tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added stirling-pdf, removed soft-serve, moved ddns and hass 

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2023-08-13 21:01:10 +02:00
parent ef207c5d64
commit df1a070806
19 changed files with 161 additions and 282 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
group_vars/all/vars.yml
View File

@ -442,3 +442,12 @@ smart_exporter:
version: 'latest'
options: '--web.listen-address=9633'
bin_path: /usr/local/bin/smart_exporter
#
# Stirling-pdf
#
stirling:
host: "stirling"
dns: "pdf"
port: 8084

2
host_vars/mii.yml
View File

@ -15,3 +15,5 @@ host:
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"
fstab:
mergerfs:

2
host_vars/pi.yml
View File

@ -15,3 +15,5 @@ host:
paths:
- "{{ docker_compose_dir }}"
- "{{ docker_dir }}"
fstab:
mergerfs:

7
roles/docker/tasks/aya01_compose.yml
View File

@ -31,6 +31,13 @@
- include_tasks: plex.yml
tags:
- plex
- include_tasks: ddns.yml
tags:
- ddns
- include_tasks: homeassistant.yml
tags:
- homeassistant
- include_tasks: tautulli.yml
tags:

8
roles/docker/tasks/pi_compose.yml
View File

@ -4,14 +4,6 @@
tags:
- traefik
- include_tasks: ddns.yml
tags:
- ddns
- include_tasks: homeassistant.yml
tags:
- homeassistant
- include_tasks: pihole.yml
tags:
- pihole

125
roles/docker/templates/aya01/compose.yaml
View File

@ -51,58 +51,6 @@ services:
- "traefik.http.routers.{{ pihole_host }}.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ pihole_host }}.loadbalancer.server.port=80"
# db:
# image: mariadb
# container_name: zoneminder_db
# restart: unless-stopped
# networks:
# - zoneminder
# volumes:
# - "/etc/localtime:/etc/localtime:ro"
# - "{{ zoneminder_db }}:/var/lib/mysql"
# environment:
# - "MYSQL_DATABASE={{ zoneminder_host }}"
# - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
# - "MYSQL_USER={{ mysql_user }}"
# - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
# - "MAX_LOG_SIZE_BYTES=1000000"
# - "MAX_LOG_NUMBER=20"
# - "TZ=Europe/Berlin"
# zoneminder:
# image: ghcr.io/zoneminder-containers/zoneminder-base:latest
# container_name: zoneminder
# restart: unless-stopped
# stop_grace_period: 45s
# depends_on:
# - db
# - traefik
# networks:
# - zoneminder
# - net
# ports:
# - "{{ zoneminder_port }}:80"
# volumes:
# - "/etc/localtime:/etc/localtime:ro"
# - "{{ zoneminder_data }}:/data"
# - "{{ zoneminder_config }}:/config"
# - "{{ zoneminder_log}}:/log"
# - type: tmpfs
# target: /dev/shm
# tmpfs:
# size: 1000000000
# environment:
# - "MYSQL_DATABASE={{ zoneminder_host }}"
# - "MYSQL_ROOT_PASSWORD={{ vault_mysql_root_password }}"
# - "MYSQL_USER={{ mysql_user }}"
# - "MYSQL_PASSWORD={{ vault_mysql_user_password }}"
# - "MAX_LOG_SIZE_BYTES=1000000"
# - "MAX_LOG_NUMBER=20"
# - "TZ=Europe/Berlin"
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
# - "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
syncthing:
image: syncthing/syncthing
container_name: syncthing
@ -128,23 +76,6 @@ services:
- "traefik.http.routers.{{ syncthing_host }}.rule=Host(`{{ syncthing_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ syncthing_host }}.loadbalancer.server.port={{ syncthing_port }}"
soft-serve:
container_name: soft-serve
image: charmcli/soft-serve:latest
restart: unless-stopped
depends_on:
- pihole
networks:
- net
environment:
- PUID={{puid}}
- PGID={{pgid}}
- TZ={{timezone}}
ports:
- 23231:23231 # ssh
volumes:
- "{{ softserve_data }}:/soft-serve"
cupsd:
container_name: cupsd
image: olbat/cupsd
@ -196,6 +127,8 @@ services:
- pihole
networks:
- net
devices:
- /dev/dri:/dev/dri
ports:
- "{{ plex_port }}:32400"
- "1900:1900"
@ -475,6 +408,60 @@ services:
- "traefik.http.routers.{{ grafana_host }}.rule=Host(`{{ grafana_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ grafana_host }}.loadbalancer.server.port={{ grafana_port }}"
ddns-updater:
container_name: ddns-updater
image: "ghcr.io/qdm12/ddns-updater"
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
volumes:
- "{{ ddns_data }}:/updater/data/"
ports:
- "{{ ddns_port }}:8000/tcp"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ddns-updater.rule=Host(`{{ ddns_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.ddns-updater.loadbalancer.server.port={{ ddns_port }}"
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ ha_config }}:/config/"
privileged: true
ports:
- "{{ ha_port }}:8123"
- 4357:4357
- 5683:5683
- 5683:5683/udp
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.rule=Host(`{{ ha_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.homeassistant.loadbalancer.server.port={{ ha_port }}"
{{stirling.host}}:
container_name: {{stirling.host}}
image: frooodle/s-pdf:latest
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
ports:
- '{{stirling.port}}:8080'
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{stirling.host}}.rule=Host(`{{ stirling.dns }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{stirling.host}}.loadbalancer.server.port={{ 8080 }}"
networks:
zoneminder:
driver: bridge

11
roles/docker/templates/aya01/ddns-updater/data/config.json Normal file
View File

