.prettierrc.yml

@@ -0,0 +1,5 @@
+singleQuote: true
+printWidth: 90
+tabWidth: 2
+useTabs: false
+bracketSpacing: true

ansible.cfg

@@ -1,4 +1,5 @@
 [defaults]
+roles_path = ./roles
 ask_vault_pass = True
 
 [privilege_escalation]

handlers.yml

@@ -12,19 +12,9 @@
     state: restarted
     enabled: true
 
-- name: restart nftables
+- name: regenerate initramfs
   become: true
-  systemd:
-    name: nftables.service
-    state: restarted
-    enabled: true
-
-- name: restart ssh
-  become: true
-  systemd:
-    name: ssh.service
-    state: restarted
-    enabled: true
+  command: update-initramfs -u -k all
 
 - name: restart docker service
   become: true
@@ -33,17 +23,6 @@
     state: restarted
     enabled: true
 
-- name: restart nginx
-  become: true
-  systemd:
-    name: nginx.service
-    state: restarted
-    enabled: true
-
-- name: regenerate initramfs
-  become: true
-  command: update-initramfs -u -k all
-
 - name: restart certbot
   become: true
   systemd:
@@ -54,4 +33,4 @@
 - name: Compile wezterm terminfo file
   become: true
   when: wezterm_copy.changed
-  ansible.builtin.command: tic -x /home/sonny/.terminfo
+  ansible.builtin.command: 'tic -x {{ ansible_env.HOME }}/.terminfo'

playbook.yml

@@ -5,6 +5,8 @@
       become: true
       ansible.builtin.apt:
         name: '{{ packages }}'
+  roles:
+    - common
   tasks:
     - name: Generic provisioning
       ansible.builtin.import_tasks: 'tasks/setup.yml'
@@ -53,3 +55,13 @@
   handlers:
     - name: Import handlers
       ansible.builtin.import_tasks: 'handlers.yml'
+  vars_files:
+    - 'vars/main.yml'
+    - 'vars/vpn.yml'
+    - 'vars/vpn_media.yml'
+    - 'vars/network.yml'
+    - 'vars/transmission.yml'
+    - 'vars/syncthing.yml'
+    - 'vars/mpd.yml'
+    - 'vars/radicale.yml'
+    - 'vars/jellyfin.yml'

requirements.yml

@@ -0,0 +1,4 @@
+- src: git+https://git.fudiggity.nl/ansible/common.git
+  name: common
+  version: master
+  scm: git

tasks/network.yml

@@ -47,6 +47,6 @@
     owner: root
     group: root
     mode: '0644'
-  notify:
+  notify: 
     - restart nftables
     - restart docker service

tasks/setup.yml

@@ -14,23 +14,23 @@
     owner: root
     group: root
     mode: '0644'
-  notify: restart ssh
+  notify: reload ssh
 
 - name: Copy wezterm terminfo file
   ansible.builtin.copy:
     src: 'files/wezterm.terminfo'
-    dest: /home/sonny/.terminfo
+    dest: '{{ ansible_env.HOME }}/.terminfo'
     mode: '0755'
   notify: Compile wezterm terminfo file
 
 - name: Disable user lingering
   become: true
-  ansible.builtin.command: loginctl disable-linger sonny
+  ansible.builtin.command: 'loginctl disable-linger sonny'
 
 - name: Copy unattended upgrades configuration
   become: true
   ansible.builtin.template:
-    src: templates/unattended-upgrades.j2
+    src: 'templates/unattended-upgrades.j2'
     dest: '/etc/apt/apt.conf.d/10periodic'
     owner: root
     group: root

tasks/syncthing.yml

@@ -27,7 +27,7 @@
 - name: Remove previous Syncthing configurations
   become: true
   ansible.builtin.file:
-    path: /home/sonny/.config/syncthing
+    path: '{{  ansible_env.HOME }}/.config/syncthing'
     state: absent
 
 - name: Copy docker compose configuration

tasks/transmission.yml

@@ -39,13 +39,13 @@
     path: '{{ item }}'
     state: absent
   loop:
-    - /etc/systemd/system/transmission-daemon.service.d
-    - /home/sonny/.config/transmission-daemon
+    - '/etc/systemd/system/transmission-daemon.service.d'
+    - '{{ ansible_env.HOME }}/.config/transmission-daemon'
 
 - name: Copy Dockerfile
   become: true
   ansible.builtin.copy:
-    src: files/transmission/Dockerfile
+    src: 'files/transmission/Dockerfile'
     dest: '{{ transmission_app_dir }}/Dockerfile'
     owner: sonny
     group: sonny
@@ -54,7 +54,7 @@
 - name: Copy docker compose configuration
   become: true
   ansible.builtin.template:
-    src: templates/transmission/docker-compose.j2
+    src: 'templates/transmission/docker-compose.j2'
     dest: '{{ transmission_app_dir }}/docker-compose.yml'
     owner: sonny
     group: sonny
@@ -78,7 +78,7 @@
 - name: Copy NGINX configuration
   become: true
   ansible.builtin.template:
-    src: templates/transmission/nginx.j2
+    src: 'templates/transmission/nginx.j2'
     dest: '{{ transmission_app_dir }}/nginx.conf.d/default.conf'
     owner: sonny
     group: sonny

templates/nginx/vpn.j2

@@ -0,0 +1,28 @@
+# {{ ansible_managed }}
+
+server {
+	listen {{ vpn_listen_address }}:{{ https_port }} ssl;
+	ssl_certificate /etc/ssl/localcerts/nginx.pem;
+	ssl_certificate_key /etc/ssl/localcerts/nginx.key;
+	ssl_protocols TLSv1.2;
+	ssl_ciphers HIGH:!aNULL:!MD5;
+
+	access_log /var/log/nginx/vpn.log;
+	error_log /var/log/nginx/vpn_error.log;
+
+	location /radicale/ {
+		proxy_pass https://127.0.0.1:{{ radicale_app_port }}/;
+
+		proxy_set_header     X-Script-Name /radicale;
+		proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header     X-Remote-User $remote_user;
+		proxy_pass_header    Authorization;
+
+		auth_basic           "Radicale - Password Required";
+		auth_basic_user_file /etc/nginx/radicale/htpasswd;
+
+		proxy_ssl_certificate /etc/ssl/localcerts/radicale/client_cert.pem;
+		proxy_ssl_certificate_key /etc/ssl/localcerts/radicale/client_key.pem;
+		proxy_ssl_trusted_certificate /etc/ssl/localcerts/radicale/server_cert.pem;
+	}
+}

vars/syncthing.yml

@@ -25,8 +25,8 @@ syncthing_devices:
 syncthing_folders:
   - id: default
     label: Default
-    path: /var/syncthing/default
-    source_path: /home/sonny/files/sync/
+    path: '/var/syncthing/default'
+    source_path: '{{ ansible_env.HOME }}/files/sync/'
     type: sendreceive
     devices:
       - *syncthing_desktop_id
@@ -35,8 +35,8 @@ syncthing_folders:
 
   - id: pictures
     label: Pictures
-    path: /var/syncthing/pictures
-    source_path: /home/sonny/files/pictures/
+    path: '/var/syncthing/pictures'
+    source_path: '{{ ansible_env.HOME }}/files/pictures/'
     type: sendreceive
     devices:
       - *syncthing_desktop_id