diff --git a/README.md b/README.md index 64834bd..70b78a5 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ * 📂 [**[Click Here]**](https://goo.gl/7NR3Da) - Google G-Suite (Unlimited Hard Drive Space & Storage) * 📂 [**[Click Here]**](https://controlpanel.newshosting.com/signup/index.php?promo=partners&a_aid=5a65169240efd&a_bid=5ecfe99b) - Top Performance NewsHost! - Blitz Members Receive a 58% Discount ---- -### **Reference Shortcut -** http://wiki.pgblitz.com | Discord ( !wiki ) +### **Reference Shortcut -** http://wiki.pgblitz.com ---- ## 1. PG YouTube diff --git a/apps/_appsgen.sh b/apps/_appsgen.sh index aa87c16..9032169 100644 --- a/apps/_appsgen.sh +++ b/apps/_appsgen.sh @@ -7,11 +7,11 @@ ################################################################################ # Generates App List -ls -la /opt/coreapps/apps/ | sed -e 's/.yml//g' \ -| awk '{print $9}' | tail -n +4 > /var/plexguide/app.list +ls -la /opt/communityapps/apps/ | sed -e 's/.yml//g' | + awk '{print $9}' | tail -n +4 >>/var/plexguide/app.list -ls -la /opt/mycontainers/ | sed -e 's/.yml//g' \ -| awk '{print $9}' | tail -n +4 >> /var/plexguide/app.list +ls -la /opt/mycontainers/ | sed -e 's/.yml//g' | + awk '{print $9}' | tail -n +4 >>/var/plexguide/app.list # Enter Items Here to Prevent them From Showing Up on AppList sed -i -e "/traefik/d" /var/plexguide/app.list sed -i -e "/image*/d" /var/plexguide/app.list diff --git a/apps/_core.yml b/apps/_core.yml index 28f7047..a471eff 100644 --- a/apps/_core.yml +++ b/apps/_core.yml @@ -38,6 +38,47 @@ register: auth ignore_errors: True +- name: Register Program Name + shell: 'cat /tmp/program_var' + register: program + ignore_errors: True + +- name: check if user cname file exists + stat: + path: /var/plexguide/{{pgrole}}.cname + register: ucname_check + +- name: Register user cname + shell: 'cat /var/plexguide/{{pgrole}}.cname' + register: ucname + ignore_errors: True + when: ucname_check.stat.exists == true + +- name: Register CName + set_fact: + cname: "" + +- name: Set cname + set_fact: + cname: ",{{ucname.stdout}}.{{domain.stdout}}" + when: ucname_check.stat.exists == true and ucname.stdout != "" + +- name: check if user port file exists + stat: + path: /var/plexguide/{{pgrole}}.port + register: ueport_check + +- name: Register External Port + shell: 'cat /var/plexguide/{{pgrole}}.port' + register: ueport + ignore_errors: True + when: ueport_check.stat.exists == true + +- name: Change extport + set_fact: + extport: "{{ueport.stdout}}" + when: ueport_check.stat.exists and ueport.stdout != "" + - name: Remove {{pgrole}} Container docker_container: name: '{{pgrole}}' @@ -49,7 +90,6 @@ ignore_errors: True # APPDATA - - name: 'Creating appdata folder if it does not exist.' shell: 'mkdir -p /opt/appdata/{{pgrole}}' @@ -69,7 +109,6 @@ shell: 'chmod -R 775 /opt/appdata/{{pgrole}}' when: '"plex" not in pgrole' - # OVERWRITE IMAGES ############################################################# - name: Check if Image Variable Exists stat: @@ -92,7 +131,7 @@ - name: 'If Fact Matches - Enable TLD' set_fact: - tldset: '{{domain.stdout}}' + tldset: ',{{domain.stdout}},www.{{domain.stdout}}' when: 'toplevel.stdout == pgrole' - debug: msg="TLDSET is now for {{toplevel.stdout}}" diff --git a/apps/_cron.list b/apps/_cron.list index 51857fe..d7eff0f 100644 --- a/apps/_cron.list +++ b/apps/_cron.list @@ -4,3 +4,4 @@ netdata alltube dockergc blitzui +watchtower diff --git a/apps/airsonic.yml b/apps/airsonic.yml index 369bc0e..9edb71d 100644 --- a/apps/airsonic.yml +++ b/apps/airsonic.yml @@ -3,7 +3,7 @@ # Title: PGBlitz (linuxserver/airsonic) # Author(s): MrDoob # URL: https://pgblitz.com - http://github.pgblitz.com -# GNU: General Public License v3.0 +# GNU: General Public License v3.0 ################################################################################ --- - hosts: localhost @@ -14,7 +14,7 @@ set_fact: pgrole: 'airsonic' intport: '4040' - extport: '4040' + extport: '4040' image: 'linuxserver/airsonic' # CORE (MANDATORY) ############################################################ @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -45,8 +54,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: diff --git a/apps/alltube.yml b/apps/alltube.yml index be82b40..615cef1 100644 --- a/apps/alltube.yml +++ b/apps/alltube.yml @@ -39,7 +39,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/avidemux.yml b/apps/avidemux.yml index 8b78e56..eaaea38 100644 --- a/apps/avidemux.yml +++ b/apps/avidemux.yml @@ -16,8 +16,8 @@ pgrole: 'avidemux' intport: '5800' extport: '5806' -# intport2: '25565' -# extport2: '25565' + # intport2: '25565' + # extport2: '25565' image: 'jlesage/avidemux' - name: 'Including cron job' @@ -48,7 +48,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/bazarr.yml b/apps/bazarr.yml index 3aded00..a4cc203 100644 --- a/apps/bazarr.yml +++ b/apps/bazarr.yml @@ -28,7 +28,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/beets.yml b/apps/beets.yml index 90a3ce0..db2d0bd 100644 --- a/apps/beets.yml +++ b/apps/beets.yml @@ -35,7 +35,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -44,7 +53,7 @@ - '/etc/localtime:/etc/localtime:ro' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' - + - name: 'Setting PG ENV' set_fact: pg_env: diff --git a/apps/bitwarden.yml b/apps/bitwarden.yml index f886a82..e38d861 100644 --- a/apps/bitwarden.yml +++ b/apps/bitwarden.yml @@ -26,9 +26,9 @@ set_fact: pg_labels: traefik.enable: 'true' - traefik.backend: "{{pgrole}}" + traefik.backend: '{{pgrole}}' traefik.port: '80' - traefik.frontend.rule: 'Host:bit.{{domain.stdout}},{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/booksonic.yml b/apps/booksonic.yml index ead0354..7b75dd9 100644 --- a/apps/booksonic.yml +++ b/apps/booksonic.yml @@ -30,7 +30,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/cadvisor.yml b/apps/cadvisor.yml index 1f7c1f2..d5e94ba 100644 --- a/apps/cadvisor.yml +++ b/apps/cadvisor.yml @@ -29,7 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/calibre-web.yml b/apps/calibre-web.yml index b2e93ac..76df15b 100644 --- a/apps/calibre-web.yml +++ b/apps/calibre-web.yml @@ -14,7 +14,7 @@ set_fact: pgrole: 'calibre-web' intport: '8083' - extport: '8083' + extport: '8104' image: 'technosoft2000/calibre-web' # CORE (MANDATORY) ############################################################ @@ -29,7 +29,17 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + - name: 'Setting PG Volumes' set_fact: diff --git a/apps/cloudcmd.yml b/apps/cloudcmd.yml index 799a4f8..e7298a1 100644 --- a/apps/cloudcmd.yml +++ b/apps/cloudcmd.yml @@ -28,7 +28,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/deezloaderremix.yml b/apps/deezloaderremix.yml index c0a1354..1c303cb 100644 --- a/apps/deezloaderremix.yml +++ b/apps/deezloaderremix.yml @@ -28,7 +28,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -37,7 +46,7 @@ - '{{path.stdout}}:{{path.stdout}}' - '/etc/localtime:/etc/localtime:ro' - '/mnt:/mnt' - + - name: 'Setting PG ENV' set_fact: pg_env: diff --git a/apps/deluge-vpn.yml b/apps/deluge-vpn.yml index 9872189..1e1dff9 100644 --- a/apps/deluge-vpn.yml +++ b/apps/deluge-vpn.yml @@ -12,15 +12,11 @@ # FACTS ####################################################################### - name: 'Set Known Facts' set_fact: - pgrole: 'deluge' + pgrole: 'deluge-vpn' intport: '8112' extport: '8112' - intport2: '58846' - extport2: '58846' - intport3: '58946' - extport3: '58946' - intport4: '8118' - extport4: '8118' + intport2: '8118' + extport2: '8118' image: 'binhex/arch-delugevpn' # CORE (MANDATORY) ############################################################ @@ -30,6 +26,9 @@ - name: 'Including folders' include_tasks: '/opt/communityapps/apps/_downloaders.yml' + - name: 'Including plugins' + include_tasks: '/opt/communityapps/apps/_plugins.yml' + - name: 'Checking for existing app data' stat: path: /opt/appdata/{{pgrole}}/core.conf @@ -42,7 +41,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -74,8 +82,6 @@ published_ports: - '{{ports.stdout}}{{extport}}:{{intport}}' - '{{ports.stdout}}{{extport2}}:{{intport2}}' - - '{{ports.stdout}}{{extport3}}:{{intport3}}' - - '{{ports.stdout}}{{extport4}}:{{intport4}}' volumes: '{{pg_volumes}}' env: '{{pg_env}}' restart_policy: unless-stopped @@ -155,18 +161,17 @@ lineinfile: path: '/opt/appdata/{{pgrole}}/plugins/extractor.conf' regexp: '"extract_path".