Compare commits
No commits in common. "2842f1f8d1c06f9924ce9d031f5f8a8788ab6c47" and "fe6437c2f8c2dce45355055118bd9e084d707887" have entirely different histories.
2842f1f8d1
...
fe6437c2f8
36 changed files with 477 additions and 521 deletions
38
handlers.yml
38
handlers.yml
|
|
@ -1,60 +1,60 @@
|
||||||
---
|
- name: restart systemd-networkd
|
||||||
- name: Restart systemd-networkd
|
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
name: systemd-networkd
|
name: systemd-networkd
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Restart systemd-resolved
|
- name: restart systemd-resolved
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
name: systemd-resolved
|
name: systemd-resolved
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Restart nftables
|
- name: restart nftables
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
name: nftables.service
|
name: nftables.service
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Restart ssh
|
- name: restart ssh
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
name: ssh.service
|
name: ssh.service
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Restart docker service
|
- name: restart docker service
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
name: docker.service
|
name: docker.service
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Restart nginx
|
- name: restart nginx
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
name: nginx.service
|
name: nginx.service
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Enable transip-client timer
|
- name: enable transip-client timer
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
daemon-reload: true
|
daemon-reload: true
|
||||||
name: transip-client.timer
|
name: transip-client.timer
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Regenerate initramfs
|
- name: regenerate initramfs
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.command: update-initramfs -u -k all
|
command: update-initramfs -u -k all
|
||||||
- name: Restart certbot
|
|
||||||
|
- name: restart certbot
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
systemd:
|
||||||
name: certbot
|
name: certbot
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,8 @@
|
||||||
---
|
forgejo_app_dir: '/srv/docker/forgejo'
|
||||||
forgejo_app_dir: "/srv/docker/forgejo"
|
forgejo_data_dir: '/var/lib/vm/forgejo/data'
|
||||||
forgejo_data_dir: "/var/lib/vm/forgejo/data"
|
forgejo_postgres_dir: '/var/lib/vm/forgejo/postgres'
|
||||||
forgejo_postgres_dir: "/var/lib/vm/forgejo/postgres"
|
|
||||||
|
|
||||||
forgejo_image_tag: "codeberg.org/forgejo/forgejo:11"
|
forgejo_image_tag: 'codeberg.org/forgejo/forgejo:11'
|
||||||
|
|
||||||
forgejo_postgres_user: forgejo
|
forgejo_postgres_user: forgejo
|
||||||
forgejo_postgres_name: forgejo
|
forgejo_postgres_name: forgejo
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
glitchtip_image_tag: glitchtip/glitchtip:v4.2
|
glitchtip_image_tag: glitchtip/glitchtip:v4.2
|
||||||
|
|
||||||
glitchtip_app_dir: /srv/docker/glitchtip
|
glitchtip_app_dir: /srv/docker/glitchtip
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
jellyfin_image_tag: jellyfin/jellyfin:10.10.7
|
jellyfin_image_tag: jellyfin/jellyfin:10.10.7
|
||||||
jellyfin_app_dir: /srv/docker/jellyfin
|
jellyfin_app_dir: /srv/docker/jellyfin
|
||||||
jellyfin_configuration_dir: /home/sonny/.config/jellyfin
|
jellyfin_configuration_dir: /home/sonny/.config/jellyfin
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
packages:
|
packages:
|
||||||
- nftables
|
- nftables
|
||||||
- syncthing
|
- syncthing
|
||||||
|
|
@ -13,12 +12,12 @@ packages:
|
||||||
- certbot
|
- certbot
|
||||||
- unattended-upgrades
|
- unattended-upgrades
|
||||||
|
|
||||||
vpn_config_dir: "/etc/wireguard"
|
vpn_config_dir: '/etc/wireguard'
|
||||||
|
|
||||||
hostname: "fudiggity"
|
hostname: 'fudiggity'
|
||||||
|
|
||||||
xdg_config_dir: "/home/sonny/.config"
|
xdg_config_dir: '/home/sonny/.config'
|
||||||
xdg_data_dir: "/home/sonny/.local/share"
|
xdg_data_dir: '/home/sonny/.local/share'
|
||||||
xdg_state_dir: "/home/sonny/.local/state"
|
xdg_state_dir: '/home/sonny/.local/state'
|
||||||
|
|
||||||
systemd_service_dir: /etc/systemd/system
|
systemd_service_dir: /etc/systemd/system
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
---
|
mpd_app_dir: '/srv/docker/mpd'
|
||||||
mpd_app_dir: "/srv/docker/mpd"
|
mpd_music_dir: '/home/sonny/music'
|
||||||
mpd_music_dir: "/home/sonny/music"
|
|
||||||
|
|
||||||
mpd_config_dir: "{{ xdg_config_dir }}/mpd"
|
mpd_config_dir: '{{ xdg_config_dir }}/mpd'
|
||||||
mpd_playlist_dir: "{{ xdg_data_dir }}/mpd/playlists"
|
mpd_playlist_dir: '{{ xdg_data_dir }}/mpd/playlists'
|
||||||
mpd_state_dir: "{{ xdg_state_dir }}/mpd"
|
mpd_state_dir: '{{ xdg_state_dir }}/mpd'
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
network_interface: link1
|
network_interface: link1
|
||||||
network_mac: 00:1b:21:3b:50:e2
|
network_mac: 00:1b:21:3b:50:e2
|
||||||
|
|
||||||
|
|
@ -14,22 +13,22 @@ ssh_port: 39901
|
||||||
|
|
||||||
vpn_listen_address: 10.0.0.1
|
vpn_listen_address: 10.0.0.1
|
||||||
vpn_prefix: 24
|
vpn_prefix: 24
|
||||||
vpn_subnet: "10.0.0.0/{{ vpn_prefix }}"
|
vpn_subnet: '10.0.0.0/{{ vpn_prefix }}'
|
||||||
vpn_port: 51902
|
vpn_port: 51902
|
||||||
vpn_interface: wg0
|
vpn_interface: wg0
|
||||||
vpn_domain: "vpn.{{ domain_name }}"
|
vpn_domain: 'vpn.{{ domain_name }}'
|
||||||
|
|
||||||
vpn_media_listen_address: 10.0.1.1
|
vpn_media_listen_address: 10.0.1.1
|
||||||
vpn_media_prefix: 24
|
vpn_media_prefix: 24
|
||||||
vpn_media_subnet: "10.0.1.0/{{ vpn_media_prefix }}"
|
vpn_media_subnet: '10.0.1.0/{{ vpn_media_prefix }}'
|
||||||
vpn_media_port: 51903
|
vpn_media_port: 51903
|
||||||
vpn_media_interface: wg1
|
vpn_media_interface: wg1
|
||||||
vpn_media_domain: "media-vpn.{{ domain_name }}"
|
vpn_media_domain: 'media-vpn.{{ domain_name }}'
|
||||||
|
|
||||||
mpd_domain: "mpd.{{ domain_name }}"
|
mpd_domain: 'mpd.{{ domain_name }}'
|
||||||
mpd_listen_address: 0.0.0.0
|
mpd_listen_address: 0.0.0.0
|
||||||
mpd_prefix: 24
|
mpd_prefix: 24
|
||||||
mpd_subnet: "172.128.238.0/{{ mpd_prefix }}"
|
mpd_subnet: '172.128.238.0/{{ mpd_prefix }}'
|
||||||
mpd_port: 21000
|
mpd_port: 21000
|
||||||
mpd_http_stream_port: 8000
|
mpd_http_stream_port: 8000
|
||||||
mpd_http_mobile_stream_port: 8001
|
mpd_http_mobile_stream_port: 8001
|
||||||
|
|
@ -52,31 +51,31 @@ glitchtip_ip: 127.0.0.1
|
||||||
glitchtip_app_port: 7200
|
glitchtip_app_port: 7200
|
||||||
glitchtip_domain: glitchtip.fudiggity.nl
|
glitchtip_domain: glitchtip.fudiggity.nl
|
||||||
|
|
||||||
syncthing_domain: "syncthing.{{ domain_name }}"
|
syncthing_domain: 'syncthing.{{ domain_name }}'
|
||||||
syncthing_listen_address: 0.0.0.0
|
syncthing_listen_address: 0.0.0.0
|
||||||
syncthing_prefix: 24
|
syncthing_prefix: 24
|
||||||
syncthing_subnet: "172.32.238.0/{{ syncthing_prefix }}"
|
syncthing_subnet: '172.32.238.0/{{ syncthing_prefix }}'
|
||||||
syncthing_gui_port: 8384
|
syncthing_gui_port: 8384
|
||||||
syncthing_protocol_port: 22000
|
syncthing_protocol_port: 22000
|
||||||
syncthing_nginx_ip: 172.32.238.10
|
syncthing_nginx_ip: 172.32.238.10
|
||||||
syncthing_app_ip: 172.32.238.11
|
syncthing_app_ip: 172.32.238.11
|
||||||
|
|
||||||
radicale_domain: "radicale.{{ domain_name }}"
|
radicale_domain: 'radicale.{{ domain_name }}'
|
||||||
radicale_prefix: 24
|
radicale_prefix: 24
|
||||||
radicale_subnet: "172.64.238.0/{{ radicale_prefix }}"
|
radicale_subnet: '172.64.238.0/{{ radicale_prefix }}'
