Allow all applications to be made available through Traefik, add docs

docs/applications/traefik.md

@@ -4,6 +4,11 @@ Homepage: [https://traefik.io](https://traefik.io)
 
 Traefik is used to provide external access to your Ansible-NAS box. Additionally, Traefik will automatically request and renew SSL certificates for you.
 
+You can configure which applications are available externally by enabling the `<application_name>_available_externally` setting
+for each application in the Advanced Settings section of your `all.yml`.
+
+See [External Access](configuration/external_access) for more info.
+
 ## Usage
 
 Set `traefik_enabled: true` in your `group_vars/all.yml` file.
@@ -12,4 +17,4 @@ Traefik's web interface can be found at http://ansible_nas_host_or_ip:8083.
 
 ## Specific Configuration
 
-You'll need to map port 80 and 443 from your router to your Ansible-NAS box. A quick search should reveal instruction for your model of router.
+You'll need to map port 80 and 443 from your router to your Ansible-NAS box. A quick search should reveal instruction for your model of router.

docs/configuration/external_access.md

@@ -0,0 +1,37 @@
+# External Access
+
+There are a number of steps required to enable external access to the applications running on your NAS:
+
+- Enable Traefik
+- Domain name and DNS configuration
+- Router configuration
+- Enable specific applications for external access
+
+## :skull: :skull: :skull: Warning! :skull: :skull: :skull:
+
+Enabling access to applications externally **does not** automatically secure them. If you can access an application from within your own network without a username and password, this will also be the case externally.
+
+It is your responsiblity to ensure that applications you enable external access to are secured appropriately!
+
+## Enable Traefik
+
+Traefik routes traffic from ports 80 (HTTP) and 443 (HTTPS) on your Ansible-NAS box to the relevant application, based on hostname.
+
+Simply set `traefik_enabled: true` in your `all.yml`. By default it listens on ports 80 and 443, but doesn't route any traffic.
+
+## Domain Name and DNS Configuration
+
+Set `ansible_nas_domain` to the domain name you want to use for your Ansible-NAS. You'll need somewhere to host the DNS for that domain - Cloudflare is a good free solution. Once you have an account and Cloudflare is hosting the DNS for your domain, create a wildcard DNS entry (`*.myawesomedomain.com`) and set it to your current IP address.
+
+You then need to enable the Cloudflare Dynamic DNS container (`cloudflare_ddns_enabled: true`) so the wildcard DNS entry for your
+domain name is updated if/when your ISP issues you a new IP address.
+
+## Router Configuration
+
+You need to map ports 80 and 443 from your router to your Ansible-NAS box.
+
+How to do this is entirely dependent on your router (and out of scope of these docs), but if you're using Ansible-NAS then this should be within your skillset. :)
+
+## Enable Specific Applications
+
+Every application has a `<application_name>_available_externally` setting in the Advanced Settings section of `all.yml`. Setting this to `true` will configure Traefik to route `<application>.yourdomain.com` to the application, making it available externally.

docs/configuration/router_confiiguration.md

@@ -1,5 +0,0 @@
-# Router Configuration
-
-If you want to make certain Ansible-NAS applications available outside of your home (for example Nextcloud), then you need to map ports 80 and 443 from your router to your Ansible-NAS box.
-
-How to do this is entirely dependent on your router (and out of scope of these docs), but if you're using Ansible-NAS then this should be within your skillset. :)

group_vars/all.yml.dist

@@ -4,9 +4,10 @@
 # Set these options to true or false to toggle specific features
 
 # External Access
-# Traefik will allow access to certain applications externally. To enable this you'll need a domain name that points to your 
+# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your 
-# home static IP address, cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. 
+# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip.
-# You'll also need to map ports 80 and 443 from your router to your ansible-nas server.
+# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "availble_externally" 
+# settings.
 traefik_enabled: false
 
