diff --git a/group_vars/docker/docker.yml b/group_vars/docker/docker.yml index de4a51e..fa002a4 100644 --- a/group_vars/docker/docker.yml +++ b/group_vars/docker/docker.yml @@ -9,7 +9,7 @@ docker: services: - name: syncthing vm: - - docker-host00 + - docker-host11 container_name: syncthing image: syncthing/syncthing:1.29 volumes: @@ -35,7 +35,7 @@ services: - TZ=Europe/Berlin - name: status vm: - - docker-host00 + - docker-host12 container_name: kuma image: louislam/uptime-kuma:1.23.16 volumes: @@ -52,7 +52,7 @@ services: - TZ=Europe/Berlin - name: plex vm: - - docker-host00 + - docker-host11 container_name: plex image: lscr.io/linuxserver/plex:1.41.5 volumes: @@ -160,20 +160,20 @@ services: external: 5683 - name: ddns vm: - - docker-host00 + - docker-host12 container_name: ddns-updater image: qmcgaw/ddns-updater:2 volumes: - name: "Configuration" - internal: /updater/data/" - external: "{{ docker.directories.config }}/ddns-updater/data/" + internal: /updater/data/ + external: "{{ docker.directories.local }}/ddns-updater/data/" ports: - name: "http" internal: 8000 external: "{{ services_external_http.ddns }}" - name: sonarr vm: - - docker-host00 + - docker-host12 container_name: sonarr image: linuxserver/sonarr:4.0.14 volumes: @@ -196,7 +196,7 @@ services: - TZ=Europe/Berlin - name: radarr vm: - - docker-host00 + - docker-host12 container_name: radarr image: linuxserver/radarr:5.21.1 volumes: @@ -219,7 +219,7 @@ services: - TZ=Europe/Berlin - name: lidarr vm: - - docker-host00 + - docker-host12 container_name: lidarr image: linuxserver/lidarr:2.10.3 volumes: @@ -242,7 +242,7 @@ services: - TZ=Europe/Berlin - name: prowlarr vm: - - docker-host00 + - docker-host12 container_name: prowlarr image: linuxserver/prowlarr:1.32.2 volumes: @@ -259,7 +259,7 @@ services: - TZ=Europe/Berlin - name: paperless vm: - - docker-host00 + - docker-host12 container_name: paperless image: ghcr.io/paperless-ngx/paperless-ngx:2.14 depends_on: @@ -301,7 +301,7 @@ services: version: 7 - name: pdf vm: - - docker-host00 + - docker-host12 container_name: stirling image: frooodle/s-pdf:0.45.0 ports: @@ -338,21 +338,21 @@ services: - USER_GID=1000 - name: changedetection vm: - - docker-host00 + - docker-host12 container_name: changedetection image: dgtlmoon/changedetection.io:0.49 healthcheck: curl volumes: - name: "Data" internal: /datastore - external: "{{ docker.directories.config }}/changedetection/data/" + external: "{{ docker.directories.local }}/changedetection/data/" ports: - name: "http" internal: 5000 external: "{{ services_external_http.changedetection }}" - name: gluetun vm: - - docker-host00 + - docker-host12 container_name: gluetun image: qmcgaw/gluetun:v3.40 cap_add: @@ -364,7 +364,7 @@ services: volumes: - name: "Configuration" internal: /gluetun - external: "{{ docker.directories.config }}/gluetun/config" + external: "{{ docker.directories.local }}/gluetun/config" ports: - name: "Qbit Client" internal: 8082 @@ -384,7 +384,7 @@ services: - "OPENVPN_PASSWORD={{ vault.docker.proton.openvpn_password }}" - name: torrentleech vm: - - docker-host00 + - docker-host12 container_name: torrentleech image: qbittorrentofficial/qbittorrent-nox depends_on: @@ -393,7 +393,7 @@ services: volumes: - name: "Configuration" internal: /config - external: "{{ docker.directories.config }}/torrentleech/config" + external: "{{ docker.directories.local }}/torrentleech/config" - name: "Downloads" internal: /downloads external: /media/docker/data/arr_downloads @@ -409,7 +409,7 @@ services: - QBT_WEBUI_PORT="8083" - name: qbit vm: - - docker-host00 + - docker-host12 container_name: qbit image: qbittorrentofficial/qbittorrent-nox:5.0.4-1 depends_on: @@ -418,7 +418,7 @@ services: volumes: - name: "Configuration" internal: /config - external: "{{ docker.directories.config }}/qbit/config" + external: "{{ docker.directories.local }}/qbit/config" - name: "Downloads" internal: /downloads external: /media/docker/data/arr_downloads @@ -434,7 +434,8 @@ services: - QBT_WEBUI_PORT="8082" - name: cadvisor vm: - - docker-host00 + - docker-host12 + - docker-host11 - docker-host01 container_name: cadvisor image: gcr.io/cadvisor/cadvisor:v0.52.1 diff --git a/group_vars/proxmox/secrets_vm.yml b/group_vars/proxmox/secrets_vm.yml index ac92fc2..1474fe2 100644 --- a/group_vars/proxmox/secrets_vm.yml +++ b/group_vars/proxmox/secrets_vm.yml @@ -1,11 +1,17 @@ $ANSIBLE_VAULT;1.1;AES256 -33366337663238336235656339393633373761396661346339366239353538636534656237363630 -6538326333356531366139333439336164323136336162650a656161633533323339353066313862 -63653666656134633039386331376133333638643531383061303235393530343461626530613365 -3435313536396130360a623063343263616166333562323063393935363034323132353330396139 -30353536383237656130663430663838383263613631373064326637353335616631363161313162 -64613634303632343236666339393230353531333334646135376364383030336266613563366333 -30333331333333613565666530646462656161613031633931666637656537303765623837303230 -36653664393838663330633333326539636634666531343031383133333634376262366563336463 -37306561323865316630636661623732626635323233363463613130363939306466316632643836 -3763353161366531386565393032383763363334326530373762 +66386330343432366236303530313838613830376162613265346533336232393838323136306433 +6631643363643761313164376132386433623137386539360a333263393236616432616439613733 +33653832333534333563623164616164663034303331373135633665636230333035373262656338 +3038383463366466640a666264653332616637616661376666303331353333383833323538633666 +30656266353439366461636162336266356433336438393134326166343934353933633131343163 +61643233616166316236636333633136353830626265343834333937353361363962656463656538 +32336435643531613936343136663632386564373764306333323262306432626237323434336333 +35323365326432616563663936623630386436336364323530613137636434653138383539623166 +32326436643861366536393937343863653032336334333739653434346263393364666565316563 +63353634313033316265666235366339653366363031343230313035336535643361616233646535 +65396162326230656162313535646539663830646637623939613365363534663434343532653465 +31613066353565626137363232386263666134613335656333616565643339386231646664343134 +36333765366632386133313835306332646565353238633233613237343330316564343437313963 +61636662353936323237393831326138363263306130633461323437616430323234646666313935 +32643466323064623630363962316438386232333238633839613035643933633263663161316563 +63616638313534643632 diff --git a/group_vars/proxmox/vms.yml b/group_vars/proxmox/vms.yml index 7a55072..e8f104f 100644 --- a/group_vars/proxmox/vms.yml +++ b/group_vars/proxmox/vms.yml @@ -1,7 +1,7 @@ vms: - - name: "docker-host11" + - name: "docker-host10" node: "inko" - vmid: 311 + vmid: 410 cores: 2 memory: 4096 # in MiB net: @@ -10,9 +10,22 @@ vms: ciuser: "{{ user }}" sshkeys: "{{ pubkey }}" disk_size: 128 # in Gb - - name: "docker-host12" + - name: "docker-host11" node: "lulu" - vmid: 312 + vmid: 411 + cores: 2 + memory: 4096 # in MiB + net: + net0: "virtio,bridge=vmbr0,firewall=1" + boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}" + ciuser: "{{ user }}" + sshkeys: "{{ pubkey }}" + disk_size: 128 # in Gb + hostpci: + hostpci0: "0000:00:02.0" + - name: "docker-host12" + node: "naruto01" + vmid: 412 cores: 2 memory: 4096 # in MiB net: @@ -21,5 +34,3 @@ vms: ciuser: "{{ user }}" sshkeys: "{{ pubkey }}" disk_size: 128 # in Gb - # hostpci: - # hostpci0: "0000:00:02.0" diff --git a/production.ini b/production.ini index 98f3f31..aafe4ac 100644 --- a/production.ini +++ b/production.ini @@ -32,7 +32,7 @@ k3s-longhorn[00:02] [docker] docker-host[00:01] -docker-host[11:12] +docker-host[10:12] docker-lb [vps] @@ -55,7 +55,7 @@ k3s-loadbalancer [docker_host] docker-host[00:01] -docker-host[11:12] +docker-host[10:12] [docker_lb] docker-lb diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml index 8a8dd31..1eb4969 100644 --- a/roles/common/tasks/packages.yml +++ b/roles/common/tasks/packages.yml @@ -11,6 +11,7 @@ ansible.builtin.apt: name: "{{ common_packages }}" state: present + become: true when: ansible_user_id != "root" - name: Update and upgrade packages diff --git a/roles/common/tasks/time.yml b/roles/common/tasks/time.yml index 7e216ed..5ad7cb7 100644 --- a/roles/common/tasks/time.yml +++ b/roles/common/tasks/time.yml @@ -2,3 +2,10 @@ - name: Set timezone to "{{ timezone }}" community.general.timezone: name: "{{ timezone }}" + become: true + when: ansible_user_id != "root" + +- name: Set timezone to "{{ timezone }}" + community.general.timezone: + name: "{{ timezone }}" + when: ansible_user_id == "root" diff --git a/roles/docker_host/handlers/main.yml b/roles/docker_host/handlers/main.yml index 44cc369..026bae3 100644 --- a/roles/docker_host/handlers/main.yml +++ b/roles/docker_host/handlers/main.yml @@ -11,3 +11,9 @@ state: present retries: 3 delay: 5 + +- name: Restart host + ansible.builtin.reboot: + connect_timeout: 5 + reboot_timeout: 600 + test_command: whoami diff --git a/roles/docker_host/tasks/30_user_group_setup.yml b/roles/docker_host/tasks/30_user_group_setup.yml index 7703b4a..4b8fff5 100644 --- a/roles/docker_host/tasks/30_user_group_setup.yml +++ b/roles/docker_host/tasks/30_user_group_setup.yml @@ -12,3 +12,5 @@ groups: docker append: true become: true + notify: + - Restart host diff --git a/roles/docker_host/vars/main.yml b/roles/docker_host/vars/main.yml index 1ced720..259b6c6 100644 --- a/roles/docker_host/vars/main.yml +++ b/roles/docker_host/vars/main.yml @@ -1,3 +1,2 @@ docker_host_package_common_dependencies: - nfs-common - - firmware-misc-nonfree diff --git a/roles/proxmox/tasks/06_hardware_acceleration.yml b/roles/proxmox/tasks/06_hardware_acceleration.yml index f4d3f86..56c1e3b 100644 --- a/roles/proxmox/tasks/06_hardware_acceleration.yml +++ b/roles/proxmox/tasks/06_hardware_acceleration.yml @@ -7,6 +7,14 @@ backup: true register: iommu_result +- name: Set GRUB_CMDLINE_LINUX_DEFAULT for PCI passthrough + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: "^GRUB_CMDLINE_LINUX_DEFAULT=" + line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"' + backup: true + register: iommu_result + - name: Ensure VFIO modules are listed in /etc/modules ansible.builtin.blockinfile: path: /etc/modules @@ -22,16 +30,12 @@ - name: Update initramfs ansible.builtin.command: update-initramfs -u -k all - args: - warn: false when: iommu_result.changed or vfio_result.changed # notify: # - Reboot Node - name: update grub configuration ansible.builtin.command: update-grub - args: - warn: false when: iommu_result.changed or vfio_result.changed # notify: # - Reboot Node diff --git a/roles/proxmox/tasks/50_create_vms.yml b/roles/proxmox/tasks/50_create_vms.yml index d052154..96b5c34 100644 --- a/roles/proxmox/tasks/50_create_vms.yml +++ b/roles/proxmox/tasks/50_create_vms.yml @@ -4,11 +4,11 @@ file: "{{ proxmox_vault_file }}" name: vm_secrets -- name: Destroy vms (Only during rapid testing) - ansible.builtin.include_tasks: 54_destroy_vm.yml - loop: "{{ vms }}" - loop_control: - loop_var: "vm" +# - name: Destroy vms (Only during rapid testing) +# ansible.builtin.include_tasks: 54_destroy_vm.yml +# loop: "{{ vms }}" +# loop_control: +# loop_var: "vm" - name: Create vms ansible.builtin.include_tasks: 55_create_vm.yml