Added docker for aya01 and pi
changed password names Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>pull/1/head
TuDatTr
parent
0ab1c043d6
commit
ca1b586ee5
|
|
@ -27,6 +27,12 @@
|
||||||
Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied.
|
Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied.
|
||||||
```
|
```
|
||||||
By doing on remote system (example):
|
By doing on remote system (example):
|
||||||
|
```sh
|
||||||
|
sudo systemctl stop ntp.service
|
||||||
|
sudo ntpd -gq
|
||||||
|
sudo systemctl start ntp.service
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## RaspberryPi
|
## RaspberryPi
|
||||||
- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi
|
- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi
|
||||||
|
|
|
||||||
|
|
@ -5,3 +5,4 @@
|
||||||
roles:
|
roles:
|
||||||
- role: common
|
- role: common
|
||||||
- role: power_management
|
- role: power_management
|
||||||
|
- role: docker
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ common_packages:
|
||||||
- git
|
- git
|
||||||
- tmux
|
- tmux
|
||||||
- smartmontools
|
- smartmontools
|
||||||
|
- curl
|
||||||
|
|
||||||
#
|
#
|
||||||
# Docker
|
# Docker
|
||||||
|
|
@ -24,6 +25,8 @@ docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gp
|
||||||
docker_apt_release_channel: stable
|
docker_apt_release_channel: stable
|
||||||
docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
||||||
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
|
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
|
||||||
|
|
||||||
docker_compose_dir: /opt/docker/compose
|
docker_compose_dir: /opt/docker/compose
|
||||||
docker_dir: /opt/docker/config
|
docker_dir: /opt/docker/config
|
||||||
|
|
||||||
|
mysql_user: user
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,5 @@ ansible_user: "{{ user }}"
|
||||||
ansible_host: 192.168.20.12
|
ansible_host: 192.168.20.12
|
||||||
ansible_port: 22
|
ansible_port: 22
|
||||||
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
|
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
|
||||||
ansible_become_pass: '{{ aya01_tudattr_password }}'
|
ansible_become_pass: '{{ vault_aya01_tudattr_password }}'
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,4 @@ ansible_user: "{{ user }}"
|
||||||
ansible_host: 192.168.20.11
|
ansible_host: 192.168.20.11
|
||||||
ansible_port: 22
|
ansible_port: 22
|
||||||
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
|
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
|
||||||
ansible_become_pass: '{{ pi_tudattr_password }}'
|
ansible_become_pass: '{{ vault_pi_tudattr_password }}'
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: Create Zoneminder directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
owner: 1000
|
||||||
|
mode: '700'
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "{{ docker_dir }}/zm/"
|
||||||
|
|
||||||
|
- name: Shut down docker
|
||||||
|
shell:
|
||||||
|
cmd: "docker compose down --remove-orphans"
|
||||||
|
chdir: "{{ docker_compose_dir }}"
|
||||||
|
|
||||||
|
- name: Copy the compose file
|
||||||
|
template:
|
||||||
|
src: templates/aya01/compose.yaml
|
||||||
|
dest: "{{ docker_compose_dir }}/compose.yaml"
|
||||||
|
|
||||||
|
- name: Run docker compose
|
||||||
|
shell:
|
||||||
|
cmd: "docker compose up -d"
|
||||||
|
chdir: "{{ docker_compose_dir }}"
|
||||||
|
|
@ -1,5 +1,7 @@
|
||||||
---
|
---
|
||||||
- include_tasks: install.yml
|
- include_tasks: install.yml
|
||||||
- include_tasks: user_group_setup.yml
|
- include_tasks: user_group_setup.yml
|
||||||
- include_tasks: compose.yml
|
- include_tasks: pi_compose.yml
|
||||||
|
when: ansible_hostname == "pi"
|
||||||
|
- include_tasks: aya01_compose.yml
