tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Refactor: Dir structure

Browse Source
This commit is contained in:
Tobias Manske
2023-09-14 06:48:05 +02:00
parent c361625230
commit af3e66f901
157 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/plays/services/ba-gitlab-runner/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=gitlab-ba

39
ansible/plays/services/ba-gitlab-runner/docker-compose.yaml Normal file
View File

@ -0,0 +1,39 @@
---
version: "3.4"
services:
dind:
image: docker:dind
restart: unless-stopped
privileged: true
volumes:
- /lib/modules:/lib/modules:ro
environment:
DOCKER_TLS_CERTDIR: ""
networks:
- backend
- default
runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- dind
networks:
- default
- backend
volumes:
- runner_cfg:/etc/gitlab-runner:z
environment:
- DOCKER_HOST=tcp://dind:2375
- CI_SERVER_URL={{ ba_gitlab_runner.server }}
- REGISTRATION_TOKEN={{ ba_gitlab_runner.token }}
volumes:
runner_cfg:
networks:
backend:
internal: true
...

1
ansible/plays/services/blog/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=blog

13
ansible/plays/services/blog/docker-compose.yaml Normal file
View File

@ -0,0 +1,13 @@
---
version: "3.4"
services:
tobiasmanske.de:
image: registry.tobiasmanske.de/tobiasmanske.de:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.tobiasmanskede.rule=(Host(`tobiasmanske.de`) || Host(`www.tobiasmanske.de`)) && !PathPrefix(`/{path:(_matrix|_synapse|.well-known/matrix|.well-known/openpgpkey)}/`)"
- "traefik.http.routers.tobiasmanskede.entryPoints=websecure"
- "traefik.http.services.tobiasmanskede.loadbalancer.server.port=80"
restart: always
...

1
ansible/plays/services/caddy/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=caddy

14
ansible/plays/services/caddy/Caddyfile Normal file
View File

@ -0,0 +1,14 @@
{
auto_https off
}
{% for rule in redirect.hosts %}
http://{{ rule.from }} {
{% if rule.keepUri %}
redir https://{{ rule.to }}{uri} permanent
{% else %}
redir https://{{ rule.to }} permanent
{% endif %}
}
{% endfor %}

15
ansible/plays/services/caddy/docker-compose.yaml Normal file
View File

@ -0,0 +1,15 @@
---
version: "3.4"
services:
redirect:
image: caddy:2
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro,z
labels:
- "traefik.enable=true"
- "traefik.http.routers.caddyredir.rule={{ redirect.hosts | map(attribute='from') | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}"
- "traefik.http.routers.caddyredir.entryPoints=websecure"
- "traefik.http.services.caddyredir.loadbalancer.server.port=80"
restart: always
...

1
ansible/plays/services/diun/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=diun

19
ansible/plays/services/diun/diun.yml Normal file
View File

@ -0,0 +1,19 @@
watch:
workers: 20
schedule: "0 */6 * * *"
firstCheckNotif: false
notif:
matrix:
homeserverURL: http://pantalaimon:8008
user: "{{ diun.matrix.user }}"
password: "{{ diun.matrix.password }}"
roomID: "{{ diun.matrix.roomID }}"
msgType: notice
templateBody: |
{% raw %}Docker tag {{ if .Entry.Image.HubLink }}[**{{ .Entry.Image }}**]({{ .Entry.Image.HubLink }}){{ else }}**{{ .Entry.Image }}**{{ end }} which you subscribed to through {{ .Entry.Provider }} provider {{ if (eq .Entry.Status "new") }}is available{{ else }}has been updated{{ end }} on {{ .Entry.Image.Domain }} registry.
{{ if and (eq .Entry.Status "new") (eq .Entry.Image "docker.io/jitsi/web") }}See https://github.com/jitsi/docker-jitsi-meet/releases/tag/{{ .Entry.Image.Tag }}{{ end }}{% endraw %}
providers:
file:
filename: /watch.yml

29
ansible/plays/services/diun/docker-compose.yaml Normal file
View File

@ -0,0 +1,29 @@
---
version: "3.4"
services:
diun:
image: crazymax/diun:latest
container_name: diun
command: serve
volumes:
- "data:/data"
- "./diun.yml:/diun.yml:ro,Z"
- "./watch.yml:/watch.yml:ro,Z"
environment:
- "TZ=Europe/Berlin"
- "LOG_LEVEL=info"
- "LOG_JSON=false"
restart: always
networks:
- default
- pantalaimon
volumes:
data:
networks:
pantalaimon:
external: true
...

6
ansible/plays/services/diun/watch.yml Normal file
View File

@ -0,0 +1,6 @@
- name: docker.io/jitsi/web
watch_repo: true
notify_on:
- new
include_tags:
- ^stable-\d+

1
ansible/plays/services/gitea-runner/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=gitea-runner

44
ansible/plays/services/gitea-runner/docker-compose.yaml Normal file
View File

@ -0,0 +1,44 @@
---
version: '3.9'
services:
dind:
image: docker:dind
restart: unless-stopped
privileged: true
volumes:
- /lib/modules:/lib/modules:ro
environment:
DOCKER_TLS_CERTDIR: ""
command:
- '--tls=false' # Do not force TLS; note that this service is NOT exposed to the internet
networks:
- backend
- default
drone_runner:
image: drone/drone-runner-docker:1
restart: always
environment:
- "DOCKER_HOST=tcp://dind:2375"
- "DRONE_LIMIT_MEM=8192000000"
- "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
- "DRONE_RPC_HOST=drone.tobiasmanske.de"
- "DRONE_RPC_PROTO=https"
- "DRONE_RUNNER_CAPACITY={{ gitea.drone.runner_capacity }}"
- "DRONE_RUNNER_NAME={{ gitea.drone.runner_name }}"
{% if gitea.drone.runner_labels is defined %}
- "DRONE_RUNNER_LABELS={{ gitea.drone.runner_labels | join(',') }}"
{% endif %}
- "DRONE_RUNNER_CLONE_IMAGE=drone/git:linux-amd64"
- "DRONE_RUNNER_VOLUMES=/etc/hosts:/etc/hosts"
depends_on:
- dind
networks:
- backend
- default
networks:
backend:
internal: true
...

1
ansible/plays/services/gitea/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=gitea

89
ansible/plays/services/gitea/docker-compose.yaml Normal file
View File

@ -0,0 +1,89 @@
---
version: '3.9'
services:
gitea:
image: gitea/gitea:1
container_name: gitea
environment:
- "USER_UID=1000"
- "USER_GID=1000"
- "GITEA__database__DB_TYPE=postgres"
- "GITEA__database__HOST=db:5432"
- "GITEA__database__NAME={{ gitea.db.name }}"
- "GITEA__database__USER={{ gitea.db.user }}"
- "GITEA__database__PASSWD={{ gitea.db.password }}"
- "GITEA__webhook__ALLOWED_HOST_LIST=*.tobiasmanske.de"
- "GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true"
- "GITEA__service__DISABLE_REGISTRATION=true"
restart: always
networks:
- default # mirror service needs internet
- backend
volumes:
- gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`git.tobiasmanske.de`)"
- "traefik.http.routers.gitea.entryPoints=websecure"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
ports:
- "7779:22"
depends_on:
db:
condition: service_healthy
db:
image: postgres:14
restart: always
environment:
- "POSTGRES_USER={{ gitea.db.user }}"
- "POSTGRES_PASSWORD={{ gitea.db.password }}"
- "POSTGRES_DB={{ gitea.db.name }}"
networks:
- backend
volumes:
- pg_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
drone:
image: drone/drone:2
restart: always
environment:
- "DRONE_GITEA_SERVER=https://git.tobiasmanske.de"
- "DRONEC_COOKIE_SECRET={{ gitea.drone.cookie_secret }}"
- "DRONE_GITEA_CLIENT_ID={{ gitea.drone.client_id }}"
- "DRONE_GIT_ALWAYS_AUTH=true"
- "DRONE_GITEA_CLIENT_SECRET={{ gitea.drone.client_secret }}"
- "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
- "DRONE_SERVER_HOST=drone.tobiasmanske.de"
- "DRONE_SERVER_PROTO=https"
- "DRONE_IMAGE_CLONE=openjdk:17-bullseye"
- "DRONE_USER_CREATE=username:tobias,admin:true"
networks:
- backend
volumes:
- drone_data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.drone.rule=Host(`drone.tobiasmanske.de`)"
- "traefik.http.routers.drone.entryPoints=websecure"
- "traefik.http.services.drone.loadbalancer.server.port=80"
depends_on:
- gitea
networks:
backend:
internal: true
volumes:
gitea_data:
drone_data:
pg_data:
...

1
ansible/plays/services/hedgedoc/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=hedgedoc

79
ansible/plays/services/hedgedoc/docker-compose.yaml Normal file
View File

@ -0,0 +1,79 @@
---
version: '3'
services:
database:
image: postgres:13-alpine
environment:
- POSTGRES_USER={{ hedgedoc.db.user }}
- POSTGRES_PASSWORD={{ hedgedoc.db.password }}
- POSTGRES_DB={{ hedgedoc.db.name }}
volumes:
- database:/var/lib/postgresql/data
restart: always
networks:
- backend
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
app:
# Make sure to use the latest release from https://hedgedoc.org/latest-release
image: quay.io/hedgedoc/hedgedoc:1.9.3
environment:
- CMD_DB_URL=postgres://{{ hedgedoc.db.user }}:{{ hedgedoc.db.password }}@database:5432/{{ hedgedoc.db.name }}
- CMD_DOMAIN=doc.tobiasmanske.de
- CMD_ALLOW_ORIGIN=doc.tobiasmanske.de,localhost
- CMD_CSP_ENABLE=true
- CMD_PROTOCOL_USESSL=true
- CMD_PROTOCOL_USE_SSL=true
- CMD_ALLOW_EMAIL_REGISTER=false
- CMD_ALLOW_ANONYMOUS=false
- CMD_ALLOW_ANONYMOUS_EDITS=true
- CMD_ALLOW_FREEURL=true
- CMD_DEFAULT_PERMISSION=private
- CMD_SESSION_SECRET={{ hedgedoc.cmd.session_secret }}
- CMD_OAUTH2_CLIENT_ID={{ hedgedoc.cmd.client_id }}
- CMD_OAUTH2_CLIENT_SECRET={{ hedgedoc.cmd.client_secret }}
- CMD_OAUTH2_AUTHORIZATION_URL={{ hedgedoc.cmd.authorization_url }}
- CMD_OAUTH2_SCOPE=openid email profile
- CMD_OAUTH2_TOKEN_URL={{ hedgedoc.cmd.token_url }}
- CMD_OAUTH2_USER_PROFILE_URL={{ hedgedoc.cmd.user_profile_url }}
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
- CMD_OAUTH2_PROVIDERNAME=Keycloak
- CMD_IMAGE_UPLOAD_TYPE=minio
- CMD_MINIO_ACCESS_KEY={{ hedgedoc.cmd.s3.access_key }}
- CMD_MINIO_SECRET_KEY={{ hedgedoc.cmd.s3.secret_key }}
- CMD_MINIO_ENDPOINT={{ hedgedoc.cmd.s3.endpoint }}
- CMD_MINIO_PORT={{ hedgedoc.cmd.s3.port }}
- CMD_MINIO_SECURE={{ hedgedoc.cmd.s3.secure }}
- CMD_S3_BUCKET=hedgedoc
- CMD_S3_FOLDER=uploads
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.hedgedoc.rule=Host(`doc.tobiasmanske.de`)"
- "traefik.http.routers.hedgedoc.middlewares=deny-metrics@file"
- "traefik.http.routers.hedgedoc.entryPoints=websecure"
- "traefik.http.services.hedgedoc.loadbalancer.server.port=3000"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=3000"
depends_on:
database:
condition: service_healthy
networks:
- backend
- metrics
volumes:
database:
networks:
backend:
internal: true
metrics:
external: true
...

1
ansible/plays/services/keycloak/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=keycloak

54
ansible/plays/services/keycloak/docker-compose.yaml Normal file
View File

@ -0,0 +1,54 @@
---
version: '3.9'
services:
postgres:
image: postgres:15
restart: always
environment:
- "POSTGRES_DB={{ auth.db.name }}"
- "POSTGRES_USER={{ auth.db.user }}"
- "POSTGRES_PASSWORD={{ auth.db.password }}"
volumes:
- pg_data:/var/lib/postgresql/data
networks:
- backend
healthcheck:
test: ["CMD-SHELL", "pg_isready", "-U", "keycloak"]
interval: 10s
timeout: 5s
retries: 5
keycloak:
image: registry.tobiasmanske.de/keycloak:main
command: start
depends_on:
postgres:
condition: service_healthy
environment:
- "KC_DB=postgres"
- "KC_DB_URL_HOST=postgres"
- "KC_DB_URL_DATABASE={{ auth.db.name }}"
- "KC_DB_USERNAME={{ auth.db.user }}"
- "KC_DB_PASSWORD={{ auth.db.password }}"
- "KEYCLOAK_ADMIN={{ auth.keycloak.user }}"
- "KEYCLOAK_ADMIN_PASSWORD={{ auth.keycloak.password }}"
- "KC_PROXY=edge"
- "KC_HOSTNAME=auth.tobiasmanske.de"
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.rule=Host(`auth.tobiasmanske.de`)"
- "traefik.http.routers.keycloak.entryPoints=websecure"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
restart: always
networks:
- backend
- default # keycloak needs to talk to social logins
networks:
backend:
internal: true
volumes:
pg_data:
...

1
ansible/plays/services/kuma/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=kuma-{{ service_name|default("kuma") }}

25
ansible/plays/services/kuma/docker-compose.yaml Normal file
View File

@ -0,0 +1,25 @@
{% set _name = service_name|default("kuma") %}
{% set _urls = urls|default(kuma.urls)|mandatory %}
---
services:
kuma:
image: louislam/uptime-kuma:latest
restart: unless-stopped
volumes:
- data:/app/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.kuma-{{ _name }}.rule={{ _urls | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}"
- "traefik.http.routers.kuma-{{ _name }}.entryPoints=websecure"
- "traefik.http.services.kuma-{{ _name }}.loadbalancer.server.port=3001"
networks:
- default
- pantalaimon
volumes:
data:
networks:
pantalaimon:
external: true
...

1
ansible/plays/services/linktree/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=linktree

13
ansible/plays/services/linktree/docker-compose.yaml Normal file
View File

@ -0,0 +1,13 @@
---
version: "3.4"
services:
unruhig.eu:
image: registry.tobiasmanske.de/unruhig.eu:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.unruhigeu.rule=(Host(`unruhig.eu`) || Host(`www.unruhig.eu`))"
- "traefik.http.routers.unruhigeu.entryPoints=websecure"
- "traefik.http.services.unruhigeu.loadbalancer.server.port=80"
restart: always
...

1
ansible/plays/services/matrix/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=matrix

15
ansible/plays/services/matrix/Caddyfile Normal file
View File

@ -0,0 +1,15 @@
{
auto_https off
}
http://{{ matrix.baseurl }} {
header {
Content-Type application/json
Access-Control-Allow-Origin *
}
respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://synapse.{{ matrix.baseurl }}\"} }" 200
respond /.well-known/matrix/server "{\"m.server\": \"synapse.{{ matrix.baseurl }}:443\"}" 200
respond /.well-known/matrix/support "{\"admins\":[{\"matrix_id\":\"@tobi:{{ matrix.baseurl }}\",\"email_address\":\"matrix@{{ matrix.baseurl }}\",\"role\":\"admin\"}]}" 200
respond 404
}

12
ansible/plays/services/matrix/cinny-config.json Normal file
View File

@ -0,0 +1,12 @@
{
"defaultHomeserver": 0,
"homeserverList": [
"unruhig.eu",
"entropia.de",
"matrix.org",
"archlinux.org",
"kit.edu",
"mozilla.org"
],
"allowCustomHomeservers": true
}

228
ansible/plays/services/matrix/docker-compose.yaml Normal file
View File

@ -0,0 +1,228 @@
---
version: '3.9'
services:
synapse:
image: registry.tobiasmanske.de/matrixdotorg/synapse:latest
user: "1000:1000"
# Since synapse does not retry to connect to the database, restart upon
# failure
restart: unless-stopped
# See the readme for a full documentation of the environment settings
# NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
environment:
- SYNAPSE_CONFIG_DIR=/config
- SYNAPSE_CONFIG_PATH=/config/homeserver.yaml
- TZ=Europe/Berlin
ulimits:
nofile:
soft: 10000
hard: 40000
volumes:
- synapse_data:/data
- ./synapse-config:/config:ro,Z
- ./mautrix-telegram/registration.yaml:/data/reg-mautrix-tg.yaml:ro,Z
- ./mautrix-slack/registration.yaml:/data/reg-mautrix-slack.yaml:ro,Z
- ./mautrix-signal/registration.yaml:/data/reg-mautrix-signal.yaml:ro,Z
depends_on:
- db
- redis
networks:
- default
- backend
- metrics
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-synapse.rule=Host(`synapse.{{ matrix.baseurl }}`)"
- "traefik.http.routers.http-synapse.entryPoints=websecure"
- "traefik.http.routers.http-synapse.service=matrix-synapse"
- "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/_{path:(matrix|synapse)}/`)"
- "traefik.http.routers.matrix-synapse.entryPoints=websecure"
- "traefik.http.routers.matrix-synapse.service=matrix-synapse"
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9091"
- "prometheus-scrape.metrics_path=/_synapse/metrics"
db:
image: postgres:15
restart: always
environment:
- POSTGRES_USER={{ matrix.db.user }}
- POSTGRES_DB={{ matrix.db.database }}
- POSTGRES_PASSWORD={{ matrix.db.password }}
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
networks:
- backend
volumes:
- db_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
caddy:
image: caddy:2
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro,z
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.matrix-well-known.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/.well-known/matrix/`)"
- "traefik.http.routers.matrix-well-known.entrypoints=websecure"
- "traefik.http.services.matrix-well-known.loadbalancer.server.port=80"
cinny:
image: registry.tobiasmanske.de/cinnyapp/cinny:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.matrix-cinny.rule=Host(`cinny.{{ matrix.baseurl }}`)"
- "traefik.http.routers.matrix-cinny.entryPoints=websecure"
- "traefik.http.services.matrix-cinny.loadbalancer.server.port=80"
volumes:
- ./cinny-config.json:/app/config.json:ro,Z
networks:
- default
redis:
image: redis:latest
restart: unless-stopped
networks:
- backend
### BRIDGES
#### Telegram
mautrix-telegram:
image: dock.mau.dev/mautrix/telegram:latest
user: "1000:1000"
restart: unless-stopped
environment:
- "MAUTRIX_DIRECT_STARTUP=1"
volumes:
- bridge_tg_data:/data
- ./mautrix-telegram/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-telegram/registration.yaml:/data/registration.yaml:ro,Z
networks:
- backend
- default # Needs to contact UFOs in the sky
depends_on:
- db-bridge-tg
- synapse
db-bridge-tg:
image: postgres:15
restart: always
environment:
- POSTGRES_USER={{ matrix.bridge.tg.dbuser }}
- POSTGRES_DB={{ matrix.bridge.tg.dbname }}
- POSTGRES_PASSWORD={{ matrix.bridge.tg.dbpass }}
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
networks:
- backend
volumes:
- bridge_tg_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
#### SLACK
mautrix-slack:
image: dock.mau.dev/mautrix/slack:latest
environment:
- "UID=1000"
- "GID=1000"
restart: unless-stopped
volumes:
- bridge_slack_data:/data
- ./mautrix-slack/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-slack/registration.yaml:/data/registration.yaml:ro,Z
networks:
- backend
- default # Needs to contact UFOs in the sky
depends_on:
- db-bridge-slack
- synapse
db-bridge-slack:
image: postgres:15
restart: always
environment:
- POSTGRES_USER={{ matrix.bridge.slack.dbuser }}
- POSTGRES_DB={{ matrix.bridge.slack.dbname }}
- POSTGRES_PASSWORD={{ matrix.bridge.slack.dbpass }}
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
networks:
- backend
volumes:
- bridge_slack_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
#### SIGNAL
mautrix-signal:
image: dock.mau.dev/mautrix/signal:latest
user: "1000:1000"
restart: unless-stopped
environment:
- "MAUTRIX_DIRECT_STARTUP=1"
networks:
- default
- backend
volumes:
- bridge_signal_data:/data
- signald_data:/signald
- ./mautrix-signal/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-signal/registration.yaml:/data/registration.yaml:ro,Z
depends_on:
- signald
- db-bridge-signal
signald:
image: docker.io/signald/signald:latest
restart: unless-stopped
networks:
- default
- backend
volumes:
- signald_data:/signald
db-bridge-signal:
image: postgres:15
restart: unless-stopped
networks:
- backend
environment:
- POSTGRES_USER={{ matrix.bridge.signal.dbuser }}
- POSTGRES_DB={{ matrix.bridge.signal.dbname }}
- POSTGRES_PASSWORD={{ matrix.bridge.signal.dbpass }}
volumes:
- bridge_signal_db:/var/lib/postgresql/data
networks:
backend:
internal: true
metrics:
external: true
volumes:
synapse_data:
bridge_tg_data:
bridge_tg_db:
bridge_slack_data:
bridge_slack_db:
bridge_signal_data:
bridge_signal_db:
signald_data:
db_data:
...

