intern/docker_esphome/templates/docker-compose.yml

-version: "3"
-
 services:
 
   app:
 
-    image: esphome/esphome:2022.10
+    image: esphome/esphome:latest
     restart: always
     volumes:
       - "{{ basedir }}/config/:/config"

intern/docker_esphome/templates/includes/board.esp32dev.inc.yaml

+
+esphome:
+  name: "{{ devicename }}"
+  friendly_name: "{{ devicename }}"
+
+esp32:
+  board: esp32dev
+  framework:
+    type: arduino

intern/docker_esphome/templates/includes/board.esp8266.inc.yaml

+
+esphome:
+  name: "{{ devicename }}"
+  platform: ESP8266

intern/docker_esphome/templates/includes/common.inc.yaml

@@ -14,6 +14,7 @@ captive_portal:
 
 # Enable OTA
 ota:
+  - platform: esphome
 
 # Enable logging
 logger:
@@ -25,8 +26,8 @@ logger:
 web_server:
 #  local: true
 
-# Activates prometheus /metrics endpoint
-prometheus:
+# Activates api for home assistant
+api:
 
 # MQTT config 
 mqtt:

intern/docker_esphome/templates/includes/common_info.inc.yaml

@@ -27,8 +27,8 @@ logger:
 web_server:
 #  local: true
 
-# Activates prometheus /metrics endpoint
-prometheus:
+# Activates api for home assistant
+api:
 
 # MQTT config 
 mqtt:

intern/docker_fridgeserver/tasks/main.yml

+---
+
+- name: "create folder struct for {{ servicename }}"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: "directory"
+    recurse: yes
+    owner: 33
+    group: 33
+  with_items:
+    - "{{ basedir }}/audio_files/"
+
+- name: copy config files for {{ servicename }}
+  ansible.builtin.template:
+    src: "{{ item }}" 
+    dest: "{{ basedir }}/{{ item }}"
+    mode: '0755'
+  with_items:
+    - docker-compose.yml
+  register: config_files
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config_files.changed 
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present

intern/docker_fridgeserver/templates/docker-compose.yml

+---
+
+services:
+
+  app:
+    image: gitlab-registry.warpzone.ms/nandxor/fridge-audioserver:latest 
+    restart: always
+    environment:
+      PDIG: 1001
+      PUDI: 1001
+    volumes:
+      - "{{ basedir }}/audio_files:/var/www/html/audio"
+    ports:
+      - "5000:80"
+    labels:
+      - traefik.enable=false
+    networks:
+      - default
+      - web
+
+networks:
+  web:
+    external: true
+
+volumes:
+  audio_files:

intern/docker_fridgeserver/templates/htaccess

+<Files *.php>
+deny from all

intern/docker_grafana/tasks/main.yml

+
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+    - { path: "{{ basedir }}/grafana_secret_key", length: 32 }
+    - { path: "{{ basedir }}/grafana_admin_pass", length: 12 }
+    - { path: "/srv/mqtt/influxdb_token", length: -1 }
+
+- name: "create folder struct for {{ servicename }} 1"
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}"
+
+- name: "create folder struct for {{ servicename }} 2"
+  file:
+    path: "{{ item }}"
+    state: "directory"
+    owner: 472
+    group: 0
+  with_items:
+    - "{{ basedir }}/data/"   
+    - "{{ basedir }}/provisioning/"
+    - "{{ basedir }}/provisioning/dashboards/"
+    - "{{ basedir }}/provisioning/dashboards/pixelflut/"
+    - "{{ basedir }}/provisioning/datasources/"
+
+- name: "create config files for {{ servicename }}"
+  template: 
+    src: "{{ item }}" 
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - grafana.ini
+    - provisioning/dashboards/dashboards.yml
+    - provisioning/dashboards/pixelflut/breakwater.json
+    - provisioning/datasources/datasources.yml
+  register: config_files
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config_files.changed 
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present

intern/docker_grafana/templates/docker-compose.yml

+services:
+
+  app:
+
+    image: grafana/grafana:latest
+    restart: always
+    volumes:
+      - "{{ basedir }}/grafana.ini:/etc/grafana/grafana.ini"
+      - "{{ basedir }}/provisioning/:/etc/grafana/provisioning/"
+      - "{{ basedir }}/data/:/var/lib/grafana"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
+    networks:
+        - default
+        - web
+
+networks:
+  web:
+    external: true

