tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(docker): Add karakeep and keycloak services

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-04-24 20:24:33 +02:00
parent 6934a9f5fc
commit 42196a32dc
11 changed files with 776 additions and 629 deletions
Download Patch File Download Diff File Expand all files Collapse all files

521
group_vars/docker/docker.yml Normal file
View File

@@ -0,0 +1,521 @@
docker:
url: "https://download.docker.com/linux"
apt_release_channel: "stable"
directories:
local: "/opt/local/"
config: "/opt/docker/config/"
compose: "/opt/docker/compose/"
services:
- name: syncthing
vm:
- docker-host00
container_name: syncthing
image: syncthing/syncthing:1.29
restart: unless-stopped
volumes:
- name: "Data"
internal: /var/syncthing/
external: /media/docker/data/syncthing/
ports:
- name: "http"
internal: 8384
external: "{{ services_external_http.syncthing }}"
- name: ""
internal: 22000
external: 22000
- name: ""
internal: 22000
external: 22000
- name: ""
internal: 21027
external: 21027
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: status
vm:
- docker-host00
container_name: kuma
image: louislam/uptime-kuma:1.23.16
restart: unless-stopped
volumes:
- name: "Data"
internal: /app/data
external: "{{ docker.directories.local }}/kuma/"
ports:
- name: "http"
internal: 3001
external: "{{ services_external_http.kuma }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: plex
vm:
- docker-host00
container_name: plex
image: lscr.io/linuxserver/plex:1.41.5
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/plex/config/"
- name: "TV Series"
internal: /tv:ro
external: /media/series
- name: "Movies"
internal: /movies:ro
external: /media/movies
- name: "Music"
internal: /music:ro
external: /media/songs
devices:
- name: "Graphics Card"
internal: /dev/dri
external: /dev/dri
ports:
- name: "http"
internal: 32400
external: "{{ services_external_http.plex }}"
- name: ""
internal: 1900
external: 1900
- name: ""
internal: 3005
external: 3005
- name: ""
internal: 5353
external: 5353
- name: ""
internal: 32410
external: 32410
- name: ""
internal: 8324
external: 8324
- name: ""
internal: 32412
external: 32412
- name: ""
internal: 32469
external: 32469
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- VERSION=docker
- name: jellyfin
vm:
- docker-host01
container_name: jellyfin
image: jellyfin/jellyfin:10.10
restart: "unless-stopped"
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/jellyfin/config"
- name: "Cache"
internal: /cache
external: "{{ docker.directories.config }}/jellyfin/cache"
- name: "Tv Series"
internal: /tv:ro
external: /media/series
- name: "Music"
internal: /movies:ro
external: /media/movies
- name: "Music"
internal: /music:ro
external: /media/songs
devices:
- name: "Graphics Card"
internal: /dev/dri
external: /dev/dri
ports:
- name: "http"
internal: 8096
external: "{{ services_external_http.jellyfin }}"
environment:
- name: hass
vm:
- docker-host01
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
restart: unless-stopped
privileged: true
volumes:
- name: "Configuration"
internal: /config/
external: "{{ docker.directories.local }}/home-assistant/config/"
- name: "Local Time"
internal: /etc/localtime:ro
external: /etc/localtime
ports:
- name: "http"
internal: 8123
external: "{{ services_external_http.hass }}"
- name: ""
internal: 4357
external: 4357
- name: ""
internal: 5683
external: 5683
- name: ""
internal: 5683
external: 5683
- name: ddns
vm:
- docker-host00
container_name: ddns-updater
image: qmcgaw/ddns-updater:2
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /updater/data/"
external: "{{ docker.directories.config }}/ddns-updater/data/"
ports:
- name: "http"
internal: 8000
external: "{{ services_external_http.ddns }}"
- name: sonarr
vm:
- docker-host00
container_name: sonarr
image: linuxserver/sonarr:4.0.14
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/sonarr/config"
- name: "Tv Series"
internal: /tv
external: /media/series
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/sonarr
ports:
- name: "http"
internal: 8989
external: "{{ services_external_http.sonarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: radarr
vm:
- docker-host00
container_name: radarr
image: linuxserver/radarr:5.21.1
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/radarr/config"
- name: "Movies"
internal: /movies
external: /media/movies
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/radarr
ports:
- name: "http"
internal: 7878
external: "{{ services_external_http.radarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: lidarr
vm:
- docker-host00
container_name: lidarr
image: linuxserver/lidarr:2.10.3
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/lidarr/config"
- name: "Music"
internal: /music
external: /media/songs
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/lidarr
ports:
- name: "http"
internal: 8686
external: "{{ services_external_http.lidarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: prowlarr
vm:
- docker-host00
container_name: prowlarr
image: linuxserver/prowlarr:1.32.2
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/prowlarr/config"
ports:
- name: "http"
internal: 9696
external: "{{ services_external_http.prowlarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: paperless
vm:
- docker-host00
container_name: paperless
image: ghcr.io/paperless-ngx/paperless-ngx:2.14
restart: unless-stopped
depends_on:
- paperless-postgres
- paperless-broker
volumes:
- name: "Configuration"
internal: /usr/src/paperless/data
external: "{{ docker.directories.local }}/paperless/data/data"
- name: "Media"
internal: /usr/src/paperless/media
external: "{{ docker.directories.local }}/paperless/data/media"
