Update dependency pycparser to v2.22

Merge branch 'change-secrets'. This resolves #1
Replaced and rotated all secrets in docker-int compose
2024-11-16 01:46:17 +00:00 · 2024-11-15 11:29:47 -05:00 · 2024-11-15 11:20:29 -05:00 · 2024-11-15 10:50:32 -05:00 · 2024-11-15 10:50:22 -05:00 · 2024-11-13 11:14:31 -05:00
10 changed files with 441 additions and 442 deletions
--- a/ansible/assets/basementpi/compose.yml.j2
+++ b/ansible/assets/basementpi/compose.yml.j2
@ -1,7 +1,5 @@
 ---
 version: "3.5"
 # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
 networks:
  network_pihole:
    ipam:
@ -15,15 +13,13 @@ services:
    ports:
      - '80:80'
    environment:
-      DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }}
+      DEFAULT_HOST: "{{ pihole_hostname }}.{{ pihole_domain }}"
    volumes:
      - '/var/run/docker.sock:/tmp/docker.sock'
    restart: always
    networks:
      network_pihole:
        ipv4_address: 172.16.3.6
  pihole:
    image: pihole/pihole:latest
    ports:
@ -39,20 +35,20 @@ services:
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
      # run `touch ./var-log/pihole.log` first unless you like errors
      # - './var-log/pihole.log:/var/log/pihole/pihole.log'
-    # Recommended but not required (DHCP needs NET_ADMIN)
+      # Recommended but not required (DHCP needs NET_ADMIN)
-    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+      #   https://github.com/pi-hole/docker-pi-hole# note-on-capabilities
    cap_add:
      - NET_ADMIN
    expose:
      - 80
    environment:
      ServerIP: 10.11.1.10
-      PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }}
+      PIHOLE_DNS_: unbound# 53;{{ pihole_additional_upstream_dnsservers }}
-      PROXY_LOCATION: {{ pihole_hostname }}
+      PROXY_LOCATION: "{{ pihole_hostname }}"
-      VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }}
+      VIRTUAL_HOST: "{{ pihole_hostname}}.{{ pihole_domain }}"
      VIRTUAL_PORT: 80
-      WEBPASSWORD: {{ pihole_password }}
+      WEBPASSWORD: "{{ pihole_password }}"
-      FTLCONF_LOCAL_IPV4: {{ pi_ip }}
+      FTLCONF_LOCAL_IPV4: "{{ pi_ip }}"
      DNSMASQ_LISTENING: all
    extra_hosts:
@ -101,34 +97,34 @@ services:
        ipv4_address: 172.16.3.3
  porkbunddns:
-      image: pavlinchen/porkbun-ddns
+    image: pavlinchen/porkbun-ddns
-      container_name: porkbun-ddns
+    container_name: porkbun-ddns
-      restart: always
+    restart: always
-      pull_policy: always
+    pull_policy: always
-      environment:
+    environment:
-          APIKey: {{ porkbun_api_key }}
+      APIKey: "{{ porkbun_api_key }}"
-          SecretAPIKey: {{ porkbun_secret_api_key }}
+      SecretAPIKey: "{{ porkbun_secret_api_key }}"
-          Domain: {{ porkbun_domain }}
+      Domain: "{{ porkbun_domain }}"
-          Schedule: "{{ porkbun_cron_sched }}"
+      Schedule: "{{ porkbun_cron_sched }}"
-          TZ: {{ porkbun_tz }}
+      TZ: "{{ porkbun_tz }}"
-      networks:
+    networks:
-        network_pihole:
+      network_pihole:
-          ipv4_address: 172.16.3.4
+        ipv4_address: 172.16.3.4
  porkbunddns2:
-      image: pavlinchen/porkbun-ddns
+    image: pavlinchen/porkbun-ddns
-      container_name: porkbun-ddns2
+    container_name: porkbun-ddns2
-      restart: always
+    restart: always
-      pull_policy: always
+    pull_policy: always
-      environment:
+    environment:
-          APIKey: {{ porkbun_api_key }}
+      APIKey: "{{ porkbun_api_key }}"
-          SecretAPIKey: {{ porkbun_secret_api_key }}
+      SecretAPIKey: "{{ porkbun_secret_api_key }}"
-          Domain: {{ porkbun_domain2 }}
+      Domain: "{{ porkbun_domain2 }}"
-          Schedule: "{{ porkbun_cron_sched }}"
+      Schedule: "{{ porkbun_cron_sched }}"
-          TZ: {{ porkbun_tz }}
+      TZ: "{{ porkbun_tz }}"
-      networks:
+    networks:
-        network_pihole:
+      network_pihole:
-          ipv4_address: 172.16.3.7
+        ipv4_address: 172.16.3.7
  ddclient:
    image: lscr.io/linuxserver/ddclient:latest
@ -142,7 +138,7 @@ services:
    restart: unless-stopped
  wireguard:
-    depends_on: 
+    depends_on:
      - pihole
    networks:
      network_pihole:
@ -158,53 +154,18 @@ services:
      - TZ=Canada/Eastern
      - SERVERURL=vpn.coxgrunow.ca
      - SERVERPORT=51820
-      - PEERS=phone,tedupnorth #oAdded Docker tags to Ansible playbookptional
+      - PEERS=phone,tedupnorth  # oAdded Docker tags to Ansible playbookptional
-      - PEERDNS=172.16.3.2 #optional
+      - PEERDNS=172.16.3.2  # optional
-      - INTERNAL_SUBNET=10.11.4.0 #optional
+      - INTERNAL_SUBNET=10.11.4.0  # optional
-      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional
+      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2  # optional
      - SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16
-      - PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS
+      - PERSISTENTKEEPALIVE_PEERS=all  # optional - for dynamic DNS
-      - LOG_CONFS=true #optional
+      - LOG_CONFS=true  # optional
    volumes:
      - ./wireguard/config:/config
-      - /lib/modules:/lib/modules #optional
+      - /lib/modules:/lib/modules  # optional
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
 #   Another container you might want to have running through the proxy
 #   Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
 #  ghost:
 #    image: fractalf/ghost
 #    ports:
 #      - '2368:2368/tcp'
 #    volumes:
 #      - '/etc/ghost:/ghost-override'
 #    environment:
 #      PROXY_LOCATION: ghost
 #      VIRTUAL_HOST: ghost.yourDomain.lan
 #      VIRTUAL_PORT: 2368
 #    restart: always
 #  homeassistant:
 #      container_name: homeassistant
 #      image: "ghcr.io/home-assistant/home-assistant:stable"
 #      volumes:
 #        - ./homeassistant/config:/config
 #        - /etc/localtime:/etc/localtime:ro
 #      restart: unless-stopped
 #      privileged: true
 #      network_mode: host
 #      #environment:
 #      #  - VIRTUAL_HOST=homeassistant.coxgrunow.ca
 #      #  - VIRTUAL_PORT=8123
  yacy:
