aboutsummaryrefslogtreecommitdiff
path: root/roles/services/containers
diff options
context:
space:
mode:
Diffstat (limited to 'roles/services/containers')
-rw-r--r--roles/services/containers/arr_stack/handlers/main.yml4
-rw-r--r--roles/services/containers/arr_stack/tasks/gluetun.yml105
-rw-r--r--roles/services/containers/arr_stack/tasks/lidarr.yml93
-rw-r--r--roles/services/containers/arr_stack/tasks/main.yml130
-rw-r--r--roles/services/containers/arr_stack/tasks/prowlarr.yml92
-rw-r--r--roles/services/containers/arr_stack/tasks/qbittorrent.yml94
-rw-r--r--roles/services/containers/arr_stack/tasks/radarr.yml93
-rw-r--r--roles/services/containers/arr_stack/tasks/readarr.yml93
-rw-r--r--roles/services/containers/arr_stack/tasks/sonarr.yml93
-rw-r--r--roles/services/containers/authelia/handlers/main.yml4
-rw-r--r--roles/services/containers/authelia/tasks/main.yml283
-rw-r--r--roles/services/containers/bookstack/handlers/main.yml4
-rw-r--r--roles/services/containers/bookstack/tasks/main.yml118
-rw-r--r--roles/services/containers/cadvisor/handlers/main.yml4
-rw-r--r--roles/services/containers/cadvisor/tasks/main.yml90
-rw-r--r--roles/services/containers/drawio/handlers/main.yml4
-rw-r--r--roles/services/containers/drawio/tasks/main.yml149
-rw-r--r--roles/services/containers/firefly/handlers/main.yml4
-rw-r--r--roles/services/containers/firefly/tasks/main.yml172
-rw-r--r--roles/services/containers/freshrss/handlers/main.yml4
-rw-r--r--roles/services/containers/freshrss/tasks/main.yml101
-rw-r--r--roles/services/containers/gitea/handlers/main.yml4
-rw-r--r--roles/services/containers/gitea/tasks/main.yml171
-rw-r--r--roles/services/containers/home_assistant/handlers/main.yml4
-rw-r--r--roles/services/containers/home_assistant/tasks/main.yml86
-rw-r--r--roles/services/containers/homer/handlers/main.yml4
-rw-r--r--roles/services/containers/homer/tasks/main.yml122
-rw-r--r--roles/services/containers/invidious/handlers/main.yml29
-rw-r--r--roles/services/containers/invidious/tasks/main.yml124
-rw-r--r--roles/services/containers/jellyfin/handlers/main.yml4
-rw-r--r--roles/services/containers/jellyfin/tasks/main.yml159
-rw-r--r--roles/services/containers/kanboard/handlers/main.yml18
-rw-r--r--roles/services/containers/kanboard/tasks/main.yml93
-rw-r--r--roles/services/containers/navidrome/handlers/main.yml4
-rw-r--r--roles/services/containers/navidrome/tasks/main.yml117
-rw-r--r--roles/services/containers/nextcloud/handlers/main.yml4
-rw-r--r--roles/services/containers/nextcloud/tasks/main.yml184
-rw-r--r--roles/services/containers/photoprism/defaults/main.yml10
-rw-r--r--roles/services/containers/photoprism/handlers/main.yml4
-rw-r--r--roles/services/containers/photoprism/tasks/main.yml115
-rw-r--r--roles/services/containers/pihole_exporter/tasks/main.yml97
-rw-r--r--roles/services/containers/pywttr_docker/handlers/main.yml18
-rw-r--r--roles/services/containers/pywttr_docker/tasks/main.yml74
-rw-r--r--roles/services/containers/renovate/tasks/main.yml87
-rw-r--r--roles/services/containers/searxng/handlers/main.yml4
-rw-r--r--roles/services/containers/searxng/tasks/main.yml170
-rw-r--r--roles/services/containers/text_generation/handlers/main.yml29
-rw-r--r--roles/services/containers/text_generation/tasks/main.yml89
-rw-r--r--roles/services/containers/vaultwarden/handlers/main.yml4
-rw-r--r--roles/services/containers/vaultwarden/tasks/main.yml79
50 files changed, 3641 insertions, 0 deletions
diff --git a/roles/services/containers/arr_stack/handlers/main.yml b/roles/services/containers/arr_stack/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/arr_stack/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/arr_stack/tasks/gluetun.yml b/roles/services/containers/arr_stack/tasks/gluetun.yml
new file mode 100644
index 0000000..e47d55a
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/gluetun.yml
@@ -0,0 +1,105 @@
1- name: set image fact
2 set_fact:
3 image: qmcgaw/gluetun:v3.34.3
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create gluetun directory
13 file:
14 path: "{{ docker_home }}/gluetun"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create gluetun data directory
21 file:
22 path: "{{ docker_home }}/gluetun/data"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: pull and push gluetun image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 push: yes
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 source: pull
50 force_source: yes
51
52- name: create gluetun docker network
53 docker_network:
54 name: "{{ gluetun_network_name }}"
55 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
56 driver: bridge
57 ipam_config:
58 - subnet: "{{ gluetun_subnet }}"
59 gateway: "{{ gluetun_gateway }}"
60
61- name: create and deploy gluetun container
62 become: yes
63 become_user: "{{ docker_username }}"
64 environment:
65 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
66 docker_container:
67 name: "gluetun"
68 hostname: "gluetun"
69 image: "{{ custom_registry }}/{{ repo_tag }}"
70 recreate: yes
71 pull: yes
72 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
73 capabilities:
74 - net_admin
75 devices:
76 - "/dev/net/tun:/dev/net/tun"
77 purge_networks: yes
78 networks:
79 - name: "{{ gluetun_network_name }}"
80 ipv4_address: "{{ gluetun_ipv4 }}"
81 ports:
82 - "127.0.0.1:{{ qbittorrent_external_port }}:{{ qbittorrent_external_port }}"
83 - "127.0.0.1:{{ sonarr_external_port }}:8989"
84 - "127.0.0.1:{{ radarr_external_port }}:7878"
85 - "127.0.0.1:{{ lidarr_external_port }}:8686"
86 - "127.0.0.1:{{ readarr_external_port }}:8787"
87 - "127.0.0.1:{{ prowlarr_external_port }}:9696"
88 state: 'started'
89 comparisons:
90 '*': strict
91 restart_policy: unless-stopped
92 env:
93 "TZ": "{{ timezone }}"
94 "VPN_SERVICE_PROVIDER": "mullvad"
95 "VPN_TYPE": "wireguard"
96 "WIREGUARD_PRIVATE_KEY": "{{ wireguard_privkey }}"
97 "WIREGUARD_ADDRESSES": "{{ wireguard_addrs }}"
98 "SERVER_CITIES": "{{ gluetun_cities }}"
99 "DOT_PROVIDERS": "quad9"
100 "BLOCK_MALICIOUS": "on"
101 "BLOCK_SURVEILLANCE": "on"
102 "BLOCK_ADS": "on"
103 "HEALTH_TARGET_ADDRESS": "www.debian.org:443"
104 volumes:
105 - "{{ docker_home }}/gluetun/data:/gluetun"
diff --git a/roles/services/containers/arr_stack/tasks/lidarr.yml b/roles/services/containers/arr_stack/tasks/lidarr.yml
new file mode 100644
index 0000000..1f70437
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/lidarr.yml
@@ -0,0 +1,93 @@
1- name: set image fact
2 set_fact:
3 image: linuxserver/lidarr:1.2.6-nightly
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create lidarr directory
13 file:
14 path: "{{ docker_home }}/lidarr"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create lidarr config directory
21 file:
22 path: "{{ docker_home }}/lidarr/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 xdg_runtime_dir: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: pull and push lidarr image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 xdg_runtime_dir: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 push: yes
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 source: pull
50 force_source: yes
51
52- name: create and deploy lidarr container
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 xdg_runtime_dir: "/run/user/{{ docker_uid }}"
57 docker_container:
58 name: "lidarr"
59 image: "{{ custom_registry }}/{{ repo_tag }}"
60 recreate: yes
61 pull: yes
62 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
63 purge_networks: yes
64 network_mode: "container:gluetun"
65 state: 'started'
66 comparisons:
67 '*': strict
68 restart_policy: unless-stopped
69 env:
70 "tz": "{{ timezone }}"
71 "PUID": "0"
72 "PGID": "0"
73 volumes:
74 - "{{ docker_home }}/lidarr/config:/config"
75 - "{{ docker_home }}/arr/data:/data"
76
77- name: deploy nginx configuration
78 notify: restart nginx
79 register: nginx_config
80 template:
81 src: "{{ lidarr_nginx_config }}"
82 dest: /etc/nginx/sites-available/lidarr.conf
83 owner: root
84 group: root
85 mode: '0644'
86
87- name: symlink site
88 file:
89 src: /etc/nginx/sites-available/lidarr.conf
90 dest: /etc/nginx/sites-enabled/lidarr.conf
91 owner: root
92 group: root
93 state: link
diff --git a/roles/services/containers/arr_stack/tasks/main.yml b/roles/services/containers/arr_stack/tasks/main.yml
new file mode 100644
index 0000000..ee27384
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/main.yml
@@ -0,0 +1,130 @@
1- name: create arr directory structure
2 file:
3 path: "{{ docker_home }}/arr"
4 state: directory
5 owner: "{{ docker_username }}"
6 group: "{{ docker_username }}"
7 mode: '0775'
8- name: create arr directory structure
9 file:
10 path: "{{ docker_home }}/arr/data"
11 state: directory
12 owner: "{{ docker_username }}"
13 group: "{{ docker_username }}"
14 mode: '0775'
15
16- name: create arr/data directory structure
17 file:
18 path: "{{ docker_home }}/arr/data/torrents"
19 state: directory
20 owner: "{{ docker_username }}"
21 group: "{{ docker_username }}"
22 mode: '0775'
23- name: create arr/data directory structure
24 file:
25 path: "{{ docker_home }}/arr/data/torrents/movies"
26 state: directory
27 owner: "{{ docker_username }}"
28 group: "{{ docker_username }}"
29 mode: '0775'
30- name: create arr/data directory structure
31 file:
32 path: "{{ docker_home }}/arr/data/torrents/music"
33 state: directory
34 owner: "{{ docker_username }}"
35 group: "{{ docker_username }}"
36 mode: '0775'
37- name: create arr/data directory structure
38 file:
39 path: "{{ docker_home }}/arr/data/torrents/books"
40 state: directory
41 owner: "{{ docker_username }}"
42 group: "{{ docker_username }}"
43 mode: '0775'
44- name: create arr/data directory structure
45 file:
46 path: "{{ docker_home }}/arr/data/torrents/tv"
47 state: directory
48 owner: "{{ docker_username }}"
49 group: "{{ docker_username }}"
50 mode: '0775'
51
52- name: create arr/data directory structure
53 file:
54 path: "{{ docker_home }}/arr/data/usenet"
55 state: directory
56 owner: "{{ docker_username }}"
57 group: "{{ docker_username }}"
58 mode: '0775'
59- name: create arr/data directory structure
60 file:
61 path: "{{ docker_home }}/arr/data/usenet/movies"
62 state: directory
63 owner: "{{ docker_username }}"
64 group: "{{ docker_username }}"
65 mode: '0775'
66- name: create arr/data directory structure
67 file:
68 path: "{{ docker_home }}/arr/data/usenet/music"
69 state: directory
70 owner: "{{ docker_username }}"
71 group: "{{ docker_username }}"
72 mode: '0775'
73- name: create arr/data directory structure
74 file:
75 path: "{{ docker_home }}/arr/data/usenet/books"
76 state: directory
77 owner: "{{ docker_username }}"
78 group: "{{ docker_username }}"
79 mode: '0775'
80- name: create arr/data directory structure
81 file:
82 path: "{{ docker_home }}/arr/data/usenet/tv"
83 state: directory
84 owner: "{{ docker_username }}"
85 group: "{{ docker_username }}"
86 mode: '0775'
87
88- name: create arr/data directory structure
89 file:
90 path: "{{ docker_home }}/arr/data/media"
91 state: directory
92 owner: "{{ docker_username }}"
93 group: "{{ docker_username }}"
94 mode: '0775'
95- name: create arr/data directory structure
96 file:
97 path: "{{ docker_home }}/arr/data/media/movies"
98 state: directory
99 owner: "{{ docker_username }}"
100 group: "{{ docker_username }}"
101 mode: '0775'
102- name: create arr/data directory structure
103 file:
104 path: "{{ docker_home }}/arr/data/media/music"
105 state: directory
106 owner: "{{ docker_username }}"
107 group: "{{ docker_username }}"
108 mode: '0775'
109- name: create arr/data directory structure
110 file:
111 path: "{{ docker_home }}/arr/data/media/books"
112 state: directory
113 owner: "{{ docker_username }}"
114 group: "{{ docker_username }}"
115 mode: '0775'
116- name: create arr/data directory structure
117 file:
118 path: "{{ docker_home }}/arr/data/media/tv"
119 state: directory
120 owner: "{{ docker_username }}"
121 group: "{{ docker_username }}"
122 mode: '0775'
123
124- include_tasks: gluetun.yml
125- include_tasks: qbittorrent.yml
126- include_tasks: sonarr.yml
127- include_tasks: radarr.yml
128- include_tasks: lidarr.yml
129- include_tasks: readarr.yml
130- include_tasks: prowlarr.yml
diff --git a/roles/services/containers/arr_stack/tasks/prowlarr.yml b/roles/services/containers/arr_stack/tasks/prowlarr.yml
new file mode 100644
index 0000000..53f1a45
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/prowlarr.yml
@@ -0,0 +1,92 @@
1- name: set image fact
2 set_fact:
3 image: linuxserver/prowlarr:1.6.2-nightly
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create prowlarr directory
13 file:
14 path: "{{ docker_home }}/prowlarr"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create prowlarr config directory
21 file:
22 path: "{{ docker_home }}/prowlarr/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: pull and push prowlarr image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 push: yes