334
ansible/plays/services/matrix/mautrix-signal/config.yaml Normal file
View File

@ -0,0 +1,334 @@
# Homeserver details
# {% set config = matrix.bridge.signal %}
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix.baseurl }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint:
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint:
# Maximum number of simultaneous HTTP connections to the homeserver.
connection_limit: 100
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-signal:29328
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29328
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://{{ config.dbuser }}:{{ config.dbpass }}@db-bridge-signal/{{ config.dbname }}?sslmode=disable
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
id: signal
# Username of the appservice bot.
bot_username: signalbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Signal bridge bot
bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ config.as_token }}"
hs_token: "{{ config.hs_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-signal.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal:
# Path to signald unix socket
socket_path: /signald/signald.sock
# Directory for temp files when sending files to Signal. This should be an
# absolute path that signald can read. For attachments in the other direction,
# make sure signald is configured to use an absolute path as the data directory.
outgoing_attachment_dir: /signald/attachments
# Directory where signald stores avatars for groups.
avatar_dir: /signald/avatars
# Directory where signald stores auth data. Used to delete data when logging out.
data_dir: /signald/data
# Whether or not unknown signald accounts should be deleted when the bridge is started.
# When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Whether or not to enable disappearing messages in groups. If enabled, then the expiration
# time of the messages will be determined by the first users to read the message, rather
# than individually. If the bridge has a single user, this can be turned on safely.
enable_disappearing_messages_in_groups: false
# Bridge config
bridge:
# {% raw %}
# Localpart template of MXIDs for Signal users.
# {userid} is replaced with the UUID of the Signal user.
username_template: signal_{userid}
# Displayname template for Signal users.
# {displayname} is replaced with the displayname of the Signal user, which is the first
# available variable in displayname_preference. The variables in displayname_preference
# can also be used here directly.
displayname_template: '{displayname} (Signal)'
# {% endraw %}
# Whether or not contact list displaynames should be used.
# Possible values: disallow, allow, prefer
#
# Multi-user instances are recommended to disallow contact list names, as otherwise there can
# be conflicts between names from different users' contact lists.
contact_list_names: disallow
# Available variables: full_name, first_name, last_name, phone, uuid
displayname_preference:
- full_name
- phone
autocreate_group_portal: true
# Whether or not to create portals for all contacts on login/connect.
autocreate_contact_portal: false
# Whether or not to make portals of Signal groups in which joining via invite link does
# not need to be approved by an administrator publicly joinable on Matrix.
public_portals: false
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
login_shared_secret_map:
{{ matrix.baseurl }}: {{ matrix.authenticator.shared_secret }}
federate_rooms: false
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: true
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: true
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Signal. This let's you check manually whether the bridge is receiving your
# messages.
# Note that this is not related to Signal delivery receipts.
delivery_receipts: true
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Interval at which to resync contacts (in seconds).
periodic_sync: 0
# Should leaving the room on Matrix make the user leave on Signal?
bridge_matrix_leave: false
# Should the bridge auto-create a group chat on Signal when a ghost is invited to a room?
# Requires the user to have sufficient power level and double puppeting enabled.
create_group_on_invite: true
hacky_contact_name_mixup_detection: false
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: disabled
# Segment API key to enable analytics tracking for web server
# endpoints. Set to null to disable.
# Currently the only events are login start, QR code scan, and login
# success/failure.
segment_key:
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
segment_user_id:
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!signal'
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: Hello, I'm a Signal bridge bot.
# Sent when joining a management room and the user is already logged in.
welcome_connected: Use `help` for help.
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: Use `help` for help or `link` to log in.
# Optional extra text sent when joining a management room.
additional_help: ''
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'*': relay
{{ matrix.baseurl }}: user
'@tobi:{{ matrix.baseurl }}': admin
relay:
# Whether relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to Signal via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '$sender_displayname: $message'
m.notice: '$sender_displayname: $message'
m.emote: '* $sender_displayname $message'
m.file: $sender_displayname sent a file
m.image: $sender_displayname sent an image
m.audio: $sender_displayname sent an audio file
m.video: $sender_displayname sent a video
m.location: $sender_displayname sent a location
relaybot: '@relaybot:example.com'
# Whether or not invites from non-logged-in users should be relayed
invite: true
# Format for generating URLs from location messages for sending to Signal
# Google Maps: 'https://www.google.com/maps/place/{lat},{long}'
# OpenStreetMap: 'https://www.openstreetmap.org/?mlat={lat}&mlon={long}'
location_format: https://www.google.com/maps/place/{lat},{long}
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_signal.util.ColorFormatter
format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
normal:
format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

31
ansible/plays/services/matrix/mautrix-signal/registration.yaml Normal file
View File

@ -0,0 +1,31 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
31353638336331613430353931626330366132643736326566343536343666643965333163313831
3062336363343836666163393763326332623730623930620a333666373365306536636264613732
64373937373062303332306166393833656239333862343836626364613639633762376138383964
3033623639636530320a613233643736383637396131636434306435346637353966393639363239
30336461616464303031386164393433373831353435333466323166643436626234623262633237
30373830366430636230633962643439363666363031633936313934616332306437623138373535
65343062336461663861376664383138636333353338666231623436666366303431363438323632
31313739376439323665386130323338363930366361646361383831643337653963353639353738
36383866313262616135633231623964663266643030343561363735323039376338373165356366
30643738313331333733343739366435383936373135666433666663353039316331366463623362
38343430663432396332623662633533396433366564656263393735663839666566376139656261
65323664616463626430653734393433626231386230633664653264373034633731633239363135
35333366333039623764386330613130373263316436316266303461626463373939336134363039
62653363613064373731616137333663333334636336623363343034383263656631653864336439
65623762666538383766393939303832373566623666383761623234636638303566336438616136
33333939323061333431656435383731326633323135313839343761613231623537356333636336
65323063653239623166313938386133366565313336643161323564386338363839393434616535
63373038383334633238303336386261343639393537333735383439346164633962343033633533
64353138373161323639613434653939326265336239366364336630666634356439303564653833
31333765303030376330396261376161636563306133363137313435376133373363653031356333
62663737646165626366363230663262346563633236366238646339303763383161663033356232
34343434363833386330636535663333356364633332616431613431386534336133386638333034
35633363333366306435656137303866636232323765313164363636636366653364326332613233
32643866663032313431663463666364326633376332323335336131376131663865616232653065
34633338333237636336333062646561376331363138346132386430633462666634646462656431
65373562323539636165313038643839623132643539346539343338346366366362323230653935
34323834393961376234343564383635623865303765663439316535396263363265626265613761
33343034343666663834363133663734343838623132666561393862623136613035656434626233
31666434656535393536623461393630346262643331336364353932326337376132333631616635
3963306630613238323633666264316462393063383639656333

231
ansible/plays/services/matrix/mautrix-slack/config.yaml Normal file
View File

@ -0,0 +1,231 @@
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix.baseurl }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-slack:29335
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29335
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://{{ matrix.bridge.slack.dbuser }}:{{ matrix.bridge.slack.dbpass }}@db-bridge-slack/{{ matrix.bridge.slack.dbname }}?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: slack
# Appservice bot details.
bot:
# Username of the appservice bot.
username: slackbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Slack bridge bot
avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix.bridge.slack.as_token }}"
hs_token: "{{ matrix.bridge.slack.hs_token }}"
# Bridge config
bridge:
{% raw %}
# Localpart template of MXIDs for Slack users.
# {{.}} is replaced with the internal ID of the Slack user.
username_template: slack_{{.}}
# Displayname template for Slack users.
# TODO: document variables
displayname_template: '{{.DisplayName}} (Slack)'
bot_displayname_template: '{{.Name}} (bot)'
channel_name_template: '#{{.Name}}'
{% endraw %}
portal_message_buffer: 128
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
delivery_receipts: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
sync_with_custom_puppets: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{ matrix.baseurl }}: "{{ matrix.authenticator.shared_secret }}"
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: 10s
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 60s
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!slack'
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Slack bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
backfill:
# Allow backfilling at all? Requires MSC2716 support on homeserver.
enable: true
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Number of messages to immediately backfill when creating a portal.
immediate_messages: 10
# Settings for incremental backfill of history.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of messages to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_messages:
# Channels
channel: -1
# Group direct messages
group_dm: -1
# 1:1 direct messages
dm: -1
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: true
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Slack account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": relay
"{{ matrix.baseurl }}": user
"@tobi:{{ matrix.baseurl }}": admin
{% raw %}
logging:
directory: ./logs
file_name_format: '{{.Date}}-{{.Index}}.log'
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: debug
print_json: false
file_json: false
{% endraw %}

26
ansible/plays/services/matrix/mautrix-slack/registration.yaml Normal file
View File

@ -0,0 +1,26 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
63643764313434366534636536373233613163353932353332353034386638623463323265356366
3033666637643563393537636263366338643736303663620a376138656235653238386131623864
33356331386265613436626337356436373439376434633135626339373931346166313834323938
3833636339306137360a383230386236333632613037363139356230663563333266353030616133
39343037343234386465646433613465646363343237346432373934623431336163303233323263
65356133373264323664663238306266336332353632643533373038653938623939353931613964
33383638653061313961363033343435316130666337393034356664653933626466623734643239
63663864316464343631313533653931376561303830366665333635613666346139623937373663
65393234326533623364626666353763396437386330386563333432306566316161626561363836
62613630623864323163616639396233393031373734373332383064626562623563363266383065
61613738323034313431333333656530346566333165363430333962373930363736396265636663
65646632356265633665633930343231636138366364653038336563333234326139333437643063
39653437303565343739306237653832616265323138643234313731343339353161333363366538
35373864666436306438303037363766373532633533666335303137346337633265613630653637
39356237663665333533363030653735333535653861353866363362343830366562383661666137
37623436336531363230356233656235666238663537616437353636353732643639386534616561
30656264316535636437653032343634643036363838626234303837393935393430323537643231
64363534313033396362326530663430373661613362346364356262386433663731313866363438
30653966343436656430326434646337386230333432383861333635326431346332663332313437
35636162323834616437383563353932333137653639616532363162663365393437386333613439
35343937333034303934623962653132323837643430303230383163393833316233636233643736
33666530653033613762313364653734633765326432613032386535333335633834633430356165
64396132386133326464376163326236373131316266343634306163313235616236383239366639
38373235643763616236356266663534356230643131653130323338393262616337346635633835
39386236643562653738383037376334303138623966316637386464386139613431

593
ansible/plays/services/matrix/mautrix-telegram/config.yaml Normal file
View File

@ -0,0 +1,593 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix.baseurl }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Telegram connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-telegram:29317
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29317
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://{{ matrix.bridge.tg.dbuser }}:{{ matrix.bridge.tg.dbpass }}@db-bridge-tg/{{ matrix.bridge.tg.dbname }}
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
# the HS database.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix.bridge.tg.as_token }}"
hs_token: "{{ matrix.bridge.tg.hs_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-telegram.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
# Bridge config
bridge:
# Localpart template of MXIDs for Telegram users.
# {userid} is replaced with the user ID of the Telegram user.
username_template: "telegram_{userid}"
# Localpart template of room aliases for Telegram portal rooms.
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
alias_template: "telegram_{groupname}"
# Displayname template for Telegram users.
# {displayname} is replaced with the display name of the Telegram user.
displayname_template: "{displayname} (Telegram)"
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
# ID is used.
#
# If the bridge is working properly, a phone number or an username should always be known, but
# the other one can very well be empty.
#
# Valid keys:
# "full name" (First and/or last name)
# "full name reversed" (Last and/or first name)
# "first name"
# "last name"
# "username"
# "phone number"
displayname_preference:
- full name
- username
- phone number
# Maximum length of displayname
displayname_max_length: 100
# Remove avatars from Telegram ghost users when removed on Telegram. This is disabled by default
# as there's no way to determine whether an avatar is removed or just hidden from some users. If
# you're on a single-user instance, this should be safe to enable.
allow_avatar_remove: false
# Maximum number of members to sync per portal when starting up. Other members will be
# synced when they send messages. The maximum is 10000, after which the Telegram server
# will not send any more members.
# -1 means no limit (which means it's limited to 10000 by the server)
max_initial_member_sync: 100
# Maximum number of participants in chats to bridge. Only applies when the portal is being created.
# If there are more members when trying to create a room, the room creation will be cancelled.
# -1 means no limit (which means all chats can be bridged)
max_member_count: -1
# Whether or not to sync the member list in channels.
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
# list regardless of this setting.
sync_channel_members: true
# Whether or not to skip deleted members when syncing members.
skip_deleted_members: true
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
# their Telegram account at startup.
startup_sync: true
# Number of most recently active dialogs to check when syncing chats.
# Set to 0 to remove limit.
sync_update_limit: 0
# Number of most recently active dialogs to create portals for when syncing chats.
# Set to 0 to remove limit.
sync_create_limit: 15
# Should all chats be scheduled to be created later?
# This is best used in combination with MSC2716 infinite backfill.
sync_deferred_create_all: false
# Whether or not to sync and create portals for direct chats at startup.
sync_direct_chats: true
# The maximum number of simultaneous Telegram deletions to handle.
# A large number of simultaneous redactions could put strain on your homeserver.
max_telegram_delete: 10
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
# at startup and when creating a bridge.
sync_matrix_state: true
# Allow logging in within Matrix. If false, users can only log in using login-qr or the
# out-of-Matrix login website (see appservice.public config section)
allow_matrix_login: true
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
public_portals: false
# Whether or not to use /sync to get presence, read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{ matrix.baseurl }}: {{ matrix.authenticator.shared_secret }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request
# to resolve redirects in invite links.
invite_link_resolve: false
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10
# Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 4096x4096 = 16777216.
image_as_file_pixels: 16777216
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
# streaming from/to Matrix and using many connections for Telegram.
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
# This option uses internal Telethon implementation details and may break with minor updates.
parallel_file_transfer: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: false
# Should the bridge send all unicode reactions as custom emoji reactions to Telegram?
# By default, the bridge only uses custom emojis for unicode emojis that aren't allowed in reactions.
always_custom_emoji_reaction: true
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (gzipped lottie)
# png - converts to non-animated png (fastest),
# gif - converts to animated gif
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
# webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
target: gif
# Should video stickers be converted to the specified format as well?
convert_from_webm: false
# Arguments for converter. All converters take width and height.
args:
width: 256
height: 256
fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
# Settings for converting animated emoji.
# Same as animated_sticker, but webm is not supported as the target
# (because inline images can only contain images, not videos).
animated_emoji:
target: webp
args:
width: 64
height: 64
fps: 25
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: true
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Telegram.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# When using double puppeting, should pinned chats be moved to a specific tag in Matrix?
# The favorites tag is `m.favourite`.
pinned_tag: "m.favorite"
# Same as above for archived chats, the low priority tag is `m.lowpriority`.
archive_tag: "m.lowpriority"
# Whether or not mute status and tags should only be bridged when the portal room is created.
tag_only_on_create: true
# Should leaving the room on Matrix make the user leave on Telegram?
bridge_matrix_leave: true
# Should the user be kicked out of all portals when logging out of the bridge?
kick_on_logout: true
# Should the "* user joined Telegram" notice always be marked as read automatically?
always_read_joined_telegram_notice: true
# Should the bridge auto-create a group chat on Telegram when a ghost is invited to a room?
# Requires the user to have sufficient power level and double puppeting enabled.
create_group_on_invite: true
# Settings for backfilling messages from Telegram.
backfill:
# Allow backfilling at all?
enable: true
# Use MSC2716 for backfilling?
#
# This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
# It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
msc2716: false
# Use double puppets for backfilling?
#
# If using MSC2716, the double puppets must be in the appservice's user ID namespace
# (because the bridge can't use the double puppet access token with batch sending).
#
# Even without MSC2716, bridging old messages with correct timestamps requires the double
# puppets to be in an appservice namespace, or the server to be modified to allow
# overriding timestamps anyway.
double_puppet_backfill: false
# Whether or not to enable backfilling in normal groups.
# Normal groups have numerous technical problems in Telegram, and backfilling normal groups
# will likely cause problems if there are multiple Matrix users in the group.
normal_groups: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Telegram.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Forward backfilling limits. These apply to both MSC2716 and legacy backfill.
#
# Using a negative initial limit is not recommended, as it would try to backfill everything in a single batch.
# MSC2716 and the incremental settings are meant for backfilling everything incrementally rather than at once.
forward:
# Number of messages to backfill immediately after creating a portal.
initial_limit: 10
# Number of messages to backfill when syncing chats.
sync_limit: 100
# Settings for incremental backfill of history. These only apply when using MSC2716.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of batches to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_batches:
# Direct chats
user: -1
# Normal groups. Note that the normal_groups option above must be enabled
# for these to be backfilled.
normal_group: -1
# Supergroups
supergroup: 10
# Broadcast channels
channel: -1
# Overrides for base power levels.
initial_power_level_overrides:
user: {}
group: {}
# Whether to bridge Telegram bot messages as m.notices or m.texts.
bot_messages_as_notices: true
bridge_notices:
# Whether or not Matrix bot messages (type m.notice) should be bridged.
default: false
# List of user IDs for whom the previous flag is flipped.
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
# notices from users listed here will be bridged.
exceptions: []
# An array of possible values for the $distinguisher variable in message formats.
# Each user gets one of the values here, based on a hash of their user ID.
# If the array is empty, the $distinguisher variable will also be empty.
relay_user_distinguishers: ["\U0001F7E6", "\U0001F7E3", "\U0001F7E9", "⭕️", "\U0001F536", "⬛️", "\U0001F535", "\U0001F7E2"]
# The formats to use when sending messages to Telegram via the relay bot.
# Text msgtypes (m.text, m.notice and m.emote) support HTML, media msgtypes don't.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $distinguisher - A random string from the options in the relay_user_distinguishers array.
# $message - The message content
message_formats:
m.text: "$distinguisher <b>$sender_displayname</b>: $message"
m.notice: "$distinguisher <b>$sender_displayname</b>: $message"
m.emote: "* $distinguisher <b>$sender_displayname</b> $message"
m.file: "$distinguisher <b>$sender_displayname</b> sent a file: $message"
m.image: "$distinguisher <b>$sender_displayname</b> sent an image: $message"
m.audio: "$distinguisher <b>$sender_displayname</b> sent an audio file: $message"
m.video: "$distinguisher <b>$sender_displayname</b> sent a video: $message"
m.location: "$distinguisher <b>$sender_displayname</b> sent a location: $message"
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
# Telegram user info is available in the following variables:
# $displayname - Telegram displayname
# $username - Telegram username (may not exist)
# $mention - Telegram @username or displayname mention (depending on which exists)
emote_format: "* $mention $formatted_body"
# The formats to use when sending state events to Telegram via the relay bot.
#
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
# In name_change events, `$prev_displayname` is the previous displayname.
#
# Set format to an empty string to disable the messages for that event.
state_event_formats:
join: "$distinguisher <b>$displayname</b> joined the room."
leave: "$distinguisher <b>$displayname</b> left the room."
name_change: "$distinguisher <b>$prev_displayname</b> changed their name to $distinguisher <b>$displayname</b>"
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
# `filter-mode` management commands.
#
# Filters do not affect direct chats.
# An empty blacklist will essentially disable the filter.
filter:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tg"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Telegram bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relaybot - Only use the bridge via the relaybot, no access to commands.
# user - Relaybot level + access to commands to create bridges.
# puppeting - User level + logging in with a Telegram account.
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
# admin - Full access to use the bridge and some extra administration commands.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": "relaybot"
"{{ matrix.baseurl }}": "full"
"@tobi:{{ matrix.baseurl }}": "admin"
# Options related to the message relay Telegram bot.
relaybot:
private_chat:
# List of users to invite to the portal when someone starts a private chat with the bot.
# If empty, private chats with the bot won't create a portal.
invite: []
# Whether or not to bridge state change messages in relaybot private chats.
state_changes: true
# When private_chat_invite is empty, this message is sent to users /starting the
# relaybot. Telegram's "markdown" is supported.
message: This is a Matrix bridge relaybot and does not support direct chats
# List of users to invite to all group chat portals created by the bridge.
group_chat_invite: []
# Whether or not the relaybot should not bridge events in unbridged group chats.
# If false, portals will be created when the relaybot receives messages, just like normal
# users. This behavior is usually not desirable, as it interferes with manually bridging
# the chat to another room.
ignore_unbridged_group_chat: true
# Whether or not to allow creating portals from Telegram.
authless_portals: true
# Whether or not to allow Telegram group admins to use the bot commands.
whitelist_group_admins: true
# Whether or not to ignore incoming events sent by the relay bot.
ignore_own_incoming_events: true
# List of usernames/user IDs who are also allowed to use the bot commands.
whitelist:
- myusername
- 12345678
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix.bridge.tg.api_id }}
api_hash: {{ matrix.bridge.tg.api_hash }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: disabled
# Should the bridge request missed updates from Telegram when restarting?
catch_up: true
# Should incoming updates be handled sequentially to make sure order is preserved on Matrix?
sequential_updates: true
exit_on_update_error: false
# Telethon connection options.
connection:
# The timeout in seconds to be used when connecting.
timeout: 120
# How many times the reconnection should retry, either on the initial connection or when
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
# this is not recommended, since the program can get stuck in an infinite loop.
retries: 5
# The delay in seconds to sleep between automatic reconnections.
retry_delay: 1
# The threshold below which the library should automatically sleep on flood wait errors
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
# the error instead. Values larger than a day (86400) will be changed to a day.
flood_sleep_threshold: 60
# How many times a request should be retried. Request are retried when Telegram is having
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
# there's a migrate error. May take a negative or null value for infinite retries, but this
# is not recommended, since some requests can always trigger a call fail (such as searching
# for messages).
request_retries: 5
# Device info sent to Telegram.
device_info:
# "auto" = OS name+version.
device_model: mautrix-telegram
# "auto" = Telethon version.
system_version: auto
# "auto" = mautrix-telegram version.
app_version: auto
lang_code: en
system_lang_code: en
# Custom server to connect to.
server:
# Set to true to use these server settings. If false, will automatically
# use production server assigned by Telegram. Set to false in production.
enabled: false
# The DC ID to connect to.
dc: 2
# The IP to connect to.
ip: 149.154.167.40
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
port: 80
# Telethon proxy configuration.
# You must install PySocks from pip for proxies to work.
proxy:
# Allowed types: disabled, socks4, socks5, http, mtproxy
type: disabled
# Proxy IP address and port.
address: 127.0.0.1
port: 1080
# Whether or not to perform DNS resolving remotely. Only for socks/http proxies.
rdns: true
# Proxy authentication (optional). Put MTProxy secret in password field.
username: ""
password: ""
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_telegram.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
telethon:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

31
ansible/plays/services/matrix/mautrix-telegram/registration.yaml Normal file
View File

@ -0,0 +1,31 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
31303639303562306630323132376333316332636534613834326662396237396634313233646364
6335353833616135373439633136356339333737363437660a316634366334376339656466646437
39323131363163393931356331306434613035626239356631303032646664303838386635613930
6232663031663765370a653936623761313937383233313739313166353335346465363265613762
35643335646637343534373966626632336363646231353732643831346563356464386133393166
32613134656431656561316335656463653462656166373433386633666338633132663032633461
66376265633233323662313930323737316166613262383434626264353462386236636139383835
33613830316361373434623435376162653930616631323764653539306235363530326165353037
32303432356630376363613839313831363537363735613833306163616130336631386337366234
33373633306161653163333635366637313266346634656633376237346566663461353962376239
34386237373565313362383532363931333337366336316363663734343333386663653466396139
36633735356561346531376337346635383666376635346361333162376339333839306632666562
63363761623136643031653030666437306361396232383738366533396561373932323563363566
38306333393662333634613139643930626664666139363039333735363538396339373634356365
66633637316432323762353964313237396338613834336532636164333564363839353061336636
63316163626334353231386463313535313866336431613234353533636533343662653933393132
37353065333431366662363530333863646131313737336538396332396238656239366531366337
63633563636531616664313930626266323266613466656636636361653731623666636333666164
39356535363939653232326633383837666262643834326137646363393935613132366663396364
30666266366163316563613665356535633766626335343762333765643837373034646633336432
64373366313962333563336535346436346536386633343366336535363236306338343832373763
36663663353533383939323234333535316162303033313833616533373237613335303662393032
66316163343938383330663133613333346535393264636264366533343938653730316163366363
66373866316264656361613935383334323133636164366630333264343931663461333138656131
31353631393336323166663765613461356437306234653263393030316564363431353566316531
35336665633133386134656361323063303531336263643764353666636364343537363136666632
66333033373766336230393131343434666536653061353032663264636565636361336138653931
34303233613637633165303431626361623132363530666238386336383463656136383965343563
63616131376239356163353464333864363164363666646435353038323565386536326639366565
3134646366666134646665366533396466366233343666613761

122
ansible/plays/services/matrix/synapse-config/homeserver.yaml Normal file
View File

