHENTIK_CLIENT_SECRET="{{ auth_vpgen_client_secret }}"
-
-PUBLIC_AUTH_GOOGLE_ENABLE=1
-AUTH_GOOGLE_REQUIRE_INVITE=1
-AUTH_GOOGLE_CLIENT_ID="{{ google_consumer_key }}"
-AUTH_GOOGLE_CLIENT_SECRET="{{ google_consumer_secret }}"
-
-AUTH_INVITE_TOKEN="{{ vpgen_auth_invite_token }}"
+AUTH_DOMAIN=auth.{{ domain }}
+AUTH_CLIENT_ID=vpgen
+AUTH_CLIENT_SECRET={{ auth_vpgen_client_secret }}
 
 OPNSENSE_API_URL={{ vpgen_opnsense_api_url }}
 OPNSENSE_API_KEY={{ vpgen_opnsense_api_key }}

roles/alpina/templates/apps/woodpecker/compose.yml.j2

@@ -1,35 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(195) | indent(2) }}
-
-services:
-  woodpecker-server:
-    image: woodpeckerci/woodpecker-server:v3
-    container_name: woodpecker_server
-    labels:
-      - {{ helpers.traefik_labels('woodpecker', port='8000') | indent(6) }}
-    restart: unless-stopped
-    volumes:
-      - {{ base_volume_path }}/woodpecker/data:/var/lib/woodpecker
-    environment:
-      - WOODPECKER_OPEN=true
-      - WOODPECKER_HOST=https://woodpecker.{{ domain }}
-      - WOODPECKER_GITEA=true
-      - WOODPECKER_GITEA_URL=https://gitea.{{ domain }}
-      - WOODPECKER_GITEA_CLIENT={{ woodpecker_gitea_client_id }}
-      - WOODPECKER_GITEA_SECRET={{ woodpecker_gitea_client_secret }}
-      - WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}
-
-  woodpecker-agent:
-    image: woodpeckerci/woodpecker-agent:v3
-    container_name: woodpecker_agent
-    restart: unless-stopped
-    depends_on:
-      - woodpecker-server
-    volumes:
-      - {{ base_volume_path }}/woodpecker/agent_config:/etc/woodpecker
-      - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      - WOODPECKER_SERVER=woodpecker-server:9000
-      - WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}

roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2

@@ -92,8 +92,8 @@ entries:
     model: authentik_stages_user_write.userwritestage
     id: enrollment-user-write
     attrs:
+      user_creation_mode: always_create
       user_type: internal
-      create_users_group: !Find [authentik_core.group, [name, {{ auth_default_enrollment_group }}]]
   - identifiers:
       name: alpina-enrollment-email-verify
     model: authentik_stages_email.emailstage

roles/alpina/templates/services/authentik/blueprints/alpina-groups.yaml.j2

@@ -38,8 +38,3 @@ entries:
         return {
           "policy": policy,
         }
-
-  - identifiers:
-      name: "vpgen"
-    model: authentik_core.group
-    id: "vpgen"

roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2

@@ -76,4 +76,4 @@ entries:
     model: authentik_stages_user_write.userwritestage
     attrs:
       user_type: internal
-      create_users_group: !Find [authentik_core.group, [name, {{ auth_default_enrollment_group }}]]
+      group: !Find [authentik_core.group, [name, users]]

roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2

@@ -38,13 +38,6 @@ entries:
       "icon": "https://vpgen."~ domain ~"/favicon.png",
       "client_secret": auth_vpgen_client_secret,
       "ui_group": "Apps",
-      "allowed_for_groups": ["admins", "users", "vpgen"],
-    },
-    "Pgrok": {
-      "redirect_uri": "https://pgrok."~ domain ~"/-/oidc/callback",
-      "icon": "https://pgrok."~ domain ~"/pgrok.svg",
-      "client_secret": auth_pgrok_client_secret,
-      "ui_group": "Apps",
       "allowed_for_groups": ["admins", "users"],
     },
   } -%}

roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2

@@ -13,13 +13,6 @@ entries:
       "ui_group": "Services",
       "allowed_for_groups": ["admins"],
     },
-    "Syncthing": {
-      "host": "sync",
-      "icon": "https://sync."~ domain ~"/assets/img/favicon-default.png",
-      "unauthenticated_paths": "^/assets/img/favicon-default.png$",
-      "ui_group": "Apps",
-      "allowed_for_groups": ["admins"],
-    },
     "qBit": {
       "host": "qbit",
       "icon": "https://qbit."~ domain ~"/images/qbittorrent-tray.svg",

roles/alpina/templates/services/authentik/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(253) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   server:
@@ -15,11 +17,13 @@ services:
     restart: unless-stopped
     # Port forward is needed because traefik can't resolve the container name from the host network
     ports:
-      - "127.0.0.1:9000:9000"
-      - "[::1]:9000:9000"
+      - "9000:9000"
     command: server
     env_file:
       - .env.authentik
+    networks:
+      - default
+      - traefik_traefik
 
   worker:
     image: ghcr.io/goauthentik/server:latest

roles/alpina/templates/services/minio/compose.yml.j2

@@ -1,19 +0,0 @@
-{% import 'contrib/compose_helpers.j2' as helpers with context %}
-
-networks:
-  {{ helpers.default_network(252) | indent(2) }}
-
-services:
-  minio:
-    image: minio/minio:latest
-    container_name: minio
-    labels:
-      - {{ helpers.traefik_labels('minio', port='9090') | indent(6) }}
-      - {{ helpers.traefik_labels('s3', port='9000') | indent(6) }}
-      - {{ helpers.traefik_labels('s3', port='9000', wildcard=true) | indent(6) }}
-    restart: unless-stopped
-    command: server --console-address ":9090" /data
-    env_file:
-      - .env.minio
-    volumes:
-      - {{ base_volume_path }}/minio/data:/data

roles/alpina/templates/services/minio/docker-compose.yml.j2

@@ -0,0 +1,32 @@
+{% import 'contrib/compose_helpers.j2' as helpers with context %}
+
+networks:
+  {{ helpers.default_network(252) | indent(2) }}
+  traefik_traefik:
+    external: true
+
+services:
+  minio:
+    image: minio/minio:latest
+    container_name: minio
+    labels:
+      - {{ helpers.traefik_labels('minio', port='9090') | indent(6) }}
+      - traefik.http.routers.minio.service=minio
+      - traefik.http.routers.minio-tls.service=minio
+      - traefik.http.routers.minio-s3.rule=Host(`s3.{{ domain }}`) || HostRegexp(`^.+[.]s3[.]{{ domain }}`)
+      - traefik.http.routers.minio-s3.entrypoints=websecure
+      - traefik.http.routers.minio-s3.tls=true
+      - traefik.http.routers.minio-s3.tls.certresolver=letsencrypt
+      - traefik.http.routers.minio-s3.tls.domains.0.main=s3.{{ domain }}
+      - traefik.http.routers.minio-s3.tls.domains.0.sans=*.s3.{{ domain }}
+      - traefik.http.routers.minio-s3.service=minio-s3
+      - traefik.http.services.minio-s3.loadbalancer.server.port=9000
+    restart: unless-stopped
+    command: server --console-address ":9090" /data
+    env_file:
+      - .env.minio
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/minio/data:/data

roles/alpina/templates/services/monitoring/docker-compose.yml.j2

@@ -2,6 +2,8 @@
 
 networks:
   {{ helpers.default_network(251) | indent(2) }}
+  traefik_traefik:
+    external: true
 
 services:
   grafana:
@@ -15,6 +17,9 @@ services:
     restart: unless-stopped
     # Needed to make config files readable (not anymore, TODO: remove)
     user: "{{ remote_uid }}"
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/monitoring/grafana:/var/lib/grafana
       - ./grafana_config/grafana.ini:/etc/grafana/grafana.ini:ro
@@ -22,7 +27,7 @@ services:
 {#      - ./grafana_config:/etc/grafana:ro#}
 