|
||||||
radicale_nginx_ip: 172.64.238.10
|
radicale_nginx_ip: 172.64.238.10
|
||||||
radicale_app_port: 5232
|
radicale_app_port: 5232
|
||||||
radicale_app_ip: 172.64.238.11
|
radicale_app_ip: 172.64.238.11
|
||||||
|
|
||||||
transmission_domain: "transmission.{{ domain_name }}"
|
transmission_domain: 'transmission.{{ domain_name }}'
|
||||||
transmission_prefix: 24
|
transmission_prefix: 24
|
||||||
transmission_subnet: "172.16.238.0/{{ transmission_prefix }}"
|
transmission_subnet: '172.16.238.0/{{ transmission_prefix }}'
|
||||||
transmission_web_port: 9091
|
transmission_web_port: 9091
|
||||||
transmission_peer_port: 51413
|
transmission_peer_port: 51413
|
||||||
transmission_nginx_ip: 172.16.238.10
|
transmission_nginx_ip: 172.16.238.10
|
||||||
|
|
||||||
jellyfin_domain: "jellyfin.{{ domain_name }}"
|
jellyfin_domain: 'jellyfin.{{ domain_name }}'
|
||||||
jellyfin_prefix: 24
|
jellyfin_prefix: 24
|
||||||
jellyfin_subnet: "172.8.238.0/{{ jellyfin_prefix }}"
|
jellyfin_subnet: '172.8.238.0/{{ jellyfin_prefix }}'
|
||||||
jellyfin_web_port: 8096
|
jellyfin_web_port: 8096
|
||||||
jellyfin_nginx_ip: 172.8.238.10
|
jellyfin_nginx_ip: 172.8.238.10
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
newsreader_app_name: newsreader
|
newsreader_app_name: newsreader
|
||||||
newsreader_app_repository: https://forgejo.fudiggity.nl/sonny/newsreader
|
newsreader_app_repository: https://forgejo.fudiggity.nl/sonny/newsreader
|
||||||
newsreader_app_ref: 0.5.3
|
newsreader_app_ref: 0.5.3
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
radicale_app_dir: '/srv/docker/radicale'
|
||||||
radicale_app_dir: "/srv/docker/radicale"
|
radicale_collection_dir: '{{ radicale_app_dir }}/collections'
|
||||||
radicale_collection_dir: "{{ radicale_app_dir }}/collections"
|
|
||||||
|
|
||||||
radicale_version: 3.5.1
|
radicale_version: 3.5.1
|
||||||
radicale_python_version: 3.13
|
radicale_python_version: 3.13
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
syncthing_app_dir: '/srv/docker/syncthing'
|
||||||
syncthing_app_dir: "/srv/docker/syncthing"
|
|
||||||
syncthing_config_version: 37
|
syncthing_config_version: 37
|
||||||
syncthing_api_key: !vault |
|
syncthing_api_key: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
transip_client_repository: https://forgejo.fudiggity.nl/sonny/transip-client
|
transip_client_repository: https://forgejo.fudiggity.nl/sonny/transip-client
|
||||||
|
|
||||||
transip_client_app_ref: 0.7.0
|
transip_client_app_ref: 0.7.0
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
transmission_app_dir: '/srv/docker/tranmission'
|
||||||
transmission_app_dir: "/srv/docker/tranmission"
|
transmission_download_dir: '/home/sonny/downloads'
|
||||||
transmission_download_dir: "/home/sonny/downloads"
|
transmission_incomplete_dir: '/home/sonny/downloads/incomplete_downloads'
|
||||||
transmission_incomplete_dir: "/home/sonny/downloads/incomplete_downloads"
|
|
||||||
|
|
||||||
transmission_ratelimit_ratio: 2
|
transmission_ratelimit_ratio: 2
|
||||||
|
|
|
||||||
|
|
@ -1,32 +1,31 @@
|
||||||
---
|
vpn_server_public_key_path: '{{ vpn_config_dir }}/keys/public/server.pub'
|
||||||
vpn_server_public_key_path: "{{ vpn_config_dir }}/keys/public/server.pub"
|
vpn_server_public_key_source_path: 'files/wireguard/default/server.pub'
|
||||||
vpn_server_public_key_source_path: "files/wireguard/default/server.pub"
|
vpn_server_key_path: '{{ vpn_config_dir }}/keys/private/server.key'
|
||||||
vpn_server_key_path: "{{ vpn_config_dir }}/keys/private/server.key"
|
|
||||||
|
|
||||||
copy_vpn_configurations: false
|
copy_vpn_configurations: false
|
||||||
|
|
||||||
vpn_peers:
|
vpn_peers:
|
||||||
laptop:
|
laptop:
|
||||||
ip: "10.0.0.2"
|
ip: '10.0.0.2'
|
||||||
public_key: "EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw="
|
public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw='
|
||||||
preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-laptop.psk"
|
preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-laptop.psk'
|
||||||
preshared_key_source_path: "files/wireguard/default/preshared-laptop.psk"
|
preshared_key_source_path: 'files/wireguard/default/preshared-laptop.psk'
|
||||||
|
|
||||||
desktop:
|
desktop:
|
||||||
ip: "10.0.0.3"
|
ip: '10.0.0.3'
|
||||||
public_key: "izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4="
|
public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4='
|
||||||
preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-desktop.psk"
|
preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-desktop.psk'
|
||||||
preshared_key_source_path: "files/wireguard/default/preshared-desktop.psk"
|
preshared_key_source_path: 'files/wireguard/default/preshared-desktop.psk'
|
||||||
|
|
||||||
# has extra key to generate mobile configuration file
|
# has extra key to generate mobile configuration file
|
||||||
mobile:
|
mobile:
|
||||||
ip: "10.0.0.4"
|
ip: '10.0.0.4'
|
||||||
allowed_ips:
|
allowed_ips:
|
||||||
- "{{ vpn_subnet }}"
|
- '{{ vpn_subnet }}'
|
||||||
- "{{ transmission_subnet }}"
|
- '{{ transmission_subnet }}'
|
||||||
- "{{ syncthing_subnet }}"
|
- '{{ syncthing_subnet }}'
|
||||||
- "{{ radicale_subnet }}"
|
- '{{ radicale_subnet }}'
|
||||||
public_key: "4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY="
|
public_key: '4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY='
|
||||||
preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-mobile.psk"
|
preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-mobile.psk'
|
||||||
preshared_key_source_path: "files/wireguard/default/preshared-mobile.psk"
|
preshared_key_source_path: 'files/wireguard/default/preshared-mobile.psk'
|
||||||
private_key_source_path: "files/wireguard/default/mobile.key"
|
private_key_source_path: 'files/wireguard/default/mobile.key'
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
vpn_media_server_public_key_path: "{{ vpn_config_dir }}/keys/public/media_server.pub"
|
vpn_media_server_public_key_path: "{{ vpn_config_dir }}/keys/public/media_server.pub"
|
||||||
vpn_media_server_public_key_source_path: files/wireguard/media/server.pub
|
vpn_media_server_public_key_source_path: files/wireguard/media/server.pub
|
||||||
vpn_media_server_key_path: "{{ vpn_config_dir }}/keys/private/media_server.key"
|
vpn_media_server_key_path: "{{ vpn_config_dir }}/keys/private/media_server.key"
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,12 @@
|
||||||
---
|
woodpecker_domain: 'woodpecker.fudiggity.nl'
|
||||||
woodpecker_domain: "woodpecker.fudiggity.nl"
|
|
||||||
|
|
||||||
woodpecker_image_tag: "woodpeckerci/woodpecker-server:v2.8.0"
|
woodpecker_image_tag: 'woodpeckerci/woodpecker-server:v2.8.0'
|
||||||
woodpecker_agent_tag: "woodpeckerci/woodpecker-agent:v2.8.0"
|
woodpecker_agent_tag: 'woodpeckerci/woodpecker-agent:v2.8.0'
|
||||||
|
|
||||||
woodpecker_postgres_user: woodpecker
|
woodpecker_postgres_user: woodpecker
|
||||||
woodpecker_postgres_name: woodpecker
|
woodpecker_postgres_name: woodpecker
|
||||||
|
|
||||||
woodpecker_app_dir: "/srv/docker/woodpecker"
|
woodpecker_app_dir: '/srv/docker/woodpecker'
|
||||||
|
|
||||||
woodpecker_forgejo_url: https://forgejo.fudiggity.nl
|
woodpecker_forgejo_url: https://forgejo.fudiggity.nl
|
||||||
woodpecker_forgejo_client: f467d6ee-6095-4c90-9d14-674d60b07183
|
woodpecker_forgejo_client: f467d6ee-6095-4c90-9d14-674d60b07183
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
bookworm:
|
bookworm:
|
||||||
hosts:
|
hosts:
|
||||||
fudiggity:
|
fudiggity:
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,10 @@
|
||||||
---
|
|
||||||
- name: Provision debian server
|
- name: Provision debian server
|
||||||
hosts: bookworm
|
hosts: bookworm
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: Install shared packages
|
- name: Install shared packages
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: "{{ packages }}"
|
name: '{{ packages }}'
|
||||||
tasks:
|
tasks:
|
||||||
- name: Generic provisioning
|
- name: Generic provisioning
|
||||||
ansible.builtin.import_tasks: tasks/setup.yml
|
ansible.builtin.import_tasks: tasks/setup.yml
|
||||||
|
|
@ -72,4 +71,4 @@
|
||||||
tags: transip-client
|
tags: transip-client
|
||||||
handlers:
|
handlers:
|
||||||
- name: Import handlers
|
- name: Import handlers
|
||||||
ansible.builtin.import_tasks: "handlers.yml"
|
ansible.builtin.import_tasks: 'handlers.yml'
|
||||||
|
|
|
||||||
|
|
@ -1,37 +1,35 @@
|
||||||
---
|
- name: 'prepare apt keyring'
|
||||||
- name: "Prepare apt keyring"
|
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.command: install -m 0755 -d /etc/apt/keyrings
|
command: install -m 0755 -d /etc/apt/keyrings
|
||||||
|
|
||||||
- name: "Create docker directory"
|
- name: 'create docker directory'
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
file:
|
||||||
path: "/etc/docker"
|
path: '/etc/docker'
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
|
||||||
- name: "Copy docker files"
|
- name: 'copy docker files'
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
copy:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
owner: root
|
owner: root
|
||||||
loop:
|
loop:
|
||||||
- { src: "files/docker/apt.gpg", dest: "/etc/apt/keyrings/docker.gpg" }
|
- { src: 'files/docker/apt.gpg', dest: '/etc/apt/keyrings/docker.gpg' }
|
||||||
- { src: "files/docker/config.json", dest: "/etc/docker/daemon.json" }
|
- { src: 'files/docker/config.json', dest: '/etc/docker/daemon.json' }
|
||||||
notify: restart docker service
|
notify: restart docker service
|
||||||
|
|
||||||
- name: "Install docker apt source"
|
- name: 'install docker apt source'
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
template:
|
||||||
src: "templates/docker.j2"
|
src: 'templates/docker.j2'
|
||||||
dest: "/etc/apt/sources.list.d/docker.sources"
|
dest: '/etc/apt/sources.list.d/docker.list'
|
||||||
mode: "0664"
|
|
||||||
owner: root
|
owner: root
|
||||||
|
|
||||||
- name: "Install docker"
|
- name: 'install docker'
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
state: present
|
state: present
|
||||||
name:
|
name:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
- name: Create git user
|
- name: Create git user
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
|
|
@ -10,54 +9,54 @@
|
||||||
- name: Create required directories
|
- name: Create required directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
state: "{{ item.state }}"
|
state: '{{ item.state }}'
|
||||||
mode: "{{ item.mode }}"
|
mode: '{{ item.mode }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ forgejo_app_dir }}"
|
- path: '{{ forgejo_app_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- path: "{{ forgejo_data_dir }}"
|
- path: '{{ forgejo_data_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- path: "{{ forgejo_postgres_password }}"
|
- path: '{{ forgejo_postgres_password }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy docker-compose file
|
- name: Copy docker-compose file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/forgejo/docker-compose.j2
|
src: templates/forgejo/docker-compose.j2
|
||||||
dest: "{{ forgejo_app_dir }}/docker-compose.yml"
|
dest: '{{ forgejo_app_dir }}/docker-compose.yml'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Stop current containers
|
- name: Stop current containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ forgejo_app_dir }}"
|
project_src: '{{ forgejo_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Pull missing image
|
- name: Pull missing image
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ forgejo_app_dir }}"
|
project_src: '{{ forgejo_app_dir }}'
|
||||||
pull: missing
|
pull: missing
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ forgejo_app_dir }}"
|
project_src: '{{ forgejo_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Start container
|
- name: Start container
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ forgejo_app_dir }}"
|
project_src: '{{ forgejo_app_dir }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,43 +1,42 @@
|
||||||
---
|
|
||||||
- name: Create required directories
|
- name: Create required directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
state: "{{ item.state }}"
|
state: '{{ item.state }}'
|
||||||
mode: "{{ item.mode }}"
|
mode: '{{ item.mode }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ glitchtip_app_dir }}"
|
- path: '{{ glitchtip_app_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy docker-compose file
|
- name: Copy docker-compose file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/glitchtip/docker-compose.j2
|
src: templates/glitchtip/docker-compose.j2
|
||||||
dest: "{{ glitchtip_app_dir }}/docker-compose.yml"
|
dest: '{{ glitchtip_app_dir }}/docker-compose.yml'
|
||||||
mode: "0750"
|
mode: '0750'
|
||||||
|
|
||||||
- name: Stop current containers
|
- name: Stop current containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ glitchtip_app_dir }}"
|
project_src: '{{ glitchtip_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Pull missing image
|
- name: Pull missing image
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ glitchtip_app_dir }}"
|
project_src: '{{ glitchtip_app_dir }}'
|
||||||
pull: missing
|
pull: missing
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ glitchtip_app_dir }}"
|
project_src: '{{ glitchtip_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Start container
|
- name: Start container
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ glitchtip_app_dir }}"
|
project_src: '{{ glitchtip_app_dir }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,30 +1,29 @@
|
||||||
---
|
|
||||||
- name: Create directories
|
- name: Create directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ jellyfin_configuration_dir }}"
|
- path: '{{ jellyfin_configuration_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- path: "{{ jellyfin_media_dir }}"
|
- path: '{{ jellyfin_media_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- path: "{{ jellyfin_cache_dir }}"
|
- path: '{{ jellyfin_cache_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- path: "{{ jellyfin_app_dir }}"
|
- path: '{{ jellyfin_app_dir }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- path: "{{ jellyfin_app_dir }}/nginx.conf.d"
|
- path: '{{ jellyfin_app_dir }}/nginx.conf.d'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
|
|
@ -32,38 +31,38 @@
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/jellyfin/docker-compose.j2
|
src: templates/jellyfin/docker-compose.j2
|
||||||
dest: "{{ jellyfin_app_dir }}/docker-compose.yml"
|
dest: '{{ jellyfin_app_dir }}/docker-compose.yml'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy NGINX configuration
|
- name: Copy NGINX configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/jellyfin/nginx.j2"
|
src: 'templates/jellyfin/nginx.j2'
|
||||||
dest: "{{ jellyfin_app_dir }}/nginx.conf.d/default.conf"
|
dest: '{{ jellyfin_app_dir }}/nginx.conf.d/default.conf'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Stop jellyfin
|
- name: Stop jellyfin
