tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First step towards rewrite 

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
rewrite
Tuan-Dat Tran 2024-09-17 23:44:20 +02:00
parent 6fd77266cd
commit 50abbf933c
100 changed files with 48 additions and 61953 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
Homelab Diagram.drawio
View File

@ -1,207 +0,0 @@
<mxfile host="app.diagrams.net" modified="2023-11-05T13:55:54.105Z" agent="Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0" etag="qKRITLw66apjhZnPW2mG" version="21.6.2" pages="2">
<diagram id="JSIfkQgaAO27B-iO4uI6" name="Homelab Overview">
<mxGraphModel dx="2924" dy="1194" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="z4CzeoHyWsNDpYlZFiTu-54" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0;exitY=1;exitDx=0;exitDy=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" edge="1" parent="1" source="z4CzeoHyWsNDpYlZFiTu-73" target="z4CzeoHyWsNDpYlZFiTu-27">
<mxGeometry relative="1" as="geometry">
<mxPoint x="-500" y="530" as="targetPoint" />
<Array as="points">
<mxPoint x="10" y="320" />
<mxPoint x="-515" y="320" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-66" value="192.168.20.1/24" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="z4CzeoHyWsNDpYlZFiTu-54">
<mxGeometry x="-0.3363" y="1" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-55" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.25;exitY=1;exitDx=0;exitDy=0;" edge="1" parent="1" source="z4CzeoHyWsNDpYlZFiTu-73" target="z4CzeoHyWsNDpYlZFiTu-35">
<mxGeometry relative="1" as="geometry">
<mxPoint x="180" y="290" as="sourcePoint" />
<Array as="points">
<mxPoint x="105" y="360" />
<mxPoint x="-20" y="360" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-65" value="192.168.30.1/24" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="z4CzeoHyWsNDpYlZFiTu-55">
<mxGeometry x="-0.1082" y="1" relative="1" as="geometry">
<mxPoint x="52" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-56" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=0.75;exitY=1;exitDx=0;exitDy=0;" edge="1" parent="1" source="z4CzeoHyWsNDpYlZFiTu-73" target="z4CzeoHyWsNDpYlZFiTu-41">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="295" y="360" />
<mxPoint x="420" y="360" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-67" value="192.168.40.1/24" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="z4CzeoHyWsNDpYlZFiTu-56">
<mxGeometry x="-0.1475" y="-2" relative="1" as="geometry">
<mxPoint x="-33" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-57" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=1;exitDx=0;exitDy=0;" edge="1" parent="1" source="z4CzeoHyWsNDpYlZFiTu-73" target="z4CzeoHyWsNDpYlZFiTu-39">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="390" y="320" />
<mxPoint x="820" y="320" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-68" value="192.168.50.1/24" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="z4CzeoHyWsNDpYlZFiTu-57">
<mxGeometry x="-0.2384" y="-3" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-27" value="Homelab VLAN20" style="swimlane;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="-750" y="600" width="470" height="400" as="geometry">
<mxRectangle x="-750" y="600" width="140" height="30" as="alternateBounds" />
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-90" value="&lt;div&gt;aya01.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.12&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server_storage;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-27">
<mxGeometry x="20" y="40" width="105" height="105" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-19" value="&lt;div&gt;pi.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.11&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-27">
<mxGeometry x="250" y="40" width="90" height="100" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-17" value="&lt;div&gt;inko.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.14&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-27">
<mxGeometry x="140" y="40" width="90" height="100" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-20" value="&lt;div&gt;naruto.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.13&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-27">
<mxGeometry x="360" y="40" width="90" height="100" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-35" value="User VLAN30" style="swimlane;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="-200" y="600" width="360" height="400" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-28" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.tablet;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-35">
<mxGeometry x="50" y="50" width="100" height="70" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-8" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.pc;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-35">
<mxGeometry x="100" y="140" width="100" height="70" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-33" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.mobile;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-35">
<mxGeometry x="250" y="70" width="50" height="100" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-36" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.video_projector;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-35">
<mxGeometry x="220" y="210" width="100" height="35" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-46" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.laptop;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-35">
<mxGeometry x="50" y="260" width="100" height="55" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-39" value="IoT VLAN50" style="swimlane;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="680" y="600" width="280" height="460" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-52" value="&lt;div&gt;Brother MFC-L2710DW&lt;/div&gt;&lt;div&gt;192.168.50.219&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.copier;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-39">
<mxGeometry x="20" y="35" width="100" height="100" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-51" value="&lt;div&gt;Brother QL-820NWB&lt;/div&gt;&lt;div&gt;192.168.50.218&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.copier;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-39">
<mxGeometry x="150" y="35" width="100" height="100" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-60" value="Lightbulbs" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.comm_link;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-39">
<mxGeometry x="50" y="190" width="40" height="80" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-62" value="Shelly Power Outlet" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.comm_link;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-39">
<mxGeometry x="180" y="190" width="40" height="80" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-81" value="BirbCam" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.security_camera;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-39">
<mxGeometry x="30" y="330" width="100" height="75" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-53" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="z4CzeoHyWsNDpYlZFiTu-40" target="z4CzeoHyWsNDpYlZFiTu-73">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-69" value="192.168.200.1/32" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="z4CzeoHyWsNDpYlZFiTu-53">
<mxGeometry x="-0.3672" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-40" value="netcup VPS" style="swimlane;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="-290" y="40" width="150" height="220" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-38" value="&lt;div&gt;mii.seyshiro.de&lt;/div&gt;&lt;div&gt;tudattr.dev&lt;br&gt;&lt;/div&gt;&lt;div&gt;192.168.200.2&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.proxy_server;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-40">
<mxGeometry x="20" y="50" width="105" height="105" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-41" value="Guest VLAN40" style="swimlane;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="240" y="600" width="360" height="280" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-44" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.mobile;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-41">
<mxGeometry x="250" y="70" width="50" height="100" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-47" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.tablet;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-41">
<mxGeometry x="40" y="50" width="100" height="70" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-48" value="" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.laptop;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-41">
<mxGeometry x="90" y="160" width="100" height="55" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-73" value="&lt;div&gt;Network Backbone&amp;nbsp;&lt;/div&gt;&lt;div&gt;(Management VLAN 70)&lt;/div&gt;" style="swimlane;whiteSpace=wrap;html=1;startSize=40;" vertex="1" parent="1">
<mxGeometry x="10" y="40" width="380" height="220" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-10" value="&lt;div&gt;Mikrotik CRS 326&lt;/div&gt;&lt;div&gt;192.168.70.1&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.router;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-73">
<mxGeometry x="60" y="85" width="100" height="30" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-70" value="&lt;div&gt;TP-Link EAP 225&lt;/div&gt;&lt;div&gt;192.168.70.250&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.wireless_modem;" vertex="1" parent="z4CzeoHyWsNDpYlZFiTu-73">
<mxGeometry x="260" y="57.5" width="100" height="85" as="geometry" />
</mxCell>
<mxCell id="z4CzeoHyWsNDpYlZFiTu-71" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;exitPerimeter=0;endArrow=none;endFill=0;" edge="1" parent="z4CzeoHyWsNDpYlZFiTu-73" source="z4CzeoHyWsNDpYlZFiTu-10" target="z4CzeoHyWsNDpYlZFiTu-70">
<mxGeometry relative="1" as="geometry">
<mxPoint x="30" y="142.5" as="sourcePoint" />
</mxGeometry>
</mxCell>
</root>
</mxGraphModel>
</diagram>
<diagram id="2pU-qBdMS-FfD6IS7qYU" name="VLAN View">
<mxGraphModel dx="2440" dy="1405" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="7z5INb6uvPQJT5LWZGVQ-28" value="netcup VPS" style="swimlane;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="480" y="20" width="150" height="220" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-29" value="&lt;div&gt;mii.seyshiro.de&lt;/div&gt;&lt;div&gt;tudattr.dev&lt;br&gt;&lt;/div&gt;&lt;div&gt;192.168.200.2&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.proxy_server;" vertex="1" parent="7z5INb6uvPQJT5LWZGVQ-28">
<mxGeometry x="20" y="50" width="105" height="105" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-34" value="&lt;div&gt;Network Backbone&amp;nbsp;&lt;/div&gt;&lt;div&gt;(Management VLAN 70)&lt;/div&gt;" style="swimlane;whiteSpace=wrap;html=1;startSize=40;" vertex="1" parent="1">
<mxGeometry x="780" y="20" width="380" height="220" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-36" value="&lt;div&gt;TP-Link EAP 225&lt;/div&gt;&lt;div&gt;192.168.70.250&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.wireless_modem;" vertex="1" parent="7z5INb6uvPQJT5LWZGVQ-34">
<mxGeometry x="260" y="57.5" width="100" height="85" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-35" value="&lt;div&gt;Mikrotik CRS 326&lt;/div&gt;&lt;div&gt;192.168.70.1&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.router;" vertex="1" parent="7z5INb6uvPQJT5LWZGVQ-34">
<mxGeometry x="60" y="100" width="100" height="30" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-13" value="&lt;div&gt;naruto.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.13&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server;" vertex="1" parent="1">
<mxGeometry x="420" y="370" width="90" height="100" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-11" value="&lt;div&gt;pi.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.11&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server;" vertex="1" parent="1">
<mxGeometry x="310" y="370" width="90" height="100" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-12" value="&lt;div&gt;inko.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.14&lt;br&gt;&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server;" vertex="1" parent="1">
<mxGeometry x="200" y="370" width="90" height="100" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-10" value="&lt;div&gt;aya01.seyshiro.de&lt;/div&gt;&lt;div&gt;192.168.20.12&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.server_storage;" vertex="1" parent="1">
<mxGeometry x="80" y="370" width="105" height="105" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-21" value="&lt;div&gt;Brother MFC-L2710DW&lt;/div&gt;&lt;div&gt;192.168.50.219&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.copier;" vertex="1" parent="1">
<mxGeometry x="1330" y="160" width="100" height="100" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-22" value="&lt;div&gt;Brother QL-820NWB&lt;/div&gt;&lt;div&gt;192.168.50.218&lt;/div&gt;" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.copier;" vertex="1" parent="1">
<mxGeometry x="1460" y="160" width="100" height="100" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-23" value="Lightbulbs" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.comm_link;" vertex="1" parent="1">
<mxGeometry x="1360" y="315" width="40" height="80" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-24" value="Shelly Power Outlet" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.comm_link;" vertex="1" parent="1">
<mxGeometry x="1490" y="315" width="40" height="80" as="geometry" />
</mxCell>
<mxCell id="7z5INb6uvPQJT5LWZGVQ-25" value="BirbCam" style="fontColor=#0066CC;verticalAlign=top;verticalLabelPosition=bottom;labelPosition=center;align=center;html=1;outlineConnect=0;fillColor=#CCCCCC;strokeColor=#6881B3;gradientColor=none;gradientDirection=north;strokeWidth=2;shape=mxgraph.networks.security_camera;" vertex="1" parent="1">
<mxGeometry x="1340" y="455" width="100" height="75" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

