Bump gitea

.gitea/workflows/check.yaml

@@ -1,15 +1,16 @@
 name: Check
-on: [push]
+"on": [push]
 jobs:
   "Lint Ansible Files":
-    runs-on: ubuntu-22.04
+    runs-on: node-22-bookworm
     steps:
       - run: apt-get update
+      - run: apt-get upgrade -y
       - run: apt-get install -y python3 python3-pip python3-venv
       - run: python3 --version
       - name: Check out repo
         uses: actions/checkout@v3
       - run: python3 -m venv venv
-      - run: venv/bin/pip --disable-pip-version-check install ansible==7.2.0 ansible-lint==6.16.1 > /dev/null 2> /dev/null
+      - run: venv/bin/pip --disable-pip-version-check install ansible==11.1.0 ansible-lint==24.12.1
       - run: venv/bin/ansible-lint -c .ansible-lint ansible
   # TODO: Reimplement ansible-play --check step from old drone config

README.md

@@ -4,8 +4,8 @@
 
 | Prop | Value |
 | --- | --- |
-| Hostname | `shamash` |
-| Domains  | `{,pad.,codi.,ci.,git.,jupyter.,plantuml.}pbrinkmeier.de`, `tichy.click`, `beany.club`, `vmd98928.contaboserver.net` |
+| Hostname | `nanna` |
+| Domains  | `{,pad.,codi.,git.,plantuml.}pbrinkmeier.de`, `tichy.click`, `{utoy,vrnp}.beany.club` |
 
 ## Linting
 
@@ -17,3 +17,7 @@ ansible-lint --offline
 ```
 
 to avoid checking for a new version every single run.
+
+## TODO
+
+- [x] Migrate to `community.docker.docker_compose_v2` (`v1` is deprecated)

ansible/README.md

@@ -12,11 +12,11 @@ nix develop
 ## `misc.yaml`
 
 Server for miscellaneous stuff, e.g. the website.
-Expects to have a user `andi` who can `sudo`.
+Expects to have a user `paul who can `sudo`.
 Sets up:
 
 - Some basic packages
-- Docker and `docker-compose` (the latter via `pip`)
+- Docker and `docker-compose`
 - Nix multi-user installation
 
 ## `misc-docker.yaml`

ansible/group_vars/gods/vars.yaml

@@ -0,0 +1,15 @@
+---
+ansible_python_interpreter: /usr/bin/python3
+gods_users:
+  - name: postgres
+    uid: 70
+    state: present
+  - name: hackmd
+    uid: 1500
+    state: present
+  - name: gitea
+    uid: 42001
+    state: present
+  - name: caddy
+    uid: 42002
+    state: present

ansible/group_vars/misc/vars.yaml

@@ -1,4 +0,0 @@
----
-# Has pw-less sudo
-ansible_user: paul
-ansible_python_interpreter: /usr/bin/python3

ansible/host_vars/nanna/vars.yaml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+37646262396235383766303137613134323330396364346261653036303935663935323930663630
+3562306337383765323635623838646538376362396638360a366336336134616163663533373836
+30333834306466633162613264376266646239343432646162396132643437663934613464363437
+6530653234336133360a666232386537353835386364613065343063613536613638393736666635
+65363362363766353231646461343764306637353465373633363861333436336263393561656330
+39613761373437313663613737613961666330373135666365373433376437383232383461633861
+333763383538633430303663636338363537

ansible/inventory

@@ -1,2 +1,2 @@
-[misc]
-vmd98928.contaboserver.net ansible_port=2309
+[gods]
+nanna

ansible/playbooks/misc-all.yaml

@@ -1,8 +0,0 @@
-# All tasks for misc, use this to check whether everything is deployed.
