From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 25 Jun 2023 09:52:36 -0400 Subject: Initial Commit --- .../containers/arr_stack/handlers/main.yml | 4 + .../containers/arr_stack/tasks/gluetun.yml | 105 ++++++++ .../services/containers/arr_stack/tasks/lidarr.yml | 93 +++++++ roles/services/containers/arr_stack/tasks/main.yml | 130 ++++++++++ .../containers/arr_stack/tasks/prowlarr.yml | 92 +++++++ .../containers/arr_stack/tasks/qbittorrent.yml | 94 +++++++ .../services/containers/arr_stack/tasks/radarr.yml | 93 +++++++ .../containers/arr_stack/tasks/readarr.yml | 93 +++++++ .../services/containers/arr_stack/tasks/sonarr.yml | 93 +++++++ .../services/containers/authelia/handlers/main.yml | 4 + roles/services/containers/authelia/tasks/main.yml | 283 +++++++++++++++++++++ .../containers/bookstack/handlers/main.yml | 4 + roles/services/containers/bookstack/tasks/main.yml | 118 +++++++++ .../services/containers/cadvisor/handlers/main.yml | 4 + roles/services/containers/cadvisor/tasks/main.yml | 90 +++++++ roles/services/containers/drawio/handlers/main.yml | 4 + roles/services/containers/drawio/tasks/main.yml | 149 +++++++++++ .../services/containers/firefly/handlers/main.yml | 4 + roles/services/containers/firefly/tasks/main.yml | 172 +++++++++++++ .../services/containers/freshrss/handlers/main.yml | 4 + roles/services/containers/freshrss/tasks/main.yml | 101 ++++++++ roles/services/containers/gitea/handlers/main.yml | 4 + roles/services/containers/gitea/tasks/main.yml | 171 +++++++++++++ .../containers/home_assistant/handlers/main.yml | 4 + .../containers/home_assistant/tasks/main.yml | 86 +++++++ roles/services/containers/homer/handlers/main.yml | 4 + roles/services/containers/homer/tasks/main.yml | 122 +++++++++ .../containers/invidious/handlers/main.yml | 29 +++ roles/services/containers/invidious/tasks/main.yml | 124 +++++++++ .../services/containers/jellyfin/handlers/main.yml | 4 + roles/services/containers/jellyfin/tasks/main.yml | 159 ++++++++++++ .../services/containers/kanboard/handlers/main.yml | 18 ++ roles/services/containers/kanboard/tasks/main.yml | 93 +++++++ .../containers/navidrome/handlers/main.yml | 4 + roles/services/containers/navidrome/tasks/main.yml | 117 +++++++++ .../containers/nextcloud/handlers/main.yml | 4 + roles/services/containers/nextcloud/tasks/main.yml | 184 ++++++++++++++ .../containers/photoprism/defaults/main.yml | 10 + .../containers/photoprism/handlers/main.yml | 4 + .../services/containers/photoprism/tasks/main.yml | 115 +++++++++ .../containers/pihole_exporter/tasks/main.yml | 97 +++++++ .../containers/pywttr_docker/handlers/main.yml | 18 ++ .../containers/pywttr_docker/tasks/main.yml | 74 ++++++ roles/services/containers/renovate/tasks/main.yml | 87 +++++++ .../services/containers/searxng/handlers/main.yml | 4 + roles/services/containers/searxng/tasks/main.yml | 170 +++++++++++++ .../containers/text_generation/handlers/main.yml | 29 +++ .../containers/text_generation/tasks/main.yml | 89 +++++++ .../containers/vaultwarden/handlers/main.yml | 4 + .../services/containers/vaultwarden/tasks/main.yml | 79 ++++++ 50 files changed, 3641 insertions(+) create mode 100644 roles/services/containers/arr_stack/handlers/main.yml create mode 100644 roles/services/containers/arr_stack/tasks/gluetun.yml create mode 100644 roles/services/containers/arr_stack/tasks/lidarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/main.yml create mode 100644 roles/services/containers/arr_stack/tasks/prowlarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/qbittorrent.yml create mode 100644 roles/services/containers/arr_stack/tasks/radarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/readarr.yml create mode 100644 roles/services/containers/arr_stack/tasks/sonarr.yml create mode 100644 roles/services/containers/authelia/handlers/main.yml create mode 100644 roles/services/containers/authelia/tasks/main.yml create mode 100644 roles/services/containers/bookstack/handlers/main.yml create mode 100644 roles/services/containers/bookstack/tasks/main.yml create mode 100644 roles/services/containers/cadvisor/handlers/main.yml create mode 100644 roles/services/containers/cadvisor/tasks/main.yml create mode 100644 roles/services/containers/drawio/handlers/main.yml create mode 100644 roles/services/containers/drawio/tasks/main.yml create mode 100644 roles/services/containers/firefly/handlers/main.yml create mode 100644 roles/services/containers/firefly/tasks/main.yml create mode 100644 roles/services/containers/freshrss/handlers/main.yml create mode 100644 roles/services/containers/freshrss/tasks/main.yml create mode 100644 roles/services/containers/gitea/handlers/main.yml create mode 100644 roles/services/containers/gitea/tasks/main.yml create mode 100644 roles/services/containers/home_assistant/handlers/main.yml create mode 100644 roles/services/containers/home_assistant/tasks/main.yml create mode 100644 roles/services/containers/homer/handlers/main.yml create mode 100644 roles/services/containers/homer/tasks/main.yml create mode 100644 roles/services/containers/invidious/handlers/main.yml create mode 100644 roles/services/containers/invidious/tasks/main.yml create mode 100644 roles/services/containers/jellyfin/handlers/main.yml create mode 100644 roles/services/containers/jellyfin/tasks/main.yml create mode 100644 roles/services/containers/kanboard/handlers/main.yml create mode 100644 roles/services/containers/kanboard/tasks/main.yml create mode 100644 roles/services/containers/navidrome/handlers/main.yml create mode 100644 roles/services/containers/navidrome/tasks/main.yml create mode 100644 roles/services/containers/nextcloud/handlers/main.yml create mode 100644 roles/services/containers/nextcloud/tasks/main.yml create mode 100644 roles/services/containers/photoprism/defaults/main.yml create mode 100644 roles/services/containers/photoprism/handlers/main.yml create mode 100644 roles/services/containers/photoprism/tasks/main.yml create mode 100644 roles/services/containers/pihole_exporter/tasks/main.yml create mode 100644 roles/services/containers/pywttr_docker/handlers/main.yml create mode 100644 roles/services/containers/pywttr_docker/tasks/main.yml create mode 100644 roles/services/containers/renovate/tasks/main.yml create mode 100644 roles/services/containers/searxng/handlers/main.yml create mode 100644 roles/services/containers/searxng/tasks/main.yml create mode 100644 roles/services/containers/text_generation/handlers/main.yml create mode 100644 roles/services/containers/text_generation/tasks/main.yml create mode 100644 roles/services/containers/vaultwarden/handlers/main.yml create mode 100644 roles/services/containers/vaultwarden/tasks/main.yml (limited to 'roles/services/containers') diff --git a/roles/services/containers/arr_stack/handlers/main.yml b/roles/services/containers/arr_stack/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/arr_stack/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/arr_stack/tasks/gluetun.yml b/roles/services/containers/arr_stack/tasks/gluetun.yml new file mode 100644 index 0000000..e47d55a --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/gluetun.yml @@ -0,0 +1,105 @@ +- name: set image fact + set_fact: + image: qmcgaw/gluetun:v3.34.3 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create gluetun directory + file: + path: "{{ docker_home }}/gluetun" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create gluetun data directory + file: + path: "{{ docker_home }}/gluetun/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push gluetun image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create gluetun docker network + docker_network: + name: "{{ gluetun_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ gluetun_subnet }}" + gateway: "{{ gluetun_gateway }}" + +- name: create and deploy gluetun container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "gluetun" + hostname: "gluetun" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + capabilities: + - net_admin + devices: + - "/dev/net/tun:/dev/net/tun" + purge_networks: yes + networks: + - name: "{{ gluetun_network_name }}" + ipv4_address: "{{ gluetun_ipv4 }}" + ports: + - "127.0.0.1:{{ qbittorrent_external_port }}:{{ qbittorrent_external_port }}" + - "127.0.0.1:{{ sonarr_external_port }}:8989" + - "127.0.0.1:{{ radarr_external_port }}:7878" + - "127.0.0.1:{{ lidarr_external_port }}:8686" + - "127.0.0.1:{{ readarr_external_port }}:8787" + - "127.0.0.1:{{ prowlarr_external_port }}:9696" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "TZ": "{{ timezone }}" + "VPN_SERVICE_PROVIDER": "mullvad" + "VPN_TYPE": "wireguard" + "WIREGUARD_PRIVATE_KEY": "{{ wireguard_privkey }}" + "WIREGUARD_ADDRESSES": "{{ wireguard_addrs }}" + "SERVER_CITIES": "{{ gluetun_cities }}" + "DOT_PROVIDERS": "quad9" + "BLOCK_MALICIOUS": "on" + "BLOCK_SURVEILLANCE": "on" + "BLOCK_ADS": "on" + "HEALTH_TARGET_ADDRESS": "www.debian.org:443" + volumes: + - "{{ docker_home }}/gluetun/data:/gluetun" diff --git a/roles/services/containers/arr_stack/tasks/lidarr.yml b/roles/services/containers/arr_stack/tasks/lidarr.yml new file mode 100644 index 0000000..1f70437 --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/lidarr.yml @@ -0,0 +1,93 @@ +- name: set image fact + set_fact: + image: linuxserver/lidarr:1.2.6-nightly + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create lidarr directory + file: + path: "{{ docker_home }}/lidarr" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create lidarr config directory + file: + path: "{{ docker_home }}/lidarr/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + xdg_runtime_dir: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push lidarr image + become: yes + become_user: "{{ docker_username }}" + environment: + xdg_runtime_dir: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create and deploy lidarr container + become: yes + become_user: "{{ docker_username }}" + environment: + xdg_runtime_dir: "/run/user/{{ docker_uid }}" + docker_container: + name: "lidarr" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + network_mode: "container:gluetun" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "tz": "{{ timezone }}" + "PUID": "0" + "PGID": "0" + volumes: + - "{{ docker_home }}/lidarr/config:/config" + - "{{ docker_home }}/arr/data:/data" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + template: + src: "{{ lidarr_nginx_config }}" + dest: /etc/nginx/sites-available/lidarr.