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ jellyfin_app_dir }}"
|
project_src: '{{ jellyfin_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Pull {{ image_tag }}
|
- name: Pull {{ image_tag }}
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ jellyfin_app_dir }}"
|
project_src: '{{ jellyfin_app_dir }}'
|
||||||
pull: missing
|
pull: missing
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ jellyfin_app_dir }}"
|
project_src: '{{ jellyfin_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Start jellyfin
|
- name: Start jellyfin
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ jellyfin_app_dir }}"
|
project_src: '{{ jellyfin_app_dir }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
- name: Stop systemd mpd service
|
- name: Stop systemd mpd service
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
|
|
@ -16,92 +15,92 @@
|
||||||
- name: Remove previous configurations
|
- name: Remove previous configurations
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
state: absent
|
state: absent
|
||||||
loop:
|
loop:
|
||||||
- path: "/etc/systemd/system/mpd.service.d"
|
- path: '/etc/systemd/system/mpd.service.d'
|
||||||
- path: "/etc/systemd/system/mpd.socket.d"
|
- path: '/etc/systemd/system/mpd.socket.d'
|
||||||
|
|
||||||
- name: Create mpd directories
|
- name: Create mpd directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ mpd_config_dir }}"
|
- path: '{{ mpd_config_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- path: "{{ mpd_playlist_dir }}"
|
- path: '{{ mpd_playlist_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- path: "{{ mpd_state_dir }}"
|
- path: '{{ mpd_state_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- path: "{{ mpd_app_dir }}"
|
- path: '{{ mpd_app_dir }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Copy mpd templates
|
- name: Copy mpd templates
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
mode: "{{ item.mode }}"
|
mode: '{{ item.mode }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
loop:
|
loop:
|
||||||
- src: templates/mpd/config.j2
|
- src: templates/mpd/config.j2
|
||||||
dest: "{{ mpd_config_dir }}/mpd.conf"
|
dest: '{{ mpd_config_dir }}/mpd.conf'
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- src: templates/mpd/dockerfile.j2
|
- src: templates/mpd/dockerfile.j2
|
||||||
dest: "{{ mpd_app_dir }}/Dockerfile"
|
dest: '{{ mpd_app_dir }}/Dockerfile'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- src: templates/mpd/docker-compose.j2
|
- src: templates/mpd/docker-compose.j2
|
||||||
dest: "{{ mpd_app_dir }}/docker-compose.yml"
|
dest: '{{ mpd_app_dir }}/docker-compose.yml'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- name: Create mpd files
|
- name: Create mpd files
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: '{{ item }}'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
state: touch
|
state: touch
|
||||||
loop:
|
loop:
|
||||||
- "{{ mpd_config_dir }}/db"
|
- '{{ mpd_config_dir }}/db'
|
||||||
- "{{ mpd_config_dir }}/sticker.sql"
|
- '{{ mpd_config_dir }}/sticker.sql'
|
||||||
- "{{ mpd_state_dir }}/state"
|
- '{{ mpd_state_dir }}/state'
|
||||||
|
|
||||||
- name: Stop current containers
|
- name: Stop current containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ mpd_app_dir }}"
|
project_src: '{{ mpd_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Build image
|
- name: Build image
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ mpd_app_dir }}"
|
project_src: '{{ mpd_app_dir }}'
|
||||||
build: always
|
build: always
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ mpd_app_dir }}"
|
project_src: '{{ mpd_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Start container
|
- name: Start container
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ mpd_app_dir }}"
|
project_src: '{{ mpd_app_dir }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,17 @@
|
||||||
---
|
|
||||||
- name: Copy network configuration files
|
- name: Copy network configuration files
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: systemd-network
|
group: systemd-network
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
loop:
|
loop:
|
||||||
- src: "templates/network/link1.link.j2"
|
- src: 'templates/network/link1.link.j2'
|
||||||
dest: "/etc/systemd/network/98-link1.link"
|
dest: '/etc/systemd/network/98-link1.link'
|
||||||
|
|
||||||
- src: "templates/network/link1.network.j2"
|
- src: 'templates/network/link1.network.j2'
|
||||||
dest: "/etc/systemd/network/98-link1.network"
|
dest: '/etc/systemd/network/98-link1.network'
|
||||||
notify:
|
notify:
|
||||||
- restart systemd-networkd
|
- restart systemd-networkd
|
||||||
- regenerate initramfs # copies the files into the initramfs for when udev needs them
|
- regenerate initramfs # copies the files into the initramfs for when udev needs them
|
||||||
|
|
@ -20,34 +19,34 @@
|
||||||
- name: Set hostname
|
- name: Set hostname
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.hostname:
|
ansible.builtin.hostname:
|
||||||
name: "{{ hostname }}"
|
name: '{{ hostname }}'
|
||||||
use: systemd
|
use: systemd
|
||||||
|
|
||||||
- name: Copy hosts file
|
- name: Copy hosts file
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "network/hosts.j2"
|
src: 'network/hosts.j2'
|
||||||
dest: "/etc/hosts"
|
dest: '/etc/hosts'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
owner: root
|
owner: root
|
||||||
|
|
||||||
- name: Copy resolved.conf configuration
|
- name: Copy resolved.conf configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "network/resolved.j2"
|
src: 'network/resolved.j2'
|
||||||
dest: "/etc/systemd/resolved.conf"
|
dest: '/etc/systemd/resolved.conf'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
owner: root
|
owner: root
|
||||||
notify: restart systemd-resolved
|
notify: restart systemd-resolved
|
||||||
|
|
||||||
- name: Copy firewall template
|
- name: Copy firewall template
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/nftables.j2"
|
src: 'templates/nftables.j2'
|
||||||
dest: "/etc/nftables.conf"
|
dest: '/etc/nftables.conf'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
notify:
|
notify:
|
||||||
- restart nftables
|
- restart nftables
|
||||||
- restart docker service
|
- restart docker service
|
||||||
|
|
|
||||||
|
|
@ -1,42 +1,41 @@
|
||||||
---
|
|
||||||
- name: Create newsreader app directory
|
- name: Create newsreader app directory
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ newsreader_app_dir }}"
|
path: '{{ newsreader_app_dir }}'
|
||||||
state: directory
|
state: directory
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Clone project
|
- name: Clone project
|
||||||
ansible.builtin.git:
|
ansible.builtin.git:
|
||||||
repo: "{{ newsreader_app_repository }}"
|
repo: '{{ newsreader_app_repository }}'
|
||||||
dest: "{{ newsreader_app_dir }}"
|
dest: '{{ newsreader_app_dir }}'
|
||||||
version: "{{ newsreader_app_ref }}"
|
version: '{{ newsreader_app_ref }}'
|
||||||
|
|
||||||
- name: Copy templates
|
- name: Copy templates
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
mode: "{{ item.mode }}"
|
mode: '{{ item.mode }}'
|
||||||
loop:
|
loop:
|
||||||
- src: templates/newsreader/env.j2
|
- src: templates/newsreader/env.j2
|
||||||
dest: "{{ newsreader_app_dir }}/.production.env"
|
dest: '{{ newsreader_app_dir }}/.production.env'
|
||||||
mode: "0750"
|
mode: '0750'
|
||||||
- src: templates/newsreader/docker-compose.j2
|
- src: templates/newsreader/docker-compose.j2
|
||||||
dest: "{{ newsreader_app_dir }}/docker-compose.resources.yml"
