semaphore/host_vars/scaleway_fr.yml

---
  #######
  # APT #
  #######

apt_packages:
  - name: openssh-server
  - name: proxychains
  
apt_repositories_sources:
  - deb http://mirrors.online.net/ubuntu focal main restricted
  - deb http://mirrors.online.net/ubuntu focal-updates main restricted
  - deb http://mirrors.online.net/ubuntu focal universe
  - deb http://mirrors.online.net/ubuntu focal-updates universe
  - deb http://mirrors.online.net/ubuntu focal multiverse
  - deb http://mirrors.online.net/ubuntu focal-updates multiverse
  - deb http://mirrors.online.net/ubuntu focal-backports main restricted universe multiverse
  - deb http://security.ubuntu.com/ubuntu focal-security main restricted
  - deb http://security.ubuntu.com/ubuntu focal-security universe
  - deb http://security.ubuntu.com/ubuntu focal-security multiverse

  ############
  # ALERTING #
  ############

alerts_cron:
  - name: storage
    weekday: 0
    minute: 0
    hour: 15
    user: root
    job: "/usr/local/scripts/alerts.sh storage >/dev/null 2>&1"
    cron_file: alerts
  - name: load
    weekday: "*"
    minute: "*/5"
    hour: "*"
    user: root
    job: "/usr/local/scripts/alerts.sh load >/dev/null 2>&1"
    cron_file: alerts
  - name: cpu
    weekday: "*"
    minute: "*/5"
    hour: "*"
    user: root
    job: "/usr/local/scripts/alerts.sh cpu >/dev/null 2>&1"
    cron_file: alerts
  - name: ping
    weekday: "*"
    minute: "*"
    hour: 12
    user: root
    job: "/usr/local/scripts/alerts.sh ping >/dev/null 2>&1"
    cron_file: alerts
  - name: ssl
    weekday: "*"
    minute: 0
    hour: 15
    user: root
    job: "/usr/local/scripts/alerts.sh ssl >/dev/null 2>&1"
    cron_file: alerts
  - name: storage
    weekday: 0
    minute: 0
    hour: 15
    user: root
    job: "/usr/local/scripts/alerts.sh storage >/dev/null 2>&1"
    cron_file: alerts
  - name: backup_git
    weekday: "*"
    minute: 0
    hour: 18
    user: root
    job: "/usr/local/scripts/alerts.sh backup_git >/dev/null 2>&1"
    cron_file: alerts
  - name: backup_vault
    weekday: "*"
    minute: 0
    hour: 20
    user: root
    job: "/usr/local/scripts/alerts.sh backup_vault >/dev/null 2>&1"
    cron_file: alerts

alerts_storage: scaleway
alerts_load: scaleway
alerts_ping: ovh
alerts_health: scaleway
alerts_backup_gitea: scaleway
alerts_backup_vault: scaleway
alerts_cpu: scaleway
alerts_ssl: scaleway

  ##############
  # LOG ROTATE #
  ##############

logrotate_scripts:
  - name: backup
    paths:
      - /opt/dockerapps/backup/*.zip
      - /opt/dockerapps/appdata/vaultwarden/backup/*.tar.xz.gpg
    options:
      - daily
      - rotate 4
      - compress
      - missingok
      - notifempty
      - create 0644 root root
  - name: dockerapps-git
    path: /opt/dockerapps/logs/homeserver/git*.log
    options:
      - rotate 12
      - monthly
      - compress
      - missingok
      - delaycompress
    scripts:
      postrotate: docker-compose restart gitea
  - name: dockerapps-grafa
    path: /opt/dockerapps/logs/homeserver/grafa*.log
    options:
      - rotate 12
      - monthly
      - compress
      - missingok
      - delaycompress
    scripts:
      postrotate: docker-compose restart grafana
  - name: dockerapps-traef
    path: /opt/dockerapps/logs/homeserver/traef*.log
    options:
      - rotate 12
      - monthly
      - compress
      - missingok
      - delaycompress
    scripts:
      postrotate: docker-compose restart traefik
  - name: dockerapps-vault
    path: /opt/dockerapps/logs/homeserver/vault*.log
    options:
      - rotate 12
      - monthly
      - compress
      - missingok
      - delaycompress
    scripts:
      postrotate: docker-compose restart vault
      # name: restart gitea
      # script: docker-compose restart gitea
      # - postrotate:  docker-compose restart vaultwarden
      # - postrotate:  docker-compose restart grafana
  - name: dockerapps-backup
    paths: 
      - /opt/dockerapps/backup/gitea-dump-*.zip
      - /opt/dockerapps/appdata/vaultwarden/backup/*.gpg
      - /opt/dockerapps/appdata/vaultwarden/backup/*gpg.1.gz
    options:
      - rotate 6
      - monthly
      - compress
      - missingok
      - delaycompress