*' - line: '"extract_path": "{{path.stdout}}/downloads/deluge"' + line: '"extract_path": "{{path.stdout}}/downloads/{{pgrole}}"' state: present # FIRST TIME CONFIGURATION #################################################### - name: 'Configuring {{pgrole}} for first time use' block: - name: set enabled_plugins - lineinfile: - path: '/opt/appdata/{{pgrole}}/core.conf' + replace: + dest: '/opt/appdata/{{pgrole}}/core.conf' regexp: '"enabled_plugins".*' - line: '"enabled_plugins": ["Extractor", "Label"],' - state: present + replace: '"enabled_plugins": ["Extractor", "Label"],' - name: set compact_allocation lineinfile: diff --git a/apps/deluge.yml b/apps/deluge.yml index 7918f6e..c9d62c3 100644 --- a/apps/deluge.yml +++ b/apps/deluge.yml @@ -1,7 +1,7 @@ #!/bin/bash # # Title: PGBlitz (Reference Title File) -# Author(s): Admin9705 +# Authors: Admin9705, Deiteq, and many PGBlitz Contributors # URL: https://pgblitz.com - http://github.pgblitz.com # GNU: General Public License v3.0 ################################################################################ @@ -15,10 +15,6 @@ pgrole: 'deluge' intport: '8112' extport: '8112' - intport2: '58846' - extport2: '58846' - intport3: '58946' - extport3: '58946' image: 'linuxserver/deluge' # CORE (MANDATORY) ############################################################ @@ -43,7 +39,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -67,8 +72,6 @@ pull: yes published_ports: - '{{ports.stdout}}{{extport}}:{{intport}}' - - '{{ports.stdout}}{{extport2}}:{{intport2}}' - - '{{extport3}}:{{intport3}}' volumes: '{{pg_volumes}}' env: '{{pg_env}}' restart_policy: unless-stopped @@ -94,7 +97,7 @@ path: '/opt/appdata/{{pgrole}}/core.conf' state: present delay: 5 - + - name: Setting plugins directory lineinfile: path: '/opt/appdata/{{pgrole}}/core.conf' @@ -134,38 +137,37 @@ lineinfile: path: '/opt/appdata/{{pgrole}}/core.conf' regexp: '"move_completed".*' - line: '"move_completed": True,' + line: '"move_completed": true,' state: present - name: Setting extractor folder lineinfile: path: '/opt/appdata/{{pgrole}}/plugins/extractor.conf' regexp: '"use_name_folder".*' - line: '"use_name_folder": True,' + line: '"use_name_folder": true,' state: present - name: Setting extractor lineinfile: path: '/opt/appdata/{{pgrole}}/plugins/extractor.conf' regexp: '"extract_path".*' - line: '"extract_path": "{{path.stdout}}/downloads/deluge"' + line: '"extract_path": "{{path.stdout}}/downloads/{{pgrole}}"' state: present # FIRST TIME CONFIGURATION #################################################### - name: 'Configuring {{pgrole}} for first time use' block: - name: set enabled_plugins - lineinfile: - path: '/opt/appdata/{{pgrole}}/core.conf' + replace: + dest: '/opt/appdata/{{pgrole}}/core.conf' regexp: '"enabled_plugins".*' - line: '"enabled_plugins": ["Extractor", "Label"],' - state: present + replace: '"enabled_plugins": ["Extractor", "Label"],' - name: set compact_allocation lineinfile: path: '/opt/appdata/{{pgrole}}/core.conf' regexp: '"compact_allocation".*' - line: '"compact_allocation": True,' + line: '"compact_allocation": true,' state: present - name: set stop_seed_ratio @@ -186,14 +188,14 @@ lineinfile: path: '/opt/appdata/{{pgrole}}/core.conf' regexp: '"remove_seed_at_ratio".*' - line: '"remove_seed_at_ratio": True,' + line: '"remove_seed_at_ratio": true,' state: present - name: set enc_prefer_rc4 lineinfile: path: '/opt/appdata/{{pgrole}}/core.conf' regexp: '"enc_prefer_rc4".*' - line: '"enc_prefer_rc4": True,' + line: '"enc_prefer_rc4": true,' state: present - name: set enc_level @@ -228,7 +230,7 @@ lineinfile: path: '/opt/appdata/{{pgrole}}/core.conf' regexp: '"dont_count_slow_torrents".*' - line: '"dont_count_slow_torrents": True,' + line: '"dont_count_slow_torrents": true,' state: present - name: set max_active_seeding diff --git a/apps/domoticz.yml b/apps/domoticz.yml index 4054ac5..e93d810 100644 --- a/apps/domoticz.yml +++ b/apps/domoticz.yml @@ -19,7 +19,6 @@ extport2: '6144' intport3: '1443/tcp' extport3: '1443' - image: 'linuxserver/domoticz:stable' # CORE (MANDATORY) ############################################################ @@ -33,7 +32,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -46,8 +54,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: @@ -58,7 +65,6 @@ - '{{ports.stdout}}{{extport}}:{{intport}}' - '{{ports.stdout}}{{extport2}}:{{intport2}}' - '{{ports.stdout}}{{extport3}}:{{intport3}}' - - '{{ports.stdout}}{{extport4}}:{{intport4}}' volumes: '{{pg_volumes}}' env: '{{pg_env}}' restart_policy: unless-stopped diff --git a/apps/dozzle.yml b/apps/dozzle.yml index f7f87a9..03d306b 100644 --- a/apps/dozzle.yml +++ b/apps/dozzle.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/duplicati.yml b/apps/duplicati.yml index d14c2fd..204240d 100644 --- a/apps/duplicati.yml +++ b/apps/duplicati.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/embystats.yml b/apps/embystats.yml index 9d67b7a..c277a65 100644 --- a/apps/embystats.yml +++ b/apps/embystats.yml @@ -9,30 +9,39 @@ - hosts: localhost gather_facts: false tasks: -# CORE (MANDATORY) DO NOT CHANGE ########################################### + # CORE (MANDATORY) DO NOT CHANGE ########################################### - name: 'Set Known Facts' set_fact: - pgrole: "embystats" - intport: "5432" - extport: "9049" - image: "uping/embystat:beta-linux" + pgrole: 'embystats' + intport: '5432' + extport: '9049' + image: 'uping/embystat:beta-linux' - name: 'Including cron job' include_tasks: '/opt/communityapps/apps/_core.yml' -# EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### + # EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### -##### NOTHING REQUIRED + ##### NOTHING REQUIRED -# LABELS #### KEEPS BOTTOM CLEAN ########################################### + # LABELS #### KEEPS BOTTOM CLEAN ########################################### - name: 'Adding Traefik' set_fact: pg_labels: traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/filebot.yml b/apps/filebot.yml index 5fd6f77..963e3b3 100644 --- a/apps/filebot.yml +++ b/apps/filebot.yml @@ -3,7 +3,7 @@ # Title: PGBlitz (jlesage/filebot) # Author(s): MrDoob # URL: https://pgblitz.com - http://github.pgblitz.com -# GNU: General Public License v3.0 +# GNU: General Public License v3.0 ################################################################################ --- - hosts: localhost @@ -30,7 +30,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -45,8 +54,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: diff --git a/apps/filezilla.yml b/apps/filezilla.yml index ac8c81d..5f88835 100644 --- a/apps/filezilla.yml +++ b/apps/filezilla.yml @@ -40,7 +40,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -75,7 +84,6 @@ - '{{pgrole}}' state: started labels: '{{pg_labels}}' - ##PG-Community ##PG-Community diff --git a/apps/firefox.yml b/apps/firefox.yml index c1bd84c..d333cc4 100644 --- a/apps/firefox.yml +++ b/apps/firefox.yml @@ -16,8 +16,8 @@ pgrole: 'firefox' intport: '5800' extport: '5810' -# intport2: '25565' -# extport2: '25565' + # intport2: '25565' + # extport2: '25565' image: 'jlesage/firefox' - name: 'Including cron job' @@ -48,7 +48,7 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' traefik.frontend.headers.SSLHost: '{{domain.stdout}}' traefik.frontend.headers.SSLRedirect: 'true' traefik.frontend.headers.STSIncludeSubdomains: 'true' @@ -58,7 +58,17 @@ traefik.frontend.headers.contentTypeNosniff: 'true' traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' traefik.frontend.headers.forceSTSHeader: 'true' - #traefik.frontend.headers.frameDeny: 'true' + + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + # - name: 'Setting PG Volumes' set_fact: diff --git a/apps/flexget.yml b/apps/flexget.yml index 7b375a6..f3b8298 100644 --- a/apps/flexget.yml +++ b/apps/flexget.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/flextv.yml b/apps/flextv.yml index 4c69656..0d28c5f 100644 --- a/apps/flextv.yml +++ b/apps/flextv.