### Cert-Manager CRD Installation Output Source: https://github.com/geek-cookbook/premix/blob/main/wash-hands/README.md Example output showing the successful creation of Cert-Manager CRDs after applying the manifest. ```yaml customresourcedefinition.apiextensions.k8s.io/certificaterequests.certmanager.io created customresourcedefinition.apiextensions.k8s.io/certificates.certmanager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.certmanager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.certmanager.io created customresourcedefinition.apiextensions.k8s.io/issuers.certmanager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.certmanager.io created ``` -------------------------------- ### Deploy Huginn Chart Source: https://github.com/geek-cookbook/premix/blob/main/charts/huginn/README.MD Instructions for deploying the Huginn Helm chart. This involves copying the default values file, customizing it, creating a namespace, and then upgrading or installing the chart with the custom values. ```bash cd charts/huginn cp values.yaml myvalues.yaml # (customize myvalues.yaml as necessary) kubectl create namespace huginn helm upgrade --install -f myvalues.yaml -n huginn huggin . ``` -------------------------------- ### Jellyfin Docker Container Source: https://github.com/geek-cookbook/premix/blob/main/jellyfin/readme.md This snippet represents the Dockerfile or a docker-compose configuration for running the Jellyfin media server. It outlines the necessary setup for deploying Jellyfin in a containerized environment. ```docker # Example Dockerfile for Jellyfin # This is a conceptual example and may not be a complete, runnable Dockerfile. FROM ubuntu:latest LABEL maintainer="Jellyfin Team " # Install Jellyfin dependencies and server RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ gnupg \ lsb-release \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* # Add Jellyfin repository and install RUN curl -fsSL https://repo.jellyfin.org/jellyfin_team.gpg.key | gpg --dearmor -o /usr/share/keyrings/jellyfin-archive-keyring.gpg RUN echo "deb [signed-by=/usr/share/keyrings/jellyfin-archive-keyring.gpg] https://repo.jellyfin.org/$( awk -F'/' '{ print tolower($1) }' /etc/os-release ) $( lsb_release -cs ) main" > /etc/apt/sources.list.d/jellyfin.list RUN apt-get update && apt-get install -y jellyfin && apt-get clean && rm -rf /var/lib/apt/lists/* # Expose Jellyfin port EXPOSE 8096 # Start Jellyfin server CMD ["/usr/bin/jellyfin"] ``` -------------------------------- ### Create FileBrowser Data Directory Source: https://github.com/geek-cookbook/premix/blob/main/filebrowser/README.md This command creates the directory required for FileBrowser to store its data. It is a prerequisite for launching the FileBrowser application. ```bash mkdir /var/data/runtime/filebrowser ``` -------------------------------- ### Create ConfigMaps Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Configures the mining pool components by creating Kubernetes ConfigMaps from example configuration files. This includes wallet configuration, pool settings, email templates, and Redis configuration. ```bash cp wallet.conf-example wallet.conf kubectl create configmap -n trtl wallet-conf --from-file=wallet.conf cp trtl.json-example trtl.json kubectl create configmap -n trtl pool-config --from-file=trtl.json kubectl create configmap -n trtl pool-email-txt --from-file=email.txt kubectl create configmap -n trtl redis-config --from-file=redis.conf ``` -------------------------------- ### Create Secret for Webhook Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Secures webhook communication by creating a Kubernetes secret containing the webhook token. This involves copying an example secret file and then creating the secret resource. ```bash cp webhook_token.secret-example webhook_token.secret kubectl create secret -n trtl generic trtl-credentials \ --from-file=webhook_token.secret ``` -------------------------------- ### Install Cert-Manager CRDs Source: https://github.com/geek-cookbook/premix/blob/main/wash-hands/README.md Installs the necessary Custom Resource Definitions (CRDs) for Cert-Manager. This is a prerequisite for using Cert-Manager. ```bash kubectl apply --validate=false \ -f https://raw.githubusercontent.com/jetstack/certmanager/release-0.13/deploy/manifests/00-crds.yaml ``` -------------------------------- ### Ansible Vault Variable Example Source: https://github.com/geek-cookbook/premix/blob/main/ansible/README.md Demonstrates how to define a secret variable within an Ansible Vault encrypted file. Variables should be prefixed with 'vault_' to indicate they are encrypted. ```ansible vault_proxmox_host_password: mysekritpassword ``` -------------------------------- ### Premix Project Parameters Source: https://github.com/geek-cookbook/premix/blob/main/charts/huginn/README.MD This section outlines the various parameters configurable for the Premix project. It covers settings related to deployment names, application replicas and labels, resource allocation, image pull policies, service ports, readiness and liveness probes, ingress controller configuration (Traefik or Kubernetes native), host and path settings, TLS configurations, annotations, SMTP server details for email notifications, database connection parameters, and options for seeding the database with initial data. It also includes settings for Twitter integration. ```APIDOC names: deployment: The name of the service (Default: huginn) service: The name of the secret (Default: huginn) secret: The name of the Ingress rule (Default: huginn) ingress: (Default: huginn) app: replicas: Number of application replicas (Default: 1) labels: app: Labels for the application (Default: Huginn) resources: Resources to allocate to each pod (Default: {}) image: image: The container image to use (Default: huginn/huginn) pullPolicy: The Image Pull Policy (Default: IfNotPresent) service: internalPort: The internal port for the service (Default: 3000) name: The name of the service port (Default: http-huginn) probes: liveness: httpPath: HTTP path for liveness probe (Default: /) readiness: httpPath: HTTP path for readiness probe (Default: /) ingress: enabled: Enable or disable ingress (Default: True) type: Type of ingress rule ('traefik' or 'kube') (Default: kube) host: Hostname to access the service (Default: huginn.local) path: Path to access the service (Default: /) tls: TLS settings for ingress (Default: {}) annotations: Annotations for the ingress (Default: {}) smtp: enable: Enable SMTP for sending emails (Default: True) domain: Mail domain to send from (Default: huginn.local) username: Email account username (Default: huginn@huginn.local) password: Email account password (Default: hugginwithhuginn) server: Email server address (Default: mail.local) port: Email server port (Default: 465) authentication: Email server authentication type (Default: plain) starttls: Use STARTTLS for email server (Default: True) invitation_code: Huginn Invitation Code (Default: HUGMEHUGINN) db: deploy: Deploy the database (Default: True) address: Database address (Default: nil) port: Database port (Default: 5432) username: Database username (Default: huginn) password: Database password (Default: huggingwithsql) seed: Seed the database with dummy data (Default: nil) twitter: enabled: Enable Twitter integration (Default: True) ``` -------------------------------- ### Manual Docker Swarm Deployment Source: https://github.com/geek-cookbook/premix/blob/main/README.md Instructions for manually deploying recipes using Docker Swarm. This involves cloning the repository, customizing configuration files (.yml and .env files), and ensuring correct paths and domain names are set. ```git git pull git@github.com:funkypenguin/geek-cookbook-premix.git /var/data/config ``` ```docker-compose # For each recipe, edit the .yml and replace my config (data