vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.mvl.sh/vleeuwenmenno/dotfiles

Browse Source
This commit is contained in:
Menno van Leeuwen
2025-10-21 10:06:20 +02:00
parent 436deb267e 77424506d6
commit f6a3f6d379
21 changed files with 337 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/inventory.ini
View File

@@ -4,5 +4,5 @@ mennos-desktop ansible_connection=local
[servers] [servers]
mennos-vps ansible_connection=local mennos-vps ansible_connection=local
mennos-desktop ansible_connection=local mennos-server ansible_connection=local
mennos-rtlsdr-pc ansible_connection=local mennos-rtlsdr-pc ansible_connection=local

2
ansible/playbook.yml
View File

@@ -16,4 +16,4 @@
- name: Include server tasks - name: Include server tasks
ansible.builtin.import_tasks: tasks/servers/server.yml ansible.builtin.import_tasks: tasks/servers/server.yml
when: inventory_hostname in ['mennos-vps', 'mennos-desktop', 'mennos-rtlsdr-pc'] when: inventory_hostname in ['mennos-vps', 'mennos-server', 'mennos-rtlsdr-pc']

6
ansible/tasks/global/utils/smart-ssh/config.yaml
View File

@@ -13,6 +13,12 @@ smart_aliases:
desktop: desktop:
primary: "desktop-local" primary: "desktop-local"
fallback: "desktop" fallback: "desktop"
check_host: "192.168.1.250"
timeout: "2s"
server:
primary: "server-local"
fallback: "server"
check_host: "192.168.1.254" check_host: "192.168.1.254"
timeout: "2s" timeout: "2s"

2
ansible/tasks/servers/dynamic-dns.yml
View File

@@ -83,6 +83,6 @@
- Manual run: sudo /usr/local/bin/dynamic-dns-update.sh - Manual run: sudo /usr/local/bin/dynamic-dns-update.sh
- Domains: vleeuwen.me, mvl.sh, mennovanleeuwen.nl - Domains: vleeuwen.me, mvl.sh, mennovanleeuwen.nl
when: inventory_hostname == 'mennos-desktop' or inventory_hostname == 'mennos-vps' when: inventory_hostname == 'mennos-server' or inventory_hostname == 'mennos-vps'
tags: tags:
- dynamic-dns - dynamic-dns

2
ansible/tasks/servers/juicefs.yml
View File

@@ -70,7 +70,7 @@
- name: Include JuiceFS Redis tasks - name: Include JuiceFS Redis tasks
ansible.builtin.include_tasks: services/redis/redis.yml ansible.builtin.include_tasks: services/redis/redis.yml
when: inventory_hostname == 'mennos-desktop' when: inventory_hostname == 'mennos-server'
- name: Enable and start JuiceFS service - name: Enable and start JuiceFS service
ansible.builtin.systemd: ansible.builtin.systemd:

42
ansible/tasks/servers/server.yml
View File

@@ -78,84 +78,84 @@
- name: dashy - name: dashy
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: gitea - name: gitea
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: factorio - name: factorio
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: dozzle - name: dozzle
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: beszel - name: beszel
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: caddy - name: caddy
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: golink - name: golink
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: immich - name: immich
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: plex - name: plex
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: tautulli - name: tautulli
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: downloaders - name: downloaders
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: wireguard - name: wireguard
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: nextcloud - name: nextcloud
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: cloudreve - name: cloudreve
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: echoip - name: echoip
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: arr-stack - name: arr-stack
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: home-assistant - name: home-assistant
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: privatebin - name: privatebin
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: unifi-network-application - name: unifi-network-application
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server
- name: avorion - name: avorion
enabled: false enabled: false
hosts: hosts:
- mennos-desktop - mennos-server
- name: sathub - name: sathub
enabled: true enabled: true
hosts: hosts:
- mennos-desktop - mennos-server