BIN
Homelab Diagram.pdf
View File

Binary file not shown.

29
aya01.yml
View File

@ -1,29 +0,0 @@
---
- name: Set up Servers
hosts: aya01
gather_facts: yes
roles:
- role: common
tags:
- common
- role: samba
tags:
- samba
# - role: power_management
# tags:
# - power_management
- role: backblaze
tags:
- backblaze
- role: node_exporter
tags:
- node_exporter
- role: snmp_exporter
tags:
- snmp_exporter
- role: smart_exporter
tags:
- smart_exporter
- role: docker
tags:
- docker

0
roles/docker/templates/common/traefik/var-log/access.log → genesis
View File

535
group_vars/all/vars.yml
View File

@ -1,6 +1,7 @@
#
# Essential
#
user: tudattr
timezone: Europe/Berlin
rclone_config: "/root/.config/rclone/"
@ -9,537 +10,21 @@ pgid: "1000"
pk_path: "/mnt/veracrypt1/genesis"
pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqc9fnzfCz8fQDFzla+D8PBhvaMmFu2aF+TYkkZRxl9 tuan@genesis-2022-01-20"
local_domain: tudattr.dev
local_subdomains: "local"
remote_domain: tudattr.dev
remote_subdomains: "www,plex,status,tautulli"
backup_domain: seyshiro.de
backup_subdomains: "hass,qbit,zm,"
#
# aya01
#
aya01_host: "aya01"
aya01_ip: "192.168.20.12"
#
# mii
#
mii_host: "mii"
mii_ip: "192.168.200.2"
#
# naruto
#
naruto_host: "naruto"
naruto_ip: "192.168.20.13"
#
# pi
#
pi_host: "pi"
pi_ip: "192.168.20.11"
#
# inko
#
inko_host: "inko"
inko_ip: "192.168.20.14"
#
# Used to download for git releases
#
go_arch_map:
i386: '386'
x86_64: 'amd64'
aarch64: 'arm64'
armv7l: 'armv7'
armv6l: 'armv6'
go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
#
# aya01 - Disks
#
fstab_entries:
- name: "config"
path: "/opt"
type: "ext4"
uuid: "cad60133-dd84-4a2a-8db4-2881c608addf"
- name: "media0"
path: "/mnt/media0"
type: "ext4"
uuid: "c4c724ec-4fe3-4665-adf4-acd31d6b7f95"
- name: "media1"
path: "/mnt/media1"
type: "ext4"
uuid: "8d66d395-1e35-4f5a-a5a7-d181d6642ebf"
mergerfs_entries:
- name: "media"
path: "/media"
branches:
- "/mnt/media0"
- "/mnt/media1"
opts:
- "use_ino"
- "allow_other"
- "cache.files=partial"
- "dropcacheonclose=true"
- "category.create=mfs"
type: "fuse.mergerfs"
public_domain: tudattr.dev
internal_domain: seyshiro.de
#
# Packages
#
common_packages:
- sudo
- build-essential
- curl
- git
- iperf3
- git
- smartmontools
- vim
- curl
- tree
- neovim
- rsync
- smartmontools
- sudo
- systemd-timesyncd
- neofetch
- build-essential
- btrfs-progs
#
# Docker
#
docker_repo_url: https://download.docker.com/linux
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
docker_apt_release_channel: stable
docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_network: "172.16.69.0/24"
docker_compose_dir: /opt/docker/compose
docker_dir: /opt/docker/config
docker_data_dir: /media/docker/data # only available on aya01
mysql_user: user
#
# ZoneMinder
#
zoneminder_host: "zm"
zoneminder_port: "8081"
zoneminder_network: "172.16.42.0/24"
zoneminder_root: "{{ docker_dir }}/zm"
zoneminder_config: "{{ zoneminder_root }}/config"
zoneminder_log: "{{ zoneminder_root}}/log"
zoneminder_db: "{{ zoneminder_root}}/db"
zoneminder_data: "{{ docker_data_dir }}/zm/data"
#
# Syncthing
#
syncthing_host: "syncthing"
syncthing_port: "8384"
syncthing_data: "{{docker_data_dir}}/syncthing/"
#
# Softserve
#
softserve_data: "{{docker_dir}}/softserve/data"
#
# cupsd
#
cupsd_host: "cupsd"
cupsd_port: "631"
cupsd_config: "{{ docker_dir }}/cupsd/"
#
# Uptime Kuma
#
kuma_host: "status"
kuma_port: "3001"
kuma_config: "{{ docker_dir }}/kuma/"
#
# Traefik
#
traefik:
host: "traefik"
admin:
port: "8080"
config: "{{ docker_dir }}/traefik/etc-traefik/"
data: "{{ docker_dir }}/traefik/var-log/"
letsencrypt: "{{ docker_dir }}/traefik/letsencrypt/"
user:
web: "80"
websecure: "443"
#
# DynDns Updater
#
ddns_host: "ddns"
ddns_port: "8000"
ddns_data: "{{ docker_dir }}/ddns-updater/data/"
#
# Home Assistant
#
ha_host: "hass"
ha_port: "8123"
ha_config: "{{ docker_dir }}/home-assistant/config/"
#
# pihole
#
pihole_host: "pihole"
pihole_port: "8089"
pihole_config: "{{ docker_dir }}/pihole/etc-pihole/"
pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
#
# backblaze
#
# Directories that will be backupped to backblaze
# MOVED TO HOSTVARS
# backblaze_paths:
# aya01:
# - "{{ docker_compose_dir }}"
# - "{{ docker_dir }}"
# pi:
# - "{{ docker_compose_dir }}"
# - "{{ docker_dir }}"
#
# samba
#
samba:
dependencies:
- "samba"
- "smbclient"
- "cifs-utils"
user: "smbuser"
group: "smbshare"
config: "templates/smb.conf"
shares:
media:
name: "media"
path: "/media"
paperless:
name: "paperless"
path: "{{ paperless.data.consume }}"
#
# netdata
#
netdata_port: "19999"
netdata_config: "{{ docker_dir }}/netdata/"
netdata_lib: "{{ docker_data_dir }}/netdata/lib/"
netdata_cache: "{{ docker_data_dir }}/netdata/cache"
#
# Plex
#
plex_host: "plex"
# plex_ip: "172.16.69.12"
plex_port: "32400"
plex_config: "{{docker_data_dir}}/{{ plex_host }}/config"
plex_tv: "/media/series"
plex_movies: "/media/movies"
plex_music: "/media/songs"
#
# WireGuard
#
wg_config: "templates/wg0.conf"
wg_remote_config: "/etc/wireguard/wg0.conf"
wg_service: "wg-quick@wg0.service"
wg_deps: "wireguard"
wg_ip: "192.168.200.2"
wg_pubkey: "+LaPESyBF6Sb1lqkk4UcestFpXNaKYyyX99tkqwLQhU="
wg_endpoint: "{{ local_subdomains }}.{{ local_domain }}:51820"
wg_allowed_ips: "192.168.20.0/24,192.168.200.1/32"
wg_dns: "{{ aya01_ip }},{{ pi_ip }},1.1.1.1"
arr_downloads: "{{ docker_data_dir }}/arr_downloads"
#
# Sonarr
#
sonarr_port: "8989"
sonarr_host: "sonarr"
sonarr_config: "{{ docker_dir }}/{{ sonarr_host }}/config"
sonarr_media: "{{ plex_tv }}"
sonarr_downloads: "{{ arr_downloads }}/{{ sonarr_host }}"
#
# Radarr
#
radarr_port: "7878"
radarr_host: "radarr"
radarr_config: "{{ docker_dir }}/{{ radarr_host }}/config"
radarr_media: "{{ plex_movies }}"
radarr_downloads: "{{ arr_downloads }}/{{ radarr_host }}"
#
# Lidarr
#
lidarr_port: "8686"
lidarr_host: "lidarr"
lidarr_config: "{{ docker_dir }}/{{ lidarr_host }}/config"
lidarr_media: "{{ plex_music }}"
lidarr_downloads: "{{ arr_downloads }}/{{ lidarr_host }}"
#
# Prowlarr
#
prowlarr_port: "9696"
prowlarr_host: "prowlarr"
prowlarr_config: "{{ docker_dir }}/{{ prowlarr_host }}/config"
#
# bin
#
bin_port: "6162"
bin_host: "bin"
bin_upload: "{{ docker_data_dir }}/{{bin_host}}/upload"
#
# qbittorrentvpn
#
qbit_port: "8082"
qbit_host: "qbit"
qbit_config: "templates/aya01/qbittorrentvpn/config"
qbit_remote_config: "{{ docker_dir }}/{{ qbit_host }}/config"
qbit_downloads: "{{ arr_downloads }}"
qbit_type: "openvpn"
qbit_ssl: "no"
qbit_lan: "192.168.20.0/24, 192.168.30.0/24, {{ docker_network }}"
qbit_dns: "{{ aya01_ip }}, {{ pi_ip }}, 1.1.1.1"
#
# qbittorrentvpn - torrentleech
#
torrentleech_port: "8083"
torrentleech_host: "torrentleech"
torrentleech_remote_config: "{{ docker_dir }}/{{ torrentleech_host }}/config"
#
# Home Assistant
#
hass_port: ""
hass_host: "hass"
#
# Tautulli
#
tautulli_port: "8181"
tautulli_host: "tautulli"
tautulli_config: "{{ docker_dir }}/{{ tautulli_host }}/config"
#
# Code Server
#
code_port: "8443"
code_host: "code"
code_config: "{{ docker_dir }}/{{ code_host }}/config"
#
# GlueTun
#
gluetun_port: ""
gluetun_host: "gluetun"
gluetun_country: "Hungary"
gluetun_config: "{{ docker_dir }}/{{ gluetun_host }}/config"
#
# NodeExporter
#
node_exporter:
port: 9100
host: 'node'
version: 'latest'
serve: 'localhost'
options: ''
bin_path: /usr/local/bin/node_exporter
#
# Prometheus
#
prometheus_puid: "65534"
prometheus_pgid: "65534"
prometheus_host: "prometheus"
prometheus_data: "{{docker_data_dir}}/prometheus/"
prometheus_config: "{{docker_dir}}/prometheus/"
prometheus_port: "9090"
#
# Grafana
#
grafana_host: "grafana"
grafana_port: "3000"
grafana_data: "{{docker_data_dir}}/grafana/"
grafana_config: "{{docker_dir}}/grafana/config/"
grafana_logs: "{{docker_dir}}/grafana/logs/"
grafana_puid: "472"
grafana_pgid: "472"
#
# SNMP Exporter
#
snmp_exporter_port: "9116"
snmp_exporter_target: "192.168.20.1"
snmp_exporter_config: "{{ docker_dir }}/snmp_exporter/"
snmp_exporter_host: "snmp_exporter"
#
# SMART Exporter
#
smart_exporter:
port: 9633
version: 'latest'
options: '--web.listen-address=9633'
bin_path: /usr/local/bin/smart_exporter
#
# Stirling-pdf
#
stirling:
host: "stirling"
dns: "pdf"
port: 8084
#
# nginx proxy manager
#
nginx:
host: "nginx"
endpoints:
http: 80
https: 443
admin: 8080
paths:
letsencrypt: "{{docker_dir}}/nginx/letsencrypt"
data: "{{docker_dir}}/nginx/data"
#
# Jellyfin
#
jellyfin:
host: "jellyfin"
port: "8096"
config: "{{docker_dir}}/jellyfin/config"
cache: "{{docker_dir}}/jellyfin/cache"
media:
tv: "{{ plex_tv }}"
movies: "{{ plex_movies }}"
music: "{{ plex_music }}"
#
# paperless-ngx
#
paperless:
host: "paperless"
port: "8000"
data:
data: "{{ docker_dir }}/paperless/data/data"
media: "{{ docker_dir }}/paperless/data/media"
export: "{{ docker_dir }}/paperless/data/export"
consume: "{{ docker_dir }}/paperless/data/consume"
db:
host: "paperless-sqlite"
db: "paperless"
user: "paperless"
password: "{{ host.paperless.db.password }}"
data: "{{ docker_dir }}/paperless/db/data"
redis:
host: "paperless-redis"
data: "{{ docker_dir }}/paperless/redis/data"
#
# Homarr
#
homarr:
host: "homarr"
volumes:
configs: "{{docker_dir}}/homarr/configs"
data: "{{ docker_data_dir }}/homarr/data/"
icons: "{{docker_dir}}/homarr/icons"
#
# gitea
#
gitea:
host: "git"
url: "https://git.tudattr.dev"
volumes:
data: "{{ docker_data_dir }}/gitea/data"
config: "{{ docker_dir }}/gitea/config"
ports:
http: "3000"
ssh: "2222"
runner:
host: "gitea-runner-{{ host.hostname }}"
token: "{{ host.gitea.runner.token }}"
name: "{{ host.hostname }}"
volumes:
data: "{{ docker_data_dir }}/gitea/runner/data/"
config: "{{ docker_dir }}/gitea/runner/config/"
config_file: "{{ docker_dir }}/gitea/runner/config/config.yml"
#
# Jellyseer
#
jellyseer:
host: "jellyseer"
ports:
http: "5055"
volumes:
config: "{{ docker_dir }}/jellyseer/config"
- tree

