sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Applied ansible-lint fixes

Browse source
This commit is contained in:
Sonny Bakker 2025-12-25 19:48:13 +01:00
parent aa4d106cd3
commit d52ae67f56
33 changed files with 495 additions and 465 deletions
Download patch file Download diff file Expand all files Collapse all files

38
handlers.yml
View file

@ -1,60 +1,60 @@
- name: restart systemd-networkd
---
- name: Restart systemd-networkd
become: true
systemd:
ansible.builtin.systemd:
name: systemd-networkd
state: restarted
enabled: true
- name: restart systemd-resolved
- name: Restart systemd-resolved
become: true
systemd:
ansible.builtin.systemd:
name: systemd-resolved
state: restarted
enabled: true
- name: restart nftables
- name: Restart nftables
become: true
systemd:
ansible.builtin.systemd:
name: nftables.service
state: restarted
enabled: true
- name: restart ssh
- name: Restart ssh
become: true
systemd:
ansible.builtin.systemd:
name: ssh.service
state: restarted
enabled: true
- name: restart docker service
- name: Restart docker service
become: true
systemd:
ansible.builtin.systemd:
name: docker.service
state: restarted
enabled: true
- name: restart nginx
- name: Restart nginx
become: true
systemd:
ansible.builtin.systemd:
name: nginx.service
state: restarted
enabled: true
- name: enable transip-client timer
- name: Enable transip-client timer
become: true
systemd:
ansible.builtin.systemd:
daemon-reload: true
name: transip-client.timer
state: restarted
enabled: true
- name: regenerate initramfs
- name: Regenerate initramfs
become: true
command: update-initramfs -u -k all
- name: restart certbot
ansible.builtin.command: update-initramfs -u -k all
- name: Restart certbot
become: true
systemd:
ansible.builtin.systemd:
name: certbot
state: restarted
enabled: false

25
host_vars/fudiggity/forgejo.yml
View file

@ -1,19 +1,20 @@
forgejo_app_dir: '/srv/docker/forgejo'
forgejo_data_dir: '/var/lib/vm/forgejo/data'
forgejo_postgres_dir: '/var/lib/vm/forgejo/postgres'
---
forgejo_app_dir: "/srv/docker/forgejo"
forgejo_data_dir: "/var/lib/vm/forgejo/data"
forgejo_postgres_dir: "/var/lib/vm/forgejo/postgres"
forgejo_image_tag: 'codeberg.org/forgejo/forgejo:11'
forgejo_image_tag: "codeberg.org/forgejo/forgejo:11"
forgejo_postgres_user: forgejo
forgejo_postgres_name: forgejo
# TODO: write to docker secret
forgejo_postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30303039313766373966373364346539306661376564613530656565313131623635666435333564
6463316365373564383964316635366337376237386134340a353839313761633865646638356165
31306666616235336132363232303639303065343436656233366264333236323435393963373062
3165326331633438620a323064663435396666316266396135633463653335323534616264383965
33383262373831656335363434333938363230373133646436653261346364353463333065303534
66383533646636313662376236373931383065386330663438623363336664353832343263323336
366531643930326636343466343732373036
$ANSIBLE_VAULT;1.1;AES256
30303039313766373966373364346539306661376564613530656565313131623635666435333564
6463316365373564383964316635366337376237386134340a353839313761633865646638356165
31306666616235336132363232303639303065343436656233366264333236323435393963373062
3165326331633438620a323064663435396666316266396135633463653335323534616264383965
33383262373831656335363434333938363230373133646436653261346364353463333065303534
66383533646636313662376236373931383065386330663438623363336664353832343263323336
366531643930326636343466343732373036

19
host_vars/fudiggity/glitchtip.yml
View file

@ -1,14 +1,15 @@
---
glitchtip_image_tag: glitchtip/glitchtip:v4.2
glitchtip_app_dir: /srv/docker/glitchtip
glitchtip_secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
37363333306434636331626231663964626631616131326335333832323939363865353431633233
6263363535646132316130373536303466613436656636300a333231383137326634326230343661
63333933363038333865633930663562306163613164623731613866353861616435373865666330
6131663965663836300a636366386432666133343364353763333731376561646338383531613363
32383834646461383562303564663135633932616536646134393632626664376335373136383638
35323934653664666530343562363461396230333435336166343033643732663766383633343337
30303938633939623830363661633936323031373362353363346530363535613363393432666462
37643033336130393166
$ANSIBLE_VAULT;1.1;AES256
37363333306434636331626231663964626631616131326335333832323939363865353431633233
6263363535646132316130373536303466613436656636300a333231383137326634326230343661
63333933363038333865633930663562306163613164623731613866353861616435373865666330
6131663965663836300a636366386432666133343364353763333731376561646338383531613363
32383834646461383562303564663135633932616536646134393632626664376335373136383638
35323934653664666530343562363461396230333435336166343033643732663766383633343337
30303938633939623830363661633936323031373362353363346530363535613363393432666462
37643033336130393166

1
host_vars/fudiggity/jellyfin.yml
View file

@ -1,3 +1,4 @@
---
jellyfin_image_tag: jellyfin/jellyfin:10.10.7
jellyfin_app_dir: /srv/docker/jellyfin
jellyfin_configuration_dir: /home/sonny/.config/jellyfin

11
host_vars/fudiggity/main.yml
View file

@ -1,3 +1,4 @@
---
packages:
- nftables
- syncthing
@ -12,12 +13,12 @@ packages:
- certbot
- unattended-upgrades
vpn_config_dir: '/etc/wireguard'
vpn_config_dir: "/etc/wireguard"
hostname: 'fudiggity'
hostname: "fudiggity"
xdg_config_dir: '/home/sonny/.config'
xdg_data_dir: '/home/sonny/.local/share'
xdg_state_dir: '/home/sonny/.local/state'
xdg_config_dir: "/home/sonny/.config"
xdg_data_dir: "/home/sonny/.local/share"
xdg_state_dir: "/home/sonny/.local/state"
systemd_service_dir: /etc/systemd/system

11
host_vars/fudiggity/mpd.yml
View file

@ -1,6 +1,7 @@
mpd_app_dir: '/srv/docker/mpd'
mpd_music_dir: '/home/sonny/music'
---
mpd_app_dir: "/srv/docker/mpd"
mpd_music_dir: "/home/sonny/music"
mpd_config_dir: '{{ xdg_config_dir }}/mpd'
mpd_playlist_dir: '{{ xdg_data_dir }}/mpd/playlists'
mpd_state_dir: '{{ xdg_state_dir }}/mpd'
mpd_config_dir: "{{ xdg_config_dir }}/mpd"
mpd_playlist_dir: "{{ xdg_data_dir }}/mpd/playlists"
mpd_state_dir: "{{ xdg_state_dir }}/mpd"