----
-- name: Set up basic packages, Docker, Nix, sshd
-  import_playbook: misc-setup.yaml
-- name: Deploy Docker configuration
-  import_playbook: misc-docker.yaml
-- name: Check out static websites from git
-  import_playbook: misc-sites.yaml

ansible/playbooks/misc-setup.yaml

@@ -1,74 +0,0 @@
----
-- name: Basic setup for shamash (packages, Docker, Nix, sshd)
-  hosts: misc
-  tasks:
-    - name: Create /etc/pbri
-      become: true
-      ansible.builtin.file:
-        path: /etc/pbri
-        state: directory
-        mode: u=rwx,g=rx,o=rx
-    - name: Create /home/paul/{Sites,Source}
-      become: true
-      ansible.builtin.file:
-        path: "/home/paul/{{ item }}"
-        state: directory
-        owner: paul
-        group: paul
-        mode: u=rwx,g=rx,o=rx
-      loop:
-        - Sites
-        - Source
-    - name: Install basic packages
-      become: true
-      ansible.builtin.apt:
-        name:
-          - vim
-          - git
-          - htop
-          - tmux
-        update_cache: true
-      tags:
-        - apt
-    - name: Install and set up Docker and docker-compose
-      ansible.builtin.include_role:
-        name: docker
-    - name: Install and set up Nix
-      ansible.builtin.include_role:
-        name: install_nix
-    - name: Install pip prerequisites
-      become: true
-      ansible.builtin.apt:
-        name:
-          - python3-pip
-          - python3-setuptools
-          - python3-virtualenv
-    - name: Install global python docker package
-      become: true
-      ansible.builtin.pip:
-        name:
-          - docker
-          - docker-compose
-          - requests
-    - name: Configure sshd
-      become: true
-      ansible.builtin.copy:
-        dest: /etc/ssh/sshd_config.d/00_pbri.conf
-        mode: u=rw,g=r,o=r
-        # Included by /etc/ssh/sshd_config before other configuration
-        content: |
-          Port 2309
-          PermitRootLogin no
-          PubkeyAuthentication yes
-          AuthorizedKeysFile .ssh/authorized_keys
-          PasswordAuthentication no
-        validate: /usr/sbin/sshd -T -f %s
-      notify:
-        - Restart sshd
-
-  handlers:
-    - name: Restart sshd
-      become: true
-      ansible.builtin.service:
-        name: sshd
-        state: restarted

ansible/playbooks/nanna-docker.yaml

@@ -1,39 +1,25 @@
 ---
-- name: Update Docker configuration on shamash
-  hosts: misc
+- name: Update Docker configuration
+  hosts: gods
   tasks:
+    - name: Add groups
+      become: true
+      ansible.builtin.group:
+        name: "{{ item.name }}"
+        gid: "{{ item.uid }}"
+        state: "{{ item.state }}"
+        system: true
+      loop: "{{ gods_users }}"
     - name: Add users for running containers
       become: true
       ansible.builtin.user:
         name: "{{ item.name }}"
         uid: "{{ item.uid }}"
+        group: "{{ item.name }}"
         state: "{{ item.state }}"
         create_home: false
         system: true
-      loop:
-        - name: jupyter
-          uid: 42000
-          state: present
-        - name: gitea
-          uid: 42001
-          state: present
-        - name: score
-          uid: 42003
-          state: present
-        - name: factorio
-          uid: 845
-          state: present
-        - name: hackmd
-          uid: 1500
-          state: present
-
-        - name: hedgedoc
-          uid: 10000
-          state: absent
-        - name: bsa
-          uid: 42002
-          state: absent
-    # All services that are behind Caddy need to be in this network
+      loop: "{{ gods_users }}"
     - name: Create Caddy network
       become: true
       community.docker.docker_network:
@@ -48,6 +34,13 @@
         mode: u=rw,g=,o=
         # Directories should be listable
         directory_mode: u=rwx,g=rx,o=rx
+    - name: Create directory for docker volumes
+      become: true
+      ansible.builtin.file:
+        path: /var/lib/pbri/docker
+        state: directory
+        # Hide contents from non-root users
+        mode: u=rwx,g=,o=
     - name: Upload and decrypt docker environment vars
       become: true
       ansible.builtin.copy:
@@ -58,24 +51,18 @@
         # This is true by default but I put it here anyways
         # to emphasize what's happening
         decrypt: true
-      # Not quite happy with all the seperate loops yet.