- name: "Document Export"
internal: /usr/src/paperless/export
external: "{{ docker.directories.local }}/paperless/data/export"
- name: "Document Consume"
internal: /usr/src/paperless/consume
external: "{{ docker.directories.local }}/paperless/data/consume"
environment:
- "PAPERLESS_REDIS=redis://paperless-broker:6379"
- "PAPERLESS_DBHOST=paperless-postgres"
- "PAPERLESS_DBUSER=paperless"
- "PAPERLESS_DBPASS={{ vault.docker.paperless.dbpass }}"
- "USERMAP_UID=1000"
- "USERMAP_GID=1000"
- "PAPERLESS_URL=https://paperless.{{ domain }}"
- "PAPERLESS_TIME_ZONE=Europe/Berlin"
- "PAPERLESS_OCR_LANGUAGE=deu"
ports:
- name: "http"
internal: 8000
external: "{{ services_external_http.paperless }}"
- name: pdf
vm:
- docker-host00
container_name: stirling
image: frooodle/s-pdf:0.45.0
restart: unless-stopped
ports:
- name: "http"
internal: 8080
external: "{{ services_external_http.pdf }}"
- name: git
vm:
- docker-host01
container_name: gitea
image: gitea/gitea:1.23-rootless
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /etc/gitea
external: "{{ docker.directories.local }}/gitea/config"
- name: "Data"
internal: /var/lib/gitea
external: "{{ docker.directories.local }}/gitea/data"
- name: "Time Zone"
internal: /etc/timezone:ro
external: /etc/timezone
- name: "Local Time"
internal: /etc/localtime:ro
external: /etc/localtime
ports:
- name: "http"
internal: 3000
external: "{{ services_external_http.git }}"
- name: "ssh"
internal: 2222
external: 2222
environment:
- USER_UID=1000
- USER_GID=1000
- name: changedetection
vm:
- docker-host00
container_name: changedetection
image: dgtlmoon/changedetection.io:0.49
restart: unless-stopped
volumes:
- name: "Data"
internal: /datastore
external: "{{ docker.directories.config }}/changedetection/data/"
ports:
- name: "http"
internal: 5000
external: "{{ services_external_http.changedetection }}"
- name: gluetun
vm:
- docker-host00
container_name: gluetun
image: qmcgaw/gluetun:v3.40
restart: unless-stopped
cap_add:
- NET_ADMIN
devices:
- name: "Tunnel"
internal: /dev/net/tun
external: /dev/net/tun
volumes:
- name: "Configuration"
internal: /gluetun
external: "{{ docker.directories.config }}/gluetun/config"
ports:
- name: "Qbit Client"
internal: 8082
external: 8082
- name: "Torrentleech Client"
internal: 8083
external: 8083
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- VPN_SERVICE_PROVIDER=protonvpn
- UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
- UPDATER_PERIOD=24h
- "SERVER_COUNTRIES={{ vault.docker.proton.country }}"
- "OPENVPN_USER={{ vault.docker.proton.openvpn_user }}"
- "OPENVPN_PASSWORD={{ vault.docker.proton.openvpn_password }}"
- name: torrentleech
vm:
- docker-host00
container_name: torrentleech
image: qbittorrentofficial/qbittorrent-nox
restart: unless-stopped
depends_on:
- gluetun
network_mode: "container:gluetun"
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.config }}/torrentleech/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
ports:
- name: "http"
internal: proxy_only
external: 8083
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- QBT_EULA="accept"
- QBT_WEBUI_PORT="8083"
- name: qbit
vm:
- docker-host00
container_name: qbit
image: qbittorrentofficial/qbittorrent-nox:5.0.4-1
restart: unless-stopped
depends_on:
- gluetun
network_mode: "container:gluetun"
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.config }}/qbit/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
ports:
- name: "http"
internal: proxy_only
external: 8082
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- QBT_EULA="accept"
- QBT_WEBUI_PORT="8082"
- name: cadvisor
vm:
- docker-host00
- docker-host01
container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.52.1
restart: unless-stopped
ports:
- name: ""
internal: 8080
external: 8081
volumes:
- name: "Root"
internal: /rootfs:ro
external: /
- name: "Run"
internal: /var/run:rw
external: /var/run
- name: "System"
internal: /sys:ro
external: /sys
- name: "Docker"
internal: /var/lib/docker:ro
external: /var/lib/docker
- name: karakeep
vm:
- docker-host01
container_name: karakeep
image: ghcr.io/karakeep-app/karakeep:0.23.2
restart: unless-stopped
ports:
- name: "http"
internal: 3000
external: "{{ services_external_http.karakeep }}"
volumes:
- name: "Data"
internal: /data
external: "{{ docker.directories.local }}/karakeep/config"
environment:
- MEILI_ADDR=http://karakeep-meilisearch:7700
- BROWSER_WEB_URL=http://karakeep-chrome:9222
- NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
- MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
- NEXTAUTH_URL=https://karakeep.tudattr.dev/
- OPENAI_API_KEY={{ vault.docker.karakeep.openai_key }}
- DATA_DIR=/data
- DISABLE_SIGNUPS=true
- name: keycloak
vm:
- docker-host01
container_name: keycloak
image: quay.io/keycloak/keycloak:26.2
restart: unless-stopped
ports:
- name: "http"
internal: 8080
external: "{{ services_external_http.keycloak }}"
volumes:
- name: "config"
internal: /opt/keycloak/data/import/homelab-realm.json
external: "{{ docker.directories.local }}/keycloak/homelab-realm.json"
command:
- "start"
- "--import-realm"
environment:
- KC_DB=postgres
- KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
- KC_DB_USERNAME=keycloak
- KC_DB_PASSWORD=password
- KC_HOSTNAME=keycloak.{{ internal_domain }}
- KC_HTTP_ENABLED=true
- KC_HTTP_RELATIVE_PATH=/
- KC_PROXY=edge
- KC_PROXY_HEADERS=xforwarded
- KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }}
- KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }}
- KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }}
- KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault.docker.keycloak.admin.password }

