15 changed files with 97 additions and 193 deletions
--- a/files/transmission/Dockerfile
+++ b/files/transmission/Dockerfile
@ -15,7 +15,7 @@ WORKDIR /app
 VOLUME ["/app/config", "/app/downloads", "/app/incomplete_downloads"]
-CMD /usr/bin/transmission-daemon \
+ENTRYPOINT /usr/bin/transmission-daemon \
    --config-dir /app/config \
    --log-level info \
    --foreground \
--- a/handlers.yml
+++ b/handlers.yml
@ -23,6 +23,28 @@
    state: restarted
    enabled: true
 - name: restart radicale service
  become: true
  systemd:
    name: radicale
    state: restarted
    enabled: true
    daemon_reload: true
 - name: restart syncthing service
  become: true
  systemd:
    name: syncthing@sonny.service
    state: restarted
    enabled: true
 - name: restart mpd service
  become: true
  systemd:
    name: mpd
    state: restarted
    enabled: true
 - name: restart certbot
  become: true
  systemd:
--- a/tasks/jellyfin.yml
+++ b/tasks/jellyfin.yml
@ -54,13 +54,11 @@
  community.docker.docker_compose_v2:
    project_src: '{{ jellyfin_app_dir }}'
    pull: missing
    state: stopped
 - name: Remove dangling containers
  community.docker.docker_compose_v2:
    project_src: '{{ jellyfin_app_dir }}'
    remove_orphans: true
    state: stopped
 - name: Start jellyfin
  community.docker.docker_compose_v2:
--- a/tasks/mpd.yml
+++ b/tasks/mpd.yml
@ -1,106 +1,71 @@
- name: Stop systemd mpd service
+# TODO: use docker setup
 - name: create mpd directories
  become: true
-  ansible.builtin.systemd:
+  file:
    name: mpd
    state: stopped
    enabled: false
 - name: Stop systemd mpd socket
  become: true
  ansible.builtin.systemd:
    name: mpd.socket
    state: stopped
    enabled: false
 - name: Remove previous configurations
  become: true
  ansible.builtin.file:
    path: '{{ item.path }}'
    state: absent
  loop:
    - path: '/etc/systemd/system/mpd.service.d'
    - path: '/etc/systemd/system/mpd.socket.d'
 - name: Create mpd directories
  become: true
  ansible.builtin.file:
    path: '{{ item.path }}'
    mode: '{{ item.mode }}'
    owner: '{{ item.owner }}'
    group: '{{ item.group }}'
    mode: '0755'
    state: directory
  loop:
-    - path: '{{ mpd_config_dir }}'
+    - {
-      owner: sonny
+      path: '{{ ansible_env.HOME }}/.config/mpd',
-      group: sonny
+      mode: 755,
      owner: 'sonny',
      group: 'sonny',
    }
    - {
      path: '/etc/systemd/system/mpd.service.d',
      mode: 755,
      owner: 'root',
      group: 'root',
    }
    - {
      path: '/etc/systemd/system/mpd.socket.d',
      mode: 755,
      owner: 'root',
      group: 'root',
    }
  notify: restart mpd service
-    - path: '{{ mpd_playlist_dir }}'
+- name: copy mpd templates
      owner: sonny
      group: sonny
    - path: '{{ mpd_state_dir }}'
      owner: sonny
      group: sonny
    - path: '{{ mpd_app_dir }}'
      owner: root
      group: root
 - name: Copy mpd templates
  become: true
-  ansible.builtin.template:
+  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    mode: '{{ item.mode }}'
    owner: '{{ item.owner }}'
    group: '{{ item.group }}'
  loop:
-    - src: templates/mpd/config.j2
+    - {
-      dest: '{{ mpd_config_dir }}/mpd.conf'
+      src: 'templates/systemd/mpd/service.j2',
-      mode: '0640'
+      dest: '/etc/systemd/system/mpd.service.d/override.conf',
-      owner: sonny
