From 320c7cdd7a86fd6c394fa6c355f0c91aea872134 Mon Sep 17 00:00:00 2001 From: TuDatTr Date: Sun, 8 Oct 2023 14:57:32 +0200 Subject: [PATCH 1/3] Added paperless consume to sambashare Signed-off-by: TuDatTr --- group_vars/all/vars.yml | 18 +- roles/docker/templates/aya01/compose.yaml | 12 ++ roles/samba/tasks/install.yaml | 5 +- roles/samba/templates/smb.conf | 227 ++-------------------- 4 files changed, 45 insertions(+), 217 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 6a1a883..2a67421 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -233,7 +233,13 @@ samba: user: "smbuser" group: "smbshare" config: "templates/smb.conf" - media_dir: "/media" + shares: + media: + name: "media" + path: "/media" + paperless: + name: "paperless" + path: "{{ paperless.data.consume }}" # @@ -486,3 +492,13 @@ paperless: redis: host: "paperless-redis" data: "{{ docker_dir }}/paperless/redis/data" + +# +# Homarr +# + +homarr: + host: "homarr" + volumes: + configs: "{{docker_dir}}/homarr/configs" + icons: "{{docker_dir}}/homarr/icons" diff --git a/roles/docker/templates/aya01/compose.yaml b/roles/docker/templates/aya01/compose.yaml index c500ec8..806264d 100644 --- a/roles/docker/templates/aya01/compose.yaml +++ b/roles/docker/templates/aya01/compose.yaml @@ -435,6 +435,18 @@ services: - "PAPERLESS_TIME_ZONE={{ timezone }}" - "PAPERLESS_OCR_LANGUAGE=deu" + {{ homarr.host }}: + container_name: {{ homarr.host }} + image: ghcr.io/ajnart/homarr:latest + restart: unless-stopped + depends_on: + - pihole + networks: + - net + volumes: + - {{ homarr.volumes.configs }}:/app/data/configs + - {{ homarr.volumes.icons }}:/app/public/icons + networks: zoneminder: driver: bridge diff --git a/roles/samba/tasks/install.yaml b/roles/samba/tasks/install.yaml index bc04f23..23e36fd 100644 --- a/roles/samba/tasks/install.yaml +++ b/roles/samba/tasks/install.yaml @@ -20,10 +20,13 @@ - name: Change permission on share file: - path: "{{ samba.media_dir }}" + path: "{{ item }}" group: "{{ samba.group }}" mode: "2770" become: true + loop: + - "{{ samba.shares.media.path }}" + - "{{ samba.shares.paperless.path }}" - name: Add user "{{ samba.user }}" user: diff --git a/roles/samba/templates/smb.conf b/roles/samba/templates/smb.conf index 49339ed..296f1c0 100644 --- a/roles/samba/templates/smb.conf +++ b/roles/samba/templates/smb.conf @@ -1,219 +1,16 @@ -#======================= Global Settings ======================= +[{{ samba.shares.media.name }}] + comment = {{ samba.shares.media.name }} + path = "{{ samba.shares.media.path }}" + writable = no + guest ok = no + valid users = "@{{samba.group}}" + force create mode = 770 + force directory mode = 770 + inherit permissions = yes -[global] - -## Browsing/Identification ### - -# Change this to the workgroup/NT-domain name your Samba server will part of - workgroup = TUDATTR - -#### Networking #### - -# The specific set of interfaces / networks to bind to -# This can be either the interface name or an IP address/netmask; -# interface names are normally preferred -; interfaces = 127.0.0.0/8 eth0 - -# Only bind to the named interfaces and/or networks; you must use the -# 'interfaces' option above to use this. -# It is recommended that you enable this feature if your Samba machine is -# not protected by a firewall or is a firewall itself. However, this -# option cannot handle dynamic or non-broadcast interfaces correctly. -; bind interfaces only = yes - -#### Debugging/Accounting #### - -# This tells Samba to use a separate log file for each machine -# that connects - log file = /var/log/samba-%m.log - -# Cap the size of the individual log files (in KiB). - max log size = 1000 - -# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}. -# Append syslog@1 if you want important messages to be sent to syslog too. - logging = file - -# Do something sensible when Samba crashes: mail the admin a backtrace - panic action = /usr/share/samba/panic-action %d - - -####### Authentication ####### - -# Server role. Defines in which mode Samba will operate. Possible -# values