51
group_vars/docker/keycloak.yml Normal file
View File

@@ -0,0 +1,51 @@
keycloak_admin_hash: "{{ vault.docker.keycloak.admin.hash }}"
keycloak_config:
reals:
- realm: homelab
display_name: "Homelab Realm"
users:
- username: tudattr
password: "{{ vault.docker.keycloak.user.password }}"
realm_roles:
- offline_access
- uma_authorization
client_roles:
account:
- view-profile
- manage-account
admin:
username: "serviceadmin-{{ keycloak_admin_hash }}"
password: "{{ vault.docker.keycloak.admin.password }}"
realm_roles:
- offline_access
- uma_authorization
- admin
client_roles:
realm_management:
- realm-admin
account:
- view-profile
- manage-account
roles:
realm:
- name: admin
description: "Administrator role for the homelab realm"
default_roles:
- offline_access
- uma_authorization
- realm: master
display_name: "master"
admin:
username: "serviceadmin-{{ keycloak_admin_hash }}"
password: "{{ vault.docker.keycloak.admin.password }}"
realm_roles:
- offline_access
- uma_authorization
- admin
client_roles:
realm_management:
- realm-admin
account:
- view-profile
- manage-account

19
group_vars/docker/port_mapping.yml Normal file
View File

@@ -0,0 +1,19 @@
services_external_http:
syncthing: 8384
kuma: 3001
plex: 32400
jellyfin: 8096
hass: 8123
ddns: 8001
sonarr: 8989
radarr: 7878
lidarr: 8686
prowlarr: 9696
paperless: 8000
pdf: 8080
git: 3000
changedetection: 5000
torrentleech: 8083
qbit: 8082
karakeep: 3002
keycloak: 3003