9
host_vars/genesis.yml Normal file
View File

@ -0,0 +1,9 @@
ansible_user: "{{ user }}"
ansible_host: 192.168.20.12
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.aya01.sudo }}"
host:
hostname: "k3s.server"
ip: "{{ ansible_host }}"

10
host_vars/inko.yml
View File

@ -1,10 +0,0 @@
ansible_user: "{{ user }}"
ansible_host: 192.168.20.14
ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault.inko.sudo }}'
host:
ip: "{{ ansible_host }}"
fstab:
mergerfs:

9
host_vars/k3s.server.yml Normal file
View File

@ -0,0 +1,9 @@
ansible_user: "{{ user }}"
ansible_host: 192.168.20.21
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.k3s-server.sudo }}"
host:
hostname: "k3s.server"
ip: "{{ ansible_host }}"

20
host_vars/mii.yml
View File

@ -1,20 +0,0 @@
ansible_user: "{{ user }}"
ansible_host: 202.61.207.139
ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault.mii.sudo }}'
host:
hostname: "mii"
ip: "192.168.200.2"
backblaze:
account: "{{ vault.mii.backblaze.account }}"
key: "{{ vault.mii.backblaze.key }}"
remote: "remote:mii-tudattr-dev"
password: "{{ vault.mii.rclone.password }}"
password2: "{{ vault.mii.rclone.password2 }}"
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"
fstab:
mergerfs:

23
host_vars/naruto.yml
View File

@ -1,23 +0,0 @@
ansible_user: "{{ user }}"
ansible_host: 192.168.20.13
ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault.naruto.sudo }}'
host:
hostname: "naruto"
ip: "{{ ansible_host }}"
backblaze:
account: "{{ vault.naruto.backblaze.account }}"
key: "{{ vault.naruto.backblaze.key }}"
remote: "remote:naruto-tudattr-dev"
password: "{{ vault.naruto.rclone.password }}"
password2: "{{ vault.naruto.rclone.password2 }}"
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"
fstab:
mergerfs:
gitea:
runner:
token: "{{ vault.naruto.gitea.runner.token }}"

23
host_vars/pi.yml
View File

@ -1,23 +0,0 @@
ansible_user: "{{ user }}"
ansible_host: 192.168.20.11
ansible_port: 22
ansible_ssh_private_key_file: '{{ pk_path }}'
ansible_become_pass: '{{ vault.pi.sudo }}'
host:
hostname: "pi"
ip: "{{ ansible_host }}"
backblaze:
account: "{{ vault.pi.backblaze.account }}"
key: "{{ vault.pi.backblaze.key }}"
remote: "remote:pi-tudattr-dev"
password: "{{ vault.pi.rclone.password }}"
password2: "{{ vault.pi.rclone.password2 }}"
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"
fstab:
mergerfs:
gitea:
runner:
token: "{{ vault.pi.gitea.runner.token }}"

6
inko.yml → k3s.server.yml
View File

@ -1,14 +1,14 @@
---
- name: Set up Servers
hosts: inko
hosts: aya01
gather_facts: yes
roles:
- role: common
tags:
- common
- role: power_management
- role: k3s-server
tags:
- power_management
- k3s-server
- role: node_exporter
tags:
- node_exporter

20
mii.yml
View File

@ -1,20 +0,0 @@
---
- name: Set up Servers
hosts: mii
gather_facts: yes
roles:
- role: common
tags:
- common
- role: backblaze
tags:
- backblaze
- role: node_exporter
tags:
- node_exporter
- role: docker
tags:
- docker
- role: wireguard
tags:
- wireguard

17
naruto.yml
View File

@ -1,17 +0,0 @@
---
- name: Set up Servers
hosts: naruto
gather_facts: yes
roles:
- role: common
tags:
- common
- role: samba
tags:
- samba
- role: node_exporter
tags:
- node_exporter
- role: smart_exporter
tags:
- smart_exporter

17
pi.yml
View File

@ -1,17 +0,0 @@
---
- name: Set up Raspberry Pis
hosts: pi
gather_facts: yes
roles:
- role: common
tags:
- common
- role: backblaze
tags:
- backblaze
- role: node_exporter
tags:
- node_exporter
- role: docker
tags:
- docker

