ProjectSegfault
/
ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move privfrontends docker to the new role as well

This commit is contained in:
Arya 2024-01-08 11:58:43 +05:30
parent 5223300807
commit 4b35a8e932
Signed by: arya
GPG Key ID: 842D12BDA50DF120
23 changed files with 267 additions and 416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
privfrontends/compose/anonymousoverflow/compose.yml.j2
View File

@ -1,11 +0,0 @@
version: '3'
services:
anonymousoverflow:
image: ghcr.io/httpjamesm/anonymousoverflow:release
environment:
- APP_URL=https://overflow.projectsegfau.lt
- JWT_SIGNING_SECRET={{anonymousoverflow_signing_secret}}
ports:
- '8694:8080'
restart: 'always'

9
privfrontends/compose/breezewiki/compose.yml.j2
View File

@ -1,9 +0,0 @@
services:
breezewiki:
container_name: breezewiki
image: quay.io/pussthecatorg/breezewiki:latest
restart: unless-stopped
ports:
- "10416:10416"
volumes:
- "./extras.conf:/app/config.ini"

24
privfrontends/compose/gothub-dev/compose.yml.j2
View File

@ -1,24 +0,0 @@
version: "3"
services:
gothub:
image: codeberg.org/gothub/gothub:dev
restart: unless-stopped
ports:
- "1025:3000"
environment:
- DOCKER=true
- GOTHUB_SETUP_COMPLETE=true
- GOTHUB_PROXYING_ENABLED=true
- GOTHUB_IP_LOGGED=false
- GOTHUB_REQUEST_URL_LOGGED=false
- GOTHUB_USER_AGENT_LOGGED=false
- GOTHUB_DIAGNOSTIC_INFO_LOGGED=false
- GOTHUB_INSTANCE_PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
- GOTHUB_INSTANCE_COUNTRY={{country}}
- GOTHUB_INSTANCE_PROVIDER={{isp}}
- GOTHUB_INSTANCE_CLOUDFLARE=false
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1
interval: 30s
timeout: 5s
retries: 2

24
privfrontends/compose/gothub/compose.yml.j2
View File

@ -1,24 +0,0 @@
version: "3"
services:
gothub:
image: codeberg.org/gothub/gothub:latest
restart: unless-stopped
ports:
- "1024:3000"
environment:
- DOCKER=true
- GOTHUB_SETUP_COMPLETE=true
- GOTHUB_PROXYING_ENABLED=true
- GOTHUB_IP_LOGGED=false
- GOTHUB_REQUEST_URL_LOGGED=false
- GOTHUB_USER_AGENT_LOGGED=false
- GOTHUB_DIAGNOSTIC_INFO_LOGGED=false
- GOTHUB_INSTANCE_PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
- GOTHUB_INSTANCE_COUNTRY={{country}}
- GOTHUB_INSTANCE_PROVIDER={{isp}}
- GOTHUB_INSTANCE_CLOUDFLARE=false
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1
interval: 30s
timeout: 5s
retries: 2

19
privfrontends/compose/hyperpipe/compose.yml.j2
View File

@ -1,19 +0,0 @@
version: '3'
services:
hyperpipe-frontend:
image: codeberg.org/hyperpipe/hyperpipe:latest
container_name: hyperpipe-frontend
restart: unless-stopped
entrypoint: sh -c 'find /usr/share/nginx/html -type f -exec sed -i s/pipedapi.kavin.rocks/{% if server_prefix == 'eu' %}api.piped.projectsegfau.lt{%else%}pipedapi.{{server_prefix}}.projectsegfau.lt{%endif%}/g {} \; -exec sed -i s/hyperpipeapi.onrender.com/hyperpipebackend.{{ server_prefix }}.projectsegfau.lt/g {} \; && /docker-entrypoint.sh && nginx -g "daemon off;"'
ports:
- '8843:80'
hyperpipe-backend:
image: codeberg.org/hyperpipe/hyperpipe-backend:latest
container_name: hyperpipe-backend
environment:
- HYP_PROXY={% if server_prefix == 'eu' %}proxy.piped.projectsegfau.lt{%else%}pipedproxy.{{server_prefix}}.projectsegfau.lt{%endif%}
restart: unless-stopped
ports:
- '3536:3000'