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 source: pull
50 force_source: yes
51
52- name: create and deploy prowlarr container
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
57 docker_container:
58 name: "prowlarr"
59 image: "{{ custom_registry }}/{{ repo_tag }}"
60 recreate: yes
61 pull: yes
62 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
63 purge_networks: yes
64 network_mode: "container:gluetun"
65 state: 'started'
66 comparisons:
67 '*': strict
68 restart_policy: unless-stopped
69 env:
70 "TZ": "{{ timezone }}"
71 "PUID": "0"
72 "PGID": "0"
73 volumes:
74 - "{{ docker_home }}/prowlarr/config:/config"
75
76- name: deploy nginx configuration
77 notify: restart nginx
78 register: nginx_config
79 template:
80 src: "{{ prowlarr_nginx_config }}"
81 dest: /etc/nginx/sites-available/prowlarr.conf
82 owner: root
83 group: root
84 mode: '0644'
85
86- name: symlink site
87 file:
88 src: /etc/nginx/sites-available/prowlarr.conf
89 dest: /etc/nginx/sites-enabled/prowlarr.conf
90 owner: root
91 group: root
92 state: link
diff --git a/roles/services/containers/arr_stack/tasks/qbittorrent.yml b/roles/services/containers/arr_stack/tasks/qbittorrent.yml
new file mode 100644
index 0000000..25e554f
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/qbittorrent.yml
@@ -0,0 +1,94 @@
1- name: set image fact
2 set_fact:
3 image: linuxserver/qbittorrent:4.5.4
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create qbittorrent directory
13 file:
14 path: "{{ docker_home }}/qbittorrent"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create qbittorrent config directory
21 file:
22 path: "{{ docker_home }}/qbittorrent/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: pull and push qbittorrent image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 push: yes
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 source: pull
50 force_source: yes
51
52- name: create and deploy qbittorrent container
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
57 docker_container:
58 name: "qbittorrent"
59 image: "{{ custom_registry }}/{{ repo_tag }}"
60 recreate: yes
61 pull: yes
62 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
63 purge_networks: yes
64 network_mode: "container:gluetun"
65 state: 'started'
66 comparisons:
67 '*': strict
68 restart_policy: unless-stopped
69 env:
70 "TZ": "{{ timezone }}"
71 "WEBUI_PORT": "{{ qbittorrent_external_port }}"
72 "PUID": "0"
73 "PGID": "0"
74 volumes:
75 - "{{ docker_home }}/qbittorrent/config:/config"
76 - "{{ docker_home }}/arr/data:/data"
77
78- name: deploy nginx configuration
79 notify: restart nginx
80 register: nginx_config
81 template:
82 src: "{{ qbittorrent_nginx_config }}"
83 dest: /etc/nginx/sites-available/qbittorrent.conf
84 owner: root
85 group: root
86 mode: '0644'
87
88- name: symlink site
89 file:
90 src: /etc/nginx/sites-available/qbittorrent.conf
91 dest: /etc/nginx/sites-enabled/qbittorrent.conf
92 owner: root
93 group: root
94 state: link
diff --git a/roles/services/containers/arr_stack/tasks/radarr.yml b/roles/services/containers/arr_stack/tasks/radarr.yml
new file mode 100644
index 0000000..2e98c47
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/radarr.yml
@@ -0,0 +1,93 @@
1- name: set image fact
2 set_fact:
3 image: linuxserver/radarr:4.6.4-nightly
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create radarr directory
13 file:
14 path: "{{ docker_home }}/radarr"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create radarr config directory
21 file:
22 path: "{{ docker_home }}/radarr/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 xdg_runtime_dir: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: pull and push radarr image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 xdg_runtime_dir: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 push: yes
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 source: pull
50 force_source: yes
51
52- name: create and deploy radarr container
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 xdg_runtime_dir: "/run/user/{{ docker_uid }}"
57 docker_container:
58 name: "radarr"
59 image: "{{ custom_registry }}/{{ repo_tag }}"
60 recreate: yes
61 pull: yes
62 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
63 purge_networks: yes
64 network_mode: "container:gluetun"
65 state: 'started'
66 comparisons:
67 '*': strict
68 restart_policy: unless-stopped
69 env:
70 "tz": "{{ timezone }}"
71 "PUID": "0"
72 "PGID": "0"
73 volumes:
74 - "{{ docker_home }}/radarr/config:/config"
75 - "{{ docker_home }}/arr/data:/data"
76
77- name: deploy nginx configuration
78 notify: restart nginx
79 register: nginx_config
80 template:
81 src: "{{ radarr_nginx_config }}"
82 dest: /etc/nginx/sites-available/radarr.conf
83 owner: root
84 group: root
85 mode: '0644'
86
87- name: symlink site
88 file:
89 src: /etc/nginx/sites-available/radarr.conf
90 dest: /etc/nginx/sites-enabled/radarr.conf
91 owner: root
92 group: root
93 state: link
diff --git a/roles/services/containers/arr_stack/tasks/readarr.yml b/roles/services/containers/arr_stack/tasks/readarr.yml
new file mode 100644
index 0000000..bd8b2ec
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/readarr.yml
@@ -0,0 +1,93 @@
1- name: set image fact
2 set_fact:
3 image: linuxserver/readarr:0.2.0-nightly
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create readarr directory
13 file:
14 path: "{{ docker_home }}/readarr"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create readarr config directory
21 file:
22 path: "{{ docker_home }}/readarr/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: pull and push readarr image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 push: yes
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 source: pull
50 force_source: yes
51
52- name: create and deploy readarr container
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
57 docker_container:
58 name: "readarr"
59 image: "{{ custom_registry }}/{{ repo_tag }}"
60 recreate: yes
61 pull: yes
62 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
63 purge_networks: yes
64 network_mode: "container:gluetun"
65 state: 'started'
66 comparisons:
67 '*': strict
68 restart_policy: unless-stopped
69 env:
70 "TZ": "{{ timezone }}"
71 "PUID": "0"
72 "PGID": "0"
73 volumes:
74 - "{{ docker_home }}/readarr/config:/config"
75 - "{{ docker_home }}/arr/data:/data"
76
77- name: deploy nginx configuration
78 notify: restart nginx
79 register: nginx_config
80 template:
81 src: "{{ readarr_nginx_config }}"
82 dest: /etc/nginx/sites-available/readarr.conf
83 owner: root
84 group: root
85 mode: '0644'
86
87- name: symlink site
88 file:
89 src: /etc/nginx/sites-available/readarr.conf
90 dest: /etc/nginx/sites-enabled/readarr.conf
91 owner: root
92 group: root
93 state: link
diff --git a/roles/services/containers/arr_stack/tasks/sonarr.yml b/roles/services/containers/arr_stack/tasks/sonarr.yml
new file mode 100644
index 0000000..ac712ba
--- /dev/null
+++ b/roles/services/containers/arr_stack/tasks/sonarr.yml
@@ -0,0 +1,93 @@
1- name: set image fact
2 set_fact:
3 image: linuxserver/sonarr:develop-version-4.0.0.433
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create sonarr directory
13 file:
14 path: "{{ docker_home }}/sonarr"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create sonarr config directory
21 file:
22 path: "{{ docker_home }}/sonarr/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: pull and push sonarr image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 push: yes
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 source: pull
50 force_source: yes
51
52- name: create and deploy sonarr container
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
57 docker_container:
58 name: "sonarr"
59 image: "{{ custom_registry }}/{{ repo_tag }}"
60 recreate: yes
61 pull: yes
62 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
63 purge_networks: yes
64 network_mode: "container:gluetun"
65 state: 'started'
66 comparisons:
67 '*': strict
68 restart_policy: unless-stopped
69 env:
70 "TZ": "{{ timezone }}"
71 "PUID": "0"
72 "PGID": "0"
73 volumes:
74 - "{{ docker_home }}/sonarr/config:/config"
75 - "{{ docker_home }}/arr/data:/data"
76
77- name: deploy nginx configuration
78 notify: restart nginx
79 register: nginx_config
80 template:
81 src: "{{ sonarr_nginx_config }}"
82 dest: /etc/nginx/sites-available/sonarr.conf
83 owner: root
84 group: root
85 mode: '0644'
86
87- name: symlink site
88 file:
89 src: /etc/nginx/sites-available/sonarr.conf
90 dest: /etc/nginx/sites-enabled/sonarr.conf
91 owner: root
92 group: root
93 state: link
diff --git a/roles/services/containers/authelia/handlers/main.yml b/roles/services/containers/authelia/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/authelia/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/authelia/tasks/main.yml b/roles/services/containers/authelia/tasks/main.yml
new file mode 100644
index 0000000..c6bb337
--- /dev/null
+++ b/roles/services/containers/authelia/tasks/main.yml
@@ -0,0 +1,283 @@
1- name: set image fact
2 set_fact:
3 image: authelia/authelia:master
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create authelia directory
13 file:
14 path: "{{ docker_home }}/authelia"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create authelia config directory
21 file:
22 path: "{{ docker_home }}/authelia/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: create authelia secrets directory
29 file:
30 path: "{{ docker_home }}/authelia/secrets"
31 state: directory
32 owner: "{{ docker_username }}"
33 group: "{{ docker_username }}"
34 mode: '0755'
35
36- name: create redis data directory
37 file:
38 path: "{{ docker_home }}/authelia/redis_data"
39 state: directory
40 owner: "{{ docker_username }}"
41 group: "{{ docker_username }}"
42 mode: '0755'
43
44- name: place authelia config in proper location
45 copy:
46 src: "{{ authelia_config }}"
47 dest: "{{ docker_home }}/authelia/config/configuration.yml"
48 owner: root
49 group: docker
50 mode: '0644'
51
52# nginx snippets
53
54- name: copy proxy.conf snippet
55 copy:
56 src: "{{ authelia_proxy_snippet }}"
57 dest: "/etc/nginx/snippets/proxy.conf"
58 owner: root
59 group: root
60 mode: '0644'
61
62- name: copy authelia-location.conf snippet
63 copy:
64 src: "{{ authelia_location_snippet }}"
65 dest: "/etc/nginx/snippets/authelia-location.conf"
66 owner: root
67 group: root
68 mode: '0644'
69
70- name: copy authelia-authrequest.conf snippet
71 copy:
72 src: "{{ authelia_request_snippet }}"
73 dest: "/etc/nginx/snippets/authelia-authrequest.conf"
74 owner: root
75 group: root
76 mode: '0644'
77
78
79# authelia secrets
80
81- name: create jwt_secret file
82 lineinfile:
83 path: "{{ docker_home }}/authelia/secrets/jwt_secret"
84 insertbefore: BOF
85 line: "{{ authelia_jwt_secret }}"
86 owner: root
87 group: root
88 mode: '0644'
89 create: yes
90
91- name: create session_secret file
92 lineinfile:
93 path: "{{ docker_home }}/authelia/secrets/session_secret"
94 insertbefore: BOF
95 line: "{{ authelia_session_secret }}"
96 owner: root
97 group: root
98 mode: '0644'
99 create: yes
100
101- name: create encryption_key file
102 lineinfile:
103 path: "{{ docker_home }}/authelia/secrets/encryption_key"
104 insertbefore: BOF
105 line: "{{ authelia_encryption_key }}"
106 owner: root
107 group: root
108 mode: '0644'
109 create: yes
110
111- name: create oidc_hmac file
112 lineinfile:
113 path: "{{ docker_home }}/authelia/secrets/oidc_hmac"
114 insertbefore: BOF
115 line: "{{ authelia_oidc_hmac }}"
116 owner: root
117 group: root
118 mode: '0644'
119 create: yes
120
121- name: remove existing cert file
122 file:
123 path: "{{ docker_home }}/authelia/secrets/oidc_cert"
124 state: absent
125
126- name: create oidc_cert file
127 lineinfile:
128 path: "{{ docker_home }}/authelia/secrets/oidc_cert"
129 insertbefore: BOF
130 line: "{{ authelia_oidc_cert }}"
131 owner: root
132 group: root
133 mode: '0644'
134 create: yes
135
136- name: remove existing key file
137 file:
138 path: "{{ docker_home }}/authelia/secrets/oidc_key"
139 state: absent
140
141- name: create oidc_key file
142 lineinfile:
143 path: "{{ docker_home }}/authelia/secrets/oidc_key"
144 insertbefore: BOF
145 line: "{{ authelia_oidc_key }}"
146 owner: root
147 group: root
148 mode: '0644'
149 create: yes
150
151- name: create smtp_password file
152 lineinfile:
153 path: "{{ docker_home }}/authelia/secrets/smtp_password"
154 insertbefore: BOF
155 line: "{{ authelia_smtp_password }}"
156 owner: root
157 group: root
158 mode: '0644'
159 create: yes
160
161- name: create ldap_password file
162 lineinfile:
163 path: "{{ docker_home }}/authelia/secrets/ldap_password"
164 insertbefore: BOF
165 line: "{{ authelia_ldap_password }}"