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -41,8 +50,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: diff --git a/apps/gazee.yml b/apps/gazee.yml index ba2a63c..c383e96 100644 --- a/apps/gazee.yml +++ b/apps/gazee.yml @@ -9,30 +9,39 @@ - hosts: localhost gather_facts: false tasks: -# CORE (MANDATORY) DO NOT CHANGE ########################################### + # CORE (MANDATORY) DO NOT CHANGE ########################################### - name: 'Set Known Facts' set_fact: - pgrole: "gazee" - intport: "4242" - extport: "4242" - image: "linuxserver/gazee" + pgrole: 'gazee' + intport: '4242' + extport: '4242' + image: 'linuxserver/gazee' - name: 'Including cron job' include_tasks: '/opt/communityapps/apps/_core.yml' -# EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### + # EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### -##### NOTHING REQUIRED + ##### NOTHING REQUIRED -# LABELS #### KEEPS BOTTOM CLEAN ########################################### + # LABELS #### KEEPS BOTTOM CLEAN ########################################### - name: 'Adding Traefik' set_fact: pg_labels: traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/gitea.yml b/apps/gitea.yml index 54324fa..88d0e53 100644 --- a/apps/gitea.yml +++ b/apps/gitea.yml @@ -15,9 +15,9 @@ pgrole: 'git' intport: '3000' extport: '9898' - intport2: '22' ##for SSH + intport2: '22' ##for SSH extport2: '222' - + image: 'gitea/gitea' # CORE (MANDATORY) ############################################################DONE#### @@ -31,29 +31,38 @@ ##########traefik.frontend.auth.forward.address: '{{gauth}}' ##Disabled OAuth as you cant user terminal for cloning any repo traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - '/opt/appdata/{{pgrole}}:/data' - '/etc/localtime:/etc/localtime:ro' - ### - '/opt/appdata/git/gitea-db:/data' + ### - '/opt/appdata/git/gitea-db:/data' - name: 'Setting PG ENV' set_fact: pg_env: PUID: '1000' PGID: '1000' - #### DB_PASSWORD: gitea + #### DB_PASSWORD: gitea # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: name: '{{pgrole}}' image: '{{image}}' pull: yes - # links: + # links: # - "dbgitea:idk?" published_ports: - '{{ports.stdout}}{{extport}}:{{intport}}' diff --git a/apps/handbrake.yml b/apps/handbrake.yml index d1013f4..fa82349 100644 --- a/apps/handbrake.yml +++ b/apps/handbrake.yml @@ -29,7 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -50,13 +59,13 @@ pg_env: USER_ID: '1000' GROUP_ID: '1000' - AUTOMATED_CONVERSION_PRESET: "Very Fast 1080p30" - AUTOMATED_CONVERSION_FORMAT: "mp4" - AUTOMATED_CONVERSION_PRESET_2: "HQ 1080p30 Surround" - AUTOMATED_CONVERSION_FORMAT_2: "mp4" - AUTOMATED_CONVERSION_PRESET_3: "H.264 MKV 1080p30" - AUTOMATED_CONVERSION_FORMAT_3: "mkv" -# SECURE_CONNECTION: 1 + AUTOMATED_CONVERSION_PRESET: 'Very Fast 1080p30' + AUTOMATED_CONVERSION_FORMAT: 'mp4' + AUTOMATED_CONVERSION_PRESET_2: 'HQ 1080p30 Surround' + AUTOMATED_CONVERSION_FORMAT_2: 'mp4' + AUTOMATED_CONVERSION_PRESET_3: 'H.264 MKV 1080p30' + AUTOMATED_CONVERSION_FORMAT_3: 'mkv' + # SECURE_CONNECTION: 1 # MAIN DEPLOYMENT ############################################################# - name: 'Create watch directory for {{pgrole}}' diff --git a/apps/headphones.yml b/apps/headphones.yml index 53312f0..eb2267e 100644 --- a/apps/headphones.yml +++ b/apps/headphones.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/heimdall.yml b/apps/heimdall.yml index 77fcf5f..ec4d0c9 100644 --- a/apps/heimdall.yml +++ b/apps/heimdall.yml @@ -31,7 +31,7 @@ traefik.enable: 'true' traefik.https.port: '443' traefik.https.frontend.entryPoints: 'https' - traefik.https.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.https.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/home-assistant.yml b/apps/home-assistant.yml index b6f94a3..446b3bf 100644 --- a/apps/home-assistant.yml +++ b/apps/home-assistant.yml @@ -28,7 +28,7 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:home.{{domain.stdout}},{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/htpcmanager.yml b/apps/htpcmanager.yml index 207bcc0..4058979 100644 --- a/apps/htpcmanager.yml +++ b/apps/htpcmanager.yml @@ -28,7 +28,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/image/_image.sh b/apps/image/_image.sh index ee4ecdf..d034f5c 100644 --- a/apps/image/_image.sh +++ b/apps/image/_image.sh @@ -7,23 +7,23 @@ ################################################################################ # BAD INPUT -badinput () { -echo -read -p '⛔️ ERROR - BAD INPUT! | PRESS [ENTER] ' typed < /dev/tty -question1 +badinput() { + echo + read -p '⛔️ ERROR - BAD INPUT! | PRESS [ENTER] ' typed /tmp/display$count - count=$[count+1] -done /tmp/display$count + count=$((count + 1)) + done "/var/plexguide/image/$image" -else badinput; fi + mkdir -p /var/plexguide/image + cat "/tmp/display$typed" >"/var/plexguide/image/$image" + else badinput; fi } # END OF FUNCTIONS ############################################################ diff --git a/apps/image/radarr4k b/apps/image/radarr4k new file mode 100644 index 0000000..0f4200b --- /dev/null +++ b/apps/image/radarr4k @@ -0,0 +1,2 @@ +linuxserver/radarr +aront/radarr diff --git a/apps/image/radarrhdr b/apps/image/radarrhdr new file mode 100644 index 0000000..0f4200b --- /dev/null +++ b/apps/image/radarrhdr @@ -0,0 +1,2 @@ +linuxserver/radarr +aront/radarr diff --git a/apps/image/sonarr4k b/apps/image/sonarr4k new file mode 100644 index 0000000..aa31af2 --- /dev/null +++ b/apps/image/sonarr4k @@ -0,0 +1,3 @@ +linuxserver/sonarr:preview +linuxserver/sonarr +aront/sonarr diff --git a/apps/image/sonarrhdr b/apps/image/sonarrhdr new file mode 100644 index 0000000..aa31af2 --- /dev/null +++ b/apps/image/sonarrhdr @@ -0,0 +1,3 @@ +linuxserver/sonarr:preview +linuxserver/sonarr +aront/sonarr diff --git a/apps/jd2-openvpn.yml b/apps/jdownloader2-vpn.yml similarity index 79% rename from apps/jd2-openvpn.yml rename to apps/jdownloader2-vpn.yml index 9a0b600..6ad7f9f 100644 --- a/apps/jd2-openvpn.yml +++ b/apps/jdownloader2-vpn.yml @@ -13,7 +13,7 @@ - name: 'Set Known Facts' set_fact: - pgrole: 'jd2-openvpn' + pgrole: 'jdownloader2-vpn' intport: '5800' extport: '5802' intport2: '5902' @@ -44,17 +44,25 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' - - '{{path.stdout}}:{{path.stdout}}' - - '/mnt/unionfs:/unionfs' - - '/mnt:/mnt' - - '{{path.stdout}}/downloads/{{pgrole}}/:/output:rw' - '/etc/localtime:/etc/localtime:ro' + - '{{path.stdout}}:{{path.stdout}}' + - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' + - '{{path.stdout}}/downloads/{{pgrole}}/:/output:rw' - '/opt/appdata/{{pgrole}}/vpn:/vpn:rw' - name: 'Setting PG ENV' diff --git a/apps/jdownloader2.yml b/apps/jdownloader2.yml index b3e56b8..7c10adf 100644 --- a/apps/jdownloader2.yml +++ b/apps/jdownloader2.yml @@ -44,17 +44,25 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' - + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' - - '{{path.stdout}}:{{path.stdout}}' - - '/mnt/unionfs:/unionfs' - - '/mnt:/mnt' - - '{{path.stdout}}/downloads/{{pgrole}}/:/output:rw' - '/etc/localtime:/etc/localtime:ro' + - '{{path.stdout}}:{{path.stdout}}' + - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' + - '{{path.stdout}}/downloads/{{pgrole}}/:/output:rw' - name: 'Setting PG ENV' set_fact: diff --git a/apps/kitana.yml b/apps/kitana.yml index 1591b0c..d3f35a2 100644 --- a/apps/kitana.yml +++ b/apps/kitana.yml @@ -29,7 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/logarr.yml b/apps/logarr.yml index 9e59173..4fe18b5 100644 --- a/apps/logarr.yml +++ b/apps/logarr.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/makemkv.yml b/apps/makemkv.yml index 70d4c8e..6e99727 100644 --- a/apps/makemkv.yml +++ b/apps/makemkv.yml @@ -31,16 +31,25 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' - + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' - - '{{path.stdout}}:{{path.stdout}}' - - '/mnt/unionfs:/unionfs' - - '{{path.stdout}}/downloads/{{pgrole}}/:/output:rw' - '/etc/localtime:/etc/localtime:ro' + - '{{path.stdout}}:{{path.stdout}}' + - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' + - '{{path.stdout}}/downloads/{{pgrole}}/:/output:rw' - name: 'Setting PG ENV' set_fact: diff --git a/apps/mariadb.yml b/apps/mariadb.yml index ed9ee65..8a3b91c 100644 --- a/apps/mariadb.yml +++ b/apps/mariadb.yml @@ -9,26 +9,35 @@ - hosts: localhost gather_facts: false tasks: -# CORE (MANDATORY) DO NOT CHANGE ########################################### + # CORE (MANDATORY) DO NOT CHANGE ########################################### - name: 'Set Known Facts' set_fact: - pgrole: "mariadb" - intport: "3306" - extport: "6603" - image: "mariadb:latest" + pgrole: 'mariadb' + intport: '3306' + extport: '6603' + image: 'mariadb:latest' - name: 'Including cron job' include_tasks: '/opt/communityapps/apps/_core.yml' -# LABELS ################################################################ + # LABELS ################################################################ - name: 'Adding Traefik' set_fact: pg_labels: traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -65,4 +74,4 @@ - name: 'Post Deployment Notes' debug: msg: |- - * Login Information * root:plexguide * This should be changed * \ No newline at end of file + * Login Information * root:plexguide * This should be changed * diff --git a/apps/mcmyadmin.yml b/apps/mcmyadmin.yml index ff4957e..f41c309 100644 --- a/apps/mcmyadmin.yml +++ b/apps/mcmyadmin.yml @@ -30,7 +30,7 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:mcmyadmin.