2
ansible/tasks/servers/services/caddy/Caddyfile.j2
View File

@@ -28,7 +28,7 @@
} }
{% endif %} {% endif %}
{% if inventory_hostname == 'mennos-desktop' %} {% if inventory_hostname == 'mennos-server' %}
git.mvl.sh { git.mvl.sh {
import country_block import country_block
reverse_proxy gitea:3000 reverse_proxy gitea:3000

4
ansible/tasks/servers/services/cloudreve/docker-compose.yml.j2
View File

@@ -46,6 +46,10 @@ services:
networks: networks:
- cloudreve - cloudreve
- caddy_network - caddy_network
deploy:
resources:
limits:
memory: 1G
redis: redis:
image: redis:latest image: redis:latest

48
ansible/tasks/servers/services/dashy/conf.yml.j2
View File

@@ -5,34 +5,34 @@ sections:
- name: Selfhosted - name: Selfhosted
items: items:
- title: Plex - title: Plex
icon: http://mennos-desktop:4000/assets/plex.svg icon: http://mennos-server:4000/assets/plex.svg
url: https://plex.mvl.sh url: https://plex.mvl.sh
statusCheckUrl: https://plex.mvl.sh/identity statusCheckUrl: https://plex.mvl.sh/identity
statusCheck: true statusCheck: true
id: 0_1035_plex id: 0_1035_plex
- title: Tautulli - title: Tautulli
icon: http://mennos-desktop:4000/assets/tautulli.svg icon: http://mennos-server:4000/assets/tautulli.svg
url: https://tautulli.mvl.sh url: https://tautulli.mvl.sh
id: 1_1035_tautulli id: 1_1035_tautulli
statusCheck: true statusCheck: true
- title: Overseerr - title: Overseerr
icon: http://mennos-desktop:4000/assets/overseerr.svg icon: http://mennos-server:4000/assets/overseerr.svg
url: https://overseerr.mvl.sh url: https://overseerr.mvl.sh
id: 2_1035_overseerr id: 2_1035_overseerr
statusCheck: true statusCheck: true
- title: Immich - title: Immich
icon: http://mennos-desktop:4000/assets/immich.svg icon: http://mennos-server:4000/assets/immich.svg
url: https://photos.mvl.sh url: https://photos.mvl.sh
id: 3_1035_immich id: 3_1035_immich
statusCheck: true statusCheck: true
- title: Nextcloud - title: Nextcloud
icon: http://mennos-desktop:4000/assets/nextcloud.svg icon: http://mennos-server:4000/assets/nextcloud.svg
url: https://drive.mvl.sh url: https://drive.mvl.sh
id: 3_1035_nxtcld id: 3_1035_nxtcld
statusCheck: true statusCheck: true
- title: ComfyUI - title: ComfyUI
icon: http://mennos-desktop:8188/assets/favicon.ico icon: http://mennos-server:8188/assets/favicon.ico
url: http://mennos-desktop:8188 url: http://mennos-server:8188
statusCheckUrl: http://host.docker.internal:8188/api/system_stats statusCheckUrl: http://host.docker.internal:8188/api/system_stats
id: 3_1035_comfyui id: 3_1035_comfyui
statusCheck: true statusCheck: true
@@ -45,19 +45,19 @@ sections:
- name: Media Management - name: Media Management
items: items:
- title: Sonarr - title: Sonarr
icon: http://mennos-desktop:4000/assets/sonarr.svg icon: http://mennos-server:4000/assets/sonarr.svg
url: http://go/sonarr url: http://go/sonarr
id: 0_1533_sonarr id: 0_1533_sonarr
- title: Radarr - title: Radarr
icon: http://mennos-desktop:4000/assets/radarr.svg icon: http://mennos-server:4000/assets/radarr.svg
url: http://go/radarr url: http://go/radarr
id: 1_1533_radarr id: 1_1533_radarr
- title: Prowlarr - title: Prowlarr
icon: http://mennos-desktop:4000/assets/prowlarr.svg icon: http://mennos-server:4000/assets/prowlarr.svg
url: http://go/prowlarr url: http://go/prowlarr
id: 2_1533_prowlarr id: 2_1533_prowlarr
- title: Tdarr - title: Tdarr
icon: http://mennos-desktop:4000/assets/tdarr.png icon: http://mennos-server:4000/assets/tdarr.png
url: http://go/tdarr url: http://go/tdarr
id: 3_1533_tdarr id: 3_1533_tdarr
- name: Kagi - name: Kagi
@@ -77,7 +77,7 @@ sections:
- name: News - name: News
items: items:
- title: Nu.nl - title: Nu.nl
icon: http://mennos-desktop:4000/assets/nunl.svg icon: http://mennos-server:4000/assets/nunl.svg
