tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added reverse proxy configs for mii 

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2023-04-14 14:01:17 +02:00
parent 7cd43fb8a8
commit 6c0ea656eb
19 changed files with 234 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
group_vars/all/vars.yml
View File

@ -70,12 +70,12 @@ aya01_ip: "192.168.20.12"
zoneminder_host: "zm" zoneminder_host: "zm"
zoneminder_port: "8081" zoneminder_port: "8081"
zoneminder_root: "{{ docker_dir }}/zm/" zoneminder_root: "{{ docker_dir }}/zm"
zoneminder_config: "{{ zoneminder_root }}/config/" zoneminder_config: "{{ zoneminder_root }}/config"
zoneminder_log: "{{ zoneminder_root}}/log/" zoneminder_log: "{{ zoneminder_root}}/log"
zoneminder_db: "{{ zoneminder_root}}/db/" zoneminder_db: "{{ zoneminder_root}}/db"
zoneminder_data: "{{ docker_data_dir }}/zm/data/" zoneminder_data: "{{ docker_data_dir }}/zm/data"
# #
# Syncthing # Syncthing
@ -210,7 +210,39 @@ netdata_lib: "{{ docker_data_dir }}/netdata/lib/"
netdata_cache: "{{ docker_data_dir }}/netdata/cache" netdata_cache: "{{ docker_data_dir }}/netdata/cache"
# #
# swag
# #
#
swag_port: "443" swag_port: "443"
swag_config: "{{ docker_dir }}/swag/config/" swag_config: "{{ docker_dir }}/swag/config/"
swag_subdomains: "www,plex,status,"
swag_email: "me+swag@tudattr.dev"
swag_site_confs:
- "templates/mii/swag/site-confs/plex.subdomain.conf"
- "templates/mii/swag/site-confs/uptime-kuma.subdomain.conf"
swag_remote_site_confs: "{{swag_config}}/nginx/site-confs/"
#
# Plex
#
plex_host: "plex"
plex_port: "32400"
plex_config: "{{docker_data_dir}}/plex/config"
plex_tv: "/media/series"
plex_movies: "/media/movies"
#
# WireGuard
#
wg_config: "templates/wg0.conf"
wg_remote_config: "/etc/wireguard/wg0.conf"
wg_service: "wg-quick@wg0.service"
wg_deps: "wireguard"
wg_ip: "192.168.200.2"
wg_pubkey: "+LaPESyBF6Sb1lqkk4UcestFpXNaKYyyX99tkqwLQhU="
wg_endpoint: "borg.land:51820"
wg_allowed_ips: "192.168.20.0/24,192.168.200.1/32"
wg_dns: "{{ aya01_ip }},{{ pi_ip }},1.1.1.1"

3
host_vars/aya01.yml
View File

@ -1,6 +1,5 @@
ansible_user: "{{ user }}" ansible_user: "{{ user }}"
ansible_host: 192.168.20.12 ansible_host: 192.168.20.12
ansible_port: 22 ansible_port: 22
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis ansible_ssh_private_key_file: /media/veracrypt1/genesis
ansible_become_pass: '{{ vault_aya01_tudattr_password }}' ansible_become_pass: '{{ vault_aya01_tudattr_password }}'

2
host_vars/mii.yml
View File

@ -1,5 +1,5 @@
ansible_user: "{{ user }}" ansible_user: "{{ user }}"
ansible_host: 202.61.207.139 ansible_host: 202.61.207.139
ansible_port: 22 ansible_port: 22
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis ansible_ssh_private_key_file: /media/veracrypt1/genesis
ansible_become_pass: '{{ vault_mii_tudattr_password }}' ansible_become_pass: '{{ vault_mii_tudattr_password }}'

3
mii.yml
View File

@ -9,3 +9,6 @@
- role: docker - role: docker
tags: tags:
- docker - docker
- role: wireguard
tags:
- wireguard

