martian/infrastructure
1
0
Fork 0
forked from Mirrors/RealOrangeOne-infrastructure
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

merge into: martian:master
Branches Tags
martian:master
martian:home
...
pull from: martian:home
Branches Tags
martian:master
martian:home
Mirrors:renovate/registry.gitlab.com-comentario-comentario-3.x
Mirrors:renovate/actions-setup-python-6.x
Mirrors:renovate/lscr.io-linuxserver-mastodon-4.x
Mirrors:renovate/getmeili-meilisearch-1.x
Mirrors:renovate/linode-3.x
Mirrors:renovate/hcloud-1.x
Mirrors:renovate/lscr.io-linuxserver-nextcloud-32.x
Mirrors:renovate/ghcr.io-plausible-community-edition-3.x
Mirrors:renovate/ansible-lint-26.x
Mirrors:renovate/geerlingguy.docker-8.x
Mirrors:renovate/code.forgejo.org-forgejo-forgejo-14.x
Mirrors:desec
Mirrors:master
Mirrors:renovate/yamllint-1.x
Mirrors:renovate/aws-6.x
Mirrors:renovate/geerlingguy.ntp-4.x
Mirrors:renovate/python-3.x
Mirrors:renovate/ansible-lint-25.x
Mirrors:renovate/clickhouse-clickhouse-server-25.x
Mirrors:renovate/b2-0.x
Mirrors:renovate/geerlingguy.docker-7.x
Mirrors:renovate/mariadb-12.x
Mirrors:renovate/redis-8.x
Mirrors:renovate/pgautoupgrade-pgautoupgrade-18.x
Mirrors:renovate/louislam-uptime-kuma-1.x
Mirrors:renovate/geerlingguy.certbot-5.x
Mirrors:renovate/artis3n.tailscale-5.x
Mirrors:renovate/artis3n.tailscale-4.x
Sign in to create a new pull request.

6 commits
master ... home

Author SHA1 Message Date
Martin Dimitrov
8ff3346d85 Add my Jellyfin docker-compose configuration 2021-12-04 12:34:57 +02:00
Martin Dimitrov
25e61b0b66 Adapt base role to current needs 
* Temporary disable logrotate and fail2ban, I have different setup now
   To be changed when traefik role is added
 * Add ssh public key
 * Adapt packages according to current needs
 2021-12-04 12:24:15 +02:00
Martin Dimitrov
f4d3f791bf Reduce used hosts and add some IP addresses 
* Jellyfin will be used for pilot test this setup :)
 2021-12-04 12:17:42 +02:00
Martin Dimitrov
96b546c039 Change docker user and ID 2021-12-04 11:55:50 +02:00
Martin Dimitrov
2bab527395 Change user and name 2021-12-04 11:54:26 +02:00
Martin Dimitrov
e04a20b821 Cleanup ssh-keys and change timezone 2021-12-04 11:46:54 +02:00
16 changed files with 75 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ansible/group_vars/all/base.yml
View file

@ -1,4 +1,4 @@
TZ: Europe/London
TZ: Europe/Sofia
# HACK: Some of the hostnames aren't valid dict keys
hostname_slug: "{{ ansible_hostname | replace('-', '_') }}"

4
ansible/group_vars/all/docker.yml
View file

@ -1,6 +1,6 @@
docker_user:
id: 3000
name: dockeruser
id: 9090
name: dockeru
docker_compose_file_mask: 0664
docker_compose_directory_mask: 0775