url: https://www.nu.nl/ url: https://www.nu.nl/
id: 0_380_nu id: 0_380_nu
- title: Tweakers.net - title: Tweakers.net
@@ -91,7 +91,7 @@ sections:
- name: Downloaders - name: Downloaders
items: items:
- title: qBittorrent - title: qBittorrent
icon: http://mennos-desktop:4000/assets/qbittorrent.svg icon: http://mennos-server:4000/assets/qbittorrent.svg
url: http://go/qbit url: http://go/qbit
id: 0_1154_qbittorrent id: 0_1154_qbittorrent
tags: tags:
@@ -99,7 +99,7 @@ sections:
- torrent - torrent
- yarr - yarr
- title: Sabnzbd - title: Sabnzbd
icon: http://mennos-desktop:4000/assets/sabnzbd.svg icon: http://mennos-server:4000/assets/sabnzbd.svg
url: http://go/sabnzbd url: http://go/sabnzbd
id: 1_1154_sabnzbd id: 1_1154_sabnzbd
tags: tags:
@@ -109,7 +109,7 @@ sections:
- name: Git - name: Git
items: items:
- title: GitHub - title: GitHub
icon: http://mennos-desktop:4000/assets/github.svg icon: http://mennos-server:4000/assets/github.svg
url: https://github.com/vleeuwenmenno url: https://github.com/vleeuwenmenno
id: 0_292_github id: 0_292_github
tags: tags:
@@ -117,7 +117,7 @@ sections:
- git - git
- hub - hub
- title: Gitea - title: Gitea
icon: http://mennos-desktop:4000/assets/gitea.svg icon: http://mennos-server:4000/assets/gitea.svg
url: http://git.mvl.sh/vleeuwenmenno url: http://git.mvl.sh/vleeuwenmenno
id: 1_292_gitea id: 1_292_gitea
tags: tags:
@@ -127,14 +127,14 @@ sections:
- name: Server Monitoring - name: Server Monitoring
items: items:
- title: Beszel - title: Beszel
icon: http://mennos-desktop:4000/assets/beszel.svg icon: http://mennos-server:4000/assets/beszel.svg
url: http://go/beszel url: http://go/beszel
tags: tags:
- monitoring - monitoring
- logs - logs
id: 0_1725_beszel id: 0_1725_beszel
- title: Dozzle - title: Dozzle
icon: http://mennos-desktop:4000/assets/dozzle.svg icon: http://mennos-server:4000/assets/dozzle.svg
url: http://go/dozzle url: http://go/dozzle
id: 1_1725_dozzle id: 1_1725_dozzle
tags: tags:
@@ -150,19 +150,19 @@ sections:
- name: Tools - name: Tools
items: items:
- title: Home Assistant - title: Home Assistant
icon: http://mennos-desktop:4000/assets/home-assistant.svg icon: http://mennos-server:4000/assets/home-assistant.svg
url: http://go/homeassistant url: http://go/homeassistant
id: 0_529_homeassistant id: 0_529_homeassistant
- title: Tailscale - title: Tailscale
icon: http://mennos-desktop:4000/assets/tailscale.svg icon: http://mennos-server:4000/assets/tailscale.svg
url: http://go/tailscale url: http://go/tailscale
id: 1_529_tailscale id: 1_529_tailscale
- title: GliNet KVM - title: GliNet KVM
icon: http://mennos-desktop:4000/assets/glinet.svg icon: http://mennos-server:4000/assets/glinet.svg
url: http://go/glkvm url: http://go/glkvm
id: 2_529_glinetkvm id: 2_529_glinetkvm
- title: Unifi Network Controller - title: Unifi Network Controller
icon: http://mennos-desktop:4000/assets/unifi.svg icon: http://mennos-server:4000/assets/unifi.svg
url: http://go/unifi url: http://go/unifi
id: 3_529_unifinetworkcontroller id: 3_529_unifinetworkcontroller
- title: Dashboard Icons - title: Dashboard Icons
@@ -236,7 +236,7 @@ sections:
- discount - discount
- work - work
- title: Proxmox - title: Proxmox
icon: http://mennos-desktop:4000/assets/proxmox.svg icon: http://mennos-server:4000/assets/proxmox.svg
url: https://www.transip.nl/cp/vps/prm/350680/ url: https://www.transip.nl/cp/vps/prm/350680/
id: 5_1429_proxmox id: 5_1429_proxmox
tags: tags:
@@ -252,7 +252,7 @@ sections:
- discount - discount
- work - work
- title: Kibana - title: Kibana
icon: http://mennos-desktop:4000/assets/kibana.svg icon: http://mennos-server:4000/assets/kibana.svg
url: http://go/kibana url: http://go/kibana
id: 7_1429_kibana id: 7_1429_kibana
tags: tags:

8
ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2
View File

@@ -3,7 +3,7 @@ services:
image: nextcloud image: nextcloud
container_name: nextcloud container_name: nextcloud
restart: unless-stopped restart: unless-stopped
networks: networks:
- nextcloud - nextcloud
- caddy_network - caddy_network
depends_on: depends_on:
@@ -35,7 +35,7 @@ services:
container_name: nextcloud-db container_name: nextcloud-db
restart: unless-stopped restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
networks: networks:
- nextcloud - nextcloud
volumes: volumes:
- {{ nextcloud_data_dir }}/database:/var/lib/mysql - {{ nextcloud_data_dir }}/database:/var/lib/mysql
@@ -56,8 +56,8 @@ services:
image: redis:alpine image: redis:alpine
container_name: redis container_name: redis
volumes: volumes:
- {{ nextcloud_data_dir }}/redis:/data - {{ nextcloud_data_dir }}/redis:/data
networks: networks:
- nextcloud - nextcloud
deploy: deploy:
resources: resources:

47
ansible/tasks/servers/services/sathub/.env.j2 Normal file
View File

@@ -0,0 +1,47 @@
# Production Environment Variables
# Copy this to .env and fill in your values
# Database configuration (PostgreSQL)
DB_TYPE=postgres
DB_HOST=postgres
DB_PORT=5432
DB_USER=sathub
DB_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }}
DB_NAME=sathub
# Required: JWT secret for token signing
JWT_SECRET={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='JWT_SECRET') }}
# Required: Two-factor authentication encryption key
TWO_FA_ENCRYPTION_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='TWO_FA_ENCRYPTION_KEY') }}
# Email configuration (required for password resets)
SMTP_HOST={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_HOST') }}
SMTP_PORT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PORT') }}
SMTP_USERNAME={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_USERNAME') }}
SMTP_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PASSWORD') }}
SMTP_FROM_EMAIL={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_FROM_EMAIL') }}
# MinIO Object Storage configuration
MINIO_ROOT_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }}
MINIO_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }}
# Basically the same as the above
MINIO_ACCESS_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }}
MINIO_SECRET_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }}
# GitHub credentials for Watchtower (auto-updates)
GITHUB_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }}
GITHUB_PAT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }}
REPO_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }}
REPO_PASS={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }}
# Optional: Override defaults if needed
# GIN_MODE=release (set automatically)
FRONTEND_URL=https://sathub.de
# CORS configuration (optional - additional allowed origins)
CORS_ALLOWED_ORIGINS=https://sathub.de,https://sathub.nl,https://api.sathub.de
# Frontend configuration (optional - defaults are provided)
VITE_API_BASE_URL=https://api.sathub.de
VITE_ALLOWED_HOSTS=sathub.de,sathub.nl