    container_name: yacy
    image: "docker.io/yacy/yacy_search_server:aarch64-latest"
    volumes:
      - ./yacy:/opt/yacy_search_server/DATA
    ports:
      - 8090:8090/tcp
      - 8443:8443/tcp
--- a/ansible/assets/docker-ext/compose.yml.j2
+++ b/ansible/assets/docker-ext/compose.yml.j2
@ -1,3 +1,4 @@
 ---
 version: "3.5"
 services:
  traefik:
@ -8,7 +9,7 @@ services:
    depends_on:
      - crowdsec
    # Enables the web UI and tells Traefik to listen to docker
-    command: 
+    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.file=true"
@ -23,7 +24,7 @@ services:
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - --experimental.plugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
      - --experimental.plugins.crowdsec-bouncer.version=v1.2.1
-        #- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      # - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
    ports:
      # The HTTP port
      - "80:80"
@ -33,7 +34,7 @@ services:
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
-        #- ./traefik/traefik.yml:/etc/traefik/traefik.yml
+      # - ./traefik/traefik.yml:/etc/traefik/traefik.yml
      - ./traefik:/etc/traefik
      - ./letsencrypt:/letsencrypt
      - "./logsTraefik:/var/log/traefik"
@ -42,34 +43,33 @@ services:
      - backend
      - docker_default
    labels:
-      - "traefik.http.middlewares.authtest.basicauth.users=user:$$apr1$$VKJibd3x$$SwY/BRH.QTeVEaRDnLKvv0"
+      - "traefik.http.middlewares.authtest.basicauth.users=user:{{ traefik_basicauth_password }}"
      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.enabled=true"
-      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdseclapikey=dTkMpqDs/ryjvw1tQaV3k0VtCFQUlh+hrdZMEWnxfXc"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdseclapikey={{ traefik_crowdsec_bouncer_lapi_key }}"
      - "traefik.http.middlewares.authchain.chain.middlewares=crowdsec@docker,authentik@docker"
      - "traefik.http.middlewares.internalOnly.ipallowlist.sourcerange=192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
      - "traefik.http.middlewares.internalOnlyWithAuth.chain.middlewares=internalOnly@docker,crowdsec@docker,authentik@docker"
-        
+      # ddclient:
-        #ddclient:
+      #  image: lscr.io/linuxserver/ddclient:latest
-        #  image: lscr.io/linuxserver/ddclient:latest
+      #  container_name: ddclient
-        #  container_name: ddclient
+      #  environment:
-        #  environment:
+      #    - PUID=1000
-        #    - PUID=1000
+      #    - PGID=1000
-        #    - PGID=1000
+      #    - TZ=America/Thunder_Bay
-        #    - TZ=America/Thunder_Bay
+      #  volumes:
-        #  volumes:
+      #    - ./ddclient/:/config
-        #    - ./ddclient/:/config
+      #  restart: unless-stopped
-        #  restart: unless-stopped
+      # porkbunddns:
-        #porkbunddns:
+      #  image: pavlinchen/porkbun-ddns
-        #  image: pavlinchen/porkbun-ddns
+      #  container_name: porkbun-ddns
-        #  container_name: porkbun-ddns
+      #  restart: unless-stopped
-        #  restart: unless-stopped
+      #  pull_policy: always
-        #  pull_policy: always
+      #  environment:
-        #  environment:
+      #      APIKey: pk1_6896ac0da1af81d9b7ae1ef0ee65b7f8bc655fc0099588e1db9bb9708da2d2ec
-        #      APIKey: pk1_6896ac0da1af81d9b7ae1ef0ee65b7f8bc655fc0099588e1db9bb9708da2d2ec
+      #      SecretAPIKey: k1_8c0d61edd906856c4f4f979b6207049ea0b0b50aec5759dacb86c24cb0bf001d
-        #      SecretAPIKey: k1_8c0d61edd906856c4f4f979b6207049ea0b0b50aec5759dacb86c24cb0bf001d
+      #      Domain: mycomputer.party wiki
-        #      Domain: mycomputer.party wiki
+      #      Schedule: "*/5 * * * *" #optional
-        #      Schedule: "*/5 * * * *" #optional
+      #      TZ: Canada/Eastern #optional
        #      TZ: Canada/Eastern #optional
  dokuwiki:
    image: bitnami/dokuwiki:20240206
    restart: unless-stopped
@ -82,7 +82,7 @@ services:
    volumes:
      - ./dokuwiki:/bitnami/dokuwiki
    networks:
-      -  backend
+      - backend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dokuwiki.rule=Host(`wiki.mycomputer.party`)"
@ -91,31 +91,31 @@ services:
      - traefik.http.routers.dokuwiki.tls=true
      - "traefik.http.routers.dokuwiki.middlewares=crowdsec@docker"
  mail-server:
-      tty: true
+    tty: true
-      stdin_open: true
+    stdin_open: true
-      restart: unless-stopped
+    restart: unless-stopped
-      ports:
+    ports:
-          - 8443:443
+      - 8443:443
-          - 8008:8080
+      - 8008:8080
-          - 25:25
+      - 25:25
-          - 587:587
+      - 587:587
-          - 465:465
+      - 465:465
-          - 143:143
+      - 143:143
-          - 993:993
+      - 993:993
-          - 4190:4190
+      - 4190:4190
-      volumes:
+    volumes:
-        - ./stalwart-mail:/opt/stalwart-mail
+      - ./stalwart-mail:/opt/stalwart-mail
-      container_name: stalwart-mail
+    container_name: stalwart-mail
-      image: stalwartlabs/mail-server:latest
+    image: stalwartlabs/mail-server:v0.10.6
-      labels:
+    labels:
-        - "traefik.enable=true"
+      - "traefik.enable=true"
-        - "traefik.http.routers.stalwart.rule=Host(`stalwart.mycomputer.party`)"
