diff --git a/ansible/group_vars/all/base.yml b/ansible/group_vars/all/base.yml index 61f4117..4f0e3e8 100644 --- a/ansible/group_vars/all/base.yml +++ b/ansible/group_vars/all/base.yml @@ -1,4 +1,4 @@ -TZ: Europe/London +TZ: Europe/Sofia # HACK: Some of the hostnames aren't valid dict keys hostname_slug: "{{ ansible_hostname | replace('-', '_') }}" diff --git a/ansible/group_vars/all/docker.yml b/ansible/group_vars/all/docker.yml index 684e714..1ed1cb7 100644 --- a/ansible/group_vars/all/docker.yml +++ b/ansible/group_vars/all/docker.yml @@ -1,6 +1,6 @@ docker_user: - id: 3000 - name: dockeruser + id: 9090 + name: dockeru docker_compose_file_mask: 0664 docker_compose_directory_mask: 0775 diff --git a/ansible/group_vars/all/pve.yml b/ansible/group_vars/all/pve.yml index 7cbd82c..e457c40 100644 --- a/ansible/group_vars/all/pve.yml +++ b/ansible/group_vars/all/pve.yml @@ -1,23 +1,15 @@ pve_hosts: - internal_cidr: 10.23.1.0/24 + internal_cidr: 192.168.1.192/26 pve: - ip: 10.23.1.1 - external_ip: 192.168.2.200 - pve_restic: - ip: 10.23.1.11 - forrest: - ip: 10.23.1.13 + ip: 192.168.1.225 +# external_ip: 192.168.2.200 jellyfin: - ip: 10.23.1.101 +# ip: 10.23.1.101 + mouse: + ip: 192.168.1.222 docker: ip: 10.23.1.103 - gitlab: - ip: 10.23.1.106 - gitlab_runner: - ip: 10.23.1.107 + gitea: + ip: 192.168.1.231 ingress: ip: 10.23.1.10 - homeassistant: - ip: 192.168.2.203 - qbittorrent: - ip: 10.23.1.105 diff --git a/ansible/group_vars/all/user.yml b/ansible/group_vars/all/user.yml index 938ba9d..d79eac9 100644 --- a/ansible/group_vars/all/user.yml +++ b/ansible/group_vars/all/user.yml @@ -1,3 +1,3 @@ -user: jake +user: marto home: /home/{{ user }} -name: Jake Howard +name: Martin Dimitrov diff --git a/ansible/hosts b/ansible/hosts index b0ed8e8..6ef7902 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,16 +1 @@ -casey -walker -grimes -decker - -pve - -# PVE VMs -ingress -pve-docker jellyfin -forrest -qbittorrent -restic -pve-gitlab -pve-gitlab-runner diff --git a/ansible/main.yml b/ansible/main.yml index ff43776..aabb00e 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -26,12 +26,8 @@ ntp_manage_config: true - hosts: - - pve-docker - - forrest - - walker - - pve-gitlab-runner - - grimes - - decker + - jellyfin + - ingress roles: - role: geerlingguy.docker become: true @@ -43,9 +39,7 @@ - docker_cleanup - hosts: - - pve-docker - - walker - - decker + - ingress roles: - traefik diff --git a/ansible/roles/base/files/ssh-keys/mobile.pub b/ansible/roles/base/files/ssh-keys/mobile.pub deleted file mode 100644 index c832a6e..0000000 --- a/ansible/roles/base/files/ssh-keys/mobile.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCEi0j/PvJFyMx9S4zDX9Ornxyr89JrUmBZLXj38XNIUHyckmpSm/oSurmzQnDBAp16oiDw+U0zGkSB8BKDkhM2hqYOb8GUsuri85Hu/hvUyiFIEsSNNC0bcrImqHYPE0tiNoDbJ6hlz+eelIdqj5kmnGh8V91QIi9nQz2DkR2j8j8HVjXExI2w5c5p2yuqdNNU1p4BTkeKirLHrQIstiWlOpfbtPAh6Wp597NO1Rp9YuMp0/dpS0W4ebm0h5iYvVwXYcXShA1zINCrWYEAGFSeG2iDqBY9vYzOU5pZDkRn2Ewl/2+EQ34GDDbjCZ7mn7siJmN0M1oNpygphPxjAKR95Zidvsyvs9iX0ua+c35f4z9YsVizsIVbouj3LT4c43WwcS1XWPRCit5gFHbpUNRzs0ypwIUwR9AF3mCkYlqYmpSJyfLcdPZwZPhJYxd2MzhquQ+CS+eXfhYEiioD6KvNL8ehsuJmSQtPm4vTXuipfseOdh1GtakDH9wDRTs+THgoNPc9K2ozbo6bofMOvfO2ZvqYeC4Vb5mTeHkeKBB1XU8FCrKBJTCZZ67LSxCBM2liemEHaklbl4H50xGxOWbtL1ZMEd4gkKF8TduO9vEPge9AUbbtZSDrvXgi+QPUrzF2iuk85OKWZOcz0ObWOXaL0dMI87SZTguu0SR3VtCYGCeKqh7HFfA3AO7Bq1AmKZLnWXVqQHjUp56TgVugj86B80zE1AOrbDac1qScT8dG9KpM4nP+ewmIsrl/a16NaAfcit+UPeTSA8MNDAV0xUbAIyt7Mka7Qeuln+EHeZNenJ5VkpTYdyxwpq2FOXgrbfLz7y4pqBVF/lPDy/gyhFEIoFsqIp7si7ve1O8vZyRcsypT9j4HNSpy07+kG1V3BPnTBY3+YSq9lRTtVfAQQZdI8/a43cUzP4j8Czbri3fYvUsEb0ml9AViRZEZhGLcHETiOy50dJkHQm+OcGpIgA71zFp7qfVBX/OW7/+jeAboz8WHYSlHPbjpiD6d22rVW9svbOMli3tDe2bIZm9qeJRcU/0gCO7dKHSqkiJk0l27Io5wNRP9KY7OdOp0uC0RtgpSxFHS4U3fnOuRbKk5PxGSUNgCCn4iUcboFRu0gXaIRBXs4Lbw2ivwx492sk5XDax5YZ33dm6quqOh2n/f16X80/vKRrXxAuN3vbDXOTdVzHkrVF/vTSl8eHqunSidHpe5ID4d82qjyrHJL+0q870FacVOXRIxUsmOtG+f0RXcFENGPTdz4KjoBPcUv8u+z+01jgXOzbpFGXZ8PzqQVuRPlf874kR8SrYUY76LqdubDy9cROj47ThKwriuthYpDipFQNk7fz+qvh95WRjqt/fz Mobile diff --git a/ansible/roles/base/files/ssh-keys/mouse.pub b/ansible/roles/base/files/ssh-keys/mouse.pub new file mode 100644 index 0000000..fa76083 --- /dev/null +++ b/ansible/roles/base/files/ssh-keys/mouse.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxVkfuW/eiTR0cNw5h/SSYdqrPBVfwpvedVwTi4qV+TuoizvLqRK+VDAJyBENeeiMOK5LLHhWDFJXOZtznjTNRPLeWvH7zYq1djriYZc+F8XUG/v++uihtQHs5h6xwMZZnxGK7EpIm2DjuhSIwS+jW8uJaAt4ovrZWd1QXEUVulfOx+O7qdITifffssE7yRRCMOHilIGujm5MOCBzjX2E3yx7UDgHx4WCAKRaN4YBP+qMoJ96H0ZKc+jnXhFQcHInA2zXaslRiGtlbz0Hj5EWLEc2LchT4hgs+2zORyPSO+LMrkQfoJGvUI1KvwQ8/6mok8fBfZE8rN/sCQtxxbNpFk/+tmht4tZ5M3TCZ5jcKeNzUDWdcxD4w+TIi9yRRKGTjk0GsEM+SlQw3zcEfPk1KpDnug/WjsFUdpno1c2Zw+J7KglwaAaIsje9FwUhgLQrYzNE5pfD0xepYCl5cU2Llb/yl65NYR3YhZI3ByE9RqzdQIHU/gnz/yWMnCsNI8zE= marto@cappuccino diff --git a/ansible/roles/base/files/ssh-keys/ps.pub b/ansible/roles/base/files/ssh-keys/ps.pub deleted file mode 100644 index 7a8683f..0000000 --- a/ansible/roles/base/files/ssh-keys/ps.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbd96S1+SBBdoGfWIGj+5Wa7B16iwUhmmMVz+7QLmYF7fgS98yBzBqd4pTVW0dDf6mmNWMpTo5eNGNys7t9roGTzeIIVA3XOnPgAR1WX03u5c3XnZp4ax2FNq3Q2nYvyu8XUqy81P1yR93fjs49tMs6OAeqWV08xMdE6Y21ewdRti3+zfjKN5RVwHzQa8l6P5tKqMi409KOma/FpepJyLlhdSh6UQBhy+wZHOIwMgRzv9fAV/R1+xsiUDyLZi3Q8yqrTTohARaDAc20yUKJC0x38wx1U4nKJR0O6fzn6aBpulKwAE/7qpp+oSzEYJES1ATaglrZ/M0h58euNDfNcxOl9XVAvG2ZJjlC9VwIu6R7YtpIFVRERKUKJbn+NnN2iheDjsIkm6mX3uvOMq6aCVIuBU6aDatTDXC3lXXzxBHOc5iU9FrvQe1olePNhhhd1kl7jy7eanOq9EqEvhFIpPGrVOPm37M4MY6bCoH7+YgWTgxAR1O7KYsKEaoJcVq5dJxC3Gsj49WdCw2OUguCZl/FPscRnHgCTNGPdimeXaxGnSdSw2LCxDGq90RquQAnLuFmiCp5M1ouI+234BpD6trE85sshnpWo5WW8jt5yvlYV3o4L4OtqWLhTh7O0ORUEwQbFmA1FXoWVwn5S0S+PzMOxaw1jv9OZAPESWw+Twtiw== jake@TOO-Portable diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml index 5eae83b..1aceee3 100644 --- a/ansible/roles/base/tasks/main.yml +++ b/ansible/roles/base/tasks/main.yml @@ -6,9 +6,3 @@ - name: SSH include: ssh.yml - -- name: fail2ban - include: fail2ban.yml - -- name: logrotate - include: logrotate.yml diff --git a/ansible/roles/base/tasks/packages.yml b/ansible/roles/base/tasks/packages.yml index 3b90110..9818fcf 100644 --- a/ansible/roles/base/tasks/packages.yml +++ b/ansible/roles/base/tasks/packages.yml @@ -11,3 +11,4 @@ - sudo - vim - git + - ca-certificates diff --git a/ansible/roles/base/tasks/ssh.yml b/ansible/roles/base/tasks/ssh.yml index e284c1d..c44f846 100644 --- a/ansible/roles/base/tasks/ssh.yml +++ b/ansible/roles/base/tasks/ssh.yml @@ -12,7 +12,7 @@ - name: Define context set_fact: - user: jake + user: marto enable_root: false - name: SSH config @@ -31,8 +31,7 @@ state: present key: "{{ lookup('file', item) }}" loop: - - ssh-keys/ps.pub - - ssh-keys/mobile.pub + - ssh-keys/mouse.pub - name: Enable SSH service: diff --git a/ansible/roles/base/vars/main.yml b/ansible/roles/base/vars/main.yml index df90549..515d52c 100644 --- a/ansible/roles/base/vars/main.yml +++ b/ansible/roles/base/vars/main.yml @@ -1 +1 @@ -ssh_port: 7743 +ssh_port: 22 diff --git a/ansible/roles/jellyfin/files/docker-compose.yml b/ansible/roles/jellyfin/files/docker-compose.yml new file mode 100644 index 0000000..0e03489 --- /dev/null +++ b/ansible/roles/jellyfin/files/docker-compose.yml @@ -0,0 +1,36 @@ +--- +version: '3.7' + +services: + jellyfin: + container_name: jellyfin + image: linuxserver/jellyfin:latest + restart: unless-stopped + volumes: + - /media/jellyfin:/config + - /media/Movies:/media/Movies + - /media/Series:/media/Series + - /media/Videos:/media/Videos + - /media/Concerts:/media/Concerts + environment: + - PUID=9090 + - PGID=9090 + - TZ=Europe/Sofia + ports: + - 8096:8096 + labels: + - traefik.enable=true + - traefik.http.routers.jellyfin.rule=Host('jf.chuchelo.net') + - traefik.http.routers.jellyfin.entrypoints=https + - traefik.http.routers.jellyfin.tls=true + - traefik.http.routers.jellyfin.tls.certresolver=letsencrypt + - traefik.http.routers.jellyfin.middlewares=jellyfin-mw + - traefik.http.middlewares.jellyfin-mw.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex + - traefik.http.middlewares.jellyfin-mw.headers.STSSeconds=315360000 + - traefik.http.middlewares.jellyfin-mw.headers.STSIncludeSubdomains=true + - traefik.http.middlewares.jellyfin-mw.headers.STSPreload=true + - traefik.http.middlewares.jellyfin-mw.headers.forceSTSHeader=true + - traefik.http.middlewares.jellyfin-mw.headers.frameDeny=true + - traefik.http.middlewares.jellyfin-mw.headers.contentTypeNosniff=true + - traefik.http.middlewares.jellyfin-mw.headers.browserXSSFilter=true + - traefik.http.middlewares.jellyfin-mw.headers.customFrameOptionsValue='allow-from https://jf.chuchelo.net' diff --git a/ansible/roles/jellyfin/handlers/main.yml b/ansible/roles/jellyfin/handlers/main.yml new file mode 100644 index 0000000..996a675 --- /dev/null +++ b/ansible/roles/jellyfin/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart jellyfin + shell: + chdir: /opt/jellyfin + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/jellyfin/tasks/main.yml b/ansible/roles/jellyfin/tasks/main.yml index 0fdf7c5..8cdc7d5 100644 --- a/ansible/roles/jellyfin/tasks/main.yml +++ b/ansible/roles/jellyfin/tasks/main.yml @@ -1,24 +1,17 @@ -- name: Add Jellyfin apt key - ansible.builtin.apt_key: - url: https://repo.jellyfin.org/jellyfin_team.gpg.key - state: present +- name: Create install directory + file: + path: /opt/jellyfin + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" become: true -- name: Add Jellyfin repository - apt_repository: - repo: deb [arch=amd64] https://repo.jellyfin.org/debian {{ ansible_distribution_release }} main - filename: jellyfin - state: present - become: true - -- name: Install jellyfin - package: - name: jellyfin - become: true - -- name: Set media dir permissions - cron: - name: Set media permissions - special_time: daily - job: chown -R jellyfin:jellyfin /mnt/media +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/jellyfin/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart jellyfin become: true