16
privfrontends/compose/librarian/compose.yml.j2
View File

@ -1,16 +0,0 @@
version: '3'
services:
librarian:
image: codeberg.org/librarian/librarian:latest
ports:
- 3550:3550
volumes:
- ./extras.conf:/app/config.yml
restart: unless-stopped
stream-proxy:
image: codeberg.org/librarian/stream-proxy-ng:latest
ports:
- 3001:3001
restart: unless-stopped

16
privfrontends/compose/libreddit/compose.yml.j2
View File

@ -1,16 +0,0 @@
services:
libreddit:
image: quay.io/redlib/redlib:latest
ports:
- 127.0.0.1:6464:8080
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
interval: 5m
timeout: 3s
environment:
- FRONT_PAGE=popular
- COMMENT_SORT=new
- BLUR_NSFW=on
- USE_HLS=on
- AUTOPLAY_VIDEOS=off

25
privfrontends/compose/nitter/compose.yml.j2
View File

@ -1,25 +0,0 @@
version: "3"
services:
nitter:
image: codeberg.org/aryak/nitter-image:latest
ports:
- "8387:8080"
volumes:
- ./extras.conf:/src/nitter.conf:ro
- ./guest_accounts.jsonl:/src/guest_accounts.jsonl:ro
depends_on:
- nitter-redis
restart: unless-stopped
nitter-redis:
image: redis:6-alpine
container_name: nitter-redis
command: redis-server --save 60 1 --loglevel warning
volumes:
- nitter-redis:/data
restart: unless-stopped
volumes:
nitter-redis:

17
privfrontends/compose/rimgo/compose.yml.j2
View File

@ -1,17 +0,0 @@
services:
rimgo:
image: codeberg.org/video-prize-ranch/rimgo # Official image
ports:
- 9016:3000
environment:
- ADDRESS=0.0.0.0
- PORT=3000
- FIBER_PREFORK=false
- IMGUR_CLIENT_ID=546c25a59c58ad7
- PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
- PRIVACY_MESSAGE=
- PRIVACY_COUNTRY={{country}}
- PRIVACY_PROVIDER={{isp}}
- PRIVACY_CLOUDFLARE=false
- PRIVACY_NOT_COLLECTED=true
restart: unless-stopped

20
privfrontends/compose/safetwitch/compose.yml.j2
View File

@ -1,20 +0,0 @@
version: "3.9"
services:
frontend:
image: codeberg.org/safetwitch/safetwitch:v2.4.2 # Something broke in the latest version, pinning the last good version.
ports:
- "5070:80"
environment:
- SAFETWITCH_BACKEND_DOMAIN=api.safetwitch.{{server_prefix}}.projectsegfau.lt
- SAFETWITCH_INSTANCE_DOMAIN=safetwitch.projectsegfau.lt
- SAFETWITCH_HTTPS=true
restart: always
backend:
image: codeberg.org/safetwitch/safetwitch-backend
ports:
- "5072:7000"
# Something is using 5071, so I went ahead and changed it to 5072.
environment:
- PORT=7000
- URL=https://api.safetwitch.{{server_prefix}}.projectsegfau.lt
restart: always

16
privfrontends/compose/scribe/compose.yml.j2
View File

@ -1,16 +0,0 @@
version: "3.8"
services:
scribe:
image: registry.gitlab.com/lomanic/scribe-binaries:latest
restart: always
container_name: "scribe"
ports:
- 8006:8006
environment:
- SCRIBE_PORT=8006
- SCRIBE_HOST=0.0.0.0
- APP_DOMAIN=scribe.projectsegfau.lt
- LUCKY_ENV=production
- PORT=8006
- SECRET_KEY_BASE={{scribe_secret_key_base}}