 # BitTorrent
@@ -196,20 +197,21 @@ samba_shares:
 # set the options below.
 
 # Your domain name
-cloudflare_zone: awesomedomain.com
+cloudflare_zone: "{{ ansible_nas_domain }}"
 
 # The hostname you want the container to update. You shouldn't need to change this.
 cloudflare_host: "*.{{ cloudflare_zone }}"
 
 # Email address used to register for Cloudflare
-cloudflare_email: dave@awesomedomain.com
+cloudflare_email: "{{ ansible_nas_email }}"
 
 # Cloudflare 'Global API Key', can be found on the 'My Profile' page
 cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
 
-##################################################################
+######################################################################################
-###### You shouldn't need to edit anything below this point ######
+###### Advanced Settings                                                        ######
-##################################################################
+###### Ensure you know what you're doing before getting stuck in down here 8-)  ######
+######################################################################################
 
 ###
 ### General
@@ -244,18 +246,22 @@ samba_netbios_name: "{{ ansible_nas_hostname }}"
 ###
 ### Traefik
 ###
-traefik_docker_image: traefik:1.7
+traefik_docker_image: traefik:latest
 traefik_data_directory: "{{ docker_home }}/traefik"
+traefik_debug: "false"
 
 ###
 ### Heimdall
 ###
+heimdall_available_externally: "false"
 heimdall_docker_image: linuxserver/heimdall:latest
 heimdall_data_directory: "{{ docker_home }}/heimdall"
 
 ###
 ### Transmission
 ###
+transmission_available_externally: "false"
+transmission_with_openvpn_available_externally: "false"
 transmission_config_directory: "{{ docker_home }}/transmission/config"
 transmission_download_directory: "{{ downloads_root }}"
 transmission_watch_directory: "{{ torrents_root }}"
@@ -267,6 +273,7 @@ transmission_local_network: "192.168.1.0/24"
 ###
 ### Plex
 ###
+plex_available_externally: "false"
 plex_config_directory: "{{ docker_home }}/plex/config"
 plex_movies_directory: "{{ movies_root }}"
 plex_tv_directory: "{{ tv_root }}"
@@ -276,6 +283,7 @@ plex_group_id: 0
 ###
 ### Emby
 ###
+emby_available_externally: "false"
 emby_config_directory: "{{ docker_home }}/emby/config"
 emby_movies_directory: "{{ movies_root }}"
 emby_tv_directory: "{{ tv_root }}"
@@ -285,6 +293,7 @@ emby_group_id: 0
 ###
 ### Tautulli
 ###
+tautulli_available_externally: "false"
 tautulli_config_directory: "{{ docker_home }}/tautulli/config"
 tautulli_user_id: 0
 tautulli_group_id: 0
@@ -293,12 +302,14 @@ tautulli_group_id: 0
 ###
 ### Duplicati
 ###
+duplicati_available_externally: "false"
 duplicati_data_directory: "{{ docker_home }}/duplicati/config"
 
 
 ###
 ### Sonarr
 ###
+sonarr_available_externally: "false"
 sonarr_data_directory: "{{ docker_home }}/sonarr/config"
 sonarr_tv_directory: "{{ tv_root }}"
 sonarr_download_directory: "{{ downloads_root }}"
@@ -309,6 +320,7 @@ sonarr_group_id: 0
 ###
 ### Radarr
 ###
+radarr_available_externally: "false"
 radarr_movies_directory: "{{ movies_root }}"
 radarr_download_directory: "{{ downloads_root }}"
 radarr_data_directory: "{{ docker_home }}/radarr"
@@ -319,6 +331,7 @@ radarr_group_id: 0
 ###
 ### Couchpotato
 ###
+couchpotato_available_externally: "false"
 couchpotato_config_directory: "{{ docker_home }}/couchpotato/config"
 couchpotato_movies_directory: "{{ movies_root }}"
 couchpotato_downloads_directory: "{{ downloads_root }}"
@@ -330,12 +343,17 @@ couchpotato_group_id: 0
 ###
 ### Sickrage
 ###
+sickrage_available_externally: "false"
 sickrage_config_directory: "{{ docker_home }}/sickrage/config"
 sickrage_tv_directory: "{{ tv_root }}"
 sickrage_downloads_directory: "{{ downloads_root }}"
 sickrage_user_id: 0
 sickrage_group_id: 0
 
