Update dependency ansible-core to v2.18.0

Merge branch 'change-secrets'. This resolves #1
Replaced and rotated all secrets in docker-int compose
2024-11-16 01:46:12 +00:00 · 2024-11-15 11:29:47 -05:00 · 2024-11-15 11:20:29 -05:00 · 2024-11-15 10:50:32 -05:00 · 2024-11-15 10:50:22 -05:00 · 2024-11-13 11:14:31 -05:00
10 changed files with 441 additions and 442 deletions
--- a/ansible/assets/basementpi/compose.yml.j2
+++ b/ansible/assets/basementpi/compose.yml.j2
@ -1,7 +1,5 @@
+---
 version: "3.5"
-
-# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
-
 networks:
  network_pihole:
    ipam:
@ -15,15 +13,13 @@ services:
    ports:
      - '80:80'
    environment:
-      DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }}
+      DEFAULT_HOST: "{{ pihole_hostname }}.{{ pihole_domain }}"
    volumes:
      - '/var/run/docker.sock:/tmp/docker.sock'
    restart: always
    networks:
      network_pihole:
        ipv4_address: 172.16.3.6
-
-
  pihole:
    image: pihole/pihole:latest
    ports:
@ -40,19 +36,19 @@ services:
      # run `touch ./var-log/pihole.log` first unless you like errors
      # - './var-log/pihole.log:/var/log/pihole/pihole.log'
      # Recommended but not required (DHCP needs NET_ADMIN)
-    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+      #   https://github.com/pi-hole/docker-pi-hole# note-on-capabilities
    cap_add:
      - NET_ADMIN
    expose:
      - 80
    environment:
      ServerIP: 10.11.1.10
-      PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }}
-      PROXY_LOCATION: {{ pihole_hostname }}
-      VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }}
+      PIHOLE_DNS_: unbound# 53;{{ pihole_additional_upstream_dnsservers }}
+      PROXY_LOCATION: "{{ pihole_hostname }}"
+      VIRTUAL_HOST: "{{ pihole_hostname}}.{{ pihole_domain }}"
      VIRTUAL_PORT: 80
-      WEBPASSWORD: {{ pihole_password }}
-      FTLCONF_LOCAL_IPV4: {{ pi_ip }}
+      WEBPASSWORD: "{{ pihole_password }}"
+      FTLCONF_LOCAL_IPV4: "{{ pi_ip }}"
      DNSMASQ_LISTENING: all

    extra_hosts:
@ -106,11 +102,11 @@ services:
    restart: always
    pull_policy: always
    environment:
-          APIKey: {{ porkbun_api_key }}
-          SecretAPIKey: {{ porkbun_secret_api_key }}
-          Domain: {{ porkbun_domain }}
+      APIKey: "{{ porkbun_api_key }}"
+      SecretAPIKey: "{{ porkbun_secret_api_key }}"
+      Domain: "{{ porkbun_domain }}"
      Schedule: "{{ porkbun_cron_sched }}"
-          TZ: {{ porkbun_tz }}
+      TZ: "{{ porkbun_tz }}"
    networks:
      network_pihole:
        ipv4_address: 172.16.3.4
@ -121,11 +117,11 @@ services:
    restart: always
    pull_policy: always
    environment:
-          APIKey: {{ porkbun_api_key }}
-          SecretAPIKey: {{ porkbun_secret_api_key }}
-          Domain: {{ porkbun_domain2 }}
+      APIKey: "{{ porkbun_api_key }}"
+      SecretAPIKey: "{{ porkbun_secret_api_key }}"
+      Domain: "{{ porkbun_domain2 }}"
      Schedule: "{{ porkbun_cron_sched }}"
-          TZ: {{ porkbun_tz }}
+      TZ: "{{ porkbun_tz }}"
    networks:
      network_pihole:
        ipv4_address: 172.16.3.7
@ -158,53 +154,18 @@ services:
      - TZ=Canada/Eastern
      - SERVERURL=vpn.coxgrunow.ca
      - SERVERPORT=51820
-      - PEERS=phone,tedupnorth #oAdded Docker tags to Ansible playbookptional
-      - PEERDNS=172.16.3.2 #optional
-      - INTERNAL_SUBNET=10.11.4.0 #optional
-      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional
+      - PEERS=phone,tedupnorth  # oAdded Docker tags to Ansible playbookptional
+      - PEERDNS=172.16.3.2  # optional
+      - INTERNAL_SUBNET=10.11.4.0  # optional