24
ansible/group_vars/all/pve.yml
View file

@ -1,23 +1,15 @@
pve_hosts:
internal_cidr: 10.23.1.0/24
internal_cidr: 192.168.1.192/26
pve:
ip: 10.23.1.1
external_ip: 192.168.2.200
pve_restic:
ip: 10.23.1.11
forrest:
ip: 10.23.1.13
ip: 192.168.1.225
# external_ip: 192.168.2.200
jellyfin:
ip: 10.23.1.101
# ip: 10.23.1.101
mouse:
ip: 192.168.1.222
docker:
ip: 10.23.1.103
gitlab:
ip: 10.23.1.106
gitlab_runner:
ip: 10.23.1.107
gitea:
ip: 192.168.1.231
ingress:
ip: 10.23.1.10
homeassistant:
ip: 192.168.2.203
qbittorrent:
ip: 10.23.1.105

4
ansible/group_vars/all/user.yml
View file

@ -1,3 +1,3 @@
user: jake
user: marto
home: /home/{{ user }}
name: Jake Howard
name: Martin Dimitrov

15
ansible/hosts
View file

@ -1,16 +1 @@
casey
walker
grimes
decker
pve
# PVE VMs
ingress
pve-docker
jellyfin
forrest
qbittorrent
restic
pve-gitlab
pve-gitlab-runner

12
ansible/main.yml
View file

@ -26,12 +26,8 @@
ntp_manage_config: true
- hosts:
- pve-docker
- forrest
- walker
- pve-gitlab-runner
- grimes
- decker
- jellyfin
- ingress
roles:
- role: geerlingguy.docker
become: true
@ -43,9 +39,7 @@
- docker_cleanup
- hosts:
- pve-docker
- walker
- decker
- ingress
roles:
- traefik

1
ansible/roles/base/files/ssh-keys/mobile.pub
View file

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCEi0j/PvJFyMx9S4zDX9Ornxyr89JrUmBZLXj38XNIUHyckmpSm/oSurmzQnDBAp16oiDw+U0zGkSB8BKDkhM2hqYOb8GUsuri85Hu/hvUyiFIEsSNNC0bcrImqHYPE0tiNoDbJ6hlz+eelIdqj5kmnGh8V91QIi9nQz2DkR2j8j8HVjXExI2w5c5p2yuqdNNU1p4BTkeKirLHrQIstiWlOpfbtPAh6Wp597NO1Rp9YuMp0/dpS0W4ebm0h5iYvVwXYcXShA1zINCrWYEAGFSeG2iDqBY9vYzOU5pZDkRn2Ewl/2+EQ34GDDbjCZ7mn7siJmN0M1oNpygphPxjAKR95Zidvsyvs9iX0ua+c35f4z9YsVizsIVbouj3LT4c43WwcS1XWPRCit5gFHbpUNRzs0ypwIUwR9AF3mCkYlqYmpSJyfLcdPZwZPhJYxd2MzhquQ+CS+eXfhYEiioD6KvNL8ehsuJmSQtPm4vTXuipfseOdh1GtakDH9wDRTs+THgoNPc9K2ozbo6bofMOvfO2ZvqYeC4Vb5mTeHkeKBB1XU8FCrKBJTCZZ67LSxCBM2liemEHaklbl4H50xGxOWbtL1ZMEd4gkKF8TduO9vEPge9AUbbtZSDrvXgi+QPUrzF2iuk85OKWZOcz0ObWOXaL0dMI87SZTguu0SR3VtCYGCeKqh7HFfA3AO7Bq1AmKZLnWXVqQHjUp56TgVugj86B80zE1AOrbDac1qScT8dG9KpM4nP+ewmIsrl/a16NaAfcit+UPeTSA8MNDAV0xUbAIyt7Mka7Qeuln+EHeZNenJ5VkpTYdyxwpq2FOXgrbfLz7y4pqBVF/lPDy/gyhFEIoFsqIp7si7ve1O8vZyRcsypT9j4HNSpy07+kG1V3BPnTBY3+YSq9lRTtVfAQQZdI8/a43cUzP4j8Czbri3fYvUsEb0ml9AViRZEZhGLcHETiOy50dJkHQm+OcGpIgA71zFp7qfVBX/OW7/+jeAboz8WHYSlHPbjpiD6d22rVW9svbOMli3tDe2bIZm9qeJRcU/0gCO7dKHSqkiJk0l27Io5wNRP9KY7OdOp0uC0RtgpSxFHS4U3fnOuRbKk5PxGSUNgCCn4iUcboFRu0gXaIRBXs4Lbw2ivwx492sk5XDax5YZ33dm6quqOh2n/f16X80/vKRrXxAuN3vbDXOTdVzHkrVF/vTSl8eHqunSidHpe5ID4d82qjyrHJL+0q870FacVOXRIxUsmOtG+f0RXcFENGPTdz4KjoBPcUv8u+z+01jgXOzbpFGXZ8PzqQVuRPlf874kR8SrYUY76LqdubDy9cROj47ThKwriuthYpDipFQNk7fz+qvh95WRjqt/fz Mobile