+###
+### Netdata
+###
+netdata_available_externally: "false"
 
 ###
 ### OpenVPN
@@ -346,12 +364,14 @@ openvpn_config_directory: "{{ docker_home }}/openvpn"
 ###
 ### Portainer
 ###
+portainer_available_externally: "false"
 portainer_data_directory: "{{ docker_home }}/portainer/config"
 
 
 ###
 ### ZNC
 ###
+znc_available_externally: "false"
 znc_data_directory: "{{ docker_home }}/znc"
 znc_user_id: 0
 znc_group_id: 0
@@ -360,6 +380,7 @@ znc_group_id: 0
 ###
 ### Stats
 ###
+grafana_available_externally: "false"
 telegraf_data_directory: "{{ docker_home }}/telegraf"
 influxdb_data_directory: "{{ docker_home }}/influxdb"
 grafana_data_directory: "{{ docker_home }}/grafana"
@@ -368,11 +389,18 @@ stat_collection_interval: 15s
 ###
 ### Gitea
 ###
+gitea_available_externally: "false"
 gitea_data_directory: "{{ docker_home }}/gitea"
 
+###
+### Glances
+###
+glances_available_externally: "false"
+
 ###
 ### Nextcloud
 ###
+nextcloud_available_externally: "false"
 nextcloud_data_directory: "{{ docker_home }}/nextcloud"
 
 ###
@@ -383,6 +411,7 @@ nginx_data_directory: "{{ docker_home }}/nginx"
 ###
 ### Guacamole
 ###
+guacamole_available_externally: "false"
 guacamole_docker_image: guacamole/guacamole:0.9.14
 guacamole_guacd_docker_image: guacamole/guacd:0.9.14
 guacamole_data_directory: "{{ docker_home }}/guacamole"
@@ -390,6 +419,7 @@ guacamole_data_directory: "{{ docker_home }}/guacamole"
 ###
 ### Miniflux
 ###
+miniflux_available_externally: "false"
 miniflux_data_directory: "{{ docker_home }}/miniflux"
 miniflux_admin_username: admin
 miniflux_admin_password: supersecure
@@ -397,6 +427,7 @@ miniflux_admin_password: supersecure
 ###
 ### Airsonic
 ###
+airsonic_available_externally: "false"
 airsonic_data_directory: "{{ docker_home }}/airsonic"
 
 ###
@@ -448,4 +479,5 @@ mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa"
 ###
 ### jackett
 ###
+jackett_available_externally: "false"
 jackett_data_directory: "{{ docker_home }}/jackett"

tasks/airsonic.yml

@@ -20,11 +20,11 @@
       - "{{ samba_shares_root }}/podcasts:/airsonic/podcasts:rw"
     ports:
       - "4040:4040"
+    restart_policy: unless-stopped
+    memory: 1g
     labels:
       traefik.backend: "airsonic"
       traefik.frontend.rule: "Host:airsonic.{{ ansible_nas_domain }}"
-      traefik.enable: "true"
+      traefik.enable: "{{ airsonic_available_externally }}"
       traefik.port: "4040"
-    restart_policy: unless-stopped
-    memory: 1g
 

tasks/cloudflare_ddns.yml

@@ -8,6 +8,7 @@
       HOST: "{{ cloudflare_host }}"
       EMAIL: "{{ cloudflare_email }}"
       API: "{{ cloudflare_api_key }}"
+      PROXY: "false"
     restart_policy: unless-stopped
     memory: 512MB
 