@ -0,0 +1,122 @@
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "{{ matrix.baseurl }}"
pid_file: /data/homeserver.pid
enable_metrics: true
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
- port: 9091
tls: false
type: metrics
database:
name: psycopg2
args:
user: {{ matrix.db.user }}
password: {{ matrix.db.password }}
database: {{ matrix.db.database }}
host: db
cp_min: 5
cp_max: 10
log_config: "/config/tobiasmanske.de.log.config"
media_store_path: /data/media_store
report_stats: true
macaroon_secret_key: "{{ matrix.secrets.macaroon }}"
form_secret: "{{ matrix.secrets.form }}"
signing_key_path: "/config/tobiasmanske.de.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
oidc_providers:
- idp_id: keycloak
idp_name: "KeyCloak"
issuer: "{{ matrix.oidc.issuer }}"
client_id: "{{ matrix.oidc.client_id }}"
client_secret: "{{ matrix.oidc.client_secret }}"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
{% raw %}
localpart_template: "{{ user.mx_localpart }}"
display_name_template: "{{ user.name }}"
{% endraw %}
backchannel_logout_enabled: true # Optional
enable_registration: true
registration_requires_token: true
registration_shared_secret: "{{ matrix.secrets.registration }}"
password_config:
enabled: true
redis:
enabled: true
host: redis
port: 6379
app_service_config_files:
- /data/reg-mautrix-tg.yaml
- /data/reg-mautrix-slack.yaml
- /data/reg-mautrix-signal.yaml
rc_message:
per_second: 100
burst_count: 100
rc_joins:
local:
per_second: 100
burst_count: 100
server_notices:
system_mxid_localpart: "server"
system_mxid_display_name: "Server Notices"
system_mxid_avatar_url: "mxc://unruhig.eu/khyOCChmyYSOsIFIbUWGGEWq"
room_name: "Server Notices"
modules:
- module: shared_secret_authenticator.SharedSecretAuthProvider
config:
shared_secret: "{{ matrix.authenticator.shared_secret }}"
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
# Below, we explicitly enable support for the old `m.login.password` login type,
# which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software.
# If you don't need such legacy support, consider setting this to `false` or omitting it entirely.
m_login_password_support_enabled: true
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
# Advertising support for such an authentication type causes a problem with Element, however.
# See: https://github.com/vector-im/element-web/issues/19605
#
# Uncomment the line below to disable `com.devture.shared_secret_auth` support.
# You will then need to:
# - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type
# - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests
# com_devture_shared_secret_auth_support_enabled: false
media_storage_providers:
- module: s3_storage_provider.S3StorageProviderBackend
store_local: True
store_remote: True
store_synchronous: True
config:
bucket: "{{ matrix.storage.s3.bucket }}"
# All of the below options are optional, for use with non-AWS S3-like
# services, or to specify access tokens here instead of some external method.
endpoint_url: "{{ matrix.storage.s3.endpoint_url }}"
access_key_id: "{{ matrix.storage.s3.access_key_id }}"
secret_access_key: "{{ matrix.storage.s3.secret_access_key }}"
# vim:ft=yaml

32
ansible/plays/services/matrix/synapse-config/tobiasmanske.de.log.config Normal file
View File

@ -0,0 +1,32 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: WARNING
handlers: [console]
disable_existing_loggers: false

8
ansible/plays/services/matrix/synapse-config/tobiasmanske.de.signing.key Normal file
View File

@ -0,0 +1,8 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
64326434386632376335333966336365333663393130323464333266383639383264616662623333
6437306539633766376336663263393038306162333234340a383237386331636366616266316265
39626638623562623835633035643231656263653437346266333264643830323062353930356462
3936633165633434320a656463656536383539346138383630343137383861613538323735393131
61383237626533316433633866396434663230633239396661333831653531363732646561656164
35353264613364613832653536333632356132666434616134316339383934616264323261366366
633838383264646531663039343639383036

1
ansible/plays/services/maubot/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=maubot

11
ansible/plays/services/maubot/docker-compose.yaml Normal file
View File

@ -0,0 +1,11 @@
services:
maubot:
image: dock.mau.dev/maubot/maubot:latest
restart: unless-stopped
ports:
- "{{ maubot.port }}:29316"
volumes:
- data:/data:z
volumes:
data:

1
ansible/plays/services/miniflux/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=miniflux

66
ansible/plays/services/miniflux/docker-compose.yaml Normal file
View File

@ -0,0 +1,66 @@
---
version: '3'
services:
miniflux:
image: miniflux/miniflux:latest
restart: unless-stopped
depends_on:
db:
condition: service_healthy
environment:
- FETCH_YOUTUBE_WATCH_TIME=1
- DATABASE_URL=postgres://{{ miniflux.db.user }}:{{ miniflux.db.password }}@db/{{ miniflux.db.name }}?sslmode=disable
- RUN_MIGRATIONS=1
- CREATE_ADMIN=1
- ADMIN_USERNAME={{ miniflux.admin.user }}
- ADMIN_PASSWORD={{ miniflux.admin.password }}
- BASE_URL=https://rss.tobiasmanske.de
- CLEANUP_ARCHIVE_READ_DAYS=-1
- OAUTH2_CLIENT_ID={{ miniflux.oauth.client_id }}
- OAUTH2_CLIENT_SECRET={{ miniflux.oauth.client_secret }}
- OAUTH2_OIDC_DISCOVERY_ENDPOINT={{ miniflux.oauth.discovery_endpoint }}
- OAUTH2_PROVIDER=oidc
- OAUTH2_REDIRECT_URL={{ miniflux.oauth.redirect_url }}
- OAUTH2_USER_CREATION=1
- METRICS_COLLECTOR=1
- METRICS_ALLOWED_NETWORKS=0.0.0.0/0
labels:
- "traefik.enable=true"
- "traefik.http.routers.miniflux.rule=Host(`rss.tobiasmanske.de`)"
- "traefik.http.routers.miniflux.entryPoints=websecure"
- "traefik.http.routers.miniflux.middlewares=deny-metrics@file"
- "traefik.http.services.miniflux.loadbalancer.server.port=8080"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- backend
- pantalaimon
- default
- metrics
db:
image: postgres:13
restart: unless-stopped
environment:
- POSTGRES_USER={{ miniflux.db.user }}
- POSTGRES_PASSWORD={{ miniflux.db.password }}
volumes:
- database:/var/lib/postgresql/data
healthcheck:
test: ["CMD", "pg_isready", "-U", "miniflux"]
interval: 10s
start_period: 30s
networks:
- backend
volumes:
database:
networks:
backend:
internal: true
pantalaimon:
external: true
metrics:
external: true
...

3
ansible/plays/services/minio/.env Normal file
View File

@ -0,0 +1,3 @@
COMPOSE_PROJECT_NAME=minio
MINIO_URL=s3.tobiasmanske.de
DASHBOARD_URL=minio.tobiasmanske.de

39
ansible/plays/services/minio/docker-compose.yaml Normal file
View File

@ -0,0 +1,39 @@
---
version: "3.9"
services:
minio:
image: minio/minio:latest
restart: always
ulimits:
nofile:
soft: 4096
hard: 16000
environment:
- "MINIO_ROOT_USER={{ minio.user | mandatory }}"
- "MINIO_ROOT_PASSWORD={{ minio.password | mandatory }}"
- "MINIO_SERVER_URL=https://${MINIO_URL}"
- "MINIO_BROWSER_REDIRECT_URL=https://${DASHBOARD_URL}"
volumes:
- data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio.rule=Host(`${MINIO_URL}`)||Host(`s3.unruhig.eu`)"
- "traefik.http.routers.minio.entryPoints=websecure"
- "traefik.http.services.minio.loadbalancer.server.port=9000"
- "traefik.http.routers.minio.service=minio"
- "traefik.http.routers.minio-dashboard.rule=Host(`${DASHBOARD_URL}`)"
- "traefik.http.routers.minio-dashboard.entryPoints=websecure"
- "traefik.http.services.minio-dashboard.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-dashboard.service=minio-dashboard"
command: "server /data --console-address ':9001' --anonymous"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
volumes:
data:
...

1
ansible/plays/services/pantalaimon/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=pentalaimon

23
ansible/plays/services/pantalaimon/docker-compose.yaml Normal file
View File

@ -0,0 +1,23 @@
---
services:
pantalaimon:
image: matrixdotorg/pantalaimon:latest
container_name: pantalaimon
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
volumes:
- pantalaimon_data:/data
- ./pantalaimon.conf:/data/pantalaimon.conf:ro,Z
restart: always
networks:
- pantalaimon
volumes:
pantalaimon_data:
networks:
pantalaimon:
name: pantalaimon
internal: false
...

7
ansible/plays/services/pantalaimon/pantalaimon.conf Normal file
View File

@ -0,0 +1,7 @@
[unruhigeu]
Homeserver = https://unruhig.eu
ListenAddress = 0.0.0.0
ListenPort = 8008
SSL = True
UseKeyring = False
IgnoreVerification = True

1
ansible/plays/services/prometheus/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=prometheus

50
ansible/plays/services/prometheus/alertmanager.yml Normal file
View File

@ -0,0 +1,50 @@
global:
resolve_timeout: 5m
route:
group_by: ['alertname']
group_wait: 5s
group_interval: 5m
repeat_interval: 1h
receiver: 'matrix-monitoring'
routes:
- receiver: 'hcio'
repeat_interval: 1h
matchers:
- alertname="PrometheusAlertmanagerE2eDeadManSwitch"
- receiver: 'email'
group_interval: 1m
matchers:
- job="matrix_synapse_1"
- receiver: 'matrix-monitoring'
group_wait: 30s
group_interval: 1h
matchers:
- alertname="PrometheusAllTargetsMissing"
- receiver: 'matrix-monitoring'
group_wait: 30s
group_interval: 1h
matchers:
- alertname="PrometheusTargetMissing"
receivers:
- name: 'email'
email_configs:
- to: '{{ prometheus.alertmanager.smtp.target }}'
from: '"Alertmanager" <{{ prometheus.alertmanager.smtp.username }}>'
smarthost: 'mxe8cf.netcup.net:587'
auth_username: '{{ prometheus.alertmanager.smtp.username }}'
auth_identity: '{{ prometheus.alertmanager.smtp.username }}'
auth_password: '{{ prometheus.alertmanager.smtp.password }}'
- name: 'hcio'
email_configs:
- to: '{{ prometheus.alertmanager.hcio.mail }}'
from: '"Alertmanager" <{{ prometheus.alertmanager.smtp.username }}>'
smarthost: 'mxe8cf.netcup.net:587'
auth_username: '{{ prometheus.alertmanager.smtp.username }}'
auth_identity: '{{ prometheus.alertmanager.smtp.username }}'
auth_password: '{{ prometheus.alertmanager.smtp.password }}'
- name: 'matrix-monitoring'
webhook_configs:
- url: 'http://alertmanager-matrix:3000/alerts?secret={{ prometheus.alertmanager.matrix.alertmanager_token }}'

223
ansible/plays/services/prometheus/docker-compose.yaml Normal file
View File

@ -0,0 +1,223 @@
version: "3.4"
services:
prometheus:
image: prom/prometheus:latest
restart: unless-stopped
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--web.external-url=https://prometheus.tobiasmanske.de'
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro,Z
- prom_data:/prometheus
- label_discovery:/label_discovery:ro
- ./rules:/rules:ro,Z
labels:
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.tobiasmanske.de`)"
- "traefik.http.routers.prometheus.entryPoints=websecure"
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
- "traefik.http.routers.prometheus.middlewares=oauth@file"
depends_on:
- prometheus-docker-sd
- cadvisor
- node-exporter
networks:
- backend
- alertmanager
- metrics
prometheus-docker-sd:
image: registry.tobiasmanske.de/prometheus-docker-sd:latest
restart: unless-stopped
privileged: true
networks:
- backend
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro,Z
- label_discovery:/prometheus-docker-sd:rw
logging: # this service generates a HUGE amout of logs.
driver: "none"
alertmanager:
image: prom/alertmanager:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)"
- "traefik.http.routers.alertmanager.entryPoints=websecure"
- "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
- "traefik.http.routers.alertmanager.middlewares=oauth@file"
volumes:
- ./alertmanager.yml:/etc/alertmanager/config.yml:ro,Z
- alertmanager_data:/data
networks:
- alertmanager
restart: unless-stopped
command:
- '--config.file=/etc/alertmanager/config.yml'
- '--web.external-url=https://alertmanager.tobiasmanske.de'
- '--storage.path=/data'
alertmanager-matrix:
image: jaywink/matrix-alertmanager:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)"
- "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip"
- "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix"
- "traefik.http.middlewares.matrix-strip.stripprefix.forceslash=false"
- "traefik.http.routers.alertmanager-matrix.entryPoints=websecure"
- "traefik.http.services.alertmanager-matrix.loadbalancer.server.port=3000"
environment:
- APP_PORT=3000
- APP_ALERTMANAGER_SECRET={{ prometheus.alertmanager.matrix.alertmanager_token }}
- MATRIX_HOMESERVER_URL=http://pantalaimon:8008
- MATRIX_ROOMS={{ prometheus.alertmanager.matrix.rooms | join('|') }}
- MATRIX_TOKEN={{ prometheus.alertmanager.matrix.matrix_token }}
- MATRIX_USER=@alertmanager:{{ matrix.baseurl }}
- MENTION_ROOM=1
networks:
- alertmanager
- pantalaimon
grafana:
image: grafana/grafana:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
networks:
- backend
environment:
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
- "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
- "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
- "GF_AUTH_GENERIC_OAUTH_NAME=Keycloak"
- "GF_AUTH_GENERIC_OAUTH_ENABLED=true"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana.oidc.client_id }}"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana.oidc.client_secret }}"
- "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles"
- "GF_AUTH_GENERIC_OAUTH_GROUP_ATTRIBUTE_PATH=groups"
- "GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email"
- "GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username"
- "GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name"
- "GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/auth"
- "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/token"
- "GF_AUTH_GENERIC_OAUTH_API_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/userinfo"
- "GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(resource_access.grafana.roles[*], 'serveradmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || 'Viewer'"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true"
volumes:
- grafana_data:/var/lib/grafana
- ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z
- ./grafana-db.yml:/etc/grafana/provisioning/dashboards/datasource.yml:ro,Z
- ./grafana-dashboards:/var/lib/grafana/dashboards:ro,Z
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: host-nc-chaoswg-org-node-exporter
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9100"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
- /run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.ignored-mount-points'
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- '--collector.systemd'
networks:
- metrics
restart: unless-stopped
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
command:
- "-docker_only=true"
- "-housekeeping_interval=10s"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
- metrics
restart: unless-stopped
loki:
image: grafana/loki:latest
restart: unless-stopped
command: -config.file=/etc/loki/loki.yaml
volumes:
- ./loki.yml:/etc/loki/loki.yaml:ro,Z
- loki_data:/loki
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=3100"
networks:
- backend
promtail:
image: grafana/promtail:latest
security_opt:
- label:disable
restart: unless-stopped
volumes:
- ./promtail.yml:/etc/promtail/config.yml:ro
- /var/log:/var/log:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- backend
- metrics
mimir:
image: grafana/mimir:latest
restart: unless-stopped
volumes:
- mimir_data:/mimir
- ./mimir.yml:/etc/mimir-config/mimir.yaml:ro,Z
entrypoint:
- /bin/mimir
- -config.file=/etc/mimir-config/mimir.yaml
- -validation.max-label-names-per-series=60
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- backend
- metrics
volumes:
prom_data:
grafana_data:
loki_data:
label_discovery:
alertmanager_data:
mimir_data:
networks:
pantalaimon:
external: true
backend:
internal: true
alertmanager:
metrics:
external: true

1313
ansible/plays/services/prometheus/grafana-dashboards/cadvisor.json Normal file
View File

File diff suppressed because it is too large Load Diff

602
ansible/plays/services/prometheus/grafana-dashboards/droneci.json Normal file
View File

@ -0,0 +1,602 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.0.3"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "stat",
"name": "Stat",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "Dashboard for Drone CI",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 16720,
"graphTooltip": 2,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 0,
"y": 0
},
"id": 2,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"expr": "sum(drone_build_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Total Builds",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 4,
"y": 0
},
"id": 4,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"expr": "sum(drone_repo_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Activated Repos",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 8,
"y": 0
},
"id": 7,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_user_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"range": true,
"refId": "A"
}
],
"title": "Total Users",
"type": "stat"
},
{
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 4
},
"id": 10,
"title": "Metrics",
"type": "row"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"decimals": 0,
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 5
},
"id": 6,
"links": [],
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "9.0.7",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_running_builds) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "running builds",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_pending_builds) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "pending builds",
"range": true,
"refId": "B"
}
],
"title": "Builds",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"decimals": 0,
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 5
},
"id": 8,
"links": [],
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "9.0.7",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_running_jobs) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "running jobs",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_pending_jobs) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "pending jobs",
"range": true,
"refId": "B"
}
],
"title": "Jobs",
"type": "timeseries"
}
],
"refresh": "1m",
"schemaVersion": 38,
"style": "dark",
"tags": [
"drone",
"drone-ci",
"ci/cd"
],
"templating": {
"list": [
{
"current": {
"selected": true,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"label": "datasource",
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-12h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Drone CI",
"uid": "IT4-bnNik",
"version": 2,
"weekStart": ""
}
{% endraw %}

4506
ansible/plays/services/prometheus/grafana-dashboards/hedgedoc.json Normal file
View File

File diff suppressed because it is too large Load Diff

440
ansible/plays/services/prometheus/grafana-dashboards/kuma.json Normal file
View File

@ -0,0 +1,440 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.0.3"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "stat",
"name": "Stat",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "A dashboard to show the data from the excellent Uptime Kuma project!",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 14847,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 0,
"text": "DOWN"
},
"1": {
"color": "green",
"index": 1,
"text": "UP"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 17,
"w": 24,
"x": 0,
"y": 0
},
"id": 4,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_status ",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "Site Status",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "red",
"value": null
},
{
"color": "#EAB839",
"value": 30
},
{
"color": "green",
"value": 60
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 13,
"x": 0,
"y": 17
},
"id": 6,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_cert_days_remaining",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "TLS Certificate Remaining Days",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 0,
"text": "EXPIRED"
},
"1": {
"color": "green",
"index": 1,
"text": "VALID"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "red",
"value": null
},
{
"color": "green",
"value": 1
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 11,
"x": 13,
"y": 17
},
"id": 5,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_cert_is_valid",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "TLS Certificate Status",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "ms"
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 26
},
"id": 2,
"options": {
"legend": {
"calcs": [
"max",
"min",
"lastNotNull"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "sum(monitor_response_time{}) by (monitor_name)",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "Response Times",
"type": "timeseries"
}
],
"refresh": "30s",
"revision": 1,
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Uptime Kuma",
"uid": "CN8E-vZ7k",
"version": 4,
"weekStart": ""
}
{% endraw %}

1565
ansible/plays/services/prometheus/grafana-dashboards/miniflux.json Normal file
View File

File diff suppressed because it is too large Load Diff

3214
ansible/plays/services/prometheus/grafana-dashboards/minio.json Normal file
View File

File diff suppressed because it is too large Load Diff

1598
ansible/plays/services/prometheus/grafana-dashboards/prometheus-stats.json Normal file
View File

File diff suppressed because it is too large Load Diff

12765
ansible/plays/services/prometheus/grafana-dashboards/synapse.json Normal file
View File

File diff suppressed because it is too large Load Diff

1445
ansible/plays/services/prometheus/grafana-dashboards/traefik2.json Normal file
View File

File diff suppressed because it is too large Load Diff

12
ansible/plays/services/prometheus/grafana-db.yml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: 1
providers:
- name: "Dashboard provider"
orgId: 1
type: file
disableDeletion: false
updateIntervalSeconds: 10
allowUiUpdates: true
options:
path: /var/lib/grafana/dashboards
foldersFromFilesStructure: true

28
ansible/plays/services/prometheus/grafana-ds.yml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: http://prometheus:9090
isDefault: true
access: proxy
editable: true
- name: Mimir Netcup
type: prometheus
jsonData:
httpHeaderName1: "X-Scope-OrgID"
secureJsonData:
httpHeaderValue1: "host-nc-chaoswg-org"
url: http://mimir:8080/prometheus
isDefault: false
access: proxy
editable: true
- name: Loki
type: loki
access: proxy
orgId: 1
url: http://loki:3100
basicAuth: false
isDefault: false
version: 1
editable: true

51
ansible/plays/services/prometheus/loki.yml Normal file
View File

@ -0,0 +1,51 @@
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
query_range:
results_cache:
cache:
embedded_cache:
enabled: true
max_size_mb: 100
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: aws
schema: v11
index:
prefix: index_
period: 24h
common:
path_prefix: /loki
storage:
s3:
endpoint: s3.tobiasmanske.de
bucketnames: loki-data
access_key_id: "{{ loki.s3.access_key }}"
secret_access_key: "{{ loki.s3.secret_key }}"
s3forcepathstyle: true
replication_factor: 1
ring:
kvstore:
store: inmemory
compactor:
working_directory: /loki/compactor
shared_store: s3
storage_config:
boltdb_shipper:
active_index_directory: /loki/active
cache_location: /loki/cache
cache_ttl: 24h
resync_interval: 5s
shared_store: s3
aws:
s3: "s3://{{ loki.s3.access_key }}:{{ loki.s3.secret_key }}@s3.tobiasmanske.de.:443/loki-data"
s3forcepathstyle: true

47
ansible/plays/services/prometheus/mimir.yml Normal file
View File

@ -0,0 +1,47 @@
# Do not use this configuration in production.
# It is for demonstration purposes only.
# Run Mimir in single process mode, with all components running in 1 process.
target: all
# ,alertmanager,overrides-exporter
# Configure Mimir to use Minio as object storage backend.
common:
storage:
backend: s3
s3:
endpoint: s3.tobiasmanske.de
access_key_id: "{{ mimir.s3.access_key }}"
secret_access_key: "{{ mimir.s3.secret_key }}"
bucket_name: mimir
# Blocks storage requires a prefix when using a common object storage bucket.
blocks_storage:
s3:
bucket_name: mimir-blocks
tsdb:
dir: /mimir/tsdb
flush_blocks_on_shutdown: true
ingester:
ring:
replication_factor: 1
store_gateway:
sharding_ring:
replication_factor: 1
# ruler:
# rule_path: /data/ruler
# alertmanager_url: http://127.0.0.1:8080/alertmanager
# ring:
# # Quickly detect unhealthy rulers to speed up the tutorial.
# heartbeat_period: 2s
# heartbeat_timeout: 10s
#
# alertmanager:
# data_dir: /data/alertmanager
# fallback_config_file: /etc/alertmanager-fallback-config.yaml
# external_url: http://localhost:9009/alertmanager
server:
log_level: warn

58
ansible/plays/services/prometheus/prometheus.yml Normal file
View File

@ -0,0 +1,58 @@
global:
scrape_interval: 15s
scrape_timeout: 10s
evaluation_interval: 15s
alerting:
alertmanagers:
- scheme: http
static_configs:
- targets: [ 'alertmanager:9093' ]
- static_configs:
- targets: []
scheme: http
timeout: 10s
api_version: v1
rule_files:
- "/rules/*.yaml"
scrape_configs:
- job_name: prometheus
honor_timestamps: true
scrape_interval: 15s
scrape_timeout: 10s
metrics_path: /metrics
scheme: http
static_configs:
- targets:
- localhost:9090
- job_name: 'service_discovery'
metric_relabel_configs:
- source_labels:
- "container_name"
target_label: "instance"
action: replace
file_sd_configs:
- files:
- /label_discovery/docker-targets.json
- job_name: minio-job
bearer_token: "{{ prometheus.scrape.s3.bearer_token }}"
metrics_path: /minio/v2/metrics/cluster
scheme: https
static_configs:
- targets: [s3.tobiasmanske.de]
- job_name: drone-job
bearer_token: "{{ prometheus.scrape.drone.bearer_token }}"
scheme: https
static_configs:
- targets: [drone.tobiasmanske.de]
- job_name: 'uptime-kuma-job'
scrape_interval: 30s
scheme: https
static_configs:
- targets: [status.tobiasmanske.de]
basic_auth:
username: "{{ prometheus.scrape.kuma.user }}"
password: "{{ prometheus.scrape.kuma.password }}"
remote_write:
- url: http://mimir:8080/api/v1/push
headers:
X-Scope-OrgID: host-nc-chaoswg-org

24
ansible/plays/services/prometheus/promtail.yml Normal file
View File

@ -0,0 +1,24 @@
positions:
filename: /positions.yaml
server:
http_listen_port: 8080
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
- job_name: flog_scrape
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
# filters:
# - name: label
# values: ["logging=promtail"]
relabel_configs:
- source_labels: ['__meta_docker_container_name']
regex: '/(.*)'
target_label: 'container'
- source_labels: ['__meta_docker_container_log_stream']
target_label: 'logstream'
- source_labels: ['__meta_docker_container_label_logging_jobname']
target_label: 'job'