+      - "traefik.http.routers.stalwart.rule=Host(`stalwart.mycomputer.party`)"
-        - "traefik.http.routers.stalwart.entrypoints=websecure"
+      - "traefik.http.routers.stalwart.entrypoints=websecure"
-        - "traefik.http.routers.stalwart.tls.certresolver=myresolver"
+      - "traefik.http.routers.stalwart.tls.certresolver=myresolver"
-        - "traefik.http.routers.stalwart.tls=true"
+      - "traefik.http.routers.stalwart.tls=true"
-        - "traefik.http.services.stalwart-http.loadbalancer.server.port=8080"
+      - "traefik.http.services.stalwart-http.loadbalancer.server.port=8080"
  # --- MariaDB
-  #linkace-db:
+  # linkace-db:
  #  image: mariadb:11.2
  #  container_name: linkace-db
  #  restart: unless-stopped
@ -129,7 +129,7 @@ services:
  #    - db:/var/lib/mysql
  ## --- LinkAce Image with PHP and nginx
-  #linkace-app:
+  # linkace-app:
  #  image: linkace/linkace:simple
  #  container_name: linkace-app
  #  restart: unless-stopped
@ -155,7 +155,7 @@ services:
  linkding:
    container_name: "${LD_CONTAINER_NAME:-linkding}"
-    image: sissbruecker/linkding:latest-plus
+    image: sissbruecker/linkding:1.36.0-plus
    ports:
      - "${LD_HOST_PORT:-9090}:9090"
    volumes:
@ -174,17 +174,17 @@ services:
  wallabag:
    container_name: wallabag
    restart: unless-stopped
-    image: wallabag/wallabag
+    image: wallabag/wallabag:2.6.10
    environment:
-      #- MYSQL_ROOT_PASSWORD=wallaroot
+      # - MYSQL_ROOT_PASSWORD=wallaroot
      - POSTGRES_USER=wallabag
-      - POSTGRES_PASSWORD=Mo8ntF92q5oWNV6TbS7t
+      - POSTGRES_PASSWORD="{{ wallabag_postgres_password }}"
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
      - SYMFONY__ENV__DATABASE_HOST=postgres.injust.us
      - SYMFONY__ENV__DATABASE_PORT=5432
      - SYMFONY__ENV__DATABASE_NAME=wallabag
      - SYMFONY__ENV__DATABASE_USER=wallabag
-      - SYMFONY__ENV__DATABASE_PASSWORD=Mo8ntF92q5oWNV6TbS7t
+      - SYMFONY__ENV__DATABASE_PASSWORD="{{ wallabag_postgres_password }}"
      - SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_"
      - SYMFONY__ENV__MAILER_DSN=smtp://127.0.0.1
      - SYMFONY__ENV__FROM_EMAIL=wallabag@example.com
@ -218,7 +218,7 @@ services:
      timeout: 3s
  authentik-server:
    container_name: authentik-server
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.2}
+    image: ghcr.io/goauthentik/server:2024.8.2
    restart: unless-stopped
    command: server
    environment:
@ -252,7 +252,7 @@ services:
      - "traefik.http.routers.authentik.middlewares=crowdsec@docker"
  authentik-worker:
    container_name: authentik-worker
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.2}
+    image: ghcr.io/goauthentik/server:2024.8.2
    restart: unless-stopped
    command: worker
    environment:
@ -278,128 +278,128 @@ services:
    depends_on:
      - redis
  changedetection:
-      image: ghcr.io/dgtlmoon/changedetection.io
+    image: ghcr.io/dgtlmoon/changedetection.io:0.47.06
-      container_name: changedetection
+    container_name: changedetection
-      hostname: changedetection
+    hostname: changedetection
-      volumes:
+    volumes:
-        - changedetection-data:/datastore
+      - changedetection-data:/datastore
-# Configurable proxy list support, see https://github.com/dgtlmoon/changedetection.io/wiki/Proxy-configuration#proxy-list-support
+      # Configurable proxy list support, see https://github.com/dgtlmoon/changedetection.io/wiki/Proxy-configuration#proxy-list-support
-#        - ./proxies.json:/datastore/proxies.json
+      #        - ./proxies.json:/datastore/proxies.json
-      environment:
+    environment:
-  #        Default listening port, can also be changed with the -p option
+      #        Default listening port, can also be changed with the -p option
-  #      - PORT=5000
+      #      - PORT=5000
-  #      - PUID=1000
+      #      - PUID=1000
-  #      - PGID=1000
+      #      - PGID=1000
-  #
+      #
-  #        Log levels are in descending order. (TRACE is the most detailed one)
+      #        Log levels are in descending order. (TRACE is the most detailed one)
-  #        Log output levels: TRACE, DEBUG(default), INFO, SUCCESS, WARNING, ERROR, CRITICAL
+      #        Log output levels: TRACE, DEBUG(default), INFO, SUCCESS, WARNING, ERROR, CRITICAL
-  #      - LOGGER_LEVEL=DEBUG
+      #      - LOGGER_LEVEL=DEBUG
-  #
+      #
-  #       Alternative WebDriver/selenium URL, do not use "'s or 's!
+      #       Alternative WebDriver/selenium URL, do not use "'s or 's!
-  #      - WEBDRIVER_URL=http://browser-chrome:4444/wd/hub
+      #      - WEBDRIVER_URL=http://browser-chrome:4444/wd/hub
-  #
+      #
-  #       WebDriver proxy settings webdriver_proxyType, webdriver_ftpProxy, webdriver_noProxy,
+      #       WebDriver proxy settings webdriver_proxyType, webdriver_ftpProxy, webdriver_noProxy,
-  #                                webdriver_proxyAutoconfigUrl, webdriver_autodetect,
+      #                                webdriver_proxyAutoconfigUrl, webdriver_autodetect,
-  #                                webdriver_socksProxy, webdriver_socksUsername, webdriver_socksVersion, webdriver_socksPassword
+      #                                webdriver_socksProxy, webdriver_socksUsername, webdriver_socksVersion, webdriver_socksPassword
-  #
+      #
-  #             https://selenium-python.readthedocs.io/api.html#module-selenium.webdriver.common.proxy
+      #             https://selenium-python.readthedocs.io/api.html#module-selenium.webdriver.common.proxy
-  #
+      #
-  #       Alternative Playwright URL, do not use "'s or 's!
+      #       Alternative Playwright URL, do not use "'s or 's!