81
group_vars/docker/secrets.yml
View File

@@ -1,32 +1,51 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30383661646632613539633934643164373364323632396664653738383461643436633438616663 66363634613334353739343565353932393932633064623536666362323639643230343866313864
6532323935383966363234373262313135316338333163350a373034356562316438643339643731 6331373639363262343664396131626632653232666439630a663333323564343763303266626362
65323462663363313935313763643461633932323763633032346537653431643838643632316431 30356631633633623535616136326438353166633637353339353461333439333364313437653364
3464646137303635300a613464346161636563343664386135663038346464343663323738356432 6565653535616330330a386639643730366535346233303463303030306437303931623839356538
66353638616631353765393462353234323437356666316332396661663063363435363039323966 36666562353861373435366131373535613733323338393030396335646138653361653538386263
31303361323432333934353738613233363431366261623433356437626638353063623363373761 63373763643031343831643339653964653337316264356536376261643664373465323231643534
63313437666132373762643530353432353066393861363964663531333439653939313563626334 64646565643734613035326463653331613366356163326561383765653264336265313439346130
31646265316238626639316330373635396538666535373034366131353535343766663833656161 39623661643264633838386362313866386536326461336232333564343634363437653863346664
35326364303262323133633236656632303537636665303061613362336631643261373061393462 63376662643731663834303830393561353031653334386161663938636665383362313236626530
32343263623162643866366361376165633165383733663636363632393634316164356433343766 34663231343039376639306264383539663263306166343335363663303664326631633534333263
30373634623161343363303936396436613265396432616432643064383231326561646533646532 63613565656263623066376239313330313464303635613366613537333063616666393532363635
64393136313438343433643134666164373236383634333838363662323133343833363435306234 65363237613262303161326530336464313262653665633630396562616534653464666638666138
39366662616634323837333231663964633834316163663036613433663630303566303330663765 35396139363033353530353266376230366165653261323837303966623032356236303631363234
38346137393637323434396364333063393961393232363839636334643339333930363131396637 63366338333266616263376636373836313333373936313562626237306631646434383738396537
63383034386535346337633263323130353338393135326535646134336264643136396331653337 63333262306637326330623236323335326530383231626534616666616530373463656534336330
63643035393135623762663763306234313336326465623530393764663131636262386435316235 37383239376237663730323137623638353062666566373464343935613239343038386335323064
38373761333762653531613365336234363238623864393062626166373862623239386164346465 62653436343563643065373238326339663032636634326365393131373439343736633332366566
63393062343166306563636332643966336435303161636533316234353332646131373731313234 64366635633939326262336238653531653738353263663539383361303466393661616231326532
33366465653663643938386439313134666662373865313061316135653639366161303631643436 66666537653230396661616361653163663231653463336639343236333462656138386163346537
64656332616533333338336437323262336463653439613530366430633161616166626461333263 62613866623862383236366161623939386337396133393563623133656461633036633731353234
36643231656133316135373936303361336535393661643363303636343331313461643561303266 37643733343333613063656531356432363666383638343439396332316164633532383934663666
32303438333261613635373165636630363264376638633563353438663236663733346662303661 32373039636232343930613762386339613963613933316130313565323364343863363139306262
35656265373530333063373136343132323461643136336137323361613166336461386565366562 31636532306234613534366364386666366538663231386166666538633737373134396637306664
62343466643334636536653932373433356137373339333235656532643935373661663234633564 62376537356137626366376636373564373039633135376462343865393831303733356165393938
31356630356164646533323134353138666563356431633262306465343731303937323439353236 34633534356466313530333762333631336563346338613737633930386461346132613338346438
66323464633330363031383566313137303766373331653234396131366462633861653031316562 64663362646364626362396264333563623263306133343438383166663339333133623639613435
65346537383436353333303062396139313036386562663630623834306635306230363661353965 66373831353862323432666132626265656536653163343437373465303139326536326534373832
63613239663835623365393432336532636230386635313262623439386338623538626565613765 63626137643031356335353137333962633535323331613038646265313037616431353761383465
63646334313933613963623961633831393737366166363366313138393436633537376166663365 37623134656163613835353866313562623366336439386138646337363764333662346139323565
63333965363465376365353436326236343832653164393563653236376132393463616365616139 34386463313730333761646465633936626436343166613636353938343039636239663031366335
623130306134323838303339653664646539 65336661343635346665393766623730316665323865643663623361666265373439376336396431
34333035633337353663623966303738393261663433373039666539333861663538663431333664
34363036313332616435383638353165663333343638356661326538333734313136636630623832
37303663633433623638616364313239623736323832336161303735663030386138643636386633
34396234363238623635633135373439643839333266643331633365326161353836643735636463
63613538313839336337616561353836346339623761636630303037383766393362366636323533
64333139623532346463346532316132323664366132646636636639636361653734343733386465
39643437666464663930303934343239383539346638643332396166383737336461646333326335
62626230396662366563356664366662396331613235356665376162626637613336333764313261
32393663306163613235336262663562646636656366393538656561333139323339313233373833
33376633303964356261656265653435663339333031323133656331663231626339633533396638
33316339356339383031306535373434636464376337303938636261363833363830613464323263
31353764353933656332353633393338386637373334623766396430646261666236333162633136
64623034653163303166346235373335396533343461663763643664363561383331386335393631
65333534636139356538306434356364656339313938383566343633626663376533373564636430
35356539343233313234343232323465323433313839633764326433303732356665666630616534
34343736663263303336656135393534366462323936383161646533623064376638346330396339
64653066343062396135666335643533353439663535333037373661346166623030613235396433
37653335666533373365633233393338376166343637393432383666313139643564383638333666
3461306330623163336465303963643836653238306330363034