29
host_vars/fudiggity/network.yml
View file

@ -1,3 +1,4 @@
---
network_interface: link1
network_mac: 00:1b:21:3b:50:e2
@ -13,22 +14,22 @@ ssh_port: 39901
vpn_listen_address: 10.0.0.1
vpn_prefix: 24
vpn_subnet: '10.0.0.0/{{ vpn_prefix }}'
vpn_subnet: "10.0.0.0/{{ vpn_prefix }}"
vpn_port: 51902
vpn_interface: wg0
vpn_domain: 'vpn.{{ domain_name }}'
vpn_domain: "vpn.{{ domain_name }}"
vpn_media_listen_address: 10.0.1.1
vpn_media_prefix: 24
vpn_media_subnet: '10.0.1.0/{{ vpn_media_prefix }}'
vpn_media_subnet: "10.0.1.0/{{ vpn_media_prefix }}"
vpn_media_port: 51903
vpn_media_interface: wg1
vpn_media_domain: 'media-vpn.{{ domain_name }}'
vpn_media_domain: "media-vpn.{{ domain_name }}"
mpd_domain: 'mpd.{{ domain_name }}'
mpd_domain: "mpd.{{ domain_name }}"
mpd_listen_address: 0.0.0.0
mpd_prefix: 24
mpd_subnet: '172.128.238.0/{{ mpd_prefix }}'
mpd_subnet: "172.128.238.0/{{ mpd_prefix }}"
mpd_port: 21000
mpd_http_stream_port: 8000
mpd_http_mobile_stream_port: 8001
@ -51,31 +52,31 @@ glitchtip_ip: 127.0.0.1
glitchtip_app_port: 7200
glitchtip_domain: glitchtip.fudiggity.nl
syncthing_domain: 'syncthing.{{ domain_name }}'
syncthing_domain: "syncthing.{{ domain_name }}"
syncthing_listen_address: 0.0.0.0
syncthing_prefix: 24
syncthing_subnet: '172.32.238.0/{{ syncthing_prefix }}'
syncthing_subnet: "172.32.238.0/{{ syncthing_prefix }}"
syncthing_gui_port: 8384
syncthing_protocol_port: 22000
syncthing_nginx_ip: 172.32.238.10
syncthing_app_ip: 172.32.238.11
radicale_domain: 'radicale.{{ domain_name }}'
radicale_domain: "radicale.{{ domain_name }}"
radicale_prefix: 24
radicale_subnet: '172.64.238.0/{{ radicale_prefix }}'
radicale_subnet: "172.64.238.0/{{ radicale_prefix }}"
radicale_nginx_ip: 172.64.238.10
radicale_app_port: 5232
radicale_app_ip: 172.64.238.11
transmission_domain: 'transmission.{{ domain_name }}'
transmission_domain: "transmission.{{ domain_name }}"
transmission_prefix: 24
transmission_subnet: '172.16.238.0/{{ transmission_prefix }}'
transmission_subnet: "172.16.238.0/{{ transmission_prefix }}"
transmission_web_port: 9091
transmission_peer_port: 51413
transmission_nginx_ip: 172.16.238.10
jellyfin_domain: 'jellyfin.{{ domain_name }}'
jellyfin_domain: "jellyfin.{{ domain_name }}"
jellyfin_prefix: 24
jellyfin_subnet: '172.8.238.0/{{ jellyfin_prefix }}'
jellyfin_subnet: "172.8.238.0/{{ jellyfin_prefix }}"
jellyfin_web_port: 8096
jellyfin_nginx_ip: 172.8.238.10

49
host_vars/fudiggity/newsreader.yml
View file

@ -1,3 +1,4 @@
---
newsreader_app_name: newsreader
newsreader_app_repository: https://forgejo.fudiggity.nl/sonny/newsreader
newsreader_app_ref: 0.5.3
@ -8,32 +9,32 @@ newsreader_postgres_port: 5432
newsreader_postgres_db: newsreader
newsreader_postgres_user: newsreader
newsreader_postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65613063373266623636626561646639393263313030386337633737636137363730353561356339
6433646638316465623338396637623732623563643561640a616639393639356533316431663665
30646637363364353062353338303331343234626138653037373661636234373238343264356265
6539643939376662650a613631636531383534666435383763613038393966633031353765323234
62613865373661333661373562366466333732663737643739663862376466646331386133326364
6638366665623036666634616131636634663933323136303334
$ANSIBLE_VAULT;1.1;AES256
65613063373266623636626561646639393263313030386337633737636137363730353561356339
6433646638316465623338396637623732623563643561640a616639393639356533316431663665
30646637363364353062353338303331343234626138653037373661636234373238343264356265
6539643939376662650a613631636531383534666435383763613038393966633031353765323234
62613865373661333661373562366466333732663737643739663862376466646331386133326364
6638366665623036666634616131636634663933323136303334
newsreader_django_settings_module: newsreader.conf.production
newsreader_django_secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
65353236663439393937623930623830313365663766663966343661376662366131313838316536
3430633837666138633063333630373338366331653865320a646563663262656464636434323166
63616435356533643735343165363761336537616439303464353164633233626632666263636633
3237613866353131300a653366313635313365623539393438383434653134396137666533353063
63363335643135653535613231653434653566343964363431636264633963326239646633663031
38323266326165303064333666653630316634383864666232376165393362323261363833376334
323636376639353730366332323039633036
$ANSIBLE_VAULT;1.1;AES256
65353236663439393937623930623830313365663766663966343661376662366131313838316536
3430633837666138633063333630373338366331653865320a646563663262656464636434323166
63616435356533643735343165363761336537616439303464353164633233626632666263636633
3237613866353131300a653366313635313365623539393438383434653134396137666533353063
63363335643135653535613231653434653566343964363431636264633963326239646633663031
38323266326165303064333666653630316634383864666232376165393362323261363833376334
323636376639353730366332323039633036
newsreader_sentry_dsn: !vault |
$ANSIBLE_VAULT;1.1;AES256
33323865313232393535336363613261663030656465323734323266303837393561633435613736
3135353435633337346363316262373431393738303033390a333230343037656266366539323366
31373761356431666332396665393564656662396339393531326232366333323861376133653664
3739646664623230630a366239623838393766666237643663626261636237393839646136303931
66396263623432636430643839336463343438383461646165666131633762646438663532313633
66343562376632316665356163633064336530346463636432396537363938363062333861656362
63333832663737396330366430336632376638393632656565376436653839363634373437376261
36313337616533633239
$ANSIBLE_VAULT;1.1;AES256
33323865313232393535336363613261663030656465323734323266303837393561633435613736
3135353435633337346363316262373431393738303033390a333230343037656266366539323366
31373761356431666332396665393564656662396339393531326232366333323861376133653664
3739646664623230630a366239623838393766666237643663626261636237393839646136303931
66396263623432636430643839336463343438383461646165666131633762646438663532313633
66343562376632316665356163633064336530346463636432396537363938363062333861656362
63333832663737396330366430336632376638393632656565376436653839363634373437376261
36313337616533633239