       loop:
-        - name: codi
-          state: present
-        - name: drone
-          state: present
-        - name: factorio
-          state: present
         - name: gitea
           state: present
-    - name: Create directory for docker volumes
-      become: true
-      ansible.builtin.file:
-        path: /var/lib/pbri/docker
-        state: directory
-        # Hide contents from non-root users
-        mode: u=rwx,g=,o=
-    - name: Create jupyter folders
+        - name: codi
+          state: present
+        - name: vrnp
+          state: present
+        - name: zomboid
+          state: present
+    # This needs to be done for any services where user:
+    # is set in docker-compose.yaml.
+    - name: Create volume directories with correct permissions
       become: true
       ansible.builtin.file:
         path: "/var/lib/pbri/docker/{{ item.name }}"
@@ -84,36 +71,22 @@
         state: directory
         mode: u=rwx,g=,o=
       loop:
-        - name: jupyter_data
-          user: jupyter
-        - name: jupyter_notebooks
-          user: jupyter
-    - name: Create Factorio data folder
-      become: true
-      ansible.builtin.file:
-        path: /var/lib/pbri/docker/factorio
-        state: directory
-        owner: factorio
-        group: factorio
-        mode: u=rwx,g=,o=
-    - name: Create score data folder
-      become: true
-      ansible.builtin.file:
-        path: /var/lib/pbri/docker/score
-        state: directory
-        owner: score
-        group: score
-        mode: u=rwx,g=,o=
+        - name: caddy_config
+          user: caddy
+        - name: caddy_data
+          user: caddy
+        - name: codi_uploads
+          user: hackmd
     # Since some docker-compose configuration might want to pull
     # images from the Gitea package repository, we need to ensure
     # that Gitea is reachable before those configurations are deployed.
     - name: Set up caddy and gitea containers
       become: true
-      community.docker.docker_compose:
+      community.docker.docker_compose_v2:
         project_src: "/etc/pbri/docker/{{ item.name }}"
         state: "{{ item.state }}"
-        build: true
-        debug: true
+        build: "always"
+        pull: "always"
       loop:
         - name: caddy
           state: present
@@ -129,27 +102,20 @@
       register: gitea_version_response
       until: gitea_version_response.status == 200
       retries: 10
-      delay: 5  # Retry every 5 seconds
+      delay: 3  # Retry every 3 seconds
     - name: Set up other containers
       become: true
-      community.docker.docker_compose:
+      community.docker.docker_compose_v2:
         project_src: "/etc/pbri/docker/{{ item.name }}"
         state: "{{ item.state }}"
-        build: true
-        debug: true
+        build: "always"
+        pull: "always"
       loop:
-        - name: drone
-          state: present
         - name: codi
           state: present
-        - name: jupyter
-          state: present
         - name: utoy
           state: present
-        - name: score
+        - name: vrnp
+          state: present
+        - name: zomboid
           state: present
-
-        - name: factorio
-          state: absent
-        - name: glebby
-          state: absent

ansible/playbooks/nanna-setup.yaml

@@ -0,0 +1,29 @@
+---
+- name: Basic setup for nanna
+  hosts: nanna
+  tasks:
+    - name: Configure sshd
+      become: true
+      ansible.builtin.copy:
+        dest: /etc/ssh/sshd_config.d/00_pbri.conf
+        mode: u=rw,g=r,o=r
+        # Included by /etc/ssh/sshd_config before other configuration
+        content: |
+          Port 2309
+          PermitRootLogin no
+          PubkeyAuthentication yes
+          AuthorizedKeysFile .ssh/authorized_keys
+          PasswordAuthentication no
+        validate: /usr/sbin/sshd -T -f %s
+      notify:
+        - Restart sshd
+    - name: Install and set up Docker and docker-compose
+      ansible.builtin.include_role:
+        name: docker
+
+  handlers:
+    - name: Restart sshd
+      become: true
+      ansible.builtin.service:
+        name: ssh
+        state: restarted

ansible/playbooks/nanna-sites.yaml

@@ -1,16 +1,16 @@
 ---
-- name: Check out static sites hosted on shamash
-  hosts: misc
+- name: Check out static sites hosted on nanna
+  hosts: nanna
   tasks:
     - name: Check out static sites
       ansible.builtin.include_role:
         name: checkout_static_sites
       vars:
-        checkout_static_sites:
+        checkout_static_sites_config:
           checkouts:
             - path: /home/paul/Sites/pbrinkmeier.de
               url: https://git.pbrinkmeier.de/paul/pbrinkmeier.de
-              commit: 680ac7d9c44752f57436d0ecb9c8018205a5fc0f
+              commit: bab3208e61972851a5e609930a05e0d4322f8a06
               owner: paul
             - path: /home/paul/Sites/tichy.click
               url: https://github.com/pbrinkmeier/tichy-clicker

ansible/roles/checkout_static_sites/tasks/main.yaml

@@ -7,7 +7,7 @@
     mode: '0755'
     owner: "{{ item.owner }}"
     group: "{{ item.owner }}"
-  loop: "{{ checkout_static_sites.checkouts }}"
+  loop: "{{ checkout_static_sites_config.checkouts }}"
 - name: Check out static site repositories
   become: true
   become_user: "{{ item.owner }}"
@@ -15,4 +15,5 @@
     dest: "{{ item.path }}"
     repo: "{{ item.url }}"
     version: "{{ item.commit }}"
-  loop: "{{ checkout_static_sites.checkouts }}"
+    force: true
+  loop: "{{ checkout_static_sites_config.checkouts }}"

ansible/roles/docker/defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+docker_apt_arch: "amd64"
+docker_ubuntu_release: "{{ ansible_distribution_release }}"

ansible/roles/docker/tasks/main.yaml

@@ -25,12 +25,6 @@
     stdin: "{{ docker_gpg_key.content }}"
     creates: /usr/share/keyrings/docker-archive-keyring.gpg
 
-- name: Retrieve dpkg architecture
-  check_mode: false
-  ansible.builtin.command: dpkg --print-architecture
-  register: docker_dpkg_architecture
-  changed_when: false
-
 - name: Add Docker apt repository
   become: true
   ansible.builtin.template:
@@ -48,3 +42,4 @@
       - docker-ce
       - docker-ce-cli
       - containerd.io
+      - docker-compose-plugin

ansible/roles/docker/templates/docker.list.j2

@@ -1 +1 @@
-deb [arch={{ docker_dpkg_architecture.stdout }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
+deb [arch={{ docker_apt_arch }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_release }} stable

docker/docker/caddy/Caddyfile

@@ -45,6 +45,6 @@ utoy.beany.club {
     reverse_proxy utoy:3000
 }
 
-score.brocke.net {
-    reverse_proxy score:8080
+vrnp.beany.club {
+    reverse_proxy vrnp:8000
 }

docker/docker/caddy/Dockerfile

@@ -1,3 +1,4 @@
 FROM caddy
 
-COPY Caddyfile /etc/caddy/Caddyfile
+COPY Caddyfile /etc/caddy/Caddyfile
+RUN chown 42002:42002 /etc/caddy/Caddyfile

docker/docker/caddy/docker-compose.yaml

@@ -1,5 +1,3 @@
-version: "3"
-
 services:
   # Webserver for static files and reverse proxy
   web:
@@ -8,6 +6,7 @@ services:
     ports:
       - "80:80"
       - "443:443"
+    user: "42002"
     volumes:
       - /var/lib/pbri/docker/caddy_data:/data
       - /var/lib/pbri/docker/caddy_config:/config

docker/docker/codi/docker-compose.yaml

@@ -1,8 +1,6 @@
-version: "3"
-
 services:
   codi:
-    image: hackmdio/hackmd:2.4.2
+    image: hackmdio/hackmd:2.5.4
     user: hackmd
     environment:
       # Admin stuff
@@ -38,7 +36,7 @@ services:
     volumes:
       - /var/lib/pbri/docker/codi_uploads:/home/hackmd/app/public/uploads
     restart: always
-    
+
   codi_db:
     image: postgres:11.6-alpine
     environment:

docker/docker/drone/README.md

@@ -1,9 +0,0 @@
-Add a `.env` file like this:
-
-```
-DRONE_GITEA_CLIENT_ID=...