   loki:
-    image: grafana/loki:3.5
+    image: grafana/loki:latest
     container_name: loki
     restart: unless-stopped
     # Needed to make config files readable (not anymore, TODO: remove)
@@ -31,8 +36,7 @@ services:
       - -config.file=/etc/loki/loki-config.yaml
     # Port forward is needed because not possible to resolve the container name from the host network
     ports:
-      - "127.0.0.1:3100:3100"
-      - "[::1]:3100:3100"
+      - 3100:3100
     volumes:
       - {{ base_volume_path }}/monitoring/loki:/loki
       - ./loki_config:/etc/loki:ro
@@ -40,7 +44,7 @@ services:
       - /tmp/loki
 
   promtail:
-    image: grafana/promtail:3.5
+    image: grafana/promtail:latest
     container_name: promtail
     restart: unless-stopped
     command:
@@ -99,6 +103,9 @@ services:
     restart: unless-stopped
     env_file:
       - .env.influxdb
+    networks:
+      - default
+      - traefik_traefik
     volumes:
       - {{ base_volume_path }}/monitoring/influxdb:/var/lib/influxdb2
 

roles/alpina/templates/services/monitoring/grafana_config/dashboards/common.py

@@ -1,81 +1,27 @@
-from attrs import define
-from grafanalib.core import Template, TimeSeries, Dashboard, HIDE_VARIABLE, Target
+from grafanalib.core import Template
 
-CONF_SUPPORT_LOKI = True
-CONF_SUPPORT_ZFS = True
+# TODO: consider default params for common params like line width, show points, tooltip
 
-CONF_DATASOURCE_VAR_PROM = 'prom_datasource'
-CONF_DATASOURCE_VAR_LOKI = 'loki_datasource'
-
-prom_datasource = f'${{{CONF_DATASOURCE_VAR_PROM}}}'
-loki_datasource = f'${{{CONF_DATASOURCE_VAR_LOKI}}}'
-
-prom_template = Template(
-    name=CONF_DATASOURCE_VAR_PROM,
+PrometheusTemplate = Template(
+    name='datasource',
     type='datasource',
     label='Prometheus',
     query='prometheus',
-    hide=HIDE_VARIABLE,
 )
 
-loki_template = Template(
-    name=CONF_DATASOURCE_VAR_LOKI,
-    type='datasource',
-    label='Loki',
-    query='loki',
-    hide=HIDE_VARIABLE,
-)
-
-
-@define
-class MyDashboard(Dashboard):
-    """Wrapper class for Dashboard with some default values"""
-    timezone: str = 'browser'
-    sharedCrosshair: bool = True
-
-
-@define
-class MyTimeSeries(TimeSeries):
-    """Wrapper class for TimeSeries with some default values and custom fields"""
-    fillOpacity: int = 10
-    lineWidth: int = 1
-    showPoints: str = 'never'
-    tooltipMode: str = 'multi'
-    maxDataPoints: int = None
-
-    # new fields
-    axisCenteredZero: bool = False
-
-    def to_json_data(self):
-        data = super().to_json_data()
-        data['fieldConfig']['defaults']['custom']['axisCenteredZero'] = self.axisCenteredZero
-        return data
-
-
-@define
-class PromTarget(Target):
-    """Wrapper class for Target with default prometheus datasource"""
-    datasource: str = prom_datasource
-
-
-@define
+# TODO: this slightly less (clown emoji), normal Target gave me errors in grafana
 class LokiTarget(object):
-    """Custom class for Loki Target, because normal Target gave errors in grafana"""
-    expr: str
-    legendFormat: str
-    datasource: str = loki_datasource
-    refId: str = None
-    queryType: str = 'range'
+    def __init__(self, loki_datasource, expr, legendFormat, refId):
+        self.loki_datasource = loki_datasource
+        self.expr = expr
+        self.legendFormat = legendFormat
+        self.refId = refId
 
     def to_json_data(self):
         return {
-            'datasource': self.datasource,
+            'datasource': self.loki_datasource,
             'expr': self.expr,
             'legendFormat': self.legendFormat,
             'refId': self.refId,
-            'queryType': self.queryType,
+            'queryType': 'range',
         }
-
-
-def filter_none(l: list):
-    return [i for i in l if i is not None]

roles/alpina/templates/services/monitoring/grafana_config/dashboards/containers.dashboard.py