+      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2  # optional
      - SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16
-      - PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS
-      - LOG_CONFS=true #optional
+      - PERSISTENTKEEPALIVE_PEERS=all  # optional - for dynamic DNS
+      - LOG_CONFS=true  # optional
    volumes:
      - ./wireguard/config:/config
-      - /lib/modules:/lib/modules #optional
+      - /lib/modules:/lib/modules  # optional
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
-
-#   Another container you might want to have running through the proxy
-#   Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
-#  ghost:
-#    image: fractalf/ghost
-#    ports:
-#      - '2368:2368/tcp'
-#    volumes:
-#      - '/etc/ghost:/ghost-override'
-#    environment:
-#      PROXY_LOCATION: ghost
-#      VIRTUAL_HOST: ghost.yourDomain.lan
-#      VIRTUAL_PORT: 2368
-#    restart: always
-
-#  homeassistant:
-#      container_name: homeassistant
-#      image: "ghcr.io/home-assistant/home-assistant:stable"
-#      volumes:
-#        - ./homeassistant/config:/config
-#        - /etc/localtime:/etc/localtime:ro
-#      restart: unless-stopped
-#      privileged: true
-#      network_mode: host
-#      #environment:
-#      #  - VIRTUAL_HOST=homeassistant.coxgrunow.ca
-#      #  - VIRTUAL_PORT=8123
-  yacy:
-    container_name: yacy
-    image: "docker.io/yacy/yacy_search_server:aarch64-latest"
-    volumes:
-      - ./yacy:/opt/yacy_search_server/DATA
-    ports:
-      - 8090:8090/tcp
-      - 8443:8443/tcp
--- a/ansible/assets/docker-ext/compose.yml.j2
+++ b/ansible/assets/docker-ext/compose.yml.j2
@ -1,3 +1,4 @@
+---
 version: "3.5"
 services:
  traefik:
@ -23,7 +24,7 @@ services:
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - --experimental.plugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
      - --experimental.plugins.crowdsec-bouncer.version=v1.2.1
-        #- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      # - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
    ports:
      # The HTTP port
      - "80:80"
@ -33,7 +34,7 @@ services:
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
-        #- ./traefik/traefik.yml:/etc/traefik/traefik.yml
+      # - ./traefik/traefik.yml:/etc/traefik/traefik.yml
      - ./traefik:/etc/traefik
      - ./letsencrypt:/letsencrypt
      - "./logsTraefik:/var/log/traefik"
@ -42,14 +43,13 @@ services:
      - backend
      - docker_default
    labels:
-      - "traefik.http.middlewares.authtest.basicauth.users=user:$$apr1$$VKJibd3x$$SwY/BRH.QTeVEaRDnLKvv0"
+      - "traefik.http.middlewares.authtest.basicauth.users=user:{{ traefik_basicauth_password }}"
      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.enabled=true"
-      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdseclapikey=dTkMpqDs/ryjvw1tQaV3k0VtCFQUlh+hrdZMEWnxfXc"
+      - "traefik.http.middlewares.crowdsec.plugin.crowdsec-bouncer.crowdseclapikey={{ traefik_crowdsec_bouncer_lapi_key }}"
      - "traefik.http.middlewares.authchain.chain.middlewares=crowdsec@docker,authentik@docker"
      - "traefik.http.middlewares.internalOnly.ipallowlist.sourcerange=192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
      - "traefik.http.middlewares.internalOnlyWithAuth.chain.middlewares=internalOnly@docker,crowdsec@docker,authentik@docker"
-        
-        #ddclient:
+      # ddclient:
      #  image: lscr.io/linuxserver/ddclient:latest
      #  container_name: ddclient
      #  environment:
@ -59,7 +59,7 @@ services:
      #  volumes:
      #    - ./ddclient/:/config