are "standalone server", "member server", "classic primary -# domain controller", "classic backup domain controller", "active -# directory domain controller". -# -# Most people will want "standalone server" or "member server". -# Running as "active directory domain controller" will require first -# running "samba-tool domain provision" to wipe databases and create a -# new domain. - server role = standalone server - - obey pam restrictions = yes - -# This boolean parameter controls whether Samba attempts to sync the Unix -# password with the SMB password when the encrypted SMB password in the -# passdb is changed. - unix password sync = yes - -# For Unix password sync to work on a Debian GNU/Linux system, the following -# parameters must be set (thanks to Ian Kahan < for -# sending the correct chat script for the passwd program in Debian Sarge). - passwd program = /usr/bin/passwd %u - passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . - -# This boolean controls whether PAM will be used for password changes -# when requested by an SMB client instead of the program listed in -# 'passwd program'. The default is 'no'. - pam password change = yes - -# This option controls how unsuccessful authentication attempts are mapped -# to anonymous connections - map to guest = bad user - -########## Domains ########### - -# -# The following settings only takes effect if 'server role = classic -# primary domain controller', 'server role = classic backup domain controller' -# or 'domain logons' is set -# - -# It specifies the location of the user's -# profile directory from the client point of view) The following -# required a [profiles] share to be setup on the samba server (see -# below) -; logon path = \\%N\profiles\%U -# Another common choice is storing the profile in the user's home directory -# (this is Samba's default) -# logon path = \\%N\%U\profile - -# The following setting only takes effect if 'domain logons' is set -# It specifies the location of a user's home directory (from the client -# point of view) -; logon drive = H: -# logon home = \\%N\%U - -# The following setting only takes effect if 'domain logons' is set -# It specifies the script to run during logon. The script must be stored -# in the [netlogon] share -# NOTE: Must be store in 'DOS' file format convention -; logon script = logon.cmd - -# This allows Unix users to be created on the domain controller via the SAMR -# RPC pipe. The example command creates a user account with a disabled Unix -# password; please adapt to your needs -; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u - -# This allows machine accounts to be created on the domain controller via the -# SAMR RPC pipe. -# The following assumes a "machines" group exists on the system -; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u - -# This allows Unix groups to be created on the domain controller via the SAMR -# RPC pipe. -; add group script = /usr/sbin/addgroup --force-badname %g - -############ Misc ############ - -# Using the following line enables you to customise your configuration -# on a per machine basis. The %m gets replaced with the netbios name -# of the machine that is connecting -; include = /home/samba/etc/smb.conf.%m - -# Some defaults for winbind (make sure you're not using the ranges -# for something else.) -; idmap config * : backend = tdb -; idmap config * : range = 3000-7999 -; idmap config YOURDOMAINHERE : backend = tdb -; idmap config YOURDOMAINHERE : range = 100000-999999 -; template shell = /bin/bash - -# Setup usershare options to enable non-root users to share folders -# with the net usershare command. - -# Maximum number of usershare. 