54
ansible/plays/services/prometheus/rules/cadvisor.yaml Normal file
View File

@ -0,0 +1,54 @@
# {% raw %}
groups:
- name: GoogleCadvisor
rules:
# - alert: ContainerKilled
# expr: 'time() - container_last_seen > 60'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Container killed (instance {{ $labels.instance }})
# description: "A container has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: ContainerAbsent
# expr: 'absent(container_last_seen)'
# for: 5m
# labels:
# severity: warning
# annotations:
# summary: Container absent (instance {{ $labels.instance }})
# description: "A container is absent for 5 min\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerCpuUsage
expr: '(sum(rate(container_cpu_usage_seconds_total{name!=""}[3m])) BY (instance, name) * 100) > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Container CPU usage (instance {{ $labels.instance }})
description: "Container CPU usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerMemoryUsage
expr: '(sum(container_memory_working_set_bytes{name!=""}) BY (instance, name) / sum(container_spec_memory_limit_bytes > 0) BY (instance, name) * 100) > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Container Memory usage (instance {{ $labels.instance }})
description: "Container Memory usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: ContainerVolumeUsage
# expr: '(1 - (sum(container_fs_inodes_free{name!=""}) BY (instance) / sum(container_fs_inodes_total) BY (instance))) * 100 > 80'
# for: 2m
# labels:
# severity: warning
# annotations:
# summary: Container Volume usage (instance {{ $labels.instance }})
# description: "Container Volume usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerHighThrottleRate
expr: 'rate(container_cpu_cfs_throttled_seconds_total[3m]) > 1'
for: 2m
labels:
severity: warning
annotations:
summary: Container high throttle rate (instance {{ $labels.instance }})
description: "Container is being throttled\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

303
ansible/plays/services/prometheus/rules/node.yaml Normal file
View File

@ -0,0 +1,303 @@
# {% raw %}
groups:
- name: NodeExporter
rules:
- alert: HostOutOfMemory
expr: 'node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of memory (instance {{ $labels.instance }})
description: "Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostMemoryUnderMemoryPressure
expr: 'rate(node_vmstat_pgmajfault[1m]) > 1000'
for: 2m
labels:
severity: warning
annotations:
summary: Host memory under memory pressure (instance {{ $labels.instance }})
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostMemoryIsUnderUtilized
# expr: '100 - (rate(node_memory_MemAvailable_bytes[30m]) / node_memory_MemTotal_bytes * 100) < 20'
# for: 1w
# labels:
# severity: info
# annotations:
# summary: Host Memory is under utilized (instance {{ $labels.instance }})
# description: "Node memory is < 20% for 1 week. Consider reducing memory space.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualNetworkThroughputIn
expr: 'sum by (instance) (rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput in (instance {{ $labels.instance }})
description: "Host network interfaces are probably receiving too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualNetworkThroughputOut
expr: 'sum by (instance) (rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput out (instance {{ $labels.instance }})
description: "Host network interfaces are probably sending too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadRate
expr: 'sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk read rate (instance {{ $labels.instance }})
description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteRate
expr: 'sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk write rate (instance {{ $labels.instance }})
description: "Disk is probably writing too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOutOfDiskSpace
expr: '(node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of disk space (instance {{ $labels.instance }})
description: "Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostDiskWillFillIn24Hours
expr: '(node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOutOfInodes
expr: 'node_filesystem_files_free / node_filesystem_files * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of inodes (instance {{ $labels.instance }})
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostInodesWillFillIn24Hours
expr: 'node_filesystem_files_free / node_filesystem_files * 100 < 10 and predict_linear(node_filesystem_files_free[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadLatency
expr: 'rate(node_disk_read_time_seconds_total[1m]) / rate(node_disk_reads_completed_total[1m]) > 0.1 and rate(node_disk_reads_completed_total[1m]) > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk read latency (instance {{ $labels.instance }})
description: "Disk latency is growing (read operations > 100ms)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteLatency
expr: 'rate(node_disk_write_time_seconds_total[1m]) / rate(node_disk_writes_completed_total[1m]) > 0.1 and rate(node_disk_writes_completed_total[1m]) > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk write latency (instance {{ $labels.instance }})
description: "Disk latency is growing (write operations > 100ms)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostHighCpuLoad
expr: '(100 - (avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[2m])) * 100)) > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Host high CPU load (instance {{ $labels.instance }})
description: "CPU load is > 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostCpuIsUnderUtilized
# expr: '100 - (rate(node_cpu_seconds_total{mode="idle"}[30m]) * 100) < 20'
# for: 1w
# labels:
# severity: info
# annotations:
# summary: Host CPU is under utilized (instance {{ $labels.instance }})
# description: "CPU load is < 20% for 1 week. Consider reducing the number of CPUs.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostCpuStealNoisyNeighbor
expr: 'avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10'
for: 0m
labels:
severity: warning
annotations:
summary: Host CPU steal noisy neighbor (instance {{ $labels.instance }})
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostCpuHighIowait
expr: 'avg by (instance) (rate(node_cpu_seconds_total{mode="iowait"}[5m])) * 100 > 15'
for: 0m
labels:
severity: warning
annotations:
summary: Host CPU high iowait (instance {{ $labels.instance }})
description: "CPU iowait > 15%. A high iowait means that you are disk or network bound.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskIo
expr: 'rate(node_disk_io_time_seconds_total[1m]) > 0.5'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk IO (instance {{ $labels.instance }})
description: "Time spent in IO is too high on {{ $labels.instance }}. Check storage for issues.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostContextSwitching
# expr: '(rate(node_context_switches_total[5m])) / (count without(cpu, mode) (node_cpu_seconds_total{mode="idle"})) > 1000'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Host context switching (instance {{ $labels.instance }})
# description: "Context switching is growing on node (> 1000 / s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostSwapIsFillingUp
expr: '(1 - (node_memory_SwapFree_bytes / node_memory_SwapTotal_bytes)) * 100 > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Host swap is filling up (instance {{ $labels.instance }})
description: "Swap is filling up (>80%)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostSystemdServiceCrashed
expr: 'node_systemd_unit_state{state="failed"} == 1'
for: 0m
labels:
severity: warning
annotations:
summary: Host systemd service crashed (instance {{ $labels.instance }})
description: "systemd service crashed\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostPhysicalComponentTooHot
expr: 'node_hwmon_temp_celsius * ignoring(label) group_left(instance, job, node, sensor) node_hwmon_sensor_label{label!="tctl"} > 75'
for: 5m
labels:
severity: warning
annotations:
summary: Host physical component too hot (instance {{ $labels.instance }})
description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNodeOvertemperatureAlarm
expr: 'node_hwmon_temp_crit_alarm_celsius == 1'
for: 0m
labels:
severity: critical
annotations:
summary: Host node overtemperature alarm (instance {{ $labels.instance }})
description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRaidArrayGotInactive
expr: 'node_md_state{state="inactive"} > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Host RAID array got inactive (instance {{ $labels.instance }})
description: "RAID array {{ $labels.device }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRaidDiskFailure
expr: 'node_md_disks{state="failed"} > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host RAID disk failure (instance {{ $labels.instance }})
description: "At least one device in RAID array on {{ $labels.instance }} failed. Array {{ $labels.md_device }} needs attention and possibly a disk swap\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostKernelVersionDeviations
expr: 'count(sum(label_replace(node_uname_info, "kernel", "$1", "release", "([0-9]+.[0-9]+.[0-9]+).*")) by (kernel)) > 1'
for: 6h
labels:
severity: warning
annotations:
summary: Host kernel version deviations (instance {{ $labels.instance }})
description: "Different kernel versions are running\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOomKillDetected
expr: 'increase(node_vmstat_oom_kill[1m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Host OOM kill detected (instance {{ $labels.instance }})
description: "OOM kill detected\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostEdacCorrectableErrorsDetected
expr: 'increase(node_edac_correctable_errors_total[1m]) > 0'
for: 0m
labels:
severity: info
annotations:
summary: Host EDAC Correctable Errors detected (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} has had {{ printf \"%.0f\" $value }} correctable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostEdacUncorrectableErrorsDetected
expr: 'node_edac_uncorrectable_errors_total > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Host EDAC Uncorrectable Errors detected (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} has had {{ printf \"%.0f\" $value }} uncorrectable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkReceiveErrors
expr: 'rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Receive Errors (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf \"%.0f\" $value }} receive errors in the last two minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkTransmitErrors
expr: 'rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Transmit Errors (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf \"%.0f\" $value }} transmit errors in the last two minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkInterfaceSaturated
expr: '(rate(node_network_receive_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m]) + rate(node_network_transmit_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m])) / node_network_speed_bytes{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"} > 0.8 < 10000'
for: 1m
labels:
severity: warning
annotations:
summary: Host Network Interface Saturated (instance {{ $labels.instance }})
description: "The network interface \"{{ $labels.device }}\" on \"{{ $labels.instance }}\" is getting overloaded.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkBondDegraded
expr: '(node_bonding_active - node_bonding_slaves) != 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Bond Degraded (instance {{ $labels.instance }})
description: "Bond \"{{ $labels.device }}\" degraded on \"{{ $labels.instance }}\".\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostConntrackLimit
expr: 'node_nf_conntrack_entries / node_nf_conntrack_entries_limit > 0.8'
for: 5m
labels:
severity: warning
annotations:
summary: Host conntrack limit (instance {{ $labels.instance }})
description: "The number of conntrack is approaching limit\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostClockSkew
expr: '(node_timex_offset_seconds > 0.05 and deriv(node_timex_offset_seconds[5m]) >= 0) or (node_timex_offset_seconds < -0.05 and deriv(node_timex_offset_seconds[5m]) <= 0)'
for: 2m
labels:
severity: warning
annotations:
summary: Host clock skew (instance {{ $labels.instance }})
description: "Clock skew detected. Clock is out of sync. Ensure NTP is configured correctly on this host.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostClockNotSynchronising
expr: 'min_over_time(node_timex_sync_status[1m]) == 0 and node_timex_maxerror_seconds >= 16'
for: 2m
labels:
severity: warning
annotations:
summary: Host clock not synchronising (instance {{ $labels.instance }})
description: "Clock not synchronising. Ensure NTP is configured on this host.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRequiresReboot
expr: 'node_reboot_required > 0'
for: 4h
labels:
severity: info
annotations:
summary: Host requires reboot (instance {{ $labels.instance }})
description: "{{ $labels.instance }} requires a reboot.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

231
ansible/plays/services/prometheus/rules/prometheus.yaml Normal file
View File

@ -0,0 +1,231 @@
# {% raw %}
groups:
- name: EmbeddedExporter
rules:
- alert: PrometheusJobMissing
expr: 'absent(up{job="prometheus"})'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus job missing (instance {{ $labels.instance }})
description: "A Prometheus job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetMissing
expr: 'up == 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus target missing (instance {{ $labels.instance }})
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAllTargetsMissing
expr: 'sum by (job) (up) == 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus all targets missing (instance {{ $labels.instance }})
description: "A Prometheus job does not have living target anymore.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetMissingWithWarmupTime
expr: 'sum by (instance, job) ((up == 0) * on (instance) group_right(job) (node_time_seconds - node_boot_time_seconds > 600))'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus target missing with warmup time (instance {{ $labels.instance }})
description: "Allow a job time to start up (10 minutes) before alerting that it's down.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusConfigurationReloadFailure
expr: 'prometheus_config_last_reload_successful != 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus configuration reload failure (instance {{ $labels.instance }})
description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTooManyRestarts
expr: 'changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager"}[15m]) > 2'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus too many restarts (instance {{ $labels.instance }})
description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusAlertmanagerJobMissing
# expr: 'absent(up{job="alertmanager"})'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Prometheus AlertManager job missing (instance {{ $labels.instance }})
# description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerConfigurationReloadFailure
expr: 'alertmanager_config_last_reload_successful != 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }})
description: "AlertManager configuration reload error\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerConfigNotSynced
expr: 'count(count_values("config_hash", alertmanager_config_hash)) > 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }})
description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerE2eDeadManSwitch
expr: 'vector(1)'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus AlertManager E2E dead man switch (instance {{ $labels.instance }})
description: "Prometheus DeadManSwitch is an always-firing alert. It's used as an end-to-end test of Prometheus through the Alertmanager.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusNotConnectedToAlertmanager
expr: 'prometheus_notifications_alertmanagers_discovered < 1'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }})
description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusRuleEvaluationFailures
expr: 'increase(prometheus_rule_evaluation_failures_total[3m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus rule evaluation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTemplateTextExpansionFailures
expr: 'increase(prometheus_template_text_expansion_failures_total[3m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus template text expansion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusRuleEvaluationSlow
expr: 'prometheus_rule_group_last_duration_seconds > prometheus_rule_group_interval_seconds'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus rule evaluation slow (instance {{ $labels.instance }})
description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusNotificationsBacklog
expr: 'min_over_time(prometheus_notifications_queue_length[10m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus notifications backlog (instance {{ $labels.instance }})
description: "The Prometheus notification queue has not been empty for 10 minutes\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerNotificationFailing
expr: 'rate(alertmanager_notifications_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }})
description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusTargetEmpty
# expr: 'prometheus_sd_discovered_targets == 0'
# for: 0m
# labels:
# severity: critical
# annotations:
# summary: Prometheus target empty (instance {{ $labels.instance }})
# description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetScrapingSlow
expr: 'prometheus_target_interval_length_seconds{quantile="0.9"} / on (interval, instance, job) prometheus_target_interval_length_seconds{quantile="0.5"} > 1.05'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus target scraping slow (instance {{ $labels.instance }})
description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusLargeScrape
expr: 'increase(prometheus_target_scrapes_exceeded_sample_limit_total[10m]) > 10'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus large scrape (instance {{ $labels.instance }})
description: "Prometheus has many scrapes that exceed the sample limit\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetScrapeDuplicate
expr: 'increase(prometheus_target_scrapes_sample_duplicate_timestamp_total[5m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus target scrape duplicate (instance {{ $labels.instance }})
description: "Prometheus has many samples rejected due to duplicate timestamps but different values\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCheckpointCreationFailures
expr: 'increase(prometheus_tsdb_checkpoint_creations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB checkpoint creation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} checkpoint creation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCheckpointDeletionFailures
expr: 'increase(prometheus_tsdb_checkpoint_deletions_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB checkpoint deletion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} checkpoint deletion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCompactionsFailed
expr: 'increase(prometheus_tsdb_compactions_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbHeadTruncationsFailed
expr: 'increase(prometheus_tsdb_head_truncations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbReloadFailures
expr: 'increase(prometheus_tsdb_reloads_failures_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB reload failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbWalCorruptions
expr: 'increase(prometheus_tsdb_wal_corruptions_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbWalTruncationsFailed
expr: 'increase(prometheus_tsdb_wal_truncations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTimeserieCardinality
expr: 'label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus timeserie cardinality (instance {{ $labels.instance }})
description: "The \"{{ $labels.name }}\" timeserie cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

1
ansible/plays/services/radicale/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=radicale

122
ansible/plays/services/radicale/config Normal file
View File

@ -0,0 +1,122 @@
# -*- mode: conf -*-
# vim:ft=cfg
# Config file for Radicale - A simple calendar server
#
# Place it into /etc/radicale/config (global)
# or ~/.config/radicale/config (user)
#
# The current values are the default ones
[server]
# CalDAV server hostnames separated by a comma
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999
#hosts = localhost:5232
hosts = 0.0.0.0:5232
# Max parallel connections
#max_connections = 8
# Max size of request body (bytes)
#max_content_length = 100000000
# Socket timeout (seconds)
#timeout = 30
# SSL flag, enable HTTPS protocol
#ssl = False
# SSL certificate path
#certificate = /etc/ssl/radicale.cert.pem
# SSL private key
#key = /etc/ssl/radicale.key.pem
# CA certificate for validating clients. This can be used to secure
# TCP traffic between Radicale and a reverse proxy
#certificate_authority =
[encoding]
# Encoding for responding requests
#request = utf-8
# Encoding for storing local collections
#stock = utf-8
[auth]
# Authentication method
# Value: none | htpasswd | remote_user | http_x_remote_user
type = htpasswd
# Htpasswd filename
htpasswd_filename = /config/users
# Htpasswd encryption method
# Value: plain | bcrypt | md5
# bcrypt requires the installation of radicale[bcrypt].
htpasswd_encryption = bcrypt
# Incorrect authentication delay (seconds)
#delay = 1
# Message displayed in the client when a password is needed
realm = Radicale - Password Required
[rights]
# Rights backend
# Value: none | authenticated | owner_only | owner_write | from_file
type = owner_only
# File for rights management from_file
#file = /etc/radicale/rights
[storage]
# Storage backend
# Value: multifilesystem | multifilesystem_nolock
#type = multifilesystem
# Folder for storing local collections, created if not present
#filesystem_folder = /var/lib/radicale/collections
filesystem_folder = /data/collections
# Delete sync token that are older (seconds)
#max_sync_token_age = 2592000
# Command that is run after changes to storage
# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
hook = ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
[web]
# Web interface backend
# Value: none | internal
#type = internal
[logging]
# Threshold for the logger
# Value: debug | info | warning | error | critical
#level = warning
# Don't include passwords in logs
#mask_passwords = True
[headers]
# Additional HTTP headers
#Access-Control-Allow-Origin = *

36
ansible/plays/services/radicale/docker-compose.yaml Normal file
View File

@ -0,0 +1,36 @@
---
version: "3.4"
services:
radicale:
image: registry.tobiasmanske.de/radicale:latest
init: true
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
- KILL
healthcheck:
test: curl -f http://127.0.0.1:5232 || exit 1
interval: 30s
retries: 3
volumes:
- ./config:/config/config:ro,Z
- ./users:/config/users:ro,Z
- data:/data
environment:
- TAKE_FILE_OWNERSHIP=false
labels:
- "traefik.enable=true"
- "traefik.http.routers.radicale.rule=Host(`calendar.tobiasmanske.de`)"
- "traefik.http.routers.radicale.entryPoints=websecure"
- "traefik.http.services.radicale.loadbalancer.server.port=5232"
restart: always
volumes:
data:
...

9
ansible/plays/services/radicale/users Normal file
View File

@ -0,0 +1,9 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
62313133646234613734343031616261396636356563363934653635373435613237623833643733
6233383934636436323037393533326335366434623764320a653531306439306337363839356535
63646637396437333335343666653463616437316338313933333236373537623036376266333564
3334323432656261340a393336323737653333306136313337323064653033656533356262636461
39663138623639373965353862363836626266633139656132636233353334613939303764306539
36393534663466653863383037393534666138316666326264353165643136333635363761316135
38383062343062653963666639343137633466623232386264636437386136366338353538306139
39623065616461373237

1
ansible/plays/services/registry/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=registry

39
ansible/plays/services/registry/auth_config.yaml Normal file
View File

@ -0,0 +1,39 @@
# To configure Docker Registry to talk to this server, put the following in the registry config file:
#
# auth:
# token:
# realm: "https://127.0.0.1:5001/auth"
# service: "Docker registry"
# issuer: "Acme auth server"
# autoredirect: false
# rootcertbundle: "/path/to/server.pem"
server: # Server settings.
addr: ":5001"
token: # Settings for the tokens.
issuer: "docker-auth" # Must match issuer in the Registry config.
expiration: 900
certificate: "/server.pem"
key: "/server.key"
users:
# {% for entry in registry.auth %}
"{{ entry.user }}":
password: "{{ entry.password }}"
# {% endfor %}
"": {}
acl:
- match: {account: "tobi"}
actions: ["*"]
comment: "Admin has full access to everything."
- match: {account: "user"}
actions: ["*"] # todo: Split off gitea
comment: "User \"user\" can pull stuff."
- match: {account: "", name: "public/*"}
actions: ["pull"]
comment: "Allow everyone to pull public/"
- match: {account: "", name: "git"}
actions: ["pull"]
comment: "Allow everyone to pull the git image"

34
ansible/plays/services/registry/config.yaml Normal file
View File

@ -0,0 +1,34 @@
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
auth:
token:
realm: "https://registry-auth.tobiasmanske.de/auth"
service: "Docker registry"
issuer: "docker-auth"
autoredirect: false
rootcertbundle: "/server.pem"
http:
addr: :5000
headers:
Access-Control-Expose-Headers: ['Docker-Content-Digest']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Origin: ['https://registry-ui.tobiasmanske.de']
Access-Control-Allow-Credentials: [true]
Access-Control-Allow-Headers: ['Authorization', 'Accept']
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

47
ansible/plays/services/registry/docker-compose.yaml Normal file
View File

@ -0,0 +1,47 @@
---
services:
registry:
container_name: registry
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry.rule=Host(`registry.tobiasmanske.de`)"
- "traefik.http.routers.registry.entryPoints=websecure"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
image: 'registry:2'
networks:
- backend
volumes:
- registry_data:/var/lib/registry
- ./config.yaml:/etc/docker/registry/config.yml:ro,z
- ./server.pem:/server.pem:ro,Z
auth:
restart: always
image: 'cesanta/docker_auth:1'
command:
- '--logtostderr'
- '/config/auth_config.yaml'
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry-auth.rule=Host(`registry-auth.tobiasmanske.de`)"
- "traefik.http.routers.registry-auth.entryPoints=websecure"
- "traefik.http.services.registry-auth.loadbalancer.server.port=5001"
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolalloworiginlist=https://registry-ui.tobiasmanske.de"
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowheaders=Authorization,Accept,Cache-Control"
- "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowmethods=HEAD,GET,OPTIONS,DELETE"
- "traefik.http.routers.registry-auth.middlewares=registry-auth-headers"
networks:
- backend
volumes:
- ./auth_config.yaml:/config/auth_config.yaml:ro,Z
- ./server.pem:/server.pem:ro,Z
- ./server.key:/server.key:ro,Z
volumes:
registry_data:
networks:
backend:
internal: true
...

