tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added docker for aya01 and pi 

changed password names

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2022-12-05 16:47:35 +01:00
parent 0ab1c043d6
commit ca1b586ee5
14 changed files with 129 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -27,6 +27,12 @@
Release file for http://security.debian.org/debian-security/dists/bullseye-security/InRelease is not valid yet (invalid for another 12h 46min 9s). Updates for this repository will not be applied.
```
By doing on remote system (example):
```sh
sudo systemctl stop ntp.service
sudo ntpd -gq
sudo systemctl start ntp.service
```
## RaspberryPi
- Install raspbian lite (2022-09-22-raspios-bullseye-arm64-lite.img) on pi

1
aya01.yml
View File

@ -5,3 +5,4 @@
roles:
- role: common
- role: power_management
- role: docker

3
group_vars/all/vars.yml
View File

@ -15,6 +15,7 @@ common_packages:
- git
- tmux
- smartmontools
- curl
#
# Docker
@ -27,3 +28,5 @@ docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{
docker_compose_dir: /opt/docker/compose
docker_dir: /opt/docker/config
mysql_user: user

2
host_vars/aya01.yml
View File

@ -2,5 +2,5 @@ ansible_user: "{{ user }}"
ansible_host: 192.168.20.12
ansible_port: 22
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
ansible_become_pass: '{{ aya01_tudattr_password }}'
ansible_become_pass: '{{ vault_aya01_tudattr_password }}'

2
host_vars/pi.yml
View File

@ -2,4 +2,4 @@ ansible_user: "{{ user }}"
ansible_host: 192.168.20.11
ansible_port: 22
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
ansible_become_pass: '{{ pi_tudattr_password }}'
ansible_become_pass: '{{ vault_pi_tudattr_password }}'

24
roles/docker/tasks/aya01_compose.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Create Zoneminder directories
file:
path: "{{ item }}"
owner: 1000
mode: '700'
state: directory
loop:
- "{{ docker_dir }}/zm/"
- name: Shut down docker
shell:
cmd: "docker compose down --remove-orphans"
chdir: "{{ docker_compose_dir }}"
- name: Copy the compose file
template:
src: templates/aya01/compose.yaml
dest: "{{ docker_compose_dir }}/compose.yaml"
- name: Run docker compose
shell:
cmd: "docker compose up -d"
chdir: "{{ docker_compose_dir }}"

6
roles/docker/tasks/main.yml
View File

@ -1,5 +1,7 @@
---
- include_tasks: install.yml
- include_tasks: user_group_setup.yml
- include_tasks: compose.yml
- include_tasks: pi_compose.yml
when: ansible_hostname == "pi"
- include_tasks: aya01_compose.yml
when: ansible_hostname == "aya01"

17
roles/docker/tasks/compose.yml → roles/docker/tasks/pi_compose.yml
View File

@ -9,16 +9,19 @@
- name: Copy ddns-config
template:
owner: 1000
src: "templates/ddns-updater/data/config.json"
src: "templates/pi/ddns-updater/data/config.json"
dest: "{{ docker_dir }}/ddns-updater/data/config.json"
mode: '400'
- name: Create traefik-config directory
file:
path: "{{ docker_dir }}/traefik/"
path: "{{ item }}"
owner: 1000
mode: '700'
state: directory
loop:
- "{{ docker_dir }}/traefik/etc-traefik/"
- "{{ docker_dir }}/traefik/var-log/"
- name: Create pihole-config directory
file:
@ -34,9 +37,13 @@
- name: Copy traefik-config
template:
owner: 1000
src: "templates/traefik/traefik.yml"
dest: "{{ docker_dir }}/traefik/traefik.yml"
src: "templates/pi/{{ item }}"
dest: "{{ docker_dir }}/{{ item }}"
mode: '400'
loop:
- "traefik/etc-traefik/traefik.yml"
- "traefik/var-log/access.log"
- "traefik/var-log/traefik.log"
- name: Shut down docker
shell:
@ -45,7 +52,7 @@
- name: Copy the compose file
template:
src: templates/compose.yaml
src: templates/pi/compose.yaml
dest: "{{ docker_compose_dir }}/compose.yaml"
- name: Run docker compose

49
roles/docker/templates/aya01/compose.yaml Normal file
View File

@ -0,0 +1,49 @@