paths, example.com domain name, etc) with yours # Where a .env-sample exists, rename this to .env, and customize ``` -------------------------------- ### Create Pods and Services Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Deploys the core components of the mining pool, including Redis, wallet, daemon, and the pool itself, as Kubernetes pods and services. Environment variables within the YAML files should be customized for the specific deployment. ```bash kubectl create -f redis.yml kubectl create -f wallet.yml kubectl create -f daemon.yml kubectl create -f pool.yml ``` -------------------------------- ### Create Namespace Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Creates a dedicated Kubernetes namespace for the Turtlecoin mining pool components. ```bash kubectl create -f namespace.yml ``` -------------------------------- ### PostgreSQL Configuration Source: https://github.com/geek-cookbook/premix/blob/main/charts/huginn/README.MD Configuration parameters for connecting to a PostgreSQL database. This includes username, password, and service port. ```APIDOC postgresql.fullnameOverride: description: Set the username here to the same one as in `db.username` default: null postgresql.postgresqlUsername: description: Set the password here to the same one as in `db.password` default: null postgresql.postgresqlPassword: description: PostgreSQL password default: null postgresql.service.port: description: PostgreSQL service port default: "5432" ``` -------------------------------- ### Ansible Vault Configuration for GitHub Flux Source: https://github.com/geek-cookbook/premix/blob/main/README.md Details on how to configure Ansible Vault with a GitHub personal access token for bootstrapping Flux. This token requires specific permissions to create repositories. ```ansible Save the token to your ansible vault, as github_flux_token ``` -------------------------------- ### Geek Cookbook Premix Configuration Parameters Source: https://github.com/geek-cookbook/premix/blob/main/charts/autopirate/README.MD This section details the various configuration parameters available for the Geek Cookbook Premix project. It covers storage claims for different data types (media, config, download) with options for size, annotations, labels, name, storage class, and access mode. Additionally, it includes settings for ingress enablement, name, type, and TLS, along with specific configurations for numerous applications. Each application's configuration includes settings for name, enablement, ingress details (host, path), labels, replicas, image, port, resources, and service type. ```APIDOC claims.media.size: Size of the media claim. Default: 1Gi claims.media.annotations: Annotations for the media claim. Default: {} claims.media.labels: Labels for the media claim. Default: {} claims.media.name: Name of the media claim. Default: media claims.media.storageClass: Storage class for the media claim. Default: local-path claims.media.accessMode: Access mode for the media claim. Default: ReadWriteOnce claims.config.size: Size of the config claim. Default: 10Mi claims.config.annotations: Annotations for the config claim. Default: {} claims.config.labels: Labels for the config claim. Default: {} claims.config.name: Name of the config claim. Default: config claims.config.storageClass: Storage class for the config claim. Default: local-path claims.config.accessMode: Access mode for the config claim. Default: ReadWriteOnce claims.download.size: Size of the download claim. Default: 1Gi claims.download.annotations: Annotations for the download claim. Default: {} claims.download.labels: Labels for the download claim. Default: {} claims.download.name: Name of the download claim. Default: download claims.download.storageClass: Storage class for the download claim. Default: local-path claims.download.accessMode: Access mode for the download claim. Default: ReadWriteOnce ingress.enabled: Enable