5
host_vars/fudiggity/radicale.yml
View file

@ -1,5 +1,6 @@
radicale_app_dir: '/srv/docker/radicale'
radicale_collection_dir: '{{ radicale_app_dir }}/collections'
---
radicale_app_dir: "/srv/docker/radicale"
radicale_collection_dir: "{{ radicale_app_dir }}/collections"
radicale_version: 3.5.1
radicale_python_version: 3.13

17
host_vars/fudiggity/syncthing.yml
View file

@ -1,13 +1,14 @@
syncthing_app_dir: '/srv/docker/syncthing'
---
syncthing_app_dir: "/srv/docker/syncthing"
syncthing_config_version: 37
syncthing_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
31663863326431623139663861316432656264646533323934393033386263613162303266613265
3239613930623264383161363664636232663764616138360a643239393735393862376133313062
63643434636462306663303434393837353230623830323065626432346336363332363063313533
6334633838636664610a323762373839393331653130393136356136303535393662643736643735
30316565373866326337383137633639636566623263333061633830366634666537633765343533
3736383135393238663963353131663733363962343163363539
$ANSIBLE_VAULT;1.1;AES256
31663863326431623139663861316432656264646533323934393033386263613162303266613265
3239613930623264383161363664636232663764616138360a643239393735393862376133313062
63643434636462306663303434393837353230623830323065626432346336363332363063313533
6334633838636664610a323762373839393331653130393136356136303535393662643736643735
30316565373866326337383137633639636566623263333061633830366634666537633765343533
3736383135393238663963353131663733363962343163363539
syncthing_devices:
- name: Desktop

1
host_vars/fudiggity/transip_client.yml
View file

@ -1,3 +1,4 @@
---
transip_client_repository: https://forgejo.fudiggity.nl/sonny/transip-client
transip_client_app_ref: 0.7.0

7
host_vars/fudiggity/transmission.yml
View file

@ -1,5 +1,6 @@
transmission_app_dir: '/srv/docker/tranmission'
transmission_download_dir: '/home/sonny/downloads'
transmission_incomplete_dir: '/home/sonny/downloads/incomplete_downloads'
---
transmission_app_dir: "/srv/docker/tranmission"
transmission_download_dir: "/home/sonny/downloads"
transmission_incomplete_dir: "/home/sonny/downloads/incomplete_downloads"
transmission_ratelimit_ratio: 2

41
host_vars/fudiggity/vpn.yml
View file

@ -1,31 +1,32 @@
vpn_server_public_key_path: '{{ vpn_config_dir }}/keys/public/server.pub'
vpn_server_public_key_source_path: 'files/wireguard/default/server.pub'
vpn_server_key_path: '{{ vpn_config_dir }}/keys/private/server.key'
---
vpn_server_public_key_path: "{{ vpn_config_dir }}/keys/public/server.pub"
vpn_server_public_key_source_path: "files/wireguard/default/server.pub"
vpn_server_key_path: "{{ vpn_config_dir }}/keys/private/server.key"
copy_vpn_configurations: false
vpn_peers:
laptop:
ip: '10.0.0.2'
public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw='
preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-laptop.psk'
preshared_key_source_path: 'files/wireguard/default/preshared-laptop.psk'
ip: "10.0.0.2"
public_key: "EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw="
preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-laptop.psk"
preshared_key_source_path: "files/wireguard/default/preshared-laptop.psk"
desktop:
ip: '10.0.0.3'
public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4='
preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-desktop.psk'
preshared_key_source_path: 'files/wireguard/default/preshared-desktop.psk'
ip: "10.0.0.3"
public_key: "izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4="
preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-desktop.psk"
preshared_key_source_path: "files/wireguard/default/preshared-desktop.psk"
# has extra key to generate mobile configuration file
mobile:
ip: '10.0.0.4'
ip: "10.0.0.4"
allowed_ips:
- '{{ vpn_subnet }}'
- '{{ transmission_subnet }}'
- '{{ syncthing_subnet }}'
- '{{ radicale_subnet }}'
public_key: '4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY='
preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-mobile.psk'
preshared_key_source_path: 'files/wireguard/default/preshared-mobile.psk'
private_key_source_path: 'files/wireguard/default/mobile.key'
- "{{ vpn_subnet }}"
- "{{ transmission_subnet }}"
- "{{ syncthing_subnet }}"
- "{{ radicale_subnet }}"
public_key: "4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY="
preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-mobile.psk"
preshared_key_source_path: "files/wireguard/default/preshared-mobile.psk"
private_key_source_path: "files/wireguard/default/mobile.key"

1
host_vars/fudiggity/vpn_media.yml
View file

@ -1,3 +1,4 @@
---
vpn_media_server_public_key_path: "{{ vpn_config_dir }}/keys/public/media_server.pub"
vpn_media_server_public_key_source_path: files/wireguard/media/server.pub
vpn_media_server_key_path: "{{ vpn_config_dir }}/keys/private/media_server.key"