      #  restart: unless-stopped
-        #porkbunddns:
+      # porkbunddns:
      #  image: pavlinchen/porkbun-ddns
      #  container_name: porkbun-ddns
      #  restart: unless-stopped
@ -106,7 +106,7 @@ services:
    volumes:
      - ./stalwart-mail:/opt/stalwart-mail
    container_name: stalwart-mail
-      image: stalwartlabs/mail-server:latest
+    image: stalwartlabs/mail-server:v0.10.6
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.stalwart.rule=Host(`stalwart.mycomputer.party`)"
@ -115,7 +115,7 @@ services:
      - "traefik.http.routers.stalwart.tls=true"
      - "traefik.http.services.stalwart-http.loadbalancer.server.port=8080"
  # --- MariaDB
-  #linkace-db:
+  # linkace-db:
  #  image: mariadb:11.2
  #  container_name: linkace-db
  #  restart: unless-stopped
@ -129,7 +129,7 @@ services:
  #    - db:/var/lib/mysql

  ## --- LinkAce Image with PHP and nginx
-  #linkace-app:
+  # linkace-app:
  #  image: linkace/linkace:simple
  #  container_name: linkace-app
  #  restart: unless-stopped
@ -155,7 +155,7 @@ services:

  linkding:
    container_name: "${LD_CONTAINER_NAME:-linkding}"
-    image: sissbruecker/linkding:latest-plus
+    image: sissbruecker/linkding:1.36.0-plus
    ports:
      - "${LD_HOST_PORT:-9090}:9090"
    volumes:
@ -174,17 +174,17 @@ services:
  wallabag:
    container_name: wallabag
    restart: unless-stopped
-    image: wallabag/wallabag
+    image: wallabag/wallabag:2.6.10
    environment:
-      #- MYSQL_ROOT_PASSWORD=wallaroot
+      # - MYSQL_ROOT_PASSWORD=wallaroot
      - POSTGRES_USER=wallabag
-      - POSTGRES_PASSWORD=Mo8ntF92q5oWNV6TbS7t
+      - POSTGRES_PASSWORD="{{ wallabag_postgres_password }}"
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
      - SYMFONY__ENV__DATABASE_HOST=postgres.injust.us
      - SYMFONY__ENV__DATABASE_PORT=5432
      - SYMFONY__ENV__DATABASE_NAME=wallabag
      - SYMFONY__ENV__DATABASE_USER=wallabag
-      - SYMFONY__ENV__DATABASE_PASSWORD=Mo8ntF92q5oWNV6TbS7t
+      - SYMFONY__ENV__DATABASE_PASSWORD="{{ wallabag_postgres_password }}"
      - SYMFONY__ENV__DATABASE_TABLE_PREFIX="wallabag_"
      - SYMFONY__ENV__MAILER_DSN=smtp://127.0.0.1
      - SYMFONY__ENV__FROM_EMAIL=wallabag@example.com
@ -218,7 +218,7 @@ services:
      timeout: 3s
  authentik-server:
    container_name: authentik-server
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.2}
+    image: ghcr.io/goauthentik/server:2024.8.2
    restart: unless-stopped
    command: server
    environment:
@ -252,7 +252,7 @@ services:
      - "traefik.http.routers.authentik.middlewares=crowdsec@docker"
  authentik-worker:
    container_name: authentik-worker
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.2}
+    image: ghcr.io/goauthentik/server:2024.8.2
    restart: unless-stopped
    command: worker
    environment:
@ -278,13 +278,13 @@ services:
    depends_on:
      - redis
  changedetection:
-      image: ghcr.io/dgtlmoon/changedetection.io
+    image: ghcr.io/dgtlmoon/changedetection.io:0.47.06
    container_name: changedetection
    hostname: changedetection
    volumes:
      - changedetection-data:/datastore
-# Configurable proxy list support, see https://github.com/dgtlmoon/changedetection.io/wiki/Proxy-configuration#proxy-list-support
-#        - ./proxies.json:/datastore/proxies.json
+      # Configurable proxy list support, see https://github.com/dgtlmoon/changedetection.io/wiki/Proxy-configuration#proxy-list-support
+      #        - ./proxies.json:/datastore/proxies.json

    environment:
      #        Default listening port, can also be changed with the -p option
@ -327,7 +327,7 @@ services:
      - USE_X_SETTINGS=1
      #
      #        Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname.
-  #- HIDE_REFERER=true
+      # - HIDE_REFERER=true
      #
      #        Default number of parallel/concurrent fetchers
      #      - FETCH_WORKERS=10
@ -351,48 +351,48 @@ services:

   # If WEBDRIVER or PLAYWRIGHT are enabled, changedetection container depends on that
   # and must wait before starting (substitute "browser-chrome" with "playwright-chrome" if last one is used)
-#    depends_on:
-#        browser-chrome:
-#            condition: service_started
+   #    depends_on:
+   #        browser-chrome:
+   #            condition: service_started

   # Used for fetching pages via Playwright+Chrome where you need Javascript support.
   # RECOMMENDED FOR FETCHING PAGES WITH CHROME
-#    playwright-chrome:
-#        hostname: playwright-chrome
-#        image: dgtlmoon/sockpuppetbrowser:latest
-#        cap_add:
-#            - SYS_ADMIN
-## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
-#        restart: unless-stopped
-#        environment:
-#            - SCREEN_WIDTH=1920
-#            - SCREEN_HEIGHT=1024
-#            - SCREEN_DEPTH=16
-#            - MAX_CONCURRENT_CHROME_PROCESSES=10
+   #    playwright-chrome:
+   #        hostname: playwright-chrome
+   #        image: dgtlmoon/sockpuppetbrowser:latest
+   #        cap_add:
+   #            - SYS_ADMIN
+   ## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
+   #        restart: unless-stopped
+   #        environment:
+   #            - SCREEN_WIDTH=1920
+   #            - SCREEN_HEIGHT=1024
+   #            - SCREEN_DEPTH=16
+   #            - MAX_CONCURRENT_CHROME_PROCESSES=10

   # Used for fetching pages via Playwright+Chrome where you need Javascript support.
   # Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector)
   #       Does not report status codes (200, 404, 403) and other issues
-#    browser-chrome:
-#        hostname: browser-chrome
-#        image: selenium/standalone-chrome:4
-#        environment:
-#            - VNC_NO_PASSWORD=1
-#            - SCREEN_WIDTH=1920
-#            - SCREEN_HEIGHT=1080
-#            - SCREEN_DEPTH=24
-#        volumes:
-#            # Workaround to avoid the browser crashing inside a docker container
-#            # See https://github.com/SeleniumHQ/docker-selenium#quick-start
-#            - /dev/shm:/dev/shm
-#        restart: unless-stopped
+   #    browser-chrome:
+   #        hostname: browser-chrome
+   #        image: selenium/standalone-chrome:4
+   #        environment:
+   #            - VNC_NO_PASSWORD=1
+   #            - SCREEN_WIDTH=1920
+   #            - SCREEN_HEIGHT=1080
+   #            - SCREEN_DEPTH=24
+   #        volumes:
+   #            # Workaround to avoid the browser crashing inside a docker container
+   #            # See https://github.com/SeleniumHQ/docker-selenium#quick-start
+   #            - /dev/shm:/dev/shm
+   #        restart: unless-stopped

  healthchecks:
    container_name: healthchecks
    restart: unless-stopped
    # To use a pre-built image, remove the above "build" section
    # and uncomment the following line:
-    image: healthchecks/healthchecks:latest
+    image: healthchecks/healthchecks:v3.7
    env_file:
      - .healthchecks-env
    ports:
@ -440,11 +440,11 @@ services:
      - "traefik.http.routers.apache2.tls.certresolver=myresolver"
      - "traefik.http.routers.apache2.tls=true"
      - "traefik.http.services.apache2-http.loadbalancer.server.port=80"
-        #- traefik.http.routers.apache2.middlewares=authchain@docker