-  #      - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000
+      #      - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000
-  #
+      #
-  #       Playwright proxy settings playwright_proxy_server, playwright_proxy_bypass, playwright_proxy_username, playwright_proxy_password
+      #       Playwright proxy settings playwright_proxy_server, playwright_proxy_bypass, playwright_proxy_username, playwright_proxy_password
-  #
+      #
-  #             https://playwright.dev/python/docs/api/class-browsertype#browser-type-launch-option-proxy
+      #             https://playwright.dev/python/docs/api/class-browsertype#browser-type-launch-option-proxy
-  #
+      #
-  #        Plain requests - proxy support example.
+      #        Plain requests - proxy support example.
-  #      - HTTP_PROXY=socks5h://10.10.1.10:1080
+      #      - HTTP_PROXY=socks5h://10.10.1.10:1080
-  #      - HTTPS_PROXY=socks5h://10.10.1.10:1080
+      #      - HTTPS_PROXY=socks5h://10.10.1.10:1080
-  #
+      #
-  #        An exclude list (useful for notification URLs above) can be specified by with
+      #        An exclude list (useful for notification URLs above) can be specified by with
-  #      - NO_PROXY="localhost,192.168.0.0/24"
+      #      - NO_PROXY="localhost,192.168.0.0/24"
-  #
+      #
-  #        Base URL of your changedetection.io install (Added to the notification alert)
+      #        Base URL of your changedetection.io install (Added to the notification alert)
-        - BASE_URL=https://changedetection.mycomputer.party
+      - BASE_URL=https://changedetection.mycomputer.party
-  #        Respect proxy_pass type settings, `proxy_set_header Host "localhost";` and `proxy_set_header X-Forwarded-Prefix /app;`
+      #        Respect proxy_pass type settings, `proxy_set_header Host "localhost";` and `proxy_set_header X-Forwarded-Prefix /app;`
-  #        More here https://github.com/dgtlmoon/changedetection.io/wiki/Running-changedetection.io-behind-a-reverse-proxy-sub-directory
+      #        More here https://github.com/dgtlmoon/changedetection.io/wiki/Running-changedetection.io-behind-a-reverse-proxy-sub-directory
-        - USE_X_SETTINGS=1
+      - USE_X_SETTINGS=1
-  #
+      #
-  #        Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname.
+      #        Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname.
-  #- HIDE_REFERER=true
+      # - HIDE_REFERER=true
-  #
+      #
-  #        Default number of parallel/concurrent fetchers
+      #        Default number of parallel/concurrent fetchers
-  #      - FETCH_WORKERS=10
+      #      - FETCH_WORKERS=10
      # Comment out ports: when using behind a reverse proxy , enable networks: etc.
-      ports:
+    ports:
-        - 5000:5000
+      - 5000:5000
-      restart: unless-stopped
+    restart: unless-stopped
-      labels:
+    labels:
-        - "traefik.enable=true"
+      - "traefik.enable=true"
-        - "traefik.http.routers.changedetection.rule=Host(`changedetection.mycomputer.party`)"
+      - "traefik.http.routers.changedetection.rule=Host(`changedetection.mycomputer.party`)"
-        - "traefik.http.routers.changedetection.entrypoints=websecure"
+      - "traefik.http.routers.changedetection.entrypoints=websecure"
-        - "traefik.http.routers.changedetection.tls.certresolver=myresolver"
+      - "traefik.http.routers.changedetection.tls.certresolver=myresolver"
-        - "traefik.http.routers.changedetection.tls=true"
+      - "traefik.http.routers.changedetection.tls=true"
-        - "traefik.http.services.changedetection-http.loadbalancer.server.port=5000"
+      - "traefik.http.services.changedetection-http.loadbalancer.server.port=5000"
-        - "traefik.http.routers.changedetection.middlewares=authchain@docker"
+      - "traefik.http.routers.changedetection.middlewares=authchain@docker"
-     # Used for fetching pages via WebDriver+Chrome where you need Javascript support.
+   # Used for fetching pages via WebDriver+Chrome where you need Javascript support.
-     # Now working on arm64 (needs testing on rPi - tested on Oracle ARM instance)
+   # Now working on arm64 (needs testing on rPi - tested on Oracle ARM instance)
-     # replace image with seleniarm/standalone-chromium:4.0.0-20211213
+   # replace image with seleniarm/standalone-chromium:4.0.0-20211213
-     # If WEBDRIVER or PLAYWRIGHT are enabled, changedetection container depends on that
+   # If WEBDRIVER or PLAYWRIGHT are enabled, changedetection container depends on that
-     # and must wait before starting (substitute "browser-chrome" with "playwright-chrome" if last one is used)
+   # and must wait before starting (substitute "browser-chrome" with "playwright-chrome" if last one is used)
-#    depends_on:
+   #    depends_on:
-#        browser-chrome:
+   #        browser-chrome:
-#            condition: service_started
+   #            condition: service_started
-     # Used for fetching pages via Playwright+Chrome where you need Javascript support.
+   # Used for fetching pages via Playwright+Chrome where you need Javascript support.
-     # RECOMMENDED FOR FETCHING PAGES WITH CHROME
+   # RECOMMENDED FOR FETCHING PAGES WITH CHROME
-#    playwright-chrome:
+   #    playwright-chrome:
-#        hostname: playwright-chrome
+   #        hostname: playwright-chrome
-#        image: dgtlmoon/sockpuppetbrowser:latest
+   #        image: dgtlmoon/sockpuppetbrowser:latest
-#        cap_add:
+   #        cap_add:
-#            - SYS_ADMIN
+   #            - SYS_ADMIN
-## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
+   ## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
-#        restart: unless-stopped
+   #        restart: unless-stopped
-#        environment:
+   #        environment:
-#            - SCREEN_WIDTH=1920
+   #            - SCREEN_WIDTH=1920
-#            - SCREEN_HEIGHT=1024
+   #            - SCREEN_HEIGHT=1024
-#            - SCREEN_DEPTH=16
+   #            - SCREEN_DEPTH=16
-#            - MAX_CONCURRENT_CHROME_PROCESSES=10
+   #            - MAX_CONCURRENT_CHROME_PROCESSES=10
-     # Used for fetching pages via Playwright+Chrome where you need Javascript support.
+   # Used for fetching pages via Playwright+Chrome where you need Javascript support.
