Tellsanguis/Infra_ansible_dockercompose
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Commit initial : infrastructure Ansible pour homeserver

Browse source 
- Playbooks Ansible avec rôles (common, cockpit, docker, services)
- 30+ stacks Docker Compose avec reverse proxy Traefik
- Ansible Vault pour gestion secrets
- Intégration CrowdSec pour détection intrusions
- Versions images Docker fixées pour reproductibilité
This commit is contained in:
Tellsanguis 2025-11-23 19:40:17 +01:00
commit fd01ea59ee
125 changed files with 4768 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

72
vars/secrets.yml.example Normal file
View file

@ -0,0 +1,72 @@
# SECRETS EXAMPLE - Copy to secrets.yml and encrypt with Ansible Vault
# To encrypt: ansible-vault encrypt vars/secrets.yml
# To edit: ansible-vault edit vars/secrets.yml
# To run playbook: ansible-playbook -i inventory/hosts.yml playbook.yml --ask-vault-pass
# Cloudflare (Traefik DNS challenge)
cf_dns_api_token: "your-cloudflare-api-token"
# SMTP
smtp_host: "smtp.example.com"
smtp_port: 587
smtp_username: "your-smtp-username"
smtp_password: "your-smtp-password"
smtp_from: "noreply@example.com"
# TinyAuth (OAuth proxy)
tinyauth_secret: "generate-random-32-char-string"
tinyauth_github_client_id: "your-github-oauth-client-id"
tinyauth_github_client_secret: "your-github-oauth-client-secret"
tinyauth_oauth_whitelist: "your@email.com"
# Vaultwarden
vaultwarden_admin_token: "your-argon2-hashed-admin-token"
# CrowdSec
crowdsec_bouncer_api_key: "your-crowdsec-bouncer-api-key"
# Photoprism
photoprism_admin_user: "admin"
photoprism_admin_password: "your-secure-password"
photoprism_database_password: "your-db-password"
# Vikunja
vikunja_jwt_secret: "generate-128-char-hex-string"
# Mobilizon
mobilizon_postgres_password: "your-db-password"
mobilizon_secret_key_base: "generate-64-char-random-string"
mobilizon_secret_key: "generate-64-char-random-string"
# Etesync
etesync_super_user: "admin"
etesync_super_pass: "your-secure-password"
# Plex
plex_claim: "claim-xxxxxxxxxxxxxxxxxxxxxx"
plex_token: "your-plex-token"
# Yamtrack
yamtrack_secret: "your-random-secret"
yamtrack_igdb_id: "your-igdb-client-id"
yamtrack_igdb_secret: "your-igdb-client-secret"
# Joal
joal_secret_token: "your-secret-token"
# Feedropolis
feedropolis_postgres_password: "your-db-password"
# WebDAV
webdav_user: "your-username"
webdav_pass_hash: "your-bcrypt-hash"
# SearXNG
searxng_secret: "generate-random-string"
# Glance
glance_secret_token: "your-token-for-glance-api"
# Watchtower (notifications Gotify)
watchtower_gotify_url: "https://gotify.example.com"
watchtower_gotify_token: "your-gotify-app-token"