tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(ansible): centralize inventory and variables in 'vars' directory

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-07-12 21:38:53 +02:00
parent 3d7f652ff3
commit 609e000089
35 changed files with 135 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

502
vars/group_vars/docker/docker.yml Normal file
View File

@@ -0,0 +1,502 @@
docker:
url: "https://download.docker.com/linux"
apt_release_channel: "stable"
directories:
local: "/opt/local/"
config: "/opt/docker/config/"
compose: "/opt/docker/compose/"
services:
- name: status
vm:
- docker-host12
container_name: kuma
image: louislam/uptime-kuma:1.23.16
volumes:
- name: "Data"
internal: /app/data
external: "{{ docker.directories.local }}/kuma/"
ports:
- name: "http"
internal: 3001
external: "{{ services_external_http.kuma }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: plex
vm:
- docker-host10
container_name: plex
image: lscr.io/linuxserver/plex:1.41.5
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/plex/config/"
- name: "TV Series"
internal: /tv:ro
external: /media/series
- name: "Movies"
internal: /movies:ro
external: /media/movies
- name: "Music"
internal: /music:ro
external: /media/songs
devices:
- name: "Graphics Card"
internal: /dev/dri
external: /dev/dri
ports:
- name: "http"
internal: 32400
external: "{{ services_external_http.plex }}"
- name: ""
internal: 1900
external: 1900
- name: ""
internal: 3005
external: 3005
- name: ""
internal: 5353
external: 5353
- name: ""
internal: 32410
external: 32410
- name: ""
internal: 8324
external: 8324
- name: ""
internal: 32412
external: 32412
- name: ""
internal: 32469
external: 32469
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- VERSION=docker
- name: jellyfin
vm:
- docker-host01
container_name: jellyfin
image: jellyfin/jellyfin:10.10
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/jellyfin/config"
- name: "Cache"
internal: /cache
external: "{{ docker.directories.config }}/jellyfin/cache"
- name: "Tv Series"
internal: /tv:ro
external: /media/series
- name: "Music"
internal: /movies:ro
external: /media/movies
- name: "Music"
internal: /music:ro
external: /media/songs
devices:
- name: "Graphics Card"
internal: /dev/dri
external: /dev/dri
ports:
- name: "http"
internal: 8096
external: "{{ services_external_http.jellyfin }}"
environment:
- name: hass
vm:
- docker-host01
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
privileged: true
volumes:
- name: "Configuration"
internal: /config/
external: "{{ docker.directories.local }}/home-assistant/config/"
- name: "Local Time"
internal: /etc/localtime:ro
external: /etc/localtime
ports:
- name: "http"
internal: 8123
external: "{{ services_external_http.hass }}"
- name: ""
internal: 4357
external: 4357
- name: ""
internal: 5683
external: 5683
- name: ""
internal: 5683
external: 5683
- name: ddns
vm:
- docker-host12
container_name: ddns-updater
image: qmcgaw/ddns-updater:2
volumes:
- name: "Configuration"
internal: /updater/data/
external: "{{ docker.directories.local }}/ddns-updater/data/"
ports:
- name: "http"
internal: 8000
external: "{{ services_external_http.ddns }}"
- name: sonarr
vm:
- docker-host12
container_name: sonarr
image: linuxserver/sonarr:4.0.14
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/sonarr/config"
- name: "Tv Series"
internal: /tv
external: /media/series
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/sonarr
ports:
- name: "http"
internal: 8989
external: "{{ services_external_http.sonarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: radarr
vm:
- docker-host12
container_name: radarr
image: linuxserver/radarr:5.21.1
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/radarr/config"
- name: "Movies"
internal: /movies
external: /media/movies
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/radarr
ports:
- name: "http"
internal: 7878
external: "{{ services_external_http.radarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: lidarr
vm:
- docker-host12
container_name: lidarr
image: linuxserver/lidarr:2.10.3
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/lidarr/config"
- name: "Music"
internal: /music
external: /media/songs
- name: "Torrent Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads/lidarr
ports:
- name: "http"
internal: 8686
external: "{{ services_external_http.lidarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: prowlarr
vm:
- docker-host12
container_name: prowlarr
image: linuxserver/prowlarr:1.32.2
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/prowlarr/config"
ports:
- name: "http"
internal: 9696
external: "{{ services_external_http.prowlarr }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- name: paperless
vm:
- docker-host12
container_name: paperless
image: ghcr.io/paperless-ngx/paperless-ngx:2.14
depends_on:
- paperless-postgres
- paperless-redis
volumes:
- name: "Configuration"
internal: /usr/src/paperless/data
external: "{{ docker.directories.local }}/paperless/data/data"
- name: "Media"
internal: /usr/src/paperless/media
external: "{{ docker.directories.local }}/paperless/data/media"
- name: "Document Export"
internal: /usr/src/paperless/export
external: "{{ docker.directories.local }}/paperless/data/export"
- name: "Document Consume"
internal: /usr/src/paperless/consume
external: "{{ docker.directories.local }}/paperless/data/consume"
environment:
- "PAPERLESS_REDIS=redis://paperless-redis:6379"
- "PAPERLESS_DBHOST=paperless-postgres"
- "PAPERLESS_DBUSER=paperless"
- "PAPERLESS_DBPASS={{ vault.docker.paperless.dbpass }}"
- "USERMAP_UID=1000"
- "USERMAP_GID=1000"
- "PAPERLESS_URL=https://paperless.{{ domain }}"
- "PAPERLESS_TIME_ZONE=Europe/Berlin"