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/lidarr.conf + dest: /etc/nginx/sites-enabled/lidarr.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/arr_stack/tasks/main.yml b/roles/services/containers/arr_stack/tasks/main.yml new file mode 100644 index 0000000..ee27384 --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/main.yml @@ -0,0 +1,130 @@ +- name: create arr directory structure + file: + path: "{{ docker_home }}/arr" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr directory structure + file: + path: "{{ docker_home }}/arr/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' + +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/torrents" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/torrents/movies" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/torrents/music" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/torrents/books" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/torrents/tv" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' + +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/usenet" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/usenet/movies" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/usenet/music" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/usenet/books" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/usenet/tv" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' + +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/media" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/media/movies" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/media/music" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/media/books" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' +- name: create arr/data directory structure + file: + path: "{{ docker_home }}/arr/data/media/tv" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0775' + +- include_tasks: gluetun.yml +- include_tasks: qbittorrent.yml +- include_tasks: sonarr.yml +- include_tasks: radarr.yml +- include_tasks: lidarr.yml +- include_tasks: readarr.yml +- include_tasks: prowlarr.yml diff --git a/roles/services/containers/arr_stack/tasks/prowlarr.yml b/roles/services/containers/arr_stack/tasks/prowlarr.yml new file mode 100644 index 0000000..53f1a45 --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/prowlarr.yml @@ -0,0 +1,92 @@ +- name: set image fact + set_fact: + image: linuxserver/prowlarr:1.6.2-nightly + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create prowlarr directory + file: + path: "{{ docker_home }}/prowlarr" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create prowlarr config directory + file: + path: "{{ docker_home }}/prowlarr/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push prowlarr image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create and deploy prowlarr container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "prowlarr" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + network_mode: "container:gluetun" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "TZ": "{{ timezone }}" + "PUID": "0" + "PGID": "0" + volumes: + - "{{ docker_home }}/prowlarr/config:/config" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + template: + src: "{{ prowlarr_nginx_config }}" + dest: /etc/nginx/sites-available/prowlarr.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/prowlarr.conf + dest: /etc/nginx/sites-enabled/prowlarr.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/arr_stack/tasks/qbittorrent.yml b/roles/services/containers/arr_stack/tasks/qbittorrent.yml new file mode 100644 index 0000000..25e554f --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/qbittorrent.yml @@ -0,0 +1,94 @@ +- name: set image fact + set_fact: + image: linuxserver/qbittorrent:4.5.4 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create qbittorrent directory + file: + path: "{{ docker_home }}/qbittorrent" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create qbittorrent config directory + file: + path: "{{ docker_home }}/qbittorrent/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push qbittorrent image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create and deploy qbittorrent container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "qbittorrent" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + network_mode: "container:gluetun" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "TZ": "{{ timezone }}" + "WEBUI_PORT": "{{ qbittorrent_external_port }}" + "PUID": "0" + "PGID": "0" + volumes: + - "{{ docker_home }}/qbittorrent/config:/config" + - "{{ docker_home }}/arr/data:/data" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + template: + src: "{{ qbittorrent_nginx_config }}" + dest: /etc/nginx/sites-available/qbittorrent.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/qbittorrent.conf + dest: /etc/nginx/sites-enabled/qbittorrent.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/arr_stack/tasks/radarr.yml b/roles/services/containers/arr_stack/tasks/radarr.yml new file mode 100644 index 0000000..2e98c47 --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/radarr.yml @@ -0,0 +1,93 @@ +- name: set image fact + set_fact: + image: linuxserver/radarr:4.6.4-nightly + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create radarr directory + file: + path: "{{ docker_home }}/radarr" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create radarr config directory + file: + path: "{{ docker_home }}/radarr/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + xdg_runtime_dir: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push radarr image + become: yes + become_user: "{{ docker_username }}" + environment: + xdg_runtime_dir: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create and deploy radarr container + become: yes + become_user: "{{ docker_username }}" + environment: + xdg_runtime_dir: "/run/user/{{ docker_uid }}" + docker_container: + name: "radarr" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + network_mode: "container:gluetun" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "tz": "{{ timezone }}" + "PUID": "0" + "PGID": "0" + volumes: + - "{{ docker_home }}/radarr/config:/config" + - "{{ docker_home }}/arr/data:/data" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + template: + src: "{{ radarr_nginx_config }}" + dest: /etc/nginx/sites-available/radarr.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/radarr.conf + dest: /etc/nginx/sites-enabled/radarr.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/arr_stack/tasks/readarr.yml b/roles/services/containers/arr_stack/tasks/readarr.yml new file mode 100644 index 0000000..bd8b2ec --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/readarr.yml @@ -0,0 +1,93 @@ +- name: set image fact + set_fact: + image: linuxserver/readarr:0.2.0-nightly + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create readarr directory + file: + path: "{{ docker_home }}/readarr" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create readarr config directory + file: + path: "{{ docker_home }}/readarr/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push readarr image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create and deploy readarr container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "readarr" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + network_mode: "container:gluetun" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "TZ": "{{ timezone }}" + "PUID": "0" + "PGID": "0" + volumes: + - "{{ docker_home }}/readarr/config:/config" + - "{{ docker_home }}/arr/data:/data" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + template: + src: "{{ readarr_nginx_config }}" + dest: /etc/nginx/sites-available/readarr.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/readarr.conf + dest: /etc/nginx/sites-enabled/readarr.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/arr_stack/tasks/sonarr.yml b/roles/services/containers/arr_stack/tasks/sonarr.yml new file mode 100644 index 0000000..ac712ba --- /dev/null +++ b/roles/services/containers/arr_stack/tasks/sonarr.yml @@ -0,0 +1,93 @@ +- name: set image fact + set_fact: + image: linuxserver/sonarr:develop-version-4.0.0.433 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create sonarr directory + file: + path: "{{ docker_home }}/sonarr" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create sonarr config directory + file: + path: "{{ docker_home }}/sonarr/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push sonarr image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create and deploy sonarr container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "sonarr" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + network_mode: "container:gluetun" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "TZ": "{{ timezone }}" + "PUID": "0" + "PGID": "0" + volumes: + - "{{ docker_home }}/sonarr/config:/config" + - "{{ docker_home }}/arr/data:/data" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + template: + src: "{{ sonarr_nginx_config }}" + dest: /etc/nginx/sites-available/sonarr.