tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor tasks for compose.yml and add tasks for pihole, homeassistant, and prometheus 

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2022-12-29 22:45:17 +01:00
parent ac6080bc2f
commit 350b3ec149
21 changed files with 416 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
README.md
View File

@ -15,6 +15,61 @@ but first of all we need to create the buckets and provide ansible with the need
- `vault_ddns_tudattrdev_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) - `vault_ddns_tudattrdev_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/))
- `vault_ddns_borgland_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) - `vault_ddns_borgland_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/))
## Docker
To add new docker containers to the docker role you need to add the following and replace `service` with the name of your service:
- Add relevent vars to `group_vars/all/vars.yaml`:
```yaml
service_port: "19999" # Exposed port
service_config: "{{ docker_dir }}/service/" # config folder or your dir
service_data: "{{ docker_data_dir }}/service/" # data folder or your dir (only works on aya01)
```
- Create necessary directories for service in the docker role `roles/docker/tasks/service.yaml`
```yaml
- name: Create service dirs
file:
path: "{{ item }}"
owner: 1000
group: 1000
mode: '777'
state: directory
loop:
- "{{ service_config }}"
- "{{ service_data }}"
# optional:
# - name: Place service config
# template:
# owner: 1000
# mode: '660'
# src: "templates/hostname/service/service.yml"
# dest: "{{ prm_config }}/service.yml"
```
- Includ new tasks to `roles/docker/tasks/hostname_compose.yaml`:
```yaml
- include_tasks: service.yaml
tags:
- service
```
- Add new service to compose `roles/docker/templates/hostname/compose.yaml`
```yaml
service:
image: service/service
container_name: service
hostname: service
networks:
- net
ports:
- "{{service_port}}:19999"
restart: unless-stopped
volumes:
- "{{service_config}}:/etc/service"
- "{{service_lib}}:/var/lib/service"
- "{{service_cache}}:/var/cache/service"
```
## Server ## Server
- Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system - Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system
- Create user (tudattr) - Create user (tudattr)

46
group_vars/all/vars.yml
View File

@ -58,20 +58,17 @@ mysql_user: user
# aya01 # aya01
# #
aya01_host: "aya01"
aya01_ip: "192.168.20.12"
zoneminder_config: "{{ docker_dir }}/zm/" zoneminder_config: "{{ docker_dir }}/zm/"
zoneminder_data: "{{ docker_data_dir }}/zm/data/" zoneminder_data: "{{ docker_data_dir }}/zm/data/"
syncthing_data: "{{docker_data_dir}}/syncthing/" syncthing_data: "{{docker_data_dir}}/syncthing/"
grafana_data: "{{docker_data_dir}}/grafana/"
grafana_log: "{{docker_dir}}/grafana/logs/"
grafana_config: "{{docker_dir}}/grafana/config/"
prometheus_data: "{{docker_data_dir}}/prometheus/"
prometheus_config: "{{docker_dir}}/prometheus/config"
softserve_data: "{{docker_dir}}/softserve/data" softserve_data: "{{docker_dir}}/softserve/data"
# #
# pi # pi
# #
@ -84,10 +81,11 @@ ha_config: "{{ docker_dir }}/home-assistant/config/"
pihole_pihole: "{{ docker_dir }}/pihole/etc-pihole/" pihole_pihole: "{{ docker_dir }}/pihole/etc-pihole/"
pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/" pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
# #
# backblaze # backblaze
# #
# Directories that will be backupped to backblaze
backblaze_paths: backblaze_paths:
aya01: aya01:
- "{{ docker_compose_dir }}" - "{{ docker_compose_dir }}"
@ -109,3 +107,35 @@ smb_config: "templates/smb.conf"
smb_media_dir: "/media" smb_media_dir: "/media"
smb_group: "smbshare" smb_group: "smbshare"
smb_user: "smbuser" smb_user: "smbuser"
#
# prometheus/grafana
#
prm_user: "prometheus"
exporter_dir: "{{ docker_dir }}/exporter/"
prm_data: "{{docker_data_dir}}/prometheus/"
prm_config: "{{docker_dir}}/prometheus/"
prm_port: "9091"
e_node_port: "9100"
e_mikrotik_ip: "192.168.20.1"
e_mikrotik_version: "1.0.11"
e_mikrotik_config: "{{ exporter_dir }}/mikrotik/config/"
e_mikrotik_port: "9436"
grafana_data: "{{docker_data_dir}}/grafana/"
grafana_log: "{{docker_dir}}/grafana/logs/"
grafana_config: "{{docker_dir}}/grafana/config/"
#
# netdata
#
netdata_port: "19999"
netdata_config: "{{ docker_dir }}/netdata/"
netdata_lib: "{{ docker_data_dir }}/netdata/lib/"
netdata_cache: "{{ docker_data_dir }}/netdata/cache"