585
group_vars/docker/vars.yml
View File

@@ -1,589 +1,4 @@
docker:
url: "https://download.docker.com/linux"
apt_release_channel: "stable"
directories:
opt: "/opt/docker/"
compose: "/opt/docker/compose"
caddy: caddy:
admin_email: me+acme@tudattr.dev admin_email: me+acme@tudattr.dev
domain: "seyshiro.de" domain: "seyshiro.de"
services:
- name: syncthing
vm:
- docker-host00
container_name: syncthing
image: syncthing/syncthing:1.29
restart: unless-stopped
volumes:
- name: "Data"
internal: /var/syncthing/
external: /media/docker/data/syncthing/
ports:
- name: "http"
internal: 8384
external: 8384
- name: ""
internal: 22000
external: 22000
- name: ""
internal: 22000
external: 22000
- name: ""
internal: 21027
external: 21027
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: status
vm:
- docker-host00
container_name: kuma
image: louislam/uptime-kuma:1.23.16
restart: unless-stopped
volumes:
- name: "Data"
internal: /app/data
external: /opt/local/kuma/
ports:
- name: "http"
internal: 3001
external: 3001
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: plex
vm:
- docker-host00
container_name: plex
image: lscr.io/linuxserver/plex:1.41.5
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: /opt/local/plex/config/
- name: "TV Series"
internal: /tv:ro
external: /media/series
- name: "Movies"
internal: /movies:ro
external: /media/movies
- name: "Music"
internal: /music:ro
external: /media/songs
devices:
- name: "Graphics Card"
internal: /dev/dri
external: /dev/dri
ports:
- name: "http"
internal: 32400
external: 32400
- name: ""
internal: 1900
external: 1900
- name: ""
internal: 3005
external: 3005
- name: ""
internal: 5353
external: 5353
- name: ""
internal: 32410
external: 32410
- name: ""
internal: 8324
external: 8324
- name: ""
internal: 32412
external: 32412
- name: ""
internal: 32469
external: 32469
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- VERSION=docker
- name: jellyfin
vm:
- docker-host01
container_name: jellyfin
image: jellyfin/jellyfin:10.10
restart: "unless-stopped"
volumes:
- name: "Configuration"
internal: /config
external: /opt/local/jellyfin/config
- name: "Cache"
internal: /cache
external: /opt/docker/config/jellyfin/cache
- name: "Tv Series"
internal: /tv:ro
external: /media/series
- name: "Music"
internal: /movies:ro
external: /media/movies
- name: "Music"
internal: /music:ro
external: /media/songs
devices:
- name: "Graphics Card"
internal: /dev/dri
external: /dev/dri
ports:
- name: "http"
internal: 8096
external: 8096
environment:
- name: hass
vm:
- docker-host01
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
restart: unless-stopped
privileged: true
volumes:
- name: "Configuration"
internal: /config/
external: /opt/local/home-assistant/config/
- name: "Local Time"
internal: /etc/localtime:ro
external: /etc/localtime
ports:
- name: "http"
internal: 8123
external: 8123
- name: ""
internal: 4357
external: 4357
- name: ""
internal: 5683
external: 5683
- name: ""
internal: 5683
external: 5683
- name: ddns
vm:
- docker-host00
container_name: ddns-updater
image: qmcgaw/ddns-updater:2
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /updater/data/"
external: /opt/docker/config/ddns-updater/data/
ports:
- name: "http"
internal: 8000
external: 8001
- name: sonarr
vm:
- docker-host00
container_name: sonarr
image: linuxserver/sonarr:4.0.14
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: /opt/local/sonarr/config
- name: "Tv Series"
internal: /tv
external: /media/series
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/sonarr
ports:
- name: "http"
internal: 8989
external: 8989
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: radarr
vm:
- docker-host00
container_name: radarr
image: linuxserver/radarr:5.21.1
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: /opt/local/radarr/config
- name: "Movies"
internal: /movies
external: /media/movies
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/radarr
ports:
- name: "http"
internal: 7878
external: 7878
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: lidarr
vm:
- docker-host00
container_name: lidarr
image: linuxserver/lidarr:2.10.3
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: /opt/local/lidarr/config
- name: "Music"
internal: /music
external: /media/songs
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/lidarr
ports:
- name: "http"
internal: 8686
external: 8686
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: prowlarr
vm:
- docker-host00
container_name: prowlarr
image: linuxserver/prowlarr:1.32.2
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /config
external: /opt/local/prowlarr/config
ports:
- name: "http"
internal: 9696
external: 9696
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: paperless
vm:
- docker-host00
container_name: paperless
image: ghcr.io/paperless-ngx/paperless-ngx:2.14
restart: unless-stopped
depends_on:
- paperless-postgres
- paperless-broker
volumes:
- name: "Configuration"
internal: /usr/src/paperless/data
external: /opt/local/paperless/data/data
- name: "Media"
internal: /usr/src/paperless/media
external: /opt/local/paperless/data/media
- name: "Document Export"
internal: /usr/src/paperless/export
external: /opt/local/paperless/data/export
- name: "Document Consume"
internal: /usr/src/paperless/consume
external: /opt/local/paperless/data/consume
environment:
- "PAPERLESS_REDIS=redis://paperless-broker:6379"
- "PAPERLESS_DBHOST=paperless-postgres"
- "PAPERLESS_DBUSER=paperless"
- "PAPERLESS_DBPASS={{ vault.docker.paperless.dbpass }}"
- "USERMAP_UID=1000"
- "USERMAP_GID=1000"
- "PAPERLESS_URL=https://paperless.{{ domain }}"
- "PAPERLESS_TIME_ZONE=Europe/Berlin"
- "PAPERLESS_OCR_LANGUAGE=deu"
ports:
- name: "http"
internal: 8000
external: 8000
- name: pdf
vm:
- docker-host00
container_name: stirling
image: frooodle/s-pdf:0.45.0
restart: unless-stopped
ports:
- name: "http"
internal: 8080
external: 8080
- name: git
vm:
- docker-host01
container_name: gitea
image: gitea/gitea:1.23-rootless
restart: unless-stopped
volumes:
- name: "Configuration"
internal: /etc/gitea
external: /opt/local/gitea/config
- name: "Data"
internal: /var/lib/gitea
external: /opt/local/gitea/data
- name: "Time Zone"
internal: /etc/timezone:ro
external: /etc/timezone
- name: "Local Time"
internal: /etc/localtime:ro
external: /etc/localtime
ports:
- name: "http"
internal: 3000
external: 3000
- name: "ssh"
internal: 2222
external: 2222
environment:
- USER_UID=1000
- USER_GID=1000
- name: changedetection
vm:
- docker-host00
container_name: changedetection
image: dgtlmoon/changedetection.io:0.49
restart: unless-stopped
volumes:
- name: "Data"
internal: /datastore
external: /opt/docker/config/changedetection/data/
ports:
- name: "http"
internal: 5000
external: 5000
- name: gluetun
vm:
- docker-host00
container_name: gluetun
image: qmcgaw/gluetun:v3.40
restart: unless-stopped
cap_add:
- NET_ADMIN
devices:
- name: "Tunnel"
internal: /dev/net/tun
external: /dev/net/tun
volumes:
- name: "Configuration"
internal: /gluetun
external: /opt/docker/config/gluetun/config
ports:
- name: "Qbit Client"
internal: 8082
external: 8082
- name: "Torrentleech Client"
internal: 8083
external: 8083
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- VPN_SERVICE_PROVIDER=protonvpn
- UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
- UPDATER_PERIOD=24h
- "SERVER_COUNTRIES={{ vault.docker.proton.country }}"
- "OPENVPN_USER={{ vault.docker.proton.openvpn_user }}"
- "OPENVPN_PASSWORD={{ vault.docker.proton.openvpn_password }}"
- name: torrentleech
vm:
- docker-host00
container_name: torrentleech
image: qbittorrentofficial/qbittorrent-nox
restart: unless-stopped
depends_on:
- gluetun
network_mode: "container:gluetun"
volumes:
- name: "Configuration"
internal: /config
external: /opt/docker/config/torrentleech/config
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
ports:
- name: "http"
internal: proxy_only
external: 8083
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- QBT_EULA="accept"
- QBT_WEBUI_PORT="8083"
- name: qbit
vm:
- docker-host00
container_name: qbit
image: qbittorrentofficial/qbittorrent-nox:5.0.4-1
restart: unless-stopped
depends_on:
- gluetun
network_mode: "container:gluetun"
volumes:
- name: "Configuration"
internal: /config
external: /opt/docker/config/qbit/config
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
ports:
- name: "http"
internal: proxy_only
external: 8082
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- QBT_EULA="accept"
- QBT_WEBUI_PORT="8082"
- name: cadvisor
vm:
- docker-host00
- docker-host01
container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.52.1
restart: unless-stopped
ports:
- name: ""
internal: 8080
external: 8081
volumes:
- name: "Root"
internal: /rootfs:ro
external: /
- name: "Run"
internal: /var/run:rw
external: /var/run
- name: "System"
internal: /sys:ro
external: /sys
- name: "Docker"
internal: /var/lib/docker:ro
external: /var/lib/docker
- name: karakeep
vm:
- docker-host01
container_name: karakeep
image: ghcr.io/karakeep-app/karakeep:0.23.2
restart: unless-stopped
ports:
- name: "http"
internal: 3000
external: 3000
volumes:
- name: "Data"
internal: /data
external: /opt/local/karakeep/config
environment:
- MEILI_ADDR: http://karakeep-meilisearch:7700
- BROWSER_WEB_URL: http://karakeep-chrome:9222
- NEXTAUTH_SECRET: "{{ vault.docker.karakeep.nextauth_secret }}"
- MEILI_MASTER_KEY: "{{ vault.docker.karakeep.meili_master_key }}"
- NEXTAUTH_URL: http://localhost:3000
# - name: anubis
# vm:
# - docker-host00
# - docker-host01
# container_name: anubis
# image: ghcr.io/techarohq/anubis:v1.15.2
# restart: unless-stopped
# ports:
# - name: ""
# internal: 8080
# external: 8080
# volumes:
# - name: ""
# internal: "/data/cfg/botPolicy.json:ro"
# external: "./botPolicy.json"
# environment:
# - BIND=":8080"
# - DIFFICULTY="5"
# - METRICS_BIND=":9090"
# - SERVE_ROBOTS_TXT="true"
# - TARGET="http://{{ hostvars[docker-lb].host.ip }}"
# - POLICY_FNAME="/data/cfg/botPolicy.json"
# - name: template
# vm:
# -
# container_name:
# image:
# restart:
# volumes:
# - name:
# internal:
# external:
# ports:
# - name:
# internal:
# external:
# environment:
# -
# - name: calibre
# vm:
# - docker-host00
# container_name: calibre
# image: lscr.io/linuxserver/calibre-web:latest
# restart: unless-stopped
# volumes:
# - name: "Configuration"
# internal: /config"
# external: /opt/local/calibre/
# - name: "Books"
# internal: /books"
# external: /media/docker/data/calibre/
# ports:
# - name: "http"
# internal: 5000
# external: 5000
# environment:
# - PUID=1000
# - PGID=1000
# - TZ=Europe/Berlin
# - DOCKER_MODS=linuxserver/mods:universal-calibre
# - name: grafana
# vm:
# container_name: grafana
# image: grafana/grafana-oss
# restart: unless-stopped
# volumes:
# - name: "Configuration"
# internal: /etc/grafana/
# external: /opt/docker/config/grafana/config/
# - name: "Data"
# internal: /var/lib/grafana/
# external: /media/docker/data/grafana/
# ports:
# environment:
# - PUID=472
# - PGID=472
# - TZ=Europe/Berlin
# - name: prometheus
# vm:
# - docker-host00
# container_name: prometheus
# image: prom/prometheus
# restart: unless-stopped
# volumes:
# - name: "Configuration"
# internal: /etc/prometheus/
# external: /opt/docker/config/prometheus/
# - name: "Data"
# internal: /prometheus/
# external: prometheus_data
# ports:
# - name: "http"
# internal: 5000
# external: 5000
# environment:
# - PUID=65534
# - PGID=65534
# - TZ=Europe/Berlin

2
roles/docker_host/handlers/main.yml
View File

@@ -11,5 +11,3 @@
state: present state: present
retries: 3 retries: 3
delay: 5 delay: 5
register: result
until: result.rc == 0

9
roles/docker_host/tasks/directory_setup.yml
View File

@@ -9,9 +9,9 @@
- /media/series - /media/series
- /media/movies - /media/movies
- /media/songs - /media/songs
- "{{ docker.directories.opt }}" - "{{ docker.directories.local }}"
- "{{ docker.directories.config }}"
- "{{ docker.directories.compose }}" - "{{ docker.directories.compose }}"
- /opt/local
become: true become: true
- name: Set ownership to {{ user }} - name: Set ownership to {{ user }}
@@ -20,8 +20,9 @@
owner: "{{ user }}" owner: "{{ user }}"
group: "{{ user }}" group: "{{ user }}"
loop: loop:
- "{{ docker.directories.opt }}" - "{{ docker.directories.local }}"
- /opt/local - "{{ docker.directories.config }}"
- "{{ docker.directories.compose }}"
- /media - /media
become: true become: true

3
roles/docker_host/tasks/main.yml
View File

@@ -11,6 +11,9 @@
- name: Setup directory structure for docker - name: Setup directory structure for docker
ansible.builtin.include_tasks: directory_setup.yml ansible.builtin.include_tasks: directory_setup.yml
- name: Deploy configs
ansible.builtin.include_tasks: provision.yml
- name: Deploy docker compose - name: Deploy docker compose
ansible.builtin.include_tasks: deploy_compose.yml ansible.builtin.include_tasks: deploy_compose.yml