+      # - traefik.http.routers.apache2.middlewares=authchain@docker
    networks:
      - backend

-        #wireguard:
+      # wireguard:
      #  image: lscr.io/linuxserver/wireguard
      #  container_name: wireguard
      #  cap_add:
@ -467,7 +467,7 @@ services:
      #    - net.ipv4.conf.all.src_valid_mark=1
      #  restart: unless-stopped
  crowdsec:
-    image: crowdsecurity/crowdsec
+    image: crowdsecurity/crowdsec:v1.6.3
    container_name: crowdsec
    environment:
      PGID: "1001"
@ -477,7 +477,7 @@ services:
    expose:
      - "8080"
    volumes:
-      #- ./crowdsec/logs:/var/log/crowdsec:ro
+      # - ./crowdsec/logs:/var/log/crowdsec:ro
      - ./crowdsec/db:/var/lib/crowdsec/data
      - /var/log:/var/log:ro
      - ./crowdsec/opt:/etc/crowdsec
@ -486,22 +486,22 @@ services:
    restart: unless-stopped
    labels:
      - "traefik.enable=false"
-        #- "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
-        #- "traefik.http.routers.crowdsec.entrypoints=websecure"
-        #- "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
-        #- "traefik.http.routers.crowdsec.tls=true"
+        # - "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
+        # - "traefik.http.routers.crowdsec.entrypoints=websecure"
+        # - "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
+        # - "traefik.http.routers.crowdsec.tls=true"
    networks:
      - proxy
      - backend
  ddns-updater:
-    image: docker.io/qmcgaw/ddns-updater
+    image: docker.io/qmcgaw/ddns-updater:v2.8
    container_name: ddns-updater
    ports:
      - 8014:8000
    volumes:
      - ./ddns-updater:/updater/data
  bookstack:
-    image: lscr.io/linuxserver/bookstack
+    image: lscr.io/linuxserver/bookstack:v24.10.1-ls173
    container_name: bookstack
    environment:
      - PUID=1000
@ -511,7 +511,7 @@ services:
      - DB_HOST=bookstack_db
      - DB_PORT=3306
      - DB_USER=bookstack
-      - DB_PASS=Chn8i#ExmX@J1C
+      - DB_PASS="{{ bookstack_db_password }}"
      - DB_DATABASE=bookstackapp
    env_file:
      - .env-bookstack
@ -529,28 +529,28 @@ services:
      - "traefik.http.routers.bookstack.tls.certresolver=myresolver"
      - "traefik.http.routers.bookstack.tls=true"
  bookstack_db:
-    image: lscr.io/linuxserver/mariadb
+    image: lscr.io/linuxserver/mariadb:10.11.10-r0-ls161
    container_name: bookstack_db
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Thunder_Bay
-      - MYSQL_ROOT_PASSWORD=cSoO1dcaS5sI&t
+      - MYSQL_ROOT_PASSWORD="{{ bookstack_db_root_password }}"
      - MYSQL_DATABASE=bookstackapp
      - MYSQL_USER=bookstack
-      - MYSQL_PASSWORD=Chn8i#ExmX@J1C
+      - MYSQL_PASSWORD="{{ bookstack_db_password }}"
    volumes:
      - ./bookstack_db_data:/config
    restart: unless-stopped
  wikijs:
-    image: ghcr.io/requarks/wiki:2
+    image: ghcr.io/requarks/wiki:2.5.305
    container_name: wikijs
    environment:
      DB_TYPE: postgres
      DB_HOST: postgres.injust.us
      DB_PORT: 5432
      DB_USER: wikijs
-      DB_PASS: 3Jfr7nmY4KBauR3nuHno
+      DB_PASS: "{{ wikijs_postgres_password }}"
      DB_NAME: wikijs
    restart: unless-stopped
    labels:
@ -621,9 +621,6 @@ services:
      #        #      test: redis-cli ping || exit 1
      #        #    restart: always

-
-
-
 volumes:
  linkace_logs:
  db:
@ -641,7 +638,4 @@ networks:
  backend:
  proxy:
  docker_default:
-    external: True
-
-
-
+    external: true
--- a/ansible/assets/docker-int/compose.yml.j2
+++ b/ansible/assets/docker-int/compose.yml.j2
@ -1,3 +1,4 @@