141
ansible/tasks/servers/services/sathub/docker-compose.yml.j2
View File

@@ -1,43 +1,108 @@
services: services:
backend: # Migration service - runs once on stack startup
image: ghcr.io/vleeuwenmenno/sathub/backend:latest migrate:
container_name: sathub-backend image: ghcr.io/vleeuwenmenno/sathub-backend/backend:latest
restart: unless-stopped container_name: sathub-migrate
restart: "no"
command: ["./main", "auto-migrate"]
environment: environment:
- GIN_MODE=release - GIN_MODE=release
- FRONTEND_URL=${FRONTEND_URL:-https://sathub.de}
- CORS_ALLOWED_ORIGINS={{ cors_allowed_origins | default('') }}
# Database settings # Database settings
- DB_TYPE=postgres - DB_TYPE=postgres
- DB_HOST=postgres - DB_HOST=postgres
- DB_PORT=5432 - DB_PORT=5432
- DB_USER=${DB_USER:-sathub} - DB_USER=${DB_USER:-sathub}
- DB_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} - DB_PASSWORD=${DB_PASSWORD}
- DB_NAME=${DB_NAME:-sathub} - DB_NAME=${DB_NAME:-sathub}
# Security settings
- JWT_SECRET={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='JWT_SECRET') }}
- TWO_FA_ENCRYPTION_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='TWO_FA_ENCRYPTION_KEY') }}
# SMTP settings
- SMTP_HOST={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_HOST') }}
- SMTP_PORT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PORT') }}
- SMTP_USERNAME={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_USERNAME') }}
- SMTP_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PASSWORD') }}
- SMTP_FROM_EMAIL={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_FROM_EMAIL') }}
# MinIO settings # MinIO settings
- MINIO_ENDPOINT=http://minio:9000 - MINIO_ENDPOINT=http://minio:9000
- MINIO_BUCKET=sathub-images - MINIO_BUCKET=sathub-images
- MINIO_ACCESS_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
- MINIO_SECRET_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} - MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
- MINIO_EXTERNAL_URL=https://obj.sathub.de
networks:
- sathub
depends_on:
- postgres
backend:
image: ghcr.io/vleeuwenmenno/sathub-backend/backend:latest
container_name: sathub-backend
restart: unless-stopped
command: ["./main", "api"]
environment:
- GIN_MODE=release
- FRONTEND_URL=${FRONTEND_URL:-https://sathub.de}
- CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-https://sathub.de}
# Database settings
- DB_TYPE=postgres
- DB_HOST=postgres
- DB_PORT=5432
- DB_USER=${DB_USER:-sathub}
- DB_PASSWORD=${DB_PASSWORD}
- DB_NAME=${DB_NAME:-sathub}
# Security settings
- JWT_SECRET=${JWT_SECRET}
- TWO_FA_ENCRYPTION_KEY=${TWO_FA_ENCRYPTION_KEY}
# SMTP settings
- SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USERNAME=${SMTP_USERNAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL}
# MinIO settings
- MINIO_ENDPOINT=http://minio:9000
- MINIO_BUCKET=sathub-images
- MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
- MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
- MINIO_EXTERNAL_URL=https://obj.sathub.de - MINIO_EXTERNAL_URL=https://obj.sathub.de
networks: networks:
- sathub - sathub
- caddy_network - caddy_network
depends_on: depends_on:
- postgres migrate:
condition: service_completed_successfully
worker:
image: ghcr.io/vleeuwenmenno/sathub-backend/backend:latest
container_name: sathub-worker
restart: unless-stopped
command: ["./main", "worker"]
environment:
- GIN_MODE=release
# Database settings
- DB_TYPE=postgres
- DB_HOST=postgres
- DB_PORT=5432
- DB_USER=${DB_USER:-sathub}