- "PAPERLESS_OCR_LANGUAGE=deu"
ports:
- name: "http"
internal: 8000
external: "{{ services_external_http.paperless }}"
sub_service:
- name: postgres
version: 15
username: paperless
password: "{{ vault.docker.paperless.dbpass }}"
- name: redis
version: 7
- name: pdf
vm:
- docker-host12
container_name: stirling
image: frooodle/s-pdf:0.45.0
ports:
- name: "http"
internal: 8080
external: "{{ services_external_http.pdf }}"
- name: git
vm:
- docker-host01
container_name: gitea
image: gitea/gitea:1.23-rootless
volumes:
- name: "Configuration"
internal: /etc/gitea
external: "{{ docker.directories.local }}/gitea/config"
- name: "Data"
internal: /var/lib/gitea
external: "{{ docker.directories.local }}/gitea/data"
- name: "Time Zone"
internal: /etc/timezone:ro
external: /etc/timezone
- name: "Local Time"
internal: /etc/localtime:ro
external: /etc/localtime
ports:
- name: "http"
internal: 3000
external: "{{ services_external_http.git }}"
- name: "ssh"
internal: 2222
external: 2222
environment:
- USER_UID=1000
- USER_GID=1000
- name: changedetection
vm:
- docker-host12
container_name: changedetection
image: dgtlmoon/changedetection.io:0.49
healthcheck: curl
volumes:
- name: "Data"
internal: /datastore
external: "{{ docker.directories.local }}/changedetection/data/"
ports:
- name: "http"
internal: 5000
external: "{{ services_external_http.changedetection }}"
- name: gluetun
vm:
- docker-host12
container_name: gluetun
image: qmcgaw/gluetun:v3.40
cap_add:
- NET_ADMIN
devices:
- name: "Tunnel"
internal: /dev/net/tun
external: /dev/net/tun
volumes:
- name: "Configuration"
internal: /gluetun
external: "{{ docker.directories.local }}/gluetun/config"
ports:
- name: "Qbit Client"
internal: 8082
external: 8082
- name: "Torrentleech Client"
internal: 8083
external: 8083
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- VPN_SERVICE_PROVIDER=protonvpn
- UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
- UPDATER_PERIOD=24h
- "SERVER_COUNTRIES={{ vault.docker.proton.country }}"
- "OPENVPN_USER={{ vault.docker.proton.openvpn_user }}"
- "OPENVPN_PASSWORD={{ vault.docker.proton.openvpn_password }}"
- name: torrentleech
vm:
- docker-host12
container_name: torrentleech
image: qbittorrentofficial/qbittorrent-nox
depends_on:
- gluetun
network_mode: "container:gluetun"
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/torrentleech/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
ports:
- name: "http"
internal: proxy_only
external: 8083
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- QBT_EULA="accept"
- QBT_WEBUI_PORT="8083"
- name: qbit
vm:
- docker-host12
container_name: qbit
image: qbittorrentofficial/qbittorrent-nox:5.0.4-1
depends_on:
- gluetun
network_mode: "container:gluetun"
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.local }}/qbit/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
ports:
- name: "http"
internal: proxy_only
external: 8082
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- QBT_EULA="accept"
- QBT_WEBUI_PORT="8082"
- name: cadvisor
vm:
- docker-host12
- docker-host10
- docker-host01
container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.52.1
ports:
- name: ""
internal: 8080
external: 8081
volumes:
- name: "Root"
internal: /rootfs:ro
external: /
- name: "Run"
internal: /var/run:rw
external: /var/run
- name: "System"
internal: /sys:ro
external: /sys
- name: "Docker"
internal: /var/lib/docker:ro
external: /var/lib/docker
- name: karakeep
vm:
- docker-host01
container_name: karakeep
image: ghcr.io/karakeep-app/karakeep:0.23.2
ports:
- name: "http"
internal: 3000
external: "{{ services_external_http.karakeep }}"
volumes:
- name: "Data"
internal: /data
external: "{{ docker.directories.local }}/karakeep/config"
environment:
- MEILI_ADDR=http://karakeep-meilisearch:7700
- BROWSER_WEB_URL=http://karakeep-chrome:9222
- NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
- MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
- NEXTAUTH_URL=https://karakeep.tudattr.dev/
- OPENAI_API_KEY={{ vault.docker.karakeep.openai_key }}
- DATA_DIR=/data
- DISABLE_SIGNUPS=true
sub_service:
- name: meilisearch
version: v1.11.1
nextauth_secret: "{{ vault.docker.karakeep.nextauth_secret }}"
meili_master_key: "{{ vault.docker.karakeep.meili_master_key }}"
openai_key: "{{ vault.docker.karakeep.openai_key }}"
- name: chrome
version: 123
- name: keycloak
vm:
- docker-host01
container_name: keycloak
image: quay.io/keycloak/keycloak:26.2
depends_on:
- keycloak-postgres
ports:
- name: "http"
internal: 8080
external: "{{ services_external_http.keycloak }}"
volumes:
- name: "config"
internal: /opt/keycloak/data/import/homelab-realm.json
external: "{{ docker.directories.local }}/keycloak/homelab-realm.json"
- name: "config"
internal: /opt/keycloak/data/import/master-realm.json
external: "{{ docker.directories.local }}/keycloak/master-realm.json"
command:
- "start"
- "--import-realm"
environment:
- KC_DB=postgres
- KC_DB_URL=jdbc:postgresql://keycloak-postgres:5432/keycloak
- KC_DB_USERNAME={{ keycloak_config.database.username }}
- KC_DB_PASSWORD={{ keycloak_config.database.password }}
- KC_HOSTNAME=keycloak.{{ internal_domain }}
- KC_HTTP_ENABLED=true
- KC_HTTP_RELATIVE_PATH=/
- KC_PROXY=edge
- KC_PROXY_HEADERS=xforwarded
- KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }}
- KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }}
- KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }}
- KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault.docker.keycloak.admin.password }}
sub_service:
- name: postgres
version: 17
username: "{{ keycloak_config.database.username }}"
password: "{{ keycloak_config.database.password }}"