169
ansible/plays/services/registry/server.key Normal file
View File

@ -0,0 +1,169 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
33343736613436623665366662633737343037373161643436313637386339613438343038393864
3532626339613437353637326237366362343533613664630a626334636365623437663435633464
32623066663064646239613537356536616462343035383661346637333061333638636538376235
3136393736656433320a653836623139306137353264626531653031333464376434626536363937
37646363663730333264613766653031393233386333656438663238383730333636363938393739
64363530393337353733666236343031343135636431386161336433343431303631336134343861
39343430633265313532383336633362646131373934306636303434623137663764373263623539
33356137326139616134616636383466623134383064613137633264656331356637363630643436
31376632386565663735336364623830303461623561326165613039663837636362613664393836
34366366303763303734623932306235613032353933666130616262663238386437633032636562
35653936333565303335653463623438656134626134613331326363626365396539343237393433
32333834616637303437313965366230623338623664306361616435663434666236373463336161
33656561646261363866363663383065663961303165656638353838313531623731303864333862
32363332663561333564633264656666343162626333373930623931373435353664633931333736
39633330623734353039636635333762616634646635623264313363643639346632326661613035
39373365666338623338343562363939623231663365393034666531646436336165323633623065
32663536313465326231646138616133333433353166653465306662326264656663343635663964
64636134393939363931303132393466656561353262613435316438316532653766363265326661
65663832366563623065383739666139653861313632613234643337336533653263393034346265
37323063383534373734616236393138383134663531356265313638643137303732613939373230
64636433323063633165316637373661383566386430393831386561363361383564363964633439
66353537376366373437346332376536623165396166326661356236613364613162373164336465
39616266366530336532623130346633383738626438386139656436323065336132666561336162
64626462656266383165663264363264333462346232643533353763356539313236343739333364
33376461313330303632386539666637383965353161323037383866626330623236633265326562
65623039646164383766656362303435316131656165353963313538323037623265653464383330
39643063643438666664303065636535396133653230366366333832343937396339363931656138
34636262633065636339633339316465383136326362626536613234373938333162353264313631
38623138306333343266616631653531646537646264343634366431313463316366396461633335
66623132623938343730313861323866306562616561623731663330666437616235373037323564
38653236663461373734323665623864616432613935383365636330343662316437333834643665
32376437646330333430363436346435666330343130393937333365396466333930336562613561
35343730626663636466316235663363636633656633303535303965346639316531616436333632
36633265633264316263643137633336613830653239653730333364353431313030333636313632
64353130633837663531346333623439383263663766326664386230303239323831636436353636
62373164343938343335613063363865656532666335653264343634393330613164386235383135
32653439663161353865323532363638303362386639636430656231336363373861333133616136
31646666333030343738636538393230346432616130613034663766353661313964633737383236
62323637363763356336633161353531633839356434626439323561383736383032313162313664
33343330663662356536613130356630376563353836613031313662383961326636353961643638
39383765396165393437373261636562353231326564313764393962656537386435613166353965
32663936306438663462313538353631613666633238636136356363613738353164373661313562
34383663633436333337626333376363653861613863613466343363343833336462363830646133
35336466366133343337623936316638626232303932333230633836616566666535313934383932
61643930303163396431653362373464383362366262303639623633653933386265333462313735
62313165373061353462393265646135353039633837326564396630613164373236653364643337
30643735356165333464396139633766303631613565386433633835623132666337333330353630
32656365373731353030636566623461353431313633666565616564393165353933326436333063
34653839643666366639323032393733346366356363633363626265316364393962333033666235
33353564333830663137646363326263396162323831383635303262333130636464633863343534
63323163643966316634656664653432353037396337383465353238663636393630313962383933
32306639636462333662363437643839333562613161663639363664316433613736383236386439
64303038363638333566363733633636633633633261393664633130383435306235396430613536
30623866323137333130323164313561313630333830616365366537303634666666313538303261
33643433393264633537643039303030383166343738353733303734613563343235363566623664
39633861333438363237653266353561333530363338303133333762643537663434656264623366
32313132396163353536356662393431323837393532656464616132646365343866656464613235
61656139626566316534666439393565323766616132616136336633643232336334373637383839
36343361333434633335376537333236643965336364636334353764363461616264653761356464
37333961653034626235336264353532313236613034343661303162613437316433393134333737
39653638383037623564663334306565343739373162366661313737323666393938366639343363
62373965616530653664383963303239333236653534643061656134313136336334613731353439
64336463396134333132336166353838633137333732363634356634343534373339663335646530
33636238353734303135306437343634306631386363366665633136663134663339613362353966
39343938336537303232626334313130623836366530346662386263343262616236616130363762
37653032656465646136626432303630626663393832656336383064623163356535616535663364
66373661326666663435313239333066616237396130303765363764626330393231663130616365
31383261373734373761643366636666346433316537663630643461326263633430343863323965
61646535643632353433323961633230626235393865363336383732326333356338653838383066
36386333343664633135386232626439316664393732623263306534623565643138356430366139
34316635656461333363643737386638326661633935646234616638323537303765393833346131
34356639346638633539643166373234633233366433343966316332333765643431316466303666
64326538666638346561306563653137343961373861643738383466313335666336393465623265
33656335316261386137326238346333613065333165666239333562373865623539376262653362
39636362333262396237316438353566643038353435303537646432326238313539343862396364
35656433393230303435616230623065633232313461313937653262303032386664376464383564
38653134666661666161323366343633333037353832323233613366616439643764343765306332
39303437626635616661646330653165313131643535353737303562626439653337343639363535
36306133333434666362613232656233633831386634373132646236373264653963326162383136
36333334363239333364623362646462336162326364663633383135666535636335326237363863
32333934376566363134613534616136666462343733383034633961356366663635393632383963
38646635616131313533306433633137666132653634643161623135626538373761306464383531
31303263666363613565363262643361336335333432366362363932633866316332303031383230
33333339613337333766306266366464376332626366366166343664356337343531656438343732
36636536376539363638386364616566653061356265323364393465616433616664383330346262
62646539356264376130383165306132356665623237323430323834653636383430633763636639
30616136353935333335656532306133613662633763613734333464333436396133666562633236
33356437303230386561343934613161343938356534653262633435363564343531613363363233
35663236393033393566303637613834383162633366396633343465666565363838383637626664
61353236616136366630353532313139363034646265666537643239633930623664666561613433
34376163316665613961333330623935373164373763623466646661306662646130366561383535
64393431653963343733666165343935326332373766656466323533373039623730356334363237
31343333663263323461396537666364373131323537303133383334633166333030643664346232
34346535316432383837333863346134393063303934343039393633343466653632666335373738
32646163373733303565663866373466346539633437356561393430663037343833383033393864
39363432353139383331323565633036313666313464643866656636313630303232663035653863
63323862643730623039343438613564366236636266346534643632653865613663663133663639
65343564633562353963333161386337633037626463653066303862366365306132346535393937
64353464666265383365346231363261396332666262313564396635333265333636613566393536
31336134383063633861656639636337376631373566623635376663326536363665323461663238
38383836316431353730623836376334303966616435396131363166306336343065376632393038
30353437623733313339343562613832383135626133353863653231313631346139313737373761
31386632303632633635326262613239343332393536323266633531653939623331656462303466
35363634626332333235383461376237396139326661376135366330623834626435373932326438
37623232646365313730333336646363323236323061663665343932323133623833643133636435
35636639303939303165383135633537616333336436303061663161663735623561323062663838
31303462636634336564363731333463613833363464616637393134363234383432643064386166
63383933633065343766363132393735356661626231333765666638626638613233396262313465
32376266373566333066656134313235336335373064383739393132383636346630636632663236
36643035396433386535363536613632333961336337656136376262383537636636336130356537
33366637346362663030323936623462633664646666393236373031313761623636663438363664
31373265343131396566653464306237333335643031343362613966306364396338383162393332
35346230333136653361646432343065653935386137373939636465366637623232623064323136
31653430383563343861663734633634393133333737393130613962616234303061643365346137
37383131656164636164343836623034663062613766323963343362393935326130623764316232
35393364306362616266633764623263323166643963306366643539663839383435366432363332
34326339336231663462376562653535623439333336656461326563393335613366616136333731
63383362363036323864333531396533356134656139353761626565383864313939643461626439
33643966353963393433376333303666306162663335333162333936373934363637313961383139
61366633613431393266346531386539323639663766643366306436353039386631623565333734
66383131663330633563363233643136346432303465373838346534336165303633306238383230
31313763373765353436346233373164653361306266653130356133626334623832363335376433
37663331303939393561303264333330383366363532303065643839656239323762616662643135
64313362373536653836376135323630663332646564376232656262643634633230663464653139
39346536653963666166353766343364616264383032306138623766613132336431633332326337
66623165663733386338666139373062323638316561396637376665333938323262363362323265
61343762303336363465353732653562313134626639613836333733666530376236613939663937
34353133333732663663383934613537613534396431663964333666613432613138626361333732
65356137616331323235353661623237316235393436353437336463393861366631326234663264
38366465353261313966396532626134656331633032363064313165376563346535623765626264
38336564346132343936653430643332313837353739313437383030373662663366396366663034
36313734336231316663376162623963306665393764373034643866306639356534323261306461
39633961366663383765353337323131336437396464393132303137386437636462623739383662
39313535616632666135623230373135323537636538323737356134613130303365306335663237
61666661313936363333303332333933626130613462303037616265663362653431626137623536
63383265393061383465333364653530396534363561353531323965323033353836666430306630
35383162643733306664373238333235303835646462623464383834373533333861366565303532
33616238333330396330393136636666363738376639373437353966363361636433383664623833
39623863383965393736623935396330353164383663376137343663396439316636653566313837
37623763616462343761343936636332633966393233363165636231326163316630323033366663
33386534643735373831333463336461656135373162623162306532646130306362373937353936
38633939333361643965626435626230643164316132373033336566633536316661353861663030
31663764346137346135396162623262303832323739313163393963623363393935653838343935
33313263616639326265363661303538393963353765613365623237383630353539393238393430
66323832646331303134643739343735353064356539363961303131383034323738633733633134
61333337356431653163613438353261393064373737396537393961383436643036313933396638
38393763303461306338336366646463666134326466653630303035373361313037383461646134
39316132346564303936356134613530396138303536343862323664373661316338323735663034
30333036343133346534653533646537363532623536666237636436646138373439393936393461
66643863336235646532393165663433306465386438666433346532376466393065636632626461
61316661643132656563623861363630653862636335316531626466373565373261633234643132
64386133613937316439386466653236626632313531363339623866363839366464633162376638
38333039343637316462616236346538626361353632343737383931313133333139653533363136
66643938353235613861653838333638623336373431613631363838646434383062306534643330
33313430366335363335336465623132313438333332323630343835633835373235323239303032
31346563303061333836653361373066343061376664616232643333613461666132336261333564
36616265313135353634363066386165393762653433396232393133383261656231333761326431
64356261353736336162316161396665346466393935386161303264376665396537376631656237
37383963383639653839333761393639333438383061623732373839393634386366653666386436
32346235613935666232643764623834323732326361383765623935313565386664616439363063
35366434393766313239343662333632356430613136393233343064633262623735376530613239
31376636386232306265613435623965336437383166633166316235333530653861343533366362
30316564653332306335376137623430653930333135653737386332386330313937333730323232
36666332636438663733396464656337303634656565363932363039386231656261646437343137
32376338326362356537616232336638623936306164643166383837653464323534313234396463
33666562343135386432633966636134333063363765356132323131393738643030326633626565
62626363666662306362323964326435653631323535393031306132366637313465323330633538
34343063643436333961

104
ansible/plays/services/registry/server.pem Normal file
View File

@ -0,0 +1,104 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
37656462363331336562376461666163316562343233326538323462313838386564643635616237
3335356462666331383533613132613765313838306566620a663364613031346462393165646364
65393236386661346331376230366237643962613136356538303830393236393439626538376263
3835353030343531640a393164633663363832373764366331396666663665313265613366373732
31616463373338353436363164346636343665653335376361386531323735383238393165313033
39303236643135303431633438396539303435313561326132343032623962613635643361363765
33356564303835653834653763653438633134633863666564383861343262303330313733313964
38653038623039303264303132373437393839666366326337323465633036656561393565613136
31313438343335303439303631633634316139303932656666333335336533313439636335623639
31393936386534343036653330666262623562623365656333616536343936343464656531306638
38306134303735383536663634396135656364363663343839383735383530323336376631666161
66373561613863613634353931336332646432313333366436643534613661393737363239353637
34663166636232636634353366326564393630616164306563623135376637386663333564636233
36663865323833386666363435316535376434313361343231326331353832336162313737343863
31653439346635333231346232626635366339613839323963353933663664663939643563353036
66323339633737646238353235636265396362373631396138653363393339633431333932386561
62383635303034613535616463326365613634653163313265623864326232663832373163383131
38653238656662343735353336356563303638663064366435663964353138383738373939396334
38313239646336626466393761333032356265623436326435346466343061313663616363386539
66373261313038653831623931643263633138633639396130363338656638373836326664386133
64333330613062626265666635393334633932393938383938323763386264626335313437343738
39303664373533623562316138373431333931663165373531313363303835366431383833646265
61623032656136666337363733633437316464333234326362643239393665386632356636636637
38383662306464643565386538633031333731303634373837373838313961626161363132393034
61653664623137666134343636636565333866333364306131373963343832376239353236316136
64373030306532626439303664386565656430633966323632353366386364383238306266333466
66366132363335303663626431666437383031633733343266633432303664326437353336336236
39663435623565373034646464396336613964666438373765613366336432373337343064633739
35633065326432316630636561363033383462656566363238356465623537373337373930663461
63346334373565613365373031333764633761643365643136343130303530636537336631333038
37626436396336393337633366633864316163376631333563336238613938323030356137383337
35373861396136656334353563663936323563333634383132386166333430336334626135396432
30656363616432303436663332656463616431313462303338366363663463356664633339303738
63643839346162313061303638616236666233323164386239303339646663316435633531313565
62326464323732383064333738363666333838666636623834616334643833306433353265383831
30336464326161653533363632346465303231323535326265626166383231346334636165363938
30643661303733393263383431613263363861643261663538663130653833343661373733373733
61386136356435306263353337623262646462323638613632366264623137643731616239646462
38343031373632396665393366643061363366396530333039346464396235373832336165393530
33313637633562653263336134653761366366353833626330303533303162393633666534653264
64656437653732346439346264313939613765633734616566323934663930653733393639616363
64353631376236303361643730393338383932393432316665653561363266356632646164326465
63636631353764356139333935633837663833656364386134303332633636663336306361373133
61386531396539333161313666313337333534616238646635323736393763623133393537656262
36343836373835303739303839663230666632303165346635383236666431633030356536373034
32633564633431346433656231383730373438356362633130643162613738626363666135336535
30386361613834316232623630383266376234613166386663323564626133636437656638313130
30353739383833656139346237323261666364396331633739653064613437393930333666653339
39333833316239303230326135303736646536643033316563343262333263656564613862356465
64616662313833373863353662663731313336363839336638643261626233323862343761633564
34653434386436356564343930313435313331313564353931396436366661363030353661323739
64666636343834326638373339366532336562633734316162636638373465663865363661356333
35343837343463336533376461613865346261386664313061643464643838333361303835333930
35343863333830383466363734306137633936323562656437663935633962336165333264316537
35643063393036333863646530366632373639343235666633396532393361656339346461666234
35656232373735363863376332636137636235366138383036323762633633353435353466373830
30316462376231313134353437626637343936633463326166653332613636353639303761306461
32656637353566303564323839396261613635363161353239633262366137386639306432613663
38636262663136626437653362663864323335303165653063336337353566306334336161666163
37356438363732376665356263646463303961393938326364336566396637323031613964343535
63656265626339373639306466666531636631383862316536303436343932303837383931663532
35303033363031363130393435386266306264646232383334623033336266393632643133333536
38353934616661346435323633643833653261333139663966656665303865333565316238633061
35616261306631316130343764656530663332396663303663373063653132643662323832383833
39393066336334666164646364326530643462653338383661386663653531666234383435636332
32653037666261333965323833633566616561326633356564323962663439313363626265363532
32343039373536326363656366346235373238333034616366366636663061373038626261663232
30623230396637626663653638353934373238353738363666656536636631326431656261383738
32636161613664613061326432346264343863346230646231333035663930656565306666653162
63373339323164343132363366666539326265616665346237393136623639643932333931306538
62666662353135356333313165323531313932363436623030643465306665363831656439303830
66643738616533303566353035633834343538393766633565333561633339313533323830623537
33313263383266353834303966303837383536343932393430323765316437383332313136356538
35393061393237393036623832646236643637663332623630373964326135396263373861666234
33343932363865643330643930333963666339303665393761646532376636653332373961313935
62316439636532366139366139616137663633366137636232363939653933663939616438356166
61616334313031363130303161386565333761383530353031383530623331303035313234656364
64353066333262663830623530653264383133643435353531636333626566393566613962313033
32613061353363626361323136613165326335373636643837306365613633303034383337303235
36666364313031663534333365383462346231393065313636326430666162316634306130636466
63343032303166666435343264383236373363656461343566343331616131346661363936663235
38303737636665363537653037336265656534333537393331323735343963656163346530643165
33656334383965353638333935316238376235366464316233326536633961633639323634383735
31633031333163633331383338376135316136656138633333386331343462346539616132343566
62303930333166663630633463316333383431366132383030613933303033306333336531343834
66323761383036653563393037646262383964363335326132366666383737356139373939653362
36373965396339623633373561366639356362636164386638306235353633333334666531326261
39633665646465376363613730343436323361626238613332303033333866653362363533653839
33326131633230366231326664613866353665363231323633663763616132616665336331333366
31313237343034663734643135386262386339366330363333393237653466353366653237633337
39633136623866306632643364366561643964666631626363643661323034333533316361343232
38383236633338336638376461363965326332643365336133343234356633653035656630333562
62353536326433633565323666653965336330636333373365616231656662636265373964313834
62623963303831383063613930333831316431353734646230353464656564323036313934303839
37366338343166623534636466333131653438303565356261613139623431653636313962346531
33653961333234383761623231646630643637623663343430653534663966333266623832303937
64626236323634376664303263316632653161323764616466363535303134646637326139383931
62666631333431653661366231376430373936633261383666366364613061653931313833373765
31316231613662663833343438386264303432313739623032613633643063613232643466303335
33393630656535626633626438643934316666613438313639656235643034643736306235643163
32396231343534623466623833623364323363623563383634396537386261356535343137373532
64313435336231336563613533383062313339373636346338383437633061616162333830376136
633731613464646231386261373935366161

1
ansible/plays/services/repo_proxy/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=repo_proxy

21
ansible/plays/services/repo_proxy/Caddyfile Normal file
View File

@ -0,0 +1,21 @@
{
auto_https off
}
http://repo.tobiasmanske.de {
@uncomressed {
path *.db
path *.files
path *.db.sig
path *.files.sig
}
uri @uncomressed replace db db.tar.xz
uri @uncomressed replace files files.tar.xz
uri /os/* replace /os/ /repo/
reverse_proxy /repo/* https://s3.tobiasmanske.de {
header_up Host s3.tobiasmanske.de
}
root * /var/www
file_server
}

16
ansible/plays/services/repo_proxy/docker-compose.yaml Normal file
View File

@ -0,0 +1,16 @@
---
version: "3.4"
services:
redirect:
image: caddy:2
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro,z
- ./www:/var/www:ro,Z
labels:
- "traefik.enable=true"
- "traefik.http.routers.repoproxy.rule=Host(`repo.tobiasmanske.de`)"
- "traefik.http.routers.repoproxy.entryPoints=websecure"
- "traefik.http.services.repoproxy.loadbalancer.server.port=80"
restart: always
...

1
ansible/plays/services/repo_proxy/www/index.html Normal file
View File

@ -0,0 +1 @@
Hello World

1
ansible/plays/services/search/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=searxng

43
ansible/plays/services/search/docker-compose.yaml Normal file
View File

@ -0,0 +1,43 @@
---
version: '3.9'
services:
searxng:
image: searxng/searxng:latest # >.<
container_name: searxng
restart: always
networks:
- default
- backend
volumes:
- ./settings.yml:/etc/searxng/settings.yml:ro,z
- ./uwsgi.ini:/etc/searxng/uwsgi.ini:ro,z
- ./limiter.toml:/etc/searxng/limiter.toml:ro,z
labels:
- "traefik.enable=true"
- "traefik.http.routers.searxng.rule=Host(`search.tobiasmanske.de`)"
- "traefik.http.routers.searxng.entryPoints=websecure"
- "traefik.http.services.searxng.loadbalancer.server.port=8080"
- "traefik.http.middlewares.compression.compress=true"
- "traefik.http.routers.searxng.middlewares=compression"
redis:
container_name: redis
image: "redis:alpine"
restart: always
command: redis-server --save "" --appendonly "no"
networks:
- backend
tmpfs:
- /var/lib/redis
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
networks:
backend:
internal: true
...

43
ansible/plays/services/search/limiter.toml Normal file
View File

@ -0,0 +1,43 @@
[real_ip]
# Number of values to trust for X-Forwarded-For.
x_for = 1
# The prefix defines the number of leading bits in an address that are compared
# to determine whether or not an address is part of a (client) network.
ipv4_prefix = 32
ipv6_prefix = 48
[botdetection.ip_limit]
# To get unlimited access in a local network, by default link-lokal addresses
# (networks) are not monitored by the ip_limit
filter_link_local = false
# activate link_token method in the ip_limit method
link_token = false
[botdetection.ip_lists]
# In the limiter, the ip_lists method has priority over all other methods -> if
# an IP is in the pass_ip list, it has unrestricted access and it is also not
# checked if e.g. the "user agent" suggests a bot (e.g. curl).
block_ip = [
# '93.184.216.34', # IPv4 of example.org
# '257.1.1.1', # invalid IP --> will be ignored, logged in ERROR class
]
pass_ip = [
{% for host in groups['monitoring'] %}
'{{ hostvars[host].ansible_default_ipv4.address }}', # Monitoring
{% endfor %}
# '192.168.0.0/16', # IPv4 private network
# 'fe80::/10' # IPv6 linklocal / wins over botdetection.ip_limit.filter_link_local
]
# Activate passlist of (hardcoded) IPs from the SearXNG organization,
# e.g. `check.searx.space`.
pass_searxng_org = true

1327
ansible/plays/services/search/settings.yml Normal file
View File

File diff suppressed because it is too large Load Diff

49
ansible/plays/services/search/uwsgi.ini Normal file
View File

@ -0,0 +1,49 @@
[uwsgi]
# Who will run the code
uid = searxng
gid = searxng
# Number of workers (usually CPU count)
workers = 4
threads = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python3
lazy-apps = true
enable-threads = true
# Module to import
module = searx.webapp
# Virtualenv and python path
pythonpath = /usr/local/searxng/
chdir = /usr/local/searxng/searx/
# automatically set processes name to something meaningful
auto-procname = true
# Disable request logging for privacy
disable-logging = true
log-5xx = true
# Set the max size of a request (request-body excluded)
buffer-size = 8192
# No keep alive
# See https://github.com/searx/searx-docker/issues/24
add-header = Connection: close
# uwsgi serves the static files
# expires set to one year since there are hashes
static-map = /static=/usr/local/searxng/searx/static
static-expires = /* 31557600
static-gzip-all = True
offload-threads = %k
# Cache
cache2 = name=searxngcache,items=2000,blocks=2000,blocksize=4096,bitmap=1

1
ansible/plays/services/syncthing/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=syncthing

45
ansible/plays/services/syncthing/config/cert.pem Normal file
View File

@ -0,0 +1,45 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
33356661663637323832343435656464323766303832363037333663393064336439663165313637
6461393832613137623663353337333232616135663938340a666566366335326565613738613930
38373066313664616665633337616138303530343637636162346535633339626236303237393561
3731366337323033310a386562326238663133653666396434663465313936313738313363613762
65643662396237316663306163366636646338663365666632373830363930623534376338396336
30313135623038386564373131613835316166326662313066303061393536613136353065363163
33343438613562336235626437666661346363363933616132353764336633343739616230333438
30333736383434346465666437346137343437366164323964353437643733333066626531383439
35353233376164303336626661366662383535613430363439633131643838333535353833396131
38383530666232643461623565363865323438666333626338313139656563616465626262636639
33653965663166323630373938643638373362313832363331356339353265626262303761316664
30303264386630363530643363346162613539623839653934646330373438396530666436376462
34653365353961663065323730383935396666336163626337633561613139343139316665333839
65656665353436313538636137376633633032383438366665373133396337306138393931653362
66386465336363643035343530376437323064643861363535623135353265393034653936323437
63353537343538383930366334316237376364613730396534356565313135633331663265323030
35646563303031366130383131316637623131396531663862333561396162663361666536306132
32393564383330623739393730386261333038343362626438336462616638616132343035393265
62336338643639333366613163393332336462613230346366616333396234366231636361623838
39373565646131636333393663356130646537356432316261616664356531373063393430653539
30346464656535323164613236303361653033613738333235346230343238623166663462353965
66313632646431346565633339663864613333383432616536386533313863616232323235306165
66376238306537383966373464333532313166393735313535393365616337383034396538343463
38386235326233343132306164376432373361383939633161656232613033363538636435393061
37343837396362653736303436356666666138353735653134336563373430643636356665373236
64373035626461386132666339646466396563623266326637333435633165343034646566326430
66356666626539373462653536313636366530313463313530363538623862626537366639636266
32653137636331616536343934356662656262623762333930653238663563646239643637386165
63613662363235656432313666656331346461343432316530633163303331366239333666633534
64393865366139343135303062366333363332376565646437356164306232643130356261656534
63303339633765373136323665376137376139363265633162653563356262353162643164306430
30306133663565386237373131353232623936623237373739623837643564386131373132316331
31663062363133636335303966356562333438376333356330373166366531393461303037363936
63346630333130303566383264303436393462313431623237373063393033346438633966643062
38396163356265363363396164623664343530383937653663663864626566353365646462666535
36303936653933363964663131376236333965313431653937626332383834373833343462333036
30343537366462376562343865633162383263313365633332396366336238613132313630653763
64343035366561313339316463323134643664616565663331643036306639383163373831376265
66646336316632323034653866653532323934636639383634316163336566383830376238376433
37653137363939643461373538623032613731383731353639313534376466303930363765303637
37626532313430653239663835323633326263656536353330636437376237376339663336666234
39396138323836616432396265626236333134323462623138656534333966613338636132393665
38343662646238363735666564643336383633393963633662333262663131616163643765353232
63613764346437663666