1
ansible/roles/base/files/ssh-keys/mouse.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxVkfuW/eiTR0cNw5h/SSYdqrPBVfwpvedVwTi4qV+TuoizvLqRK+VDAJyBENeeiMOK5LLHhWDFJXOZtznjTNRPLeWvH7zYq1djriYZc+F8XUG/v++uihtQHs5h6xwMZZnxGK7EpIm2DjuhSIwS+jW8uJaAt4ovrZWd1QXEUVulfOx+O7qdITifffssE7yRRCMOHilIGujm5MOCBzjX2E3yx7UDgHx4WCAKRaN4YBP+qMoJ96H0ZKc+jnXhFQcHInA2zXaslRiGtlbz0Hj5EWLEc2LchT4hgs+2zORyPSO+LMrkQfoJGvUI1KvwQ8/6mok8fBfZE8rN/sCQtxxbNpFk/+tmht4tZ5M3TCZ5jcKeNzUDWdcxD4w+TIi9yRRKGTjk0GsEM+SlQw3zcEfPk1KpDnug/WjsFUdpno1c2Zw+J7KglwaAaIsje9FwUhgLQrYzNE5pfD0xepYCl5cU2Llb/yl65NYR3YhZI3ByE9RqzdQIHU/gnz/yWMnCsNI8zE= marto@cappuccino

1
ansible/roles/base/files/ssh-keys/ps.pub
View file

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbd96S1+SBBdoGfWIGj+5Wa7B16iwUhmmMVz+7QLmYF7fgS98yBzBqd4pTVW0dDf6mmNWMpTo5eNGNys7t9roGTzeIIVA3XOnPgAR1WX03u5c3XnZp4ax2FNq3Q2nYvyu8XUqy81P1yR93fjs49tMs6OAeqWV08xMdE6Y21ewdRti3+zfjKN5RVwHzQa8l6P5tKqMi409KOma/FpepJyLlhdSh6UQBhy+wZHOIwMgRzv9fAV/R1+xsiUDyLZi3Q8yqrTTohARaDAc20yUKJC0x38wx1U4nKJR0O6fzn6aBpulKwAE/7qpp+oSzEYJES1ATaglrZ/M0h58euNDfNcxOl9XVAvG2ZJjlC9VwIu6R7YtpIFVRERKUKJbn+NnN2iheDjsIkm6mX3uvOMq6aCVIuBU6aDatTDXC3lXXzxBHOc5iU9FrvQe1olePNhhhd1kl7jy7eanOq9EqEvhFIpPGrVOPm37M4MY6bCoH7+YgWTgxAR1O7KYsKEaoJcVq5dJxC3Gsj49WdCw2OUguCZl/FPscRnHgCTNGPdimeXaxGnSdSw2LCxDGq90RquQAnLuFmiCp5M1ouI+234BpD6trE85sshnpWo5WW8jt5yvlYV3o4L4OtqWLhTh7O0ORUEwQbFmA1FXoWVwn5S0S+PzMOxaw1jv9OZAPESWw+Twtiw== jake@TOO-Portable