2
roles/common/tasks/aya01_fstab.yml
View File

@ -15,7 +15,9 @@
backup: true backup: true
loop: "{{ fstab_entries }}" loop: "{{ fstab_entries }}"
become: true become: true
register: fstab
- name: Mount all disks - name: Mount all disks
command: mount -a command: mount -a
become: true become: true
when: fstab.changed

109
roles/docker/tasks/aya01_compose.yml
View File

@ -1,99 +1,46 @@
--- ---
- name: Create zonminder user
user:
name: zm
uid: 911
shell: /bin/false
become: true
- name: Create Zoneminder config directory - include_tasks: zoneminder.yml
file: tags:
path: "{{ item }}" - zoneminder
owner: 911
group: 911
mode: '700'
state: directory
loop:
- "{{ zoneminder_config }}"
become: true
- name: Create Zoneminder data directory - include_tasks: pihole.yml
file: tags:
path: "{{ item }}" - pihole
owner: 911
group: 911
mode: '755'
state: directory
loop:
- "{{ zoneminder_data }}"
become: true
- name: Create syncthing directory - include_tasks: syncthing.yml
file: tags:
path: "{{ item }}" - syncthing
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ syncthing_data }}"
become: true
- name: Resolve inotify error for syncthing - include_tasks: grafana.yml
template: tags:
src: "templates/aya01/syncthing/syncthing.conf" - grafana
dest: "/etc/sysctl.d/syncthing.conf"
mode: "660"
become: true
- name: Create grafana data directory - include_tasks: softserve.yml
file: tags:
path: "{{ item }}" - softserve
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ grafana_data }}"
- "{{ grafana_log }}"
- "{{ grafana_config }}"
become: true
- name: Copy grafana config - include_tasks: prometheus.yml
template: tags:
owner: "{{ puid }}" - prometheus
src: "templates/aya01/grafana/etc-grafana/grafana.ini"
dest: "{{ grafana_config }}/grafana.ini"
mode: '660'
become: true
- name: Create soft-serve directory - include_tasks: netdata.yaml
file: tags:
path: "{{ item }}" - netdata
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ softserve_data }}"
become: true
# Todo, check if docker compose is running
# - name: Shut down docker
# shell:
# cmd: "docker compose down --remove-orphans"
# chdir: "{{ docker_compose_dir }}"
- name: Copy the compose file - name: Copy the compose file
template: template:
src: templates/aya01/compose.yaml src: templates/aya01/compose.yaml
dest: "{{ docker_compose_dir }}/compose.yaml" dest: "{{ docker_compose_dir }}/compose.yaml"
tags: register: compose
- reload_compose
- name: Shut down docker
shell:
cmd: "docker compose down --remove-orphans"
chdir: "{{ docker_compose_dir }}"
when: compose.changed
- name: Run docker compose - name: Run docker compose
shell: shell:
cmd: "docker compose up -d" cmd: "docker compose up -d"
chdir: "{{ docker_compose_dir }}" chdir: "{{ docker_compose_dir }}"
tags:
- reload_compose

16
roles/docker/tasks/ddns.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Create ddns-config directory
file:
path: "{{ docker_dir }}/ddns-updater/data/"
owner: 1000
group: 1000
mode: '700'
state: directory
- name: Copy ddns-config
template:
owner: 1000
src: "templates/pi/ddns-updater/data/config.json"
dest: "{{ docker_dir }}/ddns-updater/data/config.json"
mode: '400'

22
roles/docker/tasks/grafana.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Create grafana data directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ grafana_data }}"
- "{{ grafana_log }}"
- "{{ grafana_config }}"
become: true
- name: Copy grafana config
template:
owner: "{{ puid }}"
src: "templates/aya01/grafana/etc-grafana/grafana.ini"
dest: "{{ grafana_config }}/grafana.ini"
mode: '660'
become: true

