feat(docker): match services that moved to k3s

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

.ansible-lint

@@ -13,6 +13,8 @@ skip_list:
   - fqcn-builtins
   - no-handler
   - var-naming
+  - no-changed-when
+  - risky-shell-pipe
 
 # Enforce certain rules that are not enabled by default.
 enable_list:

playbooks/docker-host.yml

@@ -3,9 +3,9 @@
   hosts: docker_host
   gather_facts: true
   roles:
-    - role: common
+    # - role: common
-      tags:
+    #   tags:
-        - common
+    #     - common
     - role: docker_host
       tags:
         - docker_host

roles/common/tasks/extra_packages.yml

@@ -79,12 +79,13 @@
     path: ~/.config/nvim
   register: nvim_config
 
-- name: Clone LazyVim starter to Neovim config directory
+- name: Clone personal Neovim config directory
   ansible.builtin.git:
-    repo: https://github.com/LazyVim/starter
+    repo: https://codeberg.org/tudattr/nvim
     dest: ~/.config/nvim
     clone: true
     update: false
+    version: 1.0.0
   when: not nvim_config.stat.exists
 
 - name: Remove .git directory from Neovim config

roles/docker_host/tasks/40_directory_setup.yml

@@ -38,4 +38,5 @@
     - /media/series
     - /media/movies
     - /media/songs
+    - /media/downloads
   become: true

roles/docker_host/tasks/main.yml

@@ -11,8 +11,8 @@
 - name: Setup directory structure for docker
   ansible.builtin.include_tasks: 40_directory_setup.yml
 
-- name: Deploy configs
+# - name: Deploy configs
-  ansible.builtin.include_tasks: 50_provision.yml
+#   ansible.builtin.include_tasks: 50_provision.yml
 
 - name: Deploy docker compose
   ansible.builtin.include_tasks: 60_deploy_compose.yml

roles/docker_host/vars/main.yml

@@ -1,7 +1,5 @@
 docker_host_package_common_dependencies:
   - nfs-common
-  - firmware-misc-nonfree
-  - linux-image-amd64
 
 apt_lock_files:
   - /var/lib/dpkg/lock

roles/proxmox/README.md

@@ -2,11 +2,6 @@
 
 This role facilitates the management of Proxmox VE resources, including virtual machines (VMs) and LXC containers. It automates the setup of Proxmox nodes and the creation, configuration, and destruction of guests.
 
-## Requirements
-
-- `community.general.proxmox_vm_info`
-- `community.general.proxmox_kvm`
-
 ## Role Variables
 
 | Variable | Description | Default Value |

roles/proxmox/files/check_proxmox_vm.sh

@@ -65,11 +65,11 @@ restart_vm() {
 }
 
 # Main execution
-log_message "Starting monitoring of VM $VM_ID on port $PORT..."
+# log_message "Starting monitoring of VM $VM_ID on port $PORT..."
 
 # Check if port 22 is open
 if ! check_port; then
 	restart_vm
-else
+# else
-	log_message "Port $PORT is reachable. VM is running normally."
+# 	log_message "Port $PORT is reachable. VM is running normally."
 fi

roles/proxmox/tasks/06_hardware_acceleration.yml

@@ -23,6 +23,7 @@
       vfio_virqfd
     create: true
     backup: true
+    mode: 644
   register: vfio_result
 
 - name: Update initramfs

roles/proxmox/tasks/15_create_secret.yml

@@ -1,7 +1,6 @@
 ---
 - name: Decrypt vm vault file
   ansible.builtin.shell: cd ../; ansible-vault decrypt "./playbooks/{{ proxmox_vault_file }}"
-  ignore_errors: true
   no_log: true
 
 - name: Load existing vault content
@@ -43,5 +42,4 @@
 
 - name: Encrypt vm vault file
   ansible.builtin.shell: cd ../; ansible-vault encrypt "./playbooks/{{ proxmox_vault_file }}"
-  ignore_errors: true
   no_log: true

roles/proxmox/tasks/54_destroy_vm.yml

@@ -1,6 +1,6 @@
 ---
 - name: Gather info about VM
-  community.general.proxmox_vm_info:
+  community.proxmox.proxmox_vm_info:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -9,7 +9,7 @@
   register: vm_info
 
 - name: Stop VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -21,7 +21,7 @@
   when: vm_info.proxmox_vms | length > 0
 
 - name: Destroy VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"

roles/proxmox/tasks/55_create_vm.yml

@@ -1,6 +1,6 @@
 ---
 - name: Create VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"

roles/proxmox/tasks/56_provision_new_vm.yml

@@ -25,7 +25,7 @@
   delegate_to: "{{ vm.node }}"
 