-     # Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector)
+   # Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector)
-     #       Does not report status codes (200, 404, 403) and other issues
+   #       Does not report status codes (200, 404, 403) and other issues
-#    browser-chrome:
+   #    browser-chrome:
-#        hostname: browser-chrome
+   #        hostname: browser-chrome
-#        image: selenium/standalone-chrome:4
+   #        image: selenium/standalone-chrome:4
-#        environment:
+   #        environment:
-#            - VNC_NO_PASSWORD=1
+   #            - VNC_NO_PASSWORD=1
-#            - SCREEN_WIDTH=1920
+   #            - SCREEN_WIDTH=1920
-#            - SCREEN_HEIGHT=1080
+   #            - SCREEN_HEIGHT=1080
-#            - SCREEN_DEPTH=24
+   #            - SCREEN_DEPTH=24
-#        volumes:
+   #        volumes:
-#            # Workaround to avoid the browser crashing inside a docker container
+   #            # Workaround to avoid the browser crashing inside a docker container
-#            # See https://github.com/SeleniumHQ/docker-selenium#quick-start
+   #            # See https://github.com/SeleniumHQ/docker-selenium#quick-start
-#            - /dev/shm:/dev/shm
+   #            - /dev/shm:/dev/shm
-#        restart: unless-stopped
+   #        restart: unless-stopped
  healthchecks:
    container_name: healthchecks
    restart: unless-stopped
    # To use a pre-built image, remove the above "build" section
    # and uncomment the following line:
-    image: healthchecks/healthchecks:latest
+    image: healthchecks/healthchecks:v3.7
    env_file:
-        - .healthchecks-env
+      - .healthchecks-env
    ports:
-        - "8011:8000"
+      - "8011:8000"
-        # To enable SMTP on port 2525, set SMTPD_PORT=2525 in .env
+      # To enable SMTP on port 2525, set SMTPD_PORT=2525 in .env
-        # and uncomment the following line:
+      # and uncomment the following line:
-        # - "2525:2525"
+      # - "2525:2525"
    command: bash -c 'uwsgi /opt/healthchecks/docker/uwsgi.ini'
    labels:
      - "traefik.enable=true"
@ -411,7 +411,7 @@ services:
      - "traefik.http.routers.healthchecks.middlewares=authchain@docker"
  apache:
    image: php:7.2-apache
-    volumes: 
+    volumes:
      - ./apache:/var/www/html
    ports:
      - 8012:80
@ -428,7 +428,7 @@ services:
      - backend
  apache2:
    image: php:7.2-apache
-    volumes: 
+    volumes:
      - ./apache:/var/www/html
    ports:
      - 8013:80
@ -440,34 +440,34 @@ services:
      - "traefik.http.routers.apache2.tls.certresolver=myresolver"
      - "traefik.http.routers.apache2.tls=true"
      - "traefik.http.services.apache2-http.loadbalancer.server.port=80"
-        #- traefik.http.routers.apache2.middlewares=authchain@docker
+      # - traefik.http.routers.apache2.middlewares=authchain@docker
    networks:
      - backend
-        #wireguard:
+      # wireguard:
-        #  image: lscr.io/linuxserver/wireguard
+      #  image: lscr.io/linuxserver/wireguard
-        #  container_name: wireguard
+      #  container_name: wireguard
-        #  cap_add:
+      #  cap_add:
-        #    - NET_ADMIN
+      #    - NET_ADMIN
-        #    - SYS_MODULE
+      #    - SYS_MODULE
-        #  environment:
+      #  environment:
-        #    - PUID=1001
+      #    - PUID=1001
-        #    - PGID=1001
+      #    - PGID=1001
-        #    - TZ=America/Thunder_Bay
+      #    - TZ=America/Thunder_Bay
-        #    - PEERS=thelma
+      #    - PEERS=thelma
-        #    - INTERNAL_SUBNET=10.11.20.0/24
+      #    - INTERNAL_SUBNET=10.11.20.0/24
-        #    - ALLOWEDIPS=10.11.0.0/16
+      #    - ALLOWEDIPS=10.11.0.0/16
-        #  volumes:
+      #  volumes:
-        #    - ./wireguard:/config
+      #    - ./wireguard:/config
-        #    - /lib/modules:/lib/modules
+      #    - /lib/modules:/lib/modules
-        #  networks:
+      #  networks:
-        #    wireguard:
+      #    wireguard:
-        #      ipv4_address: 172.20.0.50
+      #      ipv4_address: 172.20.0.50
-        #  sysctls:
+      #  sysctls:
-        #    - net.ipv4.conf.all.src_valid_mark=1
+      #    - net.ipv4.conf.all.src_valid_mark=1
-        #  restart: unless-stopped
+      #  restart: unless-stopped
  crowdsec:
-    image: crowdsecurity/crowdsec
+    image: crowdsecurity/crowdsec:v1.6.3
    container_name: crowdsec
    environment:
      PGID: "1001"
@ -477,7 +477,7 @@ services:
    expose:
      - "8080"
    volumes:
-      #- ./crowdsec/logs:/var/log/crowdsec:ro
+      # - ./crowdsec/logs:/var/log/crowdsec:ro
      - ./crowdsec/db:/var/lib/crowdsec/data
      - /var/log:/var/log:ro
      - ./crowdsec/opt:/etc/crowdsec
@ -486,22 +486,22 @@ services:
    restart: unless-stopped
    labels:
      - "traefik.enable=false"
-        #- "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
+        # - "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
-        #- "traefik.http.routers.crowdsec.entrypoints=websecure"
+        # - "traefik.http.routers.crowdsec.entrypoints=websecure"
-        #- "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
+        # - "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
-        #- "traefik.http.routers.crowdsec.tls=true"
+        # - "traefik.http.routers.crowdsec.tls=true"
    networks:
      - proxy
      - backend
  ddns-updater:
-    image: docker.io/qmcgaw/ddns-updater
+    image: docker.io/qmcgaw/ddns-updater:v2.8
    container_name: ddns-updater
    ports:
      - 8014:8000
    volumes:
      - ./ddns-updater:/updater/data
  bookstack:
-    image: lscr.io/linuxserver/bookstack
+    image: lscr.io/linuxserver/bookstack:v24.10.1-ls173
    container_name: bookstack
    environment:
      - PUID=1000
@ -511,7 +511,7 @@ services:
      - DB_HOST=bookstack_db
      - DB_PORT=3306
      - DB_USER=bookstack
-      - DB_PASS=Chn8i#ExmX@J1C
+      - DB_PASS="{{ bookstack_db_password }}"
      - DB_DATABASE=bookstackapp
    env_file:
      - .env-bookstack
@ -529,35 +529,35 @@ services:
      - "traefik.http.routers.bookstack.tls.certresolver=myresolver"
      - "traefik.http.routers.bookstack.tls=true"
  bookstack_db:
-    image: lscr.io/linuxserver/mariadb
+    image: lscr.io/linuxserver/mariadb:10.11.10-r0-ls161
    container_name: bookstack_db