8
roles/docker/tasks/homeassistant.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Create homeassistant-config directory
file:
path: "{{ ha_config }}"
mode: '755'
state: directory
become: true

13
roles/docker/tasks/netdata.yaml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Create netdata dirs
file:
path: "{{ item }}"
owner: 1000
group: 1000
mode: '755'
state: directory
loop:
- "{{ netdata_config }}"
- "{{ netdata_cache }}"
- "{{ netdata_lib }}"

53
roles/docker/tasks/pi_compose.yml
View File

@ -1,49 +1,20 @@
--- ---
- name: Create ddns-config directory
file:
path: "{{ docker_dir }}/ddns-updater/data/"
owner: 1000
mode: '700'
state: directory
- name: Copy ddns-config - include_tasks: traefik.yml
template: tags:
owner: 1000 - traefik
src: "templates/pi/ddns-updater/data/config.json"
dest: "{{ docker_dir }}/ddns-updater/data/config.json"
mode: '400'
- name: Create traefik-config directory - include_tasks: ddns.yml
file: tags:
path: "{{ item }}" - ddns
owner: 1000
mode: '700'
state: directory
loop:
- "{{ docker_dir }}/traefik/etc-traefik/"
- "{{ docker_dir }}/traefik/var-log/"
- name: Create pihole-config directory - include_tasks: homeassistant.yml
file: tags:
path: "{{ item }}" - homeassistant
owner: 1000
mode: '777'
state: directory
loop:
- "{{ docker_dir }}/pihole/etc-pihole/"
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
become: yes
- name: Copy traefik-config - include_tasks: pihole.yml
template: tags:
owner: 1000 - pihole
src: "templates/pi/{{ item }}"
dest: "{{ docker_dir }}/{{ item }}"
mode: '400'
loop:
- "traefik/etc-traefik/traefik.yml"
- "traefik/var-log/access.log"
- "traefik/var-log/traefik.log"
# Todo, check if docker compose is running # Todo, check if docker compose is running
# - name: Shut down docker # - name: Shut down docker

12
roles/docker/tasks/pihole.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Create pihole-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ docker_dir }}/pihole/etc-pihole/"
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
become: true

42
roles/docker/tasks/prometheus.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Create prometheus dirs
file:
path: "{{ item }}"
owner: 1000
group: 1000
mode: '777'
state: directory
loop:
- "{{ prm_config }}"
- "{{ prm_data}}"
- name: Place prometheus config
template:
owner: 1000
mode: '777'
src: "templates/aya01/prometheus/prometheus.yml"
dest: "{{ prm_config }}/prometheus.yml"
- name: Create prometheus exporter dir
file:
path: "{{ exporter_dir }}"
owner: 1000
group: 1000
mode: '755'
state: directory
- name: Create mikrotik exporters config dir
file:
path: "{{ e_mikrotik_config }}"
owner: 1000
group: 1000
mode: '755'
state: directory
- name: Place mikrotik exporter config
template:
owner: 1000
mode: '400'
src: "templates/aya01/prometheus/exporter/mikrotik/config/config.yml"
dest: "{{ e_mikrotik_config }}/config.yml"

12
roles/docker/tasks/softserve.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Create soft-serve directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ softserve_data }}"
become: true

18
roles/docker/tasks/syncthing.yml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Create syncthing directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ syncthing_data }}"
become: true
- name: Resolve inotify error for syncthing
template:
src: "templates/aya01/syncthing/syncthing.conf"
dest: "/etc/sysctl.d/syncthing.conf"
mode: "660"
become: true

23
roles/docker/tasks/traefik.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Create traefik-config directory
file:
path: "{{ item }}"
owner: 1000
mode: '700'
state: directory
loop:
- "{{ docker_dir }}/traefik/etc-traefik/"
- "{{ docker_dir }}/traefik/var-log/"
- name: Copy traefik-config
template:
owner: 1000
src: "templates/pi/{{ item }}"
dest: "{{ docker_dir }}/{{ item }}"
mode: '400'
loop:
- "traefik/etc-traefik/traefik.yml"
- "traefik/var-log/access.log"
- "traefik/var-log/traefik.log"

