Added naruto host and gitea to docker

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
2023-10-10 11:34:02 +02:00 · 2023-10-10 11:34:02 +02:00 · 860b1a6be4
parent 582aa5e235
commit 860b1a6be4
21 changed files with 172 additions and 62 deletions
--- a/README.md
+++ b/README.md
@ -17,34 +17,36 @@ usermod -a -G sudo tudattr
 Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone.
 but first of all we need to create the buckets and provide ansible with the needed information.

-When creating your own rclone config the `password` and `password2` entries have to be passed though `rclone obscure` like this:
+First we need to create a api key for backblaze, consists of an id and a key.
+we use clone to sync to backblaze.
+we can encrypt the data with rclone before sending it to backblaze.
+to do this we need two buckets:
+- b2
+- crypt
+on each device that should be backupped.

-``` sh
-echo "$PASSWORD" | rclone obscure -
-```
+we create these by running `rclone config` and creating one [remote] b2 config and a [secret] crypt config. The crypt config should have two passwords that we store in our secrets file.

 `
 ## Vault
 - Create vault with: `ansible-vault create secrets.yml`
 - Create entry in vault with: `ansible-vault edit secrets.yml`
- Add following entries: 
-  - `vault_pi_tudattr_password: <YOURPASSWORD>` (password you've setup on the device)
-  - `vault_aya01_tudattr_password: <YOURPASSWORD>` (password you've setup on the device)
-  - `vault_pihole_password: <YOURPASSWORD>` (arbitrary password you want to log in with)
-  - `vault_mysql_root_password: <YOURPASSWORD>` (arbitrary password, used internally)
-  - `vault_mysql_user_password: <YOURPASSWORD>` (arbitrary password, used internally)
-  - `vault_ddns_tudattrdev_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/))
-  - `vault_ddns_borgland_password: <YOURPASSWORD>` (password needed for ddns, refer to [here](https://www.namecheap.com/support/knowledgebase/article.aspx/595/11/how-do-i-enable-dynamic-dns-for-a-domain/))
+- Add following entries: TODO
  
 ## Docker
 To add new docker containers to the docker role you need to add the following and replace `service` with the name of your service:

 - Add relevent vars to `group_vars/all/vars.yaml`:
 ```yaml
-service_port: "19999" # Exposed port
-service_config: "{{ docker_dir }}/service/" # config folder or your dir
-service_data: "{{ docker_data_dir }}/service/" # data folder or your dir (only works on aya01)
+service:
+  host: "service"
+  ports:
+    http: "19999"
+  volumes:
+    config: "{{ docker_dir }}/service/" # config folder or your dir
+    data: "{{ docker_data_dir }}/service/" # data folder or your dir (only works on aya01)
 ```
+
 - Create necessary directories for service in the docker role `roles/docker/tasks/service.yaml`
 ```yaml
 - name: Create service dirs
@ -52,11 +54,11 @@ service_data: "{{ docker_data_dir }}/service/" # data folder or your dir (only w
    path: "{{ item }}"
    owner: 1000
    group: 1000
-    mode: '777'
+    mode: '775'
    state: directory
  loop:
-    - "{{ service_config }}"
-    - "{{ service_data }}"
+    - "{{ service.volumes.config }}"
+    - "{{ service.volumes.data }}"

 # optional:
 # - name: Place service config
@ -90,8 +92,6 @@ service_data: "{{ docker_data_dir }}/service/" # data folder or your dir (only w
      - "{{service_lib}}:/var/lib/service"
      - "{{service_cache}}:/var/cache/service"
 ```
-### Qbittorrent/Openvpn
-You'll need to add a openvpn config to =./roles/docker/templates/aya01/qbittorrentvpn/config/=

 ## Server
 - Install Debian (debian-11.5.0-amd64-netinst.iso) on remote system
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -509,9 +509,15 @@ homarr:

 gitea:
  host: "git"
+  url: "https://git.tudattr.dev"
  volumes:
    data: "{{ docker_data_dir }}/gitea/data"
    config: "{{ docker_dir }}/gitea/config"
  ports:
    http: "3000"
    ssh: "2222"
+  runner:
+    host: "gitea-runner-{{ host.hostname }}"
+    token: "{{ host.gitea.runner.token }}"
+    volumes:
+      data: "{{ docker_data_dir }}/gitea/runner/data/"
--- a/host_vars/aya01.yml
+++ b/host_vars/aya01.yml
@ -47,3 +47,6 @@ host:
  paperless:
    db:
      password: "{{ vault.aya01.paperless.db.password }}"
+  gitea:
+    runner:
+      token: "{{ vault.aya01.gitea.runner.token }}"
--- a/host_vars/mii.yml
+++ b/host_vars/mii.yml
@ -5,6 +5,7 @@ ansible_ssh_private_key_file: '{{ pk_path }}'
 ansible_become_pass: '{{ vault.mii.sudo }}'