 - name: Start VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -42,7 +42,7 @@
     seconds: 5
 
 - name: Start VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -99,7 +99,7 @@
 - name: Creates PATH-entry for crontab
   ansible.builtin.cron:
     name: PATH
-    env: yes
+    env: true
     job: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
   delegate_to: "{{ vm.node }}"
 

roles/proxmox/tasks/57_stop_and_verify_vm.yml

@@ -5,7 +5,7 @@
         retry_count: "{{ 0 if retry_count is undefined else retry_count | int + 1 }}"
 
     - name: Stop VM
-      community.general.proxmox_kvm:
+      community.proxmox.proxmox_kvm:
         api_user: "{{ proxmox_api_user }}@pam"
         api_token_id: "{{ proxmox_api_token_id }}"
         api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -16,7 +16,7 @@
         force: true
 
     - name: Wait until VM is fully stopped
-      community.general.proxmox_vm_info:
+      community.proxmox.proxmox_vm_info:
         api_user: "{{ proxmox_api_user }}@pam"
         api_token_id: "{{ proxmox_api_token_id }}"
         api_token_secret: "{{ proxmox_api_token_secret }}"

roles/reverse_proxy/tasks/50_netcup_dns.yml

@@ -1,14 +1,14 @@
 ---
-- name: Setup DNS on Netcup
+# - name: Setup DNS on Netcup
-  community.general.netcup_dns:
+#   community.general.netcup_dns:
-    api_key: "{{ netcup_api_key }}"
+#     api_key: "{{ netcup_api_key }}"
-    api_password: "{{ netcup_api_password }}"
+#     api_password: "{{ netcup_api_password }}"
-    customer_id: "{{ netcup_customer_id }}"
+#     customer_id: "{{ netcup_customer_id }}"
-    domain: "{{ domain }}"
+#     domain: "{{ domain }}"
-    name: "{{ service.name }}"
+#     name: "{{ service.name }}"
-    type: "A"
+#     type: "A"
-    value: "{{ hostvars['docker-lb'].ansible_default_ipv4.address }}"
+#     value: "{{ hostvars['docker-lb'].ansible_default_ipv4.address }}"
-  loop: "{{ services }}"
+#   loop: "{{ services }}"
-  loop_control:
+#   loop_control:
-    loop_var: service
+#     loop_var: service
-  delegate_to: localhost
+#   delegate_to: localhost

vars/docker.ini

@@ -1,6 +1,5 @@
 [docker_host]
 docker-host11
-docker-host10
 docker-host12
 
 [docker_lb]