166 owner: root
167 group: root
168 mode: '0644'
169 create: yes
170
171- name: login to docker registry
172 become: yes
173 become_user: "{{ docker_username }}"
174 environment:
175 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
176 docker_login:
177 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
178 registry_url: "{{ docker_registry_url }}"
179 username: "{{ docker_registry_username }}"
180 password: "{{ docker_registry_password }}"
181
182- name: pull and push authelia image
183 become: yes
184 become_user: "{{ docker_username }}"
185 environment:
186 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
187 docker_image:
188 name: "{{ image }}"
189 repository: "{{ custom_registry }}/{{ repo_tag }}"
190 push: yes
191 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
192 source: pull
193 force_source: yes
194
195- name: create authelia docker network
196 docker_network:
197 name: "{{ authelia_network_name }}"
198 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
199 driver: bridge
200 ipam_config:
201 - subnet: "{{ authelia_subnet }}"
202 gateway: "{{ authelia_gateway }}"
203
204- name: create and deploy authelia container
205 become: yes
206 become_user: "{{ docker_username }}"
207 environment:
208 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
209 docker_container:
210 name: "authelia"
211 hostname: "authelia"
212 image: "{{ custom_registry }}/{{ repo_tag }}"
213 recreate: yes
214 pull: yes
215 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
216 purge_networks: yes
217 networks:
218 - name: "{{ authelia_network_name }}"
219 ipv4_address: "{{ authelia_ipv4 }}"
220 ports:
221 - "127.0.0.1:9091:9091"
222 - "127.0.0.1:9959:9959"
223 state: 'started'
224 comparisons:
225 '*': strict
226 restart_policy: unless-stopped
227 env:
228 "TZ": "{{ timezone }}"
229 "AUTHELIA_JWT_SECRET_FILE": "/secrets/jwt_secret"
230 "AUTHELIA_SESSION_SECRET_FILE": "/secrets/session_secret"
231 "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE": "/secrets/encryption_key"
232 "AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE": "/secrets/oidc_hmac"
233 "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE": "/secrets/oidc_cert"
234 "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE": "/secrets/oidc_key"
235 "AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE": "/secrets/smtp_password"
236 "AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE": "/secrets/ldap_password"
237 volumes:
238 - "{{ docker_home }}/authelia/config:/config"
239 - "{{ docker_home }}/authelia/secrets:/secrets"
240
241
242- name: create and deploy redis container
243 become: yes
244 become_user: "{{ docker_username }}"
245 environment:
246 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
247 docker_container:
248 name: "redis_authelia"
249 hostname: "redis_authelia"
250 image: redis:alpine
251 state: 'started'
252 recreate: yes
253 pull: yes
254 restart_policy: unless-stopped
255 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
256 purge_networks: yes
257 networks:
258 - name: "{{ authelia_network_name }}"
259 ipv4_address: "{{ redis_authelia_ipv4 }}"
260 volumes:
261 - "{{ docker_home }}/authelia/redis_data:/data"
262 exposed_ports:
263 - '6379'
264 env:
265 "TZ": "{{ timezone }}"
266
267- name: deploy nginx configuration
268 notify: restart nginx
269 register: nginx_config
270 copy:
271 src: "{{ authelia_nginx_config }}"
272 dest: /etc/nginx/sites-available/authelia.conf
273 owner: root
274 group: root
275 mode: '0644'
276
277- name: symlink site
278 file:
279 src: /etc/nginx/sites-available/authelia.conf
280 dest: /etc/nginx/sites-enabled/authelia.conf
281 owner: root
282 group: root
283 state: link
diff --git a/roles/services/containers/bookstack/handlers/main.yml b/roles/services/containers/bookstack/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/bookstack/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/bookstack/tasks/main.yml b/roles/services/containers/bookstack/tasks/main.yml
new file mode 100644
index 0000000..3965143
--- /dev/null
+++ b/roles/services/containers/bookstack/tasks/main.yml
@@ -0,0 +1,118 @@
1- name: set image fact
2 set_fact:
3 image: linuxserver/bookstack:version-v23.05
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create bookstack directory
13 file:
14 path: "{{ docker_home }}/bookstack"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create data directory
21 file:
22 path: "{{ docker_home }}/bookstack/data"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: create bookstack docker network
29 become: yes
30 become_user: "{{ docker_username }}"
31 docker_network:
32 name: "{{ bookstack_network_name }}"
33 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
34 driver: bridge
35 ipam_config:
36 - subnet: "{{ bookstack_subnet }}"
37 gateway: "{{ bookstack_gateway }}"
38
39- name: create and deploy bookstack db
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_container:
45 name: "bookstack-db"
46 hostname: "bookstack-db"
47 image: linuxserver/mariadb:10.11.4
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 purge_networks: yes
50 networks:
51 - name: "{{ bookstack_network_name }}"
52 ipv4_address: "{{ bookstack_db_ipv4 }}"
53 volumes:
54 - "{{ docker_home }}/bookstack/data:/config"
55 env:
56 "TZ": "{{ timezone }}"
57 "MYSQL_ROOT_PASSWORD": "{{ bookstack_mysql_root_password }}"
58 "MYSQL_DATABASE": "bookstack"
59 "MYSQL_USER": "bookstack"
60 "MYSQL_PASSWORD": "{{ bookstack_mysql_password }}"
61 state: 'started'
62 recreate: yes
63 restart_policy: unless-stopped
64
65- name: create and deploy bookstack container
66 become: yes
67 become_user: "{{ docker_username }}"
68 environment:
69 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
70 docker_container:
71 name: "bookstack"
72 hostname: "bookstack"
73 image: "{{ image }}"
74 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
75 purge_networks: yes
76 networks:
77 - name: "{{ bookstack_network_name }}"
78 ipv4_address: "{{ bookstack_ipv4 }}"
79 ports:
80 - "127.0.0.1:{{ bookstack_external_port }}:80"
81 volumes:
82 - "{{ docker_home }}/bookstack/data:/config"
83 env:
84 "DB_HOST": "bookstack-db"
85 "DB_PORT": "3306"
86 "DB_USER": "bookstack"
87 "DB_PASS": "{{ bookstack_mysql_password }}"
88 "DB_DATABASE": "bookstack"
89 "APP_URL": "https://{{ bookstack_server_name }}"
90 "AUTH_METHOD": "oidc"
91 "OIDC_NAME": "SSO"
92 "OIDC_DISPLAY_NAME_CLAIMS": "name"
93 "OIDC_CLIENT_ID": "bookstack"
94 "OIDC_CLIENT_SECRET": "{{ bookstack_oidc_secret }}"
95 "OIDC_ISSUER": "{{ oidc_issuer }}"
96 "OIDC_ISSUER_DISCOVER": "true"
97 "APP_DEFAULT_DARK_MODE": "true"
98 #"OIDC_DUMP_USER_DETAILS": "true"
99 state: 'started'
100 recreate: yes
101 restart_policy: unless-stopped
102
103- name: deploy nginx configuration
104 notify: restart nginx
105 template:
106 src: "{{ bookstack_nginx_config }}"
107 dest: /etc/nginx/sites-available/bookstack.conf
108 owner: root
109 group: root
110 mode: '0644'
111
112- name: symlink site
113 file:
114 src: /etc/nginx/sites-available/bookstack.conf
115 dest: /etc/nginx/sites-enabled/bookstack.conf
116 owner: root
117 group: root
118 state: link
diff --git a/roles/services/containers/cadvisor/handlers/main.yml b/roles/services/containers/cadvisor/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/cadvisor/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/cadvisor/tasks/main.yml b/roles/services/containers/cadvisor/tasks/main.yml
new file mode 100644
index 0000000..cc30cdb
--- /dev/null
+++ b/roles/services/containers/cadvisor/tasks/main.yml
@@ -0,0 +1,90 @@
1- name: create cadvisor directory
2 file:
3 path: "{{ docker_home }}/cadvisor"
4 state: directory
5 owner: "{{ docker_username }}"
6 group: "{{ docker_username }}"
7 mode: '0755'
8
9- name: login to docker registry
10 become: yes
11 become_user: "{{ docker_username }}"
12 environment:
13 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
14 docker_login:
15 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
16 registry_url: "{{ docker_registry_url }}"
17 username: "{{ docker_registry_username }}"
18 password: "{{ docker_registry_password }}"
19
20- name: build cadvisor image
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_image:
26 name: "{{ docker_registry_url }}/{{ docker_registry_username }}/cadvisor:latest"
27 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
28 build:
29 path: /srv/docker/cadvisor/src
30 dockerfile: deploy/Dockerfile
31 source: build
32 push: yes
33
34- name: create cadvisor docker network
35 become: yes
36 become_user: "{{ docker_username }}"
37 environment:
38 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
39 docker_network:
40 name: "{{ cadvisor_network_name }}"
41 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
42 driver: bridge
43 ipam_config:
44 - subnet: "{{ cadvisor_subnet }}"
45 gateway: "{{ cadvisor_gateway }}"
46
47- name: create and deploy cadvisor container
48 become: yes
49 become_user: "{{ docker_username }}"
50 environment:
51 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
52 docker_container:
53 name: "cadvisor"
54 hostname: "cadvisor"
55 image: "{{ docker_registry_url }}/{{ docker_registry_username }}/cadvisor:latest"
56 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
57 purge_networks: yes
58 networks:
59 - name: "{{ cadvisor_network_name }}"
60 ipv4_address: "{{ cadvisor_ipv4 }}"
61 ports:
62 - "127.0.0.1:{{ cadvisor_external_port }}:8080"
63 state: 'started'
64 comparisons:
65 '*': strict
66 restart_policy: unless-stopped
67 volumes:
68 - "/:/rootfs:ro"
69 - "/run/user/{{ docker_uid }}:/var/run:ro"
70 - "/sys:/sys:ro"
71 - "/{{ docker_home }}/.local/share/docker:/var/lib/docker:ro"
72 - "/dev/disk:/dev/disk:ro"
73
74- name: deploy nginx configuration
75 notify: restart nginx
76 register: nginx_config
77 copy:
78 src: "{{ cadvisor_nginx_config }}"
79 dest: /etc/nginx/sites-available/cadvisor.conf
80 owner: root
81 group: root
82 mode: '0644'
83
84- name: symlink site
85 file:
86 src: /etc/nginx/sites-available/cadvisor.conf
87 dest: /etc/nginx/sites-enabled/cadvisor.conf
88 owner: root
89 group: root
90 state: link
diff --git a/roles/services/containers/drawio/handlers/main.yml b/roles/services/containers/drawio/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/drawio/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/drawio/tasks/main.yml b/roles/services/containers/drawio/tasks/main.yml
new file mode 100644
index 0000000..27bbefd
--- /dev/null
+++ b/roles/services/containers/drawio/tasks/main.yml
@@ -0,0 +1,149 @@
1- name: set image fact
2 set_fact:
3 image: jgraph/drawio:21.5.0
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create drawio directory
13 file:
14 path: "{{ docker_home }}/drawio"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create drawio fonts directory
21 file:
22 path: /usr/share/fonts/drawio
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: login to docker registry
29 become: yes
30 become_user: "{{ docker_username }}"
31 environment:
32 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
33 docker_login:
34 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
35 registry_url: "{{ docker_registry_url }}"
36 username: "{{ docker_registry_username }}"
37 password: "{{ docker_registry_password }}"
38
39- name: get drawio image
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_image:
45 name: "{{ image }}"
46 repository: "{{ custom_registry }}/{{ repo_tag }}"
47 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
48 source: pull
49 force_source: yes
50 push: yes
51
52- name: get export-server image
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
57 docker_image:
58 name: "{{ docker_registry_url }}/{{ docker_registry_username }}/image-export:latest"
59 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
60 source: pull
61 force_source: yes
62 push: yes
63
64- name: create drawio docker network
65 become: yes
66 become_user: "{{ docker_username }}"
67 docker_network:
68 name: "{{ drawio_network_name }}"
69 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
70 driver: bridge
71 ipam_config:
72 - subnet: "{{ drawio_subnet }}"
73 gateway: "{{ drawio_gateway }}"
74
75- name: create and deploy drawio export-server
76 become: yes
77 become_user: "{{ docker_username }}"
78 environment:
79 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
80 docker_container:
81 name: "image-export"
82 image: "{{ docker_registry_url }}/{{ docker_registry_username }}/image-export:latest"
83 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
84 pull: yes
85 exposed_ports:
86 - '8000'
87 purge_networks: yes
88 networks:
89 - name: "{{ drawio_network_name }}"
90 ipv4_address: "{{ drawio_export_ipv4 }}"
91 volumes:
92 - fonts_volume:/usr/share/fonts/drawio
93 env:
94 DRAWIO_BASE_URL: "{{ drawio_base_url }}"
95 cap_drop:
96 - all
97 hostname: "image-export"