tasks/couchpotato.yml

@@ -24,4 +24,9 @@
       PUID: "{{ couchpotato_user_id }}"
       PGID: "{{ couchpotato_group_id }}"
     restart_policy: unless-stopped
-    memory: 1g
+    memory: 1g
+    labels:
+      traefik.backend: "couchpotato"
+      traefik.frontend.rule: "Host:couchpotato.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ couchpotato_available_externally }}"
+      traefik.port: "5050"

tasks/duplicati.yml

@@ -20,3 +20,8 @@
       - "/etc/timezone:/etc/timezone:ro"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "duplicati"
+      traefik.frontend.rule: "Host:duplicati.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ duplicati_available_externally }}"
+      traefik.port: "8200"

tasks/emby.yml

@@ -24,3 +24,8 @@
       PGID: "{{ emby_group_id }}"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "emby"
+      traefik.frontend.rule: "Host:emby.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ emby_available_externally }}"
+      traefik.port: "8096"

tasks/gitea.yml

@@ -67,3 +67,8 @@
       USER_GID: 1309
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "gitea"
+      traefik.frontend.rule: "Host:gitea.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ gitea_available_externally }}"
+      traefik.port: "3000"

tasks/glances.yml

@@ -16,3 +16,8 @@
       GLANCES_OPT: "-w"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "glances"
+      traefik.frontend.rule: "Host:glances.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ glances_available_externally }}"
+      traefik.port: "61208"

tasks/guacamole.yml

@@ -49,10 +49,10 @@
       MYSQL_DATABASE: guacamole
       MYSQL_USER: guacamole-user
       MYSQL_PASSWORD: guacamole-pass
+    restart_policy: unless-stopped
+    memory: 1g
     labels:
       traefik.backend: "guacamole"
       traefik.frontend.rule: "Host:guacamole.{{ ansible_nas_domain }}"
-      traefik.enable: "true"
+      traefik.enable: "{{ guacamole_available_externally }}"
       traefik.port: "8080"
-    restart_policy: unless-stopped
-    memory: 1g

tasks/heimdall.yml

@@ -40,3 +40,8 @@
       - "10443:443"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "heimdall"
+      traefik.frontend.rule: "Host:heimdall.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ heimdall_available_externally }}"
+      traefik.port: "80"

tasks/jackett.yml

@@ -18,4 +18,9 @@
       - "9117:9117"
     env:
       TZ: "{{ ansible_nas_timezone }}"
-    restart_policy: unless-stopped
+    restart_policy: unless-stopped
+    labels:
+      traefik.backend: "jackett"
+      traefik.frontend.rule: "Host:jackett.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ jackett_available_externally }}"
+      traefik.port: "9117"

tasks/miniflux.yml

@@ -35,3 +35,8 @@
       ADMIN_PASSWORD: "{{ miniflux_admin_password }}"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "miniflux"
+      traefik.frontend.rule: "Host:miniflux.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ miniflux_available_externally }}"
+      traefik.port: "8080"

tasks/netdata.yml

@@ -25,3 +25,8 @@
       - apparmor:unconfined
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "netdata"
+      traefik.frontend.rule: "Host:netdata.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ netdata_available_externally }}"
+      traefik.port: "19999"

tasks/nextcloud.yml

@@ -38,10 +38,10 @@
       MYSQL_DATABASE: nextcloud
       MYSQL_USER: nextcloud-user
       MYSQL_PASSWORD: nextcloud-pass
+    restart_policy: unless-stopped
+    memory: 1g
     labels:
       traefik.backend: "nextcloud"
       traefik.frontend.rule: "Host:nextcloud.{{ ansible_nas_domain }}"
-      traefik.enable: "true"
+      traefik.enable: "{{ nextcloud_available_externally }}"
       traefik.port: "80"
-    restart_policy: unless-stopped
-    memory: 1g