ingress. Default: True ingress.name: Name of the ingress. Default: autopirate ingress.type: Type of the ingress. Default: kube ingress.tls: TLS configuration for ingress. Default: {} apps.bazarr.name: Name of the Bazarr application. Default: bazarr apps.bazarr.enable: Enable Bazarr. Default: True apps.bazarr.ingress.enable: Enable ingress for Bazarr. Default: True apps.bazarr.ingress.host: Hostname for Bazarr ingress. Default: bazarr.local apps.bazarr.ingress.path: Path for Bazarr ingress. Default: / apps.bazarr.labels: Labels for Bazarr deployment. Default: {} apps.bazarr.replicas: Number of replicas for Bazarr. Default: 1 apps.bazarr.image: Docker image for Bazarr. Default: linuxserver/bazarr apps.bazarr.port: Port for Bazarr service. Default: 6767 apps.bazarr.resources: Resource limits for Bazarr. Default: {} apps.bazarr.serviceType: Service type for Bazarr. Default: ClusterIP apps.sabnzbd.name: Name of the SABnzbd application. Default: sabnzbd apps.sabnzbd.enable: Enable SABnzbd. Default: nil apps.sabnzbd.ingress.enable: Enable ingress for SABnzbd. Default: True apps.sabnzbd.ingress.host: Hostname for SABnzbd ingress. Default: sabnzbd.local apps.sabnzbd.ingress.path: Path for SABnzbd ingress. Default: / apps.sabnzbd.labels: Labels for SABnzbd deployment. Default: {} apps.sabnzbd.replicas: Number of replicas for SABnzbd. Default: 1 apps.sabnzbd.image: Docker image for SABnzbd. Default: linuxserver/sabnzbd apps.sabnzbd.port: Port for SABnzbd service. Default: 8080 apps.sabnzbd.resources: Resource limits for SABnzbd. Default: {} apps.sabnzbd.serviceType: Service type for SABnzbd. Default: ClusterIP apps.nzbget.name: Name of the NZBGet application. Default: nzbget apps.nzbget.enable: Enable NZBGet. Default: True apps.nzbget.ingress.enable: Enable ingress for NZBGet. Default: True apps.nzbget.ingress.host: Hostname for NZBGet ingress. Default: nzbget.local apps.nzbget.ingress.path: Path for NZBGet ingress. Default: / apps.nzbget.labels: Labels for NZBGet deployment. Default: {} apps.nzbget.replicas: Number of replicas for NZBGet. Default: 1 apps.nzbget.image: Docker image for NZBGet. Default: linuxserver/nzbget apps.nzbget.port: Port for NZBGet service. Default: 6789 apps.nzbget.resources: Resource limits for NZBGet. Default: {} apps.nzbget.serviceType: Service type for NZBGet. Default: ClusterIP apps.rtorrent.name: Name of the rTorrent application. Default: rtorrent apps.rtorrent.enable: Enable rTorrent. Default: True apps.rtorrent.ingress.enable: Enable ingress for rTorrent. Default: True apps.rtorrent.ingress.host: Hostname for rTorrent ingress. Default: rtorrent.local apps.rtorrent.ingress.path: Path for rTorrent ingress. Default: / apps.rtorrent.labels: Labels for rTorrent deployment. Default: {} apps.rtorrent.replicas: Number of replicas for rTorrent. Default: 1 apps.rtorrent.image: Docker image for rTorrent. Default: linuxserver/rutorrent apps.rtorrent.port: Port for rTorrent service. Default: 80 apps.rtorrent.resources: Resource limits for rTorrent. Default: {} apps.rtorrent.serviceType: Service type for rTorrent. Default: ClusterIP apps.lazylibrarian.name: Name of the LazyLibrarian application. Default: lazylibrarian apps.lazylibrarian.enable: Enable LazyLibrarian. Default: True apps.lazylibrarian.ingress.enable: Enable ingress for LazyLibrarian. Default: True apps.lazylibrarian.ingress.host: Hostname for LazyLibrarian ingress. Default: lazylibrarian.local apps.lazylibrarian.ingress.path: Path for LazyLibrarian ingress. Default: / apps.lazylibrarian.labels: Labels for LazyLibrarian deployment. Default: {} apps.lazylibrarian.replicas: Number of replicas for LazyLibrarian. Default: 1 apps.lazylibrarian.image: Docker image for LazyLibrarian. Default: linuxserver/lazylibrarian apps.lazylibrarian.port: Port for LazyLibrarian service. Default: 5299 apps.lazylibrarian.resources: Resource limits for LazyLibrarian. Default: {} apps.lazylibrarian.serviceType: Service type