0 means that usershare is disabled. -# usershare max shares = 100 - -# Allow users who've been granted usershare privileges to create -# public shares, not just authenticated ones - usershare allow guests = yes - -#======================= Share Definitions ======================= - -[homes] - comment = Home Directories - browseable = no - -# By default, the home directories are exported read-only. Change the -# next parameter to 'no' if you want to be able to write to them. - read only = yes - -# File creation mask is set to 0700 for security reasons. If you want to -# create files with group=rw permissions, set next parameter to 0775. - create mask = 0700 - -# Directory creation mask is set to 0700 for security reasons. If you want to -# create dirs. with group=rw permissions, set next parameter to 0775. - directory mask = 0700 - -# By default, \\server\username shares can be connected to by anyone -# with access to the samba server. -# The following parameter makes sure that only "username" can connect -# to \\server\username -# This might need tweaking when using external authentication schemes - valid users = %S - -# Un-comment the following and create the netlogon directory for Domain Logons -# (you need to configure Samba to act as a domain controller too.) -;[netlogon] -; comment = Network Logon Service -; path = /home/samba/netlogon -; guest ok = yes -; read only = yes - -# Un-comment the following and create the profiles directory to store -# users profiles (see the "logon path" option above) -# (you need to configure Samba to act as a domain controller too.) -# The path below should be writable by all users so that their -# profile directory may be created the first time they log on -;[profiles] -; comment = Users profiles -; path = /home/samba/profiles -; guest ok = no -; browseable = no -; create mask = 0600 -; directory mask = 0700 - -;[printers] -; comment = All Printers -; browseable = no -; path = /var/spool/samba -; printable = yes -; guest ok = no -; read only = yes -; create mask = 0700 - -# Windows clients look for this share name as a source of downloadable -# printer drivers -;[print$] -; comment = Printer Drivers -; path = /var/lib/samba/printers -; browseable = yes -; read only = yes -; guest ok = no -# Uncomment to allow remote administration of Windows print drivers. -# You may need to replace 'lpadmin' with the name of the group your -# admin users are members of. -# Please note that you also need to set appropriate Unix permissions -# to the drivers directory for these users to have write rights in it -; write list = root, @lpadmin - -[media] - comment = Media - path = "{{ samba.media_dir }}" +[{{ samba.shares.paperless.name }}] + comment = {{ samba.shares.paperless.name }} + path = "{{ samba.shares.paperless.path }}" writable = yes guest ok = no valid users = "@{{samba.group}}" From 582aa5e23530e09f8431273ef42a70c2ca963c3b Mon Sep 17 00:00:00 2001 From: TuDatTr Date: Mon, 9 Oct 2023 01:33:23 +0200 Subject: [PATCH 2/3] Add gitea Signed-off-by: TuDatTr --- group_vars/all/vars.yml | 13 +++++++++++++ roles/docker/tasks/aya01_compose.yml | 4 ++++ roles/docker/tasks/gitea.yml | 12 ++++++++++++ roles/docker/templates/aya01/compose.yaml | 20 ++++++++++++++++++-- roles/samba/templates/smb.conf | 7 +------ 5 files changed, 48 insertions(+), 8 deletions(-) create mode 100644 roles/docker/tasks/gitea.yml diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 2a67421..5caa76f 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -502,3 +502,16 @@ homarr: volumes: configs: "{{docker_dir}}/homarr/configs" icons: "{{docker_dir}}/homarr/icons" + +# +# gitea +# + +gitea: + host: "git" + volumes: + data: "{{ docker_data_dir }}/gitea/data" + config: "{{ docker_dir }}/gitea/config" + ports: + http: "3000" + ssh: "2222" diff --git a/roles/docker/tasks/aya01_compose.yml b/roles/docker/tasks/aya01_compose.yml index dc4876f..654767e 100644 --- a/roles/docker/tasks/aya01_compose.yml +++ b/roles/docker/tasks/aya01_compose.yml @@ -86,3 +86,7 @@ - include_tasks: jellyfin.yml tags: - jellyfin + +- include_tasks: gitea.yml + tags: + - gitea diff --git a/roles/docker/tasks/gitea.yml b/roles/docker/tasks/gitea.yml new file mode 100644 index 0000000..8645582 --- /dev/null +++ b/roles/docker/tasks/gitea.yml @@ -0,0 +1,12 @@ + +- name: Create gitea directories + file: + path: "{{ item }}" + owner: "{{ puid }}" + group: "{{ pgid }}" + mode: '755' + state: directory + become: yes + loop: + - "{{ gitea.volumes.data }}" + - "{{ gitea.volumes.config }}" diff --git a/roles/docker/templates/aya01/compose.yaml b/roles/docker/templates/aya01/compose.yaml index 806264d..11acd67 100644 --- a/roles/docker/templates/aya01/compose.yaml +++ b/roles/docker/templates/aya01/compose.yaml @@ -412,8 +412,6 @@ services: - broker networks: - net - ports: - - "{{ paperless.port }}:{{ paperless.port }}" healthcheck: test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:{{ paperless.port }}"] interval: 30s @@ -447,6 +445,24 @@ services: - {{ homarr.volumes.configs }}:/app/data/configs - {{ homarr.volumes.icons }}:/app/public/icons + + {{ gitea.host }}: + container_name: {{ gitea.host }} + image: gitea/gitea:1.20.5-rootless + restart: unless-stopped + depends_on: + - pihole + networks: + - net + volumes: + - {{ gitea.volumes.data }}:/var/lib/gitea + - {{ gitea.volumes.config }}:/etc/gitea + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "{{ gitea.ports.http }}:3000" + - "{{ gitea.ports.ssh }}:2222" + networks: zoneminder: driver: bridge diff --git a/roles/samba/templates/smb.conf b/roles/samba/templates/smb.conf index 296f1c0..178fe4f 100644 --- a/roles/samba/templates/smb.conf +++ b/roles/samba/templates/smb.conf @@ -4,9 +4,6 @@ writable = no guest ok = no valid users = "@{{samba.group}}" - force create mode = 770 - force directory mode = 770 - inherit permissions = yes [{{ samba.shares.paperless.name }}] comment = {{ samba.shares.paperless.name }} @@ -14,6 +11,4 @@ writable = yes guest ok = no valid users = "@{{samba.group}}" - force create mode = 770 - force directory mode = 770 - inherit permissions = yes + create mask = 755 From 860b1a6be432808b513c06c9e88dec6788494230 Mon Sep 17 00:00:00 2001 From: TuDatTr Date: Tue, 10 Oct 2023 11:34:02 +0200 Subject: [PATCH 3/3] Added naruto host and gitea to docker Signed-off-by: TuDatTr --- README.md | 40 +++++++++---------- group_vars/all/vars.yml | 6 +++ host_vars/aya01.yml | 3 ++ host_vars/mii.yml | 1 + host_vars/naruto.yml | 16 ++++---- host_vars/pi.yml | 4 ++ naruto.yml | 17 -------- production | 4 +- roles/backblaze/tasks/backup.yml | 8 +++- roles/docker/tasks/aya01_compose.yml | 5 +++ roles/docker/tasks/ddns.yml | 2 +- roles/docker/tasks/gitea-runner.yml | 11 +++++ roles/docker/tasks/gitea.yml | 2 +- roles/docker/tasks/gitlab-runner.yml | 11 +++++ roles/docker/tasks/naruto_compose.yml | 13 ++++++ roles/docker/tasks/pi_compose.yml | 5 +++ roles/docker/templates/aya01/compose.yaml | 19 +++++++++ .../aya01/prometheus/prometheus.yml.j2 | 1 - roles/docker/templates/naruto/compose.yaml | 40 +++++++++++++++++++ roles/docker/templates/pi/compose.yaml | 15 +++++++ .../pi/ddns-updater/data/config.json | 11 ----- 21 files changed, 172 insertions(+), 62 deletions(-) delete mode 100644 naruto.yml create mode 100644 roles/docker/tasks/gitea-runner.yml create mode 100644 roles/docker/tasks/gitlab-runner.yml create mode 100644 roles/docker/tasks/naruto_compose.yml create mode 100644 roles/docker/templates/naruto/compose.yaml delete mode 100644 roles/docker/templates/pi/ddns-updater/data/config.json diff --git a/README.md b/README.md index 649fded..f578cca 100644 --- a/README.md +++ b/README.md @@ -17,34 +17,36 @@ usermod -a -G sudo tudattr Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone. but first of all we need to create the buckets and provide ansible with the needed information. -When creating your own rclone config the `password` and `password2` entries have to be passed though `rclone obscure` like this: +First we need to create a api key for backblaze, consists of an id and a key. +we use clone to sync to backblaze. +we can encrypt the data with rclone before sending it to backblaze. +to do this we need two buckets: +- b2 +- crypt +on each device that should be backupped. -``` sh -echo "$PASSWORD" | rclone obscure - -``` +we create these by running `rclone config` and creating one [remote] b2 config and a [secret] crypt config. The crypt config should have two