16
roles/docker/tasks/aya01_compose.yml
View File

@ -12,22 +12,10 @@
tags: tags:
- syncthing - syncthing
#- include_tasks: grafana.yml
# tags:
# - grafana
- include_tasks: softserve.yml - include_tasks: softserve.yml
tags: tags:
- softserve - softserve
#- include_tasks: prometheus.yml
# tags:
# - prometheus
#
#- include_tasks: netdata.yaml
# tags:
# - netdata
#
- include_tasks: cupsd.yml - include_tasks: cupsd.yml
tags: tags:
- cupsd - cupsd
@ -40,6 +28,10 @@
tags: tags:
- traefik - traefik
- include_tasks: plex.yml
tags:
- plex
- name: Copy the compose file - name: Copy the compose file
template: template:
src: templates/aya01/compose.yaml src: templates/aya01/compose.yaml

2
roles/docker/tasks/cupsd.yml
View File

@ -10,7 +10,7 @@
- "{{ cupsd_config }}" - "{{ cupsd_config }}"
become: true become: true
- name: Copy default config - name: Copy cupsd config
template: template:
owner: "{{ puid }}" owner: "{{ puid }}"
src: "templates/aya01/cupsd/cupsd.conf" src: "templates/aya01/cupsd/cupsd.conf"

9
roles/docker/tasks/plex.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Create plex-config directory
file:
path: "{{plex_config}}"
owner: 1000
group: 1000
mode: '755'
state: directory
become: yes

20
roles/docker/tasks/swag.yml
View File

@ -0,0 +1,20 @@
---
- name: Create swag-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
state: directory
loop:
- "{{ swag_config }}"
- name: Copy site-confs
template:
owner: "{{ puid }}"
group: "{{ pgid }}"
src: "{{ item }}"
dest: "{{ swag_remote_site_confs }}"
mode: '644'
loop: "{{ swag_site_confs }}"
become: true

3
roles/docker/tasks/traefik.yml
View File

@ -7,4 +7,5 @@
group: "{{ pgid }}" group: "{{ pgid }}"
state: directory state: directory
loop: loop:
- "{{ swag_config }}" - "{{ docker_dir }}/traefik/etc-traefik/"
- "{{ docker_dir }}/traefik/var-log/"

12
roles/docker/tasks/zoneminder.yml
View File

@ -2,16 +2,16 @@
- name: Create zoneminder user - name: Create zoneminder user
user: user:
name: zm name: zm
uid: 911 uid: '911'
shell: /bin/false shell: /bin/false
become: true become: true
- name: Create Zoneminder config directory - name: Create Zoneminder config directory
file: file:
path: "{{ item }}" path: "{{ item }}"
owner: 911 owner: '911'
group: 911 group: '911'
mode: '700' mode: '755'
state: directory state: directory
loop: loop:
- "{{ zoneminder_config }}" - "{{ zoneminder_config }}"
@ -20,8 +20,8 @@
- name: Create Zoneminder data directory - name: Create Zoneminder data directory
file: file:
path: "{{ item }}" path: "{{ item }}"
owner: 911 owner: '911'
group: 911 group: '911'
mode: '755' mode: '755'
state: directory state: directory
loop: loop:

125
roles/docker/templates/aya01/compose.yaml
View File

@ -63,8 +63,8 @@ services:
- "TZ=Europe/Berlin" - "TZ=Europe/Berlin"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.zoneminder.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)" - "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.zoneminder.loadbalancer.server.port={{ 80 }}" - "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
pihole: pihole:
container_name: pihole container_name: pihole
@ -94,10 +94,10 @@ services:
- NET_ADMIN - NET_ADMIN
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)" - "traefik.http.routers.{{ pihole_host }}.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.pihole.loadbalancer.server.port={{ 80 }}" - "traefik.http.services.{{ pihole_host }}.loadbalancer.server.port={{ 80 }}"
fyncthing: syncthing:
container_name: syncthing container_name: syncthing
image: syncthing/syncthing image: syncthing/syncthing
restart: unless-stopped restart: unless-stopped
@ -116,24 +116,8 @@ services:
hostname: syncthing hostname: syncthing
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.syncthing.rule=Host(`{{ syncthing_host }}.{{ aya01_host }}.{{ local_domain }}`)" - "traefik.http.routers.{{ syncthing_host }}.rule=Host(`{{ syncthing_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.syncthing.loadbalancer.server.port={{ syncthing_port }}" - "traefik.http.services.{{ syncthing_host }}.loadbalancer.server.port={{ syncthing_port }}"
# grafana:
# container_name: grafana
# image: grafana/grafana-oss
# restart: unless-stopped
# user: "{{ puid }}:{{ pgid }}"
# networks:
# - net
# ports:
# - 3000:3000
# volumes:
# - "{{ grafana_data }}:/var/lib/grafana/"
# - "{{ grafana_log }}:/var/log/grafana/"
# environment:
# - "GF_LOG_MODE=console file"
# hostname: grafana
soft-serve: soft-serve:
container_name: soft-serve container_name: soft-serve
@ -146,56 +130,6 @@ services:
volumes: volumes:
- "{{ softserve_data }}:/soft-serve" - "{{ softserve_data }}:/soft-serve"
# prometheus:
# container_name: prometheus
# image: prom/prometheus
# restart: unless-stopped
# networks:
# - net
# ports:
# - "{{ prm_port }}:9090"
# volumes:
# - "{{ prm_config }}:/etc/prometheus"
# exporter_mikrotik:
# container_name: exporter_mikrotik
# image: "nshttpd/mikrotik-exporter:{{ e_mikrotik_version }}"
# restart: unless-stopped
# user: "{{ puid }}:{{ pgid }}"
# networks:
# - net
# ports:
# - "{{ e_mikrotik_port }}:9436"
# volumes:
# - "{{ e_mikrotik_config }}:/config"
# environment:
# - "CONFIG_FILE=/config/config.yml"
# netdata:
# container_name: netdata
# image: netdata/netdata
# restart: unless-stopped
# networks:
# - net
# ports:
# - "{{netdata_port}}:19999"
# volumes:
# - "{{netdata_config}}:/etc/netdata"
# - "{{netdata_lib}}:/var/lib/netdata"
# - "{{netdata_cache}}:/var/cache/netdata"
# - /etc/passwd:/host/etc/passwd:ro
# - /etc/group:/host/etc/group:ro
# - /proc:/host/proc:ro
# - /sys:/host/sys:ro
# - /etc/os-release:/host/etc/os-release:ro
# environment:
# - "DO_NOT_TRACK=1"
# cap_add:
# - SYS_PTRACE
# security_opt:
# - apparmor:unconfined
# hostname: "{{ aya01_host }}"
cupsd: cupsd:
container_name: cupsd container_name: cupsd
image: olbat/cupsd image: olbat/cupsd
@ -209,8 +143,8 @@ services:
- "{{cupsd_config}}:/etc/cups" - "{{cupsd_config}}:/etc/cups"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.cupsd.rule=Host(`{{ cupsd_host }}.{{ aya01_host }}.{{local_domain}}`)" - "traefik.http.routers.{{ cupsd_host }}.rule=Host(`{{ cupsd_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.cupsd.loadbalancer.server.port={{ cupsd_port }}" - "traefik.http.services.{{ cupsd_host }}.loadbalancer.server.port={{ cupsd_port }}"
kuma: kuma:
container_name: kuma container_name: kuma
@ -224,11 +158,48 @@ services:
- "{{ kuma_config }}:/app/data" - "{{ kuma_config }}:/app/data"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.kuma.rule=Host(`{{ kuma_host }}.{{ aya01_host }}.{{local_domain}}`)" - "traefik.http.routers.{{kuma_host}}.rule=Host(`{{ kuma_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.kuma.loadbalancer.server.port={{ kuma_port }}" - "traefik.http.services.{{kuma_host}}.loadbalancer.server.port={{ kuma_port }}"
plex:
image: lscr.io/linuxserver/plex:latest
container_name: plex
restart: always
networks:
- net
ports:
- "{{ plex_port }}:32400"
- "1900:1900"
- "3005:3005"
- "5353:5353"
- "32410:32410"
- "8324:8324"
- "32412:32412"
- "32469:32469"
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{timezone}}
- VERSION=docker
- PLEX_CLAIM=claim-wofbDBCEMQT8SxUs1-Rw #optional
volumes:
- "{{ plex_config }}:/config"
- "{{ plex_tv }}:/tv"
- "{{ plex_movies }}:/movies"
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{plex_host}}.rule=Host(`{{ plex_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{plex_host}}.loadbalancer.server.port={{ plex_port }}"
networks: networks:
zoneminder: zoneminder:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.42.0/24
ip_range: 172.28.42.0/24
gateway: 172.16.42.1
net: net:
driver: bridge driver: bridge
ipam: ipam:

8
roles/docker/templates/mii/compose.yaml
View File

@ -5,6 +5,10 @@ services:
container_name: swag container_name: swag
networks: networks:
net: {} net: {}
dns:
- {{ aya01_ip }}
- {{ pi_ip }}
- 1.1.1.1
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
environment: environment:
@ -13,11 +17,11 @@ services:
- TZ={{ timezone }} - TZ={{ timezone }}
- URL={{ remote_domain }} - URL={{ remote_domain }}
- VALIDATION=http - VALIDATION=http
- SUBDOMAINS=www, #optional - SUBDOMAINS={{ swag_subdomains }} #optional
- CERTPROVIDER= #optional - CERTPROVIDER= #optional
- DNSPLUGIN=cloudflare #optional - DNSPLUGIN=cloudflare #optional
- PROPAGATION= #optional - PROPAGATION= #optional
- EMAIL= #optional - EMAIL={{ swag_email }} #optional
- ONLY_SUBDOMAINS=false #optional - ONLY_SUBDOMAINS=false #optional
- EXTRA_DOMAINS= #optional - EXTRA_DOMAINS= #optional
- STAGING=false #optional - STAGING=false #optional

30
roles/docker/templates/mii/swag/site-confs/plex.subdomain.conf Normal file
View File

@ -0,0 +1,30 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.tudattr.dev;
include /config/nginx/ssl.conf;
client_max_body_size 0;
proxy_redirect off;
proxy_buffering off;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://plex.aya01.borg.land;
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
}
}

17
roles/docker/templates/mii/swag/site-confs/uptime-kuma.subdomain.conf Normal file
View File

@ -0,0 +1,17 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name status.tudattr.dev;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://uptime.aya01.borg.land;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

1
roles/samba/tasks/config.yaml
View File

@ -10,5 +10,6 @@
systemd: systemd:
name: nmbd name: nmbd
state: restarted state: restarted
enabled: yes
become: true become: true
when: smbconf.changed when: smbconf.changed

16
roles/wireguard/tasks/config.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Copy "{{ wg_config }}"
template:
src: "{{ wg_config }}"
dest: "{{ wg_remote_config }}"
owner: "root"
group: "root"
mode: "0600"
become: true
- name: Start wireguard
service:
name: "{{ wg_service }}"
state: started
enabled: yes
become: true

20
roles/wireguard/tasks/install.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Update and upgrade packages
apt:
update_cache: true
upgrade: true
autoremove: true
become: true
- name: Install WireGuard dependencies
apt:
name: "{{ wg_deps }}"
state: present
become: true
- name: Create resolveconf symlink Debian bug #939904
file:
src: /usr/bin/resolvectl
dest: /usr/local/bin/resolvconf
state: link
become: true

2
roles/wireguard/tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
- include_tasks: install.yml
- include_tasks: config.yml

9
roles/wireguard/templates/wg0.conf Normal file
View File

@ -0,0 +1,9 @@
[Interface]
PrivateKey = {{ vault_wg_pk }}
Address = {{ wg_ip }}
DNS = {{ wg_dns }}
[Peer]
PublicKey = {{ wg_pubkey }}
Endpoint = {{ wg_endpoint }}
AllowedIPs = {{ wg_allowed_ips }}