@@ -1,10 +1,16 @@
-from grafanalib.core import GridPos, Templating, Template, Logs
+from grafanalib.core import (
+    Dashboard, TimeSeries,
+    Target, GridPos,
+    Templating, Template, REFRESH_ON_TIME_RANGE_CHANGE, Logs
+)
 from grafanalib.formatunits import BYTES_IEC, SECONDS, BYTES_SEC_IEC
 
-from common import LokiTarget, prom_template, loki_template, MyTimeSeries, MyDashboard, CONF_SUPPORT_LOKI, filter_none, \
-    prom_datasource, PromTarget
+from common import LokiTarget, PrometheusTemplate
 
-dashboard = MyDashboard(
+prom_datasource='${datasource}'
+loki_datasource='loki'
+
+dashboard = Dashboard(
     title='Containers',
     uid='containers',
     description='Data for compose projects from default Prometheus datasource collected by Cadvisor',
@@ -12,9 +18,8 @@ dashboard = MyDashboard(
         'linux',
         'docker',
     ],
-    templating=Templating(list=filter_none([
-        prom_template,
-        loki_template if CONF_SUPPORT_LOKI else None,
+    templating=Templating(list=[
+        PrometheusTemplate,
         Template(
             name='compose_project',
             label='Compose Project',
@@ -22,6 +27,7 @@ dashboard = MyDashboard(
             query='label_values({__name__=~"container.*"}, container_label_com_docker_compose_project)',
             includeAll=True,
             multi=True,
+            refresh=REFRESH_ON_TIME_RANGE_CHANGE,
         ),
         Template(
             name='container_name',
@@ -30,6 +36,7 @@ dashboard = MyDashboard(
             query='label_values({__name__=~"container.*", container_label_com_docker_compose_project=~"$compose_project"}, name)',
             includeAll=True,
             multi=True,
+            refresh=REFRESH_ON_TIME_RANGE_CHANGE,
         ),
         Template(
             name='logs_query',
@@ -37,48 +44,67 @@ dashboard = MyDashboard(
             query='',
             type='textbox',
         ),
-    ])),
-    panels=filter_none([
-        MyTimeSeries(
+    ]),
+    timezone='browser',
+    panels=[
+        TimeSeries(
             title='Container Memory Usage',
             unit=BYTES_IEC,
             gridPos=GridPos(h=8, w=12, x=0, y=0),
-            tooltipSort='desc',
+            lineWidth=2,
+            fillOpacity=10,
+            showPoints='never',
             stacking={'mode': 'normal'},
+            tooltipMode='all',
+            tooltipSort='desc',
             targets=[
-                PromTarget(
+                Target(
+                    datasource=prom_datasource,
                     expr='max by (name) (container_memory_usage_bytes{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"})',
                     legendFormat='{{ name }}',
+                    refId='A',
                 ),
             ],
         ),
-        MyTimeSeries(
+        TimeSeries(
             title='Container CPU Usage',
             unit=SECONDS,
             gridPos=GridPos(h=8, w=12, x=12, y=0),
+            lineWidth=2,
+            fillOpacity=10,
+            showPoints='never',
+            tooltipMode='all',
             tooltipSort='desc',
-            stacking={'mode': 'normal'},
             targets=[
-                PromTarget(
-                    expr='max by (name) (irate(container_cpu_usage_seconds_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
+                Target(
+                    datasource=prom_datasource,
+                    expr='max by (name) (rate(container_cpu_usage_seconds_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
                     legendFormat='{{ name }}',
+                    refId='A',
                 ),
             ],
         ),
-        MyTimeSeries(
+        TimeSeries(
             title='Container Network Traffic',
             unit=BYTES_SEC_IEC,
             gridPos=GridPos(h=8, w=12, x=0, y=8),
+            lineWidth=2,
+            fillOpacity=10,
+            showPoints='never',
+            tooltipMode='all',
             tooltipSort='desc',
-            axisCenteredZero=True,
             targets=[
-                PromTarget(
-                    expr='max by (name) (irate(container_network_receive_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
+                Target(
+                    datasource=prom_datasource,
+                    expr='max by (name) (rate(container_network_receive_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
                     legendFormat="rx {{ name }}",
+                    refId='A',
                 ),
-                PromTarget(
-                    expr='-max by (name) (irate(container_network_transmit_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
+                Target(
+                    datasource=prom_datasource,
+                    expr='-max by (name) (rate(container_network_transmit_bytes_total{name=~"$container_name", container_label_com_docker_compose_project=~"$compose_project"}[$__rate_interval]))',
                     legendFormat="tx {{ name }}",
+                    refId='B',
                 ),
             ],
         ),
@@ -92,10 +118,12 @@ dashboard = MyDashboard(
             dedupStrategy='numbers',
             targets=[
                 LokiTarget(
+                    loki_datasource=loki_datasource,
                     expr='{compose_project=~"$compose_project", container_name=~"$container_name"} |= `$logs_query`',
                     legendFormat='{{ container_name }}',
+                    refId='A',
                 ),
             ],
-        ) if CONF_SUPPORT_LOKI else None,
-    ]),
+        ),
+    ],
 ).auto_panel_ids()