- DB_PASSWORD=${DB_PASSWORD}
- DB_NAME=${DB_NAME:-sathub}
# SMTP settings (needed for notifications)
- SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USERNAME=${SMTP_USERNAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL}
# MinIO settings
- MINIO_ENDPOINT=http://minio:9000
- MINIO_BUCKET=sathub-images
- MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
- MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
- MINIO_EXTERNAL_URL=https://obj.sathub.de
networks:
- sathub
depends_on:
migrate:
condition: service_completed_successfully
postgres: postgres:
image: postgres:15-alpine image: postgres:15-alpine
@@ -45,20 +110,20 @@ services:
restart: unless-stopped restart: unless-stopped
environment: environment:
- POSTGRES_USER=${DB_USER:-sathub} - POSTGRES_USER=${DB_USER:-sathub}
- POSTGRES_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }} - POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_DB=${DB_NAME:-sathub} - POSTGRES_DB=${DB_NAME:-sathub}
volumes: volumes:
- {{ sathub_data_dir }}/postgres:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
networks: networks:
- sathub - sathub
frontend: frontend:
image: ghcr.io/vleeuwenmenno/sathub/frontend:latest image: ghcr.io/vleeuwenmenno/sathub-frontend/frontend:latest
container_name: sathub-frontend container_name: sathub-frontend
restart: unless-stopped restart: unless-stopped
environment: environment:
- VITE_API_BASE_URL={{ frontend_api_base_url | default('https://api.sathub.de') }} - VITE_API_BASE_URL=${VITE_API_BASE_URL:-https://api.sathub.de}
- VITE_ALLOWED_HOSTS={{ frontend_allowed_hosts | default('sathub.de,sathub.nl') }} - VITE_ALLOWED_HOSTS=${VITE_ALLOWED_HOSTS:-sathub.de,sathub.nl}
networks: networks:
- sathub - sathub
- caddy_network - caddy_network
@@ -68,10 +133,10 @@ services:
container_name: sathub-minio container_name: sathub-minio
restart: unless-stopped restart: unless-stopped
environment: environment:
- MINIO_ROOT_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }} - MINIO_ROOT_USER=${MINIO_ROOT_USER}
- MINIO_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }} - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}
volumes: volumes:
- {{ sathub_data_dir }}/minio:/data - minio_data:/data
command: server /data --console-address :9001 command: server /data --console-address :9001
networks: networks:
- sathub - sathub
@@ -87,15 +152,25 @@ services:
environment: environment:
- WATCHTOWER_CLEANUP=true - WATCHTOWER_CLEANUP=true
- WATCHTOWER_INCLUDE_STOPPED=false - WATCHTOWER_INCLUDE_STOPPED=false
- REPO_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }} - REPO_USER=${REPO_USER}
- REPO_PASS={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }} - REPO_PASS=${REPO_PASS}
command: --interval 30 --cleanup --include-stopped=false sathub-backend sathub-frontend command: --interval 30 --cleanup --include-stopped=false sathub-backend sathub-worker sathub-frontend
networks: networks:
- sathub - sathub
volumes:
minio_data:
driver: local
postgres_data:
driver: local
networks: networks:
sathub: sathub:
driver: bridge driver: bridge
# We assume you're running a Caddy instance in a separate compose file with this network
# If not, you can remove this network and the related depends_on in the services above
# But the stack is designed to run behind a Caddy reverse proxy for SSL termination and routing
caddy_network: caddy_network:
external: true external: true
name: caddy_default name: caddy_default