tasks/plex.yml

@@ -22,3 +22,8 @@
       PGID: "{{ plex_group_id }}"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "plex"
+      traefik.frontend.rule: "Host:plex.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ plex_available_externally }}"
+      traefik.port: "32400"

tasks/portainer.yml

@@ -19,4 +19,9 @@
       - "9000:9000"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "portainer"
+      traefik.frontend.rule: "Host:portainer.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ portainer_available_externally }}"
+      traefik.port: "9000"
 

tasks/radarr.yml

@@ -23,3 +23,8 @@
       PGID: "{{ radarr_group_id }}"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "radarr"
+      traefik.frontend.rule: "Host:radarr.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ radarr_available_externally }}"
+      traefik.port: "7878"

tasks/sickrage.yml

@@ -23,4 +23,9 @@
       PUID: "{{ sickrage_user_id }}"
       PGID: "{{ sickrage_group_id }}"
     restart_policy: unless-stopped
-    memory: 1g
+    memory: 1g
+    labels:
+      traefik.backend: "sickrage"
+      traefik.frontend.rule: "Host:sickrage.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ sickrage_available_externally }}"
+      traefik.port: "8081"

tasks/sonarr.yml

@@ -23,3 +23,8 @@
       PGID: "{{ sonarr_group_id }}"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "sonarr"
+      traefik.frontend.rule: "Host:sonarr.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ sonarr_available_externally }}"
+      traefik.port: "8989"

tasks/stats.yml

@@ -64,4 +64,9 @@
     ports:
       - "3000:3000"
     restart_policy: unless-stopped
-    memory: 1g
+    memory: 1g
+    labels:
+      traefik.backend: "grafana"
+      traefik.frontend.rule: "Host:grafana.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ grafana_available_externally }}"
+      traefik.port: "3000"

tasks/tautulli.yml

@@ -20,3 +20,8 @@
       PGID: "{{ tautulli_group_id }}"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "tautulli"
+      traefik.frontend.rule: "Host:tautulli.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ tautulli_available_externally }}"
+      traefik.port: "8181"

tasks/transmission.yml

@@ -27,4 +27,8 @@
       PGID: "{{ transmission_group_id }}"
     restart_policy: unless-stopped
     memory: 1g
-
+    labels:
+      traefik.backend: "transmission"
+      traefik.frontend.rule: "Host:transmission.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ transmission_available_externally }}"
+      traefik.port: "9091"

tasks/transmission_with_openvpn.yml

@@ -45,3 +45,8 @@
       - NET_ADMIN
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "transmission-openvpn"
+      traefik.frontend.rule: "Host:transmission-openvpn.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ transmission_with_openvpn_available_externally }}"
+      traefik.port: "9091"

tasks/znc.yml

@@ -21,3 +21,8 @@
       PGID: "{{ znc_group_id }}"
     restart_policy: unless-stopped
     memory: 1g
+    labels:
+      traefik.backend: "znc"
+      traefik.frontend.rule: "Host:znc.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ znc_available_externally }}"
+      traefik.port: "6677"

templates/traefik/traefik.toml

@@ -7,7 +7,7 @@
 # Optional
 # Default: false
 #
-debug = false
+debug = {{ traefik_debug }}
 
 # Log level
 #
@@ -37,7 +37,7 @@ defaultEntryPoints = ["http", "https"]
   [entryPoints.https]
   address = ":443"
     [entryPoints.https.tls]
-    
+
   [entryPoints.traefik]
   address = ":8083"
 
@@ -171,7 +171,7 @@ onDemand = false # create certificate when container is created
 