vars/group_vars/docker/docker.yml

@@ -24,58 +24,6 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=Europe/Berlin
-  - name: plex
-    vm:
-      - docker-host10
-    container_name: plex
-    image: lscr.io/linuxserver/plex:1.41.5
-    volumes:
-      - name: "Configuration"
-        internal: /config
-        external: "{{ docker.directories.local }}/plex/config/"
-      - name: "TV Series"
-        internal: /tv:ro
-        external: /media/series
-      - name: "Movies"
-        internal: /movies:ro
-        external: /media/movies
-      - name: "Music"
-        internal: /music:ro
-        external: /media/songs
-    devices:
-      - name: "Graphics Card"
-        internal: /dev/dri
-        external: /dev/dri
-    ports:
-      - name: "http"
-        internal: 32400
-        external: "{{ services_external_http.plex }}"
-      - name: ""
-        internal: 1900
-        external: 1900
-      - name: ""
-        internal: 3005
-        external: 3005
-      - name: ""
-        internal: 5353
-        external: 5353
-      - name: ""
-        internal: 32410
-        external: 32410
-      - name: ""
-        internal: 8324
-        external: 8324
-      - name: ""
-        internal: 32412
-        external: 32412
-      - name: ""
-        internal: 32469
-        external: 32469
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Berlin
-      - VERSION=docker
   - name: jellyfin
     vm:
       - docker-host11
@@ -106,32 +54,6 @@ services:
         internal: 8096
         external: "{{ services_external_http.jellyfin }}"
     environment:
-  - name: hass
-    vm:
-      - docker-host11
-    container_name: homeassistant
-    image: "ghcr.io/home-assistant/home-assistant:stable"
-    privileged: true
-    volumes:
-      - name: "Configuration"
-        internal: /config/
-        external: "{{ docker.directories.local }}/home-assistant/config/"
-      - name: "Local Time"
-        internal: /etc/localtime:ro
-        external: /etc/localtime
-    ports:
-      - name: "http"
-        internal: 8123
-        external: "{{ services_external_http.hass }}"
-      - name: ""
-        internal: 4357
-        external: 4357
-      - name: ""
-        internal: 5683
-        external: 5683
-      - name: ""
-        internal: 5683
-        external: 5683
   - name: ddns
     vm:
       - docker-host12
@@ -145,52 +67,6 @@ services:
       - name: "http"
         internal: 8000
         external: "{{ services_external_http.ddns }}"
-  - name: sonarr
-    vm:
-      - docker-host12
-    container_name: sonarr
-    image: linuxserver/sonarr:4.0.14
-    volumes:
-      - name: "Configuration"
-        internal: /config
-        external: "{{ docker.directories.local }}/sonarr/config"
-      - name: "Tv Series"
-        internal: /tv
-        external: /media/series
-      - name: "Torrent Downloads"
-        internal: /downloads
-        external: /media/docker/data/arr_downloads/sonarr
-    ports:
-      - name: "http"
-        internal: 8989
-        external: "{{ services_external_http.sonarr }}"
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Berlin
-  - name: radarr
-    vm:
-      - docker-host12
-    container_name: radarr
-    image: linuxserver/radarr:5.21.1
-    volumes:
-      - name: "Configuration"
-        internal: /config
-        external: "{{ docker.directories.local }}/radarr/config"
-      - name: "Movies"
-        internal: /movies
-        external: /media/movies
-      - name: "Torrent Downloads"
-        internal: /downloads
-        external: /media/docker/data/arr_downloads/radarr
-    ports:
-      - name: "http"
-        internal: 7878
-        external: "{{ services_external_http.radarr }}"
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Berlin
   - name: lidarr
     vm:
       - docker-host12
@@ -205,7 +81,7 @@ services:
         external: /media/songs
       - name: "Torrent Downloads"
         internal: /downloads
-        external: /media/docker/data/arr_downloads/lidarr
+        external: /media/downloads/lidarr
     ports:
       - name: "http"
         internal: 8686
@@ -214,74 +90,6 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=Europe/Berlin
-  - name: prowlarr
-    vm:
-      - docker-host12
-    container_name: prowlarr
-    image: linuxserver/prowlarr:1.32.2
-    volumes:
-      - name: "Configuration"
-        internal: /config
-        external: "{{ docker.directories.local }}/prowlarr/config"
-    ports:
-      - name: "http"
-        internal: 9696
-        external: "{{ services_external_http.prowlarr }}"
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Berlin
-  - name: paperless
-    vm:
-      - docker-host12
-    container_name: paperless
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.14
-    depends_on:
-      - paperless-postgres
-      - paperless-redis
-    volumes:
-      - name: "Configuration"
-        internal: /usr/src/paperless/data
-        external: "{{ docker.directories.local }}/paperless/data/data"
-      - name: "Media"
-        internal: /usr/src/paperless/media
-        external: "{{ docker.directories.local }}/paperless/data/media"
-      - name: "Document Export"
-        internal: /usr/src/paperless/export
-        external: "{{ docker.directories.local }}/paperless/data/export"