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mediainfo.yml b/apps/mediainfo.yml index a989491..956dfe4 100644 --- a/apps/mediainfo.yml +++ b/apps/mediainfo.yml @@ -3,7 +3,7 @@ # Title: PGBlitz (jlesage/mediainfo) # Author(s): MrDoob # URL: https://pgblitz.com - http://github.pgblitz.com -# GNU: General Public License v3.0 +# GNU: General Public License v3.0 ################################################################################ --- - hosts: localhost @@ -30,7 +30,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -46,8 +55,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: diff --git a/apps/medusa.yml b/apps/medusa.yml index ce96bfb..e26c60c 100644 --- a/apps/medusa.yml +++ b/apps/medusa.yml @@ -9,30 +9,39 @@ - hosts: localhost gather_facts: false tasks: -# CORE (MANDATORY) DO NOT CHANGE ########################################### + # CORE (MANDATORY) DO NOT CHANGE ########################################### - name: 'Set Known Facts' set_fact: - pgrole: "medusa" - intport: "8081" - extport: "8081" - image: "linuxserver/medusa" + pgrole: 'medusa' + intport: '8081' + extport: '8081' + image: 'linuxserver/medusa' - name: 'Including cron job' include_tasks: '/opt/communityapps/apps/_core.yml' -# EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### + # EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### -##### NOTHING REQUIRED + ##### NOTHING REQUIRED -# LABELS #### KEEPS BOTTOM CLEAN ########################################### + # LABELS #### KEEPS BOTTOM CLEAN ########################################### - name: 'Adding Traefik' set_fact: pg_labels: traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mellow.yml b/apps/mellow.yml index 8460dad..9ce4738 100644 --- a/apps/mellow.yml +++ b/apps/mellow.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mkvtoolnix.yml b/apps/mkvtoolnix.yml index e39bbd3..c2d869d 100644 --- a/apps/mkvtoolnix.yml +++ b/apps/mkvtoolnix.yml @@ -33,15 +33,24 @@ stat: path: /opt/appdata/{{pgrole}}/core.conf register: confcheck - - # LABELS ###################################################################### + + # LABELS ###################################################################### - name: 'Adding Traefik' set_fact: pg_labels: traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting default Volumes' set_fact: @@ -57,7 +66,7 @@ pg_env: USER_ID: '1000' GROUP_ID: '1000' -# SECURE_CONNECTION: 1 + # SECURE_CONNECTION: 1 # MAIN DEPLOYMENT ############################################################# diff --git a/apps/monitorr.yml b/apps/monitorr.yml index 7c6cbe2..598997c 100644 --- a/apps/monitorr.yml +++ b/apps/monitorr.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/muximux.yml b/apps/muximux.yml index fce2d5f..963c789 100644 --- a/apps/muximux.yml +++ b/apps/muximux.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mylar.yml b/apps/mylar.yml index 1f737bf..ac9cecb 100644 --- a/apps/mylar.yml +++ b/apps/mylar.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/nextcloud.yml b/apps/nextcloud.yml index 3c75ef8..7dc49da 100644 --- a/apps/nextcloud.yml +++ b/apps/nextcloud.yml @@ -30,7 +30,7 @@ traefik.enable: 'true' traefik.https.port: '443' traefik.https.frontend.entryPoints: 'https' - traefik.https.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.https.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/nowshowing.yml b/apps/nowshowing.yml index 9303c25..a945ca8 100644 --- a/apps/nowshowing.yml +++ b/apps/nowshowing.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/nzbget-mp4.yml b/apps/nzbget-mp4.yml index 33a33ad..c989d2d 100644 --- a/apps/nzbget-mp4.yml +++ b/apps/nzbget-mp4.yml @@ -33,7 +33,7 @@ file: 'path={{item}} state=directory mode=0775 owner=1000 group=1000' with_items: - '{{path.stdout}}/nzb' -# force: yes + # force: yes - name: 'Including plugins' include_tasks: '/opt/communityapps/apps/_plugins.yml' @@ -131,16 +131,26 @@ pg_labels: traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.auth.forward.address: '{{gauth}}' - name: 'Setting PG Volumes' set_fact: pg_volumes: - '/etc/localtime:/etc/localtime:ro' - - '/opt/appdata/{{pgrole}}:/config' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' - '/tmp:/tmp' - '/opt/appdata/{{pgrole}}/cont-init.d:/etc/cont-init.d' - '/opt/appdata/{{pgrole}}/services.d:/etc/services.d/nzbget' diff --git a/apps/ombi4k.yml b/apps/ombi4k.yml index 7674cc2..5edad07 100644 --- a/apps/ombi4k.yml +++ b/apps/ombi4k.yml @@ -44,14 +44,23 @@ pg_labels: traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + #traefik.frontend.auth.forward.address: '{{gauth}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' - '/etc/localtime:/etc/localtime:ro' + - '/opt/appdata/{{pgrole}}:/config' - '/opt/appdata/{{pgrole}}/appsettings.json:/opt/{{pgrole}}/appsettings.json' - name: 'Setting PG ENV' diff --git a/apps/templates/broken/nzbthrottle.yml b/apps/ombiHDR.yml similarity index 50% rename from apps/templates/broken/nzbthrottle.yml rename to apps/ombiHDR.yml index ac56db7..60fa774 100644 --- a/apps/templates/broken/nzbthrottle.yml +++ b/apps/ombiHDR.yml @@ -1,7 +1,7 @@ #!/bin/bash # -# Title: PGBlitz (Reference Title File) -# Author(s): Admin9705 +# Title: OmbiHDR +# Author(s): Admin9705; timekills mod # URL: https://pgblitz.com - http://github.pgblitz.com # GNU: General Public License v3.0 ################################################################################ @@ -10,48 +10,58 @@ gather_facts: false tasks: # FACTS ####################################################################### + - name: 'Set Known Facts' set_fact: - pgrole: 'nzbthrottle' - intport: '0' - extport: '0' - image: 'daghaian/nzbthrottle' + pgrole: 'ombiHDR' + intport: '3579' + extport: '3581' + image: 'linuxserver/ombi' # CORE (MANDATORY) ############################################################ - name: 'Including cron job' - include_tasks: '/opt/communityapps/apps/_core.yml' + include_tasks: '/opt/coreapps/apps/_core.yml' - - name: 'Checking {{pgrole}}'s json existance' + # PRETASKS #################################################################### + - name: Check JSON exists stat: - path: '/opt/communityapps/apps/templates/{{pgrole}}/config.json' - register: jsoncheck + path: '/opt/appdata/{{pgrole}}/appsettings.json' + register: jsonfile - - name: 'Copying file for {{pgrole}}' - copy: - src: '/opt/communityapps/apps/templates/{{pgrole}}/config.json' - dest: '/opt/appdata/{{pgrole}}/{{pgrole}}/config.json' - directory_mode: yes - force: yes + - name: 'Download {{pgrole}} appsettings.json config file' + get_url: + url: https://raw.githubusercontent.com/tidusjar/Ombi/master/src/Ombi/appsettings.json + dest: /opt/appdata/{{pgrole}}/appsettings.json owner: '1000' group: '1000' - mode: 0775 - when: not jsoncheck.stat.exists + force: no + ignore_errors: True + when: jsonfile.stat.exists == False # LABELS ###################################################################### - name: 'Adding Traefik' set_fact: pg_labels: - traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + #traefik.frontend.auth.forward.address: '{{gauth}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - '/etc/localtime:/etc/localtime:ro' - - '/opt/appdata/{{pgrole}}/config.json:/{{pgrole}}/config.json:ro' + - '/opt/appdata/{{pgrole}}:/config' + - '/opt/appdata/{{pgrole}}/appsettings.json:/opt/{{pgrole}}/appsettings.json' - name: 'Setting PG ENV' set_fact: @@ -60,6 +70,7 @@ PGID: '1000' # MAIN DEPLOYMENT ############################################################# + - name: 'Deploying {{pgrole}}' docker_container: name: '{{pgrole}}' diff --git a/apps/organizr.yml b/apps/organizr.yml index 2a89008..d0f9af6 100644 --- a/apps/organizr.yml +++ b/apps/organizr.yml @@ -28,7 +28,7 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' traefik.frontend.headers.SSLHost: '{{domain.stdout}}' traefik.frontend.headers.SSLRedirect: 'true' traefik.frontend.headers.STSIncludeSubdomains: 'true' diff --git a/apps/pyload.yml b/apps/pyload.yml index ee21ab0..0b9186e 100644 --- a/apps/pyload.yml +++ b/apps/pyload.yml @@ -31,7 +31,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/qbittorrent-vpn.yml b/apps/qbittorrent-vpn.yml index 5c4e955..032a005 100644 --- a/apps/qbittorrent-vpn.yml +++ b/apps/qbittorrent-vpn.yml @@ -13,13 +13,11 @@ - name: 'Set Known Facts' set_fact: - pgrole: 'qbittorrent' - intport: '8998' - extport: '8998' - intport1: '8118' - extport1: '8118' - intport2: '6881' - extport2: '6881' + pgrole: 'qbittorrent-vpn' + intport: '8080' + extport: '8098' + intport2: '8118' + extport2: '8118' dnsserver1: '1.1.1.1' dnsserver2: '84.200.69.80' dnsserver3: '37.235.1.174' @@ -45,15 +43,24 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - '/etc/localtime:/etc/localtime:ro' - - '/opt/appdata/{{pgrole}}:/config' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' - name: 'Setting PG ENV' set_fact: @@ -72,9 +79,6 @@ NAME_SERVERS: '{{dnsserver1}},{{dnsserver2}},{{dnsserver3}},{{dnsserver4}}' DEBUG: 'false' WEBUI_PORT: '{{intport}}' - - - # MAIN DEPLOYMENT ############################################################# - name: 'Checking for existing app data' @@ -89,7 +93,6 @@ pull: yes published_ports: - '{{ports.stdout}}{{extport}}:{{intport}}' - - '{{ports.stdout}}{{extport1}}:{{intport1}}' - '{{ports.stdout}}{{extport2}}:{{intport2}}' volumes: '{{pg_volumes}}' env: '{{pg_env}}' @@ -123,6 +126,14 @@ name: '{{pgrole}}' state: stopped + - name: Set torrent port + ini_file: + path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' + section: Preferences + option: Connection\PortRangeMin + value: '7889' + state: present + - name: Set SavePath ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' @@ -131,7 +142,6 @@ value: '{{path.stdout}}/downloads/{{pgrole}}' state: present - - name: Set TempPathEnabled ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' @@ -142,19 +152,18 @@ - name: Get latest blocklist shell: curl -L http://john.bitsurge.net/public/biglist.p2p.gz | gzip -cdf > /opt/appdata/{{pgrole}}/qBittorrent/config/biglist.p2p - + - name: 'Checking for existing openvpn folder' stat: path: '/opt/appdata/{{pgrole}}/openvpn' register: ovpncheck - - name: Initialize opvn + - name: Initialize opvn block: - name: Create opvn folder shell: mkdir /opt/appdata/{{pgrole}}/openvpn && touch mkdir /opt/appdata/{{pgrole}}/openvpn/OVPN\ files\ go\ here && chown -R {{puid}}:{{pgid}} /opt/appdata/{{pgrole}}/openvpn when: not ovpncheck.stat.exists - # FIRST TIME CONFIGURATION #################################################### - name: 'Configuring {{pgrole}} for first time use' block: @@ -286,7 +295,7 @@ value: false force: yes state: present - + - name: Set ServerDomains ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' @@ -339,7 +348,7 @@ value: '/config/qBittorrent/config/biglist.p2p' force: yes state: present - + - name: Set default login ini_file: path: '/opt/appdata/{{pgrole}}/qBittorrent/config/qBittorrent.conf' @@ -348,9 +357,9 @@ value: '@ByteArray(22f616dbc8cdb4aa96105b1c8f36ea63)' force: yes state: present - + when: not confcheck.stat.exists - name: Restart {{pgrole}} docker_container: name: '{{pgrole}}' - state: started \ No newline at end of file + state: started diff --git a/apps/radarr4k.yml b/apps/radarr4k.yml index 7c3a2cd..82d97f6 100644 --- a/apps/radarr4k.yml +++ b/apps/radarr4k.yml @@ -28,16 +28,26 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' + - '/etc/localtime:/etc/localtime:ro' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' - - '/etc/localtime:/etc/localtime:ro' - + - '/opt/appdata/{{pgrole}}:/config' + - '/opt/appdata/{{pgrole}}/mp4_automator:/config_mp4_automator' + - name: 'Setting PG ENV' set_fact: pg_env: diff --git a/apps/radarrhdr.yml b/apps/radarrhdr.yml index 8c468d7..b2273f4 100644 --- a/apps/radarrhdr.yml +++ b/apps/radarrhdr.yml @@ -28,16 +28,26 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' + - '/etc/localtime:/etc/localtime:ro' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' - - '/etc/localtime:/etc/localtime:ro' - + - '/opt/appdata/{{pgrole}}:/config' + - '/opt/appdata/{{pgrole}}/mp4_automator:/config_mp4_automator' + - name: 'Setting PG ENV' set_fact: pg_env: diff --git a/apps/rclonebrowser.yml b/apps/rclonebrowser.yml index 876bff1..998974e 100644 --- a/apps/rclonebrowser.yml +++ b/apps/rclonebrowser.yml @@ -30,7 +30,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -39,6 +48,7 @@ - '{{path.stdout}}:{{path.stdout}}' - '/mnt/unionfs:/unionfs:rw' - '/mnt:/mnt:rw' + - '/opt/appdata/plexguide:/host_rcloneconf_folder:ro' - '/etc/localtime:/etc/localtime:ro' - name: 'Setting PG ENV' @@ -46,8 +56,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: diff --git a/apps/rdp-calibre.yml b/apps/rdp-calibre.yml index 8b5576d..aa9c2e9 100644 --- a/apps/rdp-calibre.yml +++ b/apps/rdp-calibre.yml @@ -3,7 +3,7 @@ # Title: PGBlitz (rdp-calibre) # Author(s): MrDoob # URL: https://pgblitz.com - http://github.pgblitz.com -# GNU: General Public License v3.0 +# GNU: General Public License v3.0 ################################################################################ --- - hosts: localhost @@ -30,7 +30,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -47,10 +56,9 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' WIDTH: '1280' HEIGHT: '720' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: @@ -59,7 +67,7 @@ pull: yes published_ports: - '{{ports.stdout}}{{extport}}:{{intport}}' - - '{{ports.stdout}}{{extport2}}:{{intport2}}' + - '{{ports.stdout}}{{extport2}}:{{intport2}}' volumes: '{{pg_volumes}}' env: '{{pg_env}}' restart_policy: unless-stopped diff --git a/apps/resilio.yml b/apps/resilio.yml index 9af7405..7317a08 100644 --- a/apps/resilio.yml +++ b/apps/resilio.yml @@ -47,7 +47,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/rflood-vpn.yml b/apps/rflood-vpn.yml index 331cbe3..5e1329d 100644 --- a/apps/rflood-vpn.yml +++ b/apps/rflood-vpn.yml @@ -13,7 +13,7 @@ - name: 'Set Known Facts' set_fact: - pgrole: 'rflood' + pgrole: 'rflood-vpn' intport: '80' extport: '5896' image: 'h1f0x/rtorrent-flood-openvpn' @@ -40,17 +40,24 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' - - '{{path.stdout}}:{{path.stdout}}' - - '/mnt/unionfs:/unionfs' - - '/mnt/downloads/{{pgrole}}:/output/complete' - - '/mnt/incomplete/{{pgrole}}:/output/incomplete' - '/etc/localtime:/etc/localtime:ro' + - '{{path.stdout}}:{{path.stdout}}' + - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' - name: 'Setting PG ENV' set_fact: diff --git a/apps/rutorrent-vpn.yml b/apps/rutorrent-vpn.yml index 4824609..fe411a6 100644 --- a/apps/rutorrent-vpn.yml +++ b/apps/rutorrent-vpn.yml @@ -27,11 +27,11 @@ - name: 'Including folders' include_tasks: '/opt/communityapps/apps/_downloaders.yml' - - - name: 'Ini Check' + + - name: Checking for existing app data stat: - path: /opt/appdata/{{pgrole}}/core.conf - register: inicheck + path: '/opt/appdata/{{pgrole}}/rutorrent/rtorrent/rtorrent.rc' + register: rccheck # LABELS ###################################################################### - name: 'Adding Traefik' @@ -40,17 +40,25 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' - - '{{path.stdout}}:{{path.stdout}}' - - '/mnt/unionfs:/unionfs' - - '/mnt/downloads/{{pgrole}}:/output/complete' - - '/mnt/incomplete/{{pgrole}}:/output/incomplete' - '/etc/localtime:/etc/localtime:ro' + - '{{path.stdout}}:{{path.stdout}}' + - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' + - '/opt/appdata/{{pgrole}}/sock:/run/php' - name: 'Setting PG ENV' set_fact: @@ -76,3 +84,234 @@ privileged: yes state: started labels: '{{pg_labels}}' + + # CONFIGURATION #################################################### + - name: 'Waiting for {{pgrole}} to initialize' + wait_for: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + state: present + msg: rtorrent.rc creation failed + + - name: 'Stopping {{pgrole}}' + docker_container: + name: '{{pgrole}}' + state: stopped + + # This is needed for rutorrent b/c it's weird. + - name: 'Setting ownership on appdata recursivley (this can take a while!)' + shell: 'chown -R 1000:1000 /opt/appdata/{{pgrole}}' + + - name: 'Setting permissions on appdata recursivley (this can take a while!)' + shell: 'chmod -R 775 /opt/appdata/{{pgrole}}'#*check_hash\s*=.