intern/docker_grafana/templates/grafana.ini

+##################### Grafana Configuration ##################################
+#
+# Everything has defaults so you only need to uncomment things you want to
+# change
+
+# possible values : production, development
+app_mode = production
+
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+instance_name = {{ inventory_hostname }}
+
+#
+#################################### Server ####################################
+[server]
+# Protocol (http, https, socket)
+protocol = http
+
+# The ip address to bind to, empty will bind to all interfaces
+;http_addr =
+
+# The http port  to use
+http_port = 3000
+
+# The public facing domain name used to access grafana from a browser
+domain = {{ domain }}
+
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+;enforce_domain = false
+
+# The full public facing url you use in browser, used for redirects and emails
+# If you use reverse proxy and sub path specify full url (with sub path)
+root_url = https://{{ domain }}
+
+# Log web requests
+;router_logging = false
+
+# the path relative working path
+;static_root_path = public
+
+# enable gzip
+;enable_gzip = false
+
+# https certs & key file
+;cert_file =
+;cert_key =
+
+# Unix socket path
+;socket =
+
+
+#################################### Security ####################################
+[security]
+
+# disable creation of admin user on first start of grafana
+disable_initial_admin_creation = false
+
+# default admin user, created on startup
+admin_user = admin
+
+# default admin password, can be changed before first start of grafana,  or in profile settings
+admin_password = {{ grafana_admin_pass }}
+
+# default admin email, created on startup
+admin_email = admin@localhost
+
+# used for signing
+secret_key = {{ grafana_secret_key }}
+
+# Auto-login remember days
+;login_remember_days = 7
+;cookie_username = grafana_user 
+;cookie_remember_name = grafana_remember
+
+# Set to true if you host Grafana behind HTTPS. Default is false.
+cookie_secure = true
+
+# Sets the SameSite cookie attribute and prevents the browser from sending this 
+# cookie along with cross-site requests. The main goal is mitigate the risk of 
+# cross-origin information leakage. It also provides some protection against cross-site 
+# request forgery attacks (CSRF), read more here. Valid values are lax, strict and none. 
+# Default is lax.
+cookie_samesite = none
+
+# disable gravatar profile images
+;disable_gravatar = false
+
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+;data_source_proxy_whitelist =
+
+# Allow Embedding 
+allow_embedding = true 
+
+[snapshots]
+# snapshot sharing options
+;external_enabled = true
+;external_snapshot_url = https://snapshots-origin.raintank.io
+;external_snapshot_name = Publish to snapshot.raintank.io
+
+# remove expired snapshot
+;snapshot_remove_expired = true
+
+# remove snapshots after 90 days
+;snapshot_TTL_days = 90
+
+#################################### Users ####################################
+[users]
+# disable user signup / registration
+allow_sign_up = false
+
+# Allow non admin users to create organizations
+allow_org_create = false
+
+# Set to true to automatically assign new users to the default organization (id 1)
+auto_assign_org = true
+
+# Default role new users will be automatically assigned (if disabled above is set to true)
+auto_assign_org_role = Viewer
+
+# Background text for the user field on the login page
+login_hint = Fallback account
+
+# Default UI theme ("dark" or "light")
+default_theme = dark
+
+[auth]
+# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
+;disable_login_form = false
+disable_login_form = false
+
+# Auto Login via OAuth 
+# oauth_auto_login = true
+
+# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
+;disable_signout_menu = false
+
+# Use email lookup in addition to the unique ID provided by the IdP
+oauth_allow_insecure_email_lookup = false
+
+#################################### Anonymous Auth ##########################
+[auth.anonymous]
+# enable anonymous access
+enabled = true
+
+# specify organization name that should be used for unauthenticated users
+org_name = Main Org.
+
+#################################### SMTP / Emailing #####################
+[smtp]
+enabled = false
+;host = localhost:25
+;user =
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+;password =
+;cert_file =
+;key_file =
+;skip_verify = false
+;from_address = admin@grafana.localhost
+;from_name = Grafana
+;ehlo_identity =
+;startTLS_policy =
+;enable_tracing = false
+
+#################################### Logging ##########################
+[log]
+
+# Either "debug", "info", "warn", "error", "critical", default is "info"
+level = debug
+
+#################################### Unified Alerting ####################
+[unified_alerting]
+# Enable the Alerting sub-system and interface.
+enabled = false
+
+# Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled.
+disabled_orgs =
+
+# Specify the frequency of polling for admin config changes.
+# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
+admin_config_poll_interval = 60s
+
+# Specify the frequency of polling for Alertmanager config changes.
+# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
+alertmanager_config_poll_interval = 60s
+
+
+# Enable or disable alerting rule execution. The alerting UI remains visible.
+execute_alerts = true
+
+# Alert evaluation timeout when fetching data from the datasource.
+# The timeout string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
+evaluation_timeout = 30s
+
+# Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. The default value is 1.
+max_attempts = 1
+
+# Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time.
+# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
+min_interval = 10s
+
+# This is an experimental option to add parallelization to saving alert states in the database.
+# It configures the maximum number of concurrent queries per rule evaluated. The default value is 1
+# (concurrent queries per rule disabled).
+max_state_save_concurrency = 1
+
+# If the feature flag 'alertingSaveStatePeriodic' is enabled, this is the interval that is used to persist the alerting instances to the database.
+# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
+state_periodic_save_interval = 5m
+
+# Disables the smoothing of alert evaluations across their evaluation window.
+# Rules will evaluate in sync.
+disable_jitter = false
+
+# Retention period for Alertmanager notification log entries.
+notification_log_retention = 5d
+
+# Duration for which a resolved alert state transition will continue to be sent to the Alertmanager.
+resolved_alert_retention = 15m
+
+[unified_alerting.screenshots]
+# Enable screenshots in notifications. You must have either installed the Grafana image rendering
+# plugin, or set up Grafana to use a remote rendering service.
+# For more information on configuration options, refer to [rendering].
+capture = false
+
+# The timeout for capturing screenshots. If a screenshot cannot be captured within the timeout then
+# the notification is sent without a screenshot. The maximum duration is 30 seconds. This timeout
+# should be less than the minimum Interval of all Evaluation Groups to avoid back pressure on alert
+# rule evaluation.
+capture_timeout = 10s
+
+# The maximum number of screenshots that can be taken at the same time. This option is different from
+# concurrent_render_request_limit as max_concurrent_screenshots sets the number of concurrent screenshots
+# that can be taken at the same time for all firing alerts where as concurrent_render_request_limit sets
+# the total number of concurrent screenshots across all Grafana services.
+max_concurrent_screenshots = 5
+
+# Uploads screenshots to the local Grafana server or remote storage such as Azure, S3 and GCS. Please
+# see [external_image_storage] for further configuration options. If this option is false then
+# screenshots will be persisted to disk for up to temp_data_lifetime.
+upload_external_image_storage = false