98 restart_policy: unless-stopped
99 state: 'started'
100 recreate: yes
101
102- name: create and deploy drawio
103 become: yes
104 become_user: "{{ docker_username }}"
105 environment:
106 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
107 docker_container:
108 name: "drawio"
109 image: "{{ custom_registry }}/{{ repo_tag }}"
110 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
111 pull: yes
112 purge_networks: yes
113 networks:
114 - name: "{{ drawio_network_name }}"
115 ipv4_address: "{{ drawio_ipv4 }}"
116 ports:
117 - "127.0.0.1:8443:8443"
118 - "127.0.0.1:8400:8080"
119 links:
120 - image-export:image-export
121 env:
122 DRAWIO_SELF_CONTAINED: "1"
123 PLANTUML_URL: "http://plantuml-server:8080/"
124 EXPORT_URL: "http://image-export:8000/"
125 DRAWIO_PUSHER_MODE: "2"
126 cap_drop:
127 - all
128 hostname: "drawio"
129 restart_policy: unless-stopped
130 state: 'started'
131 recreate: yes
132
133- name: deploy nginx configuration
134 notify: restart nginx
135 register: nginx_config
136 copy:
137 src: "{{ drawio_nginx_config }}"
138 dest: /etc/nginx/sites-available/drawio.conf
139 owner: root
140 group: root
141 mode: '0644'
142
143- name: symlink site
144 file:
145 src: /etc/nginx/sites-available/drawio.conf
146 dest: /etc/nginx/sites-enabled/drawio.conf
147 owner: root
148 group: root
149 state: link
diff --git a/roles/services/containers/firefly/handlers/main.yml b/roles/services/containers/firefly/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/firefly/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/firefly/tasks/main.yml b/roles/services/containers/firefly/tasks/main.yml
new file mode 100644
index 0000000..ab389e2
--- /dev/null
+++ b/roles/services/containers/firefly/tasks/main.yml
@@ -0,0 +1,172 @@
1- name: set image fact
2 set_fact:
3 image: fireflyiii/core:version-6.0.13
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create firefly directory
13 file:
14 path: "{{ docker_home }}/firefly"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create data directory
21 file:
22 path: "{{ docker_home }}/firefly/data"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: create db directory
29 file:
30 path: "{{ docker_home }}/firefly/db"
31 state: directory
32 owner: "{{ docker_username }}"
33 group: "{{ docker_username }}"
34 mode: '0755'
35
36- name: create firefly docker network
37 become: yes
38 become_user: "{{ docker_username }}"
39 docker_network:
40 name: "{{ firefly_network_name }}"
41 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
42 driver: bridge
43 ipam_config:
44 - subnet: "{{ firefly_subnet }}"
45 gateway: "{{ firefly_gateway }}"
46
47- name: create and deploy firefly db
48 become: yes
49 become_user: "{{ docker_username }}"
50 environment:
51 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
52 docker_container:
53 name: "firefly-db"
54 hostname: "firefly-db"
55 image: postgres:alpine
56 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
57 purge_networks: yes
58 networks:
59 - name: "{{ firefly_network_name }}"
60 ipv4_address: "{{ firefly_db_ipv4 }}"
61 volumes:
62 - "{{ docker_home }}/firefly/data:/var/lib/postgresql/data"
63 env:
64 "POSTGRES_USER": "{{ firefly_postgres_user }}"
65 "POSTGRES_PASSWORD": "{{ firefly_postgres_password }}"
66 "POSTGRES_DB": "{{ firefly_postgres_db }}"
67 state: 'started'
68 recreate: yes
69 restart_policy: unless-stopped
70
71- name: create and deploy firefly container
72 become: yes
73 become_user: "{{ docker_username }}"
74 environment:
75 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
76 docker_container:
77 name: "firefly"
78 hostname: "firefly"
79 image: "{{ image }}"
80 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
81 purge_networks: yes
82 networks:
83 - name: "{{ firefly_network_name }}"
84 ipv4_address: "{{ firefly_ipv4 }}"
85 ports:
86 - "127.0.0.1:{{ firefly_external_port }}:8080"
87 volumes:
88 - "{{ docker_home }}/firefly/upload:/var/www/html/storage/upload"
89 env:
90 "TZ": "{{ timezone }}"
91 "APP_KEY": "{{ firefly_app_key }}"
92 "STATIC_CRON_TOKEN": "{{ firefly_cron_token }}"
93 "DB_HOST": "firefly-db"
94 "DB_PORT": "5432"
95 "DB_CONNECTION": "pgsql"
96 "DB_USERNAME": "{{ firefly_postgres_user }}"
97 "DB_PASSWORD": "{{ firefly_postgres_password }}"
98 "DB_DATABASE": "{{ firefly_postgres_db }}"
99 "AUTHENTICATION_GUARD": "remote_user_guard"
100 "AUTHENTICATION_GUARD_HEADER": "HTTP_REMOTE_USER"
101 "AUTHENTICATION_GUARD_EMAIL": "HTTP_REMOTE_EMAIL"
102 "APP_URL": "https://{{ firefly_server_name }}"
103 "TRUSTED_PROXIES": "*"
104 state: 'started'
105 recreate: yes
106 restart_policy: unless-stopped
107
108- name: create and deploy firefly importer container
109 become: yes
110 become_user: "{{ docker_username }}"
111 environment:
112 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
113 docker_container:
114 name: "firefly-importer"
115 hostname: "firefly-importer"
116 image: "fireflyiii/data-importer:version-1.3.0"
117 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
118 purge_networks: yes
119 networks:
120 - name: "{{ firefly_network_name }}"
121 ipv4_address: "{{ firefly_importer_ipv4 }}"
122 ports:
123 - "127.0.0.1:{{ firefly_importer_external_port }}:8080"
124 env:
125 "TZ": "{{ timezone }}"
126 "FIREFLY_III_URL": "http://firefly:8080"
127 "FIREFLY_III_ACCESS_TOKEN": "{{ firefly_access_token }}"
128 "VANITY_URL": "https://{{ firefly_server_name }}"
129 "TRUSTED_PROXIES": "*"
130 state: 'started'
131 recreate: yes
132 restart_policy: unless-stopped
133
134- name: create and deploy firefly cron container
135 become: yes
136 become_user: "{{ docker_username }}"
137 environment:
138 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
139 docker_container:
140 name: "firefly-cron"
141 hostname: "firefly-cron"
142 image: alpine
143 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
144 purge_networks: yes
145 networks:
146 - name: "{{ firefly_network_name }}"
147 ipv4_address: "{{ firefly_cron_ipv4 }}"
148 env:
149 "POSTGRES_USER": "{{ firefly_postgres_user }}"
150 "POSTGRES_PASSWORD": "{{ firefly_postgres_password }}"
151 "POSTGRES_DB": "{{ firefly_postgres_db }}"
152 command: 'sh -c "echo \"0 3 * * * wget -qO- http://firefly:8080/api/v1/cron/{{ firefly_cron_token }}\" | crontab - && crond -f -L /dev/stdout"'
153 state: 'started'
154 recreate: yes
155 restart_policy: unless-stopped
156
157- name: deploy nginx configuration
158 notify: restart nginx
159 template:
160 src: "{{ firefly_nginx_config }}"
161 dest: /etc/nginx/sites-available/firefly.conf
162 owner: root
163 group: root
164 mode: '0644'
165
166- name: symlink site
167 file:
168 src: /etc/nginx/sites-available/firefly.conf
169 dest: /etc/nginx/sites-enabled/firefly.conf
170 owner: root
171 group: root
172 state: link
diff --git a/roles/services/containers/freshrss/handlers/main.yml b/roles/services/containers/freshrss/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/freshrss/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/freshrss/tasks/main.yml b/roles/services/containers/freshrss/tasks/main.yml
new file mode 100644
index 0000000..26109b3
--- /dev/null
+++ b/roles/services/containers/freshrss/tasks/main.yml
@@ -0,0 +1,101 @@
1- name: set image fact
2 set_fact:
3 image: freshrss/freshrss:1.21.0
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create freshrss directory
13 file:
14 path: "{{ docker_home }}/freshrss"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_login:
26 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
27 registry_url: "{{ docker_registry_url }}"
28 username: "{{ docker_registry_username }}"
29 password: "{{ docker_registry_password }}"
30
31- name: get freshrss image
32 become: yes
33 become_user: "{{ docker_username }}"
34 environment:
35 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
36 docker_image:
37 name: "{{ image }}"
38 repository: "{{ custom_registry }}/{{ repo_tag }}"
39 push: yes
40 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
41 source: pull
42 force_source: yes
43
44- name: create freshrss data directory
45 file:
46 path: "{{ docker_home }}/freshrss/data"
47 state: directory
48 owner: "{{ docker_username }}"
49 group: "{{ docker_username }}"
50 mode: '0755'
51
52- name: create freshrss docker network
53 docker_network:
54 name: "{{ freshrss_network_name }}"
55 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
56 driver: bridge
57 ipam_config:
58 - subnet: "{{ freshrss_subnet }}"
59 gateway: "{{ freshrss_gateway }}"
60
61- name: create and deploy freshrss container
62 become: yes
63 become_user: "{{ docker_username }}"
64 environment:
65 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
66 docker_container:
67 name: "freshrss"
68 hostname: "freshrss"
69 image: "{{ custom_registry }}/{{ repo_tag }}"
70 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
71 purge_networks: yes
72 networks:
73 - name: "{{ freshrss_network_name }}"
74 ipv4_address: "{{ freshrss_ipv4 }}"
75 ports:
76 - "127.0.0.1:8090:80"
77 state: 'started'
78 recreate: yes
79 restart_policy: unless-stopped
80 volumes:
81 - "{{ docker_home }}/freshrss/data:/var/www/FreshRSS/data"
82 env:
83 "CRON_MIN": "0,15,30,45"
84
85- name: deploy nginx configuration
86 notify: restart nginx
87 register: nginx_config
88 copy:
89 src: "{{ freshrss_nginx_config }}"
90 dest: /etc/nginx/sites-available/freshrss.conf
91 owner: root
92 group: root
93 mode: '0644'
94
95- name: symlink site
96 file:
97 src: /etc/nginx/sites-available/freshrss.conf
98 dest: /etc/nginx/sites-enabled/freshrss.conf
99 owner: root
100 group: root
101 state: link
diff --git a/roles/services/containers/gitea/handlers/main.yml b/roles/services/containers/gitea/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/gitea/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/gitea/tasks/main.yml b/roles/services/containers/gitea/tasks/main.yml
new file mode 100644
index 0000000..fecec5e
--- /dev/null
+++ b/roles/services/containers/gitea/tasks/main.yml
@@ -0,0 +1,171 @@
1- name: set image fact
2 set_fact:
3 image: gitea/gitea:1.19.3
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create gitea directory
13 file:
14 path: "{{ docker_home }}/gitea"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 environment:
23 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
24 docker_login:
25 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
26 registry_url: "{{ docker_registry_url }}"
27 username: "{{ docker_registry_username }}"
28 password: "{{ docker_registry_password }}"
29
30- name: get gitea image
31 become: yes
32 docker_image:
33 name: "{{ image }}"
34 repository: "{{ custom_registry }}/{{ repo_tag }}"
35 push: yes
36 source: pull
37 force_source: yes
38
39- name: create git user on host
40 user:
41 name: "git"
42 uid: "{{ gitea_git_uid }}"
43 create_home: yes
44 generate_ssh_key: yes
45 shell: /bin/bash
46
47- name: get git user public key
48 command: cat /home/git/.ssh/id_rsa.pub
49 register: pubkey
50 changed_when: false
51
52- name: add git user public key to git user's authorized_keys file
53 authorized_key:
54 user: git
55 key: "{{ pubkey.stdout }}"
56
57- name: create fake host gitea
58 blockinfile:
59 path: /usr/local/bin/gitea
60 create: yes
61 owner: root
62 group: root
63 mode: '0755'
64 block: |
65 #!/bin/sh
66 ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
67
68- name: create gitea data directory
69 file:
70 path: "{{ docker_home }}/gitea/data"
71 state: directory
72 owner: "{{ gitea_git_uid }}"
73 group: "{{ gitea_git_uid }}"
74 mode: '0755'
75
76- name: create gitea config directory
77 file:
78 path: "{{ docker_home }}/gitea/config"
79 state: directory
80 owner: "{{ gitea_git_uid }}"
81 group: "{{ gitea_git_uid }}"
82 mode: '0755'
83
84- name: copy gitea config file
85 copy:
86 src: "{{ gitea_config }}"
87 dest: "{{ docker_home }}/gitea/config/app.ini"
88 owner: "{{ gitea_git_uid }}"
89 group: "{{ gitea_git_uid }}"
90 mode: '0644'
91
92- name: change gitea internal token
93 lineinfile:
94 path: "{{ docker_home }}/gitea/config/app.ini"
95 regexp: "^INTERNAL_TOKEN"
96 line: "INTERNAL_TOKEN = {{ gitea_internal_token }}"
97
98- name: change gitea lfs jwt secret
99 lineinfile:
100 path: "{{ docker_home }}/gitea/config/app.ini"
101 regexp: "^LFS_JWT_SECRET"
102 line: "LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}"
103
104- name: set permissions on gitea data
105 file:
106 path: "{{ docker_home }}/gitea/data/"
107 owner: "{{ gitea_git_uid }}"
108 group: "{{ gitea_git_uid }}"
109 mode: u=rwX,g=rX,o=rX
110 recurse: yes
111
112- name: set permissions on gitea config
113 file:
114 path: "{{ docker_home }}/gitea/config/"
115 owner: "{{ gitea_git_uid }}"
116 group: "{{ gitea_git_uid }}"
117 mode: u=rwX,g=rX,o=rX
118 recurse: yes
119
120- name: create gitea docker network
121 docker_network:
122 name: "{{ gitea_network_name }}"