*' + + - name: Set download location + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*directory\s*=.*' + line: 'directory = {{path.stdout}}/downloads/{{pgrole}}' + state: present + + - name: Set download location + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*directory.default.set\s*=.*' + line: 'directory.default.set = {{path.stdout}}/downloads/{{pgrole}}' + state: present + + # - name: Set download completed move location + # lineinfile: + # path: "/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc" + # regexp: '#*method.insert\s*=\s*d.get_finished_dir.*' + # line: 'method.insert = d.get_finished_dir, simple, "cat={path.stdout}}/downloads/{{pgrole}}/,$d.custom1="' + # state: present + + # - name: Set download data path location + # lineinfile: + # path: "/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc" + # regexp: '#*method.insert\s*=\s*d.data_path.*' + # line: 'method.insert = d.data_path, simple, "if=(d.is_multi_file), (cat,(d.directory),/), (cat,(d.directory),/,(d.name))"' + # state: present + + # - name: Enable download completed move + # lineinfile: + # path: "/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc" + # regexp: '#*method.insert\s*=\s*d.move_to_complete,\s*simple.*' + # line: 'method.insert = d.move_to_complete, simple, "d.directory.set=$argument.1=; execute=mkdir,-p,$argument.1=; execute=mv,-u,$argument.0=,$argument.1=; d.save_full_session="' + # state: present + + # - name: Enable download completed move event + # lineinfile: + # path: "/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc" + # regexp: '#*method.set_key\s*=\s*event.download.finished,move_complete.*' + # line: 'method.set_key = event.download.finished,move_complete,"d.move_to_complete=$d.data_path=,$d.get_finished_dir="' + # state: present + + # FIRST TIME CONFIGURATION #################################################### + - name: 'Configuring {{pgrole}} for first time use' + block: + - name: Upload Rate + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*upload_rate\s*=.*' + line: 'upload_rate = 100000' + state: present + + - name: Download Rate + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*download_rate\s*=.*' + line: 'download_rate = 100000' + state: present + + - name: max_downloads + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*throttle.max_downloads.global.set\s*=.*' + line: 'throttle.max_downloads.global.set = 500' + state: present + - name: max_uploads + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*throttle.max_uploads.global.set\s*=.*' + line: 'throttle.max_uploads.global.set = 50' + state: present + + - name: No File Allocation + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*system.file.allocate.set\s*=.*' + line: 'system.file.allocate.set = 0' + state: present + + - name: min_peers + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*min_peers\s*=.*' + line: 'min_peers = 40' + state: present + + - name: max_peers + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*max_peers\s*=.*' + line: 'max_peers = 1200' + state: present + + - name: max_uploads + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*max_uploads\s*=.*' + line: 'max_uploads = 15' + state: present + + - name: max_downloads + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*max_downloads\s*=.*' + line: 'max_downloads = 10' + state: present + + - name: Upload Rate + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*upload_rate\s*=.*' + line: 'upload_rate = 30000' + state: present + + - name: Download Rate + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*download_rate\s*=.*' + line: 'download_rate = 90000' + state: present + + - name: Global Upload to Unlmited + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*throttle.global_up.max_rate.set_kb\s*=.*' + line: 'throttle.global_up.max_rate.set_kb = 0' + state: present + + - name: DHT disable + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*dht\s*=.*' + line: '#dht = auto' + state: present + + - name: DHT port + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*dht_port\s*=.*' + line: '#dht_port = 6881' + state: present + + - name: check Hash + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*check_hash\s*=.*' + line: 'check_hash = no' + state: present + + - name: Preload Piece to Host + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*pieces.preload.type\s*=.*' + line: 'pieces.preload.type = 2' + state: present + + - name: lower DNS timeout + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*network.http.dns_cache_timeout.set\s*=.*' + line: 'network.http.dns_cache_timeout.set = 25' + state: present + + - name: Network Send Buffer Size + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*network.send_buffer.size.set\s*=.*' + line: 'network.send_buffer.size.set = 12M' + state: present + + - name: Network Recived Buffer Size + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*network.receive_buffer.size.set\s*=.*' + line: 'network.receive_buffer.size.set = 4M' + state: present + + - name: Announce-Interval Min rescan + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*throttle.min_peers.seed.set\s*=.*' + line: 'throttle.min_peers.seed.set = 0' + state: present + + - name: Announce-Interval Max rescan + lineinfile: + path: '/opt/appdata/{{pgrole}}/rtorrent/rtorrent.rc' + regexp: '#*throttle.max_peers.seed.set\s*=.*' + line: 'throttle.max_peers.seed.set = -1' + state: present + + - name: Do not save uploaded Torrents + lineinfile: + path: '/opt/appdata/{{pgrole}}/rutorrent/settings/config.php' + regexp: '\$saveUploadedTorrents\s*=.*' + line: '$saveUploadedTorrents = false;' + state: present + + - name: overwrite uploaded Torrents + lineinfile: + path: '/opt/appdata/{{pgrole}}/rutorrent/settings/config.php' + regexp: '\$overwriteUploadedTorrents\s*=.*' + line: '$overwriteUploadedTorrents = true;' + state: present + + when: not rccheck.stat.exists + + - name: Restart Docker Container + docker_container: + name: '{{pgrole}}' + state: started diff --git a/apps/sharesite.yml b/apps/sharesite.yml index 91056a1..75a0790 100644 --- a/apps/sharesite.yml +++ b/apps/sharesite.yml @@ -40,7 +40,17 @@ traefik.port: '{{intport}}' traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + - name: 'Setting PG Volumes' set_fact: @@ -50,7 +60,6 @@ - '/etc/localtime:/etc/localtime:ro' - '/mnt:/mnt' - - name: 'Setting PG ENV' set_fact: pg_env: diff --git a/apps/shoko.yml b/apps/shoko.yml index 0a38b9a..aca857f 100644 --- a/apps/shoko.yml +++ b/apps/shoko.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/sonarr4k.yml b/apps/sonarr4k.yml index fe4fbaf..6af800c 100644 --- a/apps/sonarr4k.yml +++ b/apps/sonarr4k.yml @@ -29,16 +29,26 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' + - '/etc/localtime:/etc/localtime:ro' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' - - '/etc/localtime:/etc/localtime:ro' - + - '/opt/appdata/{{pgrole}}:/config' + - '/opt/appdata/{{pgrole}}/mp4_automator:/config_mp4_automator' + - name: 'Setting PG ENV' set_fact: pg_env: diff --git a/apps/sonarrhdr.yml b/apps/sonarrhdr.yml index 3a80027..c415e31 100644 --- a/apps/sonarrhdr.yml +++ b/apps/sonarrhdr.yml @@ -29,16 +29,26 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' + - '/etc/localtime:/etc/localtime:ro' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' - - '/etc/localtime:/etc/localtime:ro' - + - '/opt/appdata/{{pgrole}}:/config' + - '/opt/appdata/{{pgrole}}/mp4_automator:/config_mp4_automator' + - name: 'Setting PG ENV' set_fact: pg_env: diff --git a/apps/speedtest.yml b/apps/speedtest.yml index 1c29241..91a0f53 100644 --- a/apps/speedtest.yml +++ b/apps/speedtest.