-DRONE_GITEA_CLIENT_SECRET=...
-DRONE_RPC_SECRET=...
-```
-
-See also: https://docs.drone.io/server/provider/gitea/.

docker/docker/drone/docker-compose.yaml

@@ -1,32 +0,0 @@
-version: "3"
-
-services:
-  drone:
-    image: drone/drone:2
-    environment:
-      DRONE_GITEA_SERVER: https://git.pbrinkmeier.de
-      DRONE_GITEA_CLIENT_ID: "${DRONE_GITEA_CLIENT_ID}"
-      DRONE_GITEA_CLIENT_SECRET: "${DRONE_GITEA_CLIENT_SECRET}"
-      DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
-      DRONE_SERVER_HOST: ci.pbrinkmeier.de
-      DRONE_SERVER_PROTO: https
-    volumes:
-      - /var/lib/pbri/docker/drone:/data
-    restart: unless-stopped
-
-  drone_runner:
-    image: drone/drone-runner-docker:1
-    environment:
-      DRONE_RPC_PROTO: https
-      DRONE_RPC_HOST: ci.pbrinkmeier.de
-      DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
-      DRONE_RUNNER_CAPACITY: 1
-      DRONE_RUNNER_NAME: shamash
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    restart: unless-stopped
-
-networks:
-  default:
-    name: caddy-network
-    external: true

docker/docker/factorio/Dockerfile

@@ -1,4 +0,0 @@
-FROM factoriotools/factorio:1.1.87
-
-COPY server-settings.json /server-settings.json
-ENTRYPOINT [ "/bin/sh", "-c", "mkdir -p /factorio/config && envsubst < /server-settings.json > /factorio/config/server-settings.json && exec /docker-entrypoint.sh" ]

docker/docker/factorio/README.md

@@ -1,10 +0,0 @@
-# factorio
-
-Add a `.env` file like this:
-
-```
-GAME_PASSWORD=...
-```
-
-Environment variables are put into `server-settings.json` during startup using `envsubst`.
-See also: https://hub.docker.com/r/factoriotools/factorio.

docker/docker/factorio/docker-compose.yaml

@@ -1,14 +0,0 @@
-version: "3"
-
-services:
-  gitea:
-    image: pbrinkmeier/factorio
-    build: .
-    restart: always
-    environment:
-      GAME_PASSWORD: "${GAME_PASSWORD}"
-    volumes:
-      - /var/lib/pbri/docker/factorio:/factorio
-    ports:
-      - "34197:34197/udp"
-      - "27015:27015/tcp"

docker/docker/factorio/server-settings.json

@@ -1,72 +0,0 @@
-{
-    "name": "le epic factorio server",
-    "description": "Description of the game that will appear in the listing",
-    "tags": ["game", "tags"],
-  
-    "_comment_max_players": "Maximum number of players allowed, admins can join even a full server. 0 means unlimited.",
-    "max_players": 0,
-  
-    "_comment_visibility": ["public: Game will be published on the official Factorio matching server",
-                            "lan: Game will be broadcast on LAN"],
-    "visibility":
-    {
-      "public": false,
-      "lan": false
-    },
-  
-    "_comment_credentials": "Your factorio.com login credentials. Required for games with visibility public",
-    "username": "",
-    "password": "",
-  
-    "_comment_token": "Authentication token. May be used instead of 'password' above.",
-    "token": "",
-  
-    "game_password": "",
-  
-    "_comment_require_user_verification": "When set to true, the server will only allow clients that have a valid Factorio.com account",
-    "require_user_verification": false,
-  
-    "_comment_max_upload_in_kilobytes_per_second" : "optional, default value is 0. 0 means unlimited.",