31
roles/docker_host/tasks/provision.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- name: Set fact if this host should run Keycloak
ansible.builtin.set_fact:
is_keycloak_host: "{{ inventory_hostname in (services | selectattr('name', 'equalto', 'keycloak') | map(attribute='vm') | first) }}"
- name: Run Keycloak tasks
ansible.builtin.file:
path: "{{ docker.directories.local }}/keycloak/"
owner: "{{ user }}"
group: "{{ user }}"
state: directory
mode: "0755"
when: is_keycloak_host | bool
become: true
- name: Run Keycloak tasks
ansible.builtin.template:
src: "templates/keycloak/realm.json.j2"
dest: "{{ docker.directories.local }}/keycloak/{{ keycloak.realm }}-realm.json"
owner: "{{ user }}"
group: "{{ user }}"
mode: "644"
backup: true
when: is_keycloak_host | bool
loop: "{{ keycloak_config.realms }}"
loop_control:
loop_var: keycloak
notify:
- Restart docker
- Restart compose
become: true

26
roles/docker_host/templates/compose.yaml.j2
View File

@@ -56,10 +56,16 @@ services:
- {{ device.external }}:{{ device.internal }} - {{ device.external }}:{{ device.internal }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if service.command is defined and service.command is iterable %}
command:
{% for command in service.command %}
- {{ command }}
{% endfor %}
{% endif %}
{% if service.name == 'paperless' %} {% if service.name == 'paperless' %}
{{ service.name }}-broker: {{ service.name }}-broker:
container_name: paperless-broker container_name: {{ service.name }}-broker
image: docker.io/library/redis:7 image: docker.io/library/redis:7
restart: unless-stopped restart: unless-stopped
networks: networks:
@@ -68,7 +74,7 @@ services:
- /opt/local/paperless/redis/data:/data - /opt/local/paperless/redis/data:/data
{{ service.name }}-postgres: {{ service.name }}-postgres:
container_name: paperless-postgres container_name: {{ service.name }}-postgres
image: docker.io/library/postgres:15 image: docker.io/library/postgres:15
restart: unless-stopped restart: unless-stopped
networks: networks:
@@ -84,7 +90,10 @@ services:
{{ service.name }}-chrome: {{ service.name }}-chrome:
image: gcr.io/zenika-hub/alpine-chrome:123 image: gcr.io/zenika-hub/alpine-chrome:123
container_name: {{ service.name }}-chrome
restart: unless-stopped restart: unless-stopped
networks:
- net
command: command:
- --no-sandbox - --no-sandbox
- --disable-gpu - --disable-gpu
@@ -95,14 +104,17 @@ services:
{{ service.name }}-meilisearch: {{ service.name }}-meilisearch:
image: getmeili/meilisearch:v1.11.1 image: getmeili/meilisearch:v1.11.1
container_name: {{ service.name }}-meilisearch
restart: unless-stopped restart: unless-stopped
networks:
- net
environment: environment:
MEILI_NO_ANALYTICS: "true" - MEILI_NO_ANALYTICS=true
NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }} - NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }} - MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
NEXTAUTH_URL=http://localhost:3000 - OPENAI_API_KEY="{{ vault.docker.karakeep.openai_key }}"
volumes: volumes:
- meilisearch:/meili_data - /opt/local/karakeep/meili/data:/meili_data
{% endif %} {% endif %}
{% endif %} {% endif %}

77
roles/docker_host/templates/keycloak/realm.json.j2 Normal file
View File

@@ -0,0 +1,77 @@
{
"realm": "{{ keycloak.realm }}",
"enabled": true,
"displayName": "{{ keycloak.display_name }}",
"displayNameHtml": "<div class=\"kc-logo-text\">{{keycloak.display_name}}</div>",
"bruteForceProtected": true,
"users": [
{%- for user in keycloak.users %}
{
"username": "{{ user.username }}",
"enabled": true,
"credentials": [
{
"type": "password",
"value": "{{ user.password }}",
"temporary": false
}
],
"realmRoles": [
{%- for realm_role in user.realm_roles %}
"{{ realm_role }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
],
"clientRoles": {
"account": [
{%- for account in user.client_roles.account %}
"{{ account }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
]
}
},
{% endfor %}
{
"username": "{{ keycloak.admin.username }}",
"enabled": true,
"credentials": [
{
"type": "password",
"value": "{{ keycloak.admin.password }}",
"temporary": false
}
],
"realmRoles": [
{%- for realm_role in keycloak.admin.realm_roles %}
"{{ realm_role }}"{% if not loop.last %},{% endif %}
{% endfor %}
],
"clientRoles": {
"realm-management": [
{%- for realm_management in keycloak.admin.client_roles.realm_management %}
"{{ realm_management }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
],
"account": [
{%- for account in keycloak.admin.client_roles.account %}
"{{ account }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
]
}
}
],
"roles": {
"realm": [
{%- for role in keycloak.roles.realm %}
{
"name": "{{ role.name }}",
"description": "{{ role.name }}"
}{% if not loop.last %},{% endif %}
{% endfor %}
]
},
"defaultRoles": [
{%- for role in keycloak.roles.default_roles %}
"{{ role }}"{% if not loop.last %},{% endif %}
{% endfor %}
]
}