16
production
View File

@ -1,9 +1,11 @@
[server]
aya01
[raspberry]
pi
naruto
[vps]
mii
[k3s]
k3s.server
[vm]
k3s.server
[controller]
genesis

24
roles/backblaze/tasks/backup.yml
View File

@ -1,24 +0,0 @@
---
- name: Shut down docker
systemd:
name: docker
state: stopped
become: true
# - name: Backing up for "{{ inventory_hostname }}"
# shell:
# cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16"
# loop: "{{ host.backblaze.paths }}"
# become: true
- name: Backing up for "{{ inventory_hostname }}"
shell:
cmd: "rclone sync {{ item }} secret:{{ item }} --skip-links"
loop: "{{ host.backblaze.paths }}"
become: true
- name: Restart docker
systemd:
name: docker
state: started
become: true

18
roles/backblaze/tasks/config.yml
View File

@ -1,18 +0,0 @@
---
- name: Create rclone config folder
file:
path: "{{ rclone_config }}"
owner: '0'
group: '0'
mode: '700'
state: directory
become: true
- name: Copy "rclone.conf"
template:
src: "rclone.conf.j2"
dest: "{{ rclone_config }}/rclone.conf"
owner: '0'
group: '0'
mode: '400'
become: true

13
roles/backblaze/tasks/install.yml
View File

@ -1,13 +0,0 @@
---
- name: Update and upgrade packages
apt:
update_cache: true
upgrade: true
autoremove: true
become: true
- name: Install rclone
apt:
name: "rclone"
state: present
become: true

5
roles/backblaze/tasks/main.yml
View File

@ -1,5 +0,0 @@
---
- include_tasks: install.yml
- include_tasks: config.yml
- include_tasks: backup.yml

10
roles/backblaze/templates/rclone.conf.j2
View File

@ -1,10 +0,0 @@
[remote]
type = b2
account = {{ host.backblaze.account }}
key = {{ host.backblaze.key }}
[secret]
type = crypt
remote = {{ host.backblaze.remote }}
password = {{ host.backblaze.password }}
password2 = {{ host.backblaze.password2 }}

42
roles/common/tasks/fstab.yml
View File

@ -1,42 +0,0 @@
---
- name: Install dependencies
apt:
name: "mergerfs"
state: present
become: yes
- name: Create mount folders
file:
path: "{{ item.path }}"
state: directory
loop: "{{ host.fstab if host.fstab is iterable else []}}"
become: true
- name: Create fstab entries
mount:
src: "UUID={{ item.uuid }}"
path: "{{ item.path }}"
fstype: "{{ item.type }}"
state: present
backup: true
loop: "{{ host.fstab if host.fstab is iterable else []}}"
become: true
register: fstab
- name: Create/mount mergerfs
mount:
src: "{{ item.branches | join(':') }}"
path: "{{ item.path }}"
fstype: "{{ item.type }}"
opts: "{{ item.opts | join(',') }}"
state: present
backup: true
become: true
loop: "{{ host.mergerfs if host.mergerfs is iterable else []}}"
register: fstab
- name: Mount all disks
command: mount -a
become: true
when: fstab.changed

1
roles/common/tasks/main.yml
View File

@ -3,4 +3,3 @@
- include_tasks: essential.yml
- include_tasks: bash.yml
- include_tasks: sshd.yml
- include_tasks: fstab.yml

96
roles/docker/tasks/aya01_compose.yml
View File

@ -1,96 +0,0 @@
---
# - include_tasks: zoneminder.yml
# tags:
# - zoneminder
- include_tasks: pihole.yml
tags:
- pihole
- include_tasks: syncthing.yml
tags:
- syncthing
# - include_tasks: softserve.yml
# tags:
# - softserve
- include_tasks: cupsd.yml
tags:
- cupsd
- include_tasks: kuma.yml
tags:
- kuma
# - include_tasks: traefik.yml
# tags:
# - traefik
- include_tasks: plex.yml
tags:
- plex
- include_tasks: ddns.yml
tags:
- ddns
- include_tasks: homeassistant.yml
tags:
- homeassistant
- include_tasks: tautulli.yml
tags:
- tautulli
- include_tasks: sonarr.yml
tags:
- sonarr
- include_tasks: radarr.yml
tags:
- radarr
- include_tasks: lidarr.yml
tags:
- lidarr
- include_tasks: prowlarr.yml
tags:
- prowlarr
- include_tasks: bin.yml
tags:
- bin
- include_tasks: gluetun.yml
tags:
- gluetun
- include_tasks: qbit.yml
tags:
- qbit
- include_tasks: qbit_private.yml
tags:
- qbit_priv
- include_tasks: prometheus.yml
tags:
- prometheus
- include_tasks: grafana.yml
tags:
- grafana
- include_tasks: jellyfin.yml
tags:
- jellyfin
- include_tasks: gitea.yml
tags:
- gitea
- include_tasks: gitea-runner.yml
tags:
- gitea-runner

9
roles/docker/tasks/bin.yml
View File

@ -1,9 +0,0 @@
---
- name: Create bin-config directory
file:
path: "{{ bin_upload }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes

19
roles/docker/tasks/cupsd.yml
View File

@ -1,19 +0,0 @@
---
- name: Create cupsd-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ cupsd_config }}"
become: true
- name: Copy cupsd config
template:
owner: "{{ puid }}"
src: "templates/aya01/cupsd/cupsd.conf"
dest: "{{ cupsd_config }}/cupsd.conf"
mode: '660'
become: true

16
roles/docker/tasks/ddns.yml
View File

@ -1,16 +0,0 @@
---
- name: Create ddns-config directory
file:
path: "{{ docker_dir }}/ddns-updater/data/"
owner: 1000
group: 1000
mode: '700'
state: directory
- name: Copy ddns-config
template:
owner: 1000
src: "templates/{{host.hostname}}/ddns-updater/data/config.json"
dest: "{{ docker_dir }}/ddns-updater/data/config.json"
mode: '400'

11
roles/docker/tasks/gitea-runner.yml
View File

@ -1,11 +0,0 @@
---
- name: Create gitea-runner directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ gitea.runner.volumes.data }}"

12
roles/docker/tasks/gitea.yml
View File

@ -1,12 +0,0 @@
---
- name: Create gitea directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ gitea.volumes.data }}"
- "{{ gitea.volumes.config }}"

11
roles/docker/tasks/gitlab-runner.yml
View File

@ -1,11 +0,0 @@
---
- name: Create gitlab-runner directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ gitlab.runner.volumes.config }}"

14
roles/docker/tasks/gitlab.yml
View File

@ -1,14 +0,0 @@
---
- name: Create gitlab-config
file:
path: "{{ item }}"
owner: "{{ gitlab.puid }}"
group: "{{ gitlab.pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ gitlab.paths.config }}"
- "{{ gitlab.paths.logs }}"
- "{{ gitlab.paths.data }}"

11
roles/docker/tasks/gluetun.yml
View File

@ -1,11 +0,0 @@
---
- name: Create gluetun-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '775'
state: directory
loop:
- "{{ gluetun_config}}"
become: true

22
roles/docker/tasks/grafana.yml
View File

@ -1,22 +0,0 @@
---
- name: Create grafana data directory
file:
path: "{{ item }}"
owner: "{{ grafana_puid }}"
group: "{{ grafana_pgid }}"
mode: '755'
state: directory
loop:
- "{{ grafana_data }}"
- "{{ grafana_config }}"
become: true
- name: Copy grafana config
template:
owner: "{{ grafana_puid }}"
group: "{{ grafana_pgid }}"
src: "templates/aya01/grafana/etc-grafana/grafana.ini.j2"
dest: "{{ grafana_config }}/grafana.ini"
mode: '644'
become: true

8
roles/docker/tasks/homeassistant.yml
View File

@ -1,8 +0,0 @@
---
- name: Create homeassistant-config directory
file:
path: "{{ ha_config }}"
mode: '755'
state: directory
become: true

30
roles/docker/tasks/hugo.yml
View File

@ -1,30 +0,0 @@
---
- name: Create zoneminder user
user:
name: zm
uid: 911
shell: /bin/false
become: true
- name: Create Zoneminder config directory
file:
path: "{{ item }}"
owner: 911
group: 911
mode: '700'
state: directory
loop:
- "{{ zoneminder_config }}"
become: true
- name: Create Zoneminder data directory
file:
path: "{{ item }}"
owner: 911
group: 911
mode: '755'
state: directory
loop:
- "{{ zoneminder_data }}"
become: true

67
roles/docker/tasks/install.yml
View File

@ -1,67 +0,0 @@
---
- name: Uninstall old versions
apt:
name: "{{ item }}"
state: absent
purge: true
loop:
- docker
- docker-engine
- docker.io
- containerd
- runc
become: true
- name: Update cache
apt:
update_cache: true
become: true
- name: Install dependencies for apt to use repositories over HTTPS
apt:
name: "{{ item }}"
state: present
loop:
- ca-certificates
- curl
- gnupg
- lsb-release
become: true
- name: Create keyrings direcoty
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
mode: '0755'
become: true
- name: Add Docker apt key.
ansible.builtin.get_url:
url: "{{ docker_apt_gpg_key }}"
dest: /etc/apt/trusted.gpg.d/docker.asc
mode: '0664'
force: true
become: true
- name: Add Docker repository.
apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
become: true
- name: Update cache
apt:
update_cache: true
become: true
- name: Install Docker Engine, containerd, and Docker Compose.
apt:
name: "{{ item }}"
state: present
loop:
- docker-ce
- docker-ce-cli
- docker-compose-plugin
- containerd.io
become: true