for LazyLibrarian. Default: ClusterIP apps.mylar.name: Name of the Mylar application. Default: mylar apps.mylar.enable: Enable Mylar. Default: True apps.mylar.ingress.enable: Enable ingress for Mylar. Default: True apps.mylar.ingress.host: Hostname for Mylar ingress. Default: mylar.local apps.mylar.ingress.path: Path for Mylar ingress. Default: / apps.mylar.labels: Labels for Mylar deployment. Default: {} apps.mylar.replicas: Number of replicas for Mylar. Default: 1 apps.mylar.image: Docker image for Mylar. Default: linuxserver/mylar apps.mylar.port: Port for Mylar service. Default: 8090 apps.mylar.resources: Resource limits for Mylar. Default: {} apps.mylar.serviceType: Service type for Mylar. Default: ClusterIP apps.ombi.name: Name of the Ombi application. Default: ombi apps.ombi.enable: Enable Ombi. Default: True apps.ombi.ingress.enable: Enable ingress for Ombi. Default: True apps.ombi.ingress.host: Hostname for Ombi ingress. Default: ombi.local apps.ombi.ingress.path: Path for Ombi ingress. Default: / apps.ombi.labels: Labels for Ombi deployment. Default: {} apps.ombi.replicas: Number of replicas for Ombi. Default: 1 apps.ombi.image: Docker image for Ombi. Default: linuxserver/ombi apps.ombi.port: Port for Ombi service. Default: 3579 apps.ombi.resources: Resource limits for Ombi. Default: {} apps.ombi.serviceType: Service type for Ombi. Default: ClusterIP apps.headphones.name: Name of the Headphones application. Default: headphones apps.headphones.enable: Enable Headphones. Default: True apps.headphones.ingress.enable: Enable ingress for Headphones. Default: True apps.headphones.ingress.host: Hostname for Headphones ingress. Default: headphones.local apps.headphones.ingress.path: Path for Headphones ingress. Default: / apps.headphones.labels: Labels for Headphones deployment. Default: {} apps.headphones.replicas: Number of replicas for Headphones. Default: 1 apps.headphones.image: Docker image for Headphones. Default: linuxserver/headphones apps.headphones.port: Port for Headphones service. Default: 8181 apps.headphones.resources: Resource limits for Headphones. Default: {} apps.headphones.serviceType: Service type for Headphones. Default: ClusterIP apps.radarr.name: Name of the Radarr application. Default: radarr apps.radarr.enable: Enable Radarr. Default: True apps.radarr.ingress.enable: Enable ingress for Radarr. Default: True apps.radarr.ingress.host: Hostname for Radarr ingress. Default: radarr.local apps.radarr.ingress.path: Path for Radarr ingress. Default: / apps.radarr.labels: Labels for Radarr deployment. Default: {} apps.radarr.replicas: Number of replicas for Radarr. Default: 1 apps.radarr.image: Docker image for Radarr. Default: linuxserver/radarr apps.radarr.port: Port for Radarr service. Default: 7878 apps.radarr.resources: Resource limits for Radarr. Default: {} apps.radarr.serviceType: Service type for Radarr. Default: ClusterIP apps.sonarr.name: Name of the Sonarr application. Default: sonarr apps.sonarr.enable: Enable Sonarr. Default: True apps.sonarr.ingress.enable: Enable ingress for Sonarr. Default: True apps.sonarr.ingress.host: Hostname for Sonarr ingress. Default: sonarr.local apps.sonarr.ingress.path: Path for Sonarr ingress. Default: / apps.sonarr.labels: Labels for Sonarr deployment. Default: {} ``` -------------------------------- ### Deploy Wash-Hands Helm Chart Source: https://github.com/geek-cookbook/premix/blob/main/wash-hands/README.md Deploys or upgrades the 'wash-hands' Helm chart in the 'wash-hands' namespace. ```bash helm upgrade --install -n wash-hands wash-hands wash-hands/helm-chart/wash-hands ``` -------------------------------- ### Traefik Configuration with Traefik.toml Source: https://github.com/geek-cookbook/premix/blob/main/traefikv2/README-traefik-with-non-swarm-backends.txt This snippet shows how to configure Traefik using the Traefik.toml file to route requests for 'ipp.example.com' to an internal service at 