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Thunder_Bay
-      - MYSQL_ROOT_PASSWORD=cSoO1dcaS5sI&t
+      - MYSQL_ROOT_PASSWORD="{{ bookstack_db_root_password }}"
      - MYSQL_DATABASE=bookstackapp
      - MYSQL_USER=bookstack
-      - MYSQL_PASSWORD=Chn8i#ExmX@J1C
+      - MYSQL_PASSWORD="{{ bookstack_db_password }}"
    volumes:
      - ./bookstack_db_data:/config
    restart: unless-stopped
  wikijs:
-    image: ghcr.io/requarks/wiki:2
+    image: ghcr.io/requarks/wiki:2.5.305
    container_name: wikijs
    environment:
      DB_TYPE: postgres
      DB_HOST: postgres.injust.us
      DB_PORT: 5432
      DB_USER: wikijs
-      DB_PASS: 3Jfr7nmY4KBauR3nuHno
+      DB_PASS: "{{ wikijs_postgres_password }}"
      DB_NAME: wikijs
    restart: unless-stopped
    labels:
-    - "traefik.http.routers.wiki.rule=Host(`wikijs.mycomputer.party`)"
+      - "traefik.http.routers.wiki.rule=Host(`wikijs.mycomputer.party`)"
-    - traefik.http.routers.wiki.tls=true
+      - traefik.http.routers.wiki.tls=true
-    - "traefik.http.routers.wiki.entrypoints=websecure"
+      - "traefik.http.routers.wiki.entrypoints=websecure"
-    - "traefik.http.routers.wiki.tls.certresolver=myresolver"
+      - "traefik.http.routers.wiki.tls.certresolver=myresolver"
      #  immich-server:
      #    container_name: immich_server
@ -621,9 +621,6 @@ services:
      #        #      test: redis-cli ping || exit 1
      #        #    restart: always
 volumes:
  linkace_logs:
  db:
@ -641,7 +638,4 @@ networks:
  backend:
  proxy:
  docker_default:
-    external: True
+    external: true
--- a/ansible/assets/docker-int/compose.yml.j2
+++ b/ansible/assets/docker-int/compose.yml.j2
@ -1,39 +1,40 @@
 ---
 version: '3.3'
 services:
    traefik:
-      container_name: traefik
+        container_name: traefik
-      # The official v2 Traefik docker image
+        # The official v2 Traefik docker image
-      image: traefik:v2.11
+        image: traefik:v2.11
-      # Enables the web UI and tells Traefik to listen to docker
+        # Enables the web UI and tells Traefik to listen to docker
-      command: 
+        command:
-        - --api.insecure=true 
+            - --api.insecure=true
-        - --providers.docker
+            - --providers.docker
-        - "--log.filePath=/var/log/traefik/traefik.log"
+            - "--log.filePath=/var/log/traefik/traefik.log"
-        - "--entryPoints.web.address=:80"
+            - "--entryPoints.web.address=:80"
-        - "--entryPoints.websecure.address=:443"
+            - "--entryPoints.websecure.address=:443"
-        - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
+            - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
-        - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
+            - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
-        #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+            # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-        - "--certificatesresolvers.myresolver.acme.email=jg@justus.ws"
+            - "--certificatesresolvers.myresolver.acme.email=jg@justus.ws"
-        - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+            - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
-      ports:
+        ports:
-        # The HTTP port
+            # The HTTP port
-        - "80:80"
+            - "80:80"
-        - "443:443"
+            - "443:443"
-        # The Web UI (enabled by --api.insecure=true)
+            # The Web UI (enabled by --api.insecure=true)
-        - "8080:8080"
+            - "8080:8080"
-      volumes:
+        volumes:
-        # So that Traefik can listen to the Docker events
+            # So that Traefik can listen to the Docker events
-        - /var/run/docker.sock:/var/run/docker.sock
+            - /var/run/docker.sock:/var/run/docker.sock
-        - "./letsencrypt:/letsencrypt"
+            - "./letsencrypt:/letsencrypt"
-        - "./logsTraefik:/var/log/traefik"
+            - "./logsTraefik:/var/log/traefik"
-      environment:
+        environment:
-        - "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629"
+            - "CF_API_KEY={{ cf_api_key }}"
-        - "CF_API_EMAIL=jg@justus.ws"
+            - "CF_API_EMAIL=jg@justus.ws"
-    #squid:
+    # squid:
    #    container_name: squid
    #    volumes:
-    #        #- '/root/docker/squid/logs:/var/log/squid'
+    #        # - '/root/docker/squid/logs:/var/log/squid'
    #        #  - '/root/docker/squid/data:/var/spool/squid'
    #        - '/root/docker/squid/squid.conf:/etc/squid/squid.conf'
    #        #  - '/rood/docker/squid/config-snippet:/etc/squid/conf.d/snippet.conf'
@ -42,130 +43,128 @@ services:
    #    ports:
    #        - '3128:3128'
    #    image: 'ubuntu/squid:5.2-22.04_beta'
-    #      #yacy_search_server:
+    #      # yacy_search_server:
    #      #    container_name: yacy
    #      #    ports:
    #      #        - '8090:8090'
    #      #        - '8443:8443'
    #      #    logging:
-    #      #        options: 
+    #      #        options:
    #      #          max-size: 200
    #      #          max-file: 2
    #      #    image: 'yacy/yacy_search_server:latest'
    paperless-broker:
-      image: docker.io/library/redis:7
+        image: docker.io/library/redis:7
-      container_name: paperless-broker
+        container_name: paperless-broker
-      restart: unless-stopped
+        restart: unless-stopped
-      volumes:
+        volumes:
-        - redisdata:/data
+            - redisdata:/data
-
+            #    db:
-          #    db:
+            #      image: docker.io/library/postgres:15
-          #      image: docker.io/library/postgres:15
+            #      restart: unless-stopped
-          #      restart: unless-stopped
+            #      volumes:
-          #      volumes:
+            #        - pgdata:/var/lib/postgresql/data
-          #        - pgdata:/var/lib/postgresql/data
+            #      environment:
-          #      environment:
+            #        POSTGRES_DB: paperless
-          #        POSTGRES_DB: paperless
+            #        POSTGRES_USER: paperless
-          #        POSTGRES_USER: paperless
+            #        POSTGRES_PASSWORD: paperless
          #        POSTGRES_PASSWORD: paperless
    paperless-webserver:
-      image: ghcr.io/paperless-ngx/paperless-ngx:latest
+        image: ghcr.io/paperless-ngx/paperless-ngx:2.7.2
-      container_name: paperless-webserver
+        container_name: paperless-webserver
-      restart: unless-stopped
+        restart: unless-stopped
-      depends_on:
+        depends_on:
-        #        - db
+            #        - db
-        - paperless-broker
+            - paperless-broker
-      ports:
+        ports:
-        - "8000:8000"
+            - "8000:8000"
-      volumes:
+        volumes:
-        - data:/usr/src/paperless/data
+            - data:/usr/src/paperless/data
-        - media:/usr/src/paperless/media
+            - media:/usr/src/paperless/media
-        - export:/usr/src/paperless/export
+            - export:/usr/src/paperless/export
-        - consume:/usr/src/paperless/consume
+            - consume:/usr/src/paperless/consume
-      env_file: docker-compose.env
+        env_file: docker-compose.env
-        #environment:
+        # environment:
-      labels:
+        labels:
-        - "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)"
+            - "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)"
-        - "traefik.http.routers.paperless.entrypoints=websecure"
+            - "traefik.http.routers.paperless.entrypoints=websecure"
-        - traefik.http.routers.paperless.tls=true
+            - traefik.http.routers.paperless.tls=true
-        - "traefik.http.routers.paperless.tls.certresolver=myresolver"
+            - "traefik.http.routers.paperless.tls.certresolver=myresolver"
    webdav:
-      container_name: webdav
+        container_name: webdav
-      image: ionelmc/webdav
+        image: ionelmc/webdav
-      restart: unless-stopped
+        restart: unless-stopped
-      ports:
+        ports:
-        - "8081:8080"
+            - "8081:8080"
-      environment:
+        environment:
-        WEBDAV_USERNAME: alice
+            WEBDAV_USERNAME: alice
-        WEBDAV_PASSWORD: secret1234
+            WEBDAV_PASSWORD: "{{ webdav_password }}"
-        UID: 1001
+            UID: 1001
-      volumes:
+        volumes:
-        - ./consume:/media
+            - ./consume:/media
-          #webdav:
+            # webdav:
-          #  container_name: webdav
+            #  container_name: webdav
-          #  image: bytemark/webdav
+            #  image: bytemark/webdav
-          #  restart: unless-stopped
+            #  restart: unless-stopped
-          #  ports:
+            #  ports:
-          #    - "8081:80"
+            #    - "8081:80"
-          #  environment:
+            #  environment:
-          #    AUTH_TYPE: Digest
+            #    AUTH_TYPE: Digest
-          #    USERNAME: alice
+            #    USERNAME: alice
-          #    PASSWORD: secret1234
+            #    PASSWORD: secret1234
-          #  volumes:
+            #  volumes:
-          #    - consume:/var/lib/dav/data/ScannerPro
+            #    - consume:/var/lib/dav/data/ScannerPro
-      labels:
+        labels:
-        - "traefik.http.routers.webdav.rule=Host(`webdav.injust.us`)"
+            - "traefik.http.routers.webdav.rule=Host(`webdav.injust.us`)"
    testweb:
-      image: httpd:2.4
+        image: httpd:2.4
-      ports: 
+        ports:
-        - "8008:80"
+            - "8008:80"
-      volumes:
+        volumes:
-        - ./htdocs:/usr/local/apache2/htdocs/
+            - ./htdocs:/usr/local/apache2/htdocs/
-      labels:
+        labels:
-        - "traefik.http.routers.testweb.rule=Host(`testweb.injust.us`)"
+            - "traefik.http.routers.testweb.rule=Host(`testweb.injust.us`)"
-        - traefik.http.routers.testweb.tls=true
+            - traefik.http.routers.testweb.tls=true
-        - "traefik.http.routers.testweb.entrypoints=websecure"
+            - "traefik.http.routers.testweb.entrypoints=websecure"
-        - "traefik.http.routers.testweb.tls.certresolver=myresolver"
+            - "traefik.http.routers.testweb.tls.certresolver=myresolver"
    actual_server:
-      image: docker.io/actualbudget/actual-server:latest
+        image: docker.io/actualbudget/actual-server:24.11.0
-      ports:
+        ports:
-        # This line makes Actual available at port 5006 of the device you run the server on,
+            # This line makes Actual available at port 5006 of the device you run the server on,
-        # i.e. http://localhost:5006. You can change the first number to change the port, if you want.
+            # i.e. http://localhost:5006. You can change the first number to change the port, if you want.
-        - '5006:5006'
+            - '5006:5006'
-      #environment:
+            # environment:
-        # Uncomment any of the lines below to set configuration options.
+            # Uncomment any of the lines below to set configuration options.
-        # - ACTUAL_HTTPS_KEY=/data/selfhost.key
+            # - ACTUAL_HTTPS_KEY=/data/selfhost.key
-        # - ACTUAL_HTTPS_CERT=/data/selfhost.crt
+            # - ACTUAL_HTTPS_CERT=/data/selfhost.crt
-        # - ACTUAL_PORT=5006
+            # - ACTUAL_PORT=5006
-        # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
+            # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
-        # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
+            # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
-        # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
+            # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
-        # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
+            # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
-        # !! If you are not using any of these options, remove the 'environment:' tag entirely.
+            # !! If you are not using any of these options, remove the 'environment:' tag entirely.
-      volumes:
+        volumes:
-        # Change './actual-data' below to the path to the folder you want Actual to store its data in on your server.
+            # Change './actual-data' below to the path to the folder you want Actual to store its data in on your server.
-        # '/data' is the path Actual will look for its files in by default, so leave that as-is.
+            # '/data' is the path Actual will look for its files in by default, so leave that as-is.