-    "max_upload_in_kilobytes_per_second": 0,
-  
-    "_comment_max_upload_slots" : "optional, default value is 5. 0 means unlimited.",
-    "max_upload_slots": 5,
-  
-    "_comment_minimum_latency_in_ticks": "optional one tick is 16ms in default speed, default value is 0. 0 means no minimum.",
-    "minimum_latency_in_ticks": 0,
-  
-    "_comment_max_heartbeats_per_second": "Network tick rate. Maximum rate game updates packets are sent at before bundling them together. Minimum value is 6, maximum value is 240.",
-    "max_heartbeats_per_second": 60,
-  
-    "_comment_ignore_player_limit_for_returning_players": "Players that played on this map already can join even when the max player limit was reached.",
-    "ignore_player_limit_for_returning_players": false,
-  
-    "_comment_allow_commands": "possible values are, true, false and admins-only",
-    "allow_commands": "admins-only",
-  
-    "_comment_autosave_interval": "Autosave interval in minutes",
-    "autosave_interval": 10,
-  
-    "_comment_autosave_slots": "server autosave slots, it is cycled through when the server autosaves.",
-    "autosave_slots": 5,
-  
-    "_comment_afk_autokick_interval": "How many minutes until someone is kicked when doing nothing, 0 for never.",
-    "afk_autokick_interval": 5,
-  
-    "_comment_auto_pause": "Whether should the server be paused when no players are present.",
-    "auto_pause": true,
-  
-    "only_admins_can_pause_the_game": true,
-  
-    "_comment_autosave_only_on_server": "Whether autosaves should be saved only on server or also on all connected clients. Default is true.",
-    "autosave_only_on_server": true,
-  
-    "_comment_non_blocking_saving": "Highly experimental feature, enable only at your own risk of losing your saves. On UNIX systems, server will fork itself to create an autosave. Autosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option.",
-    "non_blocking_saving": false,
-  
-    "_comment_segment_sizes": "Long network messages are split into segments that are sent over multiple ticks. Their size depends on the number of peers currently connected. Increasing the segment size will increase upload bandwidth requirement for the server and download bandwidth requirement for clients. This setting only affects server outbound messages. Changing these settings can have a negative impact on connection stability for some clients.",
-    "minimum_segment_size": 25,
-    "minimum_segment_size_peer_count": 20,
-    "maximum_segment_size": 100,
-    "maximum_segment_size_peer_count": 10
-  }

docker/docker/gitea/Dockerfile

@@ -1,3 +1,3 @@
- FROM gitea/act_runner:0.2.5
+ FROM gitea/act_runner:0.2.11
 
  COPY runner-config.yaml /opt/runner-config.yaml

docker/docker/gitea/docker-compose.yaml

@@ -1,8 +1,6 @@
-version: "3"
-
 services:
   gitea:
-    image: gitea/gitea:1.20.3
+    image: gitea/gitea:1.23.1
     restart: unless-stopped
     environment:
       # Ref: https://docs.gitea.io/en-us/config-cheat-sheet
@@ -66,7 +64,8 @@ services:
       - /var/lib/pbri/docker/gitea_db:/var/lib/postgresql/data
 
   gitea_runner:
-    image: pbrinkmeier/act_runner:0.2.5
+    # Make sure to keep this in sync with the version in the Dockerfile
+    image: pbrinkmeier/act_runner:0.2.11
     build: .
