tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(infra): reorganize docker host VMs and service assignments

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-05-07 00:02:30 +02:00
parent de62327fde
commit 6ff1ccecd0
11 changed files with 86 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
group_vars/docker/docker.yml
View File

@@ -9,7 +9,7 @@ docker:
services:
- name: syncthing
vm:
- docker-host00
- docker-host11
container_name: syncthing
image: syncthing/syncthing:1.29
volumes:
@@ -35,7 +35,7 @@ services:
- TZ=Europe/Berlin
- name: status
vm:
- docker-host00
- docker-host12
container_name: kuma
image: louislam/uptime-kuma:1.23.16
volumes:
@@ -52,7 +52,7 @@ services:
- TZ=Europe/Berlin
- name: plex
vm:
- docker-host00
- docker-host11
container_name: plex
image: lscr.io/linuxserver/plex:1.41.5
volumes:
@@ -160,20 +160,20 @@ services:
external: 5683
- name: ddns
vm:
- docker-host00
- docker-host12
container_name: ddns-updater
image: qmcgaw/ddns-updater:2
volumes:
- name: "Configuration"
internal: /updater/data/"
external: "{{ docker.directories.config }}/ddns-updater/data/"
internal: /updater/data/
external: "{{ docker.directories.local }}/ddns-updater/data/"
ports:
- name: "http"
internal: 8000
external: "{{ services_external_http.ddns }}"
- name: sonarr
vm:
- docker-host00
- docker-host12
container_name: sonarr
image: linuxserver/sonarr:4.0.14
volumes:
@@ -196,7 +196,7 @@ services:
- TZ=Europe/Berlin
- name: radarr
vm:
- docker-host00
- docker-host12
container_name: radarr
image: linuxserver/radarr:5.21.1
volumes:
@@ -219,7 +219,7 @@ services:
- TZ=Europe/Berlin
- name: lidarr
vm:
- docker-host00
- docker-host12
container_name: lidarr
image: linuxserver/lidarr:2.10.3
volumes:
@@ -242,7 +242,7 @@ services:
- TZ=Europe/Berlin
- name: prowlarr
vm:
- docker-host00
- docker-host12
container_name: prowlarr
image: linuxserver/prowlarr:1.32.2
volumes:
@@ -259,7 +259,7 @@ services:
- TZ=Europe/Berlin
- name: paperless
vm:
- docker-host00
- docker-host12
container_name: paperless
image: ghcr.io/paperless-ngx/paperless-ngx:2.14
depends_on:
@@ -301,7 +301,7 @@ services:
version: 7
- name: pdf
vm:
- docker-host00
- docker-host12
container_name: stirling
image: frooodle/s-pdf:0.45.0
ports:
@@ -338,21 +338,21 @@ services:
- USER_GID=1000
- name: changedetection
vm:
- docker-host00
- docker-host12
container_name: changedetection
image: dgtlmoon/changedetection.io:0.49
healthcheck: curl
volumes:
- name: "Data"
internal: /datastore
external: "{{ docker.directories.config }}/changedetection/data/"
external: "{{ docker.directories.local }}/changedetection/data/"
ports:
- name: "http"
internal: 5000
external: "{{ services_external_http.changedetection }}"
- name: gluetun
vm:
- docker-host00
- docker-host12
container_name: gluetun
image: qmcgaw/gluetun:v3.40
cap_add:
@@ -364,7 +364,7 @@ services:
volumes:
- name: "Configuration"
internal: /gluetun
external: "{{ docker.directories.config }}/gluetun/config"
external: "{{ docker.directories.local }}/gluetun/config"
ports:
- name: "Qbit Client"
internal: 8082
@@ -384,7 +384,7 @@ services:
- "OPENVPN_PASSWORD={{ vault.docker.proton.openvpn_password }}"
- name: torrentleech
vm:
- docker-host00
- docker-host12
container_name: torrentleech
image: qbittorrentofficial/qbittorrent-nox
depends_on:
@@ -393,7 +393,7 @@ services:
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.config }}/torrentleech/config"
external: "{{ docker.directories.local }}/torrentleech/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
@@ -409,7 +409,7 @@ services:
- QBT_WEBUI_PORT="8083"
- name: qbit
vm:
- docker-host00
- docker-host12
container_name: qbit
image: qbittorrentofficial/qbittorrent-nox:5.0.4-1
depends_on:
@@ -418,7 +418,7 @@ services:
volumes:
- name: "Configuration"
internal: /config
external: "{{ docker.directories.config }}/qbit/config"
external: "{{ docker.directories.local }}/qbit/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
@@ -434,7 +434,8 @@ services:
- QBT_WEBUI_PORT="8082"
- name: cadvisor
vm:
- docker-host00
- docker-host12
- docker-host11
- docker-host01
container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.52.1