 host:
+  hostname: "mii"
  ip: "192.168.200.2"
  backblaze:
    account: "{{ vault.mii.backblaze.account }}"
--- a/host_vars/naruto.yml
+++ b/host_vars/naruto.yml
@ -5,17 +5,19 @@ ansible_ssh_private_key_file: '{{ pk_path }}'
 ansible_become_pass: '{{ vault.naruto.sudo }}'

 host:
+  hostname: "naruto"
  ip: "{{ ansible_host }}"
  backblaze:
    account: "{{ vault.naruto.backblaze.account }}"
    key: "{{ vault.naruto.backblaze.key }}"
    remote: "remote:naruto-tudattr-dev"
-#    password: "{{}}"
-#    password2: "{{}}"
-#    paths:
-#      - "{{}}"
-#      - "{{}}"
+    password: "{{ vault.naruto.rclone.password }}"
+    password2: "{{ vault.naruto.rclone.password2 }}"
+    paths:
+      - "{{ docker_compose_dir }}"
+      - "{{ docker_dir }}"
  fstab:
  mergerfs:
-  samba:
-    password: "{{ vault.aya01.samba.password }}"
+  gitea:
+    runner:
+      token: "{{ vault.naruto.gitea.runner.token }}"
--- a/host_vars/pi.yml
+++ b/host_vars/pi.yml
@ -5,6 +5,7 @@ ansible_ssh_private_key_file: '{{ pk_path }}'
 ansible_become_pass: '{{ vault.pi.sudo }}'

 host:
+  hostname: "pi"
  ip: "{{ ansible_host }}"
  backblaze:
    account: "{{ vault.pi.backblaze.account }}"
@ -17,3 +18,6 @@ host:
      - "{{ docker_dir }}"
  fstab:
  mergerfs:
+  gitea:
+    runner:
+      token: "{{ vault.pi.gitea.runner.token }}"
--- a/naruto.yml
+++ b/naruto.yml
@ -1,17 +0,0 @@
---
- name: Set up Servers
-  hosts: nas
-  gather_facts: yes
-  roles:
-    - role: common
-      tags:
-        - common
-    - role: samba
-      tags:
-        - samba
-    - role: node_exporter
-      tags:
-        - node_exporter
-    - role: smart_exporter
-      tags:
-        - smart_exporter
--- a/4
+++ b/4
@ -3,9 +3,7 @@ aya01

 [raspberry]
 pi
+naruto

 [vps]
 mii
-
-[nas]
-naruto
--- a/roles/backblaze/tasks/backup.yml
+++ b/roles/backblaze/tasks/backup.yml
@ -5,9 +5,15 @@
    state: stopped
  become: true

+  # - name: Backing up for "{{ inventory_hostname }}"
+  #   shell:
+  #     cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16"
+  #   loop: "{{ host.backblaze.paths }}"
+  #   become: true
+
 - name: Backing up for "{{ inventory_hostname }}"
  shell:
-    cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16"
+    cmd: "rclone sync {{ item }} secret:{{ item }} -L"
  loop: "{{ host.backblaze.paths }}"
  become: true

--- a/roles/docker/tasks/aya01_compose.yml
+++ b/roles/docker/tasks/aya01_compose.yml
@ -90,3 +90,8 @@
 - include_tasks: gitea.yml
  tags:
    - gitea
+
+- include_tasks: gitea-runner.yml
+  tags:
+    - gitea-runner
+
--- a/roles/docker/tasks/ddns.yml
+++ b/roles/docker/tasks/ddns.yml
@ -10,7 +10,7 @@
 - name: Copy ddns-config
  template:
    owner: 1000
-    src: "templates/pi/ddns-updater/data/config.json"
+    src: "templates/{{host.hostname}}/ddns-updater/data/config.json"
    dest: "{{ docker_dir }}/ddns-updater/data/config.json"
    mode: '400'