##########
# CHISEL #
##########

# SHOULD BE IN [server] GROUP
chisel_server: true
chisel_basic_auth: "{{ chisel_client_auth_username }}:{{ chisel_client_auth_password }}"
chisel_service_name: chisel-server
chisel_config_name: chisel-server
chisel_proxychains_conf:
# chisel enable socks5, reverse and basic auth
  - path: "/etc/chisel/{{ chisel_config_name }}.conf"
    regexp: "^SOCK5=--socks5"
    state: present
    line: "SOCK5=--socks5"
  - path: "/etc/chisel/{{ chisel_config_name }}.conf"
    regexp: "^PID=--reverse"
    state: present
    line: "PID=--reverse"
  - path: "/etc/chisel/{{ chisel_config_name }}.conf"
    regexp: "^AUTH=--auth {{ chisel_basic_auth }}"
    state: present
    line: "AUTH=--auth {{ chisel_basic_auth }}"
  - path: "/etc/chisel/{{ chisel_config_name }}.conf"
    regexp: "^HOST=--host {{ chisel_server_host }}"
    state: present
    line: "HOST=--host {{ chisel_server_host }}"
# proxychains replace socks4 to socks5
  - path: "/etc/proxychains.conf"
    regexp: "^socks4 	127.0.0.1 9050"
    state: "absent"
  - path: "/etc/proxychains.conf"
    regexp: "^socks5 {{ chisel_server_host }} 1080"
    state: present
    line: "socks5 {{ chisel_server_host }} 1080"




##################
# DOCKER-COMPOSE #
##################

dockerapp_tree_volumes:
  - "gitlab"
dockerapp_tree_base_dir:
  - "/opt/"
dockerapp_service: dockerapps
docker_install_compose: false 
pip_executable: pip3
pip_install_packages: 
  - docker-compose

dockerapp_compose:
  version: "3.9"
  ######### IMPORTANT #############
  # This is my main docker-compose file with most of the apps. I run docker on other systems with smaller stacks (web and synology).
  # You can copy-paste services from one docker-compose file in this repo to another to add other apps.

  # 90+ Open source docker stacks
  #https://github.com/ethibox/awesome-stacks

  #FROM 
  #https://github.com/htpcBeginner/docker-traefik/blob/master/docker-compose-t2.yml

  ########################### SYSTEM DESCRIPTION
  # DOCKER-COMPOSE FOR HOME/MEDIA SERVER
  # PROXMOX HOST: Dual Intel Xeon 5420, 16 GB RAM, 240 GB SSD, and 2 TB HDD
  # VM: 6 CORES, 12 GB RAM, Ubuntu 20.04, and Docker
  # 32 GB for /, 64 GB for /var/lib/docker and transcoding, and 1.5 TB for non-critical data and rclone cache.
  # Google Drive mounted using Rclone Docker for media and Proxmox backups

  ########################### NETWORKS
  # There is no need to create any networks outside this docker-compose file.
  # You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
  # Docker Compose version 3.5 or higher required to define networks this way.
  networks:
    t2_proxy:
      name: t2_proxy
      driver: bridge
      ipam:
        config:
          - subnet: 192.168.90.0/24
    default:
      driver: bridge
    socket_proxy:
      name: socket_proxy
      driver: bridge
      ipam:
        config:
          - subnet: 192.168.91.0/24
  ########################### EXTENSION FIELDS
  # Helps eliminate repetition of sections
  # More Info on how to use this: https://github.com/htpcBeginner/docker-traefik/pull/228

  # Common environment values
  x-environment: &default-tz-puid-pgid
    TZ: Europe/Paris
    PUID: 1000
    PGID: 1000

  # Proxy Network and Security
  x-network-and-security: &network-and-security
    networks:
      - t2_proxy
    security_opt:
      - no-new-privileges:true

  # Keys common to some of the services in basic-services.txt
  x-common-keys-core: &common-keys-core
    <<: *network-and-security
    restart: always
    # profiles:
    # - basic

  # Keys common to some of the dependent services/apps
  x-common-keys-apps: &common-keys-apps
    <<: *network-and-security
    restart: unless-stopped
    # profiles:
    # - apps

  # Keys common to some of the services in media-services.txt
  x-common-keys-media: &common-keys-media
    <<: *network-and-security
    restart: "no"
    # profiles:
    # - media