123 driver: bridge
124 ipam_config:
125 - subnet: "{{ gitea_subnet }}"
126 gateway: "{{ gitea_gateway }}"
127
128- name: create and deploy gitea container
129 become: yes
130 docker_container:
131 name: "gitea"
132 hostname: "gitea"
133 image: "{{ custom_registry }}/{{ repo_tag }}"
134 purge_networks: yes
135 networks:
136 - name: "{{ gitea_network_name }}"
137 ipv4_address: "{{ gitea_ipv4 }}"
138 ports:
139 - "127.0.0.1:{{ gitea_external_port }}:3000"
140 - "127.0.0.1:2222:22"
141 state: 'started'
142 comparisons:
143 '*': strict
144 restart_policy: unless-stopped
145 env:
146 "USER_UID": "{{ gitea_git_uid }}"
147 "USER_GID": "{{ gitea_git_uid }}"
148 volumes:
149 - "{{ docker_home }}/gitea/data:/data"
150 - "{{ docker_home }}/gitea/config:/data/gitea/conf"
151 - "/home/git/.ssh/:/data/git/.ssh"
152 - "/etc/timezone:/etc/timezone:ro"
153 - "/etc/localtime:/etc/localtime:ro"
154
155- name: deploy nginx configuration
156 notify: restart nginx
157 register: nginx_config
158 copy:
159 src: "{{ gitea_nginx_config }}"
160 dest: /etc/nginx/sites-available/gitea.conf
161 owner: root
162 group: root
163 mode: '0644'
164
165- name: symlink site
166 file:
167 src: /etc/nginx/sites-available/gitea.conf
168 dest: /etc/nginx/sites-enabled/gitea.conf
169 owner: root
170 group: root
171 state: link
diff --git a/roles/services/containers/home_assistant/handlers/main.yml b/roles/services/containers/home_assistant/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/home_assistant/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/home_assistant/tasks/main.yml b/roles/services/containers/home_assistant/tasks/main.yml
new file mode 100644
index 0000000..b44c529
--- /dev/null
+++ b/roles/services/containers/home_assistant/tasks/main.yml
@@ -0,0 +1,86 @@
1- name: set image fact
2 set_fact:
3 image: homeassistant/home-assistant:2023.6.3
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create home_assistant directory
13 file:
14 path: "{{ docker_home }}/home_assistant"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create config directory
21 file:
22 path: "{{ docker_home }}/home_assistant/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: deploy configuration
29 copy:
30 src: "{{ home_assistant_config }}"
31 dest: "{{ docker_home }}/home_assistant/config/configuration.yaml"
32 owner: "{{ docker_username }}"
33 group: "{{ docker_username }}"
34 mode: '0644'
35
36- name: create home_assistant network
37 become: yes
38 become_user: "{{ docker_username }}"
39 docker_network:
40 name: "{{ home_assistant_network_name }}"
41 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
42 driver: bridge
43 ipam_config:
44 - subnet: "{{ home_assistant_subnet }}"
45 gateway: "{{ home_assistant_gateway }}"
46
47- name: create and deploy home_assistant container
48 become: yes
49 become_user: "{{ docker_username }}"
50 environment:
51 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
52 docker_container:
53 name: "home_assistant"
54 hostname: "home_assistant"
55 image: "{{ image }}"
56 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
57 purge_networks: yes
58 networks:
59 - name: "{{ home_assistant_network_name }}"
60 ipv4_address: "{{ home_assistant_ipv4 }}"
61 ports:
62 - "127.0.0.1:{{ home_assistant_external_port }}:8123"
63 volumes:
64 - "{{ docker_home }}/home_assistant/config:/config"
65 env:
66 "TZ": "{{ timezone }}"
67 state: 'started'
68 recreate: yes
69 restart_policy: unless-stopped
70
71- name: deploy nginx configuration
72 notify: restart nginx
73 template:
74 src: "{{ home_assistant_nginx_config }}"
75 dest: /etc/nginx/sites-available/home_assistant.conf
76 owner: root
77 group: root
78 mode: '0644'
79
80- name: symlink site
81 file:
82 src: /etc/nginx/sites-available/home_assistant.conf
83 dest: /etc/nginx/sites-enabled/home_assistant.conf
84 owner: root
85 group: root
86 state: link
diff --git a/roles/services/containers/homer/handlers/main.yml b/roles/services/containers/homer/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/homer/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/homer/tasks/main.yml b/roles/services/containers/homer/tasks/main.yml
new file mode 100644
index 0000000..b646d12
--- /dev/null
+++ b/roles/services/containers/homer/tasks/main.yml
@@ -0,0 +1,122 @@
1- name: set image fact
2 set_fact:
3 image: b4bz/homer:v23.05.1
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create homer directory
13 file:
14 path: "{{ docker_home }}/homer"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_login:
26 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
27 registry_url: "{{ docker_registry_url }}"
28 username: "{{ docker_registry_username }}"
29 password: "{{ docker_registry_password }}"
30
31- name: get homer image
32 become: yes
33 become_user: "{{ docker_username }}"
34 environment:
35 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
36 docker_image:
37 name: "{{ image }}"
38 repository: "{{ custom_registry }}/{{ repo_tag }}"
39 push: yes
40 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
41 source: pull
42 force_source: yes
43
44- name: create homer assets directory
45 file:
46 path: "{{ docker_home }}/homer/assets"
47 state: directory
48 owner: "{{ docker_username }}"
49 group: "{{ docker_username }}"
50 mode: '0755'
51
52- name: synchronize homer assets
53 synchronize:
54 src: "{{ homer_assets_dir }}"
55 dest: "{{ docker_home }}/homer/assets/"
56 delete: yes
57
58- name: set permissions on homer assets
59 file:
60 path: "{{ docker_home }}/homer/assets/"
61 owner: "{{ docker_username }}"
62 group: "{{ docker_username }}"
63 mode: u=rwX,g=rX,o=rX
64 recurse: yes
65
66- name: set permissions on homer assets
67 file:
68 path: "{{ docker_home }}/homer/assets/"
69 state: directory
70 owner: "{{ docker_username }}"
71 group: "{{ docker_username }}"
72 mode: '0755'
73 recurse: no
74
75- name: create homer docker network
76 docker_network:
77 name: "{{ homer_network_name }}"
78 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
79 driver: bridge
80 ipam_config:
81 - subnet: "{{ homer_subnet }}"
82 gateway: "{{ homer_gateway }}"
83
84- name: create and deploy homer container
85 become: yes
86 become_user: "{{ docker_username }}"
87 environment:
88 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
89 docker_container:
90 name: "homer"
91 hostname: "homer"
92 image: "{{ custom_registry }}/{{ repo_tag }}"
93 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
94 purge_networks: yes
95 networks:
96 - name: "{{ homer_network_name }}"
97 ipv4_address: "{{ homer_ipv4 }}"
98 ports:
99 - "127.0.0.1:8001:8080"
100 state: 'started'
101 recreate: yes
102 restart_policy: unless-stopped
103 volumes:
104 - "{{ docker_home }}/homer/assets:/www/assets"
105
106- name: deploy nginx configuration
107 notify: restart nginx
108 register: nginx_config
109 copy:
110 src: "{{ homer_nginx_config }}"
111 dest: /etc/nginx/sites-available/homer.conf
112 owner: root
113 group: root
114 mode: '0644'
115
116- name: symlink site
117 file:
118 src: /etc/nginx/sites-available/homer.conf
119 dest: /etc/nginx/sites-enabled/homer.conf
120 owner: root
121 group: root
122 state: link
diff --git a/roles/services/containers/invidious/handlers/main.yml b/roles/services/containers/invidious/handlers/main.yml
new file mode 100644
index 0000000..a3a5d0b
--- /dev/null
+++ b/roles/services/containers/invidious/handlers/main.yml
@@ -0,0 +1,29 @@
1- name: login to docker registry
2 become: yes
3 become_user: "{{ docker_username }}"
4 environment:
5 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
6 docker_login:
7 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
8 registry_url: "{{ docker_registry_url }}"
9 username: "{{ docker_registry_username }}"
10 password: "{{ docker_registry_password }}"
11
12- name: build invidious image
13 become: yes
14 become_user: "{{ docker_username }}"
15 environment:
16 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
17 docker_image:
18 name: "{{ docker_registry_url }}/{{ docker_registry_username }}/invidious:latest"
19 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
20 build:
21 path: /srv/docker/invidious/src
22 dockerfile: docker/Dockerfile
23 source: build
24 push: yes
25
26- name: restart nginx
27 service:
28 name: nginx
29 state: restarted
diff --git a/roles/services/containers/invidious/tasks/main.yml b/roles/services/containers/invidious/tasks/main.yml
new file mode 100644
index 0000000..6bff0e2
--- /dev/null
+++ b/roles/services/containers/invidious/tasks/main.yml
@@ -0,0 +1,124 @@
1- name: set image fact
2 set_fact:
3 image: gitea.chudnick.com/sam/invidious:latest
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create invidious directory
13 file:
14 path: "{{ docker_home }}/invidious"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create postgres data directory
21 file:
22 path: "{{ docker_home }}/invidious/data"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: clone invidious repo
29 become: yes
30 become_user: "{{ docker_username }}"
31 notify:
32 - login to docker registry
33 - build invidious image
34 git:
35 repo: "{{ invidious_repo }}"
36 dest: "{{ docker_home }}/invidious/src"
37 version: "master"
38
39- meta: flush_handlers
40
41- name: create invidious docker network
42 become: yes
43 become_user: "{{ docker_username }}"
44 docker_network:
45 name: "{{ invidious_network_name }}"
46 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
47 driver: bridge
48 ipam_config:
49 - subnet: "{{ invidious_subnet }}"
50 gateway: "{{ invidious_gateway }}"
51
52- name: create and deploy invidious db
53 become: yes
54 become_user: "{{ docker_username }}"
55 environment:
56 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
57 docker_container:
58 name: "invidious-db"
59 hostname: "invidious-db"
60 image: postgres:13
61 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
62 purge_networks: yes
63 networks:
64 - name: "{{ invidious_network_name }}"
65 ipv4_address: "{{ invidious_db_ipv4 }}"
66 volumes:
67 - "{{ docker_home }}/invidious/data:/var/lib/postgresql/data"
68 - "{{ docker_home }}/invidious/src/config/sql:/config/sql"
69 - "{{ docker_home }}/invidious/src/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh"
70 env:
71 "POSTGRES_DB": "invidious"
72 "POSTGRES_USER": "invidious"
73 "POSTGRES_PASSWORD": "{{ invidious_postgres_password }}"
74 state: 'started'
75 recreate: yes
76 restart_policy: unless-stopped
77
78- name: create and deploy invidious container
79 become: yes
80 become_user: "{{ docker_username }}"
81 environment:
82 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
83 docker_container:
84 name: "invidious"
85 hostname: "invidious"
86 image: "{{ image }}"
87 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
88 purge_networks: yes
89 env:
90 "dbname": "invidious"
91 "user": "invidious"
92 "password": "{{ invidious_postgres_password }}"
93 "host": "invidious-db"
94 "port": "5432"
95 "check_tables": "true"
96 "https_only": "true"
97 "hsts": "true"
98 "domain": "{{ invidious_server_name }}"
99 "dark_mode": "dark"
100 networks:
101 - name: "{{ invidious_network_name }}"
102 ipv4_address: "{{ invidious_ipv4 }}"
103 ports:
104 - "127.0.0.1:{{ invidious_external_port }}:3000"
105 state: 'started'
106 recreate: yes
107 restart_policy: unless-stopped
108
109- name: deploy nginx configuration
110 notify: restart nginx
111 template:
112 src: "{{ invidious_nginx_config }}"
113 dest: /etc/nginx/sites-available/invidious.conf
114 owner: root
115 group: root
116 mode: '0644'
117
118- name: symlink site
119 file:
120 src: /etc/nginx/sites-available/invidious.conf
121 dest: /etc/nginx/sites-enabled/invidious.conf
122 owner: root
123 group: root
124 state: link
diff --git a/roles/services/containers/jellyfin/handlers/main.yml b/roles/services/containers/jellyfin/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/jellyfin/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/jellyfin/tasks/main.yml b/roles/services/containers/jellyfin/tasks/main.yml
new file mode 100644
index 0000000..c7a424d
--- /dev/null
+++ b/roles/services/containers/jellyfin/tasks/main.yml
@@ -0,0 +1,159 @@
1- name: set image fact
2 set_fact:
3 image: jellyfin/jellyfin:10.8.10
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create jellyfin directory
13 file:
14 path: "{{ docker_home }}/jellyfin"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_login:
26 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
27 registry_url: "{{ docker_registry_url }}"
28 username: "{{ docker_registry_username }}"
29 password: "{{ docker_registry_password }}"
30
31- name: get jellyfin image
32 become: yes
33 become_user: "{{ docker_username }}"
34 environment:
35 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
36 docker_image:
37 name: "{{ image }}"
38 repository: "{{ custom_registry }}/{{ repo_tag }}"