61
vars/group_vars/docker/keycloak.yml Normal file
View File

@@ -0,0 +1,61 @@
keycloak_admin_hash: "{{ vault.docker.keycloak.admin.hash }}"
keycloak_realms: "{{ keycloak_config.realms }}"
keycloak_config:
database:
db_name: keycloak
username: keycloak
password: "{{ vault.docker.keycloak.database.password }}"
realms:
- realm: homelab
display_name: "Homelab Realm"
users:
- username: tudattr
password: "{{ vault.docker.keycloak.user.password }}"
realm_roles:
- offline_access
- uma_authorization
client_roles:
account:
- view-profile
- manage-account
admin:
username: "serviceadmin-{{ keycloak_admin_hash }}"
password: "{{ vault.docker.keycloak.admin.password }}"
realm_roles:
- offline_access
- uma_authorization
- admin
client_roles:
realm_management:
- realm-admin
account:
- view-profile
- manage-account
roles:
realm:
- name: admin
description: "Administrator role for the homelab realm"
default_roles:
- offline_access
- uma_authorization
- realm: master
display_name: "master"
admin:
username: "serviceadmin-{{ keycloak_admin_hash }}"
password: "{{ vault.docker.keycloak.admin.password }}"
realm_roles:
- offline_access
- uma_authorization
- create-realm
- admin
client_roles:
realm_management:
- realm-admin
account:
- view-profile
- manage-account
roles:
realm: []
default_roles: []

18
vars/group_vars/docker/port_mapping.yml Normal file
View File

@@ -0,0 +1,18 @@
services_external_http:
kuma: 3001
plex: 32400
jellyfin: 8096
hass: 8123
ddns: 8001
sonarr: 8989
radarr: 7878
lidarr: 8686
prowlarr: 9696
paperless: 8000
pdf: 8080
git: 3000
changedetection: 5000
torrentleech: 8083
qbit: 8082
karakeep: 3002
keycloak: 3003