51
privfrontends/compose/searxng/compose.yml.j2
View File

@ -1,51 +0,0 @@
version: '3.7'
services:
redis:
restart: unless-stopped
container_name: redis
image: docker.io/library/redis:alpine
command: redis-server --save 30 1 --loglevel warning
networks:
- searxng
volumes:
- redis-data:/data
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
searxng:
restart: unless-stopped
container_name: searxng
image: searxng/searxng:latest
networks:
- searxng
ports:
- "8081:8080"
volumes:
- ./searxng:/etc/searxng:rw
- ./extras.conf:/etc/searxng/settings.yml:rw
environment:
- SEARXNG_BASE_URL=https://{% if server_prefix == 'eu' %}search.projectsegfau.lt{%else%}search.{{inventory_hostname}}.projectsegfau.lt{%endif%}/
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
networks:
searxng:
ipam:
driver: default
volumes:
redis-data:

7
privfrontends/compose/simplytranslate/compose.yml.j2
View File

@ -1,7 +0,0 @@
version: "3"
services:
simplytranslate:
image: codeberg.org/aryak/mozhi:latest
ports:
- "5046:3000"
restart: unless-stopped

23
privfrontends/compose/simplytranslate/extras.conf.j2
View File

@ -1,23 +0,0 @@
[libre]
Enabled = True
Instance = https://libretranslate.projectsegfau.lt
[google]
Enabled = True
[deepl]
# Deepl Translate does not support async as of right now, it will block all other requests
# while it's processing a Deepl Requests, please enable this with caution!
Enabled = True
[iciba]
# ICIBA Translate (a.k.a. PowerWord) is disabled by default.
Enabled = True
[reverso]
Enabled = True
[network]
port = 5000
host = 0.0.0.0

41
privfrontends/compose/teddit/compose.yml.j2
View File

@ -1,41 +0,0 @@
version: "3.8"
services:
teddit:
restart: always
container_name: teddit
image: teddit/teddit:latest
environment:
- DOMAIN=teddit.projectsegfau.lt
- USE_HELMET=true
- USE_HELMET_HSTS=true
- TRUST_PROXY=true
- REDIS_HOST=teddit-redis
ports:
- "9061:8080"
networks:
- teddit_net
healthcheck:
test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost:8080/about"]
interval: 1m
timeout: 3s
depends_on:
- teddit-redis
teddit-redis:
restart: always
container_name: teddit-redis
image: redis:6.2.5-alpine
command: redis-server
environment:
- REDIS_REPLICATION_MODE=master
networks:
- teddit_net
volumes:
- teddit-redis:/data
volumes:
teddit-redis:
networks:
teddit_net:

14
privfrontends/compose/watchtower/compose.yml.j2
View File

@ -1,14 +0,0 @@
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TZ=Europe/Paris
- WATCHTOWER_CLEANUP=false
- DOCKER_API_VERSION=1.42
- WATCHTOWER_INCLUDE_STOPPED=false
- WATCHTOWER_POLL_INTERVAL=3600
- WATCHTOWER_MONITOR_ONLY=false
- WATCHTOWER_NOTIFICATION_URL=matrix://{{watchtower_mtrx_username}}:{{watchtower_mtrx_pass}}@matrix.envs.net/
restart: unless-stopped

1
privfrontends/compose/breezewiki/extras.conf.j2 → privfrontends/configs/breezewiki/config.ini
View File

@ -1,4 +1,5 @@
canonical_origin = https://bw.projectsegfau.lt
debug = false
port = 10416
strict_proxy = false
feature_search_suggestions = true

0
privfrontends/compose/librarian/extras.conf.j2 → privfrontends/configs/librarian/config.yml
View File

0
privfrontends/compose/nitter/extras.conf.j2 → privfrontends/configs/nitter/nitter.conf
View File

0
privfrontends/compose/searxng/extras.conf.j2 → privfrontends/configs/searxng/settings.yml
View File