39 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
40 source: pull
41 force_source: yes
42 push: yes
43
44- name: create jellyfin config directory
45 file:
46 path: "{{ docker_home }}/jellyfin/config"
47 state: directory
48 owner: "{{ docker_username }}"
49 group: "{{ docker_username }}"
50 mode: '0755'
51
52- name: create jellyfin cache directory
53 file:
54 path: "{{ docker_home }}/jellyfin/cache"
55 state: directory
56 owner: "{{ docker_username }}"
57 group: "{{ docker_username }}"
58 mode: '0755'
59
60- name: create jellyfin media directory
61 file:
62 path: "{{ docker_home }}/jellyfin/media"
63 state: directory
64 group: "{{ docker_username }}"
65 mode: '0755'
66
67- name: copy jellyfin config
68 synchronize:
69 src: "{{ jellyfin_config }}"
70 dest: "{{ docker_home }}/jellyfin/config"
71
72- name: copy jellyfin media
73 synchronize:
74 src: "{{ jellyfin_media }}"
75 dest: "{{ docker_home }}/jellyfin/media"
76 ignore_errors: yes
77
78- name: copy jellyfin web config
79 copy:
80 src: "{{ jellyfin_web_config }}"
81 dest: "{{ docker_home }}/jellyfin/web-config.json"
82 owner: "{{ docker_username }}"
83 group: "{{ docker_username }}"
84 mode: '0644'
85
86- name: set config permissions
87 file:
88 path: "{{ docker_home }}/jellyfin/config"
89 owner: "{{ docker_username }}"
90 group: "{{ docker_username }}"
91 mode: '0755'
92 recurse: yes
93
94- name: set media permissions
95 file:
96 path: "{{ docker_home }}/jellyfin/media"
97 owner: "{{ docker_username }}"
98 group: "{{ docker_username }}"
99 mode: '0755'
100 recurse: yes
101
102- name: create jellyfin docker network
103 become: yes
104 become_user: "{{ docker_username }}"
105 docker_network:
106 name: "{{ jellyfin_network_name }}"
107 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
108 driver: bridge
109 ipam_config:
110 - subnet: "{{ jellyfin_subnet }}"
111 gateway: "{{ jellyfin_gateway }}"
112
113- name: create and deploy jellyfin container
114 become: yes
115 become_user: "{{ docker_username }}"
116 environment:
117 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
118 docker_container:
119 name: "jellyfin"
120 image: "{{ custom_registry }}/{{ repo_tag }}"
121 pull: yes
122 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
123 purge_networks: yes
124 networks:
125 - name: "{{ jellyfin_network_name }}"
126 ipv4_address: "{{ jellyfin_ipv4 }}"
127 ports:
128 - "127.0.0.1:8096:8096"
129 volumes:
130 - "{{ docker_home }}/jellyfin/config:/config"
131 - "{{ docker_home }}/jellyfin/cache:/cache"
132 - "{{ docker_home }}/arr/data/media:/media:ro"
133 - "{{ docker_home }}/jellyfin/web-config.json:/jellyfin/jellyfin-web/config.json"
134 env:
135 JELLYFIN_PublishedServerUrl: "{{ jellyfin_url }}"
136 cap_drop:
137 - all
138 hostname: "jellyfin"
139 restart_policy: unless-stopped
140 state: 'started'
141 recreate: yes
142
143- name: deploy nginx configuration
144 notify: restart nginx
145 register: nginx_config
146 copy:
147 src: "{{ jellyfin_nginx_config }}"
148 dest: /etc/nginx/sites-available/jellyfin.conf
149 owner: root
150 group: root
151 mode: '0644'
152
153- name: symlink site
154 file:
155 src: /etc/nginx/sites-available/jellyfin.conf
156 dest: /etc/nginx/sites-enabled/jellyfin.conf
157 owner: root
158 group: root
159 state: link
diff --git a/roles/services/containers/kanboard/handlers/main.yml b/roles/services/containers/kanboard/handlers/main.yml
new file mode 100644
index 0000000..de5dcb6
--- /dev/null
+++ b/roles/services/containers/kanboard/handlers/main.yml
@@ -0,0 +1,18 @@
1- name: build pywttr-docker image
2 become: yes
3 become_user: "{{ docker_username }}"
4 environment:
5 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
6 docker_image:
7 name: "{{ docker_registry_url }}/{{ docker_registry_username }}/pywttr-docker:latest"
8 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
9 build:
10 path: /srv/docker/pywttr-docker/src
11 source: build
12 push: yes
13 force_source: yes
14
15- name: restart nginx
16 service:
17 name: nginx
18 state: restarted
diff --git a/roles/services/containers/kanboard/tasks/main.yml b/roles/services/containers/kanboard/tasks/main.yml
new file mode 100644
index 0000000..1efc16e
--- /dev/null
+++ b/roles/services/containers/kanboard/tasks/main.yml
@@ -0,0 +1,93 @@
1- name: set image fact
2 set_fact:
3 image: kanboard/kanboard:v1.2.30
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create kanboard directory
13 file:
14 path: "{{ docker_home }}/kanboard"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create data directory
21 file:
22 path: "{{ docker_home }}/kanboard/data"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: deploy custom configuration
29 copy:
30 src: "{{ kanboard_config }}"
31 dest: "{{ docker_home }}/kanboard/data/config.php"
32 owner: "{{ docker_username }}"
33 group: "{{ docker_username }}"
34 mode: '0644'
35
36- name: create plugins directory
37 file:
38 path: "{{ docker_home }}/kanboard/plugins"
39 state: directory
40 owner: "{{ docker_username }}"
41 group: "{{ docker_username }}"
42 mode: '0755'
43
44- name: create kanboard network
45 become: yes
46 become_user: "{{ docker_username }}"
47 docker_network:
48 name: "{{ kanboard_network_name }}"
49 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
50 driver: bridge
51 ipam_config:
52 - subnet: "{{ kanboard_subnet }}"
53 gateway: "{{ kanboard_gateway }}"
54
55- name: create and deploy kanboard container
56 become: yes
57 become_user: "{{ docker_username }}"
58 environment:
59 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
60 docker_container:
61 name: "kanboard"
62 hostname: "kanboard"
63 image: "{{ image }}"
64 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
65 purge_networks: yes
66 networks:
67 - name: "{{ kanboard_network_name }}"
68 ipv4_address: "{{ kanboard_ipv4 }}"
69 ports:
70 - "127.0.0.1:{{ kanboard_external_port }}:80"
71 volumes:
72 - "{{ docker_home }}/kanboard/data:/var/www/app/data"
73 - "{{ docker_home }}/kanboard/plugins:/var/www/app/plugins"
74 state: 'started'
75 recreate: yes
76 restart_policy: unless-stopped
77
78- name: deploy nginx configuration
79 notify: restart nginx
80 template:
81 src: "{{ kanboard_nginx_config }}"
82 dest: /etc/nginx/sites-available/kanboard.conf
83 owner: root
84 group: root
85 mode: '0644'
86
87- name: symlink site
88 file:
89 src: /etc/nginx/sites-available/kanboard.conf
90 dest: /etc/nginx/sites-enabled/kanboard.conf
91 owner: root
92 group: root
93 state: link
diff --git a/roles/services/containers/navidrome/handlers/main.yml b/roles/services/containers/navidrome/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/navidrome/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/navidrome/tasks/main.yml b/roles/services/containers/navidrome/tasks/main.yml
new file mode 100644
index 0000000..e95e849
--- /dev/null
+++ b/roles/services/containers/navidrome/tasks/main.yml
@@ -0,0 +1,117 @@
1- name: set image fact
2 set_fact:
3 image: deluan/navidrome:0.49.2
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create navidrome directory
13 file:
14 path: "{{ docker_home }}/navidrome"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create navidrome data directory
21 file:
22 path: "{{ docker_home }}/navidrome/data"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: create navidrome music directory
29 file:
30 path: "{{ docker_home }}/navidrome/music"
31 state: directory
32 owner: "{{ docker_username }}"
33 group: "{{ docker_username }}"
34 mode: '0755'
35
36- name: login to docker registry
37 become: yes
38 become_user: "{{ docker_username }}"
39 environment:
40 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
41 docker_login:
42 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
43 registry_url: "{{ docker_registry_url }}"
44 username: "{{ docker_registry_username }}"
45 password: "{{ docker_registry_password }}"
46
47- name: pull and push navidrome image
48 become: yes
49 become_user: "{{ docker_username }}"
50 environment:
51 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
52 docker_image:
53 name: "{{ image }}"
54 repository: "{{ custom_registry }}/{{ repo_tag }}"
55 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
56 source: pull
57 force_source: yes
58 push: yes
59
60- name: create navidrome docker network
61 docker_network:
62 name: "{{ navidrome_network_name }}"
63 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
64 driver: bridge
65 ipam_config:
66 - subnet: "{{ navidrome_subnet }}"
67 gateway: "{{ navidrome_gateway }}"
68
69- name: create and deploy navidrome container
70 become: yes
71 become_user: "{{ docker_username }}"
72 environment:
73 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
74 docker_container:
75 name: "navidrome"
76 hostname: "navidrome"
77 image: "{{ custom_registry }}/{{ repo_tag }}"
78 pull: yes
79 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
80 purge_networks: yes
81 networks:
82 - name: "{{ navidrome_network_name }}"
83 ipv4_address: "{{ navidrome_ipv4 }}"
84 ports:
85 - "127.0.0.1:4533:4533"
86 state: 'started'
87 recreate: yes
88 restart_policy: unless-stopped
89 env:
90 "ND_AUTHREQUEST_LIMIT": "2"
91 "ND_PASSWORDENCRYPTIONKEY": "{{ navidrome_encryptionkey }}"
92 "ND_LASTFM_ENABLED": "false"
93 "ND_PROMETHEUS_ENABLED": "true"
94 "ND_PROMETHEUS_METRICSPATH": "/metrics"
95 "ND_REVERSEPROXYWHITELIST": "172.25.5.0/24"
96 "ND_LOGLEVEL": "debug"
97 volumes:
98 - "{{ docker_home }}/navidrome/data:/data"
99 - "{{ docker_home }}/arr/data/media/music:/music:ro"
100
101- name: deploy nginx configuration
102 notify: restart nginx
103 register: nginx_config
104 copy:
105 src: "{{ navidrome_nginx_config }}"
106 dest: /etc/nginx/sites-available/navidrome.conf
107 owner: root
108 group: root
109 mode: '0644'
110
111- name: symlink site
112 file:
113 src: /etc/nginx/sites-available/navidrome.conf
114 dest: /etc/nginx/sites-enabled/navidrome.conf
115 owner: root
116 group: root
117 state: link
diff --git a/roles/services/containers/nextcloud/handlers/main.yml b/roles/services/containers/nextcloud/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/nextcloud/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/nextcloud/tasks/main.yml b/roles/services/containers/nextcloud/tasks/main.yml
new file mode 100644
index 0000000..fbd4a76
--- /dev/null
+++ b/roles/services/containers/nextcloud/tasks/main.yml
@@ -0,0 +1,184 @@
1- name: set image fact
2 set_fact:
3 image: nextcloud:27.0.0-apache
4
5- name: set other facts
6 set_fact:
7 repo_tag: "{{ image }}"
8 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
9
10- name: create nextcloud directory
11 file:
12 path: "{{ docker_home }}/nextcloud"
13 state: directory
14 owner: "{{ docker_username }}"
15 group: "{{ docker_username }}"
16 mode: '0755'
17
18- name: create nextcloud app directory
19 file:
20 path: "{{ docker_home }}/nextcloud/app/"
21 state: directory
22 owner: "{{ docker_username }}"
23 group: "{{ docker_username }}"
24 mode: '0755'
25
26- name: create nextcloud data directory
27 file:
28 path: "{{ docker_home }}/nextcloud/data/"
29 state: directory
30 owner: "{{ docker_username }}"
31 group: "{{ docker_username }}"
32 mode: '0755'
33
34- name: login to docker registry
35 become: yes
36 become_user: "{{ docker_username }}"
37 environment:
38 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
39 docker_login:
40 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
41 registry_url: "{{ docker_registry_url }}"
42 username: "{{ docker_registry_username }}"
43 password: "{{ docker_registry_password }}"
44
45- name: pull and push nextcloud image
46 become: yes
47 become_user: "{{ docker_username }}"
48 environment:
49 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
50 docker_image:
51 name: "{{ image }}"
52 repository: "{{ custom_registry }}/{{ repo_tag }}"
53 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
54 source: pull
55 force_source: yes
56 push: yes
57
58- name: create nextcloud docker network
59 docker_network:
60 name: "{{ nextcloud_network_name }}"
61 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
62 driver: bridge
63 ipam_config:
64 - subnet: "{{ nextcloud_subnet }}"
65 gateway: "{{ nextcloud_gateway }}"
66
67- name: create and deploy postgres container
68 become: yes
69 become_user: "{{ docker_username }}"
70 environment:
71 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
72 docker_container:
73 name: "nextcloud-postgres"
74 hostname: "nextcloud-postgres"
75 image: "postgres:alpine"
76 pull: yes
77 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
78 purge_networks: yes
79 networks:
80 - name: "{{ nextcloud_network_name }}"
81 ipv4_address: "{{ nextcloud_postgres_ipv4 }}"
82 state: 'started'
83 comparisons:
84 '*': strict
85 restart_policy: unless-stopped
86 env:
87 "POSTGRES_USER": "{{ nextcloud_postgres_user }}"
88 "POSTGRES_PASSWORD": "{{ nextcloud_postgres_password }}"