6
ansible/roles/base/tasks/main.yml
View file

@ -6,9 +6,3 @@
- name: SSH
include: ssh.yml
- name: fail2ban
include: fail2ban.yml
- name: logrotate
include: logrotate.yml

1
ansible/roles/base/tasks/packages.yml
View file

@ -11,3 +11,4 @@
- sudo
- vim
- git
- ca-certificates

5
ansible/roles/base/tasks/ssh.yml
View file

@ -12,7 +12,7 @@
- name: Define context
set_fact:
user: jake
user: marto
enable_root: false
- name: SSH config
@ -31,8 +31,7 @@
state: present
key: "{{ lookup('file', item) }}"
loop:
- ssh-keys/ps.pub
- ssh-keys/mobile.pub
- ssh-keys/mouse.pub
- name: Enable SSH
service:

2
ansible/roles/base/vars/main.yml
View file

@ -1 +1 @@
ssh_port: 7743
ssh_port: 22

36
ansible/roles/jellyfin/files/docker-compose.yml Normal file
View file

@ -0,0 +1,36 @@
---
version: '3.7'
services:
jellyfin:
container_name: jellyfin
image: linuxserver/jellyfin:latest
restart: unless-stopped
volumes:
- /media/jellyfin:/config
- /media/Movies:/media/Movies
- /media/Series:/media/Series
- /media/Videos:/media/Videos
- /media/Concerts:/media/Concerts
environment:
- PUID=9090
- PGID=9090
- TZ=Europe/Sofia
ports:
- 8096:8096
labels:
- traefik.enable=true
- traefik.http.routers.jellyfin.rule=Host('jf.chuchelo.net')
- traefik.http.routers.jellyfin.entrypoints=https
- traefik.http.routers.jellyfin.tls=true
- traefik.http.routers.jellyfin.tls.certresolver=letsencrypt
- traefik.http.routers.jellyfin.middlewares=jellyfin-mw
- traefik.http.middlewares.jellyfin-mw.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
- traefik.http.middlewares.jellyfin-mw.headers.STSSeconds=315360000
- traefik.http.middlewares.jellyfin-mw.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.jellyfin-mw.headers.STSPreload=true
- traefik.http.middlewares.jellyfin-mw.headers.forceSTSHeader=true
- traefik.http.middlewares.jellyfin-mw.headers.frameDeny=true
- traefik.http.middlewares.jellyfin-mw.headers.contentTypeNosniff=true
- traefik.http.middlewares.jellyfin-mw.headers.browserXSSFilter=true
- traefik.http.middlewares.jellyfin-mw.headers.customFrameOptionsValue='allow-from https://jf.chuchelo.net'

4
ansible/roles/jellyfin/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
- name: restart jellyfin
shell:
chdir: /opt/jellyfin
cmd: "{{ docker_update_command }}"

35
ansible/roles/jellyfin/tasks/main.yml
View file

@ -1,24 +1,17 @@
- name: Add Jellyfin apt key
ansible.builtin.apt_key:
url: https://repo.jellyfin.org/jellyfin_team.gpg.key
state: present
- name: Create install directory
file:
path: /opt/jellyfin
state: directory
owner: "{{ docker_user.name }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
- name: Add Jellyfin repository
apt_repository:
repo: deb [arch=amd64] https://repo.jellyfin.org/debian {{ ansible_distribution_release }} main
filename: jellyfin
state: present
become: true
- name: Install jellyfin
package:
name: jellyfin
become: true
- name: Set media dir permissions
cron:
name: Set media permissions
special_time: daily
job: chown -R jellyfin:jellyfin /mnt/media
- name: Install compose file
template:
src: files/docker-compose.yml
dest: /opt/jellyfin/docker-compose.yml
mode: "{{ docker_compose_file_mask }}"
owner: "{{ docker_user.name }}"
validate: docker-compose -f %s config
notify: restart jellyfin
become: true