|
||||||
|
when: ansible_hostname == "aya01"
|
||||||
|
|
|
||||||
|
|
@ -9,16 +9,19 @@
|
||||||
- name: Copy ddns-config
|
- name: Copy ddns-config
|
||||||
template:
|
template:
|
||||||
owner: 1000
|
owner: 1000
|
||||||
src: "templates/ddns-updater/data/config.json"
|
src: "templates/pi/ddns-updater/data/config.json"
|
||||||
dest: "{{ docker_dir }}/ddns-updater/data/config.json"
|
dest: "{{ docker_dir }}/ddns-updater/data/config.json"
|
||||||
mode: '400'
|
mode: '400'
|
||||||
|
|
||||||
- name: Create traefik-config directory
|
- name: Create traefik-config directory
|
||||||
file:
|
file:
|
||||||
path: "{{ docker_dir }}/traefik/"
|
path: "{{ item }}"
|
||||||
owner: 1000
|
owner: 1000
|
||||||
mode: '700'
|
mode: '700'
|
||||||
state: directory
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "{{ docker_dir }}/traefik/etc-traefik/"
|
||||||
|
- "{{ docker_dir }}/traefik/var-log/"
|
||||||
|
|
||||||
- name: Create pihole-config directory
|
- name: Create pihole-config directory
|
||||||
file:
|
file:
|
||||||
|
|
@ -34,9 +37,13 @@
|
||||||
- name: Copy traefik-config
|
- name: Copy traefik-config
|
||||||
template:
|
template:
|
||||||
owner: 1000
|
owner: 1000
|
||||||
src: "templates/traefik/traefik.yml"
|
src: "templates/pi/{{ item }}"
|
||||||
dest: "{{ docker_dir }}/traefik/traefik.yml"
|
dest: "{{ docker_dir }}/{{ item }}"
|
||||||
mode: '400'
|
mode: '400'
|
||||||
|
loop:
|
||||||
|
- "traefik/etc-traefik/traefik.yml"
|
||||||
|
- "traefik/var-log/access.log"
|
||||||
|
- "traefik/var-log/traefik.log"
|
||||||
|
|
||||||
- name: Shut down docker
|
- name: Shut down docker
|
||||||
shell:
|
shell:
|
||||||
|
|
@ -45,7 +52,7 @@
|
||||||
|
|
||||||
- name: Copy the compose file
|
- name: Copy the compose file
|
||||||
template:
|
template:
|
||||||
src: templates/compose.yaml
|
src: templates/pi/compose.yaml
|
||||||
dest: "{{ docker_compose_dir }}/compose.yaml"
|
dest: "{{ docker_compose_dir }}/compose.yaml"
|
||||||
|
|
||||||
- name: Run docker compose
|
- name: Run docker compose
|
||||||
|
|
@ -0,0 +1,49 @@
|
||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- zoneminder
|
||||||
|
volumes:
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "{{ docker_dir }}/zm/db:/var/lib/mysql"
|
||||||
|
environment:
|
||||||
|
- "MYSQL_DATABASE=zm"
|
||||||
|
- "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
|
||||||
|
- "MYSQL_USER={{ mysql_user }}"
|
||||||
|
- "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
|
||||||
|
|
||||||
|
zoneminder:
|
||||||
|
image: ghcr.io/zoneminder-containers/zoneminder-base:latest
|
||||||
|
restart: always
|
||||||
|
stop_grace_period: 45s
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
networks:
|
||||||
|
- zoneminder
|
||||||
|
- compose_net
|
||||||
|
volumes:
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "{{ docker_dir }}/zm/data:/data"
|
||||||
|
- "{{ docker_dir }}/zm/config:/config"
|
||||||
|
- "{{ docker_dir }}/zm/log:/log"
|
||||||
|
- type: tmpfs
|
||||||
|
target: /dev/shm
|
||||||
|
tmpfs:
|
||||||
|
size: 1000000000
|
||||||
|
environment:
|
||||||
|
- MAX_LOG_SIZE_BYTES=1000000
|
||||||
|
- MAX_LOG_NUMBER=20
|
||||||
|
|
||||||
|
networks:
|
||||||
|
zoneminder:
|
||||||
|
compose_net:
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 172.16.69.0/24
|
||||||
|
gateway: 172.16.69.1
|
||||||
|
|
@ -2,13 +2,16 @@ version: '3'
|
||||||
services:
|
services:
|
||||||
traefik:
|
traefik:
|
||||||
container_name: traefik
|
container_name: traefik
|
||||||
image: traefik:v2.5
|
image: traefik:latest
|
||||||
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- compose_net
|
compose_net: {}
|
||||||
volumes:
|
volumes:
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||||
- {{ docker_dir }}/traefik/traefik.yml:/etc/traefik/traefik.yml
|
- "{{ docker_dir }}/traefik/etc-traefik/traefik.yml:/etc/traefik/traefik.yml"
|
||||||
|
- "{{ docker_dir }}/traefik/var-log/traefik.log:/var/log/traefik.log"
|
||||||
|
- "{{ docker_dir }}/traefik/var-log/access.log:/var/log/traefik.log"
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 8080:8080
|
- 8080:8080
|
||||||
|
|
@ -20,22 +23,20 @@ services:
|
||||||
ddns-updater:
|
ddns-updater:
|
||||||
container_name: ddns-updater
|
container_name: ddns-updater
|
||||||
image: "ghcr.io/qdm12/ddns-updater"
|
image: "ghcr.io/qdm12/ddns-updater"
|
||||||
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- compose_net
|
compose_net: {}
|
||||||
volumes:
|
volumes:
|
||||||
- {{ docker_dir }}/ddns-updater/data/:/updater/data/
|
- "{{ docker_dir }}/ddns-updater/data/:/updater/data/"
|
||||||
ports:
|
ports:
|
||||||
- 8000:8000/tcp
|
- 8000:8000/tcp
|
||||||
restart: unless-stopped
|
|
||||||
homeassistant:
|
homeassistant:
|
||||||
container_name: homeassistant
|
container_name: homeassistant
|
||||||
image: "ghcr.io/home-assistant/home-assistant:stable"
|
image: "ghcr.io/home-assistant/home-assistant:stable"
|
||||||
networks:
|
|
||||||
- compose_net
|
|
||||||
volumes:
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- {{ docker_dir }}/home-assistant/config/:/config/
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "{{ docker_dir }}/home-assistant/config/:/config/"
|
||||||
privileged: true
|
privileged: true
|
||||||
network_mode: host
|
network_mode: host
|
||||||
labels:
|
labels:
|
||||||
|
|
@ -46,29 +47,29 @@ services:
|
||||||
pihole:
|
pihole:
|
||||||
container_name: pihole
|
container_name: pihole
|
||||||
image: pihole/pihole:latest
|
image: pihole/pihole:latest
|
||||||
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- compose_net
|
compose_net: {}
|
||||||
ports:
|
ports:
|
||||||
- "53:53/tcp"
|
- "53:53/tcp"
|
||||||
- "53:53/udp"
|
- "53:53/udp"
|
||||||
- "67:67/udp"
|
- "67:67/udp"
|
||||||
- "8089:80/tcp"
|
- "8089:80/tcp"
|
||||||
environment:
|
environment:
|
||||||
- "TZ=Europe/Berlin"
|
- "WEBPASSWORD={{ vault_pihole_password }}"
|
||||||
- "WEBPASSWORD=a"
|
|
||||||
- "ServerIP=192.168.20.11"
|
- "ServerIP=192.168.20.11"
|
||||||
- "INTERFACE=eth0"
|
- "INTERFACE=eth0"
|
||||||
- "DNS1=1.1.1.1"
|
- "DNS1=1.1.1.1"
|
||||||
- "DNS1=1.0.0.1"
|
- "DNS1=1.0.0.1"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ docker_dir }}/pihole/etc-pihole/:/etc/pihole/"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
- "{{ docker_dir }}/pihole/etc-pihole/:/etc/pihole/"
|
||||||
|
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
||||||
dns:
|
dns:
|
||||||
- 127.0.0.1
|
- 127.0.0.1
|
||||||
- 1.1.1.1
|
- 1.1.1.1
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)"
|
- "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)"
|
||||||
|
|
@ -9,8 +9,17 @@ entryPoints:
|
||||||
# Docker configuration backend
|
# Docker configuration backend
|
||||||
providers:
|
providers:
|
||||||
docker:
|
docker:
|
||||||
|
exposedByDefault: false
|
||||||
|
network: compose_net
|
||||||
defaultRule: "Host(`{{ '{{' }} trimPrefix `/` .Name {{ '}}' }}.{{ local_domain }}`)"
|
defaultRule: "Host(`{{ '{{' }} trimPrefix `/` .Name {{ '}}' }}.{{ local_domain }}`)"
|
||||||
|
|
||||||
# API and dashboard configuration
|
# API and dashboard configuration
|
||||||
api:
|
api:
|
||||||
insecure: true
|
insecure: true
|
||||||
|
dashboard: true
|
||||||
|
|
||||||
|
log:
|
||||||
|
filePath: "/var/log/traefik.log"
|
||||||
|
|
||||||
|
accessLog:
|
||||||
|
filePath: "/var/log/access.log"
|
||||||
Loading…
Reference in New Issue