89 "POSTGRES_DB": "{{ nextcloud_postgres_db }}"
90 volumes:
91 - "{{ docker_home }}/nextcloud/data:/var/lib/postgresql/data"
92
93- name: create and deploy redis container
94 become: yes
95 become_user: "{{ docker_username }}"
96 environment:
97 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
98 docker_container:
99 name: "nextcloud-redis"
100 hostname: "nextcloud-redis"
101 image: "redis:alpine"
102 pull: yes
103 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
104 purge_networks: yes
105 networks:
106 - name: "{{ nextcloud_network_name }}"
107 ipv4_address: "{{ nextcloud_redis_ipv4 }}"
108 state: 'started'
109 comparisons:
110 '*': strict
111 restart_policy: unless-stopped
112
113- name: create and deploy nextcloud container
114 become: yes
115 become_user: "{{ docker_username }}"
116 environment:
117 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
118 docker_container:
119 name: "nextcloud"
120 hostname: "nextcloud"
121 image: "{{ custom_registry }}/{{ repo_tag }}"
122 pull: yes
123 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
124 purge_networks: yes
125 networks:
126 - name: "{{ nextcloud_network_name }}"
127 ipv4_address: "{{ nextcloud_ipv4 }}"
128 ports:
129 - "127.0.0.1:{{ nextcloud_external_port }}:80"
130 state: 'started'
131 comparisons:
132 '*': strict
133 restart_policy: unless-stopped
134 env:
135 "POSTGRES_USER": "{{ nextcloud_postgres_user }}"
136 "POSTGRES_PASSWORD": "{{ nextcloud_postgres_password }}"
137 "POSTGRES_DB": "{{ nextcloud_postgres_db }}"
138 "POSTGRES_HOST": "nextcloud-postgres"
139 "REDIS_HOST": "nextcloud-redis"
140 "NEXTCLOUD_ADMIN_USER": "{{ nextcloud_admin }}"
141 "NEXTCLOUD_ADMIN_PASSWORD": "{{ nextcloud_admin_password }}"
142 "NEXTCLOUD_TRUSTED_DOMAINS": "{{ nextcloud_trusted_domains }}"
143 volumes:
144 - "{{ docker_home }}/nextcloud/app:/var/www/html"
145
146- name: create and deploy nextcloud cron container
147 become: yes
148 become_user: "{{ docker_username }}"
149 environment:
150 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
151 docker_container:
152 name: "nextcloud-cron"
153 hostname: "nextcloud-cron"
154 image: "{{ custom_registry }}/{{ repo_tag }}"
155 entrypoint: "/cron.sh"
156 pull: yes
157 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
158 purge_networks: yes
159 networks:
160 - name: "{{ nextcloud_network_name }}"
161 ipv4_address: "{{ nextcloud_cron_ipv4 }}"
162 state: 'started'
163 recreate: yes
164 restart_policy: unless-stopped
165 volumes:
166 - "{{ docker_home }}/nextcloud/app:/var/www/html"
167
168- name: deploy nginx configuration
169 notify: restart nginx
170 register: nginx_config
171 copy:
172 src: "{{ nextcloud_nginx_config }}"
173 dest: /etc/nginx/sites-available/nextcloud.conf
174 owner: root
175 group: root
176 mode: '0644'
177
178- name: symlink site
179 file:
180 src: /etc/nginx/sites-available/nextcloud.conf
181 dest: /etc/nginx/sites-enabled/nextcloud.conf
182 owner: root
183 group: root
184 state: link
diff --git a/roles/services/containers/photoprism/defaults/main.yml b/roles/services/containers/photoprism/defaults/main.yml
new file mode 100644
index 0000000..ceca8c3
--- /dev/null
+++ b/roles/services/containers/photoprism/defaults/main.yml
@@ -0,0 +1,10 @@
1photoprism_admin_user: "admin"
2photoprism_auth_mode: "password"
3photoprism_site_url: "https://photos.chudnick.com"
4photoprism_external_port: 2342
5photoprism_nginx_config: data/photoprism/photoprism.conf
6photoprism_network_name: photoprism_net
7photoprism_subnet: 172.25.15.0/24
8photoprism_gateway: 172.25.15.1
9photoprism_ipv4: 172.25.15.2
10nextcloud_external_port: 8006
diff --git a/roles/services/containers/photoprism/handlers/main.yml b/roles/services/containers/photoprism/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/photoprism/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/photoprism/tasks/main.yml b/roles/services/containers/photoprism/tasks/main.yml
new file mode 100644
index 0000000..e6ac544
--- /dev/null
+++ b/roles/services/containers/photoprism/tasks/main.yml
@@ -0,0 +1,115 @@
1- name: set image fact
2 set_fact:
3 image: photoprism/photoprism:221118-jammy
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create photoprism directory
13 file:
14 path: "{{ docker_home }}/photoprism"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_login:
26 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
27 registry_url: "{{ docker_registry_url }}"
28 username: "{{ docker_registry_username }}"
29 password: "{{ docker_registry_password }}"
30
31- name: get photoprism image
32 become: yes
33 become_user: "{{ docker_username }}"
34 environment:
35 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
36 docker_image:
37 name: "{{ image }}"
38 repository: "{{ custom_registry }}/{{ repo_tag }}"
39 push: yes
40 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
41 source: pull
42 force_source: yes
43
44- name: create photoprism data directory
45 file:
46 path: "{{ docker_home }}/photoprism/data"
47 state: directory
48 owner: "{{ docker_username }}"
49 group: "{{ docker_username }}"
50 mode: '0755'
51
52- name: create photoprism photos directory
53 file:
54 path: "{{ docker_home }}/photoprism/photos"
55 state: directory
56 owner: "{{ docker_username }}"
57 group: "{{ docker_username }}"
58 mode: '0755'
59
60- name: create photoprism docker network
61 docker_network:
62 name: "{{ photoprism_network_name }}"
63 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
64 driver: bridge
65 ipam_config:
66 - subnet: "{{ photoprism_subnet }}"
67 gateway: "{{ photoprism_gateway }}"
68
69- name: create and deploy photoprism container
70 become: yes
71 become_user: "{{ docker_username }}"
72 environment:
73 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
74 docker_container:
75 name: "photoprism"
76 hostname: "photoprism"
77 image: "{{ custom_registry }}/{{ repo_tag }}"
78 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
79 purge_networks: yes
80 networks:
81 - name: "{{ photoprism_network_name }}"
82 ipv4_address: "{{ photoprism_ipv4 }}"
83 ports:
84 - "127.0.0.1:{{ photoprism_external_port }}:2342"
85 state: 'started'
86 recreate: yes
87 restart_policy: unless-stopped
88 volumes:
89 - "{{ docker_home }}/photoprism/photos:/photoprism/originals"
90 - "{{ docker_home }}/photoprism/data:/photoprism/storage"
91 env:
92 "PHOTOPRISM_ADMIN_USER": "{{ photoprism_admin_user }}"
93 "PHOTOPRISM_ADMIN_PASSWORD": "{{ photoprism_admin_password }}"
94 "PHOTOPRISM_AUTH_MODE": "{{ photoprism_auth_mode }}"
95 "PHOTOPRISM_SITE_URL": "{{ photoprism_site_url }}"
96 "PHOTOPRISM_DATABASE_DRIVER": "sqlite"
97 "PHOTOPRISM_DISABLE_PLACES": "true"
98
99- name: deploy nginx configuration
100 notify: restart nginx
101 register: nginx_config
102 copy:
103 src: "{{ photoprism_nginx_config }}"
104 dest: /etc/nginx/sites-available/photoprism.conf
105 owner: root
106 group: root
107 mode: '0644'
108
109- name: symlink site
110 file:
111 src: /etc/nginx/sites-available/photoprism.conf
112 dest: /etc/nginx/sites-enabled/photoprism.conf
113 owner: root
114 group: root
115 state: link
diff --git a/roles/services/containers/pihole_exporter/tasks/main.yml b/roles/services/containers/pihole_exporter/tasks/main.yml
new file mode 100644
index 0000000..4c52dc7
--- /dev/null
+++ b/roles/services/containers/pihole_exporter/tasks/main.yml
@@ -0,0 +1,97 @@
1- name: set image fact
2 set_fact:
3 image: ekofr/pihole-exporter:v0.4.0
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create pihole_exporter directory
13 file:
14 path: "{{ docker_home }}/pihole_exporter"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_login:
26 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
27 registry_url: "{{ docker_registry_url }}"
28 username: "{{ docker_registry_username }}"
29 password: "{{ docker_registry_password }}"
30
31- name: get pihole_exporter image
32 become: yes
33 become_user: "{{ docker_username }}"
34 environment:
35 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
36 docker_image:
37 name: "{{ image }}"
38 repository: "{{ custom_registry }}/{{ repo_tag }}"
39 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
40 source: pull
41 force_source: yes
42 push: yes
43
44- name: create pihole_exporter docker network
45 become: yes
46 become_user: "{{ docker_username }}"
47 docker_network:
48 name: "{{ pihole_exporter_network_name }}"
49 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
50 driver: bridge
51 ipam_config:
52 - subnet: "{{ pihole_exporter_subnet }}"
53 gateway: "{{ pihole_exporter_gateway }}"
54
55- name: create and deploy pihole_exporter container
56 become: yes
57 become_user: "{{ docker_username }}"
58 environment:
59 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
60 docker_container:
61 name: "pihole_exporter"
62 hostname: "pihole_exporter"
63 image: "{{ custom_registry }}/{{ repo_tag }}"
64 pull: yes
65 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
66 purge_networks: yes
67 networks:
68 - name: "{{ pihole_exporter_network_name }}"
69 ports:
70 - "127.0.0.1:9617:9617"
71 state: 'started'
72 recreate: yes
73 restart_policy: unless-stopped
74 env:
75 "PIHOLE_HOSTNAME": "{{ pihole_ip }}"
76 "PIHOLE_API_TOKEN": "{{ pihole_api_token }}"
77 "PORT": "{{ pihole_api_port }}"
78 cap_drop:
79 - all
80
81- name: deploy nginx configuration
82 notify: restart nginx
83 register: nginx_config
84 copy:
85 src: "{{ pihole_exporter_nginx_config }}"
86 dest: /etc/nginx/sites-available/pihole-exporter.conf
87 owner: root
88 group: root
89 mode: '0644'
90
91- name: symlink site
92 file:
93 src: /etc/nginx/sites-available/pihole-exporter.conf
94 dest: /etc/nginx/sites-enabled/pihole-exporter.conf
95 owner: root
96 group: root
97 state: link
diff --git a/roles/services/containers/pywttr_docker/handlers/main.yml b/roles/services/containers/pywttr_docker/handlers/main.yml
new file mode 100644
index 0000000..de5dcb6
--- /dev/null
+++ b/roles/services/containers/pywttr_docker/handlers/main.yml
@@ -0,0 +1,18 @@
1- name: build pywttr-docker image
2 become: yes
3 become_user: "{{ docker_username }}"
4 environment:
5 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
6 docker_image:
7 name: "{{ docker_registry_url }}/{{ docker_registry_username }}/pywttr-docker:latest"
8 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
9 build:
10 path: /srv/docker/pywttr-docker/src
11 source: build
12 push: yes
13 force_source: yes
14
15- name: restart nginx
16 service:
17 name: nginx
18 state: restarted
diff --git a/roles/services/containers/pywttr_docker/tasks/main.yml b/roles/services/containers/pywttr_docker/tasks/main.yml
new file mode 100644
index 0000000..45f7b2f
--- /dev/null
+++ b/roles/services/containers/pywttr_docker/tasks/main.yml
@@ -0,0 +1,74 @@
1- name: set image fact
2 set_fact:
3 image: gitea.chudnick.com/sam/pywttr-docker:latest
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create pywttr-docker directory
13 file:
14 path: "{{ docker_home }}/pywttr-docker"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: clone pywttr-docker repository
21 notify: build pywttr-docker image
22 git:
23 repo: https://gitea.chudnick.com/sam/pywttr-docker
24 dest: "{{ docker_home }}/pywttr-docker/src"
25
26- meta: flush_handlers
27
28- name: create pywttr-docker network
29 become: yes
30 become_user: "{{ docker_username }}"
31 docker_network:
32 name: "{{ pywttr_docker_network_name }}"
33 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
34 driver: bridge
35 ipam_config:
36 - subnet: "{{ pywttr_docker_subnet }}"
37 gateway: "{{ pywttr_docker_gateway }}"
38
39- name: create and deploy pywttr-docker container
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_container:
45 name: "pywttr-docker"
46 hostname: "pywttr-docker"
47 image: "{{ image }}"
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 purge_networks: yes
50 networks:
51 - name: "{{ pywttr_docker_network_name }}"
52 ipv4_address: "{{ pywttr_docker_ipv4 }}"
53 ports:
54 - "127.0.0.1:{{ pywttr_docker_external_port }}:8000"
55 state: 'started'
56 recreate: yes
57 restart_policy: unless-stopped
58
59- name: deploy nginx configuration
60 notify: restart nginx
61 template:
62 src: "{{ pywttr_docker_nginx_config }}"
63 dest: /etc/nginx/sites-available/pywttr-docker.conf
64 owner: root
65 group: root
66 mode: '0644'
67
68- name: symlink site
69 file:
70 src: /etc/nginx/sites-available/pywttr-docker.conf
71 dest: /etc/nginx/sites-enabled/pywttr-docker.conf
72 owner: root
73 group: root
74 state: link
diff --git a/roles/services/containers/renovate/tasks/main.yml b/roles/services/containers/renovate/tasks/main.yml
new file mode 100644
index 0000000..bbbfe11
--- /dev/null
+++ b/roles/services/containers/renovate/tasks/main.yml
@@ -0,0 +1,87 @@
1- name: set image fact
2 set_fact:
3 image: renovate/renovate:35.141.3-slim