+      mode: 755,
-      group: sonny
+      owner: 'root',
      group: 'root',
    }
    - {
      src: 'templates/systemd/mpd/socket.j2',
      dest: '/etc/systemd/system/mpd.socket.d/override.conf',
      mode: 755,
      owner: 'root',
      group: 'root',
    }
    - {
      src: 'templates/mpd.j2',
      dest: '{{ ansible_env.HOME }}/.config/mpd/mpd.conf',
      mode: 0640,
      owner: 'sonny',
      group: 'sonny',
    }
  notify: restart mpd service
-    - src: templates/mpd/dockerfile.j2
+- name: created mpd files
-      dest: '{{ mpd_app_dir }}/Dockerfile'
+  file:
      mode: '0755'
      owner: sonny
      group: sonny
    - src: templates/mpd/docker-compose.j2
      dest: '{{ mpd_app_dir }}/docker-compose.yml'
      mode: '0755'
      owner: sonny
      group: sonny
 - name: Create mpd files
  ansible.builtin.file:
    path: '{{ item }}'
    mode: '0755'
    state: touch
  loop:
-    - '{{ mpd_config_dir }}/db'
+    - '{{ ansible_env.HOME }}/.config/mpd/db'
-    - '{{ mpd_config_dir }}/sticker.sql'
+    - '{{ ansible_env.HOME }}/.config/mpd/state'
-    - '{{ mpd_state_dir }}/state'
+    - '{{ ansible_env.HOME }}/.config/mpd/sticker.sql'
-
+  notify: restart mpd service
 - name: Stop current containers
  community.docker.docker_compose_v2:
    project_src: '{{ mpd_app_dir }}'
    state: stopped
 - name: Build image
  community.docker.docker_compose_v2:
    project_src: '{{ mpd_app_dir }}'
    build: always
    state: stopped
 - name: Remove dangling containers
  community.docker.docker_compose_v2:
    project_src: '{{ mpd_app_dir }}'
    remove_orphans: true
    state: stopped
 - name: Start container
  community.docker.docker_compose_v2:
    project_src: '{{ mpd_app_dir }}'
    state: present
--- a/tasks/radicale.yml
+++ b/tasks/radicale.yml
@ -102,24 +102,9 @@
    group: sonny
    mode: '0755'
 - name: Stop current containers
  community.docker.docker_compose_v2:
    project_src: '{{ radicale_app_dir }}'
    state: stopped
 - name: Pull missing image
  community.docker.docker_compose_v2:
    project_src: '{{ radicale_app_dir }}'
    build: always
    state: stopped
 - name: Remove dangling containers
  community.docker.docker_compose_v2:
    project_src: '{{ radicale_app_dir }}'
    remove_orphans: true
    state: stopped
 - name: Start container
  community.docker.docker_compose_v2:
    project_src: '{{ radicale_app_dir }}'
    remove_orphans: true
    state: present
    build: always
--- a/tasks/syncthing.yml
+++ b/tasks/syncthing.yml
@ -66,13 +66,11 @@
  community.docker.docker_compose_v2:
    project_src: '{{ syncthing_app_dir }}'
    pull: missing
    state: stopped
 - name: Remove dangling containers
  community.docker.docker_compose_v2:
    project_src: '{{ syncthing_app_dir }}'
    remove_orphans: true
    state: stopped
 - name: Start container
  community.docker.docker_compose_v2:
--- a/templates/mpd/config.j2
+++ b/templates/mpd/config.j2
@ -1,3 +1,5 @@
 # {{ ansible_managed }}
 #
 # An example configuration file for MPD.
 # Read the user manual for documentation: http://www.musicpd.org/doc/user/
 # or /usr/share/doc/mpd/user-manual.html
@ -11,15 +13,7 @@
 # be disabled and audio files will only be accepted over ipc socket (using
 # file:// protocol) or streaming files over an accepted protocol.
 #
-music_directory		"/app/music"
+music_directory		"{{ mpd_music_dir }}"