-      - name: "Document Consume"
-        internal: /usr/src/paperless/consume
-        external: "{{ docker.directories.local }}/paperless/data/consume"
-    environment:
-      - "PAPERLESS_REDIS=redis://paperless-redis:6379"
-      - "PAPERLESS_DBHOST=paperless-postgres"
-      - "PAPERLESS_DBUSER=paperless"
-      - "PAPERLESS_DBPASS={{ vault_docker.paperless.dbpass }}"
-      - "USERMAP_UID=1000"
-      - "USERMAP_GID=1000"
-      - "PAPERLESS_URL=https://paperless.{{ domain }}"
-      - "PAPERLESS_TIME_ZONE=Europe/Berlin"
-      - "PAPERLESS_OCR_LANGUAGE=deu"
-    ports:
-      - name: "http"
-        internal: 8000
-        external: "{{ services_external_http.paperless }}"
-    sub_service:
-      - name: postgres
-        version: 15
-        username: paperless
-        password: "{{ vault_docker.paperless.dbpass }}"
-      - name: redis
-        version: 7
-  - name: pdf
-    vm:
-      - docker-host12
-    container_name: stirling
-    image: frooodle/s-pdf:0.45.0
-    ports:
-      - name: "http"
-        internal: 8080
-        external: "{{ services_external_http.pdf }}"
   - name: git
     vm:
       - docker-host11
@@ -370,7 +178,7 @@ services:
         external: "{{ docker.directories.local }}/torrentleech/config"
       - name: "Downloads"
         internal: /downloads
-        external: /media/docker/data/arr_downloads
+        external: /media/downloads
     ports:
       - name: "http"
         internal: proxy_only
@@ -395,7 +203,7 @@ services:
         external: "{{ docker.directories.local }}/qbit/config"
       - name: "Downloads"
         internal: /downloads
-        external: /media/docker/data/arr_downloads
+        external: /media/downloads
     ports:
       - name: "http"
         internal: proxy_only
@@ -406,97 +214,3 @@ services:
       - TZ=Europe/Berlin
       - QBT_EULA="accept"
       - QBT_WEBUI_PORT="8082"
-  - name: cadvisor
-    vm:
-      - docker-host10
-      - docker-host11
-      - docker-host12
-    container_name: cadvisor
-    image: gcr.io/cadvisor/cadvisor:v0.52.1
-    ports:
-      - name: ""
-        internal: 8080
-        external: 8081
-    volumes:
-      - name: "Root"
-        internal: /rootfs:ro
-        external: /
-      - name: "Run"
-        internal: /var/run:rw
-        external: /var/run
-      - name: "System"
-        internal: /sys:ro
-        external: /sys
-      - name: "Docker"
-        internal: /var/lib/docker:ro
-        external: /var/lib/docker
-  - name: karakeep
-    vm:
-      - docker-host11
-    container_name: karakeep
-    image: ghcr.io/karakeep-app/karakeep:0.23.2
-    ports:
-      - name: "http"
-        internal: 3000
-        external: "{{ services_external_http.karakeep }}"
-    volumes:
-      - name: "Data"
-        internal: /data
-        external: "{{ docker.directories.local }}/karakeep/config"
-    environment:
-      - MEILI_ADDR=http://karakeep-meilisearch:7700
-      - BROWSER_WEB_URL=http://karakeep-chrome:9222
-      - NEXTAUTH_SECRET={{ vault_docker.karakeep.nextauth_secret }}
-      - MEILI_MASTER_KEY={{ vault_docker.karakeep.meili_master_key }}
-      - NEXTAUTH_URL=https://karakeep.tudattr.dev/
-      - OPENAI_API_KEY={{ vault_docker.karakeep.openai_key }}
-      - DATA_DIR=/data
-      - DISABLE_SIGNUPS=true
-    sub_service:
-      - name: meilisearch
-        version: v1.11.1
-        nextauth_secret: "{{ vault_docker.karakeep.nextauth_secret }}"
-        meili_master_key: "{{ vault_docker.karakeep.meili_master_key }}"
-        openai_key: "{{ vault_docker.karakeep.openai_key }}"
-      - name: chrome
-        version: 123
-#  - name: keycloak
-#    vm:
-#      - docker-host11
-#    container_name: keycloak
-#    image: quay.io/keycloak/keycloak:26.2
-#    depends_on:
-#      - keycloak-postgres
-#    ports:
-#      - name: "http"
-#        internal: 8080
-#        external: "{{ services_external_http.keycloak }}"
-#    volumes:
-#      - name: "config"
-#        internal: /opt/keycloak/data/import/homelab-realm.json
-#        external: "{{ docker.directories.local }}/keycloak/homelab-realm.json"
-#      - name: "config"
-#        internal: /opt/keycloak/data/import/master-realm.json
-#        external: "{{ docker.directories.local }}/keycloak/master-realm.json"
-#    command:
-#      - "start"
-#      - "--import-realm"
-#    environment:
-#      - KC_DB=postgres
-#      - KC_DB_URL=jdbc:postgresql://keycloak-postgres:5432/keycloak
-#      - KC_DB_USERNAME={{ keycloak_config.database.username }}
-#      - KC_DB_PASSWORD={{ keycloak_config.database.password }}
-#      - KC_HOSTNAME=keycloak.{{ internal_domain }}
-#      - KC_HTTP_ENABLED=true
-#      - KC_HTTP_RELATIVE_PATH=/
-#      - KC_PROXY=edge
-#      - KC_PROXY_HEADERS=xforwarded
-#      - KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }}
-#      - KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }}
-#      - KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }}
-#      - KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault_docker.keycloak.admin.password }}
-#    sub_service:
-#      - name: postgres
-#        version: 17
-#        username: "{{ keycloak_config.database.username }}"
-#        password: "{{ keycloak_config.database.password }}"