passwords that we store in our secrets file. ` ## Vault - Create vault with: `ansible-vault create secrets.yml` - Create entry in vault with: `ansible-vault edit secrets.yml` -- Add following entries: - - `vault_pi_tudattr_password: ` (password you've setup on the device) - - `vault_aya01_tudattr_password: ` (password you've setup on the device) - - `vault_pihole_password: ` (arbitrary password you want to log in with) - - `vault_mysql_root_password: ` (arbitrary password, used internally) - - `vault_mysql_user_password: ` (arbitrary password, used internally) - - `vault_ddns_tudattrdev_password: ` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) - - `vault_ddns_borgland_password: ` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/)) +- Add following entries: TODO ## Docker To add new docker containers to the docker role you need to add the following and replace `service` with the name of your service: - Add relevent vars to `group_vars/all/vars.yaml`: ```yaml -service_port: "19999" # Exposed port -service_config: "{{ docker_dir }}/service/" # config folder or your dir -service_data: "{{ docker_data_dir }}/service/" # data folder or your dir (only works on aya01) +service: + host: "service" + ports: + http: "19999" + volumes: + config: "{{ docker_dir }}/service/" # config folder or your dir + data: "{{ docker_data_dir }}/service/" # data folder or your dir (only works on aya01) ``` + - Create necessary directories for service in the docker role `roles/docker/tasks/service.yaml` ```yaml - name: Create service dirs @@ -52,11 +54,11 @@ service_data: "{{ docker_data_dir }}/service/" # data folder or your dir (only w path: "{{ item }}" owner: 1000 group: 1000 - mode: '777' + mode: '775' state: directory loop: - - "{{ service_config }}" - - "{{ service_data }}" + - "{{ service.volumes.config }}" + - "{{ service.volumes.data }}" # optional: # - name: Place service config @@ -90,8 +92,6 @@ service_data: "{{ docker_data_dir }}/service/" # data folder or your dir (only w - "{{service_lib}}:/var/lib/service" - "{{service_cache}}:/var/cache/service" ``` -### Qbittorrent/Openvpn -You'll need to add a openvpn config to =./roles/docker/templates/aya01/qbittorrentvpn/config/= ## Server - Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 5caa76f..2d8dcde 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -509,9 +509,15 @@ homarr: gitea: host: "git" + url: "https://git.tudattr.dev" volumes: data: "{{ docker_data_dir }}/gitea/data" config: "{{ docker_dir }}/gitea/config" ports: http: "3000" ssh: "2222" + runner: + host: "gitea-runner-{{ host.hostname }}" + token: "{{ host.gitea.runner.token }}" + volumes: + data: "{{ docker_data_dir }}/gitea/runner/data/" diff --git a/host_vars/aya01.yml b/host_vars/aya01.yml index 6e45b0f..18c28ea 100644 --- a/host_vars/aya01.yml +++ b/host_vars/aya01.yml @@ -47,3 +47,6 @@ host: paperless: db: password: "{{ vault.aya01.paperless.db.password }}" + gitea: + runner: + token: "{{ vault.aya01.gitea.runner.token }}" diff --git a/host_vars/mii.yml b/host_vars/mii.yml index 702e663..980ff27 100644 --- a/host_vars/mii.yml +++ b/host_vars/mii.yml @@ -5,6 +5,7 @@ ansible_ssh_private_key_file: '{{ pk_path }}' ansible_become_pass: '{{ vault.mii.sudo }}' host: + hostname: "mii" ip: "192.168.200.2" backblaze: account: "{{ vault.mii.backblaze.account }}" diff --git a/host_vars/naruto.yml b/host_vars/naruto.yml index 9b834d5..45a7740 100644 --- a/host_vars/naruto.yml +++ b/host_vars/naruto.yml @@ -5,17 +5,19 @@ ansible_ssh_private_key_file: '{{ pk_path }}' ansible_become_pass: '{{ vault.naruto.sudo }}' host: + hostname: "naruto" ip: "{{ ansible_host }}" backblaze: account: "{{ vault.naruto.backblaze.account }}" key: "{{ vault.naruto.backblaze.key }}" remote: "remote:naruto-tudattr-dev" -# password: "{{}}" -# password2: "{{}}" -# paths: -# - "{{}}" -# - "{{}}" + password: "{{ vault.naruto.rclone.password }}" + password2: "{{ vault.naruto.rclone.password2 }}" + paths: + - "{{ docker_compose_dir }}" + - "{{ docker_dir }}" fstab: mergerfs: - samba: - password: "{{ vault.aya01.samba.password }}" + gitea: + runner: + token: "{{ vault.naruto.gitea.runner.token }}" diff --git a/host_vars/pi.yml b/host_vars/pi.yml index bda8d34..1fa6010 100644 --- a/host_vars/pi.yml +++ b/host_vars/pi.yml @@ -5,6 +5,7 @@ ansible_ssh_private_key_file: '{{ pk_path }}' ansible_become_pass: '{{ vault.pi.sudo }}' host: + hostname: "pi" ip: "{{ ansible_host }}" backblaze: account: "{{ vault.pi.backblaze.account }}" @@ -17,3 +18,6 @@ host: - "{{ docker_dir }}" fstab: mergerfs: + gitea: + runner: + token: "{{ vault.pi.gitea.runner.token }}" diff --git a/naruto.yml b/naruto.yml deleted file mode 100644 index 09a4011..0000000 --- a/naruto.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Set up Servers - hosts: nas - gather_facts: yes - roles: - - role: common - tags: - - common - - role: samba - tags: - - samba - - role: node_exporter - tags: - - node_exporter - - role: smart_exporter - tags: - - smart_exporter diff --git a/production b/production index 835ed39..cebafff 100644 --- a/production +++ b/production @@ -3,9 +3,7 @@ aya01 [raspberry] pi +naruto [vps] mii - -[nas] -naruto diff --git a/roles/backblaze/tasks/backup.yml b/roles/backblaze/tasks/backup.yml index 91ec15f..a5b34ca 100644 --- a/roles/backblaze/tasks/backup.yml +++ b/roles/backblaze/tasks/backup.yml @@ -5,9 +5,15 @@ state: stopped become: true + # - name: Backing up for "{{ inventory_hostname }}" + # shell: + # cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16" + # loop: "{{ host.backblaze.paths }}" + # become: true + - name: Backing up for "{{ inventory_hostname }}" shell: - cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16" + cmd: "rclone sync {{ item }} secret:{{ item }} -L" loop: "{{ host.backblaze.paths }}" become: true diff --git a/roles/docker/tasks/aya01_compose.yml b/roles/docker/tasks/aya01_compose.yml index 654767e..e8467ed 100644 --- a/roles/docker/tasks/aya01_compose.yml +++ b/roles/docker/tasks/aya01_compose.yml @@ -90,3 +90,8 @@ - include_tasks: gitea.yml tags: - gitea + +- include_tasks: gitea-runner.yml + tags: + - gitea-runner + diff --git a/roles/docker/tasks/ddns.yml b/roles/docker/tasks/ddns.yml index c787677..af16be3 100644 --- a/roles/docker/tasks/ddns.yml +++ b/roles/docker/tasks/ddns.yml @@ -10,7 +10,7 @@ - name: Copy ddns-config template: owner: 1000 - src: "templates/pi/ddns-updater/data/config.json" + src: "templates/{{host.hostname}}/ddns-updater/data/config.json" dest: "{{ docker_dir }}/ddns-updater/data/config.json" mode: '400' diff --git a/roles/docker/tasks/gitea-runner.yml b/roles/docker/tasks/gitea-runner.yml new file mode 100644 index 0000000..93e2349 --- /dev/null +++ b/roles/docker/tasks/gitea-runner.yml @@ -0,0 +1,11 @@ +--- +- name: Create gitea-runner directories + file: + path: "{{ item }}" + owner: "{{ puid }}" + group: "{{ pgid }}" + mode: '755' + state: directory + become: yes + loop: + - "{{ gitea.runner.volumes.data }}" diff --git a/roles/docker/tasks/gitea.yml b/roles/docker/tasks/gitea.yml index 8645582..8aa2c06 100644 --- a/roles/docker/tasks/gitea.yml +++ b/roles/docker/tasks/gitea.yml @@ -1,4 +1,4 @@ - +--- - name: Create gitea directories file: path: "{{ item }}" diff --git a/roles/docker/tasks/gitlab-runner.yml b/roles/docker/tasks/gitlab-runner.yml new file mode 100644 index 0000000..3d73190 --- /dev/null +++ b/roles/docker/tasks/gitlab-runner.yml @@ -0,0 +1,11 @@ +--- +- name: Create gitlab-runner directories + file: + path: "{{ item }}" + owner: "{{ puid }}" + group: "{{ pgid }}" + mode: '755' + state: directory + become: yes + loop: + - "{{ gitlab.runner.volumes.config }}" diff --git a/roles/docker/tasks/naruto_compose.yml b/roles/docker/tasks/naruto_compose.yml new file mode 100644 index 0000000..8ead74f --- /dev/null +++ b/roles/docker/tasks/naruto_compose.yml @@ -0,0 +1,13 @@ +--- + +- include_tasks: nginx-proxy-manager.yml + tags: + - nginx + +- include_tasks: pihole.yml + tags: + - pihole + +- include_tasks: gitea-runner.yml + tags: + - gitea-runner diff --git a/roles/docker/tasks/pi_compose.yml