roles/alpina/templates/services/monitoring/grafana_config/dashboards/node.dashboard.py

@@ -1,159 +1,139 @@
-from grafanalib.core import Templating, Template, GridPos
-from grafanalib.formatunits import BYTES_IEC, BITS_SEC, PERCENT_UNIT
+from grafanalib.core import Dashboard, Templating, Template, TimeSeries, PERCENT_UNIT_FORMAT, GridPos, Target
+from grafanalib.formatunits import BYTES_IEC
 
-from common import prom_template, MyTimeSeries, MyDashboard, CONF_SUPPORT_ZFS, PromTarget, prom_datasource
+from common import PrometheusTemplate
+from node_consts import CPU_BASIC_COLORS, MEMORY_BASIC_COLORS
 
-dashboard = MyDashboard(
+dashboard = Dashboard(
     title='Node Exporter',
     uid='node',
     description='Node Exporter (not quite full)',
     tags=[
         'linux',
     ],
+    timezone='browser',
     templating=Templating(list=[
         # Datasource
-        prom_template,
+        PrometheusTemplate,
         # Job
         Template(
             name='job',
             label='Job',
-            dataSource=prom_datasource,
+            dataSource='${datasource}',
             query='label_values(node_uname_info, job)',
         ),
         # Instance
         Template(
             name='instance',
             label='Instance',
-            dataSource=prom_datasource,
+            dataSource='${datasource}',
             query='label_values(node_uname_info{job="$job"}, instance)',
         ),
     ]),
     panels=[
         # CPU Basic
-        MyTimeSeries(
+        TimeSeries(
             title='CPU Basic',
             description='Basic CPU usage info',
-            unit=PERCENT_UNIT,
+            unit=PERCENT_UNIT_FORMAT,
             gridPos=GridPos(h=8, w=12, x=0, y=0),
-            stacking={'mode': 'percent'},
+            lineWidth=1,
+            fillOpacity=30,
+            showPoints='never',
+            stacking={'mode': 'percent', 'group': 'A'},
+            tooltipMode='all',
+            tooltipSort='desc',
             targets=[
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="system"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy System',
+                    refId='A',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="user"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy User',
+                    refId='B',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="iowait"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy Iowait',
+                    refId='C',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode=~".*irq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy IRQs',
+                    refId='D',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job",  mode!="idle",mode!="user",mode!="system",mode!="iowait",mode!="irq",mode!="softirq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Busy Other',
+                    refId='E',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="idle"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                     legendFormat='Idle',
+                    refId='F',
                 ),
             ],
+            # Extra JSON for the colors
+            extraJson=CPU_BASIC_COLORS,
         ),
         # Memory Basic
-        MyTimeSeries(
+        TimeSeries(
             title='Memory Basic',
             description='Basic memory usage',
             unit=BYTES_IEC,
             gridPos=GridPos(h=8, w=12, x=12, y=0),
-            stacking={'mode': 'normal'},
-            valueMin=0,
+            lineWidth=1,
+            fillOpacity=30,
+            showPoints='never',
+            stacking={'mode': 'normal', 'group': 'A'},
+            tooltipMode='all',
+            tooltipSort='desc',
             targets=[
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"}',
                     format='time_series',
                     legendFormat='RAM Total',