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/sonarr.conf + dest: /etc/nginx/sites-enabled/sonarr.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/authelia/handlers/main.yml b/roles/services/containers/authelia/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/authelia/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/authelia/tasks/main.yml b/roles/services/containers/authelia/tasks/main.yml new file mode 100644 index 0000000..c6bb337 --- /dev/null +++ b/roles/services/containers/authelia/tasks/main.yml @@ -0,0 +1,283 @@ +- name: set image fact + set_fact: + image: authelia/authelia:master + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create authelia directory + file: + path: "{{ docker_home }}/authelia" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create authelia config directory + file: + path: "{{ docker_home }}/authelia/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create authelia secrets directory + file: + path: "{{ docker_home }}/authelia/secrets" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create redis data directory + file: + path: "{{ docker_home }}/authelia/redis_data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: place authelia config in proper location + copy: + src: "{{ authelia_config }}" + dest: "{{ docker_home }}/authelia/config/configuration.yml" + owner: root + group: docker + mode: '0644' + +# nginx snippets + +- name: copy proxy.conf snippet + copy: + src: "{{ authelia_proxy_snippet }}" + dest: "/etc/nginx/snippets/proxy.conf" + owner: root + group: root + mode: '0644' + +- name: copy authelia-location.conf snippet + copy: + src: "{{ authelia_location_snippet }}" + dest: "/etc/nginx/snippets/authelia-location.conf" + owner: root + group: root + mode: '0644' + +- name: copy authelia-authrequest.conf snippet + copy: + src: "{{ authelia_request_snippet }}" + dest: "/etc/nginx/snippets/authelia-authrequest.conf" + owner: root + group: root + mode: '0644' + + +# authelia secrets + +- name: create jwt_secret file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/jwt_secret" + insertbefore: BOF + line: "{{ authelia_jwt_secret }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create session_secret file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/session_secret" + insertbefore: BOF + line: "{{ authelia_session_secret }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create encryption_key file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/encryption_key" + insertbefore: BOF + line: "{{ authelia_encryption_key }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create oidc_hmac file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/oidc_hmac" + insertbefore: BOF + line: "{{ authelia_oidc_hmac }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: remove existing cert file + file: + path: "{{ docker_home }}/authelia/secrets/oidc_cert" + state: absent + +- name: create oidc_cert file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/oidc_cert" + insertbefore: BOF + line: "{{ authelia_oidc_cert }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: remove existing key file + file: + path: "{{ docker_home }}/authelia/secrets/oidc_key" + state: absent + +- name: create oidc_key file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/oidc_key" + insertbefore: BOF + line: "{{ authelia_oidc_key }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create smtp_password file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/smtp_password" + insertbefore: BOF + line: "{{ authelia_smtp_password }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create ldap_password file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/ldap_password" + insertbefore: BOF + line: "{{ authelia_ldap_password }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push authelia image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create authelia docker network + docker_network: + name: "{{ authelia_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ authelia_subnet }}" + gateway: "{{ authelia_gateway }}" + +- name: create and deploy authelia container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "authelia" + hostname: "authelia" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ authelia_network_name }}" + ipv4_address: "{{ authelia_ipv4 }}" + ports: + - "127.0.0.1:9091:9091" + - "127.0.0.1:9959:9959" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "TZ": "{{ timezone }}" + "AUTHELIA_JWT_SECRET_FILE": "/secrets/jwt_secret" + "AUTHELIA_SESSION_SECRET_FILE": "/secrets/session_secret" + "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE": "/secrets/encryption_key" + "AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE": "/secrets/oidc_hmac" + "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE": "/secrets/oidc_cert" + "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE": "/secrets/oidc_key" + "AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE": "/secrets/smtp_password" + "AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE": "/secrets/ldap_password" + volumes: + - "{{ docker_home }}/authelia/config:/config" + - "{{ docker_home }}/authelia/secrets:/secrets" + + +- name: create and deploy redis container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "redis_authelia" + hostname: "redis_authelia" + image: redis:alpine + state: 'started' + recreate: yes + pull: yes + restart_policy: unless-stopped + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ authelia_network_name }}" + ipv4_address: "{{ redis_authelia_ipv4 }}" + volumes: + - "{{ docker_home }}/authelia/redis_data:/data" + exposed_ports: + - '6379' + env: + "TZ": "{{ timezone }}" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ authelia_nginx_config }}" + dest: /etc/nginx/sites-available/authelia.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/authelia.conf + dest: /etc/nginx/sites-enabled/authelia.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/bookstack/handlers/main.yml b/roles/services/containers/bookstack/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/bookstack/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/bookstack/tasks/main.yml b/roles/services/containers/bookstack/tasks/main.yml new file mode 100644 index 0000000..3965143 --- /dev/null +++ b/roles/services/containers/bookstack/tasks/main.yml @@ -0,0 +1,118 @@ +- name: set image fact + set_fact: + image: linuxserver/bookstack:version-v23.05 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create bookstack directory + file: + path: "{{ docker_home }}/bookstack" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create data directory + file: + path: "{{ docker_home }}/bookstack/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create bookstack docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ bookstack_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ bookstack_subnet }}" + gateway: "{{ bookstack_gateway }}" + +- name: create and deploy bookstack db + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "bookstack-db" + hostname: "bookstack-db" + image: linuxserver/mariadb:10.11.4 + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ bookstack_network_name }}" + ipv4_address: "{{ bookstack_db_ipv4 }}" + volumes: + - "{{ docker_home }}/bookstack/data:/config" + env: + "TZ": "{{ timezone }}" + "MYSQL_ROOT_PASSWORD": "{{ bookstack_mysql_root_password }}" + "MYSQL_DATABASE": "bookstack" + "MYSQL_USER": "bookstack" + "MYSQL_PASSWORD": "{{ bookstack_mysql_password }}" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: create and deploy bookstack container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "bookstack" + hostname: "bookstack" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ bookstack_network_name }}" + ipv4_address: "{{ bookstack_ipv4 }}" + ports: + - "127.0.0.1:{{ bookstack_external_port }}:80" + volumes: + - "{{ docker_home }}/bookstack/data:/config" + env: + "DB_HOST": "bookstack-db" + "DB_PORT": "3306" + "DB_USER": "bookstack" + "DB_PASS": "{{ bookstack_mysql_password }}" + "DB_DATABASE": "bookstack" + "APP_URL": "https://{{ bookstack_server_name }}" + "AUTH_METHOD": "oidc" + "OIDC_NAME": "SSO" + "OIDC_DISPLAY_NAME_CLAIMS": "name" + "OIDC_CLIENT_ID": "bookstack" + "OIDC_CLIENT_SECRET": "{{ bookstack_oidc_secret }}" + "OIDC_ISSUER": "{{ oidc_issuer }}" + "OIDC_ISSUER_DISCOVER": "true" + "APP_DEFAULT_DARK_MODE": "true" + #"OIDC_DUMP_USER_DETAILS": "true" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ bookstack_nginx_config }}" + dest: /etc/nginx/sites-available/bookstack.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/bookstack.conf + dest: /etc/nginx/sites-enabled/bookstack.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/cadvisor/handlers/main.yml b/roles/services/containers/cadvisor/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/cadvisor/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/cadvisor/tasks/main.yml b/roles/services/containers/cadvisor/tasks/main.yml new file mode 100644 index 0000000..cc30cdb --- /dev/null +++ b/roles/services/containers/cadvisor/tasks/main.yml @@ -0,0 +1,90 @@ +- name: create cadvisor directory + file: + path: "{{ docker_home }}/cadvisor" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: build cadvisor image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ docker_registry_url }}/{{ docker_registry_username }}/cadvisor:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + build: + path: /srv/docker/cadvisor/src + dockerfile: deploy/Dockerfile + source: build + push: yes + +- name: create cadvisor docker network + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_network: + name: "{{ cadvisor_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ cadvisor_subnet }}" + gateway: "{{ cadvisor_gateway }}" + +- name: create and deploy cadvisor container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "cadvisor" + hostname: "cadvisor" + image: "{{ docker_registry_url }}/{{ docker_registry_username }}/cadvisor:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ cadvisor_network_name }}" + ipv4_address: "{{ cadvisor_ipv4 }}" + ports: + - "127.0.0.1:{{ cadvisor_external_port }}:8080" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + volumes: + - "/:/rootfs:ro" + - "/run/user/{{ docker_uid }}:/var/run:ro" + - "/sys:/sys:ro" + - "/{{ docker_home }}/.local/share/docker:/var/lib/docker:ro" + - "/dev/disk:/dev/disk:ro" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ cadvisor_nginx_config }}" + dest: /etc/nginx/sites-available/cadvisor.