65
vars/group_vars/docker/secrets.yml Normal file
View File

@@ -0,0 +1,65 @@
$ANSIBLE_VAULT;1.1;AES256
62353938306631616432613936343031386266643837393733336533306532643332383761336462
3566663762343161373266353236323532666562383031310a663661316264313737633732313166
35336535353964646238393563333339646634346532633130633364343864363565353461616663
6336343138623762320a366132383634383231316130643535313465356238343534656237626362
38373439663730353739386636313865336262363864323633343839636434353261313432386135
33343438663564323465373435613765306538633339303362656163636237643661623637376135
65346465303530663161356666333062326536313135363536313237616564363838326339646162
62323066626431376231386432333766366434326239303734353036396433333662333733373830
66336433643032636166306332323063393333363734326333363936303033396336626135363832
30636136656235376163613033616563663663633161643937666537333066343135326138643663
64646638393364376466306438383337383231303637313366333638393939373739646338353036
62303162383362393830316163303236336236363531333665353163373530323063313164656562
33383561613530346561336166653536393137346630333262633738383838383338643761666463
61303239636631646634373266303930343437636464326132316534616261376137396233653265
39383137666533613739363764643162663361333465386332383964343534646537343065343833
66643938623734643537313866316335396135613239393262613562356332663861646261373630
34373939663239646534396638636265303438386239636439663635313665613634373832313237
62306366633139333937646534393765663130396466346161376235656461346638323063353662
64386466373433376133343266396537656435333831356531346531653262396330346238623431
61303466366161336664333239663066643232623532643933373661663266366639646139666636
62393532643535656566643862353337333533633861396164643766316637393638363662653863
32643566333961663065383636383436666137356237643634326464636463303530306466616635
36366365636337366335333630306237356366306535613464636463373063653861623464323764
62336139653361376239303632326431643231346137333835356362333962613039643332373166
32316234376431376136666161383039633035356636626664376137323630323966646161313664
38623463376366623430663363663662303166636165646138363631643261376137336636636663
61656631393963353066333930303932653730613431366131616233363662316139663038336538
36383532316162356235373566313832323131326466363734613438323233353330613561383435
39623435366236306431636232323838386462346464653561653638346338613833613133373133
38626364643738373938336237323836646532356539643933333730353333626138646239633234
66316563306230636139323335323665646462343861393366666462623966376431393438376134
37376339356430316235633337376462666439643430303062656538386630613763623433646133
65663530626533663266623861326431633137363466346634656634623166623331306636616666
31643761343632336531356566636165363737646639326533386333646434393736643934643064
39393039346639353439653766326138613164343030306436383461663636346534346365333265
66653535623962653762633934646131653334363232636634303130306632383263373161363462
35323133616665366238353535346561323834353634613730613439643536376337353234313337
61623264616433336532383533376631396438313739616462323064613665396638333438306336
34633338366235336131303462346665663464376334353431343363336662356335356562366532
64366461623864633238666339346138663931363331613463333762336230313530613235303766
34313064383461623230383730623731323533326663613565646436303230653264323061616536
38636162356164656432626433373864326264623063343662323563366133363336313739326137
31326164646364613865396534626533616366613565303032636637366435326336396464313232
66393538393862616466313833326666316231393130666238636130613339663664393434613732
65383363323138343335393636626138303561613532306131666334346631336333336639626466
38343337346566346334383934306433366239666662346463666166643338613264636563653434
36306338313363636665333763323135386165313939336432636339613432323736326635303162
36656234656563376633373333633430313430333834623964653530626539333265363563376239
33633430396338663063383338333732356532313435613737393465323431393035356136306166
62633035653731636361396235613162643332393233326434353831613731373333326464326234
36366166633437356336616166306164343636623962623136653861333866393039653939333037
31343261663534356530373233336165326134613961616331316531313435386464396438363838
31353935666566326630373336376438326366623537356536653564303066343837653030373962
30393363336232646662663166326166386636356466616165376435623031666664373664623330
31613030616162303732353738386434666566386138373238363732303138316533356435656662
38636136353134303166636438663036363834663639613464376662666364386635333138353035
39363236653336386332313930306663366130303836333664363335386331636431623036336535
32366339386539306364343065323263366563643663623731643866346232653838333561336331
36363030383263666137393035356331323038316239356637303665653164363739313664396235
32366231613532323865623861636263383731303164366333303636356633323161653635393830
38616139656264393932353332303264393038396663663236353838343432373965663561333531
36363432323362643634623030356539396562633238653732313739616464643436666130633364
37383764623938626332316630636630343236663338323661333933333730333630353061653061
62656233653439353438

8
vars/group_vars/docker/vars.yml Normal file
View File

@@ -0,0 +1,8 @@
caddy:
admin_email: me+acme@tudattr.dev
domain: "{{ internal_domain }}"
netcup_api_key: "{{ vault.netcup.api_key }}"
netcup_api_password: "{{ vault.netcup.api_password }}"
netcup_customer_id: "{{ vault.netcup.customer_id }}"