57
host_vars/fudiggity/woodpecker_ci.yml
View file

@ -1,42 +1,43 @@
woodpecker_domain: 'woodpecker.fudiggity.nl'
---
woodpecker_domain: "woodpecker.fudiggity.nl"
woodpecker_image_tag: 'woodpeckerci/woodpecker-server:v2.8.0'
woodpecker_agent_tag: 'woodpeckerci/woodpecker-agent:v2.8.0'
woodpecker_image_tag: "woodpeckerci/woodpecker-server:v2.8.0"
woodpecker_agent_tag: "woodpeckerci/woodpecker-agent:v2.8.0"
woodpecker_postgres_user: woodpecker
woodpecker_postgres_name: woodpecker
woodpecker_app_dir: '/srv/docker/woodpecker'
woodpecker_app_dir: "/srv/docker/woodpecker"
woodpecker_forgejo_url: https://forgejo.fudiggity.nl
woodpecker_forgejo_client: f467d6ee-6095-4c90-9d14-674d60b07183
woodpecker_forgejo_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
31656532363665313866353961373862363031356437326234623030623235363039643663633662
6139656163646464613166653033663266313264646666620a336465306235336534633038333436
31306630323165646565333466383962626163303433393166326264633566623938366339326662
3261623736656631300a306161363061353463363361636433326431356532333761666637626163
35323065623661363638643062663066306134643035636561346663303138373634643466306161
36643037303932323032613432386230356139333963613038373531316536333461643166306261
613738363231323938653439373262663633
$ANSIBLE_VAULT;1.1;AES256
31656532363665313866353961373862363031356437326234623030623235363039643663633662
6139656163646464613166653033663266313264646666620a336465306235336534633038333436
31306630323165646565333466383962626163303433393166326264633566623938366339326662
3261623736656631300a306161363061353463363361636433326431356532333761666637626163
35323065623661363638643062663066306134643035636561346663303138373634643466306161
36643037303932323032613432386230356139333963613038373531316536333461643166306261
613738363231323938653439373262663633
woodpecker_agent_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
62306636643432613934633038643363373831346639383635356366333634376337303438386339
3264363234653362646364326263313465356261313738340a616133663630376166653364376363
34353165373663343236336330643365663830393836393264373032666536633733636161663661
3464333936613066630a636166343931306365646334373731383430646233316332313861663838
64663761303237613335613366343731326630386239633061633363666330663336623730303061
38376266636662363834663664643466643361363563396539316234623764363464303336663662
613362623365363563323934653562366138
$ANSIBLE_VAULT;1.1;AES256
62306636643432613934633038643363373831346639383635356366333634376337303438386339
3264363234653362646364326263313465356261313738340a616133663630376166653364376363
34353165373663343236336330643365663830393836393264373032666536633733636161663661
3464333936613066630a636166343931306365646334373731383430646233316332313861663838
64663761303237613335613366343731326630386239633061633363666330663336623730303061
38376266636662363834663664643466643361363563396539316234623764363464303336663662
613362623365363563323934653562366138
woodpecker_postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
33363337656661326362396537336638383036386631643935323136636661363865633763303138
6566643036333166326230366531633062306362636236630a626235323439663231363164366166
34633166313431623236323039643164396130653664393062306334653761663264666636316436
3963646536663863350a633836376238333939313363613932353039353465306330623965633161
37376336353664386166303865373939616434613966393163623536616432623035653235623763
35623063333766636131653065313064383163383261383866626232343335326566316431623233
326434353932373335366636613863666635
$ANSIBLE_VAULT;1.1;AES256
33363337656661326362396537336638383036386631643935323136636661363865633763303138
6566643036333166326230366531633062306362636236630a626235323439663231363164366166
34633166313431623236323039643164396130653664393062306334653761663264666636316436
3963646536663863350a633836376238333939313363613932353039353465306330623965633161
37376336353664386166303865373939616434613966393163623536616432623035653235623763
35623063333766636131653065313064383163383261383866626232343335326566316431623233
326434353932373335366636613863666635

1
inventory.yml
View file

@ -1,3 +1,4 @@
---
bookworm:
hosts:
fudiggity:

5
playbook.yml
View file

@ -1,10 +1,11 @@
---
- name: Provision debian server
hosts: bookworm
pre_tasks:
- name: Install shared packages
become: true
ansible.builtin.apt:
name: '{{ packages }}'
name: "{{ packages }}"
tasks:
- name: Generic provisioning
ansible.builtin.import_tasks: tasks/setup.yml
@ -71,4 +72,4 @@
tags: transip-client
handlers:
- name: Import handlers
ansible.builtin.import_tasks: 'handlers.yml'
ansible.builtin.import_tasks: "handlers.yml"

36
tasks/docker.yml
View file

@ -1,35 +1,35 @@
- name: 'prepare apt keyring'
---
- name: "Prepare apt keyring"
become: true
command: install -m 0755 -d /etc/apt/keyrings
- name: 'create docker directory'
ansible.builtin.command: install -m 0755 -d /etc/apt/keyrings
- name: "Create docker directory"
become: true
file:
path: '/etc/docker'
ansible.builtin.file:
path: "/etc/docker"
state: directory
owner: root
- name: 'copy docker files'
- name: "Copy docker files"
become: true
copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
loop:
- { src: 'files/docker/apt.gpg', dest: '/etc/apt/keyrings/docker.gpg' }
- { src: 'files/docker/config.json', dest: '/etc/docker/daemon.json' }
- { src: "files/docker/apt.gpg", dest: "/etc/apt/keyrings/docker.gpg" }
- { src: "files/docker/config.json", dest: "/etc/docker/daemon.json" }
notify: restart docker service
- name: 'install docker apt source'
- name: "Install docker apt source"
become: true
template:
src: 'templates/docker.j2'
dest: '/etc/apt/sources.list.d/docker.list'
ansible.builtin.template:
src: "templates/docker.j2"
dest: "/etc/apt/sources.list.d/docker.list"
owner: root
- name: 'install docker'
- name: "Install docker"
become: true
apt:
ansible.builtin.apt:
update_cache: true
state: present
name:

35
tasks/forgejo.yml
View file

@ -1,3 +1,4 @@
---
- name: Create git user
become: true
ansible.builtin.user:
@ -9,54 +10,54 @@
- name: Create required directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- path: '{{ forgejo_app_dir }}'
- path: "{{ forgejo_app_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- path: '{{ forgejo_data_dir }}'
- path: "{{ forgejo_data_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- path: '{{ forgejo_postgres_password }}'
- path: "{{ forgejo_postgres_password }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- name: Copy docker-compose file
ansible.builtin.template:
src: templates/forgejo/docker-compose.j2
dest: '{{ forgejo_app_dir }}/docker-compose.yml'
mode: '0755'
dest: "{{ forgejo_app_dir }}/docker-compose.yml"
mode: "0755"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ forgejo_app_dir }}'
project_src: "{{ forgejo_app_dir }}"
state: present

27
tasks/glitchtip.yml
View file

@ -1,42 +1,43 @@
---
- name: Create required directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- path: '{{ glitchtip_app_dir }}'
- path: "{{ glitchtip_app_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- name: Copy docker-compose file
ansible.builtin.template:
src: templates/glitchtip/docker-compose.j2
dest: '{{ glitchtip_app_dir }}/docker-compose.yml'
mode: '0750'
dest: "{{ glitchtip_app_dir }}/docker-compose.yml"
mode: "0750"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ glitchtip_app_dir }}'
project_src: "{{ glitchtip_app_dir }}"
state: present