59
privfrontends/docker-tasks.yaml
View File

@ -1,59 +0,0 @@
---
- name: Create directory for {{item}}
ansible.builtin.file:
path: "{{ docker_dir }}/{{ item }}"
state: directory
mode: "0755"
tags: docker,pizza
- name: Copy docker-compose templates for the {{item}}
ansible.builtin.template:
src: "./compose/{{ item }}/compose.yml.j2"
dest: "{{ docker_dir }}/{{ item }}/compose.yml"
backup: true
mode: preserve
register: check_status
tags: docker,pizza
- name: Check if extras file exists for the {{item}}
delegate_to: localhost
ansible.builtin.stat:
path: ./compose/{{ item }}/extras.conf.j2
register: file
tags: docker,pizza
- name: Copy extras file
ansible.builtin.template:
src: "./compose/{{ item }}/extras.conf.j2"
dest: "{{ docker_dir }}/{{ item }}/extras.conf"
backup: true
mode: preserve
when: file.stat.exists
tags: docker,pizza
- name: "Update docker {{item}} image"
ansible.builtin.command:
chdir: "{{ docker_dir }}/{{ item }}"
cmd: docker compose pull
when: check_status.changed
register: updateout
changed_when: updateout.rc != 0
tags: docker,pizza
- name: "Stop docker {{item}}"
ansible.builtin.command:
chdir: "{{ docker_dir }}/{{ item }}"
cmd: docker compose down
when: check_status.changed
register: stopout
changed_when: stopout.rc != 0
tags: docker,pizza
- name: "Start docker {{item}}"
ansible.builtin.command:
chdir: "{{ docker_dir }}/{{ item }}"
cmd: docker compose up -d --build --remove-orphans
when: check_status.changed
register: startout
changed_when: startout.rc != 0
tags: docker,pizza

37
privfrontends/playbook.yaml
View File

@ -21,29 +21,18 @@
enabled: true
state: reloaded
tags: caddy-non-update
- name: Setup docker compose for privacy frontends
- name: Docker
hosts: privfrontends
vars:
docker_services:
- librarian
- libreddit
- nitter
- teddit
- watchtower
- anonymousoverflow
- breezewiki
- gothub
- gothub-dev
- searxng
- hyperpipe
- rimgo
- safetwitch
- scribe
- simplytranslate
vars_files:
- ./vars.yaml
tasks:
# community.docker does not support compose 2.0 right now.
# https://github.com/ansible-collections/community.docker/issues/216
- name: Update docker compose files and restart those with changes
ansible.builtin.include_tasks: docker-tasks.yaml
with_items: "{{ docker_services }}"
tags: docker,pizza
- name: Deploy stack role
ansible.builtin.include_role:
name: gi-yt.docker_compose_declarative
vars:
app: "{{ item.value }}"
app_name: "{{ item.key | lower }}"
configs_dir_local: "./configs/{{ item.key }}"
loop: "{{ apps.groups | default({}) | dict2items }}"
when: item.value.docker_settings
tags: docker