version: '3'
services:
db:
image: mariadb
restart: always
networks:
- zoneminder
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ docker_dir }}/zm/db:/var/lib/mysql"
environment:
- "MYSQL_DATABASE=zm"
- "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
- "MYSQL_USER={{ mysql_user }}"
- "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
zoneminder:
image: ghcr.io/zoneminder-containers/zoneminder-base:latest
restart: always
stop_grace_period: 45s
depends_on:
- db
ports:
- 80:80
networks:
- zoneminder
- compose_net
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ docker_dir }}/zm/data:/data"
- "{{ docker_dir }}/zm/config:/config"
- "{{ docker_dir }}/zm/log:/log"
- type: tmpfs
target: /dev/shm
tmpfs:
size: 1000000000
environment:
- MAX_LOG_SIZE_BYTES=1000000
- MAX_LOG_NUMBER=20
networks:
zoneminder:
compose_net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.69.0/24
gateway: 172.16.69.1

35
roles/docker/templates/compose.yaml → roles/docker/templates/pi/compose.yaml
View File

@ -2,13 +2,16 @@ version: '3'
services:
traefik:
container_name: traefik
image: traefik:v2.5
image: traefik:latest
restart: unless-stopped
networks:
- compose_net
compose_net: {}
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- {{ docker_dir }}/traefik/traefik.yml:/etc/traefik/traefik.yml
- "{{ docker_dir }}/traefik/etc-traefik/traefik.yml:/etc/traefik/traefik.yml"
- "{{ docker_dir }}/traefik/var-log/traefik.log:/var/log/traefik.log"
- "{{ docker_dir }}/traefik/var-log/access.log:/var/log/traefik.log"
ports:
- 80:80
- 8080:8080
@ -20,22 +23,20 @@ services:
ddns-updater:
container_name: ddns-updater
image: "ghcr.io/qdm12/ddns-updater"
restart: unless-stopped
networks:
- compose_net
compose_net: {}
volumes:
- {{ docker_dir }}/ddns-updater/data/:/updater/data/
- "{{ docker_dir }}/ddns-updater/data/:/updater/data/"
ports:
- 8000:8000/tcp
restart: unless-stopped
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
networks:
- compose_net
volumes:
- /etc/localtime:/etc/localtime:ro
- {{ docker_dir }}/home-assistant/config/:/config/
restart: unless-stopped
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ docker_dir }}/home-assistant/config/:/config/"
privileged: true
network_mode: host
labels:
@ -46,29 +47,29 @@ services:
pihole:
container_name: pihole
image: pihole/pihole:latest
restart: unless-stopped
networks:
- compose_net
compose_net: {}
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "8089:80/tcp"
environment:
- "TZ=Europe/Berlin"
- "WEBPASSWORD=a"
- "WEBPASSWORD={{ vault_pihole_password }}"
- "ServerIP=192.168.20.11"
- "INTERFACE=eth0"
- "DNS1=1.1.1.1"
- "DNS1=1.0.0.1"
volumes:
- "{{ docker_dir }}/pihole/etc-pihole/:/etc/pihole/"
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
- "/etc/localtime:/etc/localtime:ro"
- "{{ docker_dir }}/pihole/etc-pihole/:/etc/pihole/"
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
dns:
- 127.0.0.1
- 1.1.1.1
cap_add:
- NET_ADMIN
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)"

0
roles/docker/templates/ddns-updater/data/config.json → roles/docker/templates/pi/ddns-updater/data/config.json
View File

9
roles/docker/templates/traefik/traefik.yml → roles/docker/templates/pi/traefik/etc-traefik/traefik.yml
View File

@ -9,8 +9,17 @@ entryPoints:
# Docker configuration backend
providers:
docker:
exposedByDefault: false
network: compose_net
defaultRule: "Host(`{{ '{{' }} trimPrefix `/` .Name {{ '}}' }}.{{ local_domain }}`)"
# API and dashboard configuration
api:
insecure: true
dashboard: true
log:
filePath: "/var/log/traefik.log"
accessLog:
filePath: "/var/log/access.log"

0
roles/docker/templates/pi/traefik/var-log/access.log Normal file
View File

0
roles/docker/templates/pi/traefik/var-log/traefik.log Normal file
View File