diff --git a/ansible/inventory.ini b/ansible/inventory.ini index e17cb42..af5c765 100644 --- a/ansible/inventory.ini +++ b/ansible/inventory.ini @@ -4,5 +4,5 @@ mennos-desktop ansible_connection=local [servers] mennos-vps ansible_connection=local -mennos-desktop ansible_connection=local +mennos-server ansible_connection=local mennos-rtlsdr-pc ansible_connection=local \ No newline at end of file diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 2d4c4d4..e8b405e 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -16,4 +16,4 @@ - name: Include server tasks ansible.builtin.import_tasks: tasks/servers/server.yml - when: inventory_hostname in ['mennos-vps', 'mennos-desktop', 'mennos-rtlsdr-pc'] + when: inventory_hostname in ['mennos-vps', 'mennos-server', 'mennos-rtlsdr-pc'] diff --git a/ansible/tasks/global/utils/smart-ssh/config.yaml b/ansible/tasks/global/utils/smart-ssh/config.yaml index 7305818..f13e065 100644 --- a/ansible/tasks/global/utils/smart-ssh/config.yaml +++ b/ansible/tasks/global/utils/smart-ssh/config.yaml @@ -13,6 +13,12 @@ smart_aliases: desktop: primary: "desktop-local" fallback: "desktop" + check_host: "192.168.1.250" + timeout: "2s" + + server: + primary: "server-local" + fallback: "server" check_host: "192.168.1.254" timeout: "2s" diff --git a/ansible/tasks/servers/dynamic-dns.yml b/ansible/tasks/servers/dynamic-dns.yml index 8675d75..4b721cb 100644 --- a/ansible/tasks/servers/dynamic-dns.yml +++ b/ansible/tasks/servers/dynamic-dns.yml @@ -83,6 +83,6 @@ - Manual run: sudo /usr/local/bin/dynamic-dns-update.sh - Domains: vleeuwen.me, mvl.sh, mennovanleeuwen.nl - when: inventory_hostname == 'mennos-desktop' or inventory_hostname == 'mennos-vps' + when: inventory_hostname == 'mennos-server' or inventory_hostname == 'mennos-vps' tags: - dynamic-dns diff --git a/ansible/tasks/servers/juicefs.yml b/ansible/tasks/servers/juicefs.yml index 2f02828..aa69230 100644 --- a/ansible/tasks/servers/juicefs.yml +++ b/ansible/tasks/servers/juicefs.yml @@ -70,7 +70,7 @@ - name: Include JuiceFS Redis tasks ansible.builtin.include_tasks: services/redis/redis.yml - when: inventory_hostname == 'mennos-desktop' + when: inventory_hostname == 'mennos-server' - name: Enable and start JuiceFS service ansible.builtin.systemd: diff --git a/ansible/tasks/servers/server.yml b/ansible/tasks/servers/server.yml index e7324b7..c1e1a5c 100644 --- a/ansible/tasks/servers/server.yml +++ b/ansible/tasks/servers/server.yml @@ -78,84 +78,84 @@ - name: dashy enabled: true hosts: - - mennos-desktop + - mennos-server - name: gitea enabled: true hosts: - - mennos-desktop + - mennos-server - name: factorio enabled: true hosts: - - mennos-desktop + - mennos-server - name: dozzle enabled: true hosts: - - mennos-desktop + - mennos-server - name: beszel enabled: true hosts: - - mennos-desktop + - mennos-server - name: caddy enabled: true hosts: - - mennos-desktop + - mennos-server - name: golink enabled: true hosts: - - mennos-desktop + - mennos-server - name: immich enabled: true hosts: - - mennos-desktop + - mennos-server - name: plex enabled: true hosts: - - mennos-desktop + - mennos-server - name: tautulli enabled: true hosts: - - mennos-desktop + - mennos-server - name: downloaders enabled: true hosts: - - mennos-desktop + - mennos-server - name: wireguard enabled: true hosts: - - mennos-desktop + - mennos-server - name: nextcloud enabled: true hosts: - - mennos-desktop + - mennos-server - name: cloudreve enabled: true hosts: - - mennos-desktop + - mennos-server - name: echoip enabled: true hosts: - - mennos-desktop + - mennos-server - name: arr-stack enabled: true hosts: - - mennos-desktop + - mennos-server - name: home-assistant enabled: true hosts: - - mennos-desktop + - mennos-server - name: privatebin enabled: true hosts: - - mennos-desktop + - mennos-server - name: unifi-network-application enabled: true hosts: - - mennos-desktop + - mennos-server - name: avorion enabled: false hosts: - - mennos-desktop + - mennos-server - name: sathub enabled: true hosts: - - mennos-desktop + - mennos-server diff --git a/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/ansible/tasks/servers/services/caddy/Caddyfile.j2 index 956515e..4eeed84 100644 --- a/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -28,7 +28,7 @@ } {% endif %} -{% if inventory_hostname == 'mennos-desktop' %} +{% if inventory_hostname == 'mennos-server' %} git.mvl.sh { import country_block reverse_proxy gitea:3000 diff --git a/ansible/tasks/servers/services/cloudreve/docker-compose.yml.j2 b/ansible/tasks/servers/services/cloudreve/docker-compose.yml.j2 index 2ff321f..43b7196 100644 --- a/ansible/tasks/servers/services/cloudreve/docker-compose.yml.j2 +++ b/ansible/tasks/servers/services/cloudreve/docker-compose.yml.j2 @@ -46,6 +46,10 @@ services: networks: - cloudreve - caddy_network + deploy: + resources: + limits: + memory: 1G redis: image: redis:latest diff --git a/ansible/tasks/servers/services/dashy/conf.yml.j2 b/ansible/tasks/servers/services/dashy/conf.yml.j2 index 8257c58..c4c9bc2 100644 --- a/ansible/tasks/servers/services/dashy/conf.yml.j2 +++ b/ansible/tasks/servers/services/dashy/conf.yml.j2 @@ -5,34 +5,34 @@ sections: - name: Selfhosted items: - title: Plex - icon: http://mennos-desktop:4000/assets/plex.svg + icon: http://mennos-server:4000/assets/plex.svg url: https://plex.mvl.sh statusCheckUrl: https://plex.mvl.sh/identity statusCheck: true id: 0_1035_plex - title: Tautulli - icon: http://mennos-desktop:4000/assets/tautulli.svg + icon: http://mennos-server:4000/assets/tautulli.svg url: https://tautulli.mvl.sh id: 1_1035_tautulli statusCheck: true - title: Overseerr - icon: http://mennos-desktop:4000/assets/overseerr.svg + icon: http://mennos-server:4000/assets/overseerr.svg url: https://overseerr.mvl.sh id: 2_1035_overseerr statusCheck: true - title: Immich - icon: http://mennos-desktop:4000/assets/immich.svg + icon: http://mennos-server:4000/assets/immich.svg url: https://photos.mvl.sh id: 3_1035_immich statusCheck: true - title: Nextcloud - icon: http://mennos-desktop:4000/assets/nextcloud.svg + icon: http://mennos-server:4000/assets/nextcloud.svg url: https://drive.mvl.sh id: 3_1035_nxtcld statusCheck: true - title: ComfyUI - icon: http://mennos-desktop:8188/assets/favicon.ico - url: http://mennos-desktop:8188 + icon: http://mennos-server:8188/assets/favicon.ico + url: http://mennos-server:8188 statusCheckUrl: http://host.docker.internal:8188/api/system_stats id: 3_1035_comfyui statusCheck: true @@ -45,19 +45,19 @@ sections: - name: Media Management items: - title: Sonarr - icon: http://mennos-desktop:4000/assets/sonarr.svg + icon: http://mennos-server:4000/assets/sonarr.svg url: http://go/sonarr id: 0_1533_sonarr - title: Radarr - icon: http://mennos-desktop:4000/assets/radarr.svg + icon: http://mennos-server:4000/assets/radarr.svg url: http://go/radarr id: 1_1533_radarr - title: Prowlarr - icon: http://mennos-desktop:4000/assets/prowlarr.svg + icon: http://mennos-server:4000/assets/prowlarr.svg url: http://go/prowlarr id: 2_1533_prowlarr - title: Tdarr - icon: http://mennos-desktop:4000/assets/tdarr.png + icon: http://mennos-server:4000/assets/tdarr.png url: http://go/tdarr id: 3_1533_tdarr - name: Kagi @@ -77,7 +77,7 @@ sections: - name: News items: - title: Nu.nl - icon: http://mennos-desktop:4000/assets/nunl.svg + icon: http://mennos-server:4000/assets/nunl.svg url: https://www.nu.nl/ id: 0_380_nu - title: Tweakers.net @@ -91,7 +91,7 @@ sections: - name: Downloaders items: - title: qBittorrent - icon: http://mennos-desktop:4000/assets/qbittorrent.svg + icon: http://mennos-server:4000/assets/qbittorrent.svg url: http://go/qbit id: 0_1154_qbittorrent tags: @@ -99,7 +99,7 @@ sections: - torrent - yarr - title: Sabnzbd - icon: http://mennos-desktop:4000/assets/sabnzbd.svg + icon: http://mennos-server:4000/assets/sabnzbd.svg url: http://go/sabnzbd id: 1_1154_sabnzbd tags: @@ -109,7 +109,7 @@ sections: - name: Git items: - title: GitHub - icon: http://mennos-desktop:4000/assets/github.svg + icon: http://mennos-server:4000/assets/github.svg url: https://github.com/vleeuwenmenno id: 0_292_github tags: @@ -117,7 +117,7 @@ sections: - git - hub - title: Gitea - icon: http://mennos-desktop:4000/assets/gitea.svg + icon: http://mennos-server:4000/assets/gitea.svg url: http://git.mvl.sh/vleeuwenmenno id: 1_292_gitea tags: @@ -127,14 +127,14 @@ sections: - name: Server Monitoring items: - title: Beszel - icon: http://mennos-desktop:4000/assets/beszel.svg + icon: http://mennos-server:4000/assets/beszel.svg url: http://go/beszel tags: - monitoring - logs id: 0_1725_beszel - title: Dozzle - icon: http://mennos-desktop:4000/assets/dozzle.svg + icon: http://mennos-server:4000/assets/dozzle.svg url: http://go/dozzle id: 1_1725_dozzle tags: @@ -150,19 +150,19 @@ sections: - name: Tools items: - title: Home Assistant - icon: http://mennos-desktop:4000/assets/home-assistant.svg + icon: http://mennos-server:4000/assets/home-assistant.svg url: http://go/homeassistant id: 0_529_homeassistant - title: Tailscale - icon: http://mennos-desktop:4000/assets/tailscale.svg + icon: http://mennos-server:4000/assets/tailscale.svg url: http://go/tailscale id: 1_529_tailscale - title: GliNet KVM - icon: http://mennos-desktop:4000/assets/glinet.svg + icon: http://mennos-server:4000/assets/glinet.svg url: http://go/glkvm id: 2_529_glinetkvm - title: Unifi Network Controller - icon: http://mennos-desktop:4000/assets/unifi.svg + icon: http://mennos-server:4000/assets/unifi.svg url: http://go/unifi id: 3_529_unifinetworkcontroller - title: Dashboard Icons @@ -236,7 +236,7 @@ sections: - discount - work - title: Proxmox - icon: http://mennos-desktop:4000/assets/proxmox.svg + icon: http://mennos-server:4000/assets/proxmox.svg url: https://www.transip.nl/cp/vps/prm/350680/ id: 5_1429_proxmox tags: @@ -252,7 +252,7 @@ sections: - discount - work - title: Kibana - icon: http://mennos-desktop:4000/assets/kibana.svg + icon: http://mennos-server:4000/assets/kibana.svg url: http://go/kibana id: 7_1429_kibana tags: diff --git a/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 b/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 index c4b2699..6371808 100644 --- a/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 +++ b/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 @@ -3,7 +3,7 @@ services: image: nextcloud container_name: nextcloud restart: unless-stopped - networks: + networks: - nextcloud - caddy_network depends_on: @@ -35,7 +35,7 @@ services: container_name: nextcloud-db restart: unless-stopped command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - networks: + networks: - nextcloud volumes: - {{ nextcloud_data_dir }}/database:/var/lib/mysql @@ -56,8 +56,8 @@ services: image: redis:alpine container_name: redis volumes: - - {{ nextcloud_data_dir }}/redis:/data - networks: + - {{ nextcloud_data_dir }}/redis:/data + networks: - nextcloud deploy: resources: diff --git a/ansible/tasks/servers/services/sathub/.env.j2 b/ansible/tasks/servers/services/sathub/.env.j2 new file mode 100644 index 0000000..e4ac420 --- /dev/null +++ b/ansible/tasks/servers/services/sathub/.env.j2 @@ -0,0 +1,47 @@ +# Production Environment Variables +# Copy this to .env and fill in your values + +# Database configuration (PostgreSQL) +DB_TYPE=postgres +DB_HOST=postgres +DB_PORT=5432 +DB_USER=sathub +DB_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} +DB_NAME=sathub + +# Required: JWT secret for token signing +JWT_SECRET={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='JWT_SECRET') }} + +# Required: Two-factor authentication encryption key +TWO_FA_ENCRYPTION_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='TWO_FA_ENCRYPTION_KEY') }} + +# Email configuration (required for password resets) +SMTP_HOST={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_HOST') }} +SMTP_PORT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PORT') }} +SMTP_USERNAME={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_USERNAME') }} +SMTP_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PASSWORD') }} +SMTP_FROM_EMAIL={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_FROM_EMAIL') }} + +# MinIO Object Storage configuration +MINIO_ROOT_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} +MINIO_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} +# Basically the same as the above +MINIO_ACCESS_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} +MINIO_SECRET_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} + +# GitHub credentials for Watchtower (auto-updates) +GITHUB_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }} +GITHUB_PAT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }} +REPO_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }} +REPO_PASS={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }} + +# Optional: Override defaults if needed +# GIN_MODE=release (set automatically) +FRONTEND_URL=https://sathub.de + +# CORS configuration (optional - additional allowed origins) +CORS_ALLOWED_ORIGINS=https://sathub.de,https://sathub.nl,https://api.sathub.de + +# Frontend configuration (optional - defaults are provided) +VITE_API_BASE_URL=https://api.sathub.de +VITE_ALLOWED_HOSTS=sathub.de,sathub.nl diff --git a/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 b/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 index ecce3c1..86191dd 100644 --- a/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 +++ b/ansible/tasks/servers/services/sathub/docker-compose.yml.j2 @@ -1,43 +1,108 @@ services: - backend: - image: ghcr.io/vleeuwenmenno/sathub/backend:latest - container_name: sathub-backend - restart: unless-stopped + # Migration service - runs once on stack startup + migrate: + image: ghcr.io/vleeuwenmenno/sathub-backend/backend:latest + container_name: sathub-migrate + restart: "no" + command: ["./main", "auto-migrate"] environment: - GIN_MODE=release - - FRONTEND_URL=${FRONTEND_URL:-https://sathub.de} - - CORS_ALLOWED_ORIGINS={{ cors_allowed_origins | default('') }} # Database settings - DB_TYPE=postgres - DB_HOST=postgres - DB_PORT=5432 - DB_USER=${DB_USER:-sathub} - - DB_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} + - DB_PASSWORD=${DB_PASSWORD} - DB_NAME=${DB_NAME:-sathub} - # Security settings - - JWT_SECRET={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='JWT_SECRET') }} - - TWO_FA_ENCRYPTION_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='TWO_FA_ENCRYPTION_KEY') }} - - # SMTP settings - - SMTP_HOST={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_HOST') }} - - SMTP_PORT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PORT') }} - - SMTP_USERNAME={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_USERNAME') }} - - SMTP_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PASSWORD') }} - - SMTP_FROM_EMAIL={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_FROM_EMAIL') }} - # MinIO settings - MINIO_ENDPOINT=http://minio:9000 - - MINIO_BUCKET=sathub-images - - MINIO_ACCESS_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} - - MINIO_SECRET_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} + - MINIO_BUCKET=sathub-images + - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${MINIO_SECRET_KEY} + - MINIO_EXTERNAL_URL=https://obj.sathub.de + networks: + - sathub + depends_on: + - postgres + + backend: + image: ghcr.io/vleeuwenmenno/sathub-backend/backend:latest + container_name: sathub-backend + restart: unless-stopped + command: ["./main", "api"] + environment: + - GIN_MODE=release + - FRONTEND_URL=${FRONTEND_URL:-https://sathub.de} + - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-https://sathub.de} + + # Database settings + - DB_TYPE=postgres + - DB_HOST=postgres + - DB_PORT=5432 + - DB_USER=${DB_USER:-sathub} + - DB_PASSWORD=${DB_PASSWORD} + - DB_NAME=${DB_NAME:-sathub} + + # Security settings + - JWT_SECRET=${JWT_SECRET} + - TWO_FA_ENCRYPTION_KEY=${TWO_FA_ENCRYPTION_KEY} + + # SMTP settings + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT} + - SMTP_USERNAME=${SMTP_USERNAME} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL} + + # MinIO settings + - MINIO_ENDPOINT=http://minio:9000 + - MINIO_BUCKET=sathub-images + - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${MINIO_SECRET_KEY} - MINIO_EXTERNAL_URL=https://obj.sathub.de networks: - sathub - caddy_network depends_on: - - postgres + migrate: + condition: service_completed_successfully + + worker: + image: ghcr.io/vleeuwenmenno/sathub-backend/backend:latest + container_name: sathub-worker + restart: unless-stopped + command: ["./main", "worker"] + environment: + - GIN_MODE=release + + # Database settings + - DB_TYPE=postgres + - DB_HOST=postgres + - DB_PORT=5432 + - DB_USER=${DB_USER:-sathub} + - DB_PASSWORD=${DB_PASSWORD} + - DB_NAME=${DB_NAME:-sathub} + + # SMTP settings (needed for notifications) + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT} + - SMTP_USERNAME=${SMTP_USERNAME} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL} + + # MinIO settings + - MINIO_ENDPOINT=http://minio:9000 + - MINIO_BUCKET=sathub-images + - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} + - MINIO_SECRET_KEY=${MINIO_SECRET_KEY} + - MINIO_EXTERNAL_URL=https://obj.sathub.de + networks: + - sathub + depends_on: + migrate: + condition: service_completed_successfully postgres: image: postgres:15-alpine @@ -45,20 +110,20 @@ services: restart: unless-stopped environment: - POSTGRES_USER=${DB_USER:-sathub} - - POSTGRES_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} + - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=${DB_NAME:-sathub} volumes: - - {{ sathub_data_dir }}/postgres:/var/lib/postgresql/data + - postgres_data:/var/lib/postgresql/data networks: - sathub frontend: - image: ghcr.io/vleeuwenmenno/sathub/frontend:latest + image: ghcr.io/vleeuwenmenno/sathub-frontend/frontend:latest container_name: sathub-frontend restart: unless-stopped environment: - - VITE_API_BASE_URL={{ frontend_api_base_url | default('https://api.sathub.de') }} - - VITE_ALLOWED_HOSTS={{ frontend_allowed_hosts | default('sathub.de,sathub.nl') }} + - VITE_API_BASE_URL=${VITE_API_BASE_URL:-https://api.sathub.de} + - VITE_ALLOWED_HOSTS=${VITE_ALLOWED_HOSTS:-sathub.de,sathub.nl} networks: - sathub - caddy_network @@ -68,10 +133,10 @@ services: container_name: sathub-minio restart: unless-stopped environment: - - MINIO_ROOT_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} - - MINIO_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} + - MINIO_ROOT_USER=${MINIO_ROOT_USER} + - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} volumes: - - {{ sathub_data_dir }}/minio:/data + - minio_data:/data command: server /data --console-address :9001 networks: - sathub @@ -87,15 +152,25 @@ services: environment: - WATCHTOWER_CLEANUP=true - WATCHTOWER_INCLUDE_STOPPED=false - - REPO_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }} - - REPO_PASS={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }} - command: --interval 30 --cleanup --include-stopped=false sathub-backend sathub-frontend + - REPO_USER=${REPO_USER} + - REPO_PASS=${REPO_PASS} + command: --interval 30 --cleanup --include-stopped=false sathub-backend sathub-worker sathub-frontend networks: - sathub +volumes: + minio_data: + driver: local + postgres_data: + driver: local + networks: sathub: driver: bridge + + # We assume you're running a Caddy instance in a separate compose file with this network + # If not, you can remove this network and the related depends_on in the services above + # But the stack is designed to run behind a Caddy reverse proxy for SSL termination and routing caddy_network: external: true name: caddy_default diff --git a/ansible/tasks/servers/services/sathub/sathub.yml b/ansible/tasks/servers/services/sathub/sathub.yml index 96a38e0..92feae9 100644 --- a/ansible/tasks/servers/services/sathub/sathub.yml +++ b/ansible/tasks/servers/services/sathub/sathub.yml @@ -24,6 +24,13 @@ state: directory mode: "0755" + - name: Deploy SatHub .env + ansible.builtin.template: + src: .env.j2 + dest: "{{ sathub_service_dir }}/.env" + mode: "0644" + register: sathub_env + - name: Deploy SatHub docker-compose.yml ansible.builtin.template: src: docker-compose.yml.j2 @@ -33,11 +40,11 @@ - name: Stop SatHub service ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" down --remove-orphans - when: sathub_compose.changed + when: sathub_compose.changed or sathub_env.changed - name: Start SatHub service ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" up -d - when: sathub_compose.changed + when: sathub_compose.changed or sathub_env.changed tags: - services - sathub diff --git a/ansible/tasks/workstations/flatpaks.yml b/ansible/tasks/workstations/flatpaks.yml index 13956be..239e16c 100644 --- a/ansible/tasks/workstations/flatpaks.yml +++ b/ansible/tasks/workstations/flatpaks.yml @@ -53,6 +53,7 @@ - io.mango3d.LycheeSlicer # Utilities + - com.fastmail.Fastmail - com.ranfdev.DistroShelf - io.missioncenter.MissionCenter - io.gitlab.elescoute.spacelaunch diff --git a/ansible/templates/juicefs.service.j2 b/ansible/templates/juicefs.service.j2 index 408ddc3..fab00a9 100644 --- a/ansible/templates/juicefs.service.j2 +++ b/ansible/templates/juicefs.service.j2 @@ -5,7 +5,7 @@ Before=docker.service [Service] Type=simple -ExecStart=/usr/local/bin/juicefs mount redis://:{{ redis_password }}@mennos-desktop:6379/0 /mnt/object_storage \ +ExecStart=/usr/local/bin/juicefs mount redis://:{{ redis_password }}@mennos-server:6379/0 /mnt/object_storage \ --cache-dir=/var/jfsCache \ --buffer-size=4096 \ --prefetch=16 \ diff --git a/config/autostart/Nextcloud.desktop b/config/autostart/Nextcloud.desktop new file mode 100755 index 0000000..219765f --- /dev/null +++ b/config/autostart/Nextcloud.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Name=Nextcloud +GenericName=File Synchronizer +Exec="/usr/bin/nextcloud" --background +Terminal=false +Icon=Nextcloud +Categories=Network +Type=Application +StartupNotify=false +X-GNOME-Autostart-enabled=true +X-GNOME-Autostart-Delay=10 diff --git a/config/autostart/equibop.desktop b/config/autostart/equibop.desktop new file mode 100644 index 0000000..05e07e2 --- /dev/null +++ b/config/autostart/equibop.desktop @@ -0,0 +1,8 @@ +[Desktop Entry] +Type=Application +Name=Equibop +Comment=Equibop autostart script +Exec="/opt/Equibop/equibop" +StartupNotify=false +Terminal=false +Icon=vesktop \ No newline at end of file diff --git a/config/git.nix b/config/git.nix index 46676e9..47a9467 100644 --- a/config/git.nix +++ b/config/git.nix @@ -23,7 +23,7 @@ }; core = { - editor = "zed"; + editor = "micro"; autocrlf = false; filemode = true; ignorecase = false; diff --git a/config/nextcloud.cfg b/config/nextcloud.cfg new file mode 