31
roles/docker/tasks/jellyfin.yml
View File

@ -1,31 +0,0 @@
---
- name: Create jellyfin-config directory
file:
path: "{{ jellyfin.config }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
- name: Create jellyfin-cache directory
file:
path: "{{ jellyfin.cache }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
- name: Create jellyfin media directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ jellyfin.media.tv }}"
- "{{ jellyfin.media.movies }}"
- "{{ jellyfin.media.music }}"

11
roles/docker/tasks/kuma.yml
View File

@ -1,11 +0,0 @@
---
- name: Create kuma-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ kuma_config }}"
become: true

13
roles/docker/tasks/lidarr.yml
View File

@ -1,13 +0,0 @@
---
- name: Create lidarr directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ lidarr_config }}"
- "{{ lidarr_media }}"
- "{{ lidarr_downloads }}"

24
roles/docker/tasks/main.yml
View File

@ -1,24 +0,0 @@
---
- include_tasks: install.yml
- include_tasks: user_group_setup.yml
- name: Copy the compose file
template:
src: templates/{{ inventory_hostname }}/compose.yaml
dest: "{{ docker_compose_dir }}/compose.yaml"
register: compose
- include_tasks: "{{ inventory_hostname }}_compose.yml"
tags:
- reload_compose
- name: Update docker Images
shell:
cmd: "docker compose pull"
chdir: "{{ docker_compose_dir }}"
- name: Rebuilding docker images
shell:
cmd: "docker compose up -d --build"
chdir: "{{ docker_compose_dir }}"

5
roles/docker/tasks/mii_compose.yml
View File

@ -1,5 +0,0 @@
---
- include_tasks: nginx-proxy-manager.yml
tags:
- nginx

13
roles/docker/tasks/naruto_compose.yml
View File

@ -1,13 +0,0 @@
---
- include_tasks: nginx-proxy-manager.yml
tags:
- nginx
- include_tasks: pihole.yml
tags:
- pihole
- include_tasks: gitea-runner.yml
tags:
- gitea-runner

14
roles/docker/tasks/netdata.yaml
View File

@ -1,14 +0,0 @@
---
- name: Create netdata dirs
file:
path: "{{ item }}"
owner: 1000
group: 1000
mode: '777'
state: directory
loop:
- "{{ netdata_config }}"
- "{{ netdata_cache }}"
- "{{ netdata_lib }}"
become: true

13
roles/docker/tasks/nginx-proxy-manager.yml
View File

@ -1,13 +0,0 @@
---
- name: Create nginx-data directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ nginx.paths.letsencrypt }}"
- "{{ nginx.paths.data }}"
become: yes

14
roles/docker/tasks/pi_compose.yml
View File

@ -1,14 +0,0 @@
---
- include_tasks: nginx-proxy-manager.yml
tags:
- nginx
- include_tasks: pihole.yml
tags:
- pihole
- include_tasks: gitea-runner.yml
tags:
- gitea-runner

14
roles/docker/tasks/pihole.yml
View File

@ -1,14 +0,0 @@
---
- name: Create pihole-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ docker_dir }}/pihole/etc-pihole/"
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
become: true

22
roles/docker/tasks/plex.yml
View File

@ -1,22 +0,0 @@
---
- name: Create plex-config directory
file:
path: "{{ plex_config }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
- name: Create plex media directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ plex_tv }}"
- "{{ plex_movies }}"
- "{{ plex_music }}"

21
roles/docker/tasks/prometheus.yml
View File

@ -1,21 +0,0 @@
---
- name: Create prometheus dirs
file:
path: "{{ item }}"
owner: "{{ prometheus_puid }}"
group: "{{ prometheus_pgid }}"
mode: '755'
state: directory
loop:
- "{{ prometheus_config }}"
- "{{ prometheus_data }}"
become: true
- name: Place prometheus config
template:
owner: "{{ prometheus_puid }}"
group: "{{ prometheus_pgid}}"
src: "templates/aya01/prometheus/prometheus.yml.j2"
dest: "{{ prometheus_config }}/prometheus.yml"
mode: '644'
become: true

11
roles/docker/tasks/prowlarr.yml
View File

@ -1,11 +0,0 @@
---
- name: Create prowlarr directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ prowlarr_config }}"

12
roles/docker/tasks/qbit.yml
View File

@ -1,12 +0,0 @@
---
- name: Create qbit-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '775'
state: directory
loop:
- "{{ qbit_remote_config }}"
- "{{ qbit_downloads }}"
become: true

12
roles/docker/tasks/qbit_private.yml
View File

@ -1,12 +0,0 @@
---
- name: Create qbit_torrentleech-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '775'
state: directory
loop:
- "{{ torrentleech_remote_config }}"
- "{{ qbit_downloads }}"
become: true

13
roles/docker/tasks/radarr.yml
View File

@ -1,13 +0,0 @@
---
- name: Create radarr directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ radarr_config }}"
- "{{ radarr_media }}"
- "{{ radarr_downloads }}"

12
roles/docker/tasks/softserve.yml
View File

@ -1,12 +0,0 @@
---
- name: Create soft-serve directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ softserve_data }}"
become: true

13
roles/docker/tasks/sonarr.yml
View File

@ -1,13 +0,0 @@
---
- name: Create sonarr directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes
loop:
- "{{ sonarr_config }}"
- "{{ sonarr_media }}"
- "{{ sonarr_downloads }}"

20
roles/docker/tasks/swag.yml
View File

@ -1,20 +0,0 @@
---
- name: Create swag-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
state: directory
loop:
- "{{ swag_config }}"
- name: Copy site-confs
template:
owner: "{{ puid }}"
group: "{{ pgid }}"
src: "{{ item }}"
dest: "{{ swag_remote_site_confs }}"
mode: '664'
loop: "{{ swag_site_confs }}"
become: true

18
roles/docker/tasks/syncthing.yml
View File

@ -1,18 +0,0 @@
---
- name: Create syncthing directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ syncthing_data }}"
become: true
- name: Resolve inotify error for syncthing
template:
src: "templates/aya01/syncthing/syncthing.conf"
dest: "/etc/sysctl.d/syncthing.conf"
mode: "660"
become: true

9
roles/docker/tasks/tautulli.yml
View File

@ -1,9 +0,0 @@
---
- name: Create tautulli-config directory
file:
path: "{{ tautulli_config }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
become: yes

18
roles/docker/tasks/traefik.yml
View File

@ -1,18 +0,0 @@
---
- name: Create traefik-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
state: directory
loop:
- "{{ docker_dir }}/traefik/etc-traefik/"
- "{{ docker_dir }}/traefik/var-log/"
- name: Copy traefik-config
template:
owner: 1000
src: "templates/common/traefik/etc-traefik/traefik.yml"
dest: "{{ traefik.config }}"
mode: '400'

25
roles/docker/tasks/user_group_setup.yml
View File

@ -1,25 +0,0 @@
---
- name: Ensure group "docker" exists
group:
name: docker
state: present
become: yes
- name: Append the group "docker" to "{{ user }}" groups
ansible.builtin.user:
name: "{{ user }}"
shell: /bin/bash
groups: docker
append: yes
become: yes
- name: Make sure that the docker folders exists
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ user }}"
group: "{{ user }}"
state: directory
loop:
- "{{docker_compose_dir}}"
- "{{docker_dir}}"
become: yes

30
roles/docker/tasks/zoneminder.yml
View File

@ -1,30 +0,0 @@
---
- name: Create zoneminder user
user:
name: zm
uid: '911'
shell: /bin/false
become: true
- name: Create Zoneminder config directory
file:
path: "{{ item }}"
owner: '911'
group: '911'
mode: '755'
state: directory
loop:
- "{{ zoneminder_config }}"
become: true
- name: Create Zoneminder data directory
file:
path: "{{ item }}"
owner: '911'
group: '911'
mode: '755'
state: directory
loop:
- "{{ zoneminder_data }}"
become: true

