diff --git a/ansible/main.yml b/ansible/main.yml index ac3f7c2..5d91e29 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -78,6 +78,7 @@ - immich - freshrss - atuin + - karakeep - hosts: ingress roles: diff --git a/ansible/roles/karakeep/files/docker-compose.yml b/ansible/roles/karakeep/files/docker-compose.yml new file mode 100644 index 0000000..d7b0dde --- /dev/null +++ b/ansible/roles/karakeep/files/docker-compose.yml @@ -0,0 +1,54 @@ +services: + karakeep: + image: ghcr.io/karakeep-app/karakeep:release + restart: unless-stopped + environment: + - TZ={{ timezone }} + - MEILI_ADDR=http://meilisearch:7700 + - BROWSER_WEB_URL=http://chrome:9222 + - DATA_DIR=/data + - NEXTAUTH_URL=https://karakeep.jakehoward.tech + - NEXTAUTH_SECRET={{ vault_nextauth_secret }} + - MEILI_MASTER_KEY={{ vault_meili_master_key}} + - OAUTH_WELLKNOWN_URL=https://auth.jakehoward.tech/.well-known/openid-configuration + - OAUTH_CLIENT_ID={{ vault_oauth_client_id }} + - OAUTH_CLIENT_SECRET={{ vault_oauth_client_secret }} + - OAUTH_PROVIDER_NAME="Pocket ID" + - DISABLE_SIGNUPS=true + - DISABLE_PASSWORD_AUTH=true + volumes: + - "{{ app_data_dir }}/karakeep:/data" + labels: + - traefik.enable=true + - traefik.http.routers.karakeep.rule=Host(`karakeep.jakehoward.tech`) + - traefik.http.routers.karakeep.middlewares=tailscale-only@file + depends_on: + - chrome + - meilisearch + networks: + - default + - traefik + + chrome: + image: gcr.io/zenika-hub/alpine-chrome:latest + restart: unless-stopped + command: + - --no-sandbox + - --disable-gpu + - --disable-dev-shm-usage + - --remote-debugging-address=0.0.0.0 + - --remote-debugging-port=9222 + - --hide-scrollbars + + meilisearch: + image: getmeili/meilisearch:v1.13.3 + restart: unless-stopped + environment: + - MEILI_NO_ANALYTICS=true + - MEILI_MASTER_KEY={{ vault_meili_master_key }} + volumes: + - /mnt/speed/dbs/meilisearch/karakeep:/meili_data + +networks: + traefik: + external: true diff --git a/ansible/roles/karakeep/handlers/main.yml b/ansible/roles/karakeep/handlers/main.yml new file mode 100644 index 0000000..2175237 --- /dev/null +++ b/ansible/roles/karakeep/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart karakeep + shell: + chdir: /opt/karakeep + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/karakeep/tasks/main.yml b/ansible/roles/karakeep/tasks/main.yml new file mode 100644 index 0000000..5702d52 --- /dev/null +++ b/ansible/roles/karakeep/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/karakeep + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/karakeep/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart karakeep diff --git a/ansible/roles/karakeep/vars/vault.yml b/ansible/roles/karakeep/vars/vault.yml new file mode 100644 index 0000000..3907c6a --- /dev/null +++ b/ansible/roles/karakeep/vars/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +37336232616234393739663034666262303737353237663031666334346366613862666566376634 +6130333363633731336330326134396235353131376663650a356363323663306166353130613933 +35346264613163626634396265366338326232666230623739663632616533616261613433643832 +6164613363643162610a623137343565653139383133316330613434623236623136333330613130 +35333037663864373266313034326432376134333166666433346630363562303638636335643462 +65623763333565656431613635376362333338313239393534613837626262633937393131323033 +38363137636565343063663563333962346163323866346138313935333336363930396532323636 +63313261323432326333653330613835613631643462393861376634393662663235393830646133 +63396336343365313564393866663966363466373634346533623365383562353837623562353666 +62626361323532353566626334333739663236306236653663373765616232336236373830323437 +30346363666566343837643166316533396637616464346463346139376432646665613237373861 +63333466366361623838353031343434653430316439383462313536613562346432353662653935 +31353135633432313263373562626534373634646536376236616364333566636164663433656531 +66643663303862393037323432303437616366323930306266326163363036363139663563336535 +36313836383831393438616264666465666663376162333234613866306633373739643461323263 +65643964366130363763356238646336356138336436646431366264353361353665616238616335 +65616262663232393864616230383666633535646436626532643434376433316537 diff --git a/ansible/roles/pve_docker/files/wallabag/docker-compose.yml b/ansible/roles/pve_docker/files/wallabag/docker-compose.yml deleted file mode 100644 index 5cdde1e..0000000 --- a/ansible/roles/pve_docker/files/wallabag/docker-compose.yml +++ /dev/null @@ -1,48 +0,0 @@ -services: - wallabag: - image: wallabag/wallabag:latest - restart: unless-stopped - environment: - - SYMFONY__ENV__SECRET={{ wallabag_secret }} - - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.jakehoward.tech - - SYMFONY__ENV__FOSUSER_REGISTRATION=false - - POSTGRES_PASSWORD=wallabag - - POSTGRES_USER=wallabag - - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql - - SYMFONY__ENV__DATABASE_HOST=db - - SYMFONY__ENV__DATABASE_PORT=5432 - - SYMFONY__ENV__DATABASE_NAME=wallabag - - SYMFONY__ENV__DATABASE_USER=wallabag - - SYMFONY__ENV__DATABASE_PASSWORD=wallabag - - POPULATE_DATABASE=true - volumes: - - /mnt/tank/app-data/wallabag/data:/var/www/wallabag/data - - /mnt/tank/app-data/wallabag/images:/var/www/wallabag/images - labels: - - traefik.enable=true - - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`) - depends_on: - - db - - redis - networks: - - default - - traefik - - redis: - image: redis:7-alpine - restart: unless-stopped - volumes: - - /mnt/speed/dbs/redis/wallabag:/data - - db: - image: pgautoupgrade/pgautoupgrade:17-alpine - restart: unless-stopped - volumes: - - /mnt/speed/dbs/postgres/wallabag/:/var/lib/postgresql/data - environment: - - POSTGRES_PASSWORD=wallabag - - POSTGRES_USER=wallabag - -networks: - traefik: - external: true diff --git a/ansible/roles/pve_docker/tasks/main.yml b/ansible/roles/pve_docker/tasks/main.yml index 62f5eb8..8d7fa01 100644 --- a/ansible/roles/pve_docker/tasks/main.yml +++ b/ansible/roles/pve_docker/tasks/main.yml @@ -10,8 +10,5 @@ - name: Install synapse include_tasks: synapse.yml -- name: Install wallabag - include_tasks: wallabag.yml - - name: Install whoami include_tasks: whoami.yml diff --git a/ansible/roles/pve_docker/tasks/wallabag.yml b/ansible/roles/pve_docker/tasks/wallabag.yml deleted file mode 100644 index 2785db1..0000000 --- a/ansible/roles/pve_docker/tasks/wallabag.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Include wallabag variables - include_vars: wallabag.yml - -- name: Create wallabag directory - file: - path: /opt/wallabag - state: directory - owner: "{{ docker_user.name }}" - mode: "{{ docker_compose_directory_mask }}" - -- name: Install wallabag compose file - template: - src: files/wallabag/docker-compose.yml - dest: /opt/wallabag/docker-compose.yml - mode: "{{ docker_compose_file_mask }}" - owner: "{{ docker_user.name }}" - validate: docker-compose -f %s config - register: compose_file - -- name: restart wallabag - shell: - chdir: /opt/wallabag - cmd: "{{ docker_update_command }}" - when: compose_file.changed diff --git a/ansible/roles/pve_docker/vars/wallabag.yml b/ansible/roles/pve_docker/vars/wallabag.yml deleted file mode 100644 index 409b5f7..0000000 --- a/ansible/roles/pve_docker/vars/wallabag.yml +++ /dev/null @@ -1,11 +0,0 @@ -wallabag_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 64353939666265306238333239316631373533643030663638316338356330653539643837373637 - 6638323330373264363535316339616432373132613939360a653533393164386266646337663234 - 33306333663165303431343537336465383937646437643630313037326135643666656435373331 - 6563303734643532370a313361656434333537366636366265653861656636386164373261666633 - 31646263326539303862386261623938323338333839656135656663643231653361663438326136 - 65306537383931393432633561333131386138333132383737383539646233313735613566633537 - 61656630396333376635393264346266356238626134316331623638393234363161336439303939 - 31393361393432366638613865323663326630306432363364663266663264656339323939306266 - 62646464306363353032326638613361633433303433633361656662353237396631 diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index a2ba262..2cdb486 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -63,16 +63,6 @@ resource "gandi_livedns_record" "jakehowardtech_dmarc" { ] } -resource "gandi_livedns_record" "jakehowardtech_wallabag" { - zone = data.gandi_livedns_domain.jakehowardtech.id - name = "wallabag" - type = "CNAME" - ttl = 3600 - values = [ - "${gandi_livedns_record.sys_domain_pve.name}.${gandi_livedns_record.sys_domain_pve.zone}." - ] -} - resource "gandi_livedns_record" "jakehowardtech_speed" { zone = data.gandi_livedns_domain.jakehowardtech.id name = "speed" @@ -353,6 +343,16 @@ resource "gandi_livedns_record" "jakehowardtech_atuin" { ] } +resource "gandi_livedns_record" "jakehowardtech_karakeep" { + zone = data.gandi_livedns_domain.jakehowardtech.id + name = "karakeep" + type = "CNAME" + ttl = 3600 + values = [ + "${gandi_livedns_record.sys_domain_pve_private.name}.${gandi_livedns_record.sys_domain_pve_private.zone}." + ] +} + resource "gandi_livedns_record" "jakehowardtech_caa" { zone = data.gandi_livedns_domain.jakehowardtech.id name = "@"