893
ansible/plays/services/syncthing/config/config.xml Normal file
View File

@ -0,0 +1,893 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
33636333303833323462616162626631353239383430343038633639646636633738356334316338
3835303838366139353761646630303333356632396665640a666530333066333261333339373062
36326335633435363230656139333133353962643965376262306161666135383266376435656631
6666396163366230330a356261656163303730376435383062393138303366643861323664326234
30393732643632663765643965373763613136643830633534343561343162626634383165653335
63393064393535393264343733613031623438373664353061306537383637626363363933653935
66643563373836363438366337303931326336623736393638656236303430653137643462313966
35353339656634633533326337663737653338383732363364383263663836623566646461313830
33643564643937643333306535353431616636653862336339653037363965626532633864636363
38373033663934633739313536653737313834326534396466356165663065663161646365633762
32633865363039616133663866666261336639613337396535343762373738653339663331316265
65653537623136326264636639386561613037393231386531323761373636336334383837373762
34623961353639313133646563626131633462306335316135623538653737303165346433653461
65663266646334646230623061666461396235646666323537643661393962353832623736633466
65386437633237616261316161396438663561626632336639353233653163626235383266373534
37363236613739633138356333356234303738393637353633373539656432336663326230313061
62323363633337336462323238616631313564663336396639653938613134313537396335386435
36323064623230343136373633616164383264396438333864366333336161383434613835623637
61373938356434303863356336636433373661636532303738653034373534343464623130306461
36366235316638656234656666353838623432643062343634656164303434623833643865653831
30623336376432396431316361633439656235336530313566336538313664303263386361313231
38393535313731366563393130653334666531633064663131323161343466623735663064386664
64343730656339656265623566633634623438346535663834636333326130666162623437653033
32343936306330336437373433343337353435333564663331663636366561393665343463363763
65353461666135363438383638656463393335643233346462393433623238303534313738383531
66353565666232656534613638363362633539323935643962333861326262613064376330656239
37613534356162313661356466306530306636336531373966613532343433353662306233633263
35393831303663363833666434323635306561616238643263333666363237653038306430663530
33376161326636336537336266323263363865373136386464613330303363653231633062363730
66336234373537393035336331653431386230336231396631386139383864636630366633633361
30613266653265373731663532363236386262623230323064306465376230643165396465666562
37346233633131663235356632633963356539623833306665633065396532353365643937623966
31646463303630306236333332373933393062663530363937373762643063616464383664393339
31323837343031316662316537366437363837396563326165373939386566666238613632343264
64386235373335306337323061316439626333353034663163653862336332393137623762326638
33386564616130386635393766343837656562616230633762613335316638653864313036303939
38323465343932313661316162316131316133363366366430333437326638646133376630396263
62383665663436653236353633613134646566353233643965623539333538303532613763643064
63326666633662386665346333336464363061303936323433346333636532313939376634393531
63343233383038383237616337323564613232343133396261363039343235306339316338326466
33343264333037333162343734336466323362383538323963386630666538393166356239613031
30303666393737306531346165373966643239306564363634376234346565653738643838326437
64643263353265643436333633366532336335613862363263666235633631653837353463303733
32613732373733376335316462353635396639373139306533366465393632306435633932356639
30656433656533373334623339363631626235346631326265626439333534626232613236393936
66313134346334383032613739616666363162353031343239636231356666356639316536356137
31613739316232306163663934666530356238643933363632313364666238323363633462653765
35373333613261646364653966343963646230306434326439666534366630336165363038346661
36616239323536333031353138376566383562663732653365313830613136346331653066626234
66633535326538303539346565386137393662306432623762663536653739346439343438353632
38656633346136636466313433393331666661336564333733633934303966323639386431656230
34316466373330633533323964303566636331373434356261373564393033376538646336663061
30393363353464386465303134343362653939653062313961353931656130383532666239306230
36306563343334383562346431656463393866656564386263373637663061636230396464643335
34363563316137303737363836616363323533316436653334326165663633653463653736623832
33373965353363663231636666346438336166646132393736333733363732663365316134383466
62313561316137373862666534663535613131643538653536666266636236623437336535616630
34623966636136376664646537623665363434656533363237343438356162363334636538346364
36636430383961313234643931336366616232353938336333313135353564376432313238313232
37666235306437393430313765663063383330643863376437316362303865323032653331383538
33643739363037633462333465623066666338383566323530363735643566633738366337643837
39333362643834306366653365343739646566613363616131353138366362636162383237613832
33656530373763663535376230373535613334303538623661356133653139316665383934346237
65353533316536656461656633353730393831333930643233623334653661313139383462616262
32633636373137316566613161323364626238333262323033323633326431333233623632363835
63306235646462663035356539616565613038636132663765626362643965326262313037306162
38326366353634363531646135333536373936373537366439633039666134663166386330306134
31373437666332353436613961623533636131643261643738613439666335663437303436626632
31663831393833326335383765393435373563653361383436653935666164616537353364333930
63363564613136646661303437626330386262376562393963303734343433623961633861626238
37656639343861336633373061623437343962353535646337646166623432666632366636636664
30306266343938633432373561303965623164346432656263343266356634663731303936643936
37346635306537353737393730353736386138356139356664653964366461393862393735663339
62636438643438653433316561636463363432313936313161316234393137623262656431646438
34323864313462303536633633313064663138393430373236666261323066643934663565356531
31383738323963636562373530343631616435323035396430613634343262653937316264313737
32303632376266333039363032316330393166666636306237613262383963636631303565396431
30643632373030376335363933323438663230353036316631656234373234313866663735376434
61663739383737353736303734376333663261336666623966386132613362373332353565636431
36633331303664643735323365656136346636643961613666663662636533633665343333333231
31386134356439326138383830366633643234366234623461373261353139363133343430666430
37343335333931376630353365633134616630333836343332303532363065626465333838363335
30363464366165326232623630343565316631623962643939633335333439666236303237643662
31373339623738326136656363356437636532363434613663376662323935336537326263353533
66366366653730396566303535613763623633353135646333613632626637373336616162363232
36396134623265383734373561303534616364383761623665393931623238336133306363333865
33323237303362343636666336636461623036303664373931376130316134653038303864313461
31316331666338386266373930373739663635323936323264393034303562613963623930376666
39643432663934633037396539393839636138366439343330643638393263393538636164346563
39326339333835326539363036656539336663363537613937323065373465333162333633393162
31373162303634353938376332363336373861313839383964623761623835326562353662313538
37353766373361306531373838343533623263333235393563363731646436663338396162363331
38643738356335306463383637353232656438613532643431366463366166646562656335663035
65653561316562633162336261313062656563396532306430626435616432366266646466323938
65663633663964643035353661343537333237626436326461626130366662376261366564316131
63656634316637616538356133313366353861383131613237613966616361656130376164653863
38303462303336663563373362643035333636613839356234303731343665306665393633393337
32376665343533303037393038333065346462313032303939383737333439633935303862353631
35366434363536613835306462303831313831306662386637623933343335626239626137313065
65336138666130346239636561663131336537616235643266656436313532396136363832323738
39353736313764323836643432306538306462393637323066636366383334633365333739363036
39346161353461333163613236383538303165376138393763366130636264306563376634376230
32363333393038643039366139633536643530313263663235663665623963663836303961323761
31323535303933346462326666363833383265323932376338336364386366626465643931326635
31643330663733393731653939333130313739326533396230316465623334306232383239653434
37663165313238666430646563326263326231656533386565313764373231333335613961653036
38643331373139383361333133643830383533643762363761303164383163363431663965626132
61376566656531303437646231663036626263323264333061616137306439376136373465316463
34646336323138383737353030376166313063643935316337393035376532616336363966336531
38366463363035313762623830653835373536633461363236633963303139393432393632666265
39386635656238623364386332373938373935363737646438313366663538656664376633616338
38373133623233633430316134373530636264363233363762306435376564663833663466306432
38343935306663306135626433393831666334316432393263613361333539323165666561653865
38636534656134663735643939643263303539663535636566623630326263663563643431653366
35393065613765303137306339343134383331313035643833623032346233663734643834623832
39356237643036626339333230343765636139316263373532623139646361646661383631373865
64386235653062386536393739653232313539383539303730353837633565353661303265626632
34656638343232626365393161623334626465386233633133356163376564636531623038636332
64643733323235303834366139326230623465666238386564633336323235313764356235633533
39386239316561306631613063623265393861306366633532356462623563653266633161353265
32633133303031393733306336646530316432643536656239663963303639326231356538653332
65343263643434636266356361623630353466353933333232633333323665623430613062373130
63633166363139616336623061306634303339306531336531633039356536363036306338643933
66396338636563336330393338393738663565613531336634616265663236363564626432653863
61393165333230633537366430623831383631386666653766366666663262653133376463646539
39626664346366313065323236376663666563373535353162373839373462383038333233376632
36633337316332353364313037356364653239313465313364376262346461643233363639653762
65383031373130653261366437373938363931303638663639646339626536626239626534303961
36386564343362323632396438356163323837616563326539393036333062373138396635633034
38613039323931313538353163633862303835316266366166366465333039343236353032393334
32306234353563343062663931653266613862643933653365666266653935303366303463346137
30366433313063366239636361623136343462326533376535316161653230383464353736333733
32373839316438623932303563353166633934303431363566383435613662386130326439663030
62663665303231663330353137666233373333323164326232666331633465636261633934656433
63353732396161393565396533613465626339363162366263353363663937333436386339383637
65303033626265333831663138306431623761613831326336623433303465303466313639653261
62343464353664393038643534663062666465623562613231663462663638373732393763323231
39343331383034626637346536313634306634336664383066306265333536383230316530326234
31613639616131643861383033393630333537656565323939363663623237356162656233366163
31373037313262363362656237356162386462316363386432336661663638623537326563613832
62306661623434393261363531616334383666373666643132356434306339653765306635613834
61396534343437376435343366366132613836313761396566303161616365393135643162613862
65653237313435303436666138323864636166346136393637346438396439636661316130306163
32373464666333353836653065316365363932666566306564353530656164633064353261623534
32393262316438666635616232373334653134646139323431643531386561393662326266343534
35363136623134393732643762633736373965383064396337313365666462643634373164636539
30346236663663386137376132353565393562616634623861303035323862663633343630653037
63393939653762653131386466343533353039633130663432613939633831383963643935343530
64626665313437643366313335623766336133633638643836376561626461393839333330646534
33613762313232306136666432653832316266333732623638373064306132626130386231623933
32643438316465366562633863646435353866346330633066646533323739656633316235353932
36316666376661666462333036343836643332306234356566333464373662396236386663613530
63383062303636366233666133663664376566393966663134373930356132646536353764336339
30386634663262366636383365663965373662616336306365353832343434636131323539363865
63383936386539663436386530323039656537623066613837306266646235623166663465316631
62663437333138653934303037373131666561393835386161366465326432363834333731373930
66663039303136373834366366323035636131633235613930383036326338663763346233353831
61633366326234323031386163666433656231633134386162616566393261643431333637313139
35663931643037383839346565616463663061313639373130306236626461356632373833633939
33343732616264623636373961393930616131333238366630313164616435316532313762646665
61363161383434663633356265333930656230333066353032306264393238373435656631633862
62663461643138646461323266313830663666323363393334306136396565616238613161663732
37656466343864306338356238613438316432363033626563396532353333336164626439666665
65373838326633313265363966636131643438386534633562633063303238633436633130393638
37626534613762333333623434376461613834356336656561373562633630363165373866303238
33363864636233303737343834613236623564366136353734636264666164356634646561396166
62373434636161346664303062653766323863626363323635356662323133383965633636313637
63616534363934663238383932636566343262326165336638613265363435356532643963323631
63393933656133336534636631316163653537656561303335373964326662343661326131396534
30343335393437666438356366363733613436346361303434353961663062646230623162323331
38343965306161376165343034303737653634396636653036643033306533623561383338393130
62323837306564366434663964363032656330316532303035663563333965386533336534633064
31376161343238613262303132663561666432343863353066303564353766336662346366353436
38356336333462353230623130343566666132613166343961336631616363316133303231653831
65303030306236353635653932623233306364326630303031636366656635643734343963653833
62653535656635653666383737623666373032333166306163623436633463376261643131653064
30323331323662353632383064383562356564656437336231363234306334643736316466623566
32313562383861323364336532663361653333646462623738353665656664373362396162653766
36643265393665656263386433386664346332316134343630623466303866303966373931336564
35616339666464303831316637303239363339366437353736653530643831336166313136656161
32373765343366363238653436636132646630323363633633363136666361303733323835613134
35616633326164343264376336663965636333396639616638373466646164353037396233373934
62623833653332616164613537373032373530356132313536626232633261653864653538373637
63613862393033666436336334323037353163393231633761326665646136383430666638626335
32633433613131663666313036633830343565653635363065666633383933373134373335646634
35663962343166376661653938386535366532343932323631613162643138613137326435636166
38313236313137666166613934653836633763663162326132653239393634653735306231373132
64373165336530623636343962643164646662316537393863343363626265666335353733323532
32326130643134353133343564386265633333636162313530333432316462373863626230323334
33646239623032316532386365643032613733636134633864333438353632393431666139303832
34333663626166626634316632313636613934336365363534643139343565666165646336393763
37393134353236353065316335336466376565623833343261313533653361366337386466393731
65656632613936353863356365663534666637356663666635303562663862653139383861313166
62653731646234616633303337326137303035323737303332326333306132373234323038336430
34303531643932623161623735623432636462306265386335336361366661633166396237303939
30383964303930386637373334613864656138383461653932346330383130656533393735323330
65333030663738613461623436616666323634333063303239643034323739643933616265396562
38666432346562663739333138613735393434396438376534353435376664313330323933633262
33303235343338343839326363656632646230333335666234303037363933656438646130623664
38616161646462646439383633303731626233303263343861383934356538646661663139336539
31636436633333353666663165666335656135336531346535613938326361343531346638653835
65316231333661633834376535633830643330663066363866343033616133343061336434636432
66313331353239633361613337383137326561383932646430626132306131663336623161396335
39663233663937663333313664653930353763626561386563656230343266613835373734316462
39653064363537373936306634363262663538353335306435663666316262363030646633396464
31613063373362653631633534613434333530383535613162373463343331623336643436623461
64393433303037643435633433396337343861376230373430396237326535633565393334633731
32303033366261333761393837653365386236373863303434333765346637393566313839613864
35386633373833613136363164306137623531373331353637323062303837616365343138326164
31356237363861313031633435353338336432373465656533363863353233306562363061356436
66313633323037636236353936613562633966643932303161303932373430646239646365303438
65303263613065333830323762393637656636633932626233663165303135393430336665346535
65353465653361653938653233623939303932376334326264313538663139336165326532613439
61393739613961386434666431623666663162366437353266636664623261346230333161333063
61386137366465363339373630323330633834303630636535363735613036316338626431343866
34346237363934396266353162313131346333356633376231323462653862303733356437343261
64396333333735303131356662633139656562626231663136353566633435353831656463313332
38643237313461626363633964393662376566633961616463373262623637663934323632616166
32656261323937656135373961353530663265356562376432633334346166623336343864343263
37326564393735323430613335656537663232323530666333373137653634613135616161336361
63613063346166666634353766333166636666326331346339626131356333303435393863633639
64356537663734643837623332376538333437373663313035393466643936363564323735613238
65313038636638613162313032303236316532666433323334316437363864326261393130326132
33313862623161393031643236623666316361623939316661396561646532393266303636333435
66396165653730613431643962303636636139636239363539643361636133626562313734316331
32333034626161336133343366626236313165663965636532323930643432393932393937616334
64333664393138653231363031636431383266326130633465363966373133623265396161623534
63363532623333653362666664393864313333633935666133623335666166306236666537383066
30613433303839653937313733613166646636393162623131656430393935623234333662313362
39366465633261366465383830343036313033376536646439623461333863313839633938306333
65666135313232303334653337393036356630383363656261656334613061643235306230396630
37336331323831646462393638643930303661316439393733373137303134616634303739383531
33316366636335623533393932366339623337356331383130396631363166643065343932666533
31643862303963303166666561663263323431346531353937653234393862383635353064316363
64346535663764643065613739373863316530323562383131646665616166343638353235633563
33356136316265383663336565343033353066653461393866373762313632313937323161646166
35323664353339336466626337313464383863383764646338383135353066383934393739353131
66646636336338303239326366613330386661336530323931643733643830336430363164623061
63303035303664663835313765383366376362393762383131303030303734303234336263383039
65656338356561306164313664623139336466323638326633393935333466333466353263616435
34646237353231363330633061653065613139373339323863316361386633613763613130333731
37393965303833616232353864353865333062613134396462383063623439623963336365623137
61326438353761613337343932643264393463356261623538643838306637326433663733353834
31656534333564383165643861336265323166643064386331653037623336663832313639626131
30373937663933366539313763633537383531323433343530656166313235323665356235373835
65616531306462383738613832346434343139666365326133653633373338313636323235633839
64386231616431383461363535613133666538313032663663666263613537306633326564633866
33656133316239613361653439376366383939346261393736616236656132376263333737393531
35353038623333383134323630633235353832356262366339326635616633356161623938393139
30356164666661373562306337386363316632343836626435343863326133396261363235313633
30363165356234663130386633636362636639333463663765333964656366376162373737353137
64616664656539636363636236646235393032333934353263656266376334633237326432356333
61383638346335353533613832626436323666613239633861326534326339663730373961643731
66313165376261303864363431646434643439356163393862326531626234376637343738663733
33336461383465326165303236313762663936303564333862323238383839376236653431383636
37316434313366656531386130366231663333373036646135373132646337303363343132396538
63663663323265353564626231353331373334353561633233393834353537656364633563376564
62356232363536633738343130336431646666613936363130373739373865626135646134366466
38323130633236313662646635333334346636616536346537383035396165653931393966376562
38663636383434343132663833633738613762613730363366643633393063613361356633353232
30636432366532633562303338396637333866626138656365376431306233613466306532356566
31333738626566396437326334346464376365386539636263363439366666666663306334386638
31333865666331326566303964623766633862626433303530356233386166303065666232613337
64383861393334313130333736393736656333666166373461383238666131323733383164636261
66333237386433623865316262343465613164343232336631316331363461353931633863636636
37316235623434633763306565333439366432646239303139353166373966313461366635363736
62363039623836663531343461623461396133306233656530333039393662646531363139623338
64343766383832623430623664666333633766636530343833393261333364376635653634623165
37396330366539306664656664346565363762623236306266353062666630396139646137363933
61633731373735316231626562643535626439343839333136343166623764663865383363636630
37353363623966633565383163656466613831383565633962653562613266623866653266306239
34623539363837333835393239393734646336356365376634316134336630633764333961316135
34346661306665363235653434643662616536343766383130383530373361363236343734383434
39646461636662666135393962333230316363666262326534333534363262383435303236323336
65303263316334363333366461396331323235366438353261303764306338633435646263353938
31663934663835353261616262633735643831376530623364646332353331336435326331643135
62373634353833326662626235633566663261653966643934376363663038613134343136316463
38643064313534643230353039306130393330636661323436316133653366303935363461306234
37323361303431373933633238333937386436346330383432346339663566626361363962303231
33633936633435323166386561613237666637386631653665666662656561633738643739316237
36316363383562313866333937323439356537323266646264333761393838346336633637303365
33653565656237383234373564376462623561323665323863633839346565636635613833316239
34316262323838653632383836383234303964626365613335383430306130373735323639356534
63383330386134626131323630633463366137313831333636626435366531356136303835316136
63353536316138633830643162336634363861626236306365666134396163336366346335373638
66356231373434396430353834636132323730656563633435346130373832623264323031663039
37306637373633626363376463303734323738623032643262393962343663326264396432353532
34366661303934343932393730653735353463633333393661653164633037313430656438653934
64653136316637613739363762313861393661626165353633656630383131316435623365363035
31623634613539383165643337343839663961633837666661636565353937636331343335306166
31323535336633613135353231326662613061356630666630643735383736653336306464646461
61353862663366356230303939336663366234363266386533656530373266636163666133313362
33383162343437336165333762633838643763653661333437626661396531373265663434313130
65613765396132346366393633373130383734383536633431323230383635366335316435633831
37393163326664653734343135363864333762663737666530363864646266376236643662313539
32333632366332643361373362333262623631303732613836383530646639383531626530396139
63633834306531356365373366356461616433623665356663356362333836633463393461623863
62313335373266633330333936313162373432353962383262626630396335373066353463373062
38343034303031623934323964316461376531643034393134346533323833343264323639323730
64623330386432326132653730643364316234666661623439633937326262346332653530646665
35353562653032353465323530633539393333333832363032666361623263373864636433343665
64636139353531636465363635633936623439613233353264366139383134383364373734623763
31313537653464366439363934323730393039346232326166636266323932326434323833396430
33396638303738393163653635643963356435356238633166303136656465623561633936653666
33363234316264633230303033383361326430666438343830633365303261653664303865663262
63343034393830353335666561613235386438333330626534646636643666333539643233306137
66613864376236643362373139646230623533316133626161376638313565306131343039636539
39616665346338326638663732393566313737373739356264616433366533643936646533323035
31633930656433376164326334613835613265646662636235396531656630663261393832663166
36653334643936376634656531376332336565613936663135366430383665623234643130363566
30303761343262323431656431636164646434346431353239616438363638636435366230353136
64333662616138373462306463653134313232393438326338353464383863363439613332653632
62303231666531323439363232633862383639386165383535366564623639336537366131396263
62306237666665393938386634333266383934363265353137366464366164636566366133353831
38636362653836316366623661616439313135386132643131346365326531666430393932323133
31343830636130633633336562633437623237623732306330646234326564303663393338396364
35633135376436303362653235306532653364316662306263396236623539396135356332343365
62303834643361386161343464306235633862666438656535343138356137306561386365653666
32326166626462653532646466376234623164373239643439643133306665303565646164316137
37366132643865653166376261373631346563346566663761333830663037353839643935663230
36376337373663373261633366356139656662346431613538636231363939616434613133353361
31356665346239376661333635376531653964616334383763313532343536636132353637306366
37383533666161313261373239386137326661646361373837323433653838383664613264373563
32383266666264343935386331356163356231376236326539393732613632383234653937356431
39346137376465343535613661653832643631633235333939633464666339343664373733653037
37633436633563373239633637396432393861383135353732666466343931653065353366303333
37333037363537656139373835303934613962646133373435653263383563623465333537613438
37316637613332363933356330636166343831643239653937353537613731623865383432306663
63653633653131646364636165323064363436633462303131626536663464366237383833383466
36303534386464656433373763613932633064356634646433303435353565656162393666643939
64656134396164316431613839383134336164306132633966396138343136316366653762663939
30373536643737306238313038653961306634303933656434666135396534326237346663393764
62656637306161383530666166363132376637646435636436353434373666376161383132383031
32363739326465383732623866383664666438393162656262373134356536623931636263613464
63376135366532333838646239316331613764643434303265356662376262303831623765636265
62383836633466613036616662633734643061653534353632376166373136343863333461393136
61353533303837373133393930623366306333376465303635666166376535363730303630666563
65653733303339653261366132616330613265346331636565306138373762353931666566316663
32656664306338313739666332663233396539326636393061303433396231626165333464376236
38333763626338363162613933636562316635633364373934663038316566616135643133636630
65383131366437343639633062386236356139363231623761393838636661386330323035376132
61656132383931396437336631363034356265336464633432336661303163333965386531643965
62623930613638333662363362336664633963323337616630333834306639393763306535333438
34653836356362613066666334653033653362323134643561636665663430356363333932363061
31323462633938333139396435616366313461363633363362613565386634646662393262346361
32636265323163643833636534343737323339383437613166366563663630386663383761343433
61643530646661623666323361393162383437613530326439613138663932653730653566656536
34356437663266636565343566383032653435633665386533363733663664363165316638666264
33353762333635643566613331646262613861336439666331323464323134336661383565393264
34306133663337613831323963656264363836643138346461356234636233633632333563623931
38363630663331623036313737626661636161383436363261616463633731643664666136346439
61353462383933366132383565303365323339363866333836356662336164363463663836396130
64323831323164633263666536393231643565336665326265386333643739373530393961323032
37373264373433623435623462663165343035663831663331356266663866306561313137373633
31613835636563306435626466343037626463623262613233623932363663316463396364373233
37393334663863383535656235396633383138643032653937623264343437373939653866363832
36363736613166666330626564326133323635316561633466376363346337666162333664326538
34653930306238633965653736383038613536666661666232613335393161623638303834373161
65306132366361376264663036663661306430353932666364333431323131316463663331333138
34373161356539306637633464333662616130313666616565626435623065653834376236306661
35613130306330323561303530393232393162653837666437363337653339623331366266666465
36396430623139306264353137393930613437663961646666333736333936623566326434316333
65376132333465313931363335663233306266393266356566383730646636633361333532336565
30343361633334343733636238336137366232666138646636613461326130336333666430646263
30313633396338303332633933643336636139383531333131633261346131333937646137643662
36313130373563346666343336306335363530643435333039376631353535613334313638656637
30346362653631633264636465323666343433333663346436623738656161303834386564663435
62316531316636316331356138663730303630323362636238313031613137306432633361383930
36643164313164613933643433626231643264623035626539353066396161326566636333333931
66363334623232633063653335373662653534356563663231373264353735343838393938323036
36343162336665393437363863376564343033386138653564386431643731376235353238626161
30643734363961643438613665326634666664326331626236346563646432666561336133623266
32306532386635656536353333356331393735646262653532366232336238663738633465623235
34313537373038383662643030376533373161613739666463363436366230306664386338656337
36616233653462633735356335646261623834393361663832353835383337356265333638393835
61316237303435366666643665313865323761313661656266666239373166363234333966336163
62643264633635393832653839646635376634656662663966343335323435303938343733326265
34306137336261376235653765613062346535353536306163376162623632303838373230616130
39333765663863326332396666326331646438656262623038323964653734333537346564663732
63643439393933396639396463303837626463666636633937356539353564313339383432333766
61616563396364333030643064393364633661653933323764663930303537396135313764373063
64326330623537616238646536353733626164326262653762333533633539346266346133613436
34643734613962353838623237396235666562303038313264663834353266333336313866303433
33663832616533626566393238616663383731306637303163656235336134303133363538393834
39656538363864643138336431333832326633663666346636343838366363323835653037613364
35396136383661316462306437636434656535363632663839333536323933326463333730323864
30636239386638383131363465393336653432376636653762346261636364633634393038323565
32343164396637653336336133646362336238373630666634383439353137356537396337613462
63373438663132636161333531386233666263303939363263333963346539366462356538353936
37383162313237343563386135376564383631643932646436306430656261316531363530383665
36613231646138616339663861303963396131623835313937313661396562343661306331326335
32323761626436313139363233613234646138643066633633666539643462393066653432313630
37326662633039373330623266333565623637313663303135663635326238396631636564633566
36313436346333613538333537393634383363656234343538633466613934343437356135393134
66393933393735326464653965303933346362383464343537306263333661386631303230333536
34353635613836306238306464353332666336626533346530303836666431346462633265386635
61306134353239393966336539633566393436353461386136656237633839373733373132396534
38323938353665306662383363646432643162333838636232303861333461356461316230386231
63636133666530363162613636626666633464316264666538323233393439333561326130386335
37613039313634643731366534303938303330323862316535393534336232663564353165626262
38343863343834636461303862313832616564666535303463373032343031366466623166626534
61336431616431363662616464613636393863363863376230643137343432386564396162346265
63633663386566386633633833653138626537373265343730616236396633396138303233646634
34303535336539616335376564323564303233333635363538373861376331373339373262393232
62613264656339356131646262623732366366373739343230333361643834646461376433646361
61623365326335366561326335343431646535353832366662653635623136653561333733666334
37346439343431663338313133326562363763383036316661313938366630613162303230313534
34373733326537386464366434353337363931316134636238613764366339366431336337633966
31653961616361646438373837396433303162346130393466396637613535366138393838626432
38616635623937626634346339376364353863376333306366313862636463336566313466376439
37326262366231643463643536366236663335323964353234643633303234663230346232346333
38333963656635366635363238666337643337323734333562313765626430653237623831373934
36643135353964643066336364633631346665616330616635633366333633323964393831353166
31353732316530386238316232646533653738386332386132343330613361623134356333393463
63613861323332376530623137306230623532313835323066336338383561323933303837626162
38646364316439666236306335643832333932353665383061323466376333623263656234636438
37306533626239643233383633626331303636653163366139393733396332316461663437336134
65306561646364333564633831653933323866623363653137303733393561326466383832333161
32326631386230303537383035326165653731326365633863313033396361336536633834316663
62386239363434326331633361663464383232626563353230353964366533386139326438663461
36393438343539323030336461316433386663636661616336636337636364363436396433656339
33313836666366613238343161636430313165626132643839643939653730346536393765643232
31356366643634383736386230623830393439633965393537336131613334306131316632656532
61653866356437363730386361336464333032633364663133626663613264336565336362663531
37316236323734393030346132383238653265393364613734653836326666386532613962633061
66303766313837663331636562303534373865613261306639656161663832303539666264336463
34656335663837353531343038313231623834386462613431666232656564373931633931646339
35376232643163653663353430663939623466343065316634623262313634633865336463343730
30366163343266653139353838333762313733386534336138353266373464313838383734636365
65306138313931393130306461663731386533343266623361313335353634643464633533373363
65373131653937643633363432356361616136303766343230366363656664626334303837613362
66643764326234616639663233636663623036396633323333323161343539306237326330386532
38353961663133386639643861653239363830656663376530313435323561613839663633323531
34356463386138633430383266306534343130343937346133666533613834663837653565633034
31646235303763616366343537356138633966636236343162643832323739313732316265383437
39666138336332343462306261303261333436356263333131626230353964653436303834623565
38353132373461653764306264633663363433643532306661316662393665353961663130353030
62666263333163373434643166386364383238353137633835303061346434383633336463663138
37333535303739363736376339323064393866636632373136353437613338656365313965653662
30633564396362316664323630643264623837366363383061323135396465623636366135396165
35363863313761666333336535326535653561323861373132303834646366633734633430306436
64366134306537623136326239363833636533656163346365393638666138363435613961663235
31643138653862643538633739333036643531316237363230626566663164326337663032363832
32306161363339313766383239623537313130333735323265376262386233616331323136333266
30666437366562643835303262333137366666646361653262643462393133386237316438326430