|
dest: '{{ newsreader_app_dir }}/docker-compose.resources.yml'
|
||||||
mode: "0750"
|
mode: '0750'
|
||||||
|
|
||||||
- name: Stop current containers
|
- name: Stop current containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ newsreader_app_dir }}"
|
project_src: '{{ newsreader_app_dir }}'
|
||||||
env_files:
|
env_files:
|
||||||
- .production.env
|
- .production.env
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ newsreader_app_dir }}"
|
project_src: '{{ newsreader_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
|
|
@ -54,6 +53,6 @@
|
||||||
- docker-compose.yml
|
- docker-compose.yml
|
||||||
- docker-compose.production.yml
|
- docker-compose.production.yml
|
||||||
- docker-compose.resources.yml
|
- docker-compose.resources.yml
|
||||||
project_src: "{{ newsreader_app_dir }}"
|
project_src: '{{ newsreader_app_dir }}'
|
||||||
build: always
|
build: always
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,44 +1,44 @@
|
||||||
---
|
|
||||||
- name: Copy nginx configuration files
|
- name: Copy nginx configuration files
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
loop:
|
loop:
|
||||||
- src: "templates/nginx/default.j2"
|
- src: 'templates/nginx/default.j2'
|
||||||
dest: "/etc/nginx/sites-available/default"
|
dest: '/etc/nginx/sites-available/default'
|
||||||
- src: "templates/nginx/forgejo.j2"
|
- src: 'templates/nginx/forgejo.j2'
|
||||||
dest: "/etc/nginx/sites-available/forgejo"
|
dest: '/etc/nginx/sites-available/forgejo'
|
||||||
- src: "templates/nginx/woodpecker.j2"
|
- src: 'templates/nginx/woodpecker.j2'
|
||||||
dest: "/etc/nginx/sites-available/woodpecker"
|
dest: '/etc/nginx/sites-available/woodpecker'
|
||||||
- src: "templates/nginx/glitchtip.j2"
|
- src: 'templates/nginx/glitchtip.j2'
|
||||||
dest: "/etc/nginx/sites-available/glitchtip"
|
dest: '/etc/nginx/sites-available/glitchtip'
|
||||||
- src: "templates/nginx/newsreader.j2"
|
- src: 'templates/nginx/newsreader.j2'
|
||||||
dest: "/etc/nginx/sites-available/newsreader"
|
dest: '/etc/nginx/sites-available/newsreader'
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: Create configuration links
|
- name: Create configuration links
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
state: link
|
state: link
|
||||||
loop:
|
loop:
|
||||||
- src: "/etc/nginx/sites-available/default"
|
- src: '/etc/nginx/sites-available/default'
|
||||||
dest: "/etc/nginx/sites-enabled/default"
|
dest: '/etc/nginx/sites-enabled/default'
|
||||||
- src: "/etc/nginx/sites-available/forgejo"
|
- src: '/etc/nginx/sites-available/forgejo'
|
||||||
dest: "/etc/nginx/sites-enabled/forgejo"
|
dest: '/etc/nginx/sites-enabled/forgejo'
|
||||||
- src: "/etc/nginx/sites-available/woodpecker"
|
- src: '/etc/nginx/sites-available/woodpecker'
|
||||||
dest: "/etc/nginx/sites-enabled/woodpecker"
|
dest: '/etc/nginx/sites-enabled/woodpecker'
|
||||||
- src: "/etc/nginx/sites-available/glitchtip"
|
- src: '/etc/nginx/sites-available/glitchtip'
|
||||||
dest: "/etc/nginx/sites-enabled/glitchtip"
|
dest: '/etc/nginx/sites-enabled/glitchtip'
|
||||||
- src: "/etc/nginx/sites-available/newsreader"
|
- src: '/etc/nginx/sites-available/newsreader'
|
||||||
dest: "/etc/nginx/sites-enabled/newsreader"
|
dest: '/etc/nginx/sites-enabled/newsreader'
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
|
|
||||||
# Run the folowing command to regenerate a certificate:
|
# Run the folowing command to regenerate a certificate:
|
||||||
#
|
#
|
||||||
# sudo certbot certonly \
|
# sudo certbot certonly \
|
||||||
|
|
@ -55,11 +55,11 @@
|
||||||
- name: Copy letsencrypt configuration
|
- name: Copy letsencrypt configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/letsencrypt/cli.j2"
|
src: 'templates/letsencrypt/cli.j2'
|
||||||
dest: "/etc/letsencrypt/cli.ini"
|
dest: '/etc/letsencrypt/cli.ini'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
notify: restart certbot
|
notify: restart certbot
|
||||||
|
|
||||||
- name: Enable certbot periodic certificate renewal
|
- name: Enable certbot periodic certificate renewal
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
- name: Stop previous radicale service
|
- name: Stop previous radicale service
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
|
|
@ -25,13 +24,13 @@
|
||||||
- name: Remove radicale virtualenv directory
|
- name: Remove radicale virtualenv directory
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/usr/local/lib/radicale"
|
path: '/usr/local/lib/radicale'
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: Remove Radicale files
|
- name: Remove Radicale files
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: '{{ item }}'
|
||||||
state: absent
|
state: absent
|
||||||
loop:
|
loop:
|
||||||
- /etc/nginx/radicale
|
- /etc/nginx/radicale
|
||||||
|
|
@ -42,85 +41,85 @@
|
||||||
- name: Create Radicale directories
|
- name: Create Radicale directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ radicale_app_dir }}"
|
- path: '{{ radicale_app_dir }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
- path: "{{ radicale_collection_dir }}"
|
- path: '{{ radicale_collection_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
- path: "{{ radicale_app_dir }}/nginx.conf.d"
|
- path: '{{ radicale_app_dir }}/nginx.conf.d'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- name: Copy Radicale docker file
|
- name: Copy Radicale docker file
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/radicale/dockerfile.j2"
|
src: 'templates/radicale/dockerfile.j2'
|
||||||
dest: "{{ radicale_app_dir }}/Dockerfile"
|
dest: '{{ radicale_app_dir }}/Dockerfile'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy docker compose
|
- name: Copy docker compose
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/radicale/docker-compose.j2"
|
src: 'templates/radicale/docker-compose.j2'
|
||||||
dest: "{{ radicale_app_dir }}/docker-compose.yml"
|
dest: '{{ radicale_app_dir }}/docker-compose.yml'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy Radicale configuration
|
- name: Copy Radicale configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/radicale/conf.j2"
|
src: 'templates/radicale/conf.j2'
|
||||||
dest: "{{ radicale_app_dir }}/config"
|
dest: '{{ radicale_app_dir }}/config'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy Radicale user file
|
- name: Copy Radicale user file
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "files/radicale/radicale_users"
|
src: 'files/radicale/radicale_users'
|
||||||
dest: "{{ radicale_app_dir }}/radicale_users"
|
dest: '{{ radicale_app_dir }}/radicale_users'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0750"
|
mode: '0750'
|
||||||
|
|
||||||
- name: Copy NGINX configuration
|
- name: Copy NGINX configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/radicale/nginx.j2"
|
src: 'templates/radicale/nginx.j2'
|
||||||
dest: "{{ radicale_app_dir }}/nginx.conf.d/default.conf"
|
dest: '{{ radicale_app_dir }}/nginx.conf.d/default.conf'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Stop current containers
|
- name: Stop current containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ radicale_app_dir }}"
|
project_src: '{{ radicale_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Pull missing image
|
- name: Pull missing image
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ radicale_app_dir }}"
|
project_src: '{{ radicale_app_dir }}'
|
||||||
build: always
|
build: always
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ radicale_app_dir }}"
|