253
privfrontends/vars.yaml Normal file
View File

@ -0,0 +1,253 @@
---
default_restart_policy: unless-stopped
configs_dir: "/opt/configs-privfrontends"
compose_dir: "/opt/docker-privfrontends"
data_dir: "/opt/data-privfrontends"
apps:
groups:
anonymousoverflow:
needs_configs_dir: false
needs_data_dir: false
docker_settings:
services:
- name: anonymousoverflow
image: ghcr.io/httpjamesm/anonymousoverflow:release
ports:
- "8694:8080"
environment:
APP_URL: https://overflow.projectsegfau.lt
JWT_SIGNING_SECRET: "{{ anonymousoverflow_signing_secret }}"
breezewiki:
needs_configs_dir: true
needs_data_dir: false
docker_settings:
services:
- name: breezewiki
image: quay.io/pussthecatorg/breezewiki:latest
ports:
- "10416:10416"
mounts:
- "{{configs_dir}}/breezewiki/config.ini:/app/config.ini"
gothub:
needs_configs_dir: false
needs_data_dir: false
docker_settings:
services:
- name: gothub
image: codeberg.org/gothub/gothub:latest
environment:
DOCKER: true
GOTHUB_SETUP_COMPLETE: true
GOTHUB_PROXYING_ENABLED: true
GOTHUB_IP_LOGGED: false
GOTHUB_REQUEST_URL_LOGGED: false
GOTHUB_USER_AGENT_LOGGED: false
GOTHUB_DIAGNOSTIC_INFO_LOGGED: false
GOTHUB_INSTANCE_PRIVACY_POLICY: https://projectsegfau.lt/legal/privacy-policy
GOTHUB_INSTANCE_COUNTRY: {{country}}
GOTHUB_INSTANCE_PROVIDER: {{isp}}
GOTHUB_INSTANCE_CLOUDFLARE: false
ports:
- "1024:3000"
gothub-dev:
needs_configs_dir: false
needs_data_dir: false
docker_settings:
services:
- name: gothub
image: codeberg.org/gothub/gothub:dev
environment:
DOCKER: true
GOTHUB_SETUP_COMPLETE: true
GOTHUB_PROXYING_ENABLED: true
GOTHUB_IP_LOGGED: false
GOTHUB_REQUEST_URL_LOGGED: false
GOTHUB_USER_AGENT_LOGGED: false
GOTHUB_DIAGNOSTIC_INFO_LOGGED: false
GOTHUB_INSTANCE_PRIVACY_POLICY: https://projectsegfau.lt/legal/privacy-policy
GOTHUB_INSTANCE_COUNTRY: {{country}}
GOTHUB_INSTANCE_PROVIDER: {{isp}}
GOTHUB_INSTANCE_CLOUDFLARE: false
ports:
- "1025:3000"
hyperpipe:
needs_configs_dir: false
needs_data_dir: false
docker_settings:
services:
- name: frontend
image: codeberg.org/hyperpipe/hyperpipe
entrypoint: "sh -c 'find /usr/share/nginx/html -type f -exec sed -i s/pipedapi.kavin.rocks/{% if server_prefix == 'eu' %}api.piped.projectsegfau.lt{%else%}pipedapi.{{server_prefix}}.projectsegfau.lt{%endif%}/g {} \; -exec sed -i s/hyperpipeapi.onrender.com/hyperpipebackend.{{ server_prefix }}.projectsegfau.lt/g {} \; && /docker-entrypoint.sh && nginx -g "daemon off;"'"
ports:
- "8843:80"
- name: backend
image: codeberg.org/hyperpipe/hyperpipe-backend
environment:
HYP_PROXY: "{% if server_prefix == 'eu' %}proxy.piped.projectsegfau.lt{%else%}pipedproxy.{{server_prefix}}.projectsegfau.lt{%endif%}"
ports:
- "3536:3000"
librarian:
needs_configs_dir: true
needs_data_dir: false
docker_settings:
services:
- name: librarian
image: codeberg.org/librarian/librarian:latest
ports:
- "3550:3550"
mounts:
- "{{configs_dir}}/librarian/config.yml:/app/config.yml"
- name: stream-proxy
image: codeberg.org/librarian/stream-proxy-ng:latest
ports:
- "3001:3001"
redlib:
needs_data_dir: false
needs_configs_dir: false
docker_settings:
services:
- name: libreddit
image: quay.io/redlib/redlib:latest
ports:
- "6464:8080"
environment:
FRONT_PAGE: popular
COMMENT_SORT: new
BLUR_NSFW: on
USE_HLS: on
AUTOPLAY_VIDEOS: off