11
ansible/tasks/servers/services/sathub/sathub.yml
View File

@@ -24,6 +24,13 @@
state: directory state: directory
mode: "0755" mode: "0755"
- name: Deploy SatHub .env
ansible.builtin.template:
src: .env.j2
dest: "{{ sathub_service_dir }}/.env"
mode: "0644"
register: sathub_env
- name: Deploy SatHub docker-compose.yml - name: Deploy SatHub docker-compose.yml
ansible.builtin.template: ansible.builtin.template:
src: docker-compose.yml.j2 src: docker-compose.yml.j2
@@ -33,11 +40,11 @@
- name: Stop SatHub service - name: Stop SatHub service
ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" down --remove-orphans ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" down --remove-orphans
when: sathub_compose.changed when: sathub_compose.changed or sathub_env.changed
- name: Start SatHub service - name: Start SatHub service
ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" up -d ansible.builtin.command: docker compose -f "{{ sathub_service_dir }}/docker-compose.yml" up -d
when: sathub_compose.changed when: sathub_compose.changed or sathub_env.changed
tags: tags:
- services - services
- sathub - sathub

1
ansible/tasks/workstations/flatpaks.yml
View File

@@ -53,6 +53,7 @@
- io.mango3d.LycheeSlicer - io.mango3d.LycheeSlicer
# Utilities # Utilities
- com.fastmail.Fastmail
- com.ranfdev.DistroShelf - com.ranfdev.DistroShelf
- io.missioncenter.MissionCenter - io.missioncenter.MissionCenter
- io.gitlab.elescoute.spacelaunch - io.gitlab.elescoute.spacelaunch

2
ansible/templates/juicefs.service.j2
View File

@@ -5,7 +5,7 @@ Before=docker.service
[Service] [Service]
Type=simple Type=simple
ExecStart=/usr/local/bin/juicefs mount redis://:{{ redis_password }}@mennos-desktop:6379/0 /mnt/object_storage \ ExecStart=/usr/local/bin/juicefs mount redis://:{{ redis_password }}@mennos-server:6379/0 /mnt/object_storage \
--cache-dir=/var/jfsCache \ --cache-dir=/var/jfsCache \
--buffer-size=4096 \ --buffer-size=4096 \
--prefetch=16 \ --prefetch=16 \

11
config/autostart/Nextcloud.desktop Executable file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Name=Nextcloud
GenericName=File Synchronizer
Exec="/usr/bin/nextcloud" --background
Terminal=false
Icon=Nextcloud
Categories=Network
Type=Application
StartupNotify=false
X-GNOME-Autostart-enabled=true
X-GNOME-Autostart-Delay=10

8
config/autostart/equibop.desktop Normal file
View File

@@ -0,0 +1,8 @@
[Desktop Entry]
Type=Application
Name=Equibop
Comment=Equibop autostart script
Exec="/opt/Equibop/equibop"
StartupNotify=false
Terminal=false
Icon=vesktop

2
config/git.nix
View File

@@ -23,7 +23,7 @@
}; };
core = { core = {
editor = "zed"; editor = "micro";
autocrlf = false; autocrlf = false;
filemode = true; filemode = true;
ignorecase = false; ignorecase = false;