'http://192.168.1.4:4679'. It enables file watching and defines a frontend rule and backend server. ```toml [file] watch=true [frontends] [frontends.ipp] backend = "ipp" pastHostHeader = true [frontends.ipp.routes.1] rule = "Host:ipp.example.com" [backends] [backends.ipp] [backends.ipp.servers.ipp1] url = "http://192.168.1.4:4679" #local address of the service ``` -------------------------------- ### Traefik Configuration with Traefik.toml Source: https://github.com/geek-cookbook/premix/blob/main/traefikv1/README-traefik-with-non-swarm-backends.txt This snippet shows how to configure Traefik using the Traefik.toml file to route requests for 'ipp.example.com' to an internal service at 'http://192.168.1.4:4679'. It enables file watching and defines a frontend rule and backend server. ```toml [file] watch=true [frontends] [frontends.ipp] backend = "ipp" pastHostHeader = true [frontends.ipp.routes.1] rule = "Host:ipp.example.com" [backends] [backends.ipp] [backends.ipp.servers.ipp1] url = "http://192.168.1.4:4679" #local address of the service ``` -------------------------------- ### Traefik Configuration with Traefik.toml Source: https://github.com/geek-cookbook/premix/blob/main/traefik/README-traefik-with-non-swarm-backends.txt This snippet shows how to configure Traefik using the Traefik.toml file to route requests for 'ipp.example.com' to an internal service at 'http://192.168.1.4:4679'. It enables file watching and defines a frontend rule and backend server. ```toml [file] watch=true [frontends] [frontends.ipp] backend = "ipp" pastHostHeader = true [frontends.ipp.routes.1] rule = "Host:ipp.example.com" [backends] [backends.ipp] [backends.ipp.servers.ipp1] url = "http://192.168.1.4:4679" #local address of the service ``` -------------------------------- ### Create Persistent Volume Claims Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Sets up persistent storage for the various components of the mining pool, including the daemon, pool, Redis, and wallet. ```bash kubectl create -f daemon-persistent-volumeclaim.yml kubectl create -f pool-persistent-volumeclaim.yml kubectl create -f redis-persistent-volumeclaim.yml kubectl create -f wallet-persistent-volumeclaim.yml ``` -------------------------------- ### Create Ingress for Pool and API Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Configures Traefik ingress to route external traffic to the pool's web interface and API endpoints based on specified hostnames. ```bash kubectl create -f pool-ingress.yml ``` -------------------------------- ### Ansible Playbook Execution Source: https://github.com/geek-cookbook/premix/blob/main/ansible/README.md Executes the main deployment playbook using Ansible. It specifies the inventory file ('hosts') for target machines and the playbook file ('deploy.yml'). ```ansible ansible-playbook -i hosts deploy.yml ``` -------------------------------- ### Ansible Playbook for Destruction Source: https://github.com/geek-cookbook/premix/blob/main/ansible/README.md Executes a playbook designed to carefully destroy provisioned VMs and associated data. Use with caution as this action is irreversible. ```ansible ansible-playbook -i hosts carefully_destroy.yml ``` -------------------------------- ### Verify Kubernetes Resources Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Checks the status of deployed pods, services, and ingresses within the 'trtl' namespace to ensure the mining pool is running correctly. ```bash # Check pods kubectl get pods -n trtl # Check services kubectl get services -n trtl # Check ingress kubectl get ingress -n trtl ``` -------------------------------- ### Twitter OAuth Configuration Source: https://github.com/geek-cookbook/premix/blob/main/charts/huginn/README.MD Configuration keys for setting up Twitter OAuth authentication. These include the consumer key and secret required for API access. ```APIDOC twitter.oauth.key: description: Twitter OAuth2 Secret