   # [acme.httpChallenge]
   # entryPoint = "http"
-  
+
   [acme.tlsChallenge]
 
   [[acme.domains]]
@@ -188,6 +188,7 @@ onDemand = false # create certificate when container is created
           "grafana.{{ ansible_nas_domain }}",
           "guacamole.{{ ansible_nas_domain }}",
           "heimdall.{{ ansible_nas_domain }}",
+          "jackett.{{ ansible_nas_domain }}",
           "miniflux.{{ ansible_nas_domain }}",
           "netdata.{{ ansible_nas_domain }}",
           "nextcloud.{{ ansible_nas_domain }}",
@@ -198,4 +199,5 @@ onDemand = false # create certificate when container is created
           "sonarr.{{ ansible_nas_domain }}",
           "tautulli.{{ ansible_nas_domain }}",
           "transmission.{{ ansible_nas_domain }}",
+          "transmission-openvpn.{{ ansible_nas_domain }}",
           "znc.{{ ansible_nas_domain }}"]

tests/test.yml

@@ -207,15 +207,16 @@ cloudflare_email: dave@awesomedomain.com
 # Cloudflare 'Global API Key', can be found on the 'My Profile' page
 cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
 
-##################################################################
+######################################################################################
-###### You shouldn't need to edit anything below this point ######
+###### Advanced Settings                                                        ######
-##################################################################
+###### Ensure you know what you're doing before getting stuck in down here 8-)  ######
+######################################################################################
 
 ###
 ### General
 ###
 # Extra packages to install
-ansible_nas_extra_packages: 
+ansible_nas_extra_packages:
   - smartmontools
   - htop
   - zfsutils-linux
@@ -244,18 +245,22 @@ samba_netbios_name: "{{ ansible_nas_hostname }}"
 ###
 ### Traefik
 ###
-traefik_docker_image: traefik:1.7
+traefik_docker_image: traefik:latest
 traefik_data_directory: "{{ docker_home }}/traefik"
+traefik_debug: "false"
 
 ###
 ### Heimdall
 ###
+heimdall_available_externally: "false"
 heimdall_docker_image: linuxserver/heimdall:latest
 heimdall_data_directory: "{{ docker_home }}/heimdall"
 
 ###
 ### Transmission
 ###
+transmission_available_externally: "false"
+transmission_with_openvpn_available_externally: "false"
 transmission_config_directory: "{{ docker_home }}/transmission/config"
 transmission_download_directory: "{{ downloads_root }}"
 transmission_watch_directory: "{{ torrents_root }}"
@@ -267,6 +272,7 @@ transmission_local_network: "192.168.1.0/24"
 ###
 ### Plex
 ###
+plex_available_externally: "false"
 plex_config_directory: "{{ docker_home }}/plex/config"
 plex_movies_directory: "{{ movies_root }}"
 plex_tv_directory: "{{ tv_root }}"
@@ -276,6 +282,7 @@ plex_group_id: 0
 ###
 ### Emby
 ###
+emby_available_externally: "false"
 emby_config_directory: "{{ docker_home }}/emby/config"
 emby_movies_directory: "{{ movies_root }}"
 emby_tv_directory: "{{ tv_root }}"
@@ -285,6 +292,7 @@ emby_group_id: 0
 ###
 ### Tautulli
 ###
+tautulli_available_externally: "false"
 tautulli_config_directory: "{{ docker_home }}/tautulli/config"
 tautulli_user_id: 0
 tautulli_group_id: 0
@@ -293,12 +301,14 @@ tautulli_group_id: 0
 ###
 ### Duplicati
 ###
+duplicati_available_externally: "false"
 duplicati_data_directory: "{{ docker_home }}/duplicati/config"
 