37
tasks/jellyfin.yml
View file

@ -1,29 +1,30 @@
---
- name: Create directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
path: "{{ item.path }}"
state: directory
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
loop:
- path: '{{ jellyfin_configuration_dir }}'
- path: "{{ jellyfin_configuration_dir }}"
owner: sonny
group: sonny
- path: '{{ jellyfin_media_dir }}'
- path: "{{ jellyfin_media_dir }}"
owner: sonny
group: sonny
- path: '{{ jellyfin_cache_dir }}'
- path: "{{ jellyfin_cache_dir }}"
owner: sonny
group: sonny
- path: '{{ jellyfin_app_dir }}'
- path: "{{ jellyfin_app_dir }}"
owner: root
group: root
- path: '{{ jellyfin_app_dir }}/nginx.conf.d'
- path: "{{ jellyfin_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
@ -31,38 +32,38 @@
become: true
ansible.builtin.template:
src: templates/jellyfin/docker-compose.j2
dest: '{{ jellyfin_app_dir }}/docker-compose.yml'
dest: "{{ jellyfin_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: 'templates/jellyfin/nginx.j2'
dest: '{{ jellyfin_app_dir }}/nginx.conf.d/default.conf'
src: "templates/jellyfin/nginx.j2"
dest: "{{ jellyfin_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Stop jellyfin
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
state: stopped
- name: Pull {{ image_tag }}
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
remove_orphans: true
state: stopped
- name: Start jellyfin
community.docker.docker_compose_v2:
project_src: '{{ jellyfin_app_dir }}'
project_src: "{{ jellyfin_app_dir }}"
state: present

63
tasks/mpd.yml
View file

@ -1,3 +1,4 @@
---
- name: Stop systemd mpd service
become: true
ansible.builtin.systemd:
@ -15,92 +16,92 @@
- name: Remove previous configurations
become: true
ansible.builtin.file:
path: '{{ item.path }}'
path: "{{ item.path }}"
state: absent
loop:
- path: '/etc/systemd/system/mpd.service.d'
- path: '/etc/systemd/system/mpd.socket.d'
- path: "/etc/systemd/system/mpd.service.d"
- path: "/etc/systemd/system/mpd.socket.d"
- name: Create mpd directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ mpd_config_dir }}'
- path: "{{ mpd_config_dir }}"
owner: sonny
group: sonny
- path: '{{ mpd_playlist_dir }}'
- path: "{{ mpd_playlist_dir }}"
owner: sonny
group: sonny
- path: '{{ mpd_state_dir }}'
- path: "{{ mpd_state_dir }}"
owner: sonny
group: sonny
- path: '{{ mpd_app_dir }}'
- path: "{{ mpd_app_dir }}"
owner: root
group: root
- name: Copy mpd templates
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- src: templates/mpd/config.j2
dest: '{{ mpd_config_dir }}/mpd.conf'
mode: '0640'
dest: "{{ mpd_config_dir }}/mpd.conf"
mode: "0640"
owner: sonny
group: sonny
- src: templates/mpd/dockerfile.j2
dest: '{{ mpd_app_dir }}/Dockerfile'
mode: '0755'
dest: "{{ mpd_app_dir }}/Dockerfile"
mode: "0755"
owner: sonny
group: sonny
- src: templates/mpd/docker-compose.j2
dest: '{{ mpd_app_dir }}/docker-compose.yml'
mode: '0755'
dest: "{{ mpd_app_dir }}/docker-compose.yml"
mode: "0755"
owner: sonny
group: sonny
- name: Create mpd files
ansible.builtin.file:
path: '{{ item }}'
mode: '0755'
path: "{{ item }}"
mode: "0755"
state: touch
loop:
- '{{ mpd_config_dir }}/db'
- '{{ mpd_config_dir }}/sticker.sql'
- '{{ mpd_state_dir }}/state'
- "{{ mpd_config_dir }}/db"
- "{{ mpd_config_dir }}/sticker.sql"
- "{{ mpd_state_dir }}/state"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
state: stopped
- name: Build image
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
build: always
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ mpd_app_dir }}'
project_src: "{{ mpd_app_dir }}"
state: present

35
tasks/network.yml
View file

@ -1,17 +1,18 @@
---
- name: Copy network configuration files
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: 'templates/network/link1.link.j2'
dest: '/etc/systemd/network/98-link1.link'
- src: "templates/network/link1.link.j2"
dest: "/etc/systemd/network/98-link1.link"
- src: 'templates/network/link1.network.j2'
dest: '/etc/systemd/network/98-link1.network'
- src: "templates/network/link1.network.j2"
dest: "/etc/systemd/network/98-link1.network"
notify:
- restart systemd-networkd
- regenerate initramfs # copies the files into the initramfs for when udev needs them
@ -19,34 +20,34 @@
- name: Set hostname
become: true
ansible.builtin.hostname:
name: '{{ hostname }}'
name: "{{ hostname }}"
use: systemd
- name: Copy hosts file
become: true
ansible.builtin.template:
src: 'network/hosts.j2'
dest: '/etc/hosts'
mode: '0644'
src: "network/hosts.j2"
dest: "/etc/hosts"
mode: "0644"
owner: root
- name: Copy resolved.conf configuration
become: true
ansible.builtin.template:
src: 'network/resolved.j2'
dest: '/etc/systemd/resolved.conf'
mode: '0644'
src: "network/resolved.j2"
dest: "/etc/systemd/resolved.conf"
mode: "0644"
owner: root
notify: restart systemd-resolved
- name: Copy firewall template
become: true
ansible.builtin.template:
src: 'templates/nftables.j2'
dest: '/etc/nftables.conf'
src: "templates/nftables.j2"
dest: "/etc/nftables.conf"
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- restart nftables
- restart docker service

31
tasks/newsreader.yml
View file

@ -1,41 +1,42 @@
---
- name: Create newsreader app directory
become: true
ansible.builtin.file:
path: '{{ newsreader_app_dir }}'
path: "{{ newsreader_app_dir }}"
state: directory
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Clone project
ansible.builtin.git:
repo: '{{ newsreader_app_repository }}'
dest: '{{ newsreader_app_dir }}'
version: '{{ newsreader_app_ref }}'
repo: "{{ newsreader_app_repository }}"
dest: "{{ newsreader_app_dir }}"
version: "{{ newsreader_app_ref }}"
- name: Copy templates
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: templates/newsreader/env.j2
dest: '{{ newsreader_app_dir }}/.production.env'
mode: '0750'
dest: "{{ newsreader_app_dir }}/.production.env"
mode: "0750"
- src: templates/newsreader/docker-compose.j2
dest: '{{ newsreader_app_dir }}/docker-compose.resources.yml'
mode: '0750'
dest: "{{ newsreader_app_dir }}/docker-compose.resources.yml"
mode: "0750"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ newsreader_app_dir }}'
project_src: "{{ newsreader_app_dir }}"
env_files:
- .production.env
state: absent
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ newsreader_app_dir }}'
project_src: "{{ newsreader_app_dir }}"
remove_orphans: true
state: absent
@ -53,6 +54,6 @@
- docker-compose.yml
- docker-compose.production.yml
- docker-compose.resources.yml
project_src: '{{ newsreader_app_dir }}'
project_src: "{{ newsreader_app_dir }}"
build: always
state: present

