phil/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phil:3fbd0c5053a3714ffe899a27b39957df13513445
Branches Tags
phil:main
...
compare: phil:798d35be163a79c8af15a7e3df1d233a0f576431
Branches Tags
phil:main

6 Commits
3fbd0c5053 ... 798d35be16

Author SHA1 Message Date
Phil
798d35be16 add Redlib Reddit frontend service with security hardening 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-04 16:08:50 -06:00
Phil
4fb991ac52 increase Manyfold max file upload size to 5GB 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-04 16:08:32 -06:00
Phil
4d1732ff16 add nerder.land homepage configuration to Caddy 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-04 16:08:14 -06:00
Phil
2a7bd0dc74 update authentik to 2025.4 and gotosocial to latest 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-04 16:07:55 -06:00
Phil
c94c3641b0 add vault_pass to gitignore for security 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-04 16:07:38 -06:00
Phil
e7cac9e19c fix Route53 @ record parsing in DNS playbook 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-04 16:05:47 -06:00
7 changed files with 36 additions and 5 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,2 +1,3 @@
.python-version
secrets.enc
secrets.enc
vault_pass

2
dns.yml
View File

@ -53,7 +53,7 @@
amazon.aws.route53:
state: present
zone: "{{ item.0.name }}"
record: "{{ item.1.name }}.{{ item.0.name }}"
record: "{{ item.0.name if item.1.name == '@' else item.1.name + '.' + item.0.name }}"
type: A
ttl: 300
value: "{{ item.1.ip }}"

5
roles/docker/files/Caddyfile
View File

@ -115,6 +115,11 @@ repair.nerder.land {
file_server
}
nerder.land {
root * /srv/nerderland
file_server
}
forms.nerder.land {
reverse_proxy heyform-heyform-1:8000
}

4
roles/docker/templates/authentik-compose.yml.j2
View File

@ -37,7 +37,7 @@ services:
glance.parent: authentik
glance.name: Redis
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.1}
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4}
restart: unless-stopped
command: server
environment:
@ -64,7 +64,7 @@ services:
glance.description: Authentication server
glance.id: authentik
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.1}
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4}
restart: unless-stopped
command: worker
environment:

2
roles/docker/templates/gotosocial-compose.yml.j2
View File

@ -1,6 +1,6 @@
services:
gotosocial:
image: superseriousbusiness/gotosocial:0.18.2
image: superseriousbusiness/gotosocial:latest
container_name: gotosocial
user: 1000:1000
extra_hosts:

1
roles/docker/templates/manyfold-compose.yml.j2
View File

@ -19,6 +19,7 @@ services:
OIDC_ISSUER: https://auth.thesatelliteoflove.com/application/o/manyfold/
OIDC_NAME: Authentik
PUBLIC_HOSTNAME: models.thesatelliteoflove.com
MAX_FILE_UPLOAD_SIZE: 5368709120
PUID: 1000
PGID: 1000
extra_hosts:

24
roles/docker/templates/redlib-compose.yml.j2 Normal file
View File

@ -0,0 +1,24 @@
services:
redlib:
image: quay.io/redlib/redlib:latest
restart: always
container_name: "redlib"
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
# - seccomp=seccomp-redlib.json
cap_drop:
- ALL
env_file: .env
networks:
- redlib
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
interval: 5m
timeout: 3s
networks:
default:
external: true
name: lava