 
 ###
 ### Sonarr
 ###
+sonarr_available_externally: "false"
 sonarr_data_directory: "{{ docker_home }}/sonarr/config"
 sonarr_tv_directory: "{{ tv_root }}"
 sonarr_download_directory: "{{ downloads_root }}"
@@ -309,6 +319,7 @@ sonarr_group_id: 0
 ###
 ### Radarr
 ###
+radarr_available_externally: "false"
 radarr_movies_directory: "{{ movies_root }}"
 radarr_download_directory: "{{ downloads_root }}"
 radarr_data_directory: "{{ docker_home }}/radarr"
@@ -319,6 +330,7 @@ radarr_group_id: 0
 ###
 ### Couchpotato
 ###
+couchpotato_available_externally: "false"
 couchpotato_config_directory: "{{ docker_home }}/couchpotato/config"
 couchpotato_movies_directory: "{{ movies_root }}"
 couchpotato_downloads_directory: "{{ downloads_root }}"
@@ -330,12 +342,17 @@ couchpotato_group_id: 0
 ###
 ### Sickrage
 ###
+sickrage_available_externally: "false"
 sickrage_config_directory: "{{ docker_home }}/sickrage/config"
 sickrage_tv_directory: "{{ tv_root }}"
 sickrage_downloads_directory: "{{ downloads_root }}"
 sickrage_user_id: 0
 sickrage_group_id: 0
 
+###
+### Netdata
+###
+netdata_available_externally: "false"
 
 ###
 ### OpenVPN
@@ -346,12 +363,14 @@ openvpn_config_directory: "{{ docker_home }}/openvpn"
 ###
 ### Portainer
 ###
+portainer_available_externally: "false"
 portainer_data_directory: "{{ docker_home }}/portainer/config"
 
 
 ###
 ### ZNC
 ###
+znc_available_externally: "false"
 znc_data_directory: "{{ docker_home }}/znc"
 znc_user_id: 0
 znc_group_id: 0
@@ -360,6 +379,7 @@ znc_group_id: 0
 ###
 ### Stats
 ###
+grafana_available_externally: "false"
 telegraf_data_directory: "{{ docker_home }}/telegraf"
 influxdb_data_directory: "{{ docker_home }}/influxdb"
 grafana_data_directory: "{{ docker_home }}/grafana"
@@ -368,11 +388,18 @@ stat_collection_interval: 15s
 ###
 ### Gitea
 ###
+gitea_available_externally: "false"
 gitea_data_directory: "{{ docker_home }}/gitea"
 
+###
+### Glances
+###
+glances_available_externally: "false"
+
 ###
 ### Nextcloud
 ###
+nextcloud_available_externally: "false"
 nextcloud_data_directory: "{{ docker_home }}/nextcloud"
 
 ###
@@ -383,6 +410,7 @@ nginx_data_directory: "{{ docker_home }}/nginx"
 ###
 ### Guacamole
 ###
+guacamole_available_externally: "false"
 guacamole_docker_image: guacamole/guacamole:0.9.14
 guacamole_guacd_docker_image: guacamole/guacd:0.9.14
 guacamole_data_directory: "{{ docker_home }}/guacamole"
@@ -390,6 +418,7 @@ guacamole_data_directory: "{{ docker_home }}/guacamole"
 ###
 ### Miniflux
 ###
+miniflux_available_externally: "false"
 miniflux_data_directory: "{{ docker_home }}/miniflux"
 miniflux_admin_username: admin
 miniflux_admin_password: supersecure
@@ -397,6 +426,7 @@ miniflux_admin_password: supersecure
 ###
 ### Airsonic
 ###
+airsonic_available_externally: "false"
 airsonic_data_directory: "{{ docker_home }}/airsonic"
 
 ###
@@ -420,7 +450,7 @@ watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug"
 ###
 ### Time Machine
 ###
-timemachine_data_directory: "{{ docker_home }}/timemachine" # needs to be an absolute path
+timemachine_data_directory: "{{ docker_home }}/timemachine"
 timemachine_volume_size_limit: 0
 timemachine_password: timemachine
 timemachine_share_name: TimeMachine
@@ -448,4 +478,5 @@ mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa"
 ###
 ### jackett
 ###
+jackett_available_externally: "false"
 jackett_data_directory: "{{ docker_home }}/jackett"