58
tasks/nginx.yml
View file

@ -1,44 +1,44 @@
---
- name: Copy nginx configuration files
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0644'
mode: "0644"
loop:
- src: 'templates/nginx/default.j2'
dest: '/etc/nginx/sites-available/default'
- src: 'templates/nginx/forgejo.j2'
dest: '/etc/nginx/sites-available/forgejo'
- src: 'templates/nginx/woodpecker.j2'
dest: '/etc/nginx/sites-available/woodpecker'
- src: 'templates/nginx/glitchtip.j2'
dest: '/etc/nginx/sites-available/glitchtip'
- src: 'templates/nginx/newsreader.j2'
dest: '/etc/nginx/sites-available/newsreader'
- src: "templates/nginx/default.j2"
dest: "/etc/nginx/sites-available/default"
- src: "templates/nginx/forgejo.j2"
dest: "/etc/nginx/sites-available/forgejo"
- src: "templates/nginx/woodpecker.j2"
dest: "/etc/nginx/sites-available/woodpecker"
- src: "templates/nginx/glitchtip.j2"
dest: "/etc/nginx/sites-available/glitchtip"
- src: "templates/nginx/newsreader.j2"
dest: "/etc/nginx/sites-available/newsreader"
notify: restart nginx
- name: Create configuration links
become: true
ansible.builtin.file:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: link
loop:
- src: '/etc/nginx/sites-available/default'
dest: '/etc/nginx/sites-enabled/default'
- src: '/etc/nginx/sites-available/forgejo'
dest: '/etc/nginx/sites-enabled/forgejo'
- src: '/etc/nginx/sites-available/woodpecker'
dest: '/etc/nginx/sites-enabled/woodpecker'
- src: '/etc/nginx/sites-available/glitchtip'
dest: '/etc/nginx/sites-enabled/glitchtip'
- src: '/etc/nginx/sites-available/newsreader'
dest: '/etc/nginx/sites-enabled/newsreader'
- src: "/etc/nginx/sites-available/default"
dest: "/etc/nginx/sites-enabled/default"
- src: "/etc/nginx/sites-available/forgejo"
dest: "/etc/nginx/sites-enabled/forgejo"
- src: "/etc/nginx/sites-available/woodpecker"
dest: "/etc/nginx/sites-enabled/woodpecker"
- src: "/etc/nginx/sites-available/glitchtip"
dest: "/etc/nginx/sites-enabled/glitchtip"
- src: "/etc/nginx/sites-available/newsreader"
dest: "/etc/nginx/sites-enabled/newsreader"
notify: restart nginx
# Run the folowing command to regenerate a certificate:
#
# sudo certbot certonly \
@ -55,11 +55,11 @@
- name: Copy letsencrypt configuration
become: true
ansible.builtin.template:
src: 'templates/letsencrypt/cli.j2'
dest: '/etc/letsencrypt/cli.ini'
src: "templates/letsencrypt/cli.j2"
dest: "/etc/letsencrypt/cli.ini"
owner: root
group: root
mode: '0644'
mode: "0644"
notify: restart certbot
- name: Enable certbot periodic certificate renewal

57
tasks/radicale.yml
View file

@ -1,3 +1,4 @@
---
- name: Stop previous radicale service
become: true
ansible.builtin.systemd:
@ -24,13 +25,13 @@
- name: Remove radicale virtualenv directory
become: true
ansible.builtin.file:
path: '/usr/local/lib/radicale'
path: "/usr/local/lib/radicale"
state: absent
- name: Remove Radicale files
become: true
ansible.builtin.file:
path: '{{ item }}'
path: "{{ item }}"
state: absent
loop:
- /etc/nginx/radicale
@ -41,85 +42,85 @@
- name: Create Radicale directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ radicale_app_dir }}'
- path: "{{ radicale_app_dir }}"
owner: root
group: root
- path: '{{ radicale_collection_dir }}'
- path: "{{ radicale_collection_dir }}"
owner: sonny
group: sonny
- path: '{{ radicale_app_dir }}/nginx.conf.d'
- path: "{{ radicale_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
- name: Copy Radicale docker file
become: true
ansible.builtin.template:
src: 'templates/radicale/dockerfile.j2'
dest: '{{ radicale_app_dir }}/Dockerfile'
src: "templates/radicale/dockerfile.j2"
dest: "{{ radicale_app_dir }}/Dockerfile"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy docker compose
become: true
ansible.builtin.template:
src: 'templates/radicale/docker-compose.j2'
dest: '{{ radicale_app_dir }}/docker-compose.yml'
src: "templates/radicale/docker-compose.j2"
dest: "{{ radicale_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy Radicale configuration
become: true
ansible.builtin.template:
src: 'templates/radicale/conf.j2'
dest: '{{ radicale_app_dir }}/config'
src: "templates/radicale/conf.j2"
dest: "{{ radicale_app_dir }}/config"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy Radicale user file
become: true
ansible.builtin.copy:
src: 'files/radicale/radicale_users'
dest: '{{ radicale_app_dir }}/radicale_users'
src: "files/radicale/radicale_users"
dest: "{{ radicale_app_dir }}/radicale_users"
owner: sonny
group: sonny
mode: '0750'
mode: "0750"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: 'templates/radicale/nginx.j2'
dest: '{{ radicale_app_dir }}/nginx.conf.d/default.conf'
src: "templates/radicale/nginx.j2"
dest: "{{ radicale_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
build: always
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ radicale_app_dir }}'
project_src: "{{ radicale_app_dir }}"
state: present