+---
 version: '3.3'
 services:
    traefik:
@ -13,7 +14,7 @@ services:
            - "--entryPoints.websecure.address=:443"
            - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
            - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
-        #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+            # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
            - "--certificatesresolvers.myresolver.acme.email=jg@justus.ws"
            - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
        ports:
@ -28,12 +29,12 @@ services:
            - "./letsencrypt:/letsencrypt"
            - "./logsTraefik:/var/log/traefik"
        environment:
-        - "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629"
+            - "CF_API_KEY={{ cf_api_key }}"
            - "CF_API_EMAIL=jg@justus.ws"
-    #squid:
+    # squid:
    #    container_name: squid
    #    volumes:
-    #        #- '/root/docker/squid/logs:/var/log/squid'
+    #        # - '/root/docker/squid/logs:/var/log/squid'
    #        #  - '/root/docker/squid/data:/var/spool/squid'
    #        - '/root/docker/squid/squid.conf:/etc/squid/squid.conf'
    #        #  - '/rood/docker/squid/config-snippet:/etc/squid/conf.d/snippet.conf'
@ -42,7 +43,7 @@ services:
    #    ports:
    #        - '3128:3128'
    #    image: 'ubuntu/squid:5.2-22.04_beta'
-    #      #yacy_search_server:
+    #      # yacy_search_server:
    #      #    container_name: yacy
    #      #    ports:
    #      #        - '8090:8090'
@ -58,7 +59,6 @@ services:
        restart: unless-stopped
        volumes:
            - redisdata:/data
-
            #    db:
            #      image: docker.io/library/postgres:15
            #      restart: unless-stopped
@ -68,9 +68,8 @@ services:
            #        POSTGRES_DB: paperless
            #        POSTGRES_USER: paperless
            #        POSTGRES_PASSWORD: paperless
-
    paperless-webserver:
-      image: ghcr.io/paperless-ngx/paperless-ngx:latest
+        image: ghcr.io/paperless-ngx/paperless-ngx:2.7.2
        container_name: paperless-webserver
        restart: unless-stopped
        depends_on:
@ -84,7 +83,7 @@ services:
            - export:/usr/src/paperless/export
            - consume:/usr/src/paperless/consume
        env_file: docker-compose.env
-        #environment:
+        # environment:
        labels:
            - "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)"
            - "traefik.http.routers.paperless.entrypoints=websecure"
@ -98,11 +97,11 @@ services:
            - "8081:8080"
        environment:
            WEBDAV_USERNAME: alice
-        WEBDAV_PASSWORD: secret1234
+            WEBDAV_PASSWORD: "{{ webdav_password }}"
            UID: 1001
        volumes:
            - ./consume:/media
-          #webdav:
+            # webdav:
            #  container_name: webdav
            #  image: bytemark/webdav
            #  restart: unless-stopped
@ -128,12 +127,12 @@ services:
            - "traefik.http.routers.testweb.entrypoints=websecure"
            - "traefik.http.routers.testweb.tls.certresolver=myresolver"
    actual_server:
-      image: docker.io/actualbudget/actual-server:latest
+        image: docker.io/actualbudget/actual-server:24.11.0
        ports:
            # This line makes Actual available at port 5006 of the device you run the server on,
            # i.e. http://localhost:5006. You can change the first number to change the port, if you want.
            - '5006:5006'
-      #environment:
+            # environment:
            # Uncomment any of the lines below to set configuration options.
            # - ACTUAL_HTTPS_KEY=/data/selfhost.key
            # - ACTUAL_HTTPS_CERT=/data/selfhost.crt
--- a/ansible/assets/git/compose.yml.j2
+++ b/ansible/assets/git/compose.yml.j2
@ -1,3 +1,4 @@
+---
 version: "3"

 networks:
--- a/ansible/assets/gitea/compose.yml.j2
+++ b/ansible/assets/gitea/compose.yml.j2
@ -1,3 +1,4 @@
+---
 version: '3.3'
 services:
  runner:
--- a/ansible/inventory/host_vars/docker-ext/vars
+++ b/ansible/inventory/host_vars/docker-ext/vars
@ -0,0 +1,7 @@
+---
+traefik_basicauth_password: "{{ vault_traefik_basicauth_password }}"
+traefik_crowdsec_bouncer_lapi_key: "{{ vault_traefik_crowdsec_bouncer_lapi_key }}"
+wallabag_postgres_password: "{{ vault_wallabag_postgres_password }}"
+bookstack_db_password: "{{ vault_bookstack_db_password }}"
+bookstack_db_root_password: "{{ vault_bookstack_db_root_password }}"
+wikijs_postgres_password: "{{ vault_wikijs_postgres_password }}"
--- a/ansible/inventory/host_vars/docker-ext/vault
+++ b/ansible/inventory/host_vars/docker-ext/vault
@ -0,0 +1,23 @@
+$ANSIBLE_VAULT;1.1;AES256
+32646563666534663266663566376431616161363333386234313761663134333734616233396133
+6563303763323332666264633964363366316136383332610a306365663331363737626664373234
+31346265613762636538353865613438386636643038303166303362616336323837323034333333
+6430646535656334360a633835343963623332633065323666346337396134316461376666363861
+33333465323366613837616134666139663162323035366162663466366261646661393262636133
+63663230353131363363313062323932643064386462646432613232643166386632626662336139
+66326238393733396337666430323265346635356562366432636635353938613033663562613934
+33376663623665323262396230313936343363333763393762373565303536666363326337316136
+31313262366538393362383762616166626561346339656466396331363338393663313361376163
+35386334623363353530373464663733616639313063386266626666663262616532373738386237
+32613136306463656433383035373737363735303538336462386461613664393635623463646434
+66366138333938646138643664643136663164613536626234663335643466396237373431393464
+63636132663436613465636239666533376666303235636235323838313830353936393563353235
+61336331356639623336643030393466336662383136386330636465613735633539636161323333
+39363932343235343838636265653830626161343032666331323362316533396366353131323736
+37663565343237613734353466343963363132306434306162346564303538623164613435623765
+32323062363833386364343939626535326562636465626131306534356165313566343237326632
+38393032656338313661333765326530353537366631653965303838393166393066653237323165
+38353538393536643361303665356631306166653162373763643137316362373536373162636364
+61646331326366363737663662656238393166366238636161343836376565346535653963663131
+33333539663330653663633033313832326334306634653833336133626234663739386632376630
+6230663035396165336139333439333461633534303766333934
--- a/ansible/inventory/host_vars/docker-int/vars
+++ b/ansible/inventory/host_vars/docker-int/vars
@ -0,0 +1,3 @@
+---
+cf_api_key: "{{ vault_cf_api_key }}"
+webdav_password: "{{ vault_webdav_password }}"
--- a/ansible/inventory/host_vars/docker-int/vault
+++ b/ansible/inventory/host_vars/docker-int/vault
@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+35353935306336363466613765393230363230396162346665373961653631636464383737356331
+3835326264613564613034663166656333663464373835610a346239366162323935383362316263
+31346237376639376331616463306165643462633032366136626464313063373032646162336539
+3832653562376661610a386663313034326165336630333463333131343432613636613539643365
+39653238646535613962373234363732636539623262363361663038303930353965316535373262
+31306136336663643634376366396537653162376635303961643864613335653364316163386538
+37396531623265656431306635343230386365353364316264353431613138326264666561346439
+34373464653764303062353532333865666133373562313232613136383234306139633036386238
+30303430303334613735313534663935663266393036666262376635656536323230
--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,5 @@
 ansible==8.7.0
-ansible-core==2.15.11
+ansible-core==2.18.0
 cffi==1.15.1
 cryptography==39.0.0
 Jinja2==3.1.2
Author	SHA1	Message	Date
Renovate Bot	7e52015d5a	Update dependency ansible-core to v2.18.0	2024-11-16 01:46:12 +00:00
Justus Grunow	b7696c9ba9	Merge branch 'change-secrets'. This resolves #1	2024-11-15 11:29:47 -05:00
Justus Grunow	85076cf875	Replaced and rotated all secrets in docker-int compose	2024-11-15 11:20:29 -05:00
Justus Grunow	98a27586c0	Fixed basementpi compose format	2024-11-15 10:50:32 -05:00
Justus Grunow	fa7fac3f65	Replaced and rotated all secrets in docker-ext compose	2024-11-15 10:50:22 -05:00
Justus Grunow	d16fd7825a	Added Docker image tags	2024-11-13 11:14:31 -05:00
Justus Grunow	6ea1a7c46c	Fixed YAML syntax	2024-11-12 19:27:39 -05:00