Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0f38df0100 | |||
| 7911657c8c | |||
| fd5d0ce4f8 | |||
| 98bc863d08 |
@@ -76,7 +76,7 @@ version:
|
|||||||
vaultwarden: "1.35.4"
|
vaultwarden: "1.35.4"
|
||||||
gitea: "1.25.5"
|
gitea: "1.25.5"
|
||||||
redis: "8.6.1"
|
redis: "8.6.1"
|
||||||
immich: "v2.6.2"
|
immich: "v2.6.3"
|
||||||
actualbudget: "26.3.0"
|
actualbudget: "26.3.0"
|
||||||
paperless: "2.20.13"
|
paperless: "2.20.13"
|
||||||
vikunja: "2.2.2"
|
vikunja: "2.2.2"
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
vikunja_subuid: "100999"
|
vikunja_subuid: "100999"
|
||||||
|
|
||||||
- name: Create paperless directory
|
- name: Create vikunja directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ node['home_path'] }}/{{ item }}"
|
path: "{{ node['home_path'] }}/{{ item }}"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ define HOSTS4_INFRA = {{ hostvars['fw']['network4']['infra']['server'] }}
|
|||||||
define HOSTS4_AUTH = {{ hostvars['fw']['network4']['auth']['server'] }}
|
define HOSTS4_AUTH = {{ hostvars['fw']['network4']['auth']['server'] }}
|
||||||
define HOSTS4_APP = {{ hostvars['fw']['network4']['app']['server'] }}
|
define HOSTS4_APP = {{ hostvars['fw']['network4']['app']['server'] }}
|
||||||
define HOSTS4_NAS = {{ hostvars['fw']['network4']['nas']['client'] }}
|
define HOSTS4_NAS = {{ hostvars['fw']['network4']['nas']['client'] }}
|
||||||
|
define HOSTS4_PRINTER = {{ hostvars['fw']['network4']['printer']['client'] }}
|
||||||
|
|
||||||
define HOSTS6_FW = { {{ hostvars['fw']['network6']['firewall'].values() | join(', ') }} }
|
define HOSTS6_FW = { {{ hostvars['fw']['network6']['firewall'].values() | join(', ') }} }
|
||||||
define HOSTS6_BLOCKY = {{ hostvars['fw']['network6']['blocky']['server'] }}
|
define HOSTS6_BLOCKY = {{ hostvars['fw']['network6']['blocky']['server'] }}
|
||||||
@@ -146,6 +147,8 @@ table inet filter {
|
|||||||
# Kopia/NAS Console > NAS
|
# Kopia/NAS Console > NAS
|
||||||
oifname $IF_CLIENT ip saddr $HOSTS4_CONSOLE ip daddr $HOSTS4_NAS tcp dport { $PORTS_NAS, $PORTS_KOPIA } accept comment "allow ipv4 web connection (DSM, KOPIA): CONSOLE > FW > CLIENT NAS"
|
oifname $IF_CLIENT ip saddr $HOSTS4_CONSOLE ip daddr $HOSTS4_NAS tcp dport { $PORTS_NAS, $PORTS_KOPIA } accept comment "allow ipv4 web connection (DSM, KOPIA): CONSOLE > FW > CLIENT NAS"
|
||||||
oifname $IF_CLIENT ip6 saddr $HOSTS6_CONSOLE ip6 daddr $HOSTS6_NAS tcp dport { $PORTS_NAS, $PORTS_KOPIA } accept comment "allow ipv6 web connection (DSM, KOPIA): CONSOLE > FW > CLIENT NAS"
|
oifname $IF_CLIENT ip6 saddr $HOSTS6_CONSOLE ip6 daddr $HOSTS6_NAS tcp dport { $PORTS_NAS, $PORTS_KOPIA } accept comment "allow ipv6 web connection (DSM, KOPIA): CONSOLE > FW > CLIENT NAS"
|
||||||
|
# Printer
|
||||||
|
oifname $IF_CLIENT ip saddr $HOSTS4_CONSOLE ip daddr $HOSTS4_PRINTER accept comment "allow ipv4 printer connection: CONSOLE > FW > PRINTER"
|
||||||
|
|
||||||
iifname $IF_WAN jump wan comment "set WAN interface rules"
|
iifname $IF_WAN jump wan comment "set WAN interface rules"
|
||||||
iifname $IF_CLIENT jump client comment "set CLIENT interface rules"
|
iifname $IF_CLIENT jump client comment "set CLIENT interface rules"
|
||||||
|
|||||||
@@ -74,17 +74,16 @@
|
|||||||
- [x] Prometheus \(alloy - push\)
|
- [x] Prometheus \(alloy - push\)
|
||||||
- [x] Loki \(alloy\)
|
- [x] Loki \(alloy\)
|
||||||
- [x] Grafana
|
- [x] Grafana
|
||||||
<!--
|
<!--
|
||||||
Mail service is not needed, especially Diun is not needed.
|
Mail service is not needed, especially Diun is not needed.
|
||||||
- Postfix
|
- Postfix
|
||||||
- Dovecot
|
- Dovecot
|
||||||
- mbsync
|
- mbsync
|
||||||
- Diun
|
- Diun
|
||||||
-->
|
|
||||||
- Study \(Rootless container\):
|
- Study \(Rootless container\):
|
||||||
- Kali
|
- Kali
|
||||||
- Debian
|
- Debian
|
||||||
|
-->
|
||||||
|
|
||||||
## auth \(Authorization\)
|
## auth \(Authorization\)
|
||||||
|
|
||||||
@@ -115,30 +114,30 @@
|
|||||||
- Disk: SATA Controller
|
- Disk: SATA Controller
|
||||||
- Services:
|
- Services:
|
||||||
- OIDC native services:
|
- OIDC native services:
|
||||||
|
- [x] Vaultwarden
|
||||||
|
- [x] Gitea
|
||||||
|
- [x] Immich
|
||||||
|
- [x] Actual budget
|
||||||
|
- [x] Paperless-ngx
|
||||||
|
- [x] vikunja
|
||||||
- OpenCloud \(with Radicale, Collabora Web Office\)
|
- OpenCloud \(with Radicale, Collabora Web Office\)
|
||||||
- Vikunja \(with CalDAV\)
|
|
||||||
- Gitea
|
|
||||||
- Outline
|
- Outline
|
||||||
- Wiki.js
|
- Wiki.js
|
||||||
- WriteFreely
|
- WriteFreely
|
||||||
- Immich
|
|
||||||
- MediaCMS
|
- MediaCMS
|
||||||
- Funkwhale
|
- Funkwhale
|
||||||
- Kavita
|
- Kavita
|
||||||
- Audiobookshelf
|
- Audiobookshelf
|
||||||
- we-promise/sure - budget
|
|
||||||
- Paperless-ngx
|
|
||||||
- Miniflux
|
- Miniflux
|
||||||
- Linkwarden
|
- Linkwarden
|
||||||
- Ralph
|
- Ralph
|
||||||
- Conduit
|
- Conduit
|
||||||
- SnappyMail
|
- SnappyMail
|
||||||
- Vaultwarden
|
<!--
|
||||||
<!--
|
|
||||||
- n8n
|
- n8n
|
||||||
-->
|
|
||||||
- Forward_auth
|
- Forward_auth
|
||||||
- Homepage
|
- Homepage
|
||||||
|
-->
|
||||||
|
|
||||||
## External Backup server
|
## External Backup server
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user