61643063323434636362303164376539363932623235396232623031303039366336376332333634
62386466633836313863623935376136643430333737636638313738646563386335393831316536
65353132346463306335323636373739323834626165623464356434623963313736613832616566
32616436303063376638353234663163356433343936623039646165666566653933373838666536
64306262336262616639646266326532616462643934643661623738613239383733366563333930
39336262653234653862343364373562396534333132613930613561326361633936366232336138
62613238303135343536303366633161613432366365643634376433353338393736613864346162
37633138353834343566616435323736656565306632623730626238376462366532323566666232
34336666323933613933613337643537666435336261353664363563633463386162393831326137
65343933336330633038636536386332336538646439396330316135616266666463346634666135
34323963363332333137396535373962623464636234646163303866356461326432623635343765
63613732393130623332306462663066626664383439613164393966346238643135346230623330
32343931666631663830636161666638613839326366373064643466323061623932336363376462
36343336323363633066303537326566656564363366623038383436643530326562303833656464
31356430626265613239333833326639316562613035396530326263343261316434363638306536
34653037383264623531363530336336366363303532363464303662333162393962346237383564
32656262306135646131623136623434653133336239333636356132333532366637643866376633
33393766366463363662396261636333323333383734663837396461356637343638353630303935
38303132386664646261656532363430653439626330623964333339636333386431316430663066
61366162643139633663363665653365373939303038623962393030313133656534653430663363
38666433383363306166393732636334343666316162616532386330396437386439373337353531
30636432376534326438373161656661363931323964373235666631616461323932346439623536
64633835656336633564313661343363313563343466343366346564356332323336366434633936
38303538623536623563383834656363303234646662343030373265386636353632353633313131
32396237303165326130636466376435303136636464326337656663323933363135346265303066
34636235623139333832373535663165306534383136616230663430613136373236656438383130
62393336643839366562643239626531623133383431623834303134326263663233383464326261
32366434316662623565623761343863616233353639343161663437373337303263393962613436
64643061356161656235386633363436656230613063323834386539636131643266306464613665
38393835633231643436666535343561333362396265633538333633623963653539316235343631
62663566393739363166336432326665373765373836366263303935626364366533383732333432
64616162646464333961396364343965646330646436613731386666643334383036663438346632
37316362613564303765383661623839363363363535643462336465326634336330396663666662
36663133643132323432646431313731303664383264306530613061363630633038363964663232
36383837326431653230366134616363323136393036383031346237353462383335363931626562
63373062373134636637623739373135343935386332323762376432623461323933306439373337
34346561623465383439316136623066383861376535373566336436663762663266653730393730
39613336633139336166303935376431326436303262623639343264666666613766643338386265
62346364376537363462313633633533393663386237393837613638643964366232393330366535
35336365323465653831366566326536356166393130666333386461326630656635613765353530
65653637343661373432313233363766366464396230653432306563653664666130333635623539
32386134396235616230636339633432626162383866613437353761633166656438353965393365
37333632353536613230666435653031663663313832316166656138663965343965313331353430
37646230306561663762373032353739616530663433663161386430643938393934653639643032
63343665386664313036386162323836646562633733643366656639633662333631323961616238
64656264346364363964623432646433633232653766343964633437623138323538626337356439
36343564316463393431343564396236623032313032643632666139383538353333326563326562
37333664353730356135326437333463336334663331666430323539653363306435343661386435
38383236336564633537306632303336313964313432363234366234316235366630356236363765
61366364626434313865316531666639323432366436623935363266633031636165343662636132
33323366316431366637393664326266666131616666303065393263343361633431346336376138
66656163303161313638346264366533396639343461643232303237643336393361613266613662
32626364643365373738653035313761623863353438326131616538373430386266613433386564
65393063626433373662653039303934393764313739313530383263653738653136316333623233
65396635336564373062383230306261656337623766316464363166636239373139646161663030
37613936653266366433626561653635383962326538376432613366353731353566613065336538
35386662393063663634386431336265333031353738616635626564643161373331306536313937
39316238643536363465366435646632333738316632343139356635356631306261343563666138
61393334343930396661373861313463623766363133303165653637643434343365323061646362
32356166636531383135663835326162613861343465613237643363393566323830613066623562
31343465353739633866366238356335653534313234626335396639626561383437323061356662
31346636373533393538643063346133663865393962646262613039326230386137376666326562
38383331653165656438393464303630626430353762626264353164653338333265303865383463
34346233306335613561393662396230653363343564326238333261383262396233306239396363
30613539613761616138626161666232303664386638626561393530636161663565303162643237
36366232653664356465326535303833373035613031313536633965656466666234383134653935
32396538396434353766303632303739656666643939333333396262616234366638313134663463
66353361303864306161653135383562336365373663633361613963303436383564623035643931
38633635353739393937346135313764653964313534326130383066623436616134356561373932
64313235313230356530323664393635373931303736316238343563303838643732623765336231
37396636643662363433333761646534653061656332393833393439363261653966656663616433
62323664306130656239313735343338373964643239356230353534623939393262303661633134
32323231323163633464663637316361623334343030613331643136313162643964666661386239
37373663323766323537383234653139633064373864386536663464303433313666653838613036
61623763343832333666313535343032613832383266383336616635393866313332643166633133
35393262356564623965383432626263323931303632643634313233653066663534386366656530
36356539313864363132623631316437613033363966633135623930306136663430623966396662
36303839333962386530323233376338383632643166343534363930646566633762383166323837
66636661623539313331393333386534373734383333343431666561386564316238343438633361
33623132336566323031633132616166373738613432313366313237646131366566636361313834
63623237643662326336633537316134623534303934323339616431353566383165326161353563
30316361353036313161316262343132626661316164643338333465336365363137323363326134
62333838663635663234373733383831313438356231646534373132313632323231383762373263
31363833613063623330666362383530303962306338656264336636626331666239326337396362
62326338613964353335623239393966393733323966323632383130633736646363383538303863
64323935376465333531623761386464303261336138636134333763373431666232666434316332
63643433663631643662626532393731393365396535646132373931323664636661383565643363
36343836323339646632376265333736386135663461633931373039623364666232393462616261
30363735303533336363666235303862653865623739383737303830653332373936646137653262
61326264323863343036333636663366373232633061643538383263373337636138393763396434
61333336613361313132373762666264313336366639346231396437393934363564656566366439
62383230346135623563343131623763663637333163393365626139613335613939626262316232
34613035303237653837346339623065383633343432303031306464353665623963653261666231
62626438373133633764656334336532376630326533316661333330333065363562396635336264
38386131653763616634313464666133383831303361366365313537396365376438373632343765
34353730343464366663646138376431313164306333323265373562356563363661363831313039
65303038313163646233316661376265666263636461613465663730336538343261333239646236
33396636386235323766353438356561633963613862353563636432643363396461373038363165
34653237313562373962336261616631333932316535626264643736656337393166653031656436
61633230306662353139336265363732616432353332626535646566393932333561316437383438
36383330383330653039353630333735623066623364666139336665636364386563393936626662
32353334366437313863653666633132646630646166646433356634633361393730326565333032
64326632333035616430323964383665643164633833356135623736396131336335633930333865
34656663326235363163613535666134663232313539333233333436343464333962386639363930
34653337393863623234336364323962306661336365343739313232366263386538393364393437
31383766303237303339623561366439616466313362313135356230643065356564646261616535
35313761343762616337326139353234386364666435366539303736326132643063633665643236
30376362373734666465636335666430643966636663333036356466353839333831363962363237
39643539333835663835643334363537616566333235613037666464383439326634636131663931
61386230313339643635336433313138353062616634643732343132346638636135613237366632
30343330323738663434373534363735623261363138616464663232653364316663303566653936
38373266336162636635633462356163373931626666613434626530326630303936656463396439
38656531353138626235643362626364366361653835393031633234343366626232313439643038
31373361643435333033666131316262353635636537353834313063356533346365396664636531
30663861326635636431653866623561316333633631666362636639333063623139396663346462
34376139363432393261643763623565306636643737646364326463633061663236316335343565
36613430393735656465393438623531663465396639616465653434326335656466623935356339
33656635323462386464653937643331363239653164653132353064383137373238663334323238
38626438313133626430353833353133363662663261646563613236616462623366383331353230
30636531353330663834633264353035616535373164666130636236623332326132306337396664
34373461643731356462373639363466383836623163373165353533333065343832636536396135
63383837366239666533386566633031323731623034386563623539653165633564396434633030
66653663626334643764343439656233633134306537646565663261643632313164343664653539
31323239323165333434346666393534666236616161333465303536343533666435356433316466
33396632626265363631626161386135323334323038313535623733386661393161633132626164
30316664353866626139616261383161363435633634623736653536363864316236613830643135
66666632646164363136316631656433303439383266383766313638646162633335636139346135
37393866316266383037663162663364326264343037313362646133663637633332666230383266
37373162376566363539346264646565666130636337613531653039393934653034346563626133
34333733303966323966643537373364383830646630346535303939323835646236633866333238
31663835623261396464333430363936623634623735663164356339303664363133396330356564
39383837366465326461313130313633353436363262636430366264343332646366356364623239
34623363643663343134313932643630396336653735613831346337656563316434383866343335
65336162356466663361633339383936396339333933393834666433356562366436376537376531
36623864373834396134643933366566373839393439633335376165386362393562363462363465
33343331613661613066666531613961353535653135326331363963313961623061346635363932
39346365313766383038376630316334363536313538313761343939386433323365383034663766
64626138666361363338346161313566333362303563386438336665353564383333343530653932
63393438396439363464383466663830623264323365663237613930643762623635336436366266
65326662626138383165633336306636353630323661386436636637323738386238363133333130
32303861323037613030613235393139373634643831346236616439303634393164626662306137
33316634626238366365656462393837663966313165663863343763393763656661386136373539
66396137336461393830356338356237383663396663613438623364313235376364313831326234
39333535626436643739633762396366376635653536336136353862316164613165306130373863
34633039633533373262326534353036333638333236646134343835653766363133353762353632
35313432386166343964643131613737303934373537323030346265326163363635626661633064
32316466663130373533663133613330646166316666633164356339663337366538306361343164
32306138393433313939333631393735666363653232623165623237613834643764353734373236
38383966643038313764666161633239313462303236636536383134613034303930376238306230
65326630633661373064646132613738653663633239323033393235613366383839643662396631
63336437336363343031303865353266353737373536373334366261323934643433396238306138
36313066393733613366336635636332313533613030633434633661626339373630613265613466
65666663636565636334396533656339363231303534366234663338646161363063333431336330
66343839336331316633653533313234353264613934326563346633353363353636333630636633
38326563323962633263373065663333623364383733343333353834323964633962323737393633
33393263623231303134633232396132383063376533353638643866373138363231306637383064
32316539616238383963666137646564656361333163643035313265313536356464396439346661
39636533656665383566643636306634366531343136333662633635346361333964343239636430
35353035366137616237643032363832326565326534656463303733376562626230626262616463
30666132623438613034353230303132623031623039383562613364333664633538333966336533
33353164636338396434656431306530653866303431303939636131373331316166326539613064
62613362643065643937396339623033353236373536343739346563383666613862623663376464
66373032303461346232623561633763346335626366356166623965316162356131343634613430
36623832326530323233643162353833626137656232356539356664343231636464363836663938
32346238383034333532303035663262343930663062653334613730396238333134313738366666
66323961363361643735303634343063666463376365656235383863663732343862663532353039
63653736626662396334373163306632373335373464376262636639353930656432636265666330
62643637653461396630326534653837303263356464346231653863333537306163393631626162
36353031333361653264616238623436343961333966626330343162393936626134316532643461
31326133343466666337346133613535656562663962303831306438363931303039323665373166
65633738666162356361333664313262343564366331623164646235366632646437303864623239
33383962313166643765383963396262393664343638346561633832663861653831333834343437
34323837623437343164666333616238653465393264343266353737386539616366643039633439
33383461303763646164633832663030323935623532633838653565303635346139653833623136
63646230616139623039623830366435353464653265663832313536653437333437333935623166
39303061653834363663653234333461353065643761613836633531646566366465363863656164
39343361623865356263613137336361666337626364323330633263373263386433343533356535
35393130363532313863313433613761383738383137663132313462636439346338633466663437
31396632333239366338316531333830396237666531323236393532373031386231613832346435
31336139663239363038303361383938313138336332323164373263383165376132653365643436
65363733323937303565636431616366373563376666666535616134366639373734323837323336
65333466663333346635346161303332333737616164353632623335326631653863353966353563
39356364383133333938633034383366616239393661666265663632353161636434656661636465
35343136636561323235373536356635633066633131346464643438613538386335343864343432
38653838653438346530373638643964646663396564316134633439353035383763396132663033
31613831616137343065623562333536313861393538366166623762653536326231376264346561
65366566373533366334623961303961646632666138366364613831366634303833313130323562
33636337653632613964333535336632383464333031366137303235336631346562653062363438
36303662313735616539343238663664656566663933383139383937373164366437323635303935
36343661636635313831303735393066376335343430326562386136393631643462396365383830
34396162343038626462616666356137646537386336356464373361376364653431353239376232
30353933383561366430346164646439326566333039636366323539646666623634633638373933
35336135346238643230643766343835633036393065326661343164383031303433376434666163
63613336616361393437353965353139396637316463393531656234376461616437633235353835
32663531326362363966303966353064323338353530313964336235663134393133323730303432
30623433646362623436333636373730326366336261653563666263616162333761326536383434
34633664393266633536396136346662303936323531393562396532343737376266343731393539
35333330306332636365653934336230363938396336386333623933623734393065306461613162
61623237623162663366643139613335326333356536626234316538623337633966656439663463
38653735303965366131336635306164393031613936316264323035336634653933373036633630
61323463643861653464303062376562323730346138613232306335316165646535636530303131
39303265326566316137633730613531353635656432313633363734663733356536343361396364
32353733353664353136613866363431383062643434393334643532333436653965303336633238
63633339643030336364336233646339653336396638633935383937313166373365633961306238
64373662633335373737613632316433346266336637366139373064393834366632346130353432
39633932393136663032333739303438356336333932333865313133306634353532663363646561
39323339353762323131373038393935663331663334626461396466306264636133666164616437
63316166376631303131313363343839303039353934326633633932356261363234313935643331
64623838653634656430343364373239333339333735633430393963306331353436656361343631
39333636636634643561373165333439306163323838346538383532323836613936623963343231
34343930343564363963363635313939396666333030666637643638643635353864336464343133
31666265373866343539363036643636663963376630316365663632313265343734613865303031
31353462663365376437303965643932333333303761356465616238633934306633356638386364
62336435323961633966363935373137343135383736623966333561366132626130303336636131
35353233616138333534373939353065303935623339373337653662343636626236373963383336
38643737346561313964383438643462373461373765373836346163356561383331366566303432
63373966306532353032386435316137323161323531663536616437376131613335343462616563
37643962656633383630656238666132373231373239393437346132333232373234303663313366
38353439306438316466336438323133666666306564333133373538313232323863336432643234
33623862656536396637643265363030353431303935303337366364663166373531336264316663
64393339343666336661626233333765613839353335396166663234323031616462393938366365
62356333363263626265303561643261626435353534636263306139366332393366396262363664
62323533636362356465363331643433313337303131303131316132346638373138626431303734
66623733383862663335373238643936323262383961306562303937356539643065343238363961
36613762373239326233353138373662616461663433643463663537663163373136663331653463
32306131323836313830613062316131643935343939623039373731636564353364643338663634
34326539643930386632333936613233346362393639383532656661353534376330363536366339
31363365653632633434663934316630353232393431316633373736613964306332636430366235
34343365633861613132373665363561386336656264633164356239653437373634333732353833
64636238636431633936636535386530666634633633363436613132636333313032616437363938
34346136336638626238353234636265613338343236663933356636333130383436353433663465
34663838643834626535666662363636623238366166383765633363356536336538663130366230
38326263313831616163376362613131323237343762326264376436383763383333343635366432
30663938343861643535393661313833313063346539633734386230303763393932626437393139
39336666353532343262313764333464643962643066303564306435336265333534313633616535
63616333633235353136353237613264616266326135333532333164656561393134383934616631
39393732306434393133643831353433653830613231623065343038666339386466393839626530
39646533393661343036613762323934373236653331613963393263656134386538643466343233
33326235663132353532383531303033653134393934636132376133643132393033313939376263
39333962653131646534333638363836373336343534343263383236613937663734356235626266
39613166383935653934643036303966336136326334613535643761666165663063323863386566
30643530613561303139343261613730396261336362666635393032343132363464376363396135
34643337363537646265323037636637636235663435356162306165363866653838393638643134
66376466633539623733613765653363343663396266353236326138373432663063313332326338
61383131306632366631383861666436316561306433346665333634373531306439343733363462
30626532306536633436376166663138323238653639303731336161646533636564653861646539
31323336646131313039656630623830346134366535363935383430336230306332396535373365
65633362383865663462616332333738343331313331323233396333326363336264643165613735
38346530323937356161396164323261393232656461666431643066376530633637653966353732
30616630376663653764353735353733666634333435626532653637643139313834643033333033
32366662306638373734376163366563356537396130623835363562376265363236333737666532
35623763366466353663626533663362333035316264396238656662353462366163636265643761
31383836376562373461303538373336613032316634336665303036316564313033326631633666
35383538336663653135633865633836306538643636653663663531393636303062613265306135
65656631633361333530663466316339326436363636633062643264386535306361633161386163
32383931363738323036323436653434316131366334336139323934303765393136393862326165
32616663333263393430333537336236366139303931356163363561623938343432323564616230
36393066353432326535626130323539623762623331643164333265353837363462336537333338
34316538333330353837356138656138663731643561393461623562623534363133616331383033
63343466326635653037333638663066313065316230363430336135363934303761373235366566
31623366306539393439376166393938333861383265393430633937666365623266356637613663
34623031323966646530373130343461643265633362313037356463653537646333353836353961
33623737656333306534396531323036393134323865643336313535626661366561613762616361
37643062323337373235303963366436633338303632623231616564396466303933626334616662
65306630343065363662333931353231393432363336393038623230653235333266633066306135
30323235346563346464346664313932343163393730386634313462386337363063643435393030
30323737666563373439393763373939366632323565656562366235666332383134333166336565
66366266356331313139343034363862616665333739636362356163623366383063663838663433
33396661313762653461613664376463333062353263623162616462353265336233326235393665
32613464653163613930343361393336633536343538633731373562613763336634313537633836
64303538623664396366366430636533316365343364303464343235616634373434636433363539
61396237303535326365393236323532613533663936363937343834356162623436653634653261
62616536623964373963343138373337376536313832383833636534643035303663393334333233
65626165616436383937343033663739353630326134343435346264653539306436383032306530
33393635323661356565353964653738613638666131303762353439623161646639373132386435
34323038353066626436623034633132373434383030613330653339313565636364363933656164
31653436343066383637343932613934346434386165373766663032363334333938636336653131
32353562616430653934643262393535306566333062366138343237346566353439663936636164
65316564623864616133636662313138633231383339366638613437366361383166383661643231
66656566303236333736666637636466343363366463633638316638363763396362316439613666
37386131356436653431336336653337343638333531633865633836313363623033313065313633
62303939343834633135613461356466333339353632366532646466636230623438323536643531
63306566643137393964633534636664633136613230333634366537616434616263623436353530
36336664383062373864363930613632653539303034613938383766383936383964383530363130
34613632346664333935303039343436316363303731626661373539383034373139646631353632
38323630636365313961323036616132616633303136346263626432643539653530353566383236
35626638353464666563313265313966636139346433323363343463316135393462333737643830
66316432373065663863623463643334383866313939343561643035363032303166656562393734
33393630643966613762333932373964303063643736383734373134393431626438316634643131
35373838643563393538346666656333633266646336636665653630386231666230643639393361
63636637633932373536396530353131376165366630333835366161663433303765353634666565
31366638373362333938313031666465306663386432623837353431326333663063366361343362
63386537613866353833643738613139616432343361346361656636333135643733613466306333
61366163313435656135663835303466376431656238626432303063656164373031396261623761
31356136643739633663643061326566313862356539393136653835316561666530323937303061
39623131396163396565653233326364373730333130653737356334393666366639336634343638
37626236303138383732356561386333626263333039303634633531646235306536363131376437
65363738363031396639646661626535323865353564393438346131353638626465633336386134
32633335616333313363663937343238663065633831666665623766333764653731396139366166
62643265366434326566313532663332646136663664333066666133376438646461643261643965
61323463613565386333303064626562316133646136363464366236613962326630353331373361
66353964396639323337633864633261303633363833663934653265666462373166313333353561
34306432313665346436636262366439373135386164393037663136613134633036366264383733
66646463613736343439663731326231656232393364333365333463333866666634643766396135
38626138356533663033386164666465386663373936623964333333343562396131623433353566
32336236646462323261326265616664366139303933326434363661393735626631633139633262
36643564633763653539313739313563316532643231383266363562613432333431333165326635
32363639363964346462313636643361303231323237626562393137303237346665313338333065
66626431353438303434373865326662666530633266386634613735316366396535373664643466
37666634333439393830343436373530666531663832613832643736313237653439306466313534
62656438636139366663303539653763653336346231613233333564323164393465653838643534
63323666366533626465303631383234383835306231626265323866346137393461333535323065
30303938303536393030346262363931383261653035363561343037396362363836623366376231
66316363343535323537303236353038386630336261346239393538633265323531623836343162
30343263343761316535626562323663636632376365623737303364346437316436376433333032
65383563633037643263623333373639333962643839316663626233643639356432633335356534
62326539373835363063396634383061316562306238316136303164636663623836323765613766
32396538643365303236363534643565373161303338353334373030366230656636646566383238
36366237643938313030653563353861383766633937386661393732363961663733333837626432
66313937393737636362333633343938386365663062306463613065336435356533323333666137
31333533376161643631656364386332303532356163353933336138303038363861636431343061
63613461383633636161363464353063353530643831616538396532346637613433663839323738
34623934666535626130323237306131663936616330396331616539333730616463373332333331
64316337386636313663373762333166333635666461363132356239306432343966643166656636
64313932356630373236383232313437636266343861633537366665613166343930366132323838
66323662346363623863356365626165646662306233613166373464383030353166623335656639
32303934326561646264376438383866613563343131616537613466323833356635303838613761
39646565356566613365383935393937306339333863346536323562383934636332353531316633
32616533366562653162353261656361356233303866316161303736646262656166383066366163
30326165636531343239643466633066353834636339323735373262343963656339313132373533
64363132326337616333373731623135313730623435396637346262396461343434613236396333
39343731383265383336363632313230666665323162336335333331363466346333633834313532
33616236623266303062643330616461386430313334656462333735386439656133363934376131
30363432633539633463356237303137636131663339356330336136303534373735396331656638
30363036633061356464336564383732646137353338663030393636343639643166366161383838
32633938386162306361313464376166336366313430623234313766353334363362376236303564
34666232666663386133623934646539323362333366353235643336616464306439343430626639
66376430656437663630636332363762393739383165373034343836306536346630613935336665
34636664313865313232616638653562306361613863663763353338653932633137363664613561
37646530393961366433623938346631356134303562626437613561623530323932326430366638
31333362306533653935643330633135646337343437636239366530313461643633396230346132
30313535613463383937373766666234306132656432643264373438393437303166343130323830
34383834386536366130346235386334646366393963656564663231346439383938623731633337
32316262343761326566643238343335346134666331646534383765303837366632386630313434
61353361623233663430373130313566333534346262616563666263366138393638316132396230
65626261396137326530656466353236643733316261306132656161613066663062633130316663
62333432346366653832643066643834303664346466633535306236373334616164383333313463
30306335666636383734356130393038313130656263633039653064353936376433376264616438
32383536343762363463633534353062343234653261316236353663623337643530343635653563
64393337393437663465363130646666643162303238346234633036386563663634393634613039
34396665313130323238366131636465376261343535653565666338376661343763376661623234
62363034326637313436346263643537646338326532353732613234613034373331343262666435
65636162376465633833626538393631363934313164656535616333656637393632646539663037
62626562653634666363383030323034613732616138383963323734313431376231366264346664
63343636303362316164366132383065346663633035623538323763633230346166363562656133
30386630663435313131303263366663356162626635613365386166313462303461633663333936
31306266646234383638643637353130666533306162323562326130393965646263656335303164
37623531663662633662333730383231306131373137323266663534313966663832343932326331
64353266646464326133356330663432326133333739663439326239313364643632353533373961
30613562336265393862396264636463616636323662376266373434356463393039623635646364
37616137383136616536333632633463626530393266383263373862663666383532313830393537
66633939383364373031626431666333353138383063613237663939646531323965376662396264
61656263613135393537306336396365383234616135663635373031313231363465636633613665
33633163613433316339613365373139313133303532303034336632346261323133306334646462
37353033343631333765376633363734303135666338323266356436336263396363363464313830
61343639303230376135396335306332653832306537353061376139636436653431333362396137
32656561383338306235396233313636333364613734346139666634613937383336373962333731
64333136663832366463346531356661366531333335326666396561623564663465386533343130
35643636386133626164616139376435363236316338356366663763316236356566666465393435
31663034363163633434343061333939333639653138633163303333396233303534633330343366
35316430326135366535303632613630353339323866626337626433653862623930346562373063
39346663636633326434663230393934393961653938633832316635363934353535306263336330
36666263663263383439323131653738613830333031306337363565386666373461396434376465
61366238323538353639316465396261393337616431316563656533396135303364623231643664
39323231666138376464396533626331343238313563326666376637333839316530616633333930
62366636663930316463666565666163336465646564353365303862376666313533306266363834
64306265373163613762613037646365303334323330326561333831643733613433336362373833
63623034616262303166623664616338323565393763383534663830303162613432613337396461
65323530613834303438656336303230643062303964316635356637316634623066353731336638
61323965636432663761313434636464306634613735633530316631376564633232653534653962
66633132643766323363346632323939636437643064353163623766373438636434333236363762
38363736343465326662313031386266336266356533306362383564353566393531663162643333
64626235646131633836346363646633666563336166343963623135666462366161303138346465
31613462373135303063633537643632336364633439633861323638653533386538316238643137
36626536356436653836616238623363303037633938323033343364663237613766386461393638
65636434353837333163613931396539326465303637646266396361613336623963383933663361
62333331373734656163666133323538356365633263313639306636316137613033353965653931
39656239303532633837626135313433393535336537656263373433386639303065356662636661
30346634353561613633326165363364376237323931306231623661393161373739333639653961
66383137303339313735346665626538646537333166623237346462633261646266613738363833
33303664653933643362666439326230303337656330656633376566646133623135303632653631
34363766313562373431363736653633666161333963623031333762646461363461396632623033
32633962636133616634303464323963653334626530626530383666363530326238663862333336
34326435323837356534656464623439363730353463366137366664393062626536393539303331
33396561636235656666316664343431653661316132303331353364333433396439373137343232
64326561376561336361353162366263336637393562306431656366626662623832386463303230
39316162373764316365343634663638623935346637326361633933326466373937333865353732
61313464306437303661663036353563343662643463613066663239393637343966653635323661
32303130336266313361636564363066336635666231623136313636326633306633336232333130
64336264393530373332353663316262666134343663623464386361653535343931633939313238
62623838313031336230316437396366316137316462323039313261353264653438656261633965
39643733623864343630656461393639323434343964323432306337353339346461396664396138
63373739643634363133306130636632623366393932316363316132653437633639333463333438
36313038393335383438333239663632343337376164333836373636313038306235656438383331
64633264613835373762313432356133386437386361636335663935323231343663396366396166
66313438613138333231343437306333316532646436346236326331623137656162386637616561
64636134373562643737616239326238393030326239323434306239393430373766356632396464
39363765613366313962366132366432363533613333636331653637333862633537623331393561
30303833366332636437326630373334653431396136316166626262393031656535353461306564
35373366386231613435343962376137633331313033636663306535633362343430336339636334
61323930313264303066323833383639343832616530373831653534613438303834316536313636
30383765376331343736613862646134363231626331333034366338303861366432626537376132
31656637623866386235636265346136326138363264366665653761626232333332316165366439
63636261626138633230343935633239353036386439353631303366643161383537343162643837
64643362393466366333303333613731643365653366633837323864316331366363653635666435
63653465316434613664383438353033653331626331616463346130383832363735643365396632
39623839313931323738363830613963623037386531326333616634313766353733303334343563
66303836316234303364396665646433353565313636616466373430643261623563643464653665
37393833333333663339396165326366326133376435656661623435323064643765643830326135
31313735643332366332366363356231313261653962323733303535356263336531336331633061
35643764353136313931323037386431353532313630653962323934306438386465353839316338
35333332663131643930313439656132316231323332383565626662323462653265633333623966
65613264356234303563646330656630373632366533666662653439373233343763646166363864
65623566623365326634636232353064333963383739633162386631336434646631366661333965
30333036646233316562663965366137626633363135656563346537663963373332373830353630
65353835393130653637616230346663366638623436366234306131646639656463306438653639
62623037356532306630376662636130336164353464643038353738353062363935313464626136
38623134656265373335383335613339383730316634333265633137346330623631393732333433
39643862663336346330633730353234353563616435303864353433386531663436626364623238
36386430393431613539336630376434626637623830653630393163383634626263323765653937
63316364373862643437653634623037326536336365366666383133303736363064323766643761
66633066646139303234333938356131663863393338356639353464316438633965663764623433
65353165303962363462313432313136643735323134616331356333313564323435613333316166
64353438323738363938346162633733343232316161326265326130376139336462623337653131
31653235323539386139303632643832323232376334613431366535626134326432643038653837
33356534303132306138313762396533656237623437656533336366303761623732646164383766
37396632653462616130316430666437663535663639643863393339336664613239646132666138
32663830663235616432653934633930323361626438373264303739386665353430656638613438
39383536633835366134333764333732643132366533333866613064663564613535303733633532
36323061383132653434353439376635323137393535353236396361613165643332353466396561
30613432313966633239306538663734383932376339346431393030336135383539393532333035
38336466613237366433613631663966663532646131663530336366623037626632386330383837
32383465613032333162623030346665373764396463363634616462363835343538336232616666
33656262613362393463336434646136343337633764303638616330323136636435646339333137
64306630376365333161353266373466653632663038333934393435316563613866623433393238
31613930666563616466396338666431333431363234326337346130616261376432326535343630
65646439326361623636