80
config/nextcloud.cfg Normal file
View File

@@ -0,0 +1,80 @@
[General]
clientVersion=3.16.0-1 (Debian built)
desktopEnterpriseChannel=daily
isVfsEnabled=false
launchOnSystemStartup=true
optionalServerNotifications=true
overrideLocalDir=
overrideServerUrl=
promptDeleteAllFiles=false
showCallNotifications=true
showChatNotifications=true
[Accounts]
0\Folders\1\ignoreHiddenFiles=false
0\Folders\1\journalPath=.sync_42a4129584d0.db
0\Folders\1\localPath=/home/menno/Nextcloud/
0\Folders\1\paused=false
0\Folders\1\targetPath=/
0\Folders\1\version=2
0\Folders\1\virtualFilesMode=off
0\Folders\2\ignoreHiddenFiles=false
0\Folders\2\journalPath=.sync_65a742b0aa83.db
0\Folders\2\localPath=/home/menno/Desktop/
0\Folders\2\paused=false
0\Folders\2\targetPath=/Desktop
0\Folders\2\version=2
0\Folders\2\virtualFilesMode=off
0\Folders\3\ignoreHiddenFiles=false
0\Folders\3\journalPath=.sync_65289e64a490.db
0\Folders\3\localPath=/home/menno/Documents/
0\Folders\3\paused=false
0\Folders\3\targetPath=/Documents
0\Folders\3\version=2
0\Folders\3\virtualFilesMode=off
0\Folders\4\ignoreHiddenFiles=false
0\Folders\4\journalPath=.sync_283a65eecb9c.db
0\Folders\4\localPath=/home/menno/Music/
0\Folders\4\paused=false
0\Folders\4\targetPath=/Music
0\Folders\4\version=2
0\Folders\4\virtualFilesMode=off
0\Folders\5\ignoreHiddenFiles=false
0\Folders\5\journalPath=.sync_884042991bd6.db
0\Folders\5\localPath=/home/menno/3D Objects/
0\Folders\5\paused=false
0\Folders\5\targetPath=/3D Objects
0\Folders\5\version=2
0\Folders\5\virtualFilesMode=off
0\Folders\6\ignoreHiddenFiles=false
0\Folders\6\journalPath=.sync_90ea5e3c7a33.db
0\Folders\6\localPath=/home/menno/Videos/
0\Folders\6\paused=false
0\Folders\6\targetPath=/Videos
0\Folders\6\version=2
0\Folders\6\virtualFilesMode=off
0\authType=webflow
0\dav_user=menno
0\displayName=Menno van Leeuwen
0\encryptionCertificateSha256Fingerprint=@ByteArray()
0\networkDownloadLimit=0
0\networkDownloadLimitSetting=-2
0\networkProxyHostName=
0\networkProxyNeedsAuth=false
0\networkProxyPort=0
0\networkProxySetting=0
0\networkProxyType=2
0\networkProxyUser=
0\networkUploadLimit=0
0\networkUploadLimitSetting=-2
0\serverColor=@Variant(\0\0\0\x43\x1\xff\xff\x1c\x1c$$<<\0\0)
0\serverHasValidSubscription=false
0\serverTextColor=@Variant(\0\0\0\x43\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0)
0\serverVersion=32.0.0.13
0\url=https://drive.mvl.sh
0\version=13
0\webflow_user=menno
version=13
[Settings]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\0\0\0\0\x4\xe\0\0\x2\x37\0\0\x6W\0\0\0\0\0\0\x4\xe\0\0\x2\x37\0\0\x6W\0\0\0\x1\0\0\0\0\x14\0\0\0\0\0\0\0\x4\xe\0\0\x2\x37\0\0\x6W)

12
flake.lock generated
View File

@@ -41,11 +41,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1759735786, "lastModified": 1760862643,
"narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -77,11 +77,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1751283143, "lastModified": 1760894497,
"narHash": "sha256-I3DMLT0qg5xxjS7BrmOBIK6pG+vZqOhKivEGnkDIli8=", "narHash": "sha256-u2unItzVvUe3Y2opdJrISGtHSmQLVnDOIfhWvSBrw74=",
"owner": "brizzbuzz", "owner": "brizzbuzz",
"repo": "opnix", "repo": "opnix",
"rev": "1a807befe8f418da0df24c54b9633c395d840d0e", "rev": "92974503378ca6ec6206b74cd3a78377a5796cbb",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
flake.nix
View File

@@ -42,6 +42,7 @@
{ {
"mennos-vps" = mkHomeConfig "aarch64-linux" "mennos-vps" true; "mennos-vps" = mkHomeConfig "aarch64-linux" "mennos-vps" true;
"mennos-desktop" = mkHomeConfig "x86_64-linux" "mennos-desktop" false; "mennos-desktop" = mkHomeConfig "x86_64-linux" "mennos-desktop" false;
"mennos-server" = mkHomeConfig "x86_64-linux" "mennos-server" true;
"mennos-rtlsdr-pc" = mkHomeConfig "x86_64-linux" "mennos-rtlsdr-pc" true; "mennos-rtlsdr-pc" = mkHomeConfig "x86_64-linux" "mennos-rtlsdr-pc" true;
"mennos-laptop" = mkHomeConfig "x86_64-linux" "mennos-laptop" false; "mennos-laptop" = mkHomeConfig "x86_64-linux" "mennos-laptop" false;
}; };