+                    refId='A',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"} - node_memory_MemFree_bytes{instance="$instance",job="$job"} - (node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"})',
                     format='time_series',
                     legendFormat='RAM Used',
-                    hide=CONF_SUPPORT_ZFS,
+                    refId='B',
                 ),
-                PromTarget(
-                    expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"} - node_memory_MemFree_bytes{instance="$instance",job="$job"} - (node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"}) - node_zfs_arc_size{instance="$instance",job="$job"}',
-                    format='time_series',
-                    legendFormat='RAM Used',
-                    hide=not CONF_SUPPORT_ZFS,
-                ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"}',
                     legendFormat='RAM Cache + Buffer',
+                    refId='C',
                 ),
-                PromTarget(
-                    expr='node_zfs_arc_size{instance="$instance",job="$job"}',
-                    legendFormat='ZFS Arc',
-                    hide=not CONF_SUPPORT_ZFS,
-                ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='node_memory_MemFree_bytes{instance="$instance",job="$job"}',
                     legendFormat='RAM Free',
+                    refId='D',
                 ),
-                PromTarget(
+                Target(
+                    datasource='${datasource}',
                     expr='(node_memory_SwapTotal_bytes{instance="$instance",job="$job"} - node_memory_SwapFree_bytes{instance="$instance",job="$job"})',
                     legendFormat='SWAP Used',
+                    refId='E',
                 ),
             ],
-            overrides=[
-                # Prevent total memory from being stacked
-                {
-                    'matcher': {
-                        'id': 'byName',
-                        'options': 'RAM Total'
-                    },
-                    'properties': [
-                        {
-                            'id': 'custom.stacking',
-                            'value': {'mode': 'none'}
-                        }
-                    ]
-                },
-            ],
-        ),
-        # Network Traffic Basic
-        MyTimeSeries(
-            title='Network Traffic Basic',
-            description='Basic network usage info per interface',
-            unit=BITS_SEC,
-            gridPos=GridPos(h=8, w=12, x=0, y=8),
-            tooltipSort='desc',
-            axisCenteredZero=True,
-            targets=[
-                PromTarget(
-                    expr='irate(node_network_receive_bytes_total{instance="$instance",job="$job"}[$__rate_interval]) * 8',
-                    legendFormat='rx {{ device }}',
-                ),
-                PromTarget(
-                    expr='-irate(node_network_transmit_bytes_total{instance="$instance",job="$job"}[$__rate_interval]) * 8',
-                    legendFormat='tx {{ device }}',
-                ),
-            ],
-        ),
-        # Disk Space Basic
-        MyTimeSeries(
-            title='Disk Space Used Basic',
-            description='Disk space used of all filesystems mounted',
-            unit=PERCENT_UNIT,
-            gridPos=GridPos(h=8, w=12, x=12, y=8),
-            targets=[
-                PromTarget(
-                    expr='1 - (node_filesystem_avail_bytes{instance="$instance",job="$job",device!~"rootfs"} / node_filesystem_size_bytes{instance="$instance",job="$job",device!~"rootfs"})',
-                    legendFormat='{{ mountpoint }}',
-                ),
-            ],
+            # Extra JSON for the colors
+            extraJson=MEMORY_BASIC_COLORS,
         ),
+        # TODO: Network Basic
+        # TODO: Disk Basic
     ],
 ).auto_panel_ids()

roles/alpina/templates/services/monitoring/grafana_config/dashboards/node_consts.py

