sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Applied ansible-lint fixes

Browse source
This commit is contained in:
Sonny Bakker 2025-12-25 19:48:13 +01:00
parent aa4d106cd3
commit d52ae67f56
33 changed files with 495 additions and 465 deletions
Download patch file Download diff file Expand all files Collapse all files

36
tasks/docker.yml
View file

@ -1,35 +1,35 @@
- name: 'prepare apt keyring'
---
- name: "Prepare apt keyring"
become: true
command: install -m 0755 -d /etc/apt/keyrings
- name: 'create docker directory'
ansible.builtin.command: install -m 0755 -d /etc/apt/keyrings
- name: "Create docker directory"
become: true
file:
path: '/etc/docker'
ansible.builtin.file:
path: "/etc/docker"
state: directory
owner: root
- name: 'copy docker files'
- name: "Copy docker files"
become: true
copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
loop:
- { src: 'files/docker/apt.gpg', dest: '/etc/apt/keyrings/docker.gpg' }
- { src: 'files/docker/config.json', dest: '/etc/docker/daemon.json' }
- { src: "files/docker/apt.gpg", dest: "/etc/apt/keyrings/docker.gpg" }
- { src: "files/docker/config.json", dest: "/etc/docker/daemon.json" }
notify: restart docker service
- name: 'install docker apt source'
- name: "Install docker apt source"
become: true
template:
src: 'templates/docker.j2'
dest: '/etc/apt/sources.list.d/docker.list'
ansible.builtin.template:
src: "templates/docker.j2"
dest: "/etc/apt/sources.list.d/docker.list"
owner: root
- name: 'install docker'
- name: "Install docker"
become: true
apt:
ansible.builtin.apt:
update_cache: true
state: present
name:

35
tasks/forgejo.yml
View file

@ -1,3 +1,4 @@
---
- name: Create git user
become: true
ansible.builtin.user:
@ -9,54 +10,54 @@
- name: Create required directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- path: '{{ forgejo_app_dir }}'
- path: "{{ forgejo_app_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- path: '{{ forgejo_data_dir }}'
- path: "{{ forgejo_data_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- path: '{{ forgejo_postgres_password }}'
- path: "{{ forgejo_postgres_password }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- name: Copy docker-compose file
ansible.builtin.template:
src: templates/forgejo/docker-compose.j2
dest: '{{ forgejo_app_dir }}/docker-compose.yml'
mode: '0755'
dest: "{{ forgejo_app_dir }}/docker-compose.yml"
mode: "0755"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
state: present

27
tasks/glitchtip.yml
View file

@ -1,42 +1,43 @@
---
- name: Create required directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- path: '{{ glitchtip_app_dir }}'
- path: "{{ glitchtip_app_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- name: Copy docker-compose file
ansible.builtin.template:
src: templates/glitchtip/docker-compose.j2
dest: '{{ glitchtip_app_dir }}/docker-compose.yml'
mode: '0750'
dest: "{{ glitchtip_app_dir }}/docker-compose.yml"
mode: "0750"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
state: present

37
tasks/jellyfin.yml
View file

@ -1,29 +1,30 @@
---
- name: Create directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
path: "{{ item.path }}"
state: directory
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
loop:
- path: '{{ jellyfin_configuration_dir }}'
- path: "{{ jellyfin_configuration_dir }}"
owner: sonny
group: sonny
- path: '{{ jellyfin_media_dir }}'
- path: "{{ jellyfin_media_dir }}"
owner: sonny
group: sonny
- path: '{{ jellyfin_cache_dir }}'
- path: "{{ jellyfin_cache_dir }}"
owner: sonny
group: sonny
- path: '{{ jellyfin_app_dir }}'
- path: "{{ jellyfin_app_dir }}"
owner: root
group: root
- path: '{{ jellyfin_app_dir }}/nginx.conf.d'
- path: "{{ jellyfin_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
@ -31,38 +32,38 @@
become: true
ansible.builtin.template:
src: templates/jellyfin/docker-compose.j2
dest: '{{ jellyfin_app_dir }}/docker-compose.yml'
dest: "{{ jellyfin_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: 'templates/jellyfin/nginx.j2'
dest: '{{ jellyfin_app_dir }}/nginx.conf.d/default.conf'
src: "templates/jellyfin/nginx.j2"
dest: "{{ jellyfin_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Stop jellyfin
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
state: stopped
- name: Pull {{ image_tag }}
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
remove_orphans: true
state: stopped
- name: Start jellyfin
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
state: present

63
tasks/mpd.yml
View file

@ -1,3 +1,4 @@
---
- name: Stop systemd mpd service
become: true
ansible.builtin.systemd:
@ -15,92 +16,92 @@
- name: Remove previous configurations
become: true
ansible.builtin.file:
path: '{{ item.path }}'
path: "{{ item.path }}"
state: absent
loop:
- path: '/etc/systemd/system/mpd.service.d'
- path: '/etc/systemd/system/mpd.socket.d'
- path: "/etc/systemd/system/mpd.service.d"
- path: "/etc/systemd/system/mpd.socket.d"
- name: Create mpd directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ mpd_config_dir }}'
- path: "{{ mpd_config_dir }}"
owner: sonny
group: sonny
- path: '{{ mpd_playlist_dir }}'
- path: "{{ mpd_playlist_dir }}"
owner: sonny
group: sonny
- path: '{{ mpd_state_dir }}'
- path: "{{ mpd_state_dir }}"
owner: sonny
group: sonny
- path: '{{ mpd_app_dir }}'
- path: "{{ mpd_app_dir }}"
owner: root
group: root
- name: Copy mpd templates
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- src: templates/mpd/config.j2
dest: '{{ mpd_config_dir }}/mpd.conf'
mode: '0640'
dest: "{{ mpd_config_dir }}/mpd.conf"
mode: "0640"
owner: sonny
group: sonny
- src: templates/mpd/dockerfile.j2
dest: '{{ mpd_app_dir }}/Dockerfile'
mode: '0755'
dest: "{{ mpd_app_dir }}/Dockerfile"
mode: "0755"
owner: sonny
group: sonny
- src: templates/mpd/docker-compose.j2
dest: '{{ mpd_app_dir }}/docker-compose.yml'
mode: '0755'
dest: "{{ mpd_app_dir }}/docker-compose.yml"
mode: "0755"
owner: sonny
group: sonny
- name: Create mpd files
ansible.builtin.file:
path: '{{ item }}'
mode: '0755'
path: "{{ item }}"
mode: "0755"
state: touch
loop:
- '{{ mpd_config_dir }}/db'
- '{{ mpd_config_dir }}/sticker.sql'
- '{{ mpd_state_dir }}/state'
- "{{ mpd_config_dir }}/db"
- "{{ mpd_config_dir }}/sticker.sql"
- "{{ mpd_state_dir }}/state"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
state: stopped
- name: Build image
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
build: always
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
state: present

35
tasks/network.yml
View file

@ -1,17 +1,18 @@
---
- name: Copy network configuration files
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: 'templates/network/link1.link.j2'
dest: '/etc/systemd/network/98-link1.link'
- src: "templates/network/link1.link.j2"
dest: "/etc/systemd/network/98-link1.link"
- src: 'templates/network/link1.network.j2'
dest: '/etc/systemd/network/98-link1.network'
- src: "templates/network/link1.network.j2"
dest: "/etc/systemd/network/98-link1.network"
notify:
- restart systemd-networkd
- regenerate initramfs # copies the files into the initramfs for when udev needs them
@ -19,34 +20,34 @@
- name: Set hostname
become: true
ansible.builtin.hostname:
name: '{{ hostname }}'
name: "{{ hostname }}"
use: systemd
- name: Copy hosts file
become: true
ansible.builtin.template:
src: 'network/hosts.j2'
dest: '/etc/hosts'
mode: '0644'
src: "network/hosts.j2"
dest: "/etc/hosts"
mode: "0644"
owner: root
- name: Copy resolved.conf configuration
become: true
ansible.builtin.template:
src: 'network/resolved.j2'
dest: '/etc/systemd/resolved.conf'
mode: '0644'
src: "network/resolved.j2"
dest: "/etc/systemd/resolved.conf"
mode: "0644"
owner: root
notify: restart systemd-resolved
- name: Copy firewall template
become: true
ansible.builtin.template:
src: 'templates/nftables.j2'
dest: '/etc/nftables.conf'
src: "templates/nftables.j2"
dest: "/etc/nftables.conf"
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- restart nftables
- restart docker service

31
tasks/newsreader.yml
View file

@ -1,41 +1,42 @@
---
- name: Create newsreader app directory
become: true
ansible.builtin.file:
path: '{{ newsreader_app_dir }}'
path: "{{ newsreader_app_dir }}"
state: directory
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Clone project
ansible.builtin.git:
repo: '{{ newsreader_app_repository }}'
dest: '{{ newsreader_app_dir }}'
version: '{{ newsreader_app_ref }}'
repo: "{{ newsreader_app_repository }}"
dest: "{{ newsreader_app_dir }}"
version: "{{ newsreader_app_ref }}"
- name: Copy templates
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: templates/newsreader/env.j2
dest: '{{ newsreader_app_dir }}/.production.env'
mode: '0750'
dest: "{{ newsreader_app_dir }}/.production.env"
mode: "0750"
- src: templates/newsreader/docker-compose.j2
dest: '{{ newsreader_app_dir }}/docker-compose.resources.yml'
mode: '0750'
dest: "{{ newsreader_app_dir }}/docker-compose.resources.yml"
mode: "0750"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ newsreader_app_dir }}'
project_src: "{{ newsreader_app_dir }}"
env_files:
- .production.env
state: absent
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ newsreader_app_dir }}'
project_src: "{{ newsreader_app_dir }}"
remove_orphans: true
state: absent
@ -53,6 +54,6 @@
- docker-compose.yml
- docker-compose.production.yml
- docker-compose.resources.yml
project_src: '{{ newsreader_app_dir }}'
project_src: "{{ newsreader_app_dir }}"
build: always
state: present

58
tasks/nginx.yml
View file

@ -1,44 +1,44 @@
---
- name: Copy nginx configuration files
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0644'
mode: "0644"
loop:
- src: 'templates/nginx/default.j2'
dest: '/etc/nginx/sites-available/default'
- src: 'templates/nginx/forgejo.j2'
dest: '/etc/nginx/sites-available/forgejo'
- src: 'templates/nginx/woodpecker.j2'
dest: '/etc/nginx/sites-available/woodpecker'
- src: 'templates/nginx/glitchtip.j2'
dest: '/etc/nginx/sites-available/glitchtip'
- src: 'templates/nginx/newsreader.j2'
dest: '/etc/nginx/sites-available/newsreader'
- src: "templates/nginx/default.j2"
dest: "/etc/nginx/sites-available/default"
- src: "templates/nginx/forgejo.j2"
dest: "/etc/nginx/sites-available/forgejo"
- src: "templates/nginx/woodpecker.j2"
dest: "/etc/nginx/sites-available/woodpecker"
- src: "templates/nginx/glitchtip.j2"
dest: "/etc/nginx/sites-available/glitchtip"
- src: "templates/nginx/newsreader.j2"
dest: "/etc/nginx/sites-available/newsreader"
notify: restart nginx
- name: Create configuration links
become: true
ansible.builtin.file:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: link
loop:
- src: '/etc/nginx/sites-available/default'
dest: '/etc/nginx/sites-enabled/default'
- src: '/etc/nginx/sites-available/forgejo'
dest: '/etc/nginx/sites-enabled/forgejo'
- src: '/etc/nginx/sites-available/woodpecker'
dest: '/etc/nginx/sites-enabled/woodpecker'
- src: '/etc/nginx/sites-available/glitchtip'
dest: '/etc/nginx/sites-enabled/glitchtip'
- src: '/etc/nginx/sites-available/newsreader'
dest: '/etc/nginx/sites-enabled/newsreader'
- src: "/etc/nginx/sites-available/default"
dest: "/etc/nginx/sites-enabled/default"
- src: "/etc/nginx/sites-available/forgejo"
dest: "/etc/nginx/sites-enabled/forgejo"
- src: "/etc/nginx/sites-available/woodpecker"
dest: "/etc/nginx/sites-enabled/woodpecker"
- src: "/etc/nginx/sites-available/glitchtip"
dest: "/etc/nginx/sites-enabled/glitchtip"
- src: "/etc/nginx/sites-available/newsreader"
dest: "/etc/nginx/sites-enabled/newsreader"
notify: restart nginx
# Run the folowing command to regenerate a certificate:
#
# sudo certbot certonly \
@ -55,11 +55,11 @@
- name: Copy letsencrypt configuration
become: true
ansible.builtin.template:
src: 'templates/letsencrypt/cli.j2'
dest: '/etc/letsencrypt/cli.ini'
src: "templates/letsencrypt/cli.j2"
dest: "/etc/letsencrypt/cli.ini"
owner: root
group: root
mode: '0644'
mode: "0644"
notify: restart certbot
- name: Enable certbot periodic certificate renewal

57
tasks/radicale.yml
View file

@ -1,3 +1,4 @@
---
- name: Stop previous radicale service
become: true
ansible.builtin.systemd:
@ -24,13 +25,13 @@
- name: Remove radicale virtualenv directory
become: true
ansible.builtin.file:
path: '/usr/local/lib/radicale'
path: "/usr/local/lib/radicale"
state: absent
- name: Remove Radicale files
become: true
ansible.builtin.file:
path: '{{ item }}'
path: "{{ item }}"
state: absent
loop:
- /etc/nginx/radicale
@ -41,85 +42,85 @@
- name: Create Radicale directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ radicale_app_dir }}'
- path: "{{ radicale_app_dir }}"
owner: root
group: root
- path: '{{ radicale_collection_dir }}'
- path: "{{ radicale_collection_dir }}"
owner: sonny
group: sonny
- path: '{{ radicale_app_dir }}/nginx.conf.d'
- path: "{{ radicale_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
- name: Copy Radicale docker file
become: true
ansible.builtin.template:
src: 'templates/radicale/dockerfile.j2'
dest: '{{ radicale_app_dir }}/Dockerfile'
src: "templates/radicale/dockerfile.j2"
dest: "{{ radicale_app_dir }}/Dockerfile"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy docker compose
become: true
ansible.builtin.template:
src: 'templates/radicale/docker-compose.j2'
dest: '{{ radicale_app_dir }}/docker-compose.yml'
src: "templates/radicale/docker-compose.j2"
dest: "{{ radicale_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy Radicale configuration
become: true
ansible.builtin.template:
src: 'templates/radicale/conf.j2'
dest: '{{ radicale_app_dir }}/config'
src: "templates/radicale/conf.j2"
dest: "{{ radicale_app_dir }}/config"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy Radicale user file
become: true
ansible.builtin.copy:
src: 'files/radicale/radicale_users'
dest: '{{ radicale_app_dir }}/radicale_users'
src: "files/radicale/radicale_users"
dest: "{{ radicale_app_dir }}/radicale_users"
owner: sonny
group: sonny
mode: '0750'
mode: "0750"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: 'templates/radicale/nginx.j2'
dest: '{{ radicale_app_dir }}/nginx.conf.d/default.conf'
src: "templates/radicale/nginx.j2"
dest: "{{ radicale_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
build: always
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
state: present

21
tasks/setup.yml
View file

@ -1,26 +1,27 @@
---
- name: Copy nsswitch file
become: true
ansible.builtin.template:
src: 'nsswitch.j2'
dest: '/etc/nsswitch.conf'
mode: '0644'
src: "nsswitch.j2"
dest: "/etc/nsswitch.conf"
mode: "0644"
owner: root
- name: Copy ssh template
become: true
ansible.builtin.template:
src: 'templates/ssh.j2'
dest: '/etc/ssh/sshd_config'
src: "templates/ssh.j2"
dest: "/etc/ssh/sshd_config"
owner: root
group: root
mode: '0644'
mode: "0644"
notify: restart ssh
- name: Copy wezterm terminfo file
ansible.builtin.copy:
src: 'files/wezterm.terminfo'
src: "files/wezterm.terminfo"
dest: /home/sonny/.terminfo
mode: '0755'
mode: "0755"
notify: Compile wezterm terminfo file
- name: Disable user lingering
@ -31,10 +32,10 @@
become: true
ansible.builtin.template:
src: templates/unattended-upgrades.j2
dest: '/etc/apt/apt.conf.d/10periodic'
dest: "/etc/apt/apt.conf.d/10periodic"
owner: root
group: root
mode: '0755'
mode: "0755"
- name: Enable unattended upgrades timer
become: true

41
tasks/syncthing.yml
View file

@ -1,3 +1,4 @@
---
- name: Disable system process
become: true
ansible.builtin.systemd:
@ -8,19 +9,19 @@
- name: Create Syncthing directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ syncthing_app_dir }}'
- path: "{{ syncthing_app_dir }}"
owner: root
group: root
- path: '{{ syncthing_app_dir }}/state'
- path: "{{ syncthing_app_dir }}/state"
owner: sonny
group: sonny
- path: '{{ syncthing_app_dir }}/nginx.conf.d'
- path: "{{ syncthing_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
@ -33,48 +34,48 @@
- name: Copy docker compose configuration
become: true
ansible.builtin.template:
src: 'templates/syncthing/docker-compose.j2'
dest: '{{ syncthing_app_dir }}/docker-compose.yml'
src: "templates/syncthing/docker-compose.j2"
dest: "{{ syncthing_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy Syncthing configuration
become: true
ansible.builtin.template:
src: 'templates/syncthing/config.j2'
dest: '{{ syncthing_app_dir }}/state/config.xml'
src: "templates/syncthing/config.j2"
dest: "{{ syncthing_app_dir }}/state/config.xml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: 'templates/syncthing/nginx.j2'
dest: '{{ syncthing_app_dir }}/nginx.conf.d/default.conf'
src: "templates/syncthing/nginx.j2"
dest: "{{ syncthing_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
state: present

43
tasks/transip_client.yml
View file

@ -1,32 +1,33 @@
---
- name: Create application directory
ansible.builtin.file:
path: '{{ transip_client_app_dir }}'
path: "{{ transip_client_app_dir }}"
state: directory
mode: '0755'
mode: "0755"
- name: Clone project
ansible.builtin.git:
repo: '{{ transip_client_repository }}'
dest: '{{ transip_client_app_dir }}'
version: '{{ transip_client_app_ref }}'
repo: "{{ transip_client_repository }}"
dest: "{{ transip_client_app_dir }}"
version: "{{ transip_client_app_ref }}"
- name: Copy environment variables file
ansible.builtin.template:
src: templates/transip_client/env.j2
dest: '{{ transip_client_env_src_path }}'
mode: '0640'
dest: "{{ transip_client_env_src_path }}"
mode: "0640"
- name: Copy private key file
ansible.builtin.copy:
src: files/transip_client/private_key.key
dest: '{{ transip_client_private_key_src_path }}'
mode: '0600'
dest: "{{ transip_client_private_key_src_path }}"
mode: "0600"
- name: Build docker image
community.docker.docker_image_build:
name: '{{ transip_client_image_name }}'
path: '{{ transip_client_app_dir }}'
dockerfile: '{{ transip_client_app_dir }}/Dockerfile'
name: "{{ transip_client_image_name }}"
path: "{{ transip_client_app_dir }}"
dockerfile: "{{ transip_client_app_dir }}/Dockerfile"
rebuild: always
args:
UV_ARGS: "--extra sentry-enabled"
@ -34,21 +35,21 @@
- name: Copy start script
ansible.builtin.template:
src: templates/transip_client/start.j2
dest: '{{ transip_client_start_script }}'
mode: '0750'
dest: "{{ transip_client_start_script }}"
mode: "0750"
- name: Copy systemd templates
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: templates/transip_client/timer.j2
dest: '{{ systemd_service_dir }}/transip-client.timer'
mode: '0644'
dest: "{{ systemd_service_dir }}/transip-client.timer"
mode: "0644"
- src: templates/transip_client/service.j2
dest: '{{ systemd_service_dir }}/transip-client.service'
mode: '0640'
dest: "{{ systemd_service_dir }}/transip-client.service"
mode: "0640"
notify: enable transip-client timer

43
tasks/transmission.yml
View file

@ -1,3 +1,4 @@
---
# Note: requires an up-to-date ansible version to make us of docker compose file
## TODO: use tracker blocklist
#
@ -11,32 +12,32 @@
- name: Create Transmission directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ transmission_app_dir }}'
- path: "{{ transmission_app_dir }}"
owner: root
group: root
- path: '{{ transmission_app_dir }}/config'
- path: "{{ transmission_app_dir }}/config"
owner: root
group: root
- path: '{{ transmission_app_dir }}/nginx.conf.d'
- path: "{{ transmission_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
- path: '{{ transmission_download_dir }}'
- path: "{{ transmission_download_dir }}"
owner: sonny
group: sonny
- path: '{{ transmission_incomplete_dir }}'
- path: "{{ transmission_incomplete_dir }}"
owner: sonny
group: sonny
- name: Remove previous transmission configurations
become: true
ansible.builtin.file:
path: '{{ item }}'
path: "{{ item }}"
state: absent
loop:
- /etc/systemd/system/transmission-daemon.service.d
@ -46,47 +47,47 @@
become: true
ansible.builtin.copy:
src: files/transmission/Dockerfile
dest: '{{ transmission_app_dir }}/Dockerfile'
dest: "{{ transmission_app_dir }}/Dockerfile"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy docker compose configuration
become: true
ansible.builtin.template:
src: templates/transmission/docker-compose.j2
dest: '{{ transmission_app_dir }}/docker-compose.yml'
dest: "{{ transmission_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
# Prevents Tranmission from overwiting configuration files
- name: Stop docker compose containers
community.docker.docker_compose_v2:
project_src: '{{ transmission_app_dir }}'
project_src: "{{ transmission_app_dir }}"
state: stopped
- name: Copy Transmission configuration
become: true
ansible.builtin.template:
src: 'templates/transmission/config.j2'
dest: '{{ transmission_app_dir }}/config/settings.json'
src: "templates/transmission/config.j2"
dest: "{{ transmission_app_dir }}/config/settings.json"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: templates/transmission/nginx.j2
dest: '{{ transmission_app_dir }}/nginx.conf.d/default.conf'
dest: "{{ transmission_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ transmission_app_dir }}'
project_src: "{{ transmission_app_dir }}"
build: always
remove_orphans: true
state: restarted

1
tasks/wireguard.yml
View file

@ -1,3 +1,4 @@
---
- name: Copy Wireguard configuration files
become: true
ansible.builtin.template:

85
tasks/wireguard_media.yml
View file

@ -1,11 +1,12 @@
---
- name: Copy Wireguard media configuration files
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: templates/network/wireguard/media/wg1.netdev.j2
dest: /etc/systemd/network/wg1.netdev
@ -16,81 +17,81 @@
- name: Create Wireguard media directories
become: true
ansible.builtin.file:
path: '{{ item }}'
path: "{{ item }}"
owner: root
group: systemd-network
mode: '0750'
mode: "0750"
state: directory
recurse: true
loop:
- '{{ vpn_config_dir }}'
- '{{ vpn_media_server_public_key_path | dirname }}'
- '{{ vpn_media_server_key_path | dirname }}'
- "{{ vpn_config_dir }}"
- "{{ vpn_media_server_public_key_path | dirname }}"
- "{{ vpn_media_server_key_path | dirname }}"
- name: Copy Wireguard server media credentials
become: true
ansible.builtin.copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: 'files/wireguard/media/server.pub'
dest: '{{ vpn_media_server_public_key_path }}'
- src: 'files/wireguard/media/server.key'
dest: '{{ vpn_media_server_key_path }}'
- src: "files/wireguard/media/server.pub"
dest: "{{ vpn_media_server_public_key_path }}"
- src: "files/wireguard/media/server.key"
dest: "{{ vpn_media_server_key_path }}"
- name: Copy Wireguard mobile media credentials
become: true
ansible.builtin.copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: 'files/wireguard/media/mobile-1.pub'
dest: '{{ vpn_config_dir }}/keys/public/mobile_1.pub'
- src: "files/wireguard/media/mobile-1.pub"
dest: "{{ vpn_config_dir }}/keys/public/mobile_1.pub"
- src: 'files/wireguard/media/mobile-1.key'
dest: '{{ vpn_config_dir }}/keys/private/mobile_1.key'
- src: "files/wireguard/media/mobile-1.key"
dest: "{{ vpn_config_dir }}/keys/private/mobile_1.key"
- src: 'files/wireguard/media/mobile-2.pub'
dest: '{{ vpn_config_dir }}/keys/public/mobile_2.pub'
- src: "files/wireguard/media/mobile-2.pub"
dest: "{{ vpn_config_dir }}/keys/public/mobile_2.pub"
- src: 'files/wireguard/media/mobile-2.key'
dest: '{{ vpn_config_dir }}/keys/private/mobile_2.key'
- src: "files/wireguard/media/mobile-2.key"
dest: "{{ vpn_config_dir }}/keys/private/mobile_2.key"
- src: 'files/wireguard/media/tv-1.pub'
dest: '{{ vpn_config_dir }}/keys/public/tv-1.pub'
- src: "files/wireguard/media/tv-1.pub"
dest: "{{ vpn_config_dir }}/keys/public/tv-1.pub"
- src: 'files/wireguard/media/tv-1.key'
dest: '{{ vpn_config_dir }}/keys/private/tv-1.key'
- src: "files/wireguard/media/tv-1.key"
dest: "{{ vpn_config_dir }}/keys/private/tv-1.key"
- src: 'files/wireguard/media/tv-2.pub'
dest: '{{ vpn_config_dir }}/keys/public/tv-2.pub'
- src: "files/wireguard/media/tv-2.pub"
dest: "{{ vpn_config_dir }}/keys/public/tv-2.pub"
- src: 'files/wireguard/media/tv-2.key'
dest: '{{ vpn_config_dir }}/keys/private/tv-2.key'
- src: "files/wireguard/media/tv-2.key"
dest: "{{ vpn_config_dir }}/keys/private/tv-2.key"
- name: Copy wireguard media preshared keys
become: true
ansible.builtin.copy:
src: '{{ item.value.preshared_key_source_path }}'
dest: '{{ item.value.preshared_key_path }}'
src: "{{ item.value.preshared_key_source_path }}"
dest: "{{ item.value.preshared_key_path }}"
owner: root
group: systemd-network
mode: '0640'
with_dict: '{{ vpn_media_peers }}'
mode: "0640"
with_dict: "{{ vpn_media_peers }}"
- name: Copy Wireguard external media configurations
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0600'
owner: '{{ ansible_user_id }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0600"
owner: "{{ ansible_user_id }}"
loop:
- src: templates/network/wireguard/media/mobile_1.wireguard.j2
dest: /tmp/mobile_1.conf

29
tasks/woodpecker_ci.yml
View file

@ -1,42 +1,43 @@
---
- name: Create required directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- path: '{{ woodpecker_app_dir }}'
- path: "{{ woodpecker_app_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- name: Copy docker-compose file
ansible.builtin.template:
src: 'templates/woodpecker_ci/docker-compose.j2'
dest: '{{ woodpecker_app_dir }}/docker-compose.yml'
mode: '0750'
src: "templates/woodpecker_ci/docker-compose.j2"
dest: "{{ woodpecker_app_dir }}/docker-compose.yml"
mode: "0750"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
state: present