518
roles/docker/templates/aya01/compose.yaml
View File

@ -1,518 +0,0 @@
version: '3'
services:
nginx:
container_name: "{{nginx.host}}"
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
networks:
net: {}
ports:
- '{{nginx.endpoints.http}}:80'
- '{{nginx.endpoints.https}}:443'
- '{{nginx.endpoints.admin}}:81'
volumes:
- "{{nginx.paths.data}}:/data"
- "{{nginx.paths.letsencrypt}}:/etc/letsencrypt"
- '/var/run/docker.sock:/var/run/docker.sock'
pihole:
container_name: pihole
image: pihole/pihole:latest
restart: unless-stopped
depends_on:
- nginx
networks:
- net
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ pihole_config }}:/etc/pihole/"
- "{{ pihole_dnsmasq }}:/etc/dnsmasq.d/"
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{timezone}}
- "WEBPASSWORD={{ vault_aya01_pihole_password }}"
- "ServerIP={{ host.ip }}"
- "INTERFACE=eth0"
- "DNS1=1.1.1.1"
- "DNS1=1.0.0.1"
dns:
- 127.0.0.1
- 1.1.1.1
cap_add:
- NET_ADMIN
syncthing:
image: syncthing/syncthing
container_name: syncthing
restart: unless-stopped
depends_on:
- pihole
networks:
- net
ports:
- 22000:22000/tcp # TCP file transfers
- 22000:22000/udp # QUIC file transfers
- 21027:21027/udp # Receive local discovery broadcasts
volumes:
- "{{syncthing_data}}:/var/syncthing"
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{timezone}}
hostname: syncthing
cupsd:
container_name: cupsd
image: olbat/cupsd
restart: unless-stopped
depends_on:
- pihole
networks:
- net
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{timezone}}
volumes:
- /var/run/dbus:/var/run/dbus
- "{{cupsd_config}}:/etc/cups"
kuma:
container_name: kuma
image: louislam/uptime-kuma:1
restart: unless-stopped
depends_on:
- pihole
networks:
- net
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{timezone}}
ports:
- "{{kuma_port}}:3001"
volumes:
- "{{ kuma_config }}:/app/data"
plex:
image: lscr.io/linuxserver/plex:latest
container_name: plex
restart: unless-stopped
depends_on:
- pihole
networks:
- net
devices:
- /dev/dri:/dev/dri
ports:
- "{{ plex_port }}:32400"
- "1900:1900"
- "3005:3005"
- "5353:5353"
- "32410:32410"
- "8324:8324"
- "32412:32412"
- "32469:32469"
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{timezone}}
- VERSION=docker
volumes:
- "{{ plex_config }}:/config"
- "{{ plex_tv }}:/tv:ro"
- "{{ plex_movies }}:/movies:ro"
- "{{ plex_music }}:/music:ro"
sonarr:
image: lscr.io/linuxserver/sonarr:latest
container_name: sonarr
restart: unless-stopped
depends_on:
- prowlarr
networks:
- net
environment:
- PUID={{ puid }}
- PGID={{ pgid }}
- TZ={{ timezone }}
volumes:
- {{ sonarr_config }}:/config
- {{ sonarr_media }}:/tv #optional
- {{ sonarr_downloads }}:/downloads #optional
radarr:
image: lscr.io/linuxserver/radarr:latest
container_name: radarr
restart: unless-stopped
depends_on:
- prowlarr
networks:
- net
environment:
- PUID={{ puid }}
- PGID={{ pgid }}
- TZ={{ timezone }}
volumes:
- {{ radarr_config }}:/config
- {{ radarr_media }}:/movies #optional
- {{ radarr_downloads }}:/downloads #optional
lidarr:
image: lscr.io/linuxserver/lidarr:latest
container_name: lidarr
restart: unless-stopped
depends_on:
- prowlarr
networks:
- net
environment:
- PUID={{ puid }}
- PGID={{ pgid }}
- TZ={{ timezone }}
volumes:
- {{ lidarr_config }}:/config
- {{ lidarr_media }}:/music #optional
- {{ lidarr_downloads }}:/downloads #optional
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
container_name: prowlarr
restart: unless-stopped
depends_on:
- pihole
networks:
- net
environment:
- PUID={{ puid }}
- PGID={{ pgid }}
- TZ={{ timezone }}
volumes:
- {{ prowlarr_config }}:/config
pastebin:
image: wantguns/bin
container_name: pastebin
restart: unless-stopped
depends_on:
- pihole
networks:
- net
environment:
- PUID={{ puid }}
- PGID={{ pgid }}
- TZ={{ timezone }}
- ROCKET_PORT={{ bin_port }}
- HOST_URL={{ bin_host }}.{{ aya01_host }}.{{ local_domain }}
volumes:
- {{ bin_upload }}:/app/upload
tautulli:
image: lscr.io/linuxserver/tautulli:latest
container_name: tautulli
restart: unless-stopped
depends_on:
- plex
networks:
- net
environment:
- PUID={{ puid }}
- PGID={{ pgid}}
- TZ={{ timezone }}
ports:
- "{{ tautulli_port }}:8181"
volumes:
- {{ tautulli_config}}:/config
{{ gluetun_host }}:
image: qmcgaw/gluetun
container_name: {{ gluetun_host }}
restart: unless-stopped
networks:
- net
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
volumes:
- {{ gluetun_config }}:/gluetun
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{ timezone }}
- VPN_SERVICE_PROVIDER=protonvpn
- UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
- UPDATER_PERIOD=24h
- SERVER_COUNTRIES={{ gluetun_country }}
- OPENVPN_USER={{ vault_qbit_vpn_user }}+pmp
- OPENVPN_PASSWORD={{ vault_qbit_vpn_password }}
{{ torrentleech_host }}:
image: qbittorrentofficial/qbittorrent-nox
container_name: {{ torrentleech_host }}
restart: unless-stopped
depends_on:
- gluetun
- sonarr
- radarr
- lidarr
network_mode: "container:{{ gluetun_host }}"
environment:
- PUID={{ puid }}
- PGID={{ pgid }}
- TZ={{ timezone }}
- QBT_EULA="accept"
- QBT_WEBUI_PORT="{{ torrentleech_port }}"
volumes:
- {{ torrentleech_remote_config }}:/config
- {{ qbit_downloads }}:/downloads
{{qbit_host}}:
image: qbittorrentofficial/qbittorrent-nox
container_name: {{ qbit_host }}
restart: unless-stopped
depends_on:
- gluetun
- sonarr
- radarr
- lidarr
network_mode: "container:{{ gluetun_host }}"
environment:
- PUID={{ puid }}
- PGID={{ pgid }}
- TZ={{ timezone }}
- QBT_EULA="accept"
- QBT_WEBUI_PORT="{{ qbit_port }}"
volumes:
- {{ qbit_remote_config }}:/config
- {{ qbit_downloads }}:/downloads
{{ prometheus_host }}:
image: prom/prometheus
container_name: {{ prometheus_host }}
restart: unless-stopped
depends_on:
- pihole
networks:
- net
environment:
- PUID={{ prometheus_puid }}
- PGID={{ prometheus_pgid}}
- TZ={{ timezone }}
volumes:
- {{ prometheus_config }}:/etc/prometheus/
- prometheus_data:/prometheus/
{{ grafana_host }}:
image: grafana/grafana-oss
container_name: {{ grafana_host }}
restart: unless-stopped
user: "0:0"
depends_on:
- {{ prometheus_host }}
networks:
- net
environment:
- PUID={{ grafana_puid }}
- PGID={{ grafana_pgid }}
- TZ={{ timezone }}
volumes:
- {{ grafana_data }}:/var/lib/grafana/
- {{ grafana_config }}:/etc/grafana/
ddns-updater:
container_name: ddns-updater
image: "ghcr.io/qdm12/ddns-updater"
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
volumes:
- "{{ ddns_data }}:/updater/data/"
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ ha_config }}:/config/"
privileged: true
ports:
- "{{ ha_port }}:8123"
- 4357:4357
- 5683:5683
- 5683:5683/udp
{{stirling.host}}:
container_name: {{stirling.host}}
image: frooodle/s-pdf:latest
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
{{ jellyfin.host }}:
container_name: {{ jellyfin.host }}
image: jellyfin/jellyfin
restart: 'unless-stopped'
depends_on:
- pihole
networks:
net: {}
devices:
- /dev/dri:/dev/dri
volumes:
- {{ jellyfin.config }}:/config
- {{ jellyfin.cache }}:/cache
- {{ jellyfin.media.tv }}:/tv:ro
- {{ jellyfin.media.movies }}:/movies:ro
- {{ jellyfin.media.music }}:/music:ro
ports:
- "{{ jellyfin.port }}:{{ jellyfin.port }}"
broker:
container_name: {{ paperless.redis.host }}
image: docker.io/library/redis:7
restart: unless-stopped
depends_on:
- pihole
networks:
- net
volumes:
- {{paperless.redis.data}}:/data
db:
container_name: {{ paperless.db.host }}
image: docker.io/library/postgres:15
restart: unless-stopped
depends_on:
- pihole
networks:
- net
volumes:
- {{paperless.db.data}}:/var/lib/postgresql/data
environment:
POSTGRES_DB: {{ paperless.db.db }}
POSTGRES_USER: {{ paperless.db.user }}
POSTGRES_PASSWORD: {{ paperless.db.password }}
paperless:
container_name: {{ paperless.host }}
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- db
- broker
networks:
- net
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:{{ paperless.port }}"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- {{ paperless.data.data }}:/usr/src/paperless/data
- {{ paperless.data.media }}:/usr/src/paperless/media
- {{ paperless.data.export }}:/usr/src/paperless/export
- {{ paperless.data.consume }}:/usr/src/paperless/consume
environment:
- "PAPERLESS_REDIS=redis://broker:6379"
- "PAPERLESS_DBHOST=db"
- "PAPERLESS_DBUSER={{paperless.db.user}}"
- "PAPERLESS_DBPASS={{paperless.db.password}}"
- "USERMAP_UID={{ puid }}"
- "USERMAP_GID={{ pgid}}"
- "PAPERLESS_URL=https://{{paperless.host}}.{{ host.hostname }}.{{ backup_domain }}"
- "PAPERLESS_TIME_ZONE={{ timezone }}"
- "PAPERLESS_OCR_LANGUAGE=deu"
{{ homarr.host }}:
container_name: {{ homarr.host }}
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
depends_on:
- pihole
networks:
- net
volumes:
- {{ homarr.volumes.configs }}:/app/data/configs
- {{ homarr.volumes.data }}:/data
- {{ homarr.volumes.icons }}:/app/public/icons
{{ gitea.host }}:
container_name: {{ gitea.host }}
image: gitea/gitea:1.20.5-rootless
restart: unless-stopped
depends_on:
- pihole
networks:
- net
volumes:
- {{ gitea.volumes.data }}:/var/lib/gitea
- {{ gitea.volumes.config }}:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "{{ gitea.ports.http }}:3000"
- "{{ gitea.ports.ssh }}:2222"
{{ gitea.runner.host }}:
container_name: {{ gitea.runner.host }}
image: gitea/act_runner:nightly
restart: unless-stopped
depends_on:
- {{ gitea.host }}
networks:
- net
volumes:
- "{{ gitea.runner.config_file }}:/config.yaml"
- "{{ gitea.runner.volumes.data }}:/data"
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
- "GITEA_INSTANCE_URL={{ gitea.url }}"
- "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}"
- "GITEA_RUNNER_NAME: {{ gitea.runner.name }}"
- "CONFIG_FILE: /config.yaml"
{{ jellyseer.host }}:
container_name: {{ jellyseer.host }}
image: fallenbagel/jellyseerr:latest
restart: unless-stopped
environment:
- LOG_LEVEL=info
- TZ={{ timezone }}
depends_on:
- {{ jellyfin.host }}
networks:
- net
volumes:
- {{ jellyseer.volumes.config }}:/app/config
networks:
zoneminder:
driver: bridge
ipam:
driver: default
config:
- subnet: {{ zoneminder_network }}
net:
driver: bridge
ipam:
driver: default
config:
- subnet: {{ docker_network }}
volumes:
prometheus_data: {}