 #
 # This setting sets the MPD internal playlist directory. The purpose of this
 # directory is storage for playlists created by MPD. The server will use
 # playlist files not created by the server but only if they are in the MPD
 # format. This setting defaults to playlist saving being disabled.
 #
 playlist_directory		"/app/playlists"
 #
 # This setting sets the location of the MPD database. This file is used to
@ -28,7 +22,8 @@ playlist_directory		"/app/playlists"
 # MPD to accept files over ipc socket (using file:// protocol) or streaming
 # files over an accepted protocol.
 #
-db_file			"/app/config/db"
+# TODO: use variable for this, usable for task and this configuration
 db_file			"/home/sonny/.config/mpd/db"
 #
 # These settings are the locations for the daemon log files for the daemon.
@ -38,12 +33,14 @@ db_file			"/app/config/db"
 log_level 		"secure"
 #
-state_file			"/app/state/state"
+# TODO: use variable for this, usable for task and this configuration
 state_file			"/home/sonny/.config/mpd/state"
 #
 # The location of the sticker database.  This is a database which
 # manages dynamic information attached to songs.
 #
-sticker_file                   "/app/config/sticker.sql"
+# TODO: use variable for this, usable for task and this configuration
 sticker_file                   "/home/sonny/.config/mpd/sticker.sql"
 #
 ###############################################################################
@ -55,7 +52,7 @@ sticker_file                   "/app/config/sticker.sql"
 # initialization. This setting is disabled by default and MPD is run as the
 # current user.
 #
-# user				"mpd"
+user				"sonny"
 #
 # This setting sets the address for the daemon to listen on. Careful attention
@ -65,7 +62,7 @@ sticker_file                   "/app/config/sticker.sql"
 # activation is in use.
 #
 # For network
-bind_to_address		"0.0.0.0"
+bind_to_address		"{{ vpn_listen_address }}"
 #
 # This setting is the TCP port that is desired for the daemon to get assigned
@ -100,7 +97,7 @@ audio_output {
       name            "HTTP high quality stream"
       encoder         "opus"
       port            "{{ mpd_http_stream_port }}"
-       bind_to_address "0.0.0.0"
+       bind_to_address "{{ vpn_listen_address }}"
       bitrate         "128000"
       format          "192000:24:2"
       always_on       "yes"
@ -113,7 +110,7 @@ audio_output {
       name            "HTTP mobile stream"
       encoder         "opus"
       port            "{{ mpd_http_mobile_stream_port }}"
-       bind_to_address "0.0.0.0"
+       bind_to_address "{{ vpn_listen_address }}"
       bitrate         "96000"
       format          "44100:16:2"
       always_on       "yes"
@ -121,6 +118,7 @@ audio_output {
       max_clients     "1"
 }
 #
 # Character Encoding ##########################################################
 #
--- a/templates/mpd/docker-compose.j2
+++ b/templates/mpd/docker-compose.j2
@ -1,22 +0,0 @@
 # {{ ansible_managed }}
 networks:
  mpd-net:
    ipam:
      config:
        - subnet: '{{ mpd_subnet }}'
 services:
  mpd:
    build:
      context: .
