vps/pyenv.yml

domain: viyurz.fr
timezone: "Europe/Paris"

<%!
  import os, subprocess

  uid = os.getuid()
  rootless = os.path.exists(f"/run/user/{uid}/podman/podman.sock")
%>
% if rootless:
rootless: true
podman_uid: ${uid}
uid_shift: ${int(subprocess.run(['sh', '-c', "grep " + os.getlogin() + " /etc/subuid | cut -d ':' -f 2"], capture_output=True, text=True).stdout.strip()) - 1}
socket: "/run/user/${uid}/podman/podman.sock"
% else:
rootless: false
podman_uid: 0
uid_shift: 0
socket: "/run/podman/podman.sock"
% endif


# cifs_credentials is undefined when we run the backup playbook
# as a cronjob, so set empty default value to prevent errors,
# which is fine because we don't use it.
cifs_host: "{{ cifs_credentials['username'] | default('') }}.your-storagebox.de"

cifs_mounts:
  backups:
    src: "//{{ cifs_host }}/backup/backups"
    path: /mnt/storagebox/backups 
    uid: 0
    gid: "{{ host_uid }}"
    file_mode: 640
    dir_mode: 750
  fireshare:
    src: "//{{ cifs_host }}/backup/fireshare"
    path: /mnt/storagebox/fireshare
    uid: "{{ users['fireshare'] + uid_shift }}"
    gid: "{{ users['fireshare'] + uid_shift }}"
    file_mode: 644
    dir_mode: 755
  storagebox:
    src: "//{{ cifs_host }}/backup"
    path: /mnt/storagebox
    uid: 0
    gid: 0
    file_mode: 640
    dir_mode: 751
  syncthing:
    src: "//{{ cifs_host }}/backup/syncthing"
    path: /mnt/storagebox/syncthing
    uid: "{{ users['syncthing'] + uid_shift }}"
    gid: "{{ users['syncthing'] + uid_shift }}"
    file_mode: 640
    dir_mode: 750


borg_repodir: "{env['cifs_mounts']['backups']['path']}/borg"
borg_passphrase_file: /etc/borg-passphrase.txt


certs:
  coturn:
    cert: "/etc/letsencrypt/live/turn.viyurz.fr/fullchain.pem"
    pkey: "/etc/letsencrypt/live/turn.viyurz.fr/privkey.pem"
  mailserver:
    cert: "/etc/letsencrypt/live/mail.viyurz.fr/fullchain.pem"
    pkey: "/etc/letsencrypt/live/mail.viyurz.fr/privkey.pem"


networks_attr: |
  networks:
    default:
      enable_ipv6: true


# Ports exposed to host
ports:
  coturn_listening: 3478
  coturn_tls_listening: 5349
  coturn_relay_min: 49152
  coturn_relay_max: 49172
  element: 8084
  etebase: 3735
  fireshare: 8085
  hedgedoc: 8086
  homepage: 8686
  keycloak: 8444
  mailserver_smtp: 1025
  mailserver_smtps: 1465
  mailserver_imaps: 1993
  mailserver_https: 1443
  postgres: 5432
  searxng: 8083
  stump: 10801
  synapse: 8008
  syncthing_discosrv: 8443
  # Public port, forwarded to 22067 by nftables
  syncthing_relaysrv: 143
  syncthing_webui: 8384
  syncthing_tcp: 18880
  syncthing_udp: 22000
  uptime_kuma: 3001
  vaultwarden: 8081


# UID in containers
users:
  coturn: 666
  diun: 1011
  etebase: 373
  fireshare: 1007
  hedgedoc: 1004
  homepage: 8686
  keycloak: 1000
  mailserver: 8
  postgres: 70
  searxng: 977
  searxng_valkey: 999
  stump: 1005
  synapse: 991
  syncthing: 1001
  syncthing_discosrv: 1002
  syncthing_relaysrv: 1003
  uptime_kuma: 1006
  vaultwarden: 1010


volumes:
  etebase_datadir: /mnt/etebasedata
  fireshare_datadir: /mnt/firesharedata
  fireshare_processeddir: /mnt/storagebox/fireshare/processed
  fireshare_videosdir: /mnt/storagebox/fireshare/videos
  hedgedoc_uploadsdir: /mnt/hedgedocuploads
  mailserver_datadir: /mnt/mailserver
  postgres_datadir: /mnt/postgresdata
  stump_configdir: /mnt/stump/config
  stump_datadir: /mnt/stump/data
  synapse_datadir: /mnt/synapsedata
  syncthing_datadir: "{env['cifs_mounts']['syncthing']['path']}"
  uptime_kuma_datadir: /mnt/uptimekumadata
  vaultwarden_datadir: /mnt/vwdata
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`domain: viyurz.fr`
			`timezone: "Europe/Paris"`

E (add rootful podman) 2024-10-07 11:37:52 +02:00			`<%!`
			`import os, subprocess`