100644 index 0000000..410df3f --- /dev/null +++ b/config/nextcloud.cfg @@ -0,0 +1,80 @@ +[General] +clientVersion=3.16.0-1 (Debian built) +desktopEnterpriseChannel=daily +isVfsEnabled=false +launchOnSystemStartup=true +optionalServerNotifications=true +overrideLocalDir= +overrideServerUrl= +promptDeleteAllFiles=false +showCallNotifications=true +showChatNotifications=true + +[Accounts] +0\Folders\1\ignoreHiddenFiles=false +0\Folders\1\journalPath=.sync_42a4129584d0.db +0\Folders\1\localPath=/home/menno/Nextcloud/ +0\Folders\1\paused=false +0\Folders\1\targetPath=/ +0\Folders\1\version=2 +0\Folders\1\virtualFilesMode=off +0\Folders\2\ignoreHiddenFiles=false +0\Folders\2\journalPath=.sync_65a742b0aa83.db +0\Folders\2\localPath=/home/menno/Desktop/ +0\Folders\2\paused=false +0\Folders\2\targetPath=/Desktop +0\Folders\2\version=2 +0\Folders\2\virtualFilesMode=off +0\Folders\3\ignoreHiddenFiles=false +0\Folders\3\journalPath=.sync_65289e64a490.db +0\Folders\3\localPath=/home/menno/Documents/ +0\Folders\3\paused=false +0\Folders\3\targetPath=/Documents +0\Folders\3\version=2 +0\Folders\3\virtualFilesMode=off +0\Folders\4\ignoreHiddenFiles=false +0\Folders\4\journalPath=.sync_283a65eecb9c.db +0\Folders\4\localPath=/home/menno/Music/ +0\Folders\4\paused=false +0\Folders\4\targetPath=/Music +0\Folders\4\version=2 +0\Folders\4\virtualFilesMode=off +0\Folders\5\ignoreHiddenFiles=false +0\Folders\5\journalPath=.sync_884042991bd6.db +0\Folders\5\localPath=/home/menno/3D Objects/ +0\Folders\5\paused=false +0\Folders\5\targetPath=/3D Objects +0\Folders\5\version=2 +0\Folders\5\virtualFilesMode=off +0\Folders\6\ignoreHiddenFiles=false +0\Folders\6\journalPath=.sync_90ea5e3c7a33.db +0\Folders\6\localPath=/home/menno/Videos/ +0\Folders\6\paused=false +0\Folders\6\targetPath=/Videos +0\Folders\6\version=2 +0\Folders\6\virtualFilesMode=off +0\authType=webflow +0\dav_user=menno +0\displayName=Menno van Leeuwen +0\encryptionCertificateSha256Fingerprint=@ByteArray() +0\networkDownloadLimit=0 +0\networkDownloadLimitSetting=-2 +0\networkProxyHostName= +0\networkProxyNeedsAuth=false +0\networkProxyPort=0 +0\networkProxySetting=0 +0\networkProxyType=2 +0\networkProxyUser= +0\networkUploadLimit=0 +0\networkUploadLimitSetting=-2 +0\serverColor=@Variant(\0\0\0\x43\x1\xff\xff\x1c\x1c$$<<\0\0) +0\serverHasValidSubscription=false +0\serverTextColor=@Variant(\0\0\0\x43\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0) +0\serverVersion=32.0.0.13 +0\url=https://drive.mvl.sh +0\version=13 +0\webflow_user=menno +version=13 + +[Settings] +geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\0\0\0\0\x4\xe\0\0\x2\x37\0\0\x6W\0\0\0\0\0\0\x4\xe\0\0\x2\x37\0\0\x6W\0\0\0\x1\0\0\0\0\x14\0\0\0\0\0\0\0\x4\xe\0\0\x2\x37\0\0\x6W) diff --git a/flake.lock b/flake.lock index 8f681e3..169e1fd 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759735786, - "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -77,11 +77,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1751283143, - "narHash": "sha256-I3DMLT0qg5xxjS7BrmOBIK6pG+vZqOhKivEGnkDIli8=", + "lastModified": 1760894497, + "narHash": "sha256-u2unItzVvUe3Y2opdJrISGtHSmQLVnDOIfhWvSBrw74=", "owner": "brizzbuzz", "repo": "opnix", - "rev": "1a807befe8f418da0df24c54b9633c395d840d0e", + "rev": "92974503378ca6ec6206b74cd3a78377a5796cbb", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2876336..f8b0671 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ { "mennos-vps" = mkHomeConfig "aarch64-linux" "mennos-vps" true; "mennos-desktop" = mkHomeConfig "x86_64-linux" "mennos-desktop" false; + "mennos-server" = mkHomeConfig "x86_64-linux" "mennos-server" true; "mennos-rtlsdr-pc" = mkHomeConfig "x86_64-linux" "mennos-rtlsdr-pc" true; "mennos-laptop" = mkHomeConfig "x86_64-linux" "mennos-laptop" false; };