Commit initial : infrastructure Ansible pour homeserver

- Playbooks Ansible avec rôles (common, cockpit, docker, services)
- 30+ stacks Docker Compose avec reverse proxy Traefik
- Ansible Vault pour gestion secrets
- Intégration CrowdSec pour détection intrusions
- Versions images Docker fixées pour reproductibilité

templates/env/crowdsec.env.j2

@@ -0,0 +1 @@
+CROWDSEC_BOUNCER_API_KEY={{ crowdsec_bouncer_api_key }}

templates/env/etesync.env.j2

@@ -0,0 +1,2 @@
+SUPER_USER={{ etesync_super_user }}
+SUPER_PASS={{ etesync_super_pass }}

templates/env/feedropolis.env.j2

@@ -0,0 +1,2 @@
+POSTGRES_USER=feed
+POSTGRES_PASSWORD={{ feedropolis_postgres_password }}

templates/env/glance.env.j2

@@ -0,0 +1,3 @@
+# Variables defined here will be available to use anywhere in the config with the syntax ${MY_SECRET_TOKEN}
+# Note: making changes to this file requires re-running docker compose up
+MY_SECRET_TOKEN={{ glance_secret_token }}

templates/env/joal.env.j2

@@ -0,0 +1 @@
+JOAL_SECRET_TOKEN={{ joal_secret_token }}

templates/env/mobilizon.env.j2

@@ -0,0 +1,51 @@
+######################################################
+# Instance configuration                             #
+######################################################
+
+MOBILIZON_INSTANCE_NAME=Mobilizon Tellserv
+MOBILIZON_INSTANCE_HOST=mobilizon.tellserv.fr
+MOBILIZON_INSTANCE_LISTEN_IP=0.0.0.0
+MOBILIZON_INSTANCE_PORT=5005
+MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
+MOBILIZON_INSTANCE_EMAIL={{ smtp_from }}
+MOBILIZON_REPLY_EMAIL=contact@tellserv.fr
+MOBILIZON_LOGLEVEL=info
+
+######################################################
+# Database settings                                  #
+######################################################
+
+POSTGRES_USER=mobilizon
+POSTGRES_PASSWORD={{ mobilizon_postgres_password }}
+POSTGRES_DB=mobilizon
+
+MOBILIZON_DATABASE_USERNAME=mobilizon
+MOBILIZON_DATABASE_PASSWORD={{ mobilizon_postgres_password }}
+MOBILIZON_DATABASE_DBNAME=mobilizon
+MOBILIZON_DATABASE_HOST=db
+MOBILIZON_DATABASE_PORT=5432
+MOBILIZON_DATABASE_SSL=false
+
+######################################################
+# Secrets                                            #
+######################################################
+
+MOBILIZON_INSTANCE_SECRET_KEY_BASE={{ mobilizon_secret_key_base }}
+MOBILIZON_INSTANCE_SECRET_KEY={{ mobilizon_secret_key }}
+
+######################################################
+# SMTP                                   			 #
+######################################################
+
+MOBILIZON_SMTP_SERVER={{ smtp_host }}
+MOBILIZON_SMTP_PORT={{ smtp_port }}
+MOBILIZON_SMTP_USERNAME={{ smtp_username }}
+MOBILIZON_SMTP_PASSWORD={{ smtp_password }}
+MOBILIZON_SMTP_SSL=false
+MOBILIZON_SMTP_TLS=always
+
+######################################################
+# Upload paths (mounted volume)                      #
+######################################################
+
+MOBILIZON_UPLOADS=/var/lib/mobilizon/uploads

templates/env/photoprism.env.j2

@@ -0,0 +1,6 @@
+PHOTOPRISM_ADMIN_USER={{ photoprism_admin_user }}
+PHOTOPRISM_ADMIN_PASSWORD={{ photoprism_admin_password }}
+PHOTOPRISM_DATABASE_PASSWORD={{ photoprism_database_password }}
+MARIADB_PASSWORD={{ photoprism_database_password }}
+MARIADB_ROOT_PASSWORD={{ photoprism_database_password }}
+MARIADB_USER=photoprism

templates/env/plex.env.j2

@@ -0,0 +1,2 @@
+PLEX_CLAIM={{ plex_claim }}
+PLEX_TOKEN={{ plex_token }}

templates/env/searxng.env.j2

@@ -0,0 +1 @@
+SEARXNG_SECRET={{ searxng_secret }}

templates/env/tinyauth.env.j2

@@ -0,0 +1,4 @@
+SECRET={{ tinyauth_secret }}
+GITHUB_CLIENT_ID={{ tinyauth_github_client_id }}
+GITHUB_CLIENT_SECRET={{ tinyauth_github_client_secret }}
+OAUTH_WHITELIST={{ tinyauth_oauth_whitelist }}

templates/env/traefik.env.j2

@@ -0,0 +1 @@
+CF_DNS_API_TOKEN={{ cf_dns_api_token }}

templates/env/vaultwarden.env.j2

@@ -0,0 +1,8 @@
+VAULTWARDEN_ADMIN_TOKEN='{{ vaultwarden_admin_token }}'
+SMTP_USERNAME={{ smtp_username }}
+SMTP_PASSWORD={{ smtp_password }}
+SMTP_FROM={{ smtp_from }}
+SMTP_HOST={{ smtp_host }}
+SMTP_PORT={{ smtp_port }}
+SMTP_SECURITY=starttls
+SIGNUPS_ALLOWED=false

templates/env/vikunja.env.j2

@@ -0,0 +1 @@
+VIKUNJA_SERVICE_JWTSECRET={{ vikunja_jwt_secret }}

templates/env/watchtower.env.j2

@@ -0,0 +1,2 @@
+WATCHTOWER_GOTIFY_URL={{ watchtower_gotify_url }}
+WATCHTOWER_GOTIFY_TOKEN={{ watchtower_gotify_token }}

templates/env/webdav.env.j2

@@ -0,0 +1,2 @@
+BASIC_AUTH_USER={{ webdav_user }}
+BASIC_AUTH_PASS_HASH={{ webdav_pass_hash }}

templates/env/yamtrack.env.j2

@@ -0,0 +1,3 @@
+SECRET={{ yamtrack_secret }}
+IGDB_ID={{ yamtrack_igdb_id }}
+IGDB_SECRET={{ yamtrack_igdb_secret }}