@@ -0,0 +1,487 @@
+# TODO: Question life decisions (I'm not sure if this is good)
+
+CPU_BASIC_COLORS = {
+    "fieldConfig": {
+        "overrides": [
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy Iowait"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#890F02",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Idle"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#052B51",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy Iowait"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#890F02",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Idle"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#7EB26D",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy System"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#EAB839",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy User"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A437C",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Busy Other"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#6D1F62",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            }
+        ]
+    },
+}
+
+MEMORY_BASIC_COLORS = {
+    "fieldConfig": {
+        "overrides": [
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Apps"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#629E51",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Buffers"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#614D93",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Cache"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#6D1F62",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Cached"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#511749",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Committed"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#508642",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A437C",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#CFFAFF",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Inactive"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#584477",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "PageTables"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A50A1",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Page_Tables"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#0A50A1",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM_Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#E0F9D7",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "SWAP Used"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#BF1B00",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Slab"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#806EB7",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Slab_Cache"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#E0752D",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#BF1B00",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap Used"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#BF1B00",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap_Cache"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#C15C17",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Swap_Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#2F575E",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Unused"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#EAB839",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM Total"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#E0F9D7",
+                            "mode": "fixed"
+                        }
+                    },
+                    {
+                        "id": "custom.fillOpacity",
+                        "value": 0
+                    },
+                    {
+                        "id": "custom.stacking",
+                        "value": {
+                            "group": False,
+                            "mode": "normal"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM Cache + Buffer"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#052B51",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "RAM Free"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#7EB26D",
+                            "mode": "fixed"
+                        }
+                    }
+                ]
+            },
+            {
+                "matcher": {
+                    "id": "byName",
+                    "options": "Available"
+                },
+                "properties": [
+                    {
+                        "id": "color",
+                        "value": {
+                            "fixedColor": "#DEDAF7",
+                            "mode": "fixed"
+                        }
+                    },
+                    {
+                        "id": "custom.fillOpacity",
+                        "value": 0
+                    },
+                    {
+                        "id": "custom.stacking",
+                        "value": {
+                            "group": False,
+                            "mode": "normal"
+                        }
+                    }
+                ]
+            }
+        ]
+    }
+}

roles/alpina/templates/services/traefik/docker-compose.yml.j2

@@ -1,11 +1,18 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
 
 networks:
-  {{ helpers.default_network(254) | indent(2) }}
+  traefik:
+    internal: true
+    enable_ipv6: true
+    ipam:
+      config:
+        # TODO: Consider removing traefik network, it shouldn't be needed with host networking
+        - subnet: {{ traefik_subnet }}/24
+        - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, 255) }}
 
 services:
   traefik:
-    image: traefik:v3.5
+    image: traefik:v3.2
     container_name: traefik
     restart: unless-stopped
     env_file:
@@ -18,8 +25,11 @@ services:
       - {{ base_volume_path }}/traefik/rules:/rules/extra:ro
       - {{ base_volume_path }}/traefik/acme:/acme
 
+  # This is mostly just so that the traefik network gets created
   whoami:
     image: containous/whoami
     container_name: whoami
     labels:
-      - {{ helpers.traefik_labels('whoami', port='80') | indent(6) }}
+      - {{ helpers.traefik_labels('whoami', port=80) | indent(6) }}
+    networks:
+      - traefik

roles/alpina/templates/services/traefik/traefik.yml.j2

@@ -12,16 +12,6 @@ entryPoints:
     address: ":443"
     http3:
       advertisedPort: 443
-    forwardedHeaders:
-      trustedIPs:
-        # https://www.cloudflare.com/ips-v6
-        - 2400:cb00::/32
-        - 2606:4700::/32
-        - 2803:f800::/32
-        - 2405:b500::/32
-        - 2405:8100::/32
-        - 2a06:98c0::/29
-        - 2c0f:f248::/32
   metrics:
     address: ":8082"
 