20
ansible/plays/services/syncthing/config/key.pem Normal file
View File

@ -0,0 +1,20 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
30383836353130323131653139643365346335633063343362656530663538393435663335613132
3533343531333434376632333630343364313061633066330a373263393966336430616530386564
32313530333939333035393863623932666261316664666132366331626561306230306238323733
3230396463303764300a643831633734393964363534343932303039323161373239363766643037
35333362666332346133363063363466343338653963353333376162373331316433326436353738
63323339346134626131316136663736313737653866393135356262363832613262316139613963
32646532343639303732643432306239656135663363643263393832383936373837626665616662
37373865303364373035363832633932323233396336363863336338613237623637323665386536
37313164646266663135336432363963643630366434356230626663343534376330343461366664
33623261313662663636346361386332343630396164616137303364643661643736653462323062
32613335653732373365646566393930666561383465376665383531393037343638633763633563
38613164373332306237373737623839386336613166333139656264336131326631343438373235
31343739363366396464623662373539613433346438626335303765623738393930666430303139
66386264623666393234623032386135323231653965393466656634353532616530306265306666
62663039333231316130353061313233666639633563346635623464363135383863666532323432
63376664343630633631393232636364633036636230663864323437636439623961613634613638
38626161646166336138373931393464633030323338663763383135316665346137646139333530
61386233373538636433363832363537313766363566623961346336353532303761313664383032
646138346562616433343462303065306236

24
ansible/plays/services/syncthing/docker-compose.yaml Normal file
View File

@ -0,0 +1,24 @@
---
version: '3.9'
services:
syncthing:
image: syncthing/syncthing:1
restart: unless-stopped
ports:
- 22000:22000/tcp
- 22000:22000/udp
volumes:
- syncthing-data:/var/syncthing
- ./config/cert.pem:/var/syncthing/config/cert.pem:ro,z
- ./config/key.pem:/var/syncthing/config/key.pem:ro,z
- ./config/config.xml:/var/syncthing/config/config.xml:ro,z
hostname: "Netcup"
environment:
- PUID=0
- PGID=0
- TZ=Europe/Berlin
volumes:
syncthing-data:
...

1
ansible/plays/services/thelounge/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=thelounge

18
ansible/plays/services/thelounge/docker-compose.yaml Normal file
View File

@ -0,0 +1,18 @@
---
version: "3.4"
services:
lounge:
image: thelounge/thelounge:4
volumes:
- data:/var/opt/thelounge
labels:
- "traefik.enable=true"
- "traefik.http.routers.thelounge.rule=Host(`lounge.tobiasmanske.de`)"
- "traefik.http.routers.thelounge.entryPoints=websecure"
- "traefik.http.services.thelounge.loadbalancer.server.port=9000"
restart: always
volumes:
data:
...

1
ansible/plays/services/traefik/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=traefik

79
ansible/plays/services/traefik/docker-compose.yaml Normal file
View File

@ -0,0 +1,79 @@
{% set deploy_traefik_fa = with_fa|default(false) %}
---
version: '3.9'
services:
traefik:
image: traefik:v2.7
container_name: traefik
ulimits:
nofile:
soft: 4000
hard: 15000
restart: always
network_mode: host
privileged: true
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:z"
- "./traefik.yaml:/etc/traefik/traefik.yaml:Z,ro"
- "./dynamic.yaml:/etc/traefik/dynamic.yaml:Z,ro"
- "acme:/acme"
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9091"
- "prometheus-scrape.hostname=tobiasmanske.de"
{% if deploy_traefik_fa %}
traefik-fa:
image: quay.io/oauth2-proxy/oauth2-proxy:latest
restart: unless-stopped
networks:
- metrics
depends_on:
- traefik
labels:
traefik.enable: 'true'
traefik.http.routers.oauth.entrypoints: websecure
traefik.http.routers.oauth.rule: Host(`traefik-fa.tobiasmanske.de`) || (PathPrefix(`/oauth2`) && !Host(`rss.tobiasmanske.de`))
traefik.http.services.oauth.loadbalancer.server.port: '4180'
prometheus-scrape.enabled: "true"
prometheus-scrape.port: "9091"
environment:
OAUTH2_PROXY_PROVIDER: 'keycloak-oidc'
OAUTH2_PROXY_CLIENT_ID: '{{ traefik.oidc.client_id }}'
OAUTH2_PROXY_CLIENT_SECRET: '{{ traefik.oidc.client_secret }}'
OAUTH2_PROXY_OIDC_ISSUER_URL: '{{ traefik.oidc.issuer_url }}'
OAUTH2_PROXY_COOKIE_DOMAIN: '.tobiasmanske.de'
OAUTH2_PROXY_COOKIE_REFRESH: '1h'
OAUTH2_PROXY_COOKIE_SECURE: 'true'
OAUTH2_PROXY_COOKIE_SECRET: '{{ traefik.oidc.cookie_secret }}'
OAUTH2_PROXY_EMAIL_DOMAINS: '*'
OAUTH2_PROXY_FOOTER: '-'
OAUTH2_PROXY_HTTP_ADDRESS: '0.0.0.0:4180'
OAUTH2_PROXY_METRICS_ADDRESS: "0.0.0.0:9091"
OAUTH2_PROXY_PASS_BASIC_AUTH: 'false'
OAUTH2_PROXY_PASS_USER_HEADERS: 'true'
OAUTH2_PROXY_REVERSE_PROXY: 'true'
OAUTH2_PROXY_SET_AUTHORIZATION_HEADER: 'true'
OAUTH2_PROXY_SET_XAUTHREQUEST: 'true'
OAUTH2_PROXY_WHITELIST_DOMAIN: '.tobiasmanske.de'
whoami:
image: containous/whoami
labels:
- "traefik.enable=true"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
- "traefik.http.routers.whoami.rule=Host(`test.tobiasmanske.de`)"
- "traefik.http.routers.whoami.entryPoints=websecure"
- "traefik.http.routers.whoami.middlewares=oauth@file"
{% endif %}
volumes:
acme:
networks:
default:
driver: bridge
metrics:
external: true
...

39
ansible/plays/services/traefik/dynamic.yaml Normal file
View File

@ -0,0 +1,39 @@
http:
middlewares:
metrics-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "192.168.0.0/16"
- "172.16.0.0/16"
- "10.254.1.0/16"
auth-headers:
headers:
sslRedirect: true
stsSeconds: 315360000
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
sslHost: tobiasmanske.de
stsIncludeSubdomains: true
stsPreload: true
frameDeny: true
oauth-auth:
forwardAuth:
address: https://traefik-fa.tobiasmanske.de/oauth2/auth
trustForwardHeader: true
oauth-errors:
errors:
status:
- "401-403"
service: oauth@docker
query: "/oauth2/sign_in"
oauth:
chain:
middlewares:
- oauth-errors
- oauth-auth
deny-metrics:
replacePathRegex:
regex: "^/metrics$"
replacement: "/"

40
ansible/plays/services/traefik/traefik.yaml Normal file
View File

@ -0,0 +1,40 @@
log:
level: ERROR
metrics:
prometheus:
addEntryPointsLabels: true
addServicesLabels: true
addRoutersLabels: true
entryPoint: metrics
providers:
docker:
exposedbydefault: false
file:
filename: /etc/traefik/dynamic.yaml
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
metrics:
address: ":9091"
http:
middlewares:
- "metrics-ipwhitelist@file"
websecure:
address: ":443"
http:
tls:
certResolver: letsencrypt
certificatesResolvers:
letsencrypt:
acme:
email: webmaster@tobiasmanske.de
storage: /acme/acme.json
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
tlsChallenge: true

1
ansible/plays/services/watchtower/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=watchtower

50
ansible/plays/services/watchtower/docker-compose.yaml Normal file
View File

@ -0,0 +1,50 @@
---
services:
update:
image: containrrr/watchtower:latest
container_name: Watchtower
privileged: true
environment:
DOCKER_CONFIG: /config
WATCHTOWER_SCHEDULE: 0 42 * * * *
WATCHTOWER_CLEANUP: 1
WATCHTOWER_ROLLING_RESTART: 1
WATCHTOWER_NOTIFICATION_URL: "matrix://{{ watchtower.matrix.user }}:{{ watchtower.matrix.password }}@pantalaimon:8008/?disableTLS=yes{% if watchtower.matrix.options is defined %}&{{ watchtower.matrix.options | join('&') }}{% endif%}"
WATCHTOWER_NOTIFICATION_REPORT: "true"
WATCHTOWER_NOTIFICATION_TEMPLATE: |
{% raw %}
{{- if .Report -}}
{{- with .Report -}}
{{- if ( or .Updated .Failed .Skipped ) -}}
{% endraw %}
Updates on {{ inventory_hostname }}{% raw %}
{{len .Scanned}} Scanned, {{len .Updated}} Updated, {{len .Failed}} Failed
{{- range .Updated}}
- {{.Name}} ({{.ImageName}}): {{.CurrentImageID.ShortID}} updated to {{.LatestImageID.ShortID}}
{{- end -}}
{{- range .Skipped}}
- {{.Name}} ({{.ImageName}}): {{.State}}: {{.Error}}
{{- end -}}
{{- range .Failed}}
- {{.Name}} ({{.ImageName}}): {{.State}}: {{.Error}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{% endraw %}
Updates on {{ inventory_hostname }}{% raw %}
{{range .Entries -}}{{.Message}}{{"\n"}}{{- end -}}
{{- end -}}{% endraw %}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/core/.docker:/config
restart: always
networks:
- default
- pantalaimon
networks:
pantalaimon:
external: true
...

1
ansible/plays/services/wireguard/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=wireguard

32
ansible/plays/services/wireguard/docker-compose.yaml Normal file
View File

@ -0,0 +1,32 @@
---
version: '3.9'
services:
wireguard:
image: registry.tobiasmanske.de/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
security_opt:
- label:disable
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ./wg0.conf:/etc/wireguard/wg0.conf:ro,z
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
restart: unless-stopped
networks:
- default
- internal_services
networks:
internal_services:
name: internal_services
internal: true
...

Some files were not shown because too many files have changed in this diff Show More