b/roles/docker/tasks/pi_compose.yml index a4fa09b..a70772e 100644 --- a/roles/docker/tasks/pi_compose.yml +++ b/roles/docker/tasks/pi_compose.yml @@ -7,3 +7,8 @@ - include_tasks: pihole.yml tags: - pihole + +- include_tasks: gitea-runner.yml + tags: + - gitea-runner + diff --git a/roles/docker/templates/aya01/compose.yaml b/roles/docker/templates/aya01/compose.yaml index 11acd67..92fd659 100644 --- a/roles/docker/templates/aya01/compose.yaml +++ b/roles/docker/templates/aya01/compose.yaml @@ -93,6 +93,8 @@ services: - PUID={{puid}} - PGID={{pgid}} - TZ={{timezone}} + ports: + - "{{kuma_port}}:3001" volumes: - "{{ kuma_config }}:/app/data" @@ -221,6 +223,8 @@ services: - PUID={{ puid }} - PGID={{ pgid}} - TZ={{ timezone }} + ports: + - "{{ tautulli_port }}:8181" volumes: - {{ tautulli_config}}:/config @@ -463,6 +467,21 @@ services: - "{{ gitea.ports.http }}:3000" - "{{ gitea.ports.ssh }}:2222" + + {{ gitea.runner.host }}: + container_name: {{ gitea.runner.host }} + image: gitea/act_runner:nightly + restart: unless-stopped + depends_on: + - {{ gitea.host }} + networks: + - net + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + - "GITEA_INSTANCE_URL={{ gitea.url }}" + - "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}" + networks: zoneminder: driver: bridge diff --git a/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 b/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 index 0f11d32..79e0e35 100644 --- a/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 +++ b/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 @@ -43,4 +43,3 @@ scrape_configs: - job_name: 'SMART' static_configs: - targets: ['{{ aya01_ip }}:{{smart_exporter.port}}'] - - targets: ['{{ naruto_ip }}:{{smart_exporter.port}}'] diff --git a/roles/docker/templates/naruto/compose.yaml b/roles/docker/templates/naruto/compose.yaml new file mode 100644 index 0000000..ee7745c --- /dev/null +++ b/roles/docker/templates/naruto/compose.yaml @@ -0,0 +1,40 @@ +version: '3' +services: + nginx: + container_name: "{{nginx.host}}" + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + networks: + net: {} + ports: + - '{{nginx.endpoints.http}}:80' + - '{{nginx.endpoints.https}}:443' + - '{{nginx.endpoints.admin}}:81' + volumes: + - "{{nginx.paths.data}}:/data" + - "{{nginx.paths.letsencrypt}}:/etc/letsencrypt" + - '/var/run/docker.sock:/var/run/docker.sock' + + {{ gitea.runner.host }}: + container_name: {{ gitea.runner.host }} + image: gitea/act_runner:nightly + restart: unless-stopped + depends_on: + - nginx + networks: + - net + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - {{ gitea.runner.volumes.data }}:/data + environment: + - "GITEA_INSTANCE_URL={{ gitea.url }}" + - "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}" + +networks: + net: + driver: bridge + ipam: +# driver: default + config: + - subnet: 172.16.69.0/24 + gateway: 172.16.69.1 diff --git a/roles/docker/templates/pi/compose.yaml b/roles/docker/templates/pi/compose.yaml index e89aee0..c8058bf 100644 --- a/roles/docker/templates/pi/compose.yaml +++ b/roles/docker/templates/pi/compose.yaml @@ -43,6 +43,21 @@ services: cap_add: - NET_ADMIN + {{ gitea.runner.host }}: + container_name: {{ gitea.runner.host }} + image: gitea/act_runner:nightly + restart: unless-stopped + depends_on: + - nginx + networks: + - net + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - {{ gitea.runner.volumes.data }}:/data + environment: + - "GITEA_INSTANCE_URL={{ gitea.url }}" + - "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}" + networks: net: driver: bridge diff --git a/roles/docker/templates/pi/ddns-updater/data/config.json b/roles/docker/templates/pi/ddns-updater/data/config.json deleted file mode 100644 index 26211f9..0000000 --- a/roles/docker/templates/pi/ddns-updater/data/config.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "settings": [ - { - "provider": "namecheap", - "domain": "{{ local_domain }}", - "host": "{{ local_subdomains }}", - "password": "{{ vault_ddns_borgland_password }}", - "provider_ip": true - } - ] -}