@@ -46,6 +36,7 @@ certificatesResolvers:
 providers:
   docker:
     exposedByDefault: false
+    network: traefik_traefik
   file:
     directory: /rules
     watch: true

roles/clean/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: Get list of running Docker containers
-  docker_host_info:
-    containers: yes
-  register: docker_container_list
-
-- name: Stop all running Docker containers
-  docker_container:
-    name: "{{ item }}"
-    state: stopped
-  loop: "{{ docker_container_list.containers | map(attribute='Id') | list }}"
-  async: 300
-  poll: 0
-
-- name: Prune all Docker containers and networks
-  docker_prune:
-    containers: yes
-    networks: yes
-
-- name: Clean alpina directory
-  file:
-    path: "{{ alpina_svc_path }}"
-    state: absent

roles/common/tasks/main.yml

@@ -32,7 +32,7 @@
     state: enabled
     immediate: yes
 
-- name: Disallow Web
+- name: Allow Web
   become: yes
   firewalld:
     service: http
@@ -64,46 +64,6 @@
     state: enabled
     immediate: yes
 
-- name: Allow 2222 tcp for pgrok ssh tunnel
-  become: yes
-  firewalld:
-    port: 2222/tcp
-    permanent: yes
-    state: enabled
-    immediate: yes
-
-- name: Allow Syncthing
-  become: yes
-  firewalld:
-    service: syncthing
-    permanent: yes
-    state: enabled
-    immediate: yes
-
-- name: Allow 25565 tcp for minecruft
-  become: yes
-  firewalld:
-    port: 25565/tcp
-    permanent: yes
-    state: enabled
-    immediate: yes
-
-- name: Allow 25565 udp for minecruft
-  become: yes
-  firewalld:
-    port: 25565/udp
-    permanent: yes
-    state: enabled
-    immediate: yes
-
-- name: Allow 24454 udp for minecruft voice chat
-  become: yes
-  firewalld:
-    port: 24454/udp
-    permanent: yes
-    state: enabled
-    immediate: yes
-
 - name: Reboot if needed
   become: yes
   ansible.builtin.reboot:

roles/docker_host/tasks/main.yml

@@ -1,5 +1,12 @@
-- name: IPv6 subnet for Docker
-  debug:
+- name: Get IPv6 subnet for Docker
+  set_fact:
+    docker_ipv6_subnet: "{{ \
+      ansible_default_ipv6.address \
+      | ansible.utils.ipsubnet(64) \
+      | ansible.utils.ipsubnet(72, docker_ipv6_index) \
+    }}"
+
+- debug:
     var: docker_ipv6_subnet
 
 - name: Configure Docker daemon
@@ -28,6 +35,33 @@
     state: disabled
   register: docker0_firewalld
 
+- name: Get list of running Docker containers
+  docker_host_info:
+    containers: yes
+  register: docker_container_list
+  when: clean_desired is true
+
+- name: Stop all running Docker containers
+  docker_container:
+    name: "{{ item }}"
+    state: stopped
+  loop: "{{ docker_container_list.containers | map(attribute='Id') | list }}"
+  async: 300
+  poll: 0
+  when: clean_desired is true and docker_container_list.containers | length > 0
+
+- name: Prune all Docker containers and networks
+  docker_prune:
+    containers: yes
+    networks: yes
+  when: clean_desired is true
+
+- name: Clean alpina directory
+  file:
+    path: "{{ alpina_svc_path }}"
+    state: absent
+  when: clean_desired is true
+
 - name: Restart Docker daemon
   become: yes
   service:

services.yml

@@ -1,5 +1,6 @@
 - hosts: alpina
   roles:
+    - docker_host
     - alpina
   post_tasks:
     - name: Docker prune objects

site.yml

@@ -1,4 +1,12 @@
-- hosts: alpina
+- hosts: all
   roles:
     - common
-    - docker_host
+  pre_tasks:
+  - name: Set fact for clean desired of docker objects and compose files
+    set_fact:
+      # clean_desired_arg is an extra variable passed to the playbook
+      clean_desired: "{{ clean_desired_arg | bool }}"
+
+
+- name: Install services
+  import_playbook: services.yml