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/subsonic.yml b/apps/subsonic.yml index bb68be9..3ceec08 100644 --- a/apps/subsonic.yml +++ b/apps/subsonic.yml @@ -3,7 +3,7 @@ # Title: PGBlitz (danisla/subsonic) # Author(s): MrDoob # URL: https://pgblitz.com - http://github.pgblitz.com -# GNU: General Public License v3.0 +# GNU: General Public License v3.0 ################################################################################ --- - hosts: localhost @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -43,7 +52,6 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' @@ -61,4 +69,4 @@ aliases: - '{{pgrole}}' state: started - labels: '{{pg_labels}}' \ No newline at end of file + labels: '{{pg_labels}}' diff --git a/apps/synclounge.yml b/apps/synclounge.yml index 80eb4fa..98be016 100644 --- a/apps/synclounge.yml +++ b/apps/synclounge.yml @@ -17,7 +17,7 @@ intport: '8088' extport: '8088' intport2: '8089' - extport2: '8089' + extport2: '8102' image: 'starbix/synclounge' # CORE (MANDATORY) ############################################################ diff --git a/apps/syncthing.yml b/apps/syncthing.yml index cff6db7..5523cd1 100644 --- a/apps/syncthing.yml +++ b/apps/syncthing.yml @@ -40,7 +40,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/teamspeak3.yml b/apps/teamspeak3.yml index cf1b51e..897d2f0 100644 --- a/apps/teamspeak3.yml +++ b/apps/teamspeak3.yml @@ -41,7 +41,17 @@ traefik.enable: 'false' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + # VOLUMES ######### - name: 'Setting PG Volumes' diff --git a/apps/templates/broken/kodi-headless.yml b/apps/templates/broken/kodi-headless.yml deleted file mode 100644 index 88ccc68..0000000 --- a/apps/templates/broken/kodi-headless.yml +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -# -# Title: PGBlitz (linuxserver/kodi-headless) -# Author(s): MrDoob -# URL: https://pgblitz.com - http://github.pgblitz.com -# GNU: General Public License v3.0 -################################################################################ ---- -- hosts: localhost - gather_facts: false - tasks: - # FACTS ####################################################################### - - name: 'Set Known Facts' - set_fact: - pgrole: 'kodi-headless' - intport: '8080' - extport: '8088' - intport2: '9090' - extport2: '9099' - intport3: '9777' - extport3: '9777/udp' - image: 'linuxserver/kodi-headless:latest' - - # CORE (MANDATORY) ############################################################ - - name: 'Including cron job' - include_tasks: '/opt/communityapps/apps/_core.yml' - - # LABELS ###################################################################### - - name: 'Adding Traefik' - set_fact: - pg_labels: - traefik.enable: 'true' - traefik.port: '{{intport}}' - traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' - - - name: 'Setting PG Volumes' - set_fact: - pg_volumes: - - '/opt/appdata/{{pgrole}}/config:/config/.kodi:rw' - - '/mnt:/mnt:rw' - - '/etc/localtime:/etc/localtime:ro' - - - name: 'Setting PG ENV' - set_fact: - pg_env: - PUID: '1000' - PGID: '1000' - TZ: '${TZ}' - - # MAIN DEPLOYMENT ############################################################# - - name: 'Deploying {{pgrole}}' - docker_container: - name: '{{pgrole}}' - image: '{{image}}' - pull: yes - published_ports: - - '{{extport}}:{{intport}}' - - '{{extport2}}:{{intport2}}' - - '{{extport3}}:{{intport3}}' - volumes: '{{pg_volumes}}' - env: '{{pg_env}}' - restart_policy: always - networks: - - name: plexguide - aliases: - - '{{pgrole}}' - state: started - labels: '{{pg_labels}}' diff --git a/apps/templates/cloudcmd/cloudcmd.json b/apps/templates/cloudcmd/cloudcmd.json index 8467513..3c0a36d 100644 --- a/apps/templates/cloudcmd/cloudcmd.json +++ b/apps/templates/cloudcmd/cloudcmd.json @@ -33,4 +33,4 @@ "showConfig": false, "vim": false, "columns": "name-size-date-owner-mode" -} \ No newline at end of file +} diff --git a/apps/templates/deluge/plugins/extractor.conf b/apps/templates/deluge/plugins/extractor.conf index 32e8ff4..f2c8076 100644 --- a/apps/templates/deluge/plugins/extractor.conf +++ b/apps/templates/deluge/plugins/extractor.conf @@ -3,5 +3,5 @@ "format": 1 }{ "use_name_folder": true, - "extract_path": "/downloads/deluge/" + "extract_path": "/mnt/downloads/{{pgrole}}/" } diff --git a/apps/templates/radarr4k/mp4_automator/autoProcess.ini b/apps/templates/radarr4k/mp4_automator/autoProcess.ini new file mode 100644 index 0000000..9683be4 --- /dev/null +++ b/apps/templates/radarr4k/mp4_automator/autoProcess.ini @@ -0,0 +1,55 @@ +[Radarr] +host = localhost +port = 7878 +web_root = +ssl = False +apikey = + +[MP4] +ffmpeg = /usr/bin/ffmpeg +ffprobe = /usr/bin/ffprobe +threads = auto +output_directory = +copy_to = +move_to = +output_extension = mp4 +output_format = mp4 +delete_original = True +relocate_moov = True +video-codec = h264,x264 +video-bitrate = +video-crf = +video-max-width = +video-profile = +h264-max-level = +use-qsv-decoder-with-encoder = True +use-hevc-qsv-decoder = False +enable_dxva2_gpu_decode = False +ios-audio = True +ios-first-track-only = False +ios-audio-filter = +ios-move-last = False +max-audio-channels = +audio-codec = ac3 +audio-language = +audio-default-language = +audio-channel-bitrate = +audio-filter = +audio-copy-original = False +subtitle-codec = mov_text +subtitle-language = +subtitle-default-language = +subtitle-encoding = +fullpathguess = True +convert-mp4 = False +tagfile = True +tag-language = en +download-artwork = Poster +download-subs = False +embed-subs = True +embed-only-internal-subs = False +sub-providers = addic7ed,podnapisi,thesubdb,opensubtitles +permissions = 0777 +post-process = False +pix-fmt = +aac_adtstoasc = False diff --git a/apps/templates/radarr4k/scripts/cleanup-radarr.sh b/apps/templates/radarr4k/scripts/cleanup-radarr.sh new file mode 100644 index 0000000..b4c38f5 --- /dev/null +++ b/apps/templates/radarr4k/scripts/cleanup-radarr.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -d "$radarr_moviefile_sourcefolder" ] && [ "$(basename $radarr_moviefile_sourcefolder)" = "deluge_extracted" ] ; then + /bin/rm -rf $radarr_moviefile_sourcefolder +fi \ No newline at end of file diff --git a/apps/templates/radarrhdr/mp4_automator/autoProcess.ini b/apps/templates/radarrhdr/mp4_automator/autoProcess.ini new file mode 100644 index 0000000..9683be4 --- /dev/null +++ b/apps/templates/radarrhdr/mp4_automator/autoProcess.ini @@ -0,0 +1,55 @@ +[Radarr] +host = localhost +port = 7878 +web_root = +ssl = False +apikey = + +[MP4] +ffmpeg = /usr/bin/ffmpeg +ffprobe = /usr/bin/ffprobe +threads = auto +output_directory = +copy_to = +move_to = +output_extension = mp4 +output_format = mp4 +delete_original = True +relocate_moov = True +video-codec = h264,x264 +video-bitrate = +video-crf = +video-max-width = +video-profile = +h264-max-level = +use-qsv-decoder-with-encoder = True +use-hevc-qsv-decoder = False +enable_dxva2_gpu_decode = False +ios-audio = True +ios-first-track-only = False +ios-audio-filter = +ios-move-last = False +max-audio-channels = +audio-codec = ac3 +audio-language = +audio-default-language = +audio-channel-bitrate = +audio-filter = +audio-copy-original = False +subtitle-codec = mov_text +subtitle-language = +subtitle-default-language = +subtitle-encoding = +fullpathguess = True +convert-mp4 = False +tagfile = True +tag-language = en +download-artwork = Poster +download-subs = False +embed-subs = True +embed-only-internal-subs = False +sub-providers = addic7ed,podnapisi,thesubdb,opensubtitles +permissions = 0777 +post-process = False +pix-fmt = +aac_adtstoasc = False diff --git a/apps/templates/radarrhdr/scripts/cleanup-radarr.sh b/apps/templates/radarrhdr/scripts/cleanup-radarr.sh new file mode 100644 index 0000000..b4c38f5 --- /dev/null +++ b/apps/templates/radarrhdr/scripts/cleanup-radarr.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -d "$radarr_moviefile_sourcefolder" ] && [ "$(basename $radarr_moviefile_sourcefolder)" = "deluge_extracted" ] ; then + /bin/rm -rf $radarr_moviefile_sourcefolder +fi \ No newline at end of file diff --git a/apps/templates/sonarr4k/mp4_automator/autoProcess.ini b/apps/templates/sonarr4k/mp4_automator/autoProcess.ini new file mode 100644 index 0000000..14efd40 --- /dev/null +++ b/apps/templates/sonarr4k/mp4_automator/autoProcess.ini @@ -0,0 +1,55 @@ +[Sonarr] +host = localhost +port = 8989 +web_root = +ssl = False +apikey = + +[MP4] +ffmpeg = /usr/bin/ffmpeg +ffprobe = /usr/bin/ffprobe +threads = auto +output_directory = +copy_to = +move_to = +output_extension = mp4 +output_format = mp4 +delete_original = True +relocate_moov = True +video-codec = h264,x264 +video-bitrate = +video-crf = +video-max-width = +video-profile = +h264-max-level = +use-qsv-decoder-with-encoder = True +use-hevc-qsv-decoder = False +enable_dxva2_gpu_decode = False +ios-audio = True +ios-first-track-only = False +ios-audio-filter = +ios-move-last = False +max-audio-channels = +audio-codec = ac3 +audio-language = +audio-default-language = +audio-channel-bitrate = +audio-filter = +audio-copy-original = False +subtitle-codec = mov_text +subtitle-language = +subtitle-default-language = +subtitle-encoding = +fullpathguess = True +convert-mp4 = False +tagfile = True +tag-language = en +download-artwork = Poster +download-subs = False +embed-subs = True +embed-only-internal-subs = False +sub-providers = addic7ed,podnapisi,thesubdb,opensubtitles +permissions = 0777 +post-process = False +pix-fmt = +aac_adtstoasc = False diff --git a/apps/templates/sonarrhdr/mp4_automator/autoProcess.ini b/apps/templates/sonarrhdr/mp4_automator/autoProcess.ini new file mode 100644 index 0000000..14efd40 --- /dev/null +++ b/apps/templates/sonarrhdr/mp4_automator/autoProcess.ini @@ -0,0 +1,55 @@ +[Sonarr] +host = localhost +port = 8989 +web_root = +ssl = False +apikey = + +[MP4] +ffmpeg = /usr/bin/ffmpeg +ffprobe = /usr/bin/ffprobe +threads = auto +output_directory = +copy_to = +move_to = +output_extension = mp4 +output_format = mp4 +delete_original = True +relocate_moov = True +video-codec = h264,x264 +video-bitrate = +video-crf = +video-max-width = +video-profile = +h264-max-level = +use-qsv-decoder-with-encoder = True +use-hevc-qsv-decoder = False +enable_dxva2_gpu_decode = False +ios-audio = True +ios-first-track-only = False +ios-audio-filter = +ios-move-last = False +max-audio-channels = +audio-codec = ac3 +audio-language = +audio-default-language = +audio-channel-bitrate = +audio-filter = +audio-copy-original = False +subtitle-codec = mov_text +subtitle-language = +subtitle-default-language = +subtitle-encoding = +fullpathguess = True +convert-mp4 = False +tagfile = True +tag-language = en +download-artwork = Poster +download-subs = False +embed-subs = True +embed-only-internal-subs = False +sub-providers = addic7ed,podnapisi,thesubdb,opensubtitles +permissions = 0777 +post-process = False +pix-fmt = +aac_adtstoasc = False diff --git a/apps/thelounge.yml b/apps/thelounge.yml index 1fbefb0..4e8d21f 100644 --- a/apps/thelounge.yml +++ b/apps/thelounge.yml @@ -29,7 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/traktor.yml b/apps/traktor.yml index 4452565..d2b9314 100644 --- a/apps/traktor.yml +++ b/apps/traktor.yml @@ -29,14 +29,24 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - - '/opt/appdata/{{pgrole}}:/config' - - '{{path.stdout}}:{{path.stdout}}' - '/etc/localtime:/etc/localtime:ro' + - '{{path.stdout}}:{{path.stdout}}' + - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' - '/opt/appdata/plex/database/Library/Application Support/Plex Media Server/Plug-in Support/Databases:/plex:ro' - name: 'Setting PG ENV' diff --git a/apps/transmission-vpn.yml b/apps/transmission-vpn.yml index 0ff2e20..80a6a08 100644 --- a/apps/transmission-vpn.yml +++ b/apps/transmission-vpn.yml @@ -27,12 +27,12 @@ - name: Checking for existing rss folder stat: - path: "/opt/appdata/{{pgrole}}/rss" + path: '/opt/appdata/{{pgrole}}/rss' register: rsscheck - name: Checking for existing rss config stat: - path: "/opt/appdata/{{pgrole}}/rss/transmission-rss.conf" + path: '/opt/appdata/{{pgrole}}/rss/transmission-rss.conf' register: cfgcheck # LABELS ###################################################################### @@ -42,15 +42,24 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: pg_volumes: - '/etc/localtime:/etc/localtime:ro' - - '/opt/appdata/{{pgrole}}:/config' - '{{path.stdout}}:{{path.stdout}}' - '/mnt:/mnt' + - '/opt/appdata/{{pgrole}}:/config' - name: 'Setting {{pgrole2}} Volumes' set_fact: @@ -120,13 +129,13 @@ - name: 'RSS feed configuration - Folder' block: - name: 'Creating RSS folder' - shell: "mkdir /opt/appdata/{{pgrole}}/rss" + shell: 'mkdir /opt/appdata/{{pgrole}}/rss' when: not rsscheck.stat.exists - name: 'RSS feed configuration - Config' block: - name: 'Creating configuration file' - shell: "touch /opt/appdata/{{pgrole}}/rss/transmission-rss.conf && chown -R 1000:1000 /opt/appdata/{{pgrole}}/rss/ && echo see https://git.io/fhAm2 to configure > /opt/appdata/{{pgrole}}/rss/transmission-rss.conf" + shell: 'touch /opt/appdata/{{pgrole}}/rss/transmission-rss.conf && chown -R 1000:1000 /opt/appdata/{{pgrole}}/rss/ && echo see https://git.io/fhAm2 to configure > /opt/appdata/{{pgrole}}/rss/transmission-rss.conf' when: not cfgcheck.stat.exists - name: 'Deploying {{pgrole2}}' @@ -143,7 +152,7 @@ - name: 'Wait for {{pgrole}} to initialize' wait_for: timeout=30 - + - name: 'Stopping {{pgrole}}. Go configure ENV values.' docker_container: name: '{{pgrole}}' diff --git a/apps/ubooquity.yml b/apps/ubooquity.yml index fea2b84..6d1b048 100644 --- a/apps/ubooquity.yml +++ b/apps/ubooquity.yml @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/unifi.yml b/apps/unifi.yml index ed6cef6..36948ff 100644 --- a/apps/unifi.yml +++ b/apps/unifi.yml @@ -18,7 +18,7 @@ intport2: '10001/udp' extport2: '10001' intport3: '8080/tcp' - extport3: '8088' + extport3: '8103' intport4: '8081/tcp' extport4: '8081' intport5: '8443/tcp' @@ -35,23 +35,22 @@ - name: 'Adding Traefik' set_fact: pg_labels: - traefik.enable: 'true' - traefik.tags: 'frontend' - traefik.frontend.passHostHeader: 'true' - traefik.backend: '{{pgrole}}' - traefik.admin.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' - traefik.admin.port: '{{intport5}}' - traefik.admin.protocol: 'https' - traefik.frontend.headers.SSLRedirect: 'true' - traefik.frontend.headers.STSSeconds: '315360000' - traefik.frontend.headers.browserXSSFilter: 'true' - traefik.frontend.headers.contentTypeNosniff: 'true' - traefik.frontend.headers.forceSTSHeader: 'true' - traefik.frontend.headers.SSLHost: '{{domain.stdout}}' - traefik.frontend.headers.STSIncludeSubdomains: 'true' - traefik.frontend.headers.STSPreload: 'true' - traefik.frontend.headers.frameDeny: 'true' - + traefik.enable: 'true' + traefik.tags: 'frontend' + traefik.frontend.passHostHeader: 'true' + traefik.backend: '{{pgrole}}' + traefik.admin.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.admin.port: '{{intport5}}' + traefik.admin.protocol: 'https' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + - name: 'Setting PG Volumes' set_fact: pg_volumes: @@ -63,8 +62,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: diff --git a/apps/varken.yml b/apps/varken.yml index 2011338..b18b6e4 100644 --- a/apps/varken.yml +++ b/apps/varken.yml @@ -32,7 +32,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/vnc-xfce.yml b/apps/vnc-xfce.yml index 7ee217d..3c33680 100644 --- a/apps/vnc-xfce.yml +++ b/apps/vnc-xfce.yml @@ -3,7 +3,7 @@ # Title: PGBlitz (consol/ubuntu-xfce-vnc) # Author(s): MrDoob # URL: https://pgblitz.com - http://github.pgblitz.com -# GNU: General Public License v3.0 +# GNU: General Public License v3.0 ################################################################################ --- - hosts: localhost @@ -28,7 +28,16 @@ traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: @@ -44,8 +53,7 @@ pg_env: PUID: '1000' PGID: '1000' - TZ: '${TZ}' - + # MAIN DEPLOYMENT ############################################################# - name: 'Deploying {{pgrole}}' docker_container: diff --git a/apps/xteve.yml b/apps/xteve.yml index e222fe8..9027d05 100644 --- a/apps/xteve.yml +++ b/apps/xteve.yml @@ -30,7 +30,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/zammad.yml b/apps/zammad.yml index 3481879..22348f8 100644 --- a/apps/zammad.yml +++ b/apps/zammad.yml @@ -9,30 +9,39 @@ - hosts: localhost gather_facts: false tasks: -# CORE (MANDATORY) DO NOT CHANGE ########################################### + # CORE (MANDATORY) DO NOT CHANGE ########################################### - name: 'Set Known Facts' set_fact: - pgrole: "zammad" - intport: "80" - extport: "8777" - image: "zammad/zammad" + pgrole: 'zammad' + intport: '80' + extport: '8777' + image: 'zammad/zammad' - name: 'Including cron job' include_tasks: '/opt/communityapps/apps/_core.yml' -# EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### + # EXTRA FUNCTIONS REQUIRED BY THE ROLE ##################################### -##### NOTHING REQUIRED + ##### NOTHING REQUIRED -# LABELS #### KEEPS BOTTOM CLEAN ########################################### + # LABELS #### KEEPS BOTTOM CLEAN ########################################### - name: 'Adding Traefik' set_fact: pg_labels: traefik.frontend.auth.forward.address: '{{gauth}}' traefik.enable: 'true' traefik.port: '{{intport}}' - traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}}{{tldset}}{{cname}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/place.holder b/place.holder index 8b13789..e69de29 100644 --- a/place.holder +++ b/place.holder @@ -1 +0,0 @@ -