      dockerfile: Dockerfile
    volumes:
      - {{ mpd_config_dir }}:/app/config
      - {{ mpd_state_dir }}:/app/state
      - {{ mpd_playlist_dir }}:/app/playlists
      - {{ mpd_music_dir }}:/app/music
    restart: always
    networks:
      mpd-net:
        ipv4_address: '{{ mpd_app_ip }}'
--- a/templates/mpd/dockerfile.j2
+++ b/templates/mpd/dockerfile.j2
@ -1,25 +0,0 @@
 # {{ ansible_managed }}
 FROM alpine:latest
 RUN apk --no-cache add \
        mpd; \
 RUN useradd \
  --uid 1000 \
  --guid 1000 \
  --groups mpd \
  --shell /sbin/nologin \
  --no-create-home \
  --no-user-group \
  sonny
 USER sonny
 WORKDIR /app
 RUN mkdir /app/config /app/state /app/playlists
 EXPOSE {{ mpd_port }}/tcp {{ mpd_http_stream_port }}/tcp {{ mpd_http_mobile_stream_port }}/tcp
 CMD ["/usr/bin/mpd", "--no-daemon", "--stdout", "/app/config/mpd.conf"]
--- a/templates/network/hosts.j2
+++ b/templates/network/hosts.j2
@ -9,4 +9,3 @@
 {{ syncthing_nginx_ip }}          {{ syncthing_domain }}
 {{ radicale_nginx_ip }}           {{ radicale_domain }}
 {{ jellyfin_nginx_ip }}           {{ jellyfin_domain }}
 {{ mpd_app_ip }}                  {{ mpd_domain }}
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@ -61,9 +61,9 @@ table ip filter {
    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale"
-    tcp dport {{ mpd_port }} ip saddr {{ vpn_subnet }} ip daddr {{  mpd_app_ip }} accept comment "MPD"
+    tcp dport {{ mpd_port }} ip saddr . ip daddr @vpn_set accept comment "MPD"
-    tcp dport {{ mpd_http_stream_port }} ip saddr {{ vpn_subnet }} ip daddr {{ mpd_app_ip }} accept comment "MPD HTTP stream"
+    tcp dport {{ mpd_http_stream_port }} ip saddr . ip daddr @vpn_set accept comment "MPD HTTP stream"
-    tcp dport {{ mpd_http_mobile_stream_port }} ip saddr {{ vpn_subnet }} ip daddr {{ mpd_app_ip }} accept comment "MPD HTTP mobile stream"
+    tcp dport {{ mpd_http_mobile_stream_port }} ip saddr . ip daddr @vpn_set accept comment "MPD HTTP mobile stream"
  }
  set vpn_media_set {
@ -83,7 +83,6 @@ table ip filter {
    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept
    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept
    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept
    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ mpd_app_ip }} accept
    iifname {{ vpn_media_interface }} ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept
  }
--- a/templates/transmission/docker-compose.j2
+++ b/templates/transmission/docker-compose.j2
@ -8,6 +8,7 @@ networks:
 services:
  transmission:
    image: alpine:latest
    build:
      context: .
      dockerfile: Dockerfile
--- a/vars/main.yml
+++ b/vars/main.yml
@ -15,7 +15,3 @@ packages:
 vpn_config_dir: '/etc/wireguard'
 hostname: 'fudiggity'
 xdg_config_dir: '/home/sonny/.config'
 xdg_data_dir: '/home/sonny/.local/share'
 xdg_state_dir: '/home/sonny/.local/state'
--- a/vars/mpd.yml
+++ b/vars/mpd.yml
@ -1,6 +1 @@
 mpd_app_dir: '/srv/docker/mpd'
 mpd_music_dir: '/home/sonny/music'
 mpd_config_dir: '{{ xdg_config_dir }}/mpd'
 mpd_playlist_dir: '{{ xdg_data_dir }}/mpd/playlists'
 mpd_state_dir: '{{ xdg_state_dir }}/mpd'
--- a/vars/network.yml
+++ b/vars/network.yml
@ -25,14 +25,9 @@ vpn_media_port: 51903
 vpn_media_interface: 'wg1'
 vpn_media_domain: 'media-vpn.{{ domain_name }}'
 mpd_domain: 'mpd.{{ domain_name }}'
 mpd_listen_address: '0.0.0.0'
 mpd_prefix: 24
 mpd_subnet: '172.128.238.0/{{ mpd_prefix }}'
 mpd_port: 21000
 mpd_http_stream_port: 8000
 mpd_http_mobile_stream_port: 8001
 mpd_app_ip: '172.128.238.10'
 forgejo_ip: '127.0.0.1'
 forgejo_port: 3000
@ -76,6 +71,6 @@ transmission_nginx_ip: '172.16.238.10'
 jellyfin_domain: 'jellyfin.{{ domain_name }}'
 jellyfin_prefix: 24
-jellyfin_subnet: '172.8.238.0/{{ jellyfin_prefix }}'
+jellyfin_subnet: '172.8.238.0/{{ transmission_prefix }}'
 jellyfin_web_port: 8096
 jellyfin_nginx_ip: '172.8.238.10'