project_src: '{{ radicale_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Start container
|
- name: Start container
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ radicale_app_dir }}"
|
project_src: '{{ radicale_app_dir }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,27 +1,26 @@
|
||||||
---
|
|
||||||
- name: Copy nsswitch file
|
- name: Copy nsswitch file
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "nsswitch.j2"
|
src: 'nsswitch.j2'
|
||||||
dest: "/etc/nsswitch.conf"
|
dest: '/etc/nsswitch.conf'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
owner: root
|
owner: root
|
||||||
|
|
||||||
- name: Copy ssh template
|
- name: Copy ssh template
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/ssh.j2"
|
src: 'templates/ssh.j2'
|
||||||
dest: "/etc/ssh/sshd_config"
|
dest: '/etc/ssh/sshd_config'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
notify: restart ssh
|
notify: restart ssh
|
||||||
|
|
||||||
- name: Copy wezterm terminfo file
|
- name: Copy wezterm terminfo file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "files/wezterm.terminfo"
|
src: 'files/wezterm.terminfo'
|
||||||
dest: /home/sonny/.terminfo
|
dest: /home/sonny/.terminfo
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
notify: Compile wezterm terminfo file
|
notify: Compile wezterm terminfo file
|
||||||
|
|
||||||
- name: Disable user lingering
|
- name: Disable user lingering
|
||||||
|
|
@ -32,10 +31,10 @@
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/unattended-upgrades.j2
|
src: templates/unattended-upgrades.j2
|
||||||
dest: "/etc/apt/apt.conf.d/10periodic"
|
dest: '/etc/apt/apt.conf.d/10periodic'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Enable unattended upgrades timer
|
- name: Enable unattended upgrades timer
|
||||||
become: true
|
become: true
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
- name: Disable system process
|
- name: Disable system process
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
|
|
@ -9,19 +8,19 @@
|
||||||
- name: Create Syncthing directories
|
- name: Create Syncthing directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ syncthing_app_dir }}"
|
- path: '{{ syncthing_app_dir }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
- path: "{{ syncthing_app_dir }}/state"
|
- path: '{{ syncthing_app_dir }}/state'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
- path: "{{ syncthing_app_dir }}/nginx.conf.d"
|
- path: '{{ syncthing_app_dir }}/nginx.conf.d'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
|
|
@ -34,48 +33,48 @@
|
||||||
- name: Copy docker compose configuration
|
- name: Copy docker compose configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/syncthing/docker-compose.j2"
|
src: 'templates/syncthing/docker-compose.j2'
|
||||||
dest: "{{ syncthing_app_dir }}/docker-compose.yml"
|
dest: '{{ syncthing_app_dir }}/docker-compose.yml'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy Syncthing configuration
|
- name: Copy Syncthing configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/syncthing/config.j2"
|
src: 'templates/syncthing/config.j2'
|
||||||
dest: "{{ syncthing_app_dir }}/state/config.xml"
|
dest: '{{ syncthing_app_dir }}/state/config.xml'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy NGINX configuration
|
- name: Copy NGINX configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/syncthing/nginx.j2"
|
src: 'templates/syncthing/nginx.j2'
|
||||||
dest: "{{ syncthing_app_dir }}/nginx.conf.d/default.conf"
|
dest: '{{ syncthing_app_dir }}/nginx.conf.d/default.conf'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Stop current containers
|
- name: Stop current containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ syncthing_app_dir }}"
|
project_src: '{{ syncthing_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Pull missing image
|
- name: Pull missing image
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ syncthing_app_dir }}"
|
project_src: '{{ syncthing_app_dir }}'
|
||||||
pull: missing
|
pull: missing
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ syncthing_app_dir }}"
|
project_src: '{{ syncthing_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Start container
|
- name: Start container
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ syncthing_app_dir }}"
|
project_src: '{{ syncthing_app_dir }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,33 +1,32 @@
|
||||||
---
|
|
||||||
- name: Create application directory
|
- name: Create application directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ transip_client_app_dir }}"
|
path: '{{ transip_client_app_dir }}'
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Clone project
|
- name: Clone project
|
||||||
ansible.builtin.git:
|
ansible.builtin.git:
|
||||||
repo: "{{ transip_client_repository }}"
|
repo: '{{ transip_client_repository }}'
|
||||||
dest: "{{ transip_client_app_dir }}"
|
dest: '{{ transip_client_app_dir }}'
|
||||||
version: "{{ transip_client_app_ref }}"
|
version: '{{ transip_client_app_ref }}'
|
||||||
|
|
||||||
- name: Copy environment variables file
|
- name: Copy environment variables file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/transip_client/env.j2
|
src: templates/transip_client/env.j2
|
||||||
dest: "{{ transip_client_env_src_path }}"
|
dest: '{{ transip_client_env_src_path }}'
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
|
|
||||||
- name: Copy private key file
|
- name: Copy private key file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: files/transip_client/private_key.key
|
src: files/transip_client/private_key.key
|
||||||
dest: "{{ transip_client_private_key_src_path }}"
|
dest: '{{ transip_client_private_key_src_path }}'
|
||||||
mode: "0600"
|
mode: '0600'
|
||||||
|
|
||||||
- name: Build docker image
|
- name: Build docker image
|
||||||
community.docker.docker_image_build:
|
community.docker.docker_image_build:
|
||||||
name: "{{ transip_client_image_name }}"
|
name: '{{ transip_client_image_name }}'
|
||||||
path: "{{ transip_client_app_dir }}"
|
path: '{{ transip_client_app_dir }}'
|
||||||
dockerfile: "{{ transip_client_app_dir }}/Dockerfile"
|
dockerfile: '{{ transip_client_app_dir }}/Dockerfile'
|
||||||
rebuild: always
|
rebuild: always
|
||||||
args:
|
args:
|
||||||
UV_ARGS: "--extra sentry-enabled"
|
UV_ARGS: "--extra sentry-enabled"
|
||||||
|
|
@ -35,21 +34,21 @@
|
||||||
- name: Copy start script
|
- name: Copy start script
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/transip_client/start.j2
|
src: templates/transip_client/start.j2
|
||||||
dest: "{{ transip_client_start_script }}"
|
dest: '{{ transip_client_start_script }}'
|
||||||
mode: "0750"
|
mode: '0750'
|
||||||
|
|
||||||
- name: Copy systemd templates
|
- name: Copy systemd templates
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
mode: "{{ item.mode }}"
|
mode: '{{ item.mode }}'
|
||||||
loop:
|
loop:
|
||||||
- src: templates/transip_client/timer.j2
|
- src: templates/transip_client/timer.j2
|
||||||
dest: "{{ systemd_service_dir }}/transip-client.timer"
|
dest: '{{ systemd_service_dir }}/transip-client.timer'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
|
|
||||||
- src: templates/transip_client/service.j2
|
- src: templates/transip_client/service.j2
|
||||||
dest: "{{ systemd_service_dir }}/transip-client.service"
|
dest: '{{ systemd_service_dir }}/transip-client.service'
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
notify: enable transip-client timer
|
notify: enable transip-client timer