30
roles/docker/tasks/zoneminder.yml Normal file
View File

@ -0,0 +1,30 @@
---
- name: Create zoneminder user
user:
name: zm
uid: 911
shell: /bin/false
become: true
- name: Create Zoneminder config directory
file:
path: "{{ item }}"
owner: 911
group: 911
mode: '700'
state: directory
loop:
- "{{ zoneminder_config }}"
become: true
- name: Create Zoneminder data directory
file:
path: "{{ item }}"
owner: 911
group: 911
mode: '755'
state: directory
loop:
- "{{ zoneminder_data }}"
become: true

57
roles/docker/templates/aya01/compose.yaml
View File

@ -1,6 +1,7 @@
version: '3' version: '3'
services: services:
db: db:
container_name: zoneminder_db
image: mariadb image: mariadb
restart: always restart: always
networks: networks:
@ -17,6 +18,7 @@ services:
- "MAX_LOG_NUMBER=20" - "MAX_LOG_NUMBER=20"
- "TZ=Europe/Berlin" - "TZ=Europe/Berlin"
zoneminder: zoneminder:
container_name: zoneminder
image: ghcr.io/zoneminder-containers/zoneminder-base:latest image: ghcr.io/zoneminder-containers/zoneminder-base:latest
restart: always restart: always
stop_grace_period: 45s stop_grace_period: 45s
@ -50,7 +52,7 @@ services:
image: pihole/pihole:latest image: pihole/pihole:latest
restart: unless-stopped restart: unless-stopped
networks: networks:
net: {} - net
ports: ports:
- "53:53/tcp" - "53:53/tcp"
- "53:53/udp" - "53:53/udp"
@ -58,7 +60,7 @@ services:
- "8089:80/tcp" - "8089:80/tcp"
environment: environment:
- "WEBPASSWORD={{ vault_aya01_pihole_password }}" - "WEBPASSWORD={{ vault_aya01_pihole_password }}"
- "ServerIP=192.168.20.12" - "ServerIP={{aya01_ip}}"
- "INTERFACE=eth0" - "INTERFACE=eth0"
- "DNS1=1.1.1.1" - "DNS1=1.1.1.1"
- "DNS1=1.0.0.1" - "DNS1=1.0.0.1"
@ -109,15 +111,66 @@ services:
- "{{ grafana_log }}:/var/log/grafana/" - "{{ grafana_log }}:/var/log/grafana/"
ports: ports:
- 3000:3000 - 3000:3000
soft-serve: soft-serve:
image: charmcli/soft-serve:latest image: charmcli/soft-serve:latest
container_name: soft-serve container_name: soft-serve
networks:
- net
volumes: volumes:
- "{{ softserve_data }}:/soft-serve" - "{{ softserve_data }}:/soft-serve"
ports: ports:
- 23231:23231 - 23231:23231
restart: unless-stopped restart: unless-stopped
prometheus:
image: prom/prometheus
container_name: prometheus
networks:
- net
volumes:
- "{{ prm_config }}:/etc/prometheus"
ports:
- "{{ prm_port }}:9090"
exporter_mikrotik:
container_name: exporter_mikrotik
user: "{{ puid }}:{{ pgid }}"
image: "nshttpd/mikrotik-exporter:{{ e_mikrotik_version }}"
networks:
- net
volumes:
- "{{ e_mikrotik_config }}:/config"
environment:
- "CONFIG_FILE=/config/config.yml"
ports:
- "{{ e_mikrotik_port }}:9436"
restart: unless-stopped
netdata:
image: netdata/netdata
container_name: netdata
hostname: "{{ aya01_host }}"
networks:
- net
ports:
- "{{netdata_port}}:19999"
restart: unless-stopped
cap_add:
- SYS_PTRACE
security_opt:
- apparmor:unconfined
volumes:
- "{{netdata_config}}:/etc/netdata"
- "{{netdata_lib}}:/var/lib/netdata"
- "{{netdata_cache}}:/var/cache/netdata"
- /etc/passwd:/host/etc/passwd:ro
- /etc/group:/host/etc/group:ro
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /etc/os-release:/host/etc/os-release:ro
networks: networks:
zoneminder: zoneminder:
net: net:

18
roles/docker/templates/aya01/prometheus/exporter/mikrotik/config/config.yml Normal file
View File