@ -0,0 +1,11 @@
{
"settings": [
{
"provider": "namecheap",
"domain": "{{ local_domain }}",
"host": "{{ local_subdomains }}",
"password": "{{ vault_ddns_borgland_password }}",
"provider_ip": true
}
]
}

73
roles/docker/templates/mii/swag/site-confs/default.conf Normal file
View File

@ -0,0 +1,73 @@
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://$host$request_uri;
}
}
# main server block
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /config/www;
index index.html index.htm index.php;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable for basic auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
try_files $uri $uri/ /index.html /index.php$is_args$args =404;
}
location /ip {
add_header Content-Type "text/plain";
return 200 '$remote_addr\n';
}
location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# deny access to .htaccess/.htpasswd files
location ~ /\.ht {
deny all;
}
}
# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;
# enable proxy cache for auth
proxy_cache_path cache/ keys_zone=auth_cache:10m;

39
roles/docker/templates/pi/compose.yaml
View File

@ -45,45 +45,6 @@ services:
- "traefik.http.routers.pihole.rule=Host(`{{ pihole_host }}.{{ pi_host }}.{{ local_domain }}`)"
- "traefik.http.services.pihole.loadbalancer.server.port={{ 80 }}"
ddns-updater:
container_name: ddns-updater
image: "ghcr.io/qdm12/ddns-updater"
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
volumes:
- "{{ ddns_data }}:/updater/data/"
ports:
- "{{ ddns_port }}:8000/tcp"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ddns-updater.rule=Host(`{{ ddns_host }}.{{ pi_host }}.{{local_domain}}`)"
- "traefik.http.services.ddns-updater.loadbalancer.server.port={{ ddns_port }}"
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
restart: unless-stopped
depends_on:
- pihole
networks:
net: {}
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ ha_config }}:/config/"
privileged: true
ports:
- "{{ ha_port }}:8123"
- 4357:4357
- 5683:5683
- 5683:5683/udp
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.rule=Host(`{{ ha_host }}.{{ pi_host }}.{{ local_domain }}`)"
- "traefik.http.services.homeassistant.loadbalancer.server.port={{ ha_port }}"
networks:
net:
driver: bridge

1
roles/mikrotik_exporter/tasks/main.yml
View File

@ -1 +0,0 @@
- include_tasks: docker.yml

0
roles/nginx/tasks/main.yml Normal file
View File

2
roles/snmp_exporter/tasks/docker.yml
View File

@ -2,7 +2,7 @@
docker_container:
image: prom/snmp-exporter
name: "{{ snmp_exporter_host }}"
restart_policy: "unless-stopped"
restart_policy: unless-stopped
networks:
- name: compose_net
env:

31
roles/swag/tasks/docker.yml
View File

@ -1,31 +0,0 @@
---
- name: Create swag container
docker_container:
image: lscr.io/linuxserver/swag:latest
name: "{{ swag_host }}"
restart_policy: "unless-stopped"
networks:
- name: "{{ docker_net_name }}"
ipv4_address: 172.16.69.2
aliases: "{{ swag_host }}"
dns_servers:
- "{{ aya01_ip }}"
- "{{ pi_ip }}"
- 1.1.1.1
capabilities:
- NET_ADMIN
env:
PUID: "{{ puid }}"
PGID: "{{ pgid }}"
TZ: "{{ timezone }}"
URL: "{{ remote_domain }}"
VALIDATION: "http"
SUBDOMAINS: "{{ swag_subdomains }}"
DNSPLUGIN: "cloudflare"
EMAIL: "{{ swag_email }}"
ONLY_SUBDOMAINS: "false"
volumes:
- "{{ swag_config }}:/config"
ports:
- "{{ swag_port }}:443"
- 80:80 #optional

3
roles/swag/tasks/main.yml
View File

@ -1,3 +0,0 @@
---
- include_tasks: setup.yml
- include_tasks: docker.yml

20
roles/swag/tasks/setup.yml
View File

@ -1,20 +0,0 @@
---
- name: Create swag-config directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
state: directory
loop:
- "{{ swag_config }}"
- name: Copy site-confs
template:
owner: "{{ puid }}"
group: "{{ pgid }}"
src: "{{ item }}"
dest: "{{ swag_remote_site_confs }}"
mode: '664'
loop: "{{ swag_site_confs }}"
become: true

29
roles/swag/templates/grafana.subdomain.conf
View File

@ -1,29 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ grafana_host }}.{{ remote_domain }};
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ aya01_ip }};
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/grafana)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ aya01_ip }};
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

30
roles/swag/templates/plex.subdomain.conf
View File

@ -1,30 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ plex_host }}.{{ remote_domain }};
include /config/nginx/ssl.conf;
client_max_body_size 0;
proxy_redirect off;
proxy_buffering off;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://{{ plex_host }}.{{ aya01_host }}.{{ local_domain }};
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
}
}

34
roles/swag/templates/tautulli.subdomain.conf
View File

@ -1,34 +0,0 @@
## Version 2023/02/05
# make sure that your tautulli container is named tautulli
# make sure that your dns has a cname set for tautulli
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ tautulli_host }}.{{ remote_domain }};
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
location ~ (/tautulli)?/api {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
location ~ (/tautulli)?/newsletter {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
location ~ (/tautulli)?/image {
include /config/nginx/resolver.conf;
proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
}
}

17
roles/swag/templates/uptime-kuma.subdomain.conf
View File

@ -1,17 +0,0 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ kuma_host }}.{{ remote_domain }};
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/resolver.conf;
proxy_pass http://{{ kuma_host }}.{{ aya01_host }}.{{ local_domain }};
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}