intern/docker_grafana/templates/provisioning/dashboards/dashboards.yml

+apiVersion: 1
+
+providers:
+  # <string> an unique provider name
+- name: 'Pixelflut'
+  # <int> org id. will default to orgId 1 if not specified
+  # orgId: 1
+  # <string, required> name of the dashboard folder. Required
+  folder: 'Pixelflut'
+  # <string> folder UID. will be automatically generated if not specified
+  # folderUid: ''
+  # <string, required> provider type. Required
+  type: file
+  # <bool> disable dashboard deletion
+  # disableDeletion: false
+  # <bool> enable dashboard editing
+  editable: true
+  # <int> how often Grafana will scan for changed dashboards
+  updateIntervalSeconds: 10
+  # <bool> allow updating provisioned dashboards from the UI
+  allowUiUpdates: true
+  options:
+    # <string, required> path to dashboard files on disk. Required
+    path: /etc/grafana/provisioning/dashboards/pixelflut
+

intern/docker_grafana/templates/provisioning/datasources/datasources.yml

+
+apiVersion: 1
+
+datasources:
+
+  - name: MQTT_Flux
+    type: influxdb
+    access: proxy
+    url: http://{{ int_ip4 }}:{{ mqtt_influxdb_port }}
+    jsonData:
+      version: Flux
+      organization: mqtt
+      defaultBucket: mqtt
+      tlsSkipVerify: true
+    secureJsonData:
+      token: {{ influxdb_token }}
+
+  - name: MQTT_InfluxQL
+    type: influxdb
+    access: proxy
+    url: http://{{ int_ip4 }}:{{ mqtt_influxdb_port }}
+    # This database should be mapped to a bucket
+    database: mqtt
+    jsonData:
+      httpMode: GET
+      httpHeaderName1: 'Authorization'
+    secureJsonData:
+      httpHeaderValue1: 'Token {{ influxdb_token }}'
+
+{% if inventory_hostname == 'hix' %}
+
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://{{ int_ip4 }}:9090
+
+{% endif %}
+
+{% if inventory_hostname == 'ogg' %}
+
+  - name: Pixelflut
+    type: prometheus
+    access: proxy
+    url: http://pixelflut.warpzone.lan:9090
+    uuid: P0FAC05DE14135586
+
+{% endif %}

intern/docker_heimdall/tasks/main.yml

 ---
-- name: create folder struct for {{ servicename }}
+
+- name: "create folder struct for {{ servicename }}"
   ansible.builtin.file:
     path: "{{ item }}"
     state: "directory"
@@ -7,15 +8,22 @@
   with_items:
     - "{{ basedir }}/config"
 
-- name: copy config files for {{ servicename }}
+- name: "copy config files for {{ servicename }}"
   ansible.builtin.template:
     src: "{{ item }}" 
     dest: "{{ basedir }}/{{ item }}"
     mode: '0755'
   with_items:
     - docker-compose.yml
+  register: config_files
 