default: null twitter.oauth.secret: description: Twitter OAuth2 Secret default: null ``` -------------------------------- ### NZBHydra Application Configuration Source: https://github.com/geek-cookbook/premix/blob/main/charts/autopirate/README.MD Configuration for the NZBHydra application, detailing its name, enable status, ingress configuration (host and path), labels, replica count, container image, port, resource settings, and service type. ```yaml apps.nzbhydra.name: "nzbhydra" apps.nzbhydra.enable: "True" apps.nzbhydra.ingress.enable: "True" apps.nzbhydra.ingress.host: "nzbhydra.local" apps.nzbhydra.ingress.path: "/" apps.nzbhydra.labels: "{}" apps.nzbhydra.replicas: "1" apps.nzbhydra.image: "linuxserver/hydra" apps.nzbhydra.port: "5075" apps.nzbhydra.resources: "{}" apps.nzbhydra.serviceType: "ClusterIP" ``` -------------------------------- ### Create NodePort Services Source: https://github.com/geek-cookbook/premix/blob/main/turtle-pool/kubernetes/README.md Exposes the pool's mining ports (3333, 5555, 7777) externally using NodePort services, allowing miners to connect to the pool. ```bash kubectl create -f pool-service-nodeport.yml ``` -------------------------------- ### OAuth2 Proxy Configuration for Traefik Source: https://github.com/geek-cookbook/premix/blob/main/traefik/README-traefik-with-non-swarm-backends.txt This YAML configuration defines a Docker Swarm stack for an OAuth2 proxy. It uses the 'funkypenguin/oauth2_proxy' image and configures it to authenticate users before forwarding requests to an upstream service. Traefik labels are used to route 'ipp.example.com' to the proxy on port 4180. ```yaml version: "3.2" services: proxy: image: funkypenguin/oauth2_proxy env_file: /var/data/config/ipp/ipp.env networks: - traefik_public volumes: - /etc/localtime:/etc/localtime:ro deploy: labels: - traefik.frontend.rule=Host:ipp.example.com - traefik.docker.network=traefik_public - traefik.port=4180 volumes: - /var/data/config/eaton-ipp/authenticated-emails.txt:/authenticated-emails.txt command: | -cookie-secure=false -upstream=http://192.168.1.4:4679 -redirect-url=https://ipp.example.com -http-address=http://0.0.0.0:4180 -email-domain=gmail.com -provider=github -authenticated-emails-file=/authenticated-emails.txt networks: traefik_public: external: true ``` -------------------------------- ### Lidarr Application Configuration Source: https://github.com/geek-cookbook/premix/blob/main/charts/autopirate/README.MD Configuration for the Lidarr application, including its name, enable status, ingress settings (host and path), labels, replica count, container image, port, resource allocation, and service type. ```yaml apps.lidarr.name: "lidarr" apps.lidarr.enable: "True" apps.lidarr.ingress.enable: "True" apps.lidarr.ingress.host: "lidarr.local" apps.lidarr.ingress.path: "/" apps.lidarr.labels: "{}" apps.lidarr.replicas: "1" apps.lidarr.image: "linuxserver/lidarr" apps.lidarr.port: "8686" apps.lidarr.resources: "{}" apps.lidarr.serviceType: "ClusterIP" ``` -------------------------------- ### OAuth2 Proxy Configuration for Traefik Source: https://github.com/geek-cookbook/premix/blob/main/traefikv1/README-traefik-with-non-swarm-backends.txt This YAML configuration defines a Docker Swarm stack for an OAuth2 proxy. It uses the 'funkypenguin/oauth2_proxy' image and configures it to authenticate users before forwarding requests to an upstream service. Traefik labels are used to route 'ipp.example.com' to the proxy on port 4180. ```yaml version: "3.2" services: proxy: image: funkypenguin/oauth2_proxy env_file: /var/data/config/ipp/ipp.env networks: - traefik_public volumes: - /etc/localtime:/etc/localtime:ro deploy: labels: - traefik.frontend.rule=Host:ipp.example.com - traefik.docker.network=traefik_public - traefik.port=4180 volumes: - /var/data/config/eaton-ipp/authenticated-emails.txt:/authenticated-emails.txt command: | -cookie-secure=false -upstream=http://192.168.1.4:4679 -redirect-url=https://ipp.example.com -http-address=http://0.0.0.0:4180 -email-domain=gmail.com -provider=github -authenticated-emails-file=/authenticated-emails.txt networks: traefik_public: external: true ``` -------------------------------- ### OAuth2 Proxy Configuration for Traefik Source: https://github.com/geek-cookbook/premix/blob/main/traefikv2/README-traefik-with-non-swarm-backends.txt This YAML configuration defines a Docker Swarm stack for an OAuth2 proxy. It uses the 'funkypenguin/oauth2_proxy' image and configures it to authenticate users before forwarding requests to an upstream service. Traefik labels are used to route 'ipp.example.com' to the proxy on port 4180. ```yaml version: "3.2" services: proxy: image: funkypenguin/oauth2_proxy env_file: /var/data/config/ipp/ipp.env networks: - traefik_public volumes: - /etc/localtime:/etc/localtime:ro deploy: labels: - traefik.frontend.rule=Host:ipp.example.com - traefik.docker.network=traefik_public - traefik.port=4180 volumes: - /var/data/config/eaton-ipp/authenticated-emails.txt:/authenticated-emails.txt command: | -cookie-secure=false -upstream=http://192.168.1.4:4679 -redirect-url=https://ipp.example.com -http-address=http://0.0.0.0:4180 -email-domain=gmail.com -provider=github -authenticated-emails-file=/authenticated-emails.txt networks: traefik_public: external: true ``` -------------------------------- ### Ansible Vault Password File Creation Source: https://github.com/geek-cookbook/premix/blob/main/ansible/README.md Creates a file containing the Ansible Vault password, intended to be stored securely outside the repository. This file is used to encrypt and decrypt sensitive variables. ```bash echo mysecretpassword > ~/.ansible/vault-password-geek-cookbook-premix ``` -------------------------------- ### Ansible Vault Encrypted File Creation Source: https://github.com/geek-cookbook/premix/blob/main/ansible/README.md Creates an encrypted Ansible Vault file named 'vars/vault.yml' using a specified vault ID. This file will store sensitive variables like Proxmox host passwords. ```ansible ansible-vault create --encrypt-vault-id geek-cookbook-premix vars/vault.yml ``` -------------------------------- ### Deploying Docker Swarm Stack Source: https://github.com/geek-cookbook/premix/blob/main/traefik/README-traefik-with-non-swarm-backends.txt This command deploys a Docker Swarm stack using a specified YAML configuration file. It's used here to deploy the OAuth2 proxy service configured in the previous snippet. ```bash docker stack deploy ipp -c /var/data/config/ipp.yml ``` -------------------------------- ### Sonarr Application Configuration Source: https://github.com/geek-cookbook/premix/blob/main/charts/autopirate/README.MD Configuration for the Sonarr application, specifying its deployment details like replicas, container image, exposed port, resource limits, and service type. ```yaml apps.sonarr.replicas: "1" apps.sonarr.image: "linuxserver/sonarr" apps.sonarr.port: "8989" apps.sonarr.resources: "{}" apps.sonarr.serviceType: "ClusterIP" ``` -------------------------------- ### Deploying Docker Swarm Stack Source: https://github.com/geek-cookbook/premix/blob/main/traefikv2/README-traefik-with-non-swarm-backends.txt This command deploys a Docker Swarm stack using a specified YAML configuration file. It's used here to deploy the OAuth2 proxy service configured in the previous snippet. ```bash docker stack deploy ipp -c /var/data/config/ipp.yml ``` -------------------------------- ### Deploying Docker Swarm Stack Source: https://github.com/geek-cookbook/premix/blob/main/traefikv1/README-traefik-with-non-swarm-backends.txt This command deploys a Docker Swarm stack using a specified YAML configuration file. It's used here to deploy the OAuth2 proxy service configured in the previous snippet. ```bash docker stack deploy ipp -c /var/data/config/ipp.yml ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.