26
group_vars/proxmox/secrets_vm.yml
View File

@@ -1,11 +1,17 @@
$ANSIBLE_VAULT;1.1;AES256
33366337663238336235656339393633373761396661346339366239353538636534656237363630
6538326333356531366139333439336164323136336162650a656161633533323339353066313862
63653666656134633039386331376133333638643531383061303235393530343461626530613365
3435313536396130360a623063343263616166333562323063393935363034323132353330396139
30353536383237656130663430663838383263613631373064326637353335616631363161313162
64613634303632343236666339393230353531333334646135376364383030336266613563366333
30333331333333613565666530646462656161613031633931666637656537303765623837303230
36653664393838663330633333326539636634666531343031383133333634376262366563336463
37306561323865316630636661623732626635323233363463613130363939306466316632643836
3763353161366531386565393032383763363334326530373762
66386330343432366236303530313838613830376162613265346533336232393838323136306433
6631643363643761313164376132386433623137386539360a333263393236616432616439613733
33653832333534333563623164616164663034303331373135633665636230333035373262656338
3038383463366466640a666264653332616637616661376666303331353333383833323538633666
30656266353439366461636162336266356433336438393134326166343934353933633131343163
61643233616166316236636333633136353830626265343834333937353361363962656463656538
32336435643531613936343136663632386564373764306333323262306432626237323434336333
35323365326432616563663936623630386436336364323530613137636434653138383539623166
32326436643861366536393937343863653032336334333739653434346263393364666565316563
63353634313033316265666235366339653366363031343230313035336535643361616233646535
65396162326230656162313535646539663830646637623939613365363534663434343532653465
31613066353565626137363232386263666134613335656333616565643339386231646664343134
36333765366632386133313835306332646565353238633233613237343330316564343437313963
61636662353936323237393831326138363263306130633461323437616430323234646666313935
32643466323064623630363962316438386232333238633839613035643933633263663161316563
63616638313534643632

23
group_vars/proxmox/vms.yml
View File

@@ -1,7 +1,7 @@
vms:
- name: "docker-host11"
- name: "docker-host10"
node: "inko"
vmid: 311
vmid: 410
cores: 2
memory: 4096 # in MiB
net:
@@ -10,9 +10,22 @@ vms:
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb
- name: "docker-host12"
- name: "docker-host11"
node: "lulu"
vmid: 312
vmid: 411
cores: 2
memory: 4096 # in MiB
net:
net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb
hostpci:
hostpci0: "0000:00:02.0"
- name: "docker-host12"
node: "naruto01"
vmid: 412
cores: 2
memory: 4096 # in MiB
net:
@@ -21,5 +34,3 @@ vms:
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb
# hostpci:
# hostpci0: "0000:00:02.0"

4
production.ini
View File

@@ -32,7 +32,7 @@ k3s-longhorn[00:02]
[docker]
docker-host[00:01]
docker-host[11:12]
docker-host[10:12]
docker-lb
[vps]
@@ -55,7 +55,7 @@ k3s-loadbalancer
[docker_host]
docker-host[00:01]
docker-host[11:12]
docker-host[10:12]
[docker_lb]
docker-lb

1
roles/common/tasks/packages.yml
View File

@@ -11,6 +11,7 @@
ansible.builtin.apt:
name: "{{ common_packages }}"
state: present
become: true
when: ansible_user_id != "root"
- name: Update and upgrade packages

7
roles/common/tasks/time.yml
View File

@@ -2,3 +2,10 @@
- name: Set timezone to "{{ timezone }}"
community.general.timezone:
name: "{{ timezone }}"
become: true
when: ansible_user_id != "root"
- name: Set timezone to "{{ timezone }}"
community.general.timezone:
name: "{{ timezone }}"
when: ansible_user_id == "root"

6
roles/docker_host/handlers/main.yml
View File

@@ -11,3 +11,9 @@
state: present
retries: 3
delay: 5
- name: Restart host
ansible.builtin.reboot:
connect_timeout: 5
reboot_timeout: 600
test_command: whoami

2
roles/docker_host/tasks/30_user_group_setup.yml
View File

@@ -12,3 +12,5 @@
groups: docker
append: true
become: true
notify:
- Restart host

1
roles/docker_host/vars/main.yml
View File

@@ -1,3 +1,2 @@
docker_host_package_common_dependencies:
- nfs-common
- firmware-misc-nonfree

12
roles/proxmox/tasks/06_hardware_acceleration.yml
View File

@@ -7,6 +7,14 @@
backup: true
register: iommu_result
- name: Set GRUB_CMDLINE_LINUX_DEFAULT for PCI passthrough
ansible.builtin.lineinfile:
path: /etc/default/grub
regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"'
backup: true
register: iommu_result
- name: Ensure VFIO modules are listed in /etc/modules
ansible.builtin.blockinfile:
path: /etc/modules
@@ -22,16 +30,12 @@
- name: Update initramfs
ansible.builtin.command: update-initramfs -u -k all
args:
warn: false
when: iommu_result.changed or vfio_result.changed
# notify:
# - Reboot Node
- name: update grub configuration
ansible.builtin.command: update-grub
args:
warn: false
when: iommu_result.changed or vfio_result.changed
# notify:
# - Reboot Node

10
roles/proxmox/tasks/50_create_vms.yml
View File

@@ -4,11 +4,11 @@
file: "{{ proxmox_vault_file }}"
name: vm_secrets
- name: Destroy vms (Only during rapid testing)
ansible.builtin.include_tasks: 54_destroy_vm.yml
loop: "{{ vms }}"
loop_control:
loop_var: "vm"
# - name: Destroy vms (Only during rapid testing)
# ansible.builtin.include_tasks: 54_destroy_vm.yml
# loop: "{{ vms }}"
# loop_control:
# loop_var: "vm"
- name: Create vms
ansible.builtin.include_tasks: 55_create_vm.yml