     restart: unless-stopped
     environment:

docker/docker/gitea/runner-config.yaml

@@ -32,6 +32,8 @@ runner:
   # ubuntu:22.04 here is not enough.
   labels:
     - "ubuntu-22.04:docker://node:16-bullseye"
+    - "node-22-bullseye:docker://node:22-bullseye"
+    - "node-22-bookworm:docker://node:22-bookworm"
 
 cache:
   # Enable cache server to use actions/cache.

docker/docker/glebby/docker-compose.yaml

@@ -1,11 +0,0 @@
-version: "3"
-
-services:
-  glebby:
-    image: git.pbrinkmeier.de/paul/glebby:1.1-prod
-    restart: always
-
-networks:
-  default:
-    name: caddy-network
-    external: true

docker/docker/jupyter/docker-compose.yaml

@@ -1,15 +0,0 @@
-version: "3"
-
-services:
-  jupyter:
-    image: git.pbrinkmeier.de/paul/jup:1.5
-    user: "42000"
-    volumes:
-      - /var/lib/pbri/docker/jupyter_data:/data
-      - /var/lib/pbri/docker/jupyter_notebooks:/notebooks
-    restart: always
-
-networks:
-  default:
-    name: caddy-network
-    external: true

docker/docker/score/docker-compose.yaml

@@ -1,16 +0,0 @@
-version: "3"
-
-services:
-  score:
-    image: ghcr.io/lbrocke/score:v1.0.2
-    user: "42003:42003"
-    environment:
-      SCORE_LISTEN: 0.0.0.0:8080
-    volumes:
-      - /var/lib/pbri/docker/score:/data
-    restart: unless-stopped
-
-networks:
-  default:
-    name: caddy-network
-    external: true

docker/docker/utoy/docker-compose.yaml

@@ -1,5 +1,3 @@
-version: "3"
-
 services:
   utoy:
     image: git.pbrinkmeier.de/paul/utoy:0.6

docker/docker/vrnp/docker-compose.yaml

@@ -0,0 +1,11 @@
+services:
+  vrnp:
+    image: git.pbrinkmeier.de/paul/vrnp:0.0.3
+    restart: always
+    environment:
+      VRNP_PASSWORD: "${VRNP_PASSWORD}"
+
+networks:
+  default:
+    name: caddy-network
+    external: true

docker/docker/zomboid/docker-compose.yaml

@@ -0,0 +1,15 @@
+services:
+  zomboid:
+    image: renegademaster/zomboid-dedicated-server:2.5.0
+    restart: unless-stopped
+    volumes:
+      - /var/lib/pbri/docker/zomboid_dedicated_server:/home/steam/ZomboidDedicatedServer
+      - /var/lib/pbri/docker/zomboid_config:/home/steam/Zomboid
+    ports:
+      - "16261:16261/udp"
+      - "16262:16262/udp"
+    environment:
+      ADMIN_USERNAME: "the_gwiddy"
+      ADMIN_PASSWORD: "${ZOMBOID_ADMIN_PASSWORD}"
+      SERVER_NAME: "gwiddy time"
+      SERVER_PASSWORD: "${ZOMBOID_SERVER_PASSWORD}"

docker/envs/drone/.env

@@ -1,14 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31333834393366333930346366373931333930646233383664643463393965303238613430646638
-6461373434616433353337643131396462326537346434380a386562633335346436303662336362
-62333739626237323334333666633162616338313932393261303231353539623237383638643030
-3364393934653232310a383065386530373433393635313665353532666361303436613337316565
-32306233336134383531633232393862303466373331373764376462653736663861663366323762
-65666263366461396362386264613830336435346234386234333562616131653938386439336566
-34386461343433346363336161373038303434383563303564653533623939613937323030636362
-66636639643963613236366138646335393831366432333637333065326162646237643561336666
-61323833333337633861646462393930663733333266336233663630396532366566303835653431
-38363365383166393765343735363030363562313837643837313864373735643264663264643633
-66306261633666616363666562306632613032373231633730313638383033633761653661383738
-39623630643766663438656635653530626664313765633430646330356333306239653437373839
-3933

docker/envs/factorio/.env

@@ -1,7 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-32356463313330336636636363646138393236636233326132623165353962623565356364396530
-3636336532396665333637653432353332643434643962390a313162343836306435383536313937
-36656632356366303561366536373535383538303730386239386437323466346533353634306436
-3930633464353235360a653936333734353137313363316261366666353238366566613865366463
-32393431343439383733343766323831643561663938376264336331306139646337343633346536
-3236343538323032636666366639303539316236393535323661

docker/envs/gitea/.env

@@ -1,14 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-35623364633833623964623536646534373634663736613561333561343136333965306638396532