-        - ./actual-data:/data
+            - ./actual-data:/data
-      labels:
+        labels:
-        - "traefik.http.routers.actual.rule=Host(`actual.injust.us`)"
+            - "traefik.http.routers.actual.rule=Host(`actual.injust.us`)"
-        - traefik.http.routers.actual.tls=true
+            - traefik.http.routers.actual.tls=true
-        - "traefik.http.routers.actual.entrypoints=websecure"
+            - "traefik.http.routers.actual.entrypoints=websecure"
-        - "traefik.http.routers.actual.tls.certresolver=myresolver"
+            - "traefik.http.routers.actual.tls.certresolver=myresolver"
-      restart: unless-stopped
+        restart: unless-stopped
 volumes:
-  data:
+    data:
-  media:
+    media:
-  pgdata:
+    pgdata:
-  redisdata:
+    redisdata:
-  consume:
+    consume:
-    driver_opts:
+        driver_opts:
-      type: "nfs"
+            type: "nfs"
-      o: "addr=omv.injust.us,nolock,soft,rw"
+            o: "addr=omv.injust.us,nolock,soft,rw"
-      device: ":/export/Paperless"
+            device: ":/export/Paperless"
-  export:
+    export:
-    driver_opts:
+        driver_opts:
-      type: "nfs"
+            type: "nfs"
-      o: "addr=omv.injust.us,nolock,soft,rw"
+            o: "addr=omv.injust.us,nolock,soft,rw"
-      device: ":/export/Paperless_Export"
+            device: ":/export/Paperless_Export"
--- a/ansible/assets/git/compose.yml.j2
+++ b/ansible/assets/git/compose.yml.j2
@ -1,3 +1,4 @@
 ---
 version: "3"
 networks:
--- a/ansible/assets/gitea/compose.yml.j2
+++ b/ansible/assets/gitea/compose.yml.j2
@ -1,3 +1,4 @@
 ---
 version: '3.3'
 services:
  runner:
--- a/ansible/inventory/host_vars/docker-ext/vars
+++ b/ansible/inventory/host_vars/docker-ext/vars
@ -0,0 +1,7 @@
 ---
 traefik_basicauth_password: "{{ vault_traefik_basicauth_password }}"
 traefik_crowdsec_bouncer_lapi_key: "{{ vault_traefik_crowdsec_bouncer_lapi_key }}"
 wallabag_postgres_password: "{{ vault_wallabag_postgres_password }}"
 bookstack_db_password: "{{ vault_bookstack_db_password }}"
 bookstack_db_root_password: "{{ vault_bookstack_db_root_password }}"
 wikijs_postgres_password: "{{ vault_wikijs_postgres_password }}"
--- a/ansible/inventory/host_vars/docker-ext/vault
+++ b/ansible/inventory/host_vars/docker-ext/vault
@ -0,0 +1,23 @@
 $ANSIBLE_VAULT;1.1;AES256
 32646563666534663266663566376431616161363333386234313761663134333734616233396133
 6563303763323332666264633964363366316136383332610a306365663331363737626664373234
 31346265613762636538353865613438386636643038303166303362616336323837323034333333
 6430646535656334360a633835343963623332633065323666346337396134316461376666363861
 33333465323366613837616134666139663162323035366162663466366261646661393262636133
 63663230353131363363313062323932643064386462646432613232643166386632626662336139
 66326238393733396337666430323265346635356562366432636635353938613033663562613934
 33376663623665323262396230313936343363333763393762373565303536666363326337316136
 31313262366538393362383762616166626561346339656466396331363338393663313361376163
 35386334623363353530373464663733616639313063386266626666663262616532373738386237
 32613136306463656433383035373737363735303538336462386461613664393635623463646434
 66366138333938646138643664643136663164613536626234663335643466396237373431393464
 63636132663436613465636239666533376666303235636235323838313830353936393563353235
 61336331356639623336643030393466336662383136386330636465613735633539636161323333
 39363932343235343838636265653830626161343032666331323362316533396366353131323736
 37663565343237613734353466343963363132306434306162346564303538623164613435623765
 32323062363833386364343939626535326562636465626131306534356165313566343237326632
 38393032656338313661333765326530353537366631653965303838393166393066653237323165
 38353538393536643361303665356631306166653162373763643137316362373536373162636364
 61646331326366363737663662656238393166366238636161343836376565346535653963663131
 33333539663330653663633033313832326334306634653833336133626234663739386632376630
 6230663035396165336139333439333461633534303766333934
--- a/ansible/inventory/host_vars/docker-int/vars
+++ b/ansible/inventory/host_vars/docker-int/vars
@ -0,0 +1,3 @@
 ---
 cf_api_key: "{{ vault_cf_api_key }}"
 webdav_password: "{{ vault_webdav_password }}"
--- a/ansible/inventory/host_vars/docker-int/vault
+++ b/ansible/inventory/host_vars/docker-int/vault
@ -0,0 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
 35353935306336363466613765393230363230396162346665373961653631636464383737356331
 3835326264613564613034663166656333663464373835610a346239366162323935383362316263
 31346237376639376331616463306165643462633032366136626464313063373032646162336539
 3832653562376661610a386663313034326165336630333463333131343432613636613539643365
 39653238646535613962373234363732636539623262363361663038303930353965316535373262
 31306136336663643634376366396537653162376635303961643864613335653364316163386538
 37396531623265656431306635343230386365353364316264353431613138326264666561346439
 34373464653764303062353532333865666133373562313232613136383234306139633036386238
 30303430303334613735313534663935663266393036666262376635656536323230
--- a/requirements.txt
+++ b/requirements.txt
@ -5,6 +5,6 @@ cryptography==39.0.0
 Jinja2==3.1.2
 MarkupSafe==2.1.1
 packaging==23.0
-pycparser==2.21
+pycparser==2.22
 PyYAML==6.0
 resolvelib==0.8.1
Author	SHA1	Message	Date
Renovate Bot	cc50a2778c	Update dependency pycparser to v2.22	2024-11-16 01:46:17 +00:00
Justus Grunow	b7696c9ba9	Merge branch 'change-secrets'. This resolves #1	2024-11-15 11:29:47 -05:00
Justus Grunow	85076cf875	Replaced and rotated all secrets in docker-int compose	2024-11-15 11:20:29 -05:00
Justus Grunow	98a27586c0	Fixed basementpi compose format	2024-11-15 10:50:32 -05:00
Justus Grunow	fa7fac3f65	Replaced and rotated all secrets in docker-ext compose	2024-11-15 10:50:22 -05:00
Justus Grunow	d16fd7825a	Added Docker image tags	2024-11-13 11:14:31 -05:00
Justus Grunow	6ea1a7c46c	Fixed YAML syntax	2024-11-12 19:27:39 -05:00