21
tasks/setup.yml
View file

@ -1,26 +1,27 @@
---
- name: Copy nsswitch file
become: true
ansible.builtin.template:
src: 'nsswitch.j2'
dest: '/etc/nsswitch.conf'
mode: '0644'
src: "nsswitch.j2"
dest: "/etc/nsswitch.conf"
mode: "0644"
owner: root
- name: Copy ssh template
become: true
ansible.builtin.template:
src: 'templates/ssh.j2'
dest: '/etc/ssh/sshd_config'
src: "templates/ssh.j2"
dest: "/etc/ssh/sshd_config"
owner: root
group: root
mode: '0644'
mode: "0644"
notify: restart ssh
- name: Copy wezterm terminfo file
ansible.builtin.copy:
src: 'files/wezterm.terminfo'
src: "files/wezterm.terminfo"
dest: /home/sonny/.terminfo
mode: '0755'
mode: "0755"
notify: Compile wezterm terminfo file
- name: Disable user lingering
@ -31,10 +32,10 @@
become: true
ansible.builtin.template:
src: templates/unattended-upgrades.j2
dest: '/etc/apt/apt.conf.d/10periodic'
dest: "/etc/apt/apt.conf.d/10periodic"
owner: root
group: root
mode: '0755'
mode: "0755"
- name: Enable unattended upgrades timer
become: true

41
tasks/syncthing.yml
View file

@ -1,3 +1,4 @@
---
- name: Disable system process
become: true
ansible.builtin.systemd:
@ -8,19 +9,19 @@
- name: Create Syncthing directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ syncthing_app_dir }}'
- path: "{{ syncthing_app_dir }}"
owner: root
group: root
- path: '{{ syncthing_app_dir }}/state'
- path: "{{ syncthing_app_dir }}/state"
owner: sonny
group: sonny
- path: '{{ syncthing_app_dir }}/nginx.conf.d'
- path: "{{ syncthing_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
@ -33,48 +34,48 @@
- name: Copy docker compose configuration
become: true
ansible.builtin.template:
src: 'templates/syncthing/docker-compose.j2'
dest: '{{ syncthing_app_dir }}/docker-compose.yml'
src: "templates/syncthing/docker-compose.j2"
dest: "{{ syncthing_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy Syncthing configuration
become: true
ansible.builtin.template:
src: 'templates/syncthing/config.j2'
dest: '{{ syncthing_app_dir }}/state/config.xml'
src: "templates/syncthing/config.j2"
dest: "{{ syncthing_app_dir }}/state/config.xml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: 'templates/syncthing/nginx.j2'
dest: '{{ syncthing_app_dir }}/nginx.conf.d/default.conf'
src: "templates/syncthing/nginx.j2"
dest: "{{ syncthing_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ syncthing_app_dir }}'
project_src: "{{ syncthing_app_dir }}"
state: present

43
tasks/transip_client.yml
View file

@ -1,32 +1,33 @@
---
- name: Create application directory
ansible.builtin.file:
path: '{{ transip_client_app_dir }}'
path: "{{ transip_client_app_dir }}"
state: directory
mode: '0755'
mode: "0755"
- name: Clone project
ansible.builtin.git:
repo: '{{ transip_client_repository }}'
dest: '{{ transip_client_app_dir }}'
version: '{{ transip_client_app_ref }}'
repo: "{{ transip_client_repository }}"
dest: "{{ transip_client_app_dir }}"
version: "{{ transip_client_app_ref }}"
- name: Copy environment variables file
ansible.builtin.template:
src: templates/transip_client/env.j2
dest: '{{ transip_client_env_src_path }}'
mode: '0640'
dest: "{{ transip_client_env_src_path }}"
mode: "0640"
- name: Copy private key file
ansible.builtin.copy:
src: files/transip_client/private_key.key
dest: '{{ transip_client_private_key_src_path }}'
mode: '0600'
dest: "{{ transip_client_private_key_src_path }}"
mode: "0600"
- name: Build docker image
community.docker.docker_image_build:
name: '{{ transip_client_image_name }}'
path: '{{ transip_client_app_dir }}'
dockerfile: '{{ transip_client_app_dir }}/Dockerfile'
name: "{{ transip_client_image_name }}"
path: "{{ transip_client_app_dir }}"
dockerfile: "{{ transip_client_app_dir }}/Dockerfile"
rebuild: always
args:
UV_ARGS: "--extra sentry-enabled"
@ -34,21 +35,21 @@
- name: Copy start script
ansible.builtin.template:
src: templates/transip_client/start.j2
dest: '{{ transip_client_start_script }}'
mode: '0750'
dest: "{{ transip_client_start_script }}"
mode: "0750"
- name: Copy systemd templates
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: templates/transip_client/timer.j2
dest: '{{ systemd_service_dir }}/transip-client.timer'
mode: '0644'
dest: "{{ systemd_service_dir }}/transip-client.timer"
mode: "0644"
- src: templates/transip_client/service.j2
dest: '{{ systemd_service_dir }}/transip-client.service'
mode: '0640'
dest: "{{ systemd_service_dir }}/transip-client.service"
mode: "0640"
notify: enable transip-client timer

43
tasks/transmission.yml
View file

@ -1,3 +1,4 @@
---
# Note: requires an up-to-date ansible version to make us of docker compose file
## TODO: use tracker blocklist
#
@ -11,32 +12,32 @@
- name: Create Transmission directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
mode: '0755'
path: "{{ item.path }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
state: directory
loop:
- path: '{{ transmission_app_dir }}'
- path: "{{ transmission_app_dir }}"
owner: root
group: root
- path: '{{ transmission_app_dir }}/config'
- path: "{{ transmission_app_dir }}/config"
owner: root
group: root
- path: '{{ transmission_app_dir }}/nginx.conf.d'
- path: "{{ transmission_app_dir }}/nginx.conf.d"
owner: sonny
group: sonny
- path: '{{ transmission_download_dir }}'
- path: "{{ transmission_download_dir }}"
owner: sonny
group: sonny
- path: '{{ transmission_incomplete_dir }}'
- path: "{{ transmission_incomplete_dir }}"
owner: sonny
group: sonny
- name: Remove previous transmission configurations
become: true
ansible.builtin.file:
path: '{{ item }}'
path: "{{ item }}"
state: absent
loop:
- /etc/systemd/system/transmission-daemon.service.d
@ -46,47 +47,47 @@
become: true
ansible.builtin.copy:
src: files/transmission/Dockerfile
dest: '{{ transmission_app_dir }}/Dockerfile'
dest: "{{ transmission_app_dir }}/Dockerfile"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy docker compose configuration
become: true
ansible.builtin.template:
src: templates/transmission/docker-compose.j2
dest: '{{ transmission_app_dir }}/docker-compose.yml'
dest: "{{ transmission_app_dir }}/docker-compose.yml"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
# Prevents Tranmission from overwiting configuration files
- name: Stop docker compose containers
community.docker.docker_compose_v2:
project_src: '{{ transmission_app_dir }}'
project_src: "{{ transmission_app_dir }}"
state: stopped
- name: Copy Transmission configuration
become: true
ansible.builtin.template:
src: 'templates/transmission/config.j2'
dest: '{{ transmission_app_dir }}/config/settings.json'
src: "templates/transmission/config.j2"
dest: "{{ transmission_app_dir }}/config/settings.json"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Copy NGINX configuration
become: true
ansible.builtin.template:
src: templates/transmission/nginx.j2
dest: '{{ transmission_app_dir }}/nginx.conf.d/default.conf'
dest: "{{ transmission_app_dir }}/nginx.conf.d/default.conf"
owner: sonny
group: sonny
mode: '0755'
mode: "0755"
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ transmission_app_dir }}'
project_src: "{{ transmission_app_dir }}"
build: always
remove_orphans: true
state: restarted