			`uid = os.getuid()`
			`rootless = os.path.exists(f"/run/user/{uid}/podman/podman.sock")`
			`%>`
			`% if rootless:`
			`rootless: true`
			`podman_uid: ${uid}`
			`uid_shift: ${int(subprocess.run(['sh', '-c', "grep " + os.getlogin() + " /etc/subuid \| cut -d ':' -f 2"], capture_output=True, text=True).stdout.strip()) - 1}`
			`socket: "/run/user/${uid}/podman/podman.sock"`
			`% else:`
			`rootless: false`
			`podman_uid: 0`
			`uid_shift: 0`
			`socket: "/run/podman/podman.sock"`
			`% endif`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00

			`# cifs_credentials is undefined when we run the backup playbook`
			`# as a cronjob, so set empty default value to prevent errors,`
			`# which is fine because we don't use it.`
			`cifs_host: "{{ cifs_credentials['username'] \| default('') }}.your-storagebox.de"`

			`cifs_mounts:`
			`backups:`
			`src: "//{{ cifs_host }}/backup/backups"`
			`path: /mnt/storagebox/backups`
			`uid: 0`
			`gid: "{{ host_uid }}"`
			`file_mode: 640`
			`dir_mode: 750`
			`fireshare:`
			`src: "//{{ cifs_host }}/backup/fireshare"`
			`path: /mnt/storagebox/fireshare`
			`uid: "{{ users['fireshare'] + uid_shift }}"`
			`gid: "{{ users['fireshare'] + uid_shift }}"`
			`file_mode: 644`
			`dir_mode: 755`
			`storagebox:`
			`src: "//{{ cifs_host }}/backup"`
			`path: /mnt/storagebox`
			`uid: 0`
			`gid: 0`
			`file_mode: 640`
			`dir_mode: 751`
			`syncthing:`
			`src: "//{{ cifs_host }}/backup/syncthing"`
			`path: /mnt/storagebox/syncthing`
			`uid: "{{ users['syncthing'] + uid_shift }}"`
			`gid: "{{ users['syncthing'] + uid_shift }}"`
			`file_mode: 640`
			`dir_mode: 750`


E (add rootful podman) 2024-10-07 11:37:52 +02:00			`borg_repodir: "{env['cifs_mounts']['backups']['path']}/borg"`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`borg_passphrase_file: /etc/borg-passphrase.txt`


			`certs:`
			`coturn:`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`cert: "/etc/letsencrypt/live/turn.viyurz.fr/fullchain.pem"`
			`pkey: "/etc/letsencrypt/live/turn.viyurz.fr/privkey.pem"`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`mailserver:`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`cert: "/etc/letsencrypt/live/mail.viyurz.fr/fullchain.pem"`
			`pkey: "/etc/letsencrypt/live/mail.viyurz.fr/privkey.pem"`


			`networks_attr: \|`
			`networks:`
			`default:`
			`enable_ipv6: true`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00

			`# Ports exposed to host`
			`ports:`
			`coturn_listening: 3478`
			`coturn_tls_listening: 5349`
			`coturn_relay_min: 49152`
			`coturn_relay_max: 49172`
			`element: 8084`
			`etebase: 3735`
			`fireshare: 8085`
			`hedgedoc: 8086`
			`homepage: 8686`
			`keycloak: 8444`
			`mailserver_smtp: 1025`
			`mailserver_smtps: 1465`
			`mailserver_imaps: 1993`
			`mailserver_https: 1443`
			`postgres: 5432`
			`searxng: 8083`
			`stump: 10801`
			`synapse: 8008`
			`syncthing_discosrv: 8443`
			`# Public port, forwarded to 22067 by nftables`
			`syncthing_relaysrv: 143`
			`syncthing_webui: 8384`
			`syncthing_tcp: 18880`
			`syncthing_udp: 22000`
			`uptime_kuma: 3001`
			`vaultwarden: 8081`


			`# UID in containers`
			`users:`
			`coturn: 666`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`diun: 1011`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`etebase: 373`
			`fireshare: 1007`
			`hedgedoc: 1004`
			`homepage: 8686`
			`keycloak: 1000`
			`mailserver: 8`
			`postgres: 70`
			`searxng: 977`
			`searxng_valkey: 999`
			`stump: 1005`
			`synapse: 991`
			`syncthing: 1001`
			`syncthing_discosrv: 1002`
			`syncthing_relaysrv: 1003`
			`uptime_kuma: 1006`
			`vaultwarden: 1010`


			`volumes:`
			`etebase_datadir: /mnt/etebasedata`
			`fireshare_datadir: /mnt/firesharedata`
			`fireshare_processeddir: /mnt/storagebox/fireshare/processed`
			`fireshare_videosdir: /mnt/storagebox/fireshare/videos`
			`hedgedoc_uploadsdir: /mnt/hedgedocuploads`
			`mailserver_datadir: /mnt/mailserver`
			`postgres_datadir: /mnt/postgresdata`
			`stump_configdir: /mnt/stump/config`
			`stump_datadir: /mnt/stump/data`
			`synapse_datadir: /mnt/synapsedata`
E (add rootful podman) 2024-10-07 11:37:52 +02:00			`syncthing_datadir: "{env['cifs_mounts']['syncthing']['path']}"`
Migration to Podman & Python script, start 2024-10-01 09:52:42 +02:00			`uptime_kuma_datadir: /mnt/uptimekumadata`
			`vaultwarden_datadir: /mnt/vwdata`