nitter:
needs_data_dir: true
needs_configs_dir: true
docker_settings:
services:
- name: nitter
image: codeberg.org/aryak/nitter-image:latest
ports:
- "8387:8080"
mounts:
- "{{configs_dir}}/nitter/nitter.conf:/src/nitter.conf:ro"
- "./guest_accounts.jsonl:/src/guest_accounts.jsonl:ro"
- name: nitter-redis
image: redis:6-alpine
command: redis-server --save 60 1 --loglevel warning
mounts:
- "{{data_dir}}/nitter/redis-data:/data"
rimgo:
needs_configs_dir: false
needs_data_dir: false
docker_settings:
services:
- name: rimgo
image: codeberg.org/video-prize-ranch/rimgo
ports:
- "9016:3000"
environment:
ADDRESS: 0.0.0.0
PORT: 3000
FIBER_PREFORK: false
IMGUR_CLIENT_ID: 546c25a59c58ad7
PRIVACY_POLICY: https://projectsegfau.lt/legal/privacy-policy
PRIVACY_COUNTRY: {{country}}
PRIVACY_PROVIDER: {{isp}}
PRIVACY_CLOUDFLARE: false
PRIVACY_NOT_COLLECTED: true
safetwitch:
needs_data_dir: false
needs_configs_dir: false
docker_settings:
services:
- name: frontend
image: codeberg.org/safetwitch/safetwitch:latest
ports:
- "5070:8280"
environment:
SAFETWITCH_BACKEND_DOMAIN: api.safetwitch.{{server_prefix}}.projectsegfau.lt
SAFETWITCH_INSTANCE_DOMAIN: safetwitch.projectsegfau.lt
SAFETWITCH_HTTPS: true
- name: backend
image: codeberg.org/safetwitch/safetwitch-backend
ports:
- "5072:7000"
environment:
PORT: 7000
URL: https://api.safetwitch.{{server_prefix}}.projectsegfau.lt
scribe:
needs_configs_dir: false
needs_data_dir: false
docker_settings:
services:
- name: scribe
image: registry.gitlab.com/lomanic/scribe-binaries:latest
ports:
- "8006:806"
environment:
SCRIBE_PORT: 8006
SCRIBE_HOST: 0.0.0.0
APP_DOMAIN: scribe.projectsegfau.lt
LUCKY_ENV: production
PORT: 8006
SECRET_KEY_BASE: {{scribe_secret_key_base}}
searxng:
needs_configs_dir: true
needs_data_dir: true
docker_settings:
services:
- name: searxng
image: searxng/searxng:latest
ports:
- "8081:8080"
mounts:
- "{{data_dir}}/searxng:/etc/searxng"
- "{{configs_dir}}/searxng/settings.yml:/etc/searxng/settings.yml:rw"
environment:
SEARXNG_BASE_URL: "https://{% if server_prefix == 'eu' %}search.projectsegfau.lt{%else%}search.{{inventory_hostname}}.projectsegfau.lt{%endif%}/"
- name: redis
image: redis:alpine
command: redis-server --save 30 1 --loglevel warning
mounts:
- "{{data_dir}}/searxng/redis-data:/data"
mozhi:
needs_configs_dir: false
needs_data_dir: false
docker_settings:
services:
- name: mozhi
image: codeberg.org/aryak/mozhi:latest
ports:
- "5046:3000"
environment:
MOZHI_LIBRETRANSLATE_ENABLED: false
teddit:
needs_configs_dir: false
needs_data_dir: true
docker_settings:
services:
- name: teddit
image: teddit/teddit:latest
ports:
- "9061:8080"
environment:
DOMAIN: teddit.projectsegfau.lt
USE_HELMET: true
TRUST_PROXY: true
REDIS_HOST: teddit-redis
- name: redis
image: redis:6.2.5-alpine
command: redis-server
environment:
REDIS_REPLICATION_MODE: master
mounts:
- "{{data_dir}}/teddit/redis-data:/data"
watchtower:
image: containrrr/watchtower
mounts:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
TZ: Europe/Paris
WATCHTOWER_CLEANUP: false
DOCKER_API_VERSION: 1.42
WATCHTOWER_INCLUDE_STOPPED: false
WATCHTOWER_POLL_INTERVAL: 3600
WATCHTOWER_MONITOR_ONLY: false
WATCHTOWER_NOTIFICATION_URL: matrix://{{watchtower_mtrx_username}}:{{watchtower_mtrx_pass}}@matrix.envs.net/