-6162393239383936386338666565306132646230383066630a336337613636383431623738343663
-61343262363631376665383035323139313863626331666439336134613035663439376231343863
-3032353139643138640a383365356630323835383538393734643134343133653033383663333464
-62386361633435633664306531623835353665326432393932336163316561653866343137323030
-63643262323436356166373533363235366238393633336631336266373837373932313134303563
-65633337393938623134636538653561356565333831356638373862376333336163363438626438
-39343436383732313561396236656530303064363961663636353538346264633532633866333162
-35303032303662646166333537373566316462633536333463323433353539623363323036643763
-34376365613932303133366236613235636238643139666663356436326532616437383432303437
-39376535656266383465373837643634383937656431323265386163373138336164383666383962
-64623762613332363731323739666238613634646237396331666463363663313461313966356233
-30653362353061333739303234336461373337346632646433623462623765353330
+30626565616334613665623138613533653739333038643530636633393264393334373563326631
+3838333663306537326534333666316539383038363236650a613163643433653466666639666366
+33653861613638653862393338386334643332633762666136613932343834333162303363373030
+6161323863316134340a646532386537313164643039353435633535363061616363363337663365
+39343461356631383062353837383034653430373663323966373632323063636132613137643662
+37373065313764626539396463376637353136613365366566363436356537343932376565633962
+62316631663634316530623736613961623635303763633964386433333531626437303136363537
+35393134643935316330396161303134626537643162393062636363376435636162393136373034
+39636231626635643530313634333464653564353861656666633035623932336234303735386366
+62303133326237613763336435323338623036663137333439613462333434303734303737363936
+65333762376233396332633434353832373136383137336665623534356538636166303835376334
+64346139656432633230386666653531333864333664393936366630346334323963343431346164
+64376165666230386464303036303861653437646463633764343064376464396135

docker/envs/vrnp/.env

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+36643163613366383136326339346231373533373361633834663332343932356665303434333564
+3936636366396233326664636137363134643066303432380a363662646465656130303431386530
+37316138366239313038336664313661333632393333666539363565623032653431623935613631
+3635323330363663610a353263663736653561666261636138336438666261613739346664393233
+32323364346665633662663266626436343831386565663761393237346637376438613865363663
+36613035376638653937633866613935343834633431393830303438363265656337343565323063
+36303033323537666236633037656236656133396431326362303462353237326162626335363761
+36636362306232333630613464393135383539666632343038393333353462336238663130326166
+3061

docker/envs/zomboid/.env

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+35336632386231333233333633656163356564316637366438383532626437303364633733353436
+3836376461393761653637666532643264613864633935620a326365386634393935333433306564
+62346235346262313339633739353232663562623562616136623838386233633136383764666536
+6239663264643333370a393762636231343034643133613163626239353735363037646638633933
+62376165306438653537343564376536396537666534633330666163346533313434616561306434
+63313035643732303863663430303936346264626637623936343763303738623865356536306365
+32623164323738663065613332656465643536633933643731366139626165636230343966383839
+64343961316139313931313966356430343438376461366537356337363835623637306539646265
+32376562363061643630663937663064393664663766613365363439653030393239

flake.lock

@@ -5,11 +5,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1685518550,
-        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1686259070,
-        "narHash": "sha256-bJ2TqJHMdU27o3+AlYzsDooUzneFHwvK5LaRv5JYit4=",
+        "lastModified": 1737753628,
+        "narHash": "sha256-vwRbCpftG6/QrBeu3eQO1l5wzAg/pAMdvGOOLeXWeM4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8a7d5c039cacc83bd1926aaabc04d541e04a1460",
+        "rev": "f22b0184bd0f4bb3061580b1e807feb68a85d90d",
         "type": "github"
       },
       "original": {