196
roles/docker/templates/aya01/cupsd/cupsd.conf
View File

@ -1,196 +0,0 @@
#
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat
ServerAlias *
# Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation.
MaxLogSize 0
# Default error policy for printers
ErrorPolicy retry-job
# Allow remote access
Listen *:631
# Show shared printers on the local network.
Browsing Yes
BrowseLocalProtocols dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
DefaultEncryption IfRequested
# Web interface setting...
WebInterface Yes
# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
IdleExitTimeout 60
# Restrict access to the server...
<Location />
Order allow,deny
Allow all
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow all
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow all
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow all
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the kerberized printer/job policies...
<Policy kerberos>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>

11
roles/docker/templates/aya01/ddns-updater/data/config.json
View File

@ -1,11 +0,0 @@
{
"settings": [
{
"provider": "namecheap",
"domain": "{{ local_domain }}",
"host": "{{ local_subdomains }}",
"password": "{{ vault_ddns_local_password }}",
"provider_ip": true
}
]
}

1464
roles/docker/templates/aya01/grafana/etc-grafana/grafana.ini.j2
View File

File diff suppressed because it is too large Load Diff

18
roles/docker/templates/aya01/prometheus/exporter/mikrotik/config/config.yml
View File

@ -1,18 +0,0 @@
devices:
- name: mikrotik
address: "{{ e_mikrotik_ip }}"
user: "{{ prm_user }}"
password: "{{ vault_prm_user_password }}"
features:
bgp: false
dhcp: true
dhcpv6: true
dhcpl: true
routes: true
pools: true
optics: true

46
roles/docker/templates/aya01/prometheus/prometheus.yml.j2
View File

@ -1,46 +0,0 @@
# Sample config for Prometheus.
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: '{{ user }}'
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
scrape_configs:
- job_name: 'node'
scrape_interval: 10s
scrape_timeout: 10s
tls_config:
insecure_skip_verify: true
static_configs:
- targets: ['{{ aya01_ip }}:{{node_exporter.port}}']
- targets: ['{{ mii_ip }}:{{node_exporter.port}}']
- targets: ['{{ pi_ip }}:{{node_exporter.port}}']
- targets: ['{{ naruto_ip }}:{{node_exporter.port}}']
- targets: ['{{ inko_ip }}:{{node_exporter.port}}']
- job_name: 'mikrotik'
static_configs:
- targets:
- {{ snmp_exporter_target }}
metrics_path: /snmp
params:
module: [mikrotik]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: {{ aya01_ip }}:{{ snmp_exporter_port }} # The SNMP exporter's real hostname:port.
- job_name: 'SMART'
static_configs:
- targets: ['{{ aya01_ip }}:{{smart_exporter.port}}']

1
roles/docker/templates/aya01/syncthing/syncthing.conf
View File

@ -1 +0,0 @@
fs.inotify.max_user_watches=204800

36
roles/docker/templates/common/traefik/etc-traefik/traefik.yml
View File

@ -1,36 +0,0 @@
## traefik.yml
# Entry Points
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
# Docker configuration backend
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedbydefault: "false"
# API and dashboard configuration
api:
insecure: true
dashboard: true
log:
filePath: "/var/log/traefik.log"
accessLog:
filePath: "/var/log/access.log"
certificatesResolvers:
myresolver:
acme:
email: "me+cert@tudattr.dev"
storage: "/letsencrypt/acme.json"
dnsChallenge:
provider: "namecheap"
metrics:
prometheus:
entrypoint: "traefik"

0
roles/docker/templates/common/traefik/var-log/traefik.log
View File

25
roles/docker/templates/mii/compose.yaml
View File

@ -1,25 +0,0 @@
version: '3'
services:
nginx:
container_name: "{{nginx.host}}"
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
networks:
net: {}
ports:
- '{{nginx.endpoints.http}}:80'
- '{{nginx.endpoints.https}}:443'
- '{{nginx.endpoints.admin}}:81'
volumes:
- "{{nginx.paths.data}}:/data"
- "{{nginx.paths.letsencrypt}}:/etc/letsencrypt"
- '/var/run/docker.sock:/var/run/docker.sock'
networks:
net:
driver: bridge
ipam:
# driver: default
config:
- subnet: 172.16.69.0/24
gateway: 172.16.69.1

73
roles/docker/templates/mii/swag/site-confs/default.conf
View File

@ -1,73 +0,0 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://$host$request_uri;
}
}
# main server block
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /config/www;
index index.html index.htm index.php;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable for basic auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
try_files $uri $uri/ /index.html /index.php$is_args$args =404;
}
location /ip {
add_header Content-Type "text/plain";
return 200 '$remote_addr\n';
}
location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# deny access to .htaccess/.htpasswd files
location ~ /\.ht {
deny all;
}
}
# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;
# enable proxy cache for auth
proxy_cache_path cache/ keys_zone=auth_cache:10m;

31
roles/docker/templates/mii/swag/site-confs/plex.subdomain.conf
View File

@ -1,31 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ plex_host }}.{{ remote_domain }};
include /config/nginx/ssl.conf;
client_max_body_size 0;
proxy_redirect off;
proxy_buffering off;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://{{ plex_host }}.{{ aya01_host }}.{{ local_domain }};
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
}
}

20
roles/docker/templates/mii/swag/site-confs/stub.subfolder.conf
View File

@ -1,20 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ stub_host }}.{{ local_domain }};
access_log off;
allow 192.168.20.12;
deny all;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location /stub_status {
include /config/nginx/resolver.conf;
stub_status on;
proxy_pass http://{{ stub_host }}.{{ aya01_host }}.{{ local_domain }};
}
}

34
roles/docker/templates/mii/swag/site-confs/tautulli.subdomain.conf
View File

@ -1,34 +0,0 @@
## Version 2023/02/05
# make sure that your tautulli container is named tautulli
# make sure that your dns has a cname set for tautulli
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ tautulli_host }}.{{ remote_domain }};
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
location ~ (/tautulli)?/api {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
location ~ (/tautulli)?/newsletter {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
location ~ (/tautulli)?/image {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
}

17
roles/docker/templates/mii/swag/site-confs/uptime-kuma.subdomain.conf
View File

@ -1,17 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ kuma_host }}.{{ remote_domain }};
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://{{ kuma_host }}.{{ aya01_host }}.{{ local_domain }};
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

42
roles/docker/templates/naruto/compose.yaml
View File

@ -1,42 +0,0 @@
version: '3'
services:
nginx:
container_name: "{{nginx.host}}"
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
networks:
net: {}
ports:
- '{{nginx.endpoints.http}}:80'
- '{{nginx.endpoints.https}}:443'
- '{{nginx.endpoints.admin}}:81'
volumes:
- "{{nginx.paths.data}}:/data"
- "{{nginx.paths.letsencrypt}}:/etc/letsencrypt"
- '/var/run/docker.sock:/var/run/docker.sock'
{{ gitea.runner.host }}:
container_name: {{ gitea.runner.host }}
image: gitea/act_runner:nightly
restart: unless-stopped
depends_on:
- nginx
networks:
- net
volumes:
- "{{ gitea.runner.config_file }}:/config.yaml"
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
- "GITEA_INSTANCE_URL={{ gitea.url }}"
- "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}"
- "GITEA_RUNNER_NAME: {{ gitea.runner.name }}"
- "CONFIG_FILE: /config.yaml"
networks:
net:
driver: bridge
ipam:
# driver: default
config:
- subnet: 172.16.69.0/24
gateway: 172.16.69.1

68
roles/docker/templates/pi/compose.yaml
View File

@ -1,68 +0,0 @@
version: '3'
services:
nginx:
container_name: "{{nginx.host}}"
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
networks:
net: {}
ports:
- '{{nginx.endpoints.http}}:80'
- '{{nginx.endpoints.https}}:443'
- '{{nginx.endpoints.admin}}:81'
volumes:
- "{{nginx.paths.data}}:/data"
- "{{nginx.paths.letsencrypt}}:/etc/letsencrypt"
- '/var/run/docker.sock:/var/run/docker.sock'
pihole:
container_name: pihole
image: pihole/pihole:latest
restart: unless-stopped
depends_on:
- nginx
networks:
net: {}
ports:
- "53:53/tcp"
- "53:53/udp"
environment:
- "WEBPASSWORD={{ vault.pi.pihole.password }}"
- "ServerIP=192.168.20.11"
- "INTERFACE=eth0"
- "DNS1=1.1.1.1"
- "DNS1=1.0.0.1"
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ pihole_config }}:/etc/pihole/"
- "{{ pihole_dnsmasq }}:/etc/dnsmasq.d/"
dns:
- 127.0.0.1
- 1.1.1.1
cap_add:
- NET_ADMIN
{{ gitea.runner.host }}:
container_name: {{ gitea.runner.host }}
image: gitea/act_runner:nightly
restart: unless-stopped
depends_on:
- nginx
networks:
- net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- {{ gitea.runner.volumes.data }}:/data
environment:
- "GITEA_INSTANCE_URL={{ gitea.url }}"
- "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}"
networks:
net:
driver: bridge
ipam:
# driver: default
config:
- subnet: 172.16.69.0/24
gateway: 172.16.69.1