--- a/roles/docker/tasks/gitea-runner.yml
+++ b/roles/docker/tasks/gitea-runner.yml
@ -0,0 +1,11 @@
+---
+- name: Create gitea-runner directories
+  file:
+    path: "{{ item }}"
+    owner: "{{ puid }}"
+    group: "{{ pgid }}"
+    mode: '755'
+    state: directory
+  become: yes
+  loop:
+    - "{{ gitea.runner.volumes.data }}"
--- a/roles/docker/tasks/gitea.yml
+++ b/roles/docker/tasks/gitea.yml
@ -1,4 +1,4 @@
-
+---
 - name: Create gitea directories
  file:
    path: "{{ item }}"
--- a/roles/docker/tasks/gitlab-runner.yml
+++ b/roles/docker/tasks/gitlab-runner.yml
@ -0,0 +1,11 @@
+---
+- name: Create gitlab-runner directories
+  file:
+    path: "{{ item }}"
+    owner: "{{ puid }}"
+    group: "{{ pgid }}"
+    mode: '755'
+    state: directory
+  become: yes
+  loop:
+    - "{{ gitlab.runner.volumes.config }}"
--- a/roles/docker/tasks/naruto_compose.yml
+++ b/roles/docker/tasks/naruto_compose.yml
@ -0,0 +1,13 @@
+---
+
+- include_tasks: nginx-proxy-manager.yml
+  tags:
+    - nginx
+
+- include_tasks: pihole.yml
+  tags:
+    - pihole
+
+- include_tasks: gitea-runner.yml
+  tags:
+    - gitea-runner
--- a/roles/docker/tasks/pi_compose.yml
+++ b/roles/docker/tasks/pi_compose.yml
@ -7,3 +7,8 @@
 - include_tasks: pihole.yml
  tags:
    - pihole
+
+- include_tasks: gitea-runner.yml
+  tags:
+    - gitea-runner
+
--- a/roles/docker/templates/aya01/compose.yaml
+++ b/roles/docker/templates/aya01/compose.yaml
@ -93,6 +93,8 @@ services:
      - PUID={{puid}}
      - PGID={{pgid}}
      - TZ={{timezone}}
+    ports:
+      - "{{kuma_port}}:3001"
    volumes:
      - "{{ kuma_config }}:/app/data"

@ -221,6 +223,8 @@ services:
      - PUID={{ puid }}
      - PGID={{ pgid}}
      - TZ={{ timezone }}
+    ports:
+      - "{{ tautulli_port }}:8181"
    volumes:
      - {{ tautulli_config}}:/config

@ -463,6 +467,21 @@ services:
      - "{{ gitea.ports.http }}:3000"
      - "{{ gitea.ports.ssh }}:2222"

+
+  {{ gitea.runner.host }}:
+    container_name: {{ gitea.runner.host }}
+    image: gitea/act_runner:nightly
+    restart: unless-stopped
+    depends_on:
+      - {{ gitea.host }}
+    networks:
+      - net
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - "GITEA_INSTANCE_URL={{ gitea.url }}"
+      - "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}"
+
 networks:
  zoneminder:
    driver: bridge
--- a/roles/docker/templates/aya01/prometheus/prometheus.yml.j2
+++ b/roles/docker/templates/aya01/prometheus/prometheus.yml.j2
@ -43,4 +43,3 @@ scrape_configs:
  - job_name: 'SMART'
    static_configs:
    - targets: ['{{ aya01_ip }}:{{smart_exporter.port}}']
-    - targets: ['{{ naruto_ip }}:{{smart_exporter.port}}']
--- a/roles/docker/templates/naruto/compose.yaml
+++ b/roles/docker/templates/naruto/compose.yaml
@ -0,0 +1,40 @@
+version: '3'
+services:
+  nginx:
+    container_name: "{{nginx.host}}"
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    networks:
+      net: {}
+    ports:
+      - '{{nginx.endpoints.http}}:80'
+      - '{{nginx.endpoints.https}}:443'
+      - '{{nginx.endpoints.admin}}:81'
+    volumes:
+      - "{{nginx.paths.data}}:/data"
+      - "{{nginx.paths.letsencrypt}}:/etc/letsencrypt"
+      - '/var/run/docker.sock:/var/run/docker.sock'
+
+  {{ gitea.runner.host }}:
+    container_name: {{ gitea.runner.host }}
+    image: gitea/act_runner:nightly
+    restart: unless-stopped
+    depends_on:
+      - nginx
+    networks:
+      - net
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - {{ gitea.runner.volumes.data }}:/data
+    environment:
+      - "GITEA_INSTANCE_URL={{ gitea.url }}"
+      - "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}"
+
+networks:
+  net:
+    driver: bridge
+    ipam:
+#      driver: default
+      config:
+        - subnet: 172.16.69.0/24
+          gateway: 172.16.69.1
--- a/roles/docker/templates/pi/compose.yaml
+++ b/roles/docker/templates/pi/compose.yaml
@ -43,6 +43,21 @@ services:
    cap_add:
      - NET_ADMIN

+  {{ gitea.runner.host }}:
+    container_name: {{ gitea.runner.host }}
+    image: gitea/act_runner:nightly
+    restart: unless-stopped
+    depends_on:
+      - nginx
+    networks:
+      - net
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - {{ gitea.runner.volumes.data }}:/data
+    environment:
+      - "GITEA_INSTANCE_URL={{ gitea.url }}"
+      - "GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner.token }}"
+
 networks:
  net:
    driver: bridge
--- a/roles/docker/templates/pi/ddns-updater/data/config.json
+++ b/roles/docker/templates/pi/ddns-updater/data/config.json
@ -1,11 +0,0 @@
-{
-    "settings": [
-        {
-            "provider": "namecheap",
-            "domain": "{{ local_domain }}",
-            "host": "{{ local_subdomains }}",
-            "password": "{{ vault_ddns_borgland_password }}",
-            "provider_ip": true
-        }
-    ]
-}