-- name: start {{ servicename }}
-  community.docker.docker_compose:
-    state: present
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
     project_src: "{{ basedir }}"
+    state: absent
+  when: config_files.changed 
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present

intern/docker_heimdall/templates/docker-compose.yml

 ---
-version: "2.1"
 
 services:
 
   app:
-    image: lscr.io/linuxserver/heimdall:2.5.3
+    image: lscr.io/linuxserver/heimdall:latest
     restart: always
     environment:
       - PUID=1000

intern/docker_homeassistant/tasks/main.yml

+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+   - { path: "{{ basedir }}/warpai_status_update_key",     length: -1 }
+   - { path: "{{ basedir }}/portal_password",              length: -1 }
+   - { path: "{{ basedir }}/homeassistant_admin_password", length: 12 }
+   - { path: "{{ basedir }}/influxdb_password",            length: 12 }
+   - { path: "{{ basedir }}/influxdb_token",               length: 32 }
+   - { path: "{{ basedir }}/telegram_statusbot_token",     length: 46 }
+
+
+- name: "create folder struct for {{ basedir }}"
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}"
+    - "{{ basedir }}/config/"
+
+
+- name: "copy config files for {{ basedir }}"
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - config/configuration.yaml
+  register: config_files
+
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config_files.changed 
+
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present

intern/docker_openhab/templates/docker-compose.yml → intern/docker_homeassistant/templates/docker-compose.yml

-
-version: "3"
-
 services:
   
   app:
 
-    image: openhab/openhab:3.3.0-debian
+    image: homeassistant/home-assistant:latest
     restart: always
-    # The command node is very important. It overrides
-    # the "gosu openhab tini -s ./start.sh" command from Dockerfile and runs as root!
-    command: "tini -s ./start.sh server"
+    ports:
+      - "{{ int_ip4 }}:{{ homematic_callback_port }}:{{ homematic_callback_port }}"
     volumes:
-      - "/boot/cmdline.txt:/boot/cmdline.txt:ro"
       - "/etc/localtime:/etc/localtime:ro"
-      - "/etc/timezone:/etc/timezone:ro"
-      - "{{ basedir }}/addons:/openhab/addons"
-      - "{{ basedir }}/conf:/openhab/conf"
-      - "{{ basedir }}/userdata:/openhab/userdata"
+      - "{{ basedir }}/config:/config"
     environment:
-      OPENHAB_HTTP_PORT: 8080
-      OPENHAB_HTTPS_PORT: 8443
-      EXTRA_JAVA_OPTS: "-Duser.timezone=Europe/Berlin"
+      TZ: "Europe/Berlin"
     labels:
       - traefik.enable=true
       - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
       - traefik.http.routers.{{ servicename }}.entrypoints=websecure
-      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=8123
     networks:
       - default
       - web
@@ -33,18 +23,18 @@ services:
   
   influxdb:
 
-    image: influxdb:2.6.0
+    image: influxdb:2
     restart: always
     ports:
-      - {{ int_ip4 }}:{{ influxdb_port }}:8086
+      - "{{ int_ip4 }}:{{ influxdb_port }}:8086"
     volumes:
       - "{{ basedir }}/influxdb:/var/lib/influxdb2"
     environment:
       DOCKER_INFLUXDB_INIT_MODE: setup
-      DOCKER_INFLUXDB_INIT_USERNAME: openhab
+      DOCKER_INFLUXDB_INIT_USERNAME: homeassistant
       DOCKER_INFLUXDB_INIT_PASSWORD: {{ influxdb_password }}
-      DOCKER_INFLUXDB_INIT_ORG: openhab
-      DOCKER_INFLUXDB_INIT_BUCKET: openhab
+      DOCKER_INFLUXDB_INIT_ORG: homeassistant
+      DOCKER_INFLUXDB_INIT_BUCKET: homeassistant
       DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: {{ influxdb_token }}
     networks:
       - default

intern/docker_mqtt/tasks/main.yml

 ---
-- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
   with_items:
    - { path: "{{ basedir }}/influxdb_password", length: 12 }
    - { path: "{{ basedir }}/influxdb_token", length: 24 }
@@ -22,10 +22,19 @@
   with_items: 
     - docker-compose.yml
     - mosquitto.conf
-    - telegraf.conf
+    - settings.json
+    - telegraf_binary.conf
+    - telegraf_float.conf
+  register: config_files
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config_files.changed 
 
 - name: "start {{ servicename }} docker"
-  docker_compose:
+  community.docker.docker_compose_v2:
     project_src: "{{ basedir }}"
     state: present