8
roles/node_exporter/vars/main.yml Normal file
View File

@ -0,0 +1,8 @@
go_arch_map:
i386: "386"
x86_64: "amd64"
aarch64: "arm64"
armv7l: "armv7"
armv6l: "armv6"
go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"

24
roles/power_management/tasks/configure.yml
View File

@ -1,24 +0,0 @@
---
- name: Copy powertop service
template:
src: templates/powertop.service
dest: /etc/systemd/system/powertop.service
become: true
- name: Reload all services
ansible.builtin.systemd:
daemon_reload: yes
become: true
- name: Start and enable the new powertop service
ansible.builtin.systemd:
state: started
enabled: true
name: powertop
become: true
- name: Copy hdparm.conf
template:
src: templates/hdparm.conf
dest: /etc/hdparm.conf
become: true

15
roles/power_management/tasks/install.yml
View File

@ -1,15 +0,0 @@
---
- name: Update cache
apt:
update_cache: true
become: true
- name: Install packages
apt:
name: "{{ item }}"
state: present
loop:
- powertop
- hdparm
become: true

3
roles/power_management/tasks/main.yml
View File

@ -1,3 +0,0 @@
---
- include_tasks: install.yml
- include_tasks: configure.yml

18
roles/power_management/templates/hdparm.conf
View File

@ -1,18 +0,0 @@
quiet
/dev/sda {
apm = 128
spindown_time = 240
}
/dev/sdb {
apm = 128
spindown_time = 240
}
/dev/sdc {
apm = 128
spindown_time = 240
}
/dev/sdd {
apm = 128
spindown_time = 240
}

11
roles/power_management/templates/powertop.service
View File

@ -1,11 +0,0 @@
[Unit]
Description=PowerTOP auto tune
[Service]
Type=oneshot
Environment="TERM=dumb"
RemainAfterExit=true
ExecStart=/usr/sbin/powertop --auto-tune
[Install]
WantedBy=multi-user.target

15
roles/samba/tasks/config.yaml
View File

@ -1,15 +0,0 @@
---
- name: Copy "{{ samba.config }}"
template:
src: "{{ samba.config }}"
dest: /etc/samba/smb.conf
become: true
register: smbconf
- name: Restart nmbd.service
systemd:
name: nmbd
state: restarted
enabled: yes
become: true
when: smbconf.changed

46
roles/samba/tasks/install.yaml
View File

@ -1,46 +0,0 @@
---
- name: Update and upgrade packages
apt:
update_cache: true
upgrade: true
autoremove: true
become: true
- name: Install Samba dependencies
apt:
name: "{{ samba.dependencies }}"
state: present
become: true
- name: Add group "{{ samba.group }}"
group:
name: "{{ samba.group }}"
state: present
become: true
- name: Change permission on share
file:
path: "{{ item }}"
group: "{{ samba.group }}"
mode: "2770"
become: true
loop:
- "{{ samba.shares.media.path }}"
- "{{ samba.shares.paperless.path }}"
- name: Add user "{{ samba.user }}"
user:
name: "{{ samba.user }}"
shell: "/sbin/nologin"
groups: "{{ samba.group }}"
append: true
become: true
register: new_user
- name: Add password to "{{ samba.user }}"
shell:
cmd: smbpasswd -a "{{ samba.user }}"
stdin: "{{ host.samba.password }}\n{{ host.samba.password }}"
become: true
when: new_user.changed

3
roles/samba/tasks/main.yaml
View File

@ -1,3 +0,0 @@
---
- include_tasks: install.yaml
- include_tasks: config.yaml

14
roles/samba/templates/smb.conf
View File

@ -1,14 +0,0 @@
[{{ samba.shares.media.name }}]
comment = {{ samba.shares.media.name }}
path = "{{ samba.shares.media.path }}"
writable = no
guest ok = no
valid users = "@{{samba.group}}"
[{{ samba.shares.paperless.name }}]
comment = {{ samba.shares.paperless.name }}
path = "{{ samba.shares.paperless.path }}"
writable = yes
guest ok = no
valid users = "@{{samba.group}}"
create mask = 755

8
roles/shelly/tasks/init.yml
View File

@ -1,8 +0,0 @@
---
- name: Upgrade shelly
uri:
url: {{ip}}/ota?url=http://archive.shelly-tools.de/version/v1.9.4/SHBDUO-1.zip
- name: Connect shelly to wifi
uri:
url: {{ip}}/settings/sta?enabled=1&ssid={{SSID}}&key={{password}}&ipv4_method=dhcp

2
roles/shelly/tasks/main.yml
View File

@ -1,2 +0,0 @@
---
- include_tasks: init.yaml

18
roles/smart_exporter/tasks/get_version.yml
View File

@ -1,18 +0,0 @@
---
- name: Determine latest GitHub release (local)
delegate_to: localhost
uri:
url: "https://api.github.com/repos/prometheus-community/smartctl_exporter/releases/{{ smart_exporter.version }}"
body_format: json
register: _github_release
until: _github_release.status == 200
retries: 3
- name: Set smart_exporter_version
set_fact:
smart_exporter_version: "{{ _github_release.json.tag_name
| regex_replace('^v?([0-9\\.]+)$', '\\1') }}"
- name: Set smart_exporter_download_url
set_fact:
smart_exporter_download_url: "https://github.com/prometheus-community/smartctl_exporter/releases/download/v{{ smart_exporter_version }}/smartctl_exporter-{{ smart_exporter_version }}.linux-{{ go_arch }}.tar.gz"

30
roles/smart_exporter/tasks/install.yml
View File

@ -1,30 +0,0 @@
---
- name: Download/Extract "{{ smart_exporter_download_url }}"
unarchive:
src: "{{ smart_exporter_download_url }}"
dest: /tmp/
remote_src: true
mode: 755
- name: Move smart_exporter into path
copy:
src: "/tmp/smartctl_exporter-{{ smart_exporter_version }}.linux-{{ go_arch }}/smartctl_exporter"
dest: "{{ smart_exporter.bin_path }}"
mode: 755
remote_src: true
become: true
- name: Create smart_exporter user.
user:
name: smart_exporter
shell: /sbin/nologin
state: present
become: true
- name: Copy the smart_exporter systemd unit file.
template:
src: smart_exporter.service.j2
dest: /etc/systemd/system/smart_exporter.service
mode: 0644
register: smart_exporter_service
become: true

4
roles/smart_exporter/tasks/main.yml
View File

@ -1,4 +0,0 @@
---
- include_tasks: get_version.yml
- include_tasks: install.yml
- include_tasks: systemd.yml

9
roles/smart_exporter/tasks/systemd.yml
View File

@ -1,9 +0,0 @@
---
- name: Ensure smart_exporter is running and enabled at boot.
service:
daemon_reload: true
name: smart_exporter
state: restarted
enabled: true
when: smart_exporter_service is changed
become: true

19
roles/smart_exporter/templates/smart_exporter.service.j2
View File

@ -1,19 +0,0 @@
[Unit]
Description=smartctl exporter service
After=network-online.target
[Service]
Type=simple
PIDFile=/run/smartctl_exporter.pid
ExecStart={{ smart_exporter.bin_path }}
User=root
Group=root
SyslogIdentifier=smartctl_exporter
Restart=on-failure
RemainAfterExit=no
RestartSec=100ms
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

15
roles/snmp_exporter/tasks/docker.yml
View File

@ -1,15 +0,0 @@
- name: Create snmp-exporter container
docker_container:
image: prom/snmp-exporter
name: "{{ snmp_exporter_host }}"
restart_policy: unless-stopped
networks:
- name: compose_net
env:
PUID: "{{ puid }}"
PGID: "{{ pgid}}"
TZ: "{{ timezone }}"
volumes:
- "{{ snmp_exporter_config }}:/etc/snmp_exporter/"
ports:
- "{{ snmp_exporter_port }}:9116"

3
roles/snmp_exporter/tasks/main.yml
View File

@ -1,3 +0,0 @@
---
- include_tasks: setup.yml
- include_tasks: docker.yml

20
roles/snmp_exporter/tasks/setup.yml
View File

@ -1,20 +0,0 @@
---
- name: Create snmp_exporter directories
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ snmp_exporter_config }}"
become: true
- name: Copy snmp_exporter config
template:
owner: "{{ puid }}"
group: "{{ pgid }}"
src: "snmp.yml.j2"
dest: "{{ snmp_exporter_config }}/snmp.yml"
mode: '644'
become: true

57345
roles/snmp_exporter/templates/snmp.yml.j2
View File

File diff suppressed because it is too large Load Diff

1
shelly.yml
View File

@ -1 +0,0 @@
{ip}/settings/sta?enabled=1&ssid={SSID}&key={password}&ipv4_method=dhcp

2
staging
View File

@ -1,2 +0,0 @@
[server]
vagrant