-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
169 lines (138 loc) · 8.76 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
---
# Project source code URL: https://github.com/louislam/uptime-kuma
uptime_kuma_enabled: true
uptime_kuma_identifier: uptime-kuma
uptime_kuma_uid: ''
uptime_kuma_gid: ''
uptime_kuma_version: 1.23.16
# The hostname at which uptime-kuma is served.
uptime_kuma_hostname: ''
# The path at which uptime-kuma is served.
# This value must either be `/` or not end with a slash (e.g. `/kuma`).
#
# Hosting under a subpath is not possible yet due to uptime-kuma limitations.
# See:
# - https://github.com/louislam/uptime-kuma/issues/147
# - https://github.com/louislam/uptime-kuma/pull/1092
uptime_kuma_path_prefix: /
uptime_kuma_base_path: "/{{ uptime_kuma_identifier }}"
uptime_kuma_data_path: "{{ uptime_kuma_base_path }}/data"
uptime_kuma_container_image: "{{ uptime_kuma_container_image_registry_prefix }}louislam/uptime-kuma:{{ uptime_kuma_container_image_tag }}"
uptime_kuma_container_image_registry_prefix: docker.io/
uptime_kuma_container_image_tag: "{{ uptime_kuma_version }}-alpine"
uptime_kuma_container_image_force_pull: "{{ uptime_kuma_container_image.endswith(':latest') }}"
# The base container network. It will be auto-created by this role if it doesn't exist already.
uptime_kuma_container_network: "{{ uptime_kuma_identifier }}"
# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
uptime_kuma_container_additional_networks: "{{ uptime_kuma_container_additional_networks_auto + uptime_kuma_container_additional_networks_custom }}"
uptime_kuma_container_additional_networks_auto: []
uptime_kuma_container_additional_networks_custom: []
uptime_kuma_container_dns_servers: "{{ uptime_kuma_container_dns_servers_default + uptime_kuma_container_dns_servers_custom }}"
uptime_kuma_container_dns_servers_default:
# Cloudflare DNS
- '1.1.1.1'
- '1.0.0.1'
# Google DNS
- '8.8.8.8'
- '8.8.4.4'
# dns.quad9.net
- '9.9.9.9'
- '149.112.112.112'
uptime_kuma_container_dns_servers_custom: []
# uptime_kuma_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `uptime_kuma_container_labels_additional_labels`.
uptime_kuma_container_labels_traefik_enabled: true
uptime_kuma_container_labels_traefik_docker_network: "{{ uptime_kuma_container_network }}"
uptime_kuma_container_labels_traefik_hostname: "{{ uptime_kuma_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/kuma`).
uptime_kuma_container_labels_traefik_path_prefix: "{{ uptime_kuma_path_prefix }}"
uptime_kuma_container_labels_traefik_rule: "Host(`{{ uptime_kuma_container_labels_traefik_hostname }}`){% if uptime_kuma_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ uptime_kuma_container_labels_traefik_path_prefix }}`){% endif %}" # noqa yaml[line-length]
uptime_kuma_container_labels_traefik_priority: 0
uptime_kuma_container_labels_traefik_entrypoints: web-secure
uptime_kuma_container_labels_traefik_tls: "{{ uptime_kuma_container_labels_traefik_entrypoints != 'web' }}"
uptime_kuma_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls which additional headers to attach to all HTTP responses.
# To add your own custom response headers, use `uptime_kuma_container_labels_traefik_additional_response_headers_custom`
uptime_kuma_container_labels_traefik_additional_response_headers: "{{ uptime_kuma_container_labels_traefik_additional_response_headers_auto | combine(uptime_kuma_container_labels_traefik_additional_response_headers_custom) }}" # noqa yaml[line-length]
uptime_kuma_container_labels_traefik_additional_response_headers_auto: |
{{
{}
| combine ({'X-XSS-Protection': uptime_kuma_http_header_xss_protection} if uptime_kuma_http_header_xss_protection else {})
| combine ({'X-Frame-Options': uptime_kuma_http_header_frame_options} if uptime_kuma_http_header_frame_options else {})
| combine ({'X-Content-Type-Options': uptime_kuma_http_header_content_type_options} if uptime_kuma_http_header_content_type_options else {})
| combine ({'Content-Security-Policy': uptime_kuma_http_header_content_security_policy} if uptime_kuma_http_header_content_security_policy else {})
| combine ({'Permission-Policy': uptime_kuma_http_header_content_permission_policy} if uptime_kuma_http_header_content_permission_policy else {})
| combine ({'Strict-Transport-Security': uptime_kuma_http_header_strict_transport_security} if uptime_kuma_http_header_strict_transport_security and uptime_kuma_container_labels_traefik_tls else {})
}}
uptime_kuma_container_labels_traefik_additional_response_headers_custom: {}
# uptime_kuma_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# uptime_kuma_container_labels_additional_labels: |
# my.label=1
# another.label="here"
uptime_kuma_container_labels_additional_labels: ''
# Specifies how often the container health-check will run.
#
# For Traefik based setups, it's important that the interval is short,
# because the interval value also specifies the "initial wait time".
# This is a Docker (moby) bug: https://github.com/moby/moby/issues/33410
# Without a successful healthcheck, Traefik will not register the service for reverse-proxying.
# Thus, the health interval determines the initial start-up time -- the smaller, the better.
#
# For non-Traefik setups, we use the default healthcheck interval (60s) to decrease overhead.
uptime_kuma_container_health_interval: "{{ '5s' if uptime_kuma_container_labels_traefik_enabled else '60s' }}"
# A list of extra arguments to pass to the container
uptime_kuma_container_extra_arguments: []
# Additional environment variables.
uptime_kuma_environment_variables_additional_variables: ''
# Specifies the value of the `X-XSS-Protection` header
# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
#
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
uptime_kuma_http_header_xss_protection: "1; mode=block"
# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
uptime_kuma_http_header_frame_options: SAMEORIGIN
# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
uptime_kuma_http_header_content_type_options: nosniff
# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
uptime_kuma_http_header_content_security_policy: frame-ancestors 'self'
# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
uptime_kuma_http_header_content_permission_policy: "{{ 'interest-cohort=()' if uptime_kuma_floc_optout_enabled else '' }}"
# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
uptime_kuma_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if uptime_kuma_hsts_preload_enabled else '' }}"
# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
# Learn more about what it is here:
# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
# - https://amifloced.org/
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `uptime_kuma_content_permission_policy`
uptime_kuma_floc_optout_enabled: true
# Controls if HSTS preloading is enabled
#
# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
# indicates a willingness to be "preloaded" into browsers:
# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
# For more information visit:
# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `uptime_kuma_http_header_strict_transport_security`
uptime_kuma_hsts_preload_enabled: false
# List of systemd services that kuma.service depends on
uptime_kuma_systemd_required_services_list: ['docker.service']