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create renovate directory
13 file:
14 path: "{{ docker_home }}/renovate"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_login:
26 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
27 registry_url: "{{ docker_registry_url }}"
28 username: "{{ docker_registry_username }}"
29 password: "{{ docker_registry_password }}"
30
31- name: create renovate docker network
32 become: yes
33 become_user: "{{ docker_username }}"
34 docker_network:
35 name: "{{ renovate_network_name }}"
36 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
37 driver: bridge
38 ipam_config:
39 - subnet: "{{ renovate_subnet }}"
40 gateway: "{{ renovate_gateway }}"
41
42- name: pull and push renovate image
43 become: yes
44 become_user: "{{ docker_username }}"
45 environment:
46 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
47 docker_image:
48 name: "{{ image }}"
49 repository: "{{ custom_registry }}/{{ repo_tag }}"
50 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
51 source: pull
52 force_source: yes
53 push: yes
54
55- name: create and deploy renovate container
56 become: yes
57 become_user: "{{ docker_username }}"
58 environment:
59 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
60 docker_container:
61 name: "renovate"
62 image: "{{ custom_registry }}/{{ repo_tag }}"
63 pull: yes
64 recreate: yes
65 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
66 purge_networks: yes
67 networks:
68 - name: "{{ renovate_network_name }}"
69 ipv4_address: "{{ renovate_ipv4 }}"
70 env:
71 "RENOVATE_ENDPOINT": "{{ renovate_endpoint }}"
72 "RENOVATE_PLATFORM": "gitea"
73 "RENOVATE_TOKEN": "{{ renovate_token }}"
74 "RENOVATE_AUTODISCOVER": "true"
75 "LOG_LEVEL": "debug"
76 "RENOVATE_GIT_AUTHOR": "{{ renovate_author }}"
77 restart_policy: "no"
78 state: 'started'
79
80
81- name: create cron job to run renovate container daily
82 cron:
83 name: "run renovate"
84 job: "docker start renovate"
85 user: "{{ docker_username }}"
86 minute: "0"
87 hour: "6"
diff --git a/roles/services/containers/searxng/handlers/main.yml b/roles/services/containers/searxng/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/searxng/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/searxng/tasks/main.yml b/roles/services/containers/searxng/tasks/main.yml
new file mode 100644
index 0000000..fa7609c
--- /dev/null
+++ b/roles/services/containers/searxng/tasks/main.yml
@@ -0,0 +1,170 @@
1- name: set image fact
2 set_fact:
3 image: "searxng/searxng:2023.6.16-71b6ff07"
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create searxng directory
13 file:
14 path: "{{ docker_home }}/searxng"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: login to docker registry
21 become: yes
22 become_user: "{{ docker_username }}"
23 environment:
24 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
25 docker_login:
26 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
27 registry_url: "{{ docker_registry_url }}"
28 username: "{{ docker_registry_username }}"
29 password: "{{ docker_registry_password }}"
30
31- name: get searxng image
32 become: yes
33 become_user: "{{ docker_username }}"
34 environment:
35 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
36 docker_image:
37 source: pull
38 force_source: yes
39 name: "{{ image }}"
40 repository: "{{ custom_registry }}/{{ repo_tag }}"
41 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
42 push: yes
43
44- name: create searxng config directory
45 file:
46 path: "{{ docker_home }}/searxng/config"
47 state: directory
48 owner: "{{ docker_username }}"
49 group: "{{ docker_username }}"
50 mode: '0755'
51
52- name: create redis_searxng directory
53 file:
54 path: "{{ docker_home }}/redis_searxng"
55 state: directory
56 owner: "{{ docker_username }}"
57 group: "{{ docker_username }}"
58 mode: '0755'
59
60- name: create redis_searxng data directory
61 file:
62 path: "{{ docker_home }}/redis_searxng/data"
63 state: directory
64 owner: "{{ docker_username }}"
65 group: "{{ docker_username }}"
66 mode: '0755'
67
68- name: place searxng config in proper location
69 copy:
70 src: "{{ searxng_config }}"
71 dest: "{{ docker_home }}/searxng/config/settings.yml"
72 owner: root
73 group: docker
74 mode: '0644'
75
76- name: place uwsgi config
77 copy:
78 src: "{{ searxng_uwsgi_config }}"
79 dest: "{{ docker_home }}/searxng/config/uwsgi.ini"
80 owner: root
81 group: docker
82 mode: '0644'
83
84- name: create searxng docker network
85 docker_network:
86 name: "{{ searxng_network_name }}"
87 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
88 driver: bridge
89 ipam_config:
90 - subnet: "{{ searxng_subnet }}"
91 gateway: "{{ searxng_gateway }}"
92
93- name: create and deploy searxng container
94 become: yes
95 become_user: "{{ docker_username }}"
96 environment:
97 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
98 docker_container:
99 name: "searxng"
100 image: "{{ custom_registry }}/{{ repo_tag }}"
101 pull: yes
102 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
103 purge_networks: yes
104 networks:
105 - name: "{{ searxng_network_name }}"
106 ipv4_address: "{{ searxng_ipv4 }}"
107 ports:
108 - "127.0.0.1:8080:8080"
109 volumes:
110 - "{{ docker_home }}/searxng/config:/etc/searxng"
111 env:
112 SEARXNG_BASE_URL: "https://searxng.chudnick.com/"
113 cap_drop:
114 - all
115 capabilities:
116 - CHOWN
117 - SETGID
118 - SETUID
119 - DAC_OVERRIDE
120 hostname: "searxng"
121 restart_policy: unless-stopped
122 state: 'started'
123 recreate: yes
124
125- name: create and deploy redis container
126 become: yes
127 become_user: "{{ docker_username }}"
128 environment:
129 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
130 docker_container:
131 restart_policy: unless-stopped
132 name: "redis_searxng"
133 image: redis:alpine
134 pull: yes
135 command: redis-server --save "" --appendonly "no"
136 purge_networks: yes
137 networks:
138 - name: "{{ searxng_network_name }}"
139 ipv4_address: "{{ redis_searxng_ipv4 }}"
140 tmpfs:
141 - /var/lib/redis
142 cap_drop:
143 - all
144 capabilities:
145 - SETGID
146 - SETUID
147 - DAC_OVERRIDE
148 hostname: "redis"
149 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
150 state: 'started'
151 comparisons:
152 '*': strict
153
154- name: deploy nginx configuration
155 notify: restart nginx
156 register: nginx_config
157 copy:
158 src: "{{ searxng_nginx_config }}"
159 dest: /etc/nginx/sites-available/searxng.conf
160 owner: root
161 group: root
162 mode: '0644'
163
164- name: symlink site
165 file:
166 src: /etc/nginx/sites-available/searxng.conf
167 dest: /etc/nginx/sites-enabled/searxng.conf
168 owner: root
169 group: root
170 state: link
diff --git a/roles/services/containers/text_generation/handlers/main.yml b/roles/services/containers/text_generation/handlers/main.yml
new file mode 100644
index 0000000..7aab823
--- /dev/null
+++ b/roles/services/containers/text_generation/handlers/main.yml
@@ -0,0 +1,29 @@
1- name: login to docker registry
2 become: yes
3 become_user: "{{ docker_username }}"
4 environment:
5 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
6 docker_login:
7 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
8 registry_url: "{{ docker_registry_url }}"
9 username: "{{ docker_registry_username }}"
10 password: "{{ docker_registry_password }}"
11
12- name: build text-generation image
13 become: yes
14 become_user: "{{ docker_username }}"
15 environment:
16 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
17 docker_image:
18 name: "{{ docker_registry_url }}/{{ docker_registry_username }}/text-generation:latest"
19 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
20 build:
21 path: /srv/docker/text-generation/src
22 source: build
23 push: yes
24 force_source: yes
25
26- name: restart nginx
27 service:
28 name: nginx
29 state: restarted
diff --git a/roles/services/containers/text_generation/tasks/main.yml b/roles/services/containers/text_generation/tasks/main.yml
new file mode 100644
index 0000000..80988a6
--- /dev/null
+++ b/roles/services/containers/text_generation/tasks/main.yml
@@ -0,0 +1,89 @@
1- name: set image fact
2 set_fact:
3 image: gitea.chudnick.com/sam/text-generation:latest
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create text-generation directory
13 file:
14 path: "{{ docker_home }}/text-generation"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create models directory
21 file:
22 path: "{{ docker_home }}/text-generation/models"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: clone text-generation repository
29 notify:
30 - login to docker registry
31 - build text-generation image
32 git:
33 repo: https://gitea.chudnick.com/sam/text-generation-docker
34 dest: "{{ docker_home }}/text-generation/src"
35
36- meta: flush_handlers
37
38- name: create text-generation network
39 become: yes
40 become_user: "{{ docker_username }}"
41 docker_network:
42 name: "{{ text_generation_network_name }}"
43 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
44 driver: bridge
45 ipam_config:
46 - subnet: "{{ text_generation_subnet }}"
47 gateway: "{{ text_generation_gateway }}"
48
49- name: create and deploy text-generation container
50 become: yes
51 become_user: "{{ docker_username }}"
52 environment:
53 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
54 docker_container:
55 name: "text-generation"
56 hostname: "text-generation"
57 image: "{{ image }}"
58 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
59 purge_networks: yes
60 networks:
61 - name: "{{ text_generation_network_name }}"
62 ipv4_address: "{{ text_generation_ipv4 }}"
63 volumes:
64 - "{{ docker_home }}/text-generation/models:/models"
65 ports:
66 - "127.0.0.1:{{ text_generation_external_port }}:7860"
67 - "127.0.0.1:{{ text_generation_api_port }}:5005"
68 - "127.0.0.1:{{ text_generation_api_stream_port }}:5000"
69 command: "--cpu --listen --listen-port 7860 --chat --auto-devices --mlock"
70 state: 'started'
71 recreate: yes
72 restart_policy: unless-stopped
73
74- name: deploy nginx configuration
75 notify: restart nginx
76 template:
77 src: "{{ text_generation_nginx_config }}"
78 dest: /etc/nginx/sites-available/text-generation.conf
79 owner: root
80 group: root
81 mode: '0644'
82
83- name: symlink site
84 file:
85 src: /etc/nginx/sites-available/text-generation.conf
86 dest: /etc/nginx/sites-enabled/text-generation.conf
87 owner: root
88 group: root
89 state: link
diff --git a/roles/services/containers/vaultwarden/handlers/main.yml b/roles/services/containers/vaultwarden/handlers/main.yml
new file mode 100644
index 0000000..5463835
--- /dev/null
+++ b/roles/services/containers/vaultwarden/handlers/main.yml
@@ -0,0 +1,4 @@
1- name: restart nginx
2 service:
3 name: nginx
4 state: restarted
diff --git a/roles/services/containers/vaultwarden/tasks/main.yml b/roles/services/containers/vaultwarden/tasks/main.yml
new file mode 100644
index 0000000..fa63b58
--- /dev/null
+++ b/roles/services/containers/vaultwarden/tasks/main.yml
@@ -0,0 +1,79 @@
1- name: set image fact
2 set_fact:
3 image: vaultwarden/server:1.28.1
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create vaultwarden directory
13 file:
14 path: "{{ docker_home }}/vaultwarden"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create data directory
21 file:
22 path: "{{ docker_home }}/vaultwarden/data"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: create vaultwarden docker network
29 become: yes
30 become_user: "{{ docker_username }}"
31 docker_network:
32 name: "{{ vaultwarden_network_name }}"
33 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
34 driver: bridge
35 ipam_config:
36 - subnet: "{{ vaultwarden_subnet }}"
37 gateway: "{{ vaultwarden_gateway }}"
38
39- name: create and deploy vaultwarden container
40 become: yes
41 become_user: "{{ docker_username }}"
42 environment:
43 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
44 docker_container:
45 name: "vaultwarden"
46 hostname: "vaultwarden"
47 image: "{{ image }}"
48 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
49 purge_networks: yes
50 networks:
51 - name: "{{ vaultwarden_network_name }}"
52 ipv4_address: "{{ vaultwarden_ipv4 }}"
53 ports:
54 - "127.0.0.1:{{ vaultwarden_external_port }}:80"
55 volumes:
56 - "{{ docker_home }}/vaultwarden/data:/data"
57 env:
58 "DOMAIN": "https://{{ vaultwarden_server_name }}"
59 "DISABLE_ADMIN_TOKEN": "true"
60 state: 'started'
61 recreate: yes
62 restart_policy: unless-stopped
63
64- name: deploy nginx configuration
65 notify: restart nginx
66 template:
67 src: "{{ vaultwarden_nginx_config }}"
68 dest: /etc/nginx/sites-available/vaultwarden.conf
69 owner: root
70 group: root
71 mode: '0644'
72
73- name: symlink site
74 file:
75 src: /etc/nginx/sites-available/vaultwarden.conf
76 dest: /etc/nginx/sites-enabled/vaultwarden.conf
77 owner: root
78 group: root
79 state: link