1
tasks/wireguard.yml
View file

@ -1,3 +1,4 @@
---
- name: Copy Wireguard configuration files
become: true
ansible.builtin.template:

85
tasks/wireguard_media.yml
View file

@ -1,11 +1,12 @@
---
- name: Copy Wireguard media configuration files
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: templates/network/wireguard/media/wg1.netdev.j2
dest: /etc/systemd/network/wg1.netdev
@ -16,81 +17,81 @@
- name: Create Wireguard media directories
become: true
ansible.builtin.file:
path: '{{ item }}'
path: "{{ item }}"
owner: root
group: systemd-network
mode: '0750'
mode: "0750"
state: directory
recurse: true
loop:
- '{{ vpn_config_dir }}'
- '{{ vpn_media_server_public_key_path | dirname }}'
- '{{ vpn_media_server_key_path | dirname }}'
- "{{ vpn_config_dir }}"
- "{{ vpn_media_server_public_key_path | dirname }}"
- "{{ vpn_media_server_key_path | dirname }}"
- name: Copy Wireguard server media credentials
become: true
ansible.builtin.copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: 'files/wireguard/media/server.pub'
dest: '{{ vpn_media_server_public_key_path }}'
- src: 'files/wireguard/media/server.key'
dest: '{{ vpn_media_server_key_path }}'
- src: "files/wireguard/media/server.pub"
dest: "{{ vpn_media_server_public_key_path }}"
- src: "files/wireguard/media/server.key"
dest: "{{ vpn_media_server_key_path }}"
- name: Copy Wireguard mobile media credentials
become: true
ansible.builtin.copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: systemd-network
mode: '0640'
mode: "0640"
loop:
- src: 'files/wireguard/media/mobile-1.pub'
dest: '{{ vpn_config_dir }}/keys/public/mobile_1.pub'
- src: "files/wireguard/media/mobile-1.pub"
dest: "{{ vpn_config_dir }}/keys/public/mobile_1.pub"
- src: 'files/wireguard/media/mobile-1.key'
dest: '{{ vpn_config_dir }}/keys/private/mobile_1.key'
- src: "files/wireguard/media/mobile-1.key"
dest: "{{ vpn_config_dir }}/keys/private/mobile_1.key"
- src: 'files/wireguard/media/mobile-2.pub'
dest: '{{ vpn_config_dir }}/keys/public/mobile_2.pub'
- src: "files/wireguard/media/mobile-2.pub"
dest: "{{ vpn_config_dir }}/keys/public/mobile_2.pub"
- src: 'files/wireguard/media/mobile-2.key'
dest: '{{ vpn_config_dir }}/keys/private/mobile_2.key'
- src: "files/wireguard/media/mobile-2.key"
dest: "{{ vpn_config_dir }}/keys/private/mobile_2.key"
- src: 'files/wireguard/media/tv-1.pub'
dest: '{{ vpn_config_dir }}/keys/public/tv-1.pub'
- src: "files/wireguard/media/tv-1.pub"
dest: "{{ vpn_config_dir }}/keys/public/tv-1.pub"
- src: 'files/wireguard/media/tv-1.key'
dest: '{{ vpn_config_dir }}/keys/private/tv-1.key'
- src: "files/wireguard/media/tv-1.key"
dest: "{{ vpn_config_dir }}/keys/private/tv-1.key"
- src: 'files/wireguard/media/tv-2.pub'
dest: '{{ vpn_config_dir }}/keys/public/tv-2.pub'
- src: "files/wireguard/media/tv-2.pub"
dest: "{{ vpn_config_dir }}/keys/public/tv-2.pub"
- src: 'files/wireguard/media/tv-2.key'
dest: '{{ vpn_config_dir }}/keys/private/tv-2.key'
- src: "files/wireguard/media/tv-2.key"
dest: "{{ vpn_config_dir }}/keys/private/tv-2.key"
- name: Copy wireguard media preshared keys
become: true
ansible.builtin.copy:
src: '{{ item.value.preshared_key_source_path }}'
dest: '{{ item.value.preshared_key_path }}'
src: "{{ item.value.preshared_key_source_path }}"
dest: "{{ item.value.preshared_key_path }}"
owner: root
group: systemd-network
mode: '0640'
with_dict: '{{ vpn_media_peers }}'
mode: "0640"
with_dict: "{{ vpn_media_peers }}"
- name: Copy Wireguard external media configurations
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '0600'
owner: '{{ ansible_user_id }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0600"
owner: "{{ ansible_user_id }}"
loop:
- src: templates/network/wireguard/media/mobile_1.wireguard.j2
dest: /tmp/mobile_1.conf

29
tasks/woodpecker_ci.yml
View file

@ -1,42 +1,43 @@
---
- name: Create required directories
become: true
ansible.builtin.file:
path: '{{ item.path }}'
state: '{{ item.state }}'
mode: '{{ item.mode }}'
owner: '{{ item.owner }}'
group: '{{ item.group }}'
path: "{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- path: '{{ woodpecker_app_dir }}'
- path: "{{ woodpecker_app_dir }}"
owner: sonny
group: sonny
state: directory
mode: '0755'
mode: "0755"
- name: Copy docker-compose file
ansible.builtin.template:
src: 'templates/woodpecker_ci/docker-compose.j2'
dest: '{{ woodpecker_app_dir }}/docker-compose.yml'
mode: '0750'
src: "templates/woodpecker_ci/docker-compose.j2"
dest: "{{ woodpecker_app_dir }}/docker-compose.yml"
mode: "0750"
- name: Stop current containers
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
state: stopped
- name: Pull missing image
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
pull: missing
state: stopped
- name: Remove dangling containers
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
remove_orphans: true
state: stopped
- name: Start container
community.docker.docker_compose_v2:
project_src: '{{ woodpecker_app_dir }}'
project_src: "{{ woodpecker_app_dir }}"
state: present