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
# Note: requires an up-to-date ansible version to make us of docker compose file
|
# Note: requires an up-to-date ansible version to make us of docker compose file
|
||||||
## TODO: use tracker blocklist
|
## TODO: use tracker blocklist
|
||||||
#
|
#
|
||||||
|
|
@ -12,32 +11,32 @@
|
||||||
- name: Create Transmission directories
|
- name: Create Transmission directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ transmission_app_dir }}"
|
- path: '{{ transmission_app_dir }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
- path: "{{ transmission_app_dir }}/config"
|
- path: '{{ transmission_app_dir }}/config'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
- path: "{{ transmission_app_dir }}/nginx.conf.d"
|
- path: '{{ transmission_app_dir }}/nginx.conf.d'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
- path: "{{ transmission_download_dir }}"
|
- path: '{{ transmission_download_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
- path: "{{ transmission_incomplete_dir }}"
|
- path: '{{ transmission_incomplete_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
|
|
||||||
- name: Remove previous transmission configurations
|
- name: Remove previous transmission configurations
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: '{{ item }}'
|
||||||
state: absent
|
state: absent
|
||||||
loop:
|
loop:
|
||||||
- /etc/systemd/system/transmission-daemon.service.d
|
- /etc/systemd/system/transmission-daemon.service.d
|
||||||
|
|
@ -47,47 +46,47 @@
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: files/transmission/Dockerfile
|
src: files/transmission/Dockerfile
|
||||||
dest: "{{ transmission_app_dir }}/Dockerfile"
|
dest: '{{ transmission_app_dir }}/Dockerfile'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy docker compose configuration
|
- name: Copy docker compose configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/transmission/docker-compose.j2
|
src: templates/transmission/docker-compose.j2
|
||||||
dest: "{{ transmission_app_dir }}/docker-compose.yml"
|
dest: '{{ transmission_app_dir }}/docker-compose.yml'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
# Prevents Tranmission from overwiting configuration files
|
# Prevents Tranmission from overwiting configuration files
|
||||||
- name: Stop docker compose containers
|
- name: Stop docker compose containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ transmission_app_dir }}"
|
project_src: '{{ transmission_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Copy Transmission configuration
|
- name: Copy Transmission configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/transmission/config.j2"
|
src: 'templates/transmission/config.j2'
|
||||||
dest: "{{ transmission_app_dir }}/config/settings.json"
|
dest: '{{ transmission_app_dir }}/config/settings.json'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy NGINX configuration
|
- name: Copy NGINX configuration
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/transmission/nginx.j2
|
src: templates/transmission/nginx.j2
|
||||||
dest: "{{ transmission_app_dir }}/nginx.conf.d/default.conf"
|
dest: '{{ transmission_app_dir }}/nginx.conf.d/default.conf'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Start container
|
- name: Start container
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ transmission_app_dir }}"
|
project_src: '{{ transmission_app_dir }}'
|
||||||
build: always
|
build: always
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
- name: Copy Wireguard configuration files
|
- name: Copy Wireguard configuration files
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,11 @@
|
||||||
---
|
|
||||||
- name: Copy Wireguard media configuration files
|
- name: Copy Wireguard media configuration files
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: systemd-network
|
group: systemd-network
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
loop:
|
loop:
|
||||||
- src: templates/network/wireguard/media/wg1.netdev.j2
|
- src: templates/network/wireguard/media/wg1.netdev.j2
|
||||||
dest: /etc/systemd/network/wg1.netdev
|
dest: /etc/systemd/network/wg1.netdev
|
||||||
|
|
@ -17,81 +16,81 @@
|
||||||
- name: Create Wireguard media directories
|
- name: Create Wireguard media directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: '{{ item }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: systemd-network
|
group: systemd-network
|
||||||
mode: "0750"
|
mode: '0750'
|
||||||
state: directory
|
state: directory
|
||||||
recurse: true
|
recurse: true
|
||||||
loop:
|
loop:
|
||||||
- "{{ vpn_config_dir }}"
|
- '{{ vpn_config_dir }}'
|
||||||
- "{{ vpn_media_server_public_key_path | dirname }}"
|
- '{{ vpn_media_server_public_key_path | dirname }}'
|
||||||
- "{{ vpn_media_server_key_path | dirname }}"
|
- '{{ vpn_media_server_key_path | dirname }}'
|
||||||
|
|
||||||
- name: Copy Wireguard server media credentials
|
- name: Copy Wireguard server media credentials
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: systemd-network
|
group: systemd-network
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
loop:
|
loop:
|
||||||
- src: "files/wireguard/media/server.pub"
|
- src: 'files/wireguard/media/server.pub'
|
||||||
dest: "{{ vpn_media_server_public_key_path }}"
|
dest: '{{ vpn_media_server_public_key_path }}'
|
||||||
- src: "files/wireguard/media/server.key"
|
- src: 'files/wireguard/media/server.key'
|
||||||
dest: "{{ vpn_media_server_key_path }}"
|
dest: '{{ vpn_media_server_key_path }}'
|
||||||
|
|
||||||
- name: Copy Wireguard mobile media credentials
|
- name: Copy Wireguard mobile media credentials
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: systemd-network
|
group: systemd-network
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
loop:
|
loop:
|
||||||
- src: "files/wireguard/media/mobile-1.pub"
|
- src: 'files/wireguard/media/mobile-1.pub'
|
||||||
dest: "{{ vpn_config_dir }}/keys/public/mobile_1.pub"
|
dest: '{{ vpn_config_dir }}/keys/public/mobile_1.pub'
|
||||||
|
|
||||||
- src: "files/wireguard/media/mobile-1.key"
|
- src: 'files/wireguard/media/mobile-1.key'
|
||||||
dest: "{{ vpn_config_dir }}/keys/private/mobile_1.key"
|
dest: '{{ vpn_config_dir }}/keys/private/mobile_1.key'
|
||||||
|
|
||||||
- src: "files/wireguard/media/mobile-2.pub"
|
- src: 'files/wireguard/media/mobile-2.pub'
|
||||||
dest: "{{ vpn_config_dir }}/keys/public/mobile_2.pub"
|
dest: '{{ vpn_config_dir }}/keys/public/mobile_2.pub'
|
||||||
|
|
||||||
- src: "files/wireguard/media/mobile-2.key"
|
- src: 'files/wireguard/media/mobile-2.key'
|
||||||
dest: "{{ vpn_config_dir }}/keys/private/mobile_2.key"
|
dest: '{{ vpn_config_dir }}/keys/private/mobile_2.key'
|
||||||
|
|
||||||
- src: "files/wireguard/media/tv-1.pub"
|
- src: 'files/wireguard/media/tv-1.pub'
|
||||||
dest: "{{ vpn_config_dir }}/keys/public/tv-1.pub"
|
dest: '{{ vpn_config_dir }}/keys/public/tv-1.pub'
|
||||||
|
|
||||||
- src: "files/wireguard/media/tv-1.key"
|
- src: 'files/wireguard/media/tv-1.key'
|
||||||
dest: "{{ vpn_config_dir }}/keys/private/tv-1.key"
|
dest: '{{ vpn_config_dir }}/keys/private/tv-1.key'
|
||||||
|
|
||||||
- src: "files/wireguard/media/tv-2.pub"
|
- src: 'files/wireguard/media/tv-2.pub'
|
||||||
dest: "{{ vpn_config_dir }}/keys/public/tv-2.pub"
|
dest: '{{ vpn_config_dir }}/keys/public/tv-2.pub'
|
||||||
|
|
||||||
- src: "files/wireguard/media/tv-2.key"
|
- src: 'files/wireguard/media/tv-2.key'
|
||||||
dest: "{{ vpn_config_dir }}/keys/private/tv-2.key"