@ -0,0 +1,18 @@
devices:
- name: mikrotik
address: "{{ e_mikrotik_ip }}"
user: "{{ prm_user }}"
password: "{{ vault_prm_user_password }}"
features:
bgp: false
dhcp: true
dhcpv6: true
dhcpl: true
routes: true
pools: true
optics: true

18
roles/docker/templates/aya01/prometheus/prometheus.yml
View File

@ -8,7 +8,7 @@ global:
# Attach these labels to any time series or alerts when communicating with # Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager). # external systems (federation, remote storage, Alertmanager).
external_labels: external_labels:
monitor: 'Mikrotik' monitor: 'tudattr'
# Alertmanager configuration # Alertmanager configuration
alerting: alerting:
@ -37,18 +37,8 @@ scrape_configs:
#static_configs: #static_configs:
#- targets: ['localhost:9090'] #- targets: ['localhost:9090']
- job_name: 'mikrotik'
- job_name: Mikrotik
static_configs: static_configs:
- targets: - targets:
- {{ mikrotik_ip }} # mikrotik_ip - "{{aya01_ip}}:{{ e_mikrotik_port }}"
metrics_path: /snmp
params:
module: [mikrotik]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: mk_snmp_exporter:9116 # The SNMP exporter's real hostname:port.

4
roles/docker/templates/pi/compose.yaml
View File

@ -20,6 +20,7 @@ services:
- "traefik.http.routers.traefik.rule=Host(`traefik.{{local_domain}}`)" - "traefik.http.routers.traefik.rule=Host(`traefik.{{local_domain}}`)"
# - "traefik.http.routers.traefik.entrypoints=web" # - "traefik.http.routers.traefik.entrypoints=web"
# - "traefik.http.services.traefik.loadbalancer.server.port=80" # - "traefik.http.services.traefik.loadbalancer.server.port=80"
ddns-updater: ddns-updater:
container_name: ddns-updater container_name: ddns-updater
image: "ghcr.io/qdm12/ddns-updater" image: "ghcr.io/qdm12/ddns-updater"
@ -30,11 +31,11 @@ services:
- "{{ ddns_updater_data }}:/updater/data/" - "{{ ddns_updater_data }}:/updater/data/"
ports: ports:
- 8000:8000/tcp - 8000:8000/tcp
homeassistant: homeassistant:
container_name: homeassistant container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable" image: "ghcr.io/home-assistant/home-assistant:stable"
restart: unless-stopped restart: unless-stopped
# network_mode: host
volumes: volumes:
- "/etc/localtime:/etc/localtime:ro" - "/etc/localtime:/etc/localtime:ro"
- "{{ ha_config }}:/config/" - "{{ ha_config }}:/config/"
@ -49,6 +50,7 @@ services:
- "traefik.http.routers.homeassistant.rule=Host(`hass.{{local_domain}}`)" - "traefik.http.routers.homeassistant.rule=Host(`hass.{{local_domain}}`)"
# - "traefik.http.routers.homeassistant.entrypoints=web" # - "traefik.http.routers.homeassistant.entrypoints=web"
# - "traefik.http.services.homeassistant.loadbalancer.server.port=8123" # - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
pihole: pihole:
container_name: pihole container_name: pihole
image: pihole/pihole:latest image: pihole/pihole:latest

2
roles/samba/tasks/config.yaml
View File

@ -4,9 +4,11 @@
src: "{{ smb_config }}" src: "{{ smb_config }}"
dest: /etc/samba/smb.conf dest: /etc/samba/smb.conf
become: true become: true
register: smbconf
- name: Restart nmbd.service - name: Restart nmbd.service
systemd: systemd:
name: nmbd name: nmbd
state: restarted state: restarted
become: true become: true
when: smbconf.changed

2
roles/samba/tasks/install.yaml
View File

@ -32,10 +32,12 @@
groups: "{{ smb_group }}" groups: "{{ smb_group }}"
append: true append: true
become: true become: true
register: new_user
- name: Add password to "{{ smb_user }}" - name: Add password to "{{ smb_user }}"
shell: shell:
cmd: smbpasswd -a "{{ smb_user }}" cmd: smbpasswd -a "{{ smb_user }}"
stdin: "{{ vault_smb_user_password }}\n{{ vault_smb_user_password }}" stdin: "{{ vault_smb_user_password }}\n{{ vault_smb_user_password }}"
become: true become: true
when: new_user.changed