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/cadvisor.conf + dest: /etc/nginx/sites-enabled/cadvisor.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/drawio/handlers/main.yml b/roles/services/containers/drawio/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/drawio/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/drawio/tasks/main.yml b/roles/services/containers/drawio/tasks/main.yml new file mode 100644 index 0000000..27bbefd --- /dev/null +++ b/roles/services/containers/drawio/tasks/main.yml @@ -0,0 +1,149 @@ +- name: set image fact + set_fact: + image: jgraph/drawio:21.5.0 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create drawio directory + file: + path: "{{ docker_home }}/drawio" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create drawio fonts directory + file: + path: /usr/share/fonts/drawio + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get drawio image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + push: yes + +- name: get export-server image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ docker_registry_url }}/{{ docker_registry_username }}/image-export:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + push: yes + +- name: create drawio docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ drawio_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ drawio_subnet }}" + gateway: "{{ drawio_gateway }}" + +- name: create and deploy drawio export-server + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "image-export" + image: "{{ docker_registry_url }}/{{ docker_registry_username }}/image-export:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + pull: yes + exposed_ports: + - '8000' + purge_networks: yes + networks: + - name: "{{ drawio_network_name }}" + ipv4_address: "{{ drawio_export_ipv4 }}" + volumes: + - fonts_volume:/usr/share/fonts/drawio + env: + DRAWIO_BASE_URL: "{{ drawio_base_url }}" + cap_drop: + - all + hostname: "image-export" + restart_policy: unless-stopped + state: 'started' + recreate: yes + +- name: create and deploy drawio + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "drawio" + image: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + pull: yes + purge_networks: yes + networks: + - name: "{{ drawio_network_name }}" + ipv4_address: "{{ drawio_ipv4 }}" + ports: + - "127.0.0.1:8443:8443" + - "127.0.0.1:8400:8080" + links: + - image-export:image-export + env: + DRAWIO_SELF_CONTAINED: "1" + PLANTUML_URL: "http://plantuml-server:8080/" + EXPORT_URL: "http://image-export:8000/" + DRAWIO_PUSHER_MODE: "2" + cap_drop: + - all + hostname: "drawio" + restart_policy: unless-stopped + state: 'started' + recreate: yes + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ drawio_nginx_config }}" + dest: /etc/nginx/sites-available/drawio.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/drawio.conf + dest: /etc/nginx/sites-enabled/drawio.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/firefly/handlers/main.yml b/roles/services/containers/firefly/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/firefly/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/firefly/tasks/main.yml b/roles/services/containers/firefly/tasks/main.yml new file mode 100644 index 0000000..ab389e2 --- /dev/null +++ b/roles/services/containers/firefly/tasks/main.yml @@ -0,0 +1,172 @@ +- name: set image fact + set_fact: + image: fireflyiii/core:version-6.0.13 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create firefly directory + file: + path: "{{ docker_home }}/firefly" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create data directory + file: + path: "{{ docker_home }}/firefly/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create db directory + file: + path: "{{ docker_home }}/firefly/db" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create firefly docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ firefly_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ firefly_subnet }}" + gateway: "{{ firefly_gateway }}" + +- name: create and deploy firefly db + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "firefly-db" + hostname: "firefly-db" + image: postgres:alpine + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ firefly_network_name }}" + ipv4_address: "{{ firefly_db_ipv4 }}" + volumes: + - "{{ docker_home }}/firefly/data:/var/lib/postgresql/data" + env: + "POSTGRES_USER": "{{ firefly_postgres_user }}" + "POSTGRES_PASSWORD": "{{ firefly_postgres_password }}" + "POSTGRES_DB": "{{ firefly_postgres_db }}" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: create and deploy firefly container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "firefly" + hostname: "firefly" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ firefly_network_name }}" + ipv4_address: "{{ firefly_ipv4 }}" + ports: + - "127.0.0.1:{{ firefly_external_port }}:8080" + volumes: + - "{{ docker_home }}/firefly/upload:/var/www/html/storage/upload" + env: + "TZ": "{{ timezone }}" + "APP_KEY": "{{ firefly_app_key }}" + "STATIC_CRON_TOKEN": "{{ firefly_cron_token }}" + "DB_HOST": "firefly-db" + "DB_PORT": "5432" + "DB_CONNECTION": "pgsql" + "DB_USERNAME": "{{ firefly_postgres_user }}" + "DB_PASSWORD": "{{ firefly_postgres_password }}" + "DB_DATABASE": "{{ firefly_postgres_db }}" + "AUTHENTICATION_GUARD": "remote_user_guard" + "AUTHENTICATION_GUARD_HEADER": "HTTP_REMOTE_USER" + "AUTHENTICATION_GUARD_EMAIL": "HTTP_REMOTE_EMAIL" + "APP_URL": "https://{{ firefly_server_name }}" + "TRUSTED_PROXIES": "*" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: create and deploy firefly importer container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "firefly-importer" + hostname: "firefly-importer" + image: "fireflyiii/data-importer:version-1.3.0" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ firefly_network_name }}" + ipv4_address: "{{ firefly_importer_ipv4 }}" + ports: + - "127.0.0.1:{{ firefly_importer_external_port }}:8080" + env: + "TZ": "{{ timezone }}" + "FIREFLY_III_URL": "http://firefly:8080" + "FIREFLY_III_ACCESS_TOKEN": "{{ firefly_access_token }}" + "VANITY_URL": "https://{{ firefly_server_name }}" + "TRUSTED_PROXIES": "*" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: create and deploy firefly cron container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "firefly-cron" + hostname: "firefly-cron" + image: alpine + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ firefly_network_name }}" + ipv4_address: "{{ firefly_cron_ipv4 }}" + env: + "POSTGRES_USER": "{{ firefly_postgres_user }}" + "POSTGRES_PASSWORD": "{{ firefly_postgres_password }}" + "POSTGRES_DB": "{{ firefly_postgres_db }}" + command: 'sh -c "echo \"0 3 * * * wget -qO- http://firefly:8080/api/v1/cron/{{ firefly_cron_token }}\" | crontab - && crond -f -L /dev/stdout"' + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ firefly_nginx_config }}" + dest: /etc/nginx/sites-available/firefly.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/firefly.conf + dest: /etc/nginx/sites-enabled/firefly.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/freshrss/handlers/main.yml b/roles/services/containers/freshrss/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/freshrss/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/freshrss/tasks/main.yml b/roles/services/containers/freshrss/tasks/main.yml new file mode 100644 index 0000000..26109b3 --- /dev/null +++ b/roles/services/containers/freshrss/tasks/main.yml @@ -0,0 +1,101 @@ +- name: set image fact + set_fact: + image: freshrss/freshrss:1.21.0 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create freshrss directory + file: + path: "{{ docker_home }}/freshrss" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get freshrss image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create freshrss data directory + file: + path: "{{ docker_home }}/freshrss/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create freshrss docker network + docker_network: + name: "{{ freshrss_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ freshrss_subnet }}" + gateway: "{{ freshrss_gateway }}" + +- name: create and deploy freshrss container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "freshrss" + hostname: "freshrss" + image: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ freshrss_network_name }}" + ipv4_address: "{{ freshrss_ipv4 }}" + ports: + - "127.0.0.1:8090:80" + state: 'started' + recreate: yes + restart_policy: unless-stopped + volumes: + - "{{ docker_home }}/freshrss/data:/var/www/FreshRSS/data" + env: + "CRON_MIN": "0,15,30,45" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ freshrss_nginx_config }}" + dest: /etc/nginx/sites-available/freshrss.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/freshrss.conf + dest: /etc/nginx/sites-enabled/freshrss.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/gitea/handlers/main.yml b/roles/services/containers/gitea/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/gitea/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/gitea/tasks/main.yml b/roles/services/containers/gitea/tasks/main.yml new file mode 100644 index 0000000..fecec5e --- /dev/null +++ b/roles/services/containers/gitea/tasks/main.yml @@ -0,0 +1,171 @@ +- name: set image fact + set_fact: + image: gitea/gitea:1.19.3 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create gitea directory + file: + path: "{{ docker_home }}/gitea" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get gitea image + become: yes + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + source: pull + force_source: yes + +- name: create git user on host + user: + name: "git" + uid: "{{ gitea_git_uid }}" + create_home: yes + generate_ssh_key: yes + shell: /bin/bash + +- name: get git user public key + command: cat /home/git/.ssh/id_rsa.pub + register: pubkey + changed_when: false + +- name: add git user public key to git user's authorized_keys file + authorized_key: + user: git + key: "{{ pubkey.stdout }}" + +- name: create fake host gitea + blockinfile: + path: /usr/local/bin/gitea + create: yes + owner: root + group: root + mode: '0755' + block: | + #!/bin/sh + ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@" + +- name: create gitea data directory + file: + path: "{{ docker_home }}/gitea/data" + state: directory + owner: "{{ gitea_git_uid }}" + group: "{{ gitea_git_uid }}" + mode: '0755' + +- name: create gitea config directory + file: + path: "{{ docker_home }}/gitea/config" + state: directory + owner: "{{ gitea_git_uid }}" + group: "{{ gitea_git_uid }}" + mode: '0755' + +- name: copy gitea config file + copy: + src: "{{ gitea_config }}" + dest: "{{ docker_home }}/gitea/config/app.ini" + owner: "{{ gitea_git_uid }}" + group: "{{ gitea_git_uid }}" + mode: '0644' + +- name: change gitea internal token + lineinfile: + path: "{{ docker_home }}/gitea/config/app.ini" + regexp: "^INTERNAL_TOKEN" + line: "INTERNAL_TOKEN = {{ gitea_internal_token }}" + +- name: change gitea lfs jwt secret + lineinfile: + path: "{{ docker_home }}/gitea/config/app.ini" + regexp: "^LFS_JWT_SECRET" + line: "LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}" + +- name: set permissions on gitea data + file: + path: "{{ docker_home }}/gitea/data/" + owner: "{{ gitea_git_uid }}" + group: "{{ gitea_git_uid }}" + mode: u=rwX,g=rX,o=rX + recurse: yes + +- name: set permissions on gitea config + file: + path: "{{ docker_home }}/gitea/config/" + owner: "{{ gitea_git_uid }}" + group: "{{ gitea_git_uid }}" + mode: u=rwX,g=rX,o=rX + recurse: yes + +- name: create gitea docker network + docker_network: + name: "{{ gitea_network_name }}" + driver: bridge + ipam_config: + - subnet: "{{ gitea_subnet }}" + gateway: "{{ gitea_gateway }}" + +- name: create and deploy gitea container + become: yes + docker_container: + name: "gitea" + hostname: "gitea" + image: "{{ custom_registry }}/{{ repo_tag }}" + purge_networks: yes + networks: + - name: "{{ gitea_network_name }}" + ipv4_address: "{{ gitea_ipv4 }}" + ports: + - "127.0.0.1:{{ gitea_external_port }}:3000" + - "127.0.0.1:2222:22" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "USER_UID": "{{ gitea_git_uid }}" + "USER_GID": "{{ gitea_git_uid }}" + volumes: + - "{{ docker_home }}/gitea/data:/data" + - "{{ docker_home }}/gitea/config:/data/gitea/conf" + - "/home/git/.ssh/:/data/git/.ssh" + - "/etc/timezone:/etc/timezone:ro" + - "/etc/localtime:/etc/localtime:ro" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ gitea_nginx_config }}" + dest: /etc/nginx/sites-available/gitea.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/gitea.conf + dest: /etc/nginx/sites-enabled/gitea.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/home_assistant/handlers/main.yml b/roles/services/containers/home_assistant/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/home_assistant/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/home_assistant/tasks/main.yml b/roles/services/containers/home_assistant/tasks/main.yml new file mode 100644 index 0000000..b44c529 --- /dev/null +++ b/roles/services/containers/home_assistant/tasks/main.yml @@ -0,0 +1,86 @@ +- name: set image fact + set_fact: + image: homeassistant/home-assistant:2023.6.3 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create home_assistant directory + file: + path: "{{ docker_home }}/home_assistant" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create config directory + file: + path: "{{ docker_home }}/home_assistant/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: deploy configuration + copy: + src: "{{ home_assistant_config }}" + dest: "{{ docker_home }}/home_assistant/config/configuration.yaml" + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0644' + +- name: create home_assistant network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ home_assistant_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ home_assistant_subnet }}" + gateway: "{{ home_assistant_gateway }}" + +- name: create and deploy home_assistant container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "home_assistant" + hostname: "home_assistant" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ home_assistant_network_name }}" + ipv4_address: "{{ home_assistant_ipv4 }}" + ports: + - "127.0.0.1:{{ home_assistant_external_port }}:8123" + volumes: + - "{{ docker_home }}/home_assistant/config:/config" + env: + "TZ": "{{ timezone }}" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ home_assistant_nginx_config }}" + dest: /etc/nginx/sites-available/home_assistant.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/home_assistant.conf + dest: /etc/nginx/sites-enabled/home_assistant.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/homer/handlers/main.yml b/roles/services/containers/homer/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/homer/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/homer/tasks/main.yml b/roles/services/containers/homer/tasks/main.yml new file mode 100644 index 0000000..b646d12 --- /dev/null +++ b/roles/services/containers/homer/tasks/main.yml @@ -0,0 +1,122 @@ +- name: set image fact + set_fact: + image: b4bz/homer:v23.05.1 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create homer directory + file: + path: "{{ docker_home }}/homer" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get homer image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create homer assets directory + file: + path: "{{ docker_home }}/homer/assets" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: synchronize homer assets + synchronize: + src: "{{ homer_assets_dir }}" + dest: "{{ docker_home }}/homer/assets/" + delete: yes + +- name: set permissions on homer assets + file: + path: "{{ docker_home }}/homer/assets/" + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: u=rwX,g=rX,o=rX + recurse: yes + +- name: set permissions on homer assets + file: + path: "{{ docker_home }}/homer/assets/" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + recurse: no + +- name: create homer docker network + docker_network: + name: "{{ homer_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ homer_subnet }}" + gateway: "{{ homer_gateway }}" + +- name: create and deploy homer container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "homer" + hostname: "homer" + image: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ homer_network_name }}" + ipv4_address: "{{ homer_ipv4 }}" + ports: + - "127.0.0.1:8001:8080" + state: 'started' + recreate: yes + restart_policy: unless-stopped + volumes: + - "{{ docker_home }}/homer/assets:/www/assets" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ homer_nginx_config }}" + dest: /etc/nginx/sites-available/homer.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/homer.conf + dest: /etc/nginx/sites-enabled/homer.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/invidious/handlers/main.yml b/roles/services/containers/invidious/handlers/main.yml new file mode 100644 index 0000000..a3a5d0b --- /dev/null +++ b/roles/services/containers/invidious/handlers/main.yml @@ -0,0 +1,29 @@ +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: build invidious image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ docker_registry_url }}/{{ docker_registry_username }}/invidious:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + build: + path: /srv/docker/invidious/src + dockerfile: docker/Dockerfile + source: build + push: yes + +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/invidious/tasks/main.yml b/roles/services/containers/invidious/tasks/main.yml new file mode 100644 index 0000000..6bff0e2 --- /dev/null +++ b/roles/services/containers/invidious/tasks/main.yml @@ -0,0 +1,124 @@ +- name: set image fact + set_fact: + image: gitea.chudnick.com/sam/invidious:latest + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create invidious directory + file: + path: "{{ docker_home }}/invidious" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create postgres data directory + file: + path: "{{ docker_home }}/invidious/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: clone invidious repo + become: yes + become_user: "{{ docker_username }}" + notify: + - login to docker registry + - build invidious image + git: + repo: "{{ invidious_repo }}" + dest: "{{ docker_home }}/invidious/src" + version: "master" + +- meta: flush_handlers + +- name: create invidious docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ invidious_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ invidious_subnet }}" + gateway: "{{ invidious_gateway }}" + +- name: create and deploy invidious db + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "invidious-db" + hostname: "invidious-db" + image: postgres:13 + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ invidious_network_name }}" + ipv4_address: "{{ invidious_db_ipv4 }}" + volumes: + - "{{ docker_home }}/invidious/data:/var/lib/postgresql/data" + - "{{ docker_home }}/invidious/src/config/sql:/config/sql" + - "{{ docker_home }}/invidious/src/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh" + env: + "POSTGRES_DB": "invidious" + "POSTGRES_USER": "invidious" + "POSTGRES_PASSWORD": "{{ invidious_postgres_password }}" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: create and deploy invidious container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "invidious" + hostname: "invidious" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + env: + "dbname": "invidious" + "user": "invidious" + "password": "{{ invidious_postgres_password }}" + "host": "invidious-db" + "port": "5432" + "check_tables": "true" + "https_only": "true" + "hsts": "true" + "domain": "{{ invidious_server_name }}" + "dark_mode": "dark" + networks: + - name: "{{ invidious_network_name }}" + ipv4_address: "{{ invidious_ipv4 }}" + ports: + - "127.0.0.1:{{ invidious_external_port }}:3000" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ invidious_nginx_config }}" + dest: /etc/nginx/sites-available/invidious.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/invidious.conf + dest: /etc/nginx/sites-enabled/invidious.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/jellyfin/handlers/main.yml b/roles/services/containers/jellyfin/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/jellyfin/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/jellyfin/tasks/main.yml b/roles/services/containers/jellyfin/tasks/main.yml new file mode 100644 index 0000000..c7a424d --- /dev/null +++ b/roles/services/containers/jellyfin/tasks/main.yml @@ -0,0 +1,159 @@ +- name: set image fact + set_fact: + image: jellyfin/jellyfin:10.8.10 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create jellyfin directory + file: + path: "{{ docker_home }}/jellyfin" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get jellyfin image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + push: yes + +- name: create jellyfin config directory + file: + path: "{{ docker_home }}/jellyfin/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create jellyfin cache directory + file: + path: "{{ docker_home }}/jellyfin/cache" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create jellyfin media directory + file: + path: "{{ docker_home }}/jellyfin/media" + state: directory + group: "{{ docker_username }}" + mode: '0755' + +- name: copy jellyfin config + synchronize: + src: "{{ jellyfin_config }}" + dest: "{{ docker_home }}/jellyfin/config" + +- name: copy jellyfin media + synchronize: + src: "{{ jellyfin_media }}" + dest: "{{ docker_home }}/jellyfin/media" + ignore_errors: yes + +- name: copy jellyfin web config + copy: + src: "{{ jellyfin_web_config }}" + dest: "{{ docker_home }}/jellyfin/web-config.json" + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0644' + +- name: set config permissions + file: + path: "{{ docker_home }}/jellyfin/config" + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + recurse: yes + +- name: set media permissions + file: + path: "{{ docker_home }}/jellyfin/media" + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + recurse: yes + +- name: create jellyfin docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ jellyfin_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ jellyfin_subnet }}" + gateway: "{{ jellyfin_gateway }}" + +- name: create and deploy jellyfin container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "jellyfin" + image: "{{ custom_registry }}/{{ repo_tag }}" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ jellyfin_network_name }}" + ipv4_address: "{{ jellyfin_ipv4 }}" + ports: + - "127.0.0.1:8096:8096" + volumes: + - "{{ docker_home }}/jellyfin/config:/config" + - "{{ docker_home }}/jellyfin/cache:/cache" + - "{{ docker_home }}/arr/data/media:/media:ro" + - "{{ docker_home }}/jellyfin/web-config.json:/jellyfin/jellyfin-web/config.json" + env: + JELLYFIN_PublishedServerUrl: "{{ jellyfin_url }}" + cap_drop: + - all + hostname: "jellyfin" + restart_policy: unless-stopped + state: 'started' + recreate: yes + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ jellyfin_nginx_config }}" + dest: /etc/nginx/sites-available/jellyfin.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/jellyfin.conf + dest: /etc/nginx/sites-enabled/jellyfin.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/kanboard/handlers/main.yml b/roles/services/containers/kanboard/handlers/main.yml new file mode 100644 index 0000000..de5dcb6 --- /dev/null +++ b/roles/services/containers/kanboard/handlers/main.yml @@ -0,0 +1,18 @@ +- name: build pywttr-docker image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ docker_registry_url }}/{{ docker_registry_username }}/pywttr-docker:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + build: + path: /srv/docker/pywttr-docker/src + source: build + push: yes + force_source: yes + +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/kanboard/tasks/main.yml b/roles/services/containers/kanboard/tasks/main.yml new file mode 100644 index 0000000..1efc16e --- /dev/null +++ b/roles/services/containers/kanboard/tasks/main.yml @@ -0,0 +1,93 @@ +- name: set image fact + set_fact: + image: kanboard/kanboard:v1.2.30 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create kanboard directory + file: + path: "{{ docker_home }}/kanboard" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create data directory + file: + path: "{{ docker_home }}/kanboard/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: deploy custom configuration + copy: + src: "{{ kanboard_config }}" + dest: "{{ docker_home }}/kanboard/data/config.php" + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0644' + +- name: create plugins directory + file: + path: "{{ docker_home }}/kanboard/plugins" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create kanboard network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ kanboard_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ kanboard_subnet }}" + gateway: "{{ kanboard_gateway }}" + +- name: create and deploy kanboard container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "kanboard" + hostname: "kanboard" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ kanboard_network_name }}" + ipv4_address: "{{ kanboard_ipv4 }}" + ports: + - "127.0.0.1:{{ kanboard_external_port }}:80" + volumes: + - "{{ docker_home }}/kanboard/data:/var/www/app/data" + - "{{ docker_home }}/kanboard/plugins:/var/www/app/plugins" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ kanboard_nginx_config }}" + dest: /etc/nginx/sites-available/kanboard.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/kanboard.conf + dest: /etc/nginx/sites-enabled/kanboard.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/navidrome/handlers/main.yml b/roles/services/containers/navidrome/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/navidrome/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/navidrome/tasks/main.yml b/roles/services/containers/navidrome/tasks/main.yml new file mode 100644 index 0000000..e95e849 --- /dev/null +++ b/roles/services/containers/navidrome/tasks/main.yml @@ -0,0 +1,117 @@ +- name: set image fact + set_fact: + image: deluan/navidrome:0.49.2 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create navidrome directory + file: + path: "{{ docker_home }}/navidrome" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create navidrome data directory + file: + path: "{{ docker_home }}/navidrome/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create navidrome music directory + file: + path: "{{ docker_home }}/navidrome/music" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push navidrome image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + push: yes + +- name: create navidrome docker network + docker_network: + name: "{{ navidrome_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ navidrome_subnet }}" + gateway: "{{ navidrome_gateway }}" + +- name: create and deploy navidrome container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "navidrome" + hostname: "navidrome" + image: "{{ custom_registry }}/{{ repo_tag }}" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ navidrome_network_name }}" + ipv4_address: "{{ navidrome_ipv4 }}" + ports: + - "127.0.0.1:4533:4533" + state: 'started' + recreate: yes + restart_policy: unless-stopped + env: + "ND_AUTHREQUEST_LIMIT": "2" + "ND_PASSWORDENCRYPTIONKEY": "{{ navidrome_encryptionkey }}" + "ND_LASTFM_ENABLED": "false" + "ND_PROMETHEUS_ENABLED": "true" + "ND_PROMETHEUS_METRICSPATH": "/metrics" + "ND_REVERSEPROXYWHITELIST": "172.25.5.0/24" + "ND_LOGLEVEL": "debug" + volumes: + - "{{ docker_home }}/navidrome/data:/data" + - "{{ docker_home }}/arr/data/media/music:/music:ro" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ navidrome_nginx_config }}" + dest: /etc/nginx/sites-available/navidrome.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/navidrome.conf + dest: /etc/nginx/sites-enabled/navidrome.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/nextcloud/handlers/main.yml b/roles/services/containers/nextcloud/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/nextcloud/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/nextcloud/tasks/main.yml b/roles/services/containers/nextcloud/tasks/main.yml new file mode 100644 index 0000000..fbd4a76 --- /dev/null +++ b/roles/services/containers/nextcloud/tasks/main.yml @@ -0,0 +1,184 @@ +- name: set image fact + set_fact: + image: nextcloud:27.0.0-apache + +- name: set other facts + set_fact: + repo_tag: "{{ image }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create nextcloud directory + file: + path: "{{ docker_home }}/nextcloud" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create nextcloud app directory + file: + path: "{{ docker_home }}/nextcloud/app/" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create nextcloud data directory + file: + path: "{{ docker_home }}/nextcloud/data/" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push nextcloud image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + push: yes + +- name: create nextcloud docker network + docker_network: + name: "{{ nextcloud_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ nextcloud_subnet }}" + gateway: "{{ nextcloud_gateway }}" + +- name: create and deploy postgres container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "nextcloud-postgres" + hostname: "nextcloud-postgres" + image: "postgres:alpine" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ nextcloud_network_name }}" + ipv4_address: "{{ nextcloud_postgres_ipv4 }}" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "POSTGRES_USER": "{{ nextcloud_postgres_user }}" + "POSTGRES_PASSWORD": "{{ nextcloud_postgres_password }}" + "POSTGRES_DB": "{{ nextcloud_postgres_db }}" + volumes: + - "{{ docker_home }}/nextcloud/data:/var/lib/postgresql/data" + +- name: create and deploy redis container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "nextcloud-redis" + hostname: "nextcloud-redis" + image: "redis:alpine" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ nextcloud_network_name }}" + ipv4_address: "{{ nextcloud_redis_ipv4 }}" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + +- name: create and deploy nextcloud container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "nextcloud" + hostname: "nextcloud" + image: "{{ custom_registry }}/{{ repo_tag }}" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ nextcloud_network_name }}" + ipv4_address: "{{ nextcloud_ipv4 }}" + ports: + - "127.0.0.1:{{ nextcloud_external_port }}:80" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "POSTGRES_USER": "{{ nextcloud_postgres_user }}" + "POSTGRES_PASSWORD": "{{ nextcloud_postgres_password }}" + "POSTGRES_DB": "{{ nextcloud_postgres_db }}" + "POSTGRES_HOST": "nextcloud-postgres" + "REDIS_HOST": "nextcloud-redis" + "NEXTCLOUD_ADMIN_USER": "{{ nextcloud_admin }}" + "NEXTCLOUD_ADMIN_PASSWORD": "{{ nextcloud_admin_password }}" + "NEXTCLOUD_TRUSTED_DOMAINS": "{{ nextcloud_trusted_domains }}" + volumes: + - "{{ docker_home }}/nextcloud/app:/var/www/html" + +- name: create and deploy nextcloud cron container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "nextcloud-cron" + hostname: "nextcloud-cron" + image: "{{ custom_registry }}/{{ repo_tag }}" + entrypoint: "/cron.sh" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ nextcloud_network_name }}" + ipv4_address: "{{ nextcloud_cron_ipv4 }}" + state: 'started' + recreate: yes + restart_policy: unless-stopped + volumes: + - "{{ docker_home }}/nextcloud/app:/var/www/html" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ nextcloud_nginx_config }}" + dest: /etc/nginx/sites-available/nextcloud.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/nextcloud.conf + dest: /etc/nginx/sites-enabled/nextcloud.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/photoprism/defaults/main.yml b/roles/services/containers/photoprism/defaults/main.yml new file mode 100644 index 0000000..ceca8c3 --- /dev/null +++ b/roles/services/containers/photoprism/defaults/main.yml @@ -0,0 +1,10 @@ +photoprism_admin_user: "admin" +photoprism_auth_mode: "password" +photoprism_site_url: "https://photos.chudnick.com" +photoprism_external_port: 2342 +photoprism_nginx_config: data/photoprism/photoprism.conf +photoprism_network_name: photoprism_net +photoprism_subnet: 172.25.15.0/24 +photoprism_gateway: 172.25.15.1 +photoprism_ipv4: 172.25.15.2 +nextcloud_external_port: 8006 diff --git a/roles/services/containers/photoprism/handlers/main.yml b/roles/services/containers/photoprism/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/photoprism/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/photoprism/tasks/main.yml b/roles/services/containers/photoprism/tasks/main.yml new file mode 100644 index 0000000..e6ac544 --- /dev/null +++ b/roles/services/containers/photoprism/tasks/main.yml @@ -0,0 +1,115 @@ +- name: set image fact + set_fact: + image: photoprism/photoprism:221118-jammy + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create photoprism directory + file: + path: "{{ docker_home }}/photoprism" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get photoprism image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create photoprism data directory + file: + path: "{{ docker_home }}/photoprism/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create photoprism photos directory + file: + path: "{{ docker_home }}/photoprism/photos" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create photoprism docker network + docker_network: + name: "{{ photoprism_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ photoprism_subnet }}" + gateway: "{{ photoprism_gateway }}" + +- name: create and deploy photoprism container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "photoprism" + hostname: "photoprism" + image: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ photoprism_network_name }}" + ipv4_address: "{{ photoprism_ipv4 }}" + ports: + - "127.0.0.1:{{ photoprism_external_port }}:2342" + state: 'started' + recreate: yes + restart_policy: unless-stopped + volumes: + - "{{ docker_home }}/photoprism/photos:/photoprism/originals" + - "{{ docker_home }}/photoprism/data:/photoprism/storage" + env: + "PHOTOPRISM_ADMIN_USER": "{{ photoprism_admin_user }}" + "PHOTOPRISM_ADMIN_PASSWORD": "{{ photoprism_admin_password }}" + "PHOTOPRISM_AUTH_MODE": "{{ photoprism_auth_mode }}" + "PHOTOPRISM_SITE_URL": "{{ photoprism_site_url }}" + "PHOTOPRISM_DATABASE_DRIVER": "sqlite" + "PHOTOPRISM_DISABLE_PLACES": "true" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ photoprism_nginx_config }}" + dest: /etc/nginx/sites-available/photoprism.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/photoprism.conf + dest: /etc/nginx/sites-enabled/photoprism.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/pihole_exporter/tasks/main.yml b/roles/services/containers/pihole_exporter/tasks/main.yml new file mode 100644 index 0000000..4c52dc7 --- /dev/null +++ b/roles/services/containers/pihole_exporter/tasks/main.yml @@ -0,0 +1,97 @@ +- name: set image fact + set_fact: + image: ekofr/pihole-exporter:v0.4.0 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create pihole_exporter directory + file: + path: "{{ docker_home }}/pihole_exporter" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get pihole_exporter image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + push: yes + +- name: create pihole_exporter docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ pihole_exporter_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ pihole_exporter_subnet }}" + gateway: "{{ pihole_exporter_gateway }}" + +- name: create and deploy pihole_exporter container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "pihole_exporter" + hostname: "pihole_exporter" + image: "{{ custom_registry }}/{{ repo_tag }}" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ pihole_exporter_network_name }}" + ports: + - "127.0.0.1:9617:9617" + state: 'started' + recreate: yes + restart_policy: unless-stopped + env: + "PIHOLE_HOSTNAME": "{{ pihole_ip }}" + "PIHOLE_API_TOKEN": "{{ pihole_api_token }}" + "PORT": "{{ pihole_api_port }}" + cap_drop: + - all + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ pihole_exporter_nginx_config }}" + dest: /etc/nginx/sites-available/pihole-exporter.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/pihole-exporter.conf + dest: /etc/nginx/sites-enabled/pihole-exporter.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/pywttr_docker/handlers/main.yml b/roles/services/containers/pywttr_docker/handlers/main.yml new file mode 100644 index 0000000..de5dcb6 --- /dev/null +++ b/roles/services/containers/pywttr_docker/handlers/main.yml @@ -0,0 +1,18 @@ +- name: build pywttr-docker image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ docker_registry_url }}/{{ docker_registry_username }}/pywttr-docker:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + build: + path: /srv/docker/pywttr-docker/src + source: build + push: yes + force_source: yes + +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/pywttr_docker/tasks/main.yml b/roles/services/containers/pywttr_docker/tasks/main.yml new file mode 100644 index 0000000..45f7b2f --- /dev/null +++ b/roles/services/containers/pywttr_docker/tasks/main.yml @@ -0,0 +1,74 @@ +- name: set image fact + set_fact: + image: gitea.chudnick.com/sam/pywttr-docker:latest + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create pywttr-docker directory + file: + path: "{{ docker_home }}/pywttr-docker" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: clone pywttr-docker repository + notify: build pywttr-docker image + git: + repo: https://gitea.chudnick.com/sam/pywttr-docker + dest: "{{ docker_home }}/pywttr-docker/src" + +- meta: flush_handlers + +- name: create pywttr-docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ pywttr_docker_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ pywttr_docker_subnet }}" + gateway: "{{ pywttr_docker_gateway }}" + +- name: create and deploy pywttr-docker container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "pywttr-docker" + hostname: "pywttr-docker" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ pywttr_docker_network_name }}" + ipv4_address: "{{ pywttr_docker_ipv4 }}" + ports: + - "127.0.0.1:{{ pywttr_docker_external_port }}:8000" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ pywttr_docker_nginx_config }}" + dest: /etc/nginx/sites-available/pywttr-docker.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/pywttr-docker.conf + dest: /etc/nginx/sites-enabled/pywttr-docker.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/renovate/tasks/main.yml b/roles/services/containers/renovate/tasks/main.yml new file mode 100644 index 0000000..bbbfe11 --- /dev/null +++ b/roles/services/containers/renovate/tasks/main.yml @@ -0,0 +1,87 @@ +- name: set image fact + set_fact: + image: renovate/renovate:35.141.3-slim + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create renovate directory + file: + path: "{{ docker_home }}/renovate" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: create renovate docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ renovate_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ renovate_subnet }}" + gateway: "{{ renovate_gateway }}" + +- name: pull and push renovate image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + push: yes + +- name: create and deploy renovate container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "renovate" + image: "{{ custom_registry }}/{{ repo_tag }}" + pull: yes + recreate: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ renovate_network_name }}" + ipv4_address: "{{ renovate_ipv4 }}" + env: + "RENOVATE_ENDPOINT": "{{ renovate_endpoint }}" + "RENOVATE_PLATFORM": "gitea" + "RENOVATE_TOKEN": "{{ renovate_token }}" + "RENOVATE_AUTODISCOVER": "true" + "LOG_LEVEL": "debug" + "RENOVATE_GIT_AUTHOR": "{{ renovate_author }}" + restart_policy: "no" + state: 'started' + + +- name: create cron job to run renovate container daily + cron: + name: "run renovate" + job: "docker start renovate" + user: "{{ docker_username }}" + minute: "0" + hour: "6" diff --git a/roles/services/containers/searxng/handlers/main.yml b/roles/services/containers/searxng/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/searxng/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/searxng/tasks/main.yml b/roles/services/containers/searxng/tasks/main.yml new file mode 100644 index 0000000..fa7609c --- /dev/null +++ b/roles/services/containers/searxng/tasks/main.yml @@ -0,0 +1,170 @@ +- name: set image fact + set_fact: + image: "searxng/searxng:2023.6.16-71b6ff07" + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create searxng directory + file: + path: "{{ docker_home }}/searxng" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get searxng image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + source: pull + force_source: yes + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + push: yes + +- name: create searxng config directory + file: + path: "{{ docker_home }}/searxng/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create redis_searxng directory + file: + path: "{{ docker_home }}/redis_searxng" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create redis_searxng data directory + file: + path: "{{ docker_home }}/redis_searxng/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: place searxng config in proper location + copy: + src: "{{ searxng_config }}" + dest: "{{ docker_home }}/searxng/config/settings.yml" + owner: root + group: docker + mode: '0644' + +- name: place uwsgi config + copy: + src: "{{ searxng_uwsgi_config }}" + dest: "{{ docker_home }}/searxng/config/uwsgi.ini" + owner: root + group: docker + mode: '0644' + +- name: create searxng docker network + docker_network: + name: "{{ searxng_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ searxng_subnet }}" + gateway: "{{ searxng_gateway }}" + +- name: create and deploy searxng container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "searxng" + image: "{{ custom_registry }}/{{ repo_tag }}" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ searxng_network_name }}" + ipv4_address: "{{ searxng_ipv4 }}" + ports: + - "127.0.0.1:8080:8080" + volumes: + - "{{ docker_home }}/searxng/config:/etc/searxng" + env: + SEARXNG_BASE_URL: "https://searxng.chudnick.com/" + cap_drop: + - all + capabilities: + - CHOWN + - SETGID + - SETUID + - DAC_OVERRIDE + hostname: "searxng" + restart_policy: unless-stopped + state: 'started' + recreate: yes + +- name: create and deploy redis container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + restart_policy: unless-stopped + name: "redis_searxng" + image: redis:alpine + pull: yes + command: redis-server --save "" --appendonly "no" + purge_networks: yes + networks: + - name: "{{ searxng_network_name }}" + ipv4_address: "{{ redis_searxng_ipv4 }}" + tmpfs: + - /var/lib/redis + cap_drop: + - all + capabilities: + - SETGID + - SETUID + - DAC_OVERRIDE + hostname: "redis" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + state: 'started' + comparisons: + '*': strict + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ searxng_nginx_config }}" + dest: /etc/nginx/sites-available/searxng.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/searxng.conf + dest: /etc/nginx/sites-enabled/searxng.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/text_generation/handlers/main.yml b/roles/services/containers/text_generation/handlers/main.yml new file mode 100644 index 0000000..7aab823 --- /dev/null +++ b/roles/services/containers/text_generation/handlers/main.yml @@ -0,0 +1,29 @@ +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: build text-generation image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ docker_registry_url }}/{{ docker_registry_username }}/text-generation:latest" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + build: + path: /srv/docker/text-generation/src + source: build + push: yes + force_source: yes + +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/text_generation/tasks/main.yml b/roles/services/containers/text_generation/tasks/main.yml new file mode 100644 index 0000000..80988a6 --- /dev/null +++ b/roles/services/containers/text_generation/tasks/main.yml @@ -0,0 +1,89 @@ +- name: set image fact + set_fact: + image: gitea.chudnick.com/sam/text-generation:latest + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create text-generation directory + file: + path: "{{ docker_home }}/text-generation" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create models directory + file: + path: "{{ docker_home }}/text-generation/models" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: clone text-generation repository + notify: + - login to docker registry + - build text-generation image + git: + repo: https://gitea.chudnick.com/sam/text-generation-docker + dest: "{{ docker_home }}/text-generation/src" + +- meta: flush_handlers + +- name: create text-generation network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ text_generation_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ text_generation_subnet }}" + gateway: "{{ text_generation_gateway }}" + +- name: create and deploy text-generation container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "text-generation" + hostname: "text-generation" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ text_generation_network_name }}" + ipv4_address: "{{ text_generation_ipv4 }}" + volumes: + - "{{ docker_home }}/text-generation/models:/models" + ports: + - "127.0.0.1:{{ text_generation_external_port }}:7860" + - "127.0.0.1:{{ text_generation_api_port }}:5005" + - "127.0.0.1:{{ text_generation_api_stream_port }}:5000" + command: "--cpu --listen --listen-port 7860 --chat --auto-devices --mlock" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ text_generation_nginx_config }}" + dest: /etc/nginx/sites-available/text-generation.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/text-generation.conf + dest: /etc/nginx/sites-enabled/text-generation.conf + owner: root + group: root + state: link diff --git a/roles/services/containers/vaultwarden/handlers/main.yml b/roles/services/containers/vaultwarden/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/vaultwarden/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/vaultwarden/tasks/main.yml b/roles/services/containers/vaultwarden/tasks/main.yml new file mode 100644 index 0000000..fa63b58 --- /dev/null +++ b/roles/services/containers/vaultwarden/tasks/main.yml @@ -0,0 +1,79 @@ +- name: set image fact + set_fact: + image: vaultwarden/server:1.28.1 + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create vaultwarden directory + file: + path: "{{ docker_home }}/vaultwarden" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create data directory + file: + path: "{{ docker_home }}/vaultwarden/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create vaultwarden docker network + become: yes + become_user: "{{ docker_username }}" + docker_network: + name: "{{ vaultwarden_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ vaultwarden_subnet }}" + gateway: "{{ vaultwarden_gateway }}" + +- name: create and deploy vaultwarden container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "vaultwarden" + hostname: "vaultwarden" + image: "{{ image }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ vaultwarden_network_name }}" + ipv4_address: "{{ vaultwarden_ipv4 }}" + ports: + - "127.0.0.1:{{ vaultwarden_external_port }}:80" + volumes: + - "{{ docker_home }}/vaultwarden/data:/data" + env: + "DOMAIN": "https://{{ vaultwarden_server_name }}" + "DISABLE_ADMIN_TOKEN": "true" + state: 'started' + recreate: yes + restart_policy: unless-stopped + +- name: deploy nginx configuration + notify: restart nginx + template: + src: "{{ vaultwarden_nginx_config }}" + dest: /etc/nginx/sites-available/vaultwarden.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/vaultwarden.conf + dest: /etc/nginx/sites-enabled/vaultwarden.conf + owner: root + group: root + state: link -- cgit v1.2.3