|
dest: '{{ vpn_config_dir }}/keys/private/tv-2.key'
|
||||||
|
|
||||||
- name: Copy wireguard media preshared keys
|
- name: Copy wireguard media preshared keys
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.value.preshared_key_source_path }}"
|
src: '{{ item.value.preshared_key_source_path }}'
|
||||||
dest: "{{ item.value.preshared_key_path }}"
|
dest: '{{ item.value.preshared_key_path }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: systemd-network
|
group: systemd-network
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
with_dict: "{{ vpn_media_peers }}"
|
with_dict: '{{ vpn_media_peers }}'
|
||||||
|
|
||||||
- name: Copy Wireguard external media configurations
|
- name: Copy Wireguard external media configurations
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: '{{ item.src }}'
|
||||||
dest: "{{ item.dest }}"
|
dest: '{{ item.dest }}'
|
||||||
mode: "0600"
|
mode: '0600'
|
||||||
owner: "{{ ansible_user_id }}"
|
owner: '{{ ansible_user_id }}'
|
||||||
loop:
|
loop:
|
||||||
- src: templates/network/wireguard/media/mobile_1.wireguard.j2
|
- src: templates/network/wireguard/media/mobile_1.wireguard.j2
|
||||||
dest: /tmp/mobile_1.conf
|
dest: /tmp/mobile_1.conf
|
||||||
|
|
|
||||||
|
|
@ -1,43 +1,42 @@
|
||||||
---
|
|
||||||
- name: Create required directories
|
- name: Create required directories
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: '{{ item.path }}'
|
||||||
state: "{{ item.state }}"
|
state: '{{ item.state }}'
|
||||||
mode: "{{ item.mode }}"
|
mode: '{{ item.mode }}'
|
||||||
owner: "{{ item.owner }}"
|
owner: '{{ item.owner }}'
|
||||||
group: "{{ item.group }}"
|
group: '{{ item.group }}'
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ woodpecker_app_dir }}"
|
- path: '{{ woodpecker_app_dir }}'
|
||||||
owner: sonny
|
owner: sonny
|
||||||
group: sonny
|
group: sonny
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy docker-compose file
|
- name: Copy docker-compose file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/woodpecker_ci/docker-compose.j2"
|
src: 'templates/woodpecker_ci/docker-compose.j2'
|
||||||
dest: "{{ woodpecker_app_dir }}/docker-compose.yml"
|
dest: '{{ woodpecker_app_dir }}/docker-compose.yml'
|
||||||
mode: "0750"
|
mode: '0750'
|
||||||
|
|
||||||
- name: Stop current containers
|
- name: Stop current containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ woodpecker_app_dir }}"
|
project_src: '{{ woodpecker_app_dir }}'
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Pull missing image
|
- name: Pull missing image
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ woodpecker_app_dir }}"
|
project_src: '{{ woodpecker_app_dir }}'
|
||||||
pull: missing
|
pull: missing
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Remove dangling containers
|
- name: Remove dangling containers
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ woodpecker_app_dir }}"
|
project_src: '{{ woodpecker_app_dir }}'
|
||||||
remove_orphans: true
|
remove_orphans: true
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: Start container
|
- name: Start container
|
||||||
community.docker.docker_compose_v2:
|
community.docker.docker_compose_v2:
|
||||||
project_src: "{{ woodpecker_app_dir }}"
|
project_src: '{{ woodpecker_app_dir }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
Enabled: yes
|
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable
|
||||||
Types: deb
|
|
||||||
URIs: https://download.docker.com/linux/debian
|
|
||||||
Suites: trixie
|
|
||||||
Components: stable
|
|
||||||
Architectures: amd64
|
|
||||||
Signed-By: /etc/apt/keyrings/docker.gpg
|
|
||||||
|
|
|
||||||
|
|
@ -85,8 +85,4 @@ table ip filter {
|
||||||
|
|
||||||
iifname {{ vpn_media_interface }} ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept
|
iifname {{ vpn_media_interface }} ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept
|
||||||
}
|
}
|
||||||
|
|
||||||
chain output {
|
|
||||||
type filter hook output priority filter;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
|
||||||
|
|
||||||
# This is the sshd server system-wide configuration file. See
|
# This is the sshd server system-wide configuration file. See
|
||||||
# sshd_config(5) for more information.
|
# sshd_config(5) for more information.
|
||||||
|
|
@ -28,14 +28,14 @@ HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
#SyslogFacility AUTH
|
#SyslogFacility AUTH
|
||||||
#LogLevel INFO
|
LogLevel INFO
|
||||||
|
|
||||||
# Authentication:
|
# Authentication:
|
||||||
|
|
||||||
#LoginGraceTime 2m
|
#LoginGraceTime 2m
|
||||||
#PermitRootLogin prohibit-password
|
#PermitRootLogin prohibit-password
|
||||||
#StrictModes yes
|
#StrictModes yes
|
||||||
#MaxAuthTries 6
|
MaxAuthTries 6
|
||||||
#MaxSessions 10
|
#MaxSessions 10
|
||||||
|
|
||||||
PubkeyAuthentication yes
|
PubkeyAuthentication yes
|
||||||
|
|
@ -56,15 +56,13 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||||
#IgnoreRhosts yes
|
#IgnoreRhosts yes
|
||||||
|
|
||||||
# To disable tunneled clear text passwords, change to "no" here!
|
# To disable tunneled clear text passwords, change to no here!
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
#PermitEmptyPasswords no
|
#PermitEmptyPasswords no
|
||||||
|
|
||||||
# Change to "yes" to enable keyboard-interactive authentication. Depending on
|
# Change to yes to enable challenge-response passwords (beware issues with
|
||||||
# the system's configuration, this may involve passwords, challenge-response,
|
# some PAM modules and threads)
|
||||||
# one-time passwords or some combination of these and other methods.
|
ChallengeResponseAuthentication no
|
||||||
# Beware issues with some PAM modules and threads.
|
|
||||||
KbdInteractiveAuthentication no
|
|
||||||
|
|
||||||
# Kerberos options
|
# Kerberos options
|
||||||
#KerberosAuthentication no
|
#KerberosAuthentication no
|
||||||
|
|
@ -80,13 +78,13 @@ KbdInteractiveAuthentication no
|
||||||
|
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
# and session processing. If this is enabled, PAM authentication will
|
||||||
# be allowed through the KbdInteractiveAuthentication and
|
# be allowed through the ChallengeResponseAuthentication and
|
||||||
# PasswordAuthentication. Depending on your PAM configuration,
|
# PasswordAuthentication. Depending on your PAM configuration,
|
||||||
# PAM authentication via KbdInteractiveAuthentication may bypass
|
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||||
# the setting of "PermitRootLogin prohibit-password".
|
# the setting of "PermitRootLogin without-password".
|
||||||
# If you just want the PAM account and session checks to run without
|
# If you just want the PAM account and session checks to run without
|
||||||
# PAM authentication, then enable this but set PasswordAuthentication
|
# PAM authentication, then enable this but set PasswordAuthentication
|
||||||
# and KbdInteractiveAuthentication to 'no'.
|
# and ChallengeResponseAuthentication to 'no'.
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
|
|
||||||
#AllowAgentForwarding yes
|
#AllowAgentForwarding yes
|
||||||
|
|
@ -114,7 +112,7 @@ PrintMotd no
|
||||||
#Banner none
|
#Banner none
|
||||||
|
|
||||||
# Allow client to pass locale environment variables
|
# Allow client to pass locale environment variables
|
||||||
AcceptEnv LANG LC_* COLORTERM NO_COLOR
|
AcceptEnv LANG LC_*
|
||||||
|
|
||||||
# override default of no subsystems
|
# override default of no subsystems
|
||||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue