chatton
/
ansible-homelab
mirror of https://github.com/chatton/ansible-homelab
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

format files

Browse Source
format-files
chatton 3 years ago
parent 82bc12046b
commit 2bee1b5566
88 changed files with 1079 additions and 1111 deletions
Show Stats Download Patch File Download Diff File

5
Makefile
Unescape Escape View File

@ -30,7 +30,10 @@ verify:
ansible-playbook playbooks/verify-homelab.yml ansible-playbook playbooks/verify-homelab.yml
venv: venv:
source ./venv/bin/activate # activate venv if it exists
if [ -d "./venv" ]; then \
source venv/bin/activate; \
fi
deps: venv deps: venv
pip install --upgrade pip pip install --upgrade pip

7
group_vars/docker.yml
Unescape Escape View File

@ -1,7 +1,6 @@
---
pip_install_packages: pip_install_packages:
- name: docker - name: docker
docker_users: docker_users:
- cianhatton - cianhatton
- ansible - ansible

22
group_vars/linodes.yml
Unescape Escape View File

@ -2,17 +2,17 @@
vault_file: vault_vars/linode-vault.yml vault_file: vault_vars/linode-vault.yml
# any linode specific variables go here # any linode specific variables go here
services: services:
- name: gitea - name: gitea
- name: mealie - name: mealie
- name: linkding - name: linkding
- name: overseerr - name: overseerr
- name: nextcloud - name: nextcloud
- name: nginx-proxy-manager - name: nginx-proxy-manager
- name: uptime-kuma - name: uptime-kuma
- name: mariadb - name: mariadb
- name: photoprism - name: photoprism
- name: olivetin - name: olivetin
# any additional docker networks that should be created # any additional docker networks that should be created
docker_networks: docker_networks:
- mariadb_net - mariadb_net

6
group_vars/servers.yml
Unescape Escape View File

@ -8,7 +8,7 @@ homelab_user: &main_user cianhatton
samba_group: smbgroup samba_group: smbgroup
samba_user: smbuser samba_user: smbuser
users: users:
- name: *main_user - name: *main_user
group: *main_user group: *main_user
passwordless_sudo: true passwordless_sudo: true
@ -31,9 +31,9 @@ directories:
documents_dir: /mnt/mergerfs/documents documents_dir: /mnt/mergerfs/documents
desired_docker_images: desired_docker_images:
- ubuntu:latest - ubuntu:latest
portainer_endpoint: -1 portainer_endpoint: -1
portainer_base_url: "http://qnap:9000" portainer_base_url: http://qnap:9000
external_docker_networks: [] external_docker_networks: []
portainer_required_files: [] portainer_required_files: []

64
host_vars/qnap.yml
Unescape Escape View File

@ -2,7 +2,7 @@
vault_file: vault_vars/qnap-vault.yml vault_file: vault_vars/qnap-vault.yml
# any qnap specific variables go here # any qnap specific variables go here
mounts: mounts:
- path: /mnt/mergerfs - path: /mnt/mergerfs
state: mounted state: mounted
branches: branches:
- /mnt/data/device0 - /mnt/data/device0
@ -12,47 +12,47 @@ mounts:
# these directories will be backed up to s3. # these directories will be backed up to s3.
backup_directories: backup_directories:
- path: /mnt/mergerfs/photoprism/originals - path: /mnt/mergerfs/photoprism/originals
s3_name: photoprism_photos s3_name: photoprism_photos
- path: /mnt/mergerfs/photoprism/import - path: /mnt/mergerfs/photoprism/import
s3_name: photoprism_import s3_name: photoprism_import
- path: /mnt/mergerfs/photoprism/storage - path: /mnt/mergerfs/photoprism/storage
s3_name: photoprism_storage s3_name: photoprism_storage
- path: /mnt/mergerfs/documents/media/documents/originals - path: /mnt/mergerfs/documents/media/documents/originals
s3_name: paperless-docs s3_name: paperless-docs
cron_hour: "5" cron_hour: '5'
docker_backup_host_backup_directory: "/tmp" docker_backup_host_backup_directory: /tmp
devices: devices:
- uuid: a54c1bde-1400-4975-bf24-08c603ca3a11 # /dev/sdc1 - uuid: a54c1bde-1400-4975-bf24-08c603ca3a11 # /dev/sdc1
path: /mnt/data/device0 path: /mnt/data/device0
- uuid: 727dddaa-f7a1-439a-995f-5f4d35322e08 # /dev/sdd1 - uuid: 727dddaa-f7a1-439a-995f-5f4d35322e08 # /dev/sdd1
path: /mnt/data/device1 path: /mnt/data/device1
- uuid: f3cff115-9adc-4761-b1e9-e81055f3e0af # /dev/sda1 - uuid: f3cff115-9adc-4761-b1e9-e81055f3e0af # /dev/sda1
path: /mnt/data/device2 path: /mnt/data/device2
# SSD for downloads / transcoding # SSD for downloads / transcoding
- uuid: c528bf82-61ab-4f3d-87e0-d1e6e02ef7ec # /dev/sdf - uuid: c528bf82-61ab-4f3d-87e0-d1e6e02ef7ec # /dev/sdf
path: /mnt/ssd0/ path: /mnt/ssd0/
# docker networks to be created before portainer stacks are created. # docker networks to be created before portainer stacks are created.
external_docker_networks: external_docker_networks:
- mariadb_net - mariadb_net
ansible_pull_path: /home/{{ homelab_user }}/.local/bin/ansible-pull ansible_pull_path: /home/{{ homelab_user }}/.local/bin/ansible-pull
portainer_required_files: portainer_required_files:
- source_file: dashboards/dashy-config.yml - source_file: dashboards/dashy-config.yml
dest_file_name: dashy-config.yml dest_file_name: dashy-config.yml
dest_directory: /etc/config/dashy dest_directory: /etc/config/dashy
handler: restart-dashy handler: restart-dashy
- source_file: olivetin/config.yml - source_file: olivetin/config.yml
dest_file_name: config.yml dest_file_name: config.yml
dest_directory: /etc/config/OliveTin dest_directory: /etc/config/OliveTin
handler: restart-olivetin handler: restart-olivetin
portainer_required_templates: portainer_required_templates:
- source_file: diun-config.j2 - source_file: diun-config.j2
dest_file_name: diun-config.yml dest_file_name: diun-config.yml
dest_directory: /etc/config/diun dest_directory: /etc/config/diun
handler: restart-diun handler: restart-diun
@ -60,7 +60,7 @@ portainer_required_templates:
portainer_endpoint: 2 portainer_endpoint: 2
services: services:
- name: vpn-stack - name: vpn-stack
template_vars: template_vars:
vpn: protonwire # protonwire or surfshark vpn: protonwire # protonwire or surfshark
qbittorrent: qbittorrent:
@ -79,44 +79,44 @@ services:
enabled: true enabled: true
image: lscr.io/linuxserver/jackett image: lscr.io/linuxserver/jackett
tag: 0.21.235 tag: 0.21.235
- name: gitea - name: gitea
template_vars: template_vars:
image: gitea/gitea image: gitea/gitea
tag: 1.19.0 tag: 1.19.0
- name: mealie - name: mealie
- name: overseerr - name: overseerr
- name: nextcloud - name: nextcloud
template_vars: template_vars:
default_network: mariadb_net default_network: mariadb_net
image: nextcloud image: nextcloud
tag: 27.0 tag: 27.0
- name: dashboards - name: dashboards
template_vars: template_vars:
dashy: true dashy: true
dashdot: true dashdot: true
glances: true glances: true
- name: nginx-proxy-manager - name: nginx-proxy-manager
- name: plex - name: plex
template_vars: template_vars:
plex_image: lscr.io/linuxserver/plex plex_image: lscr.io/linuxserver/plex
plex_tag: 1.32.4 plex_tag: 1.32.4
- name: uptime-kuma - name: uptime-kuma
- name: mariadb - name: mariadb
template_vars: template_vars:
image: mariadb image: mariadb
tag: 10.8.3 tag: 10.8.3
default_network: mariadb_net default_network: mariadb_net
- name: photoprism - name: photoprism
template_vars: template_vars:
default_network: mariadb_net default_network: mariadb_net
image: photoprism/photoprism image: photoprism/photoprism
tag: 230615 tag: 230615
- name: olivetin - name: olivetin
- name: pihole - name: pihole
- name: paperless - name: paperless
- name: gotify - name: gotify
- name: diun - name: diun
- name: ghost - name: ghost
# - name: minio # - name: minio
# template_vars: # template_vars:
# image: minio/minio # image: minio/minio

21
host_vars/snunmu.yml
Unescape Escape View File

@ -1,33 +1,32 @@
---
vault_file: vault_vars/qnap-vault.yml vault_file: vault_vars/qnap-vault.yml
portainer_required_templates: portainer_required_templates:
- source_file: diun-config.j2 - source_file: diun-config.j2
dest_file_name: diun-config.yml dest_file_name: diun-config.yml
dest_directory: /etc/config/diun dest_directory: /etc/config/diun
handler: restart-diun handler: restart-diun
portainer_endpoint: 23 portainer_endpoint: 23
services: services:
- name: linkding - name: linkding
- name: pihole - name: pihole
- name: hasteypaste - name: hasteypaste
- name: dashboards - name: dashboards
template_vars: template_vars:
dashy: false dashy: false
dashdot: true dashdot: true
glances: true glances: true
- name: diun - name: diun
ansible_pull_path: /usr/local/bin/ansible-pull ansible_pull_path: /usr/local/bin/ansible-pull
backup_directories: [] backup_directories: []
cron_hour: "4" cron_hour: '4'
# docker options # docker options
docker_daemon_options: docker_daemon_options:
hosts: hosts:
- "tcp://0.0.0.0:2375" - tcp://0.0.0.0:2375
- "unix:///var/run/docker.sock" - unix:///var/run/docker.sock
docker_backup_host_backup_directory: "/tmp" docker_backup_host_backup_directory: /tmp

5
playbooks/backup-directories.yml
Unescape Escape View File

@ -1,17 +1,16 @@
---
- name: Backup Directories. - name: Backup Directories.
hosts: servers hosts: servers
become: true become: true
pre_tasks: pre_tasks:
- name: Include vault variables. - name: Include vault variables.
ansible.builtin.include_vars: '../{{ vault_file }}' ansible.builtin.include_vars: ../{{ vault_file }}
tags: [always] tags: [always]
tasks: tasks:
- name: Backup Directories. - name: Backup Directories.
ansible.builtin.include_role: ansible.builtin.include_role:
name: backup_directory name: backup_directory
with_items: "{{ backup_directories }}" with_items: '{{ backup_directories }}'
loop_control: loop_control:
loop_var: backup loop_var: backup

11
playbooks/restore-docker-volumes.yml
Unescape Escape View File

@ -1,14 +1,13 @@
---
- name: Restore a docker volume. - name: Restore a docker volume.
hosts: servers hosts: servers
become: true become: true
pre_tasks: pre_tasks:
- name: Include vault variables. - name: Include vault variables.
ansible.builtin.include_vars: '../{{ vault_file }}' ansible.builtin.include_vars: ../{{ vault_file }}
tags: [always] tags: [always]
vars: vars:
volume_name: "" volume_name: ''
s3_key: "" s3_key: ''
roles: roles:
- role: chatton.docker_backup.docker_s3_volume_restore - role: chatton.docker_backup.docker_s3_volume_restore
vars: vars:
@ -16,5 +15,5 @@
docker_backup_restore_latest_s3_key: "{{ volume_name != '' | bool }}" docker_backup_restore_latest_s3_key: "{{ volume_name != '' | bool }}"
docker_backup_fail_on_no_s3_backups: true docker_backup_fail_on_no_s3_backups: true
docker_backup_s3_volume: docker_backup_s3_volume:
name: "{{ volume_name }}" name: '{{ volume_name }}'
s3_key: "{{ s3_key }}" s3_key: '{{ s3_key }}'

7
playbooks/setup-homelab.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Update packages and ensure users on all hosts. - name: Update packages and ensure users on all hosts.
hosts: all hosts: all
become: true become: true
@ -37,13 +36,13 @@
become: true become: true
pre_tasks: pre_tasks:
- name: Include vault variables. - name: Include vault variables.
ansible.builtin.include_vars: '../{{ vault_file }}' ansible.builtin.include_vars: ../{{ vault_file }}
tags: [always] tags: [always]
roles: roles:
- role: setup_portainer - role: setup_portainer
tags: [services, portainer] tags: [services, portainer]
vars: vars:
portainer_version: "2.18.3" portainer_version: 2.18.3
- name: Setup and deploy services. - name: Setup and deploy services.
@ -51,7 +50,7 @@
become: true become: true
pre_tasks: pre_tasks:
- name: Include vault variables. - name: Include vault variables.
ansible.builtin.include_vars: '../{{ vault_file }}' ansible.builtin.include_vars: ../{{ vault_file }}
tags: [always] tags: [always]
roles: roles:
- role: setup_hosted_services - role: setup_hosted_services

1
playbooks/setup-linode.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Setup linode instance. - name: Setup linode instance.
hosts: localhost hosts: localhost
become: true become: true

7
playbooks/verify-homelab.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Verify HomeLab has been correctly set up. - name: Verify HomeLab has been correctly set up.
hosts: all hosts: all
become: true become: true
@ -9,7 +8,8 @@
- always - always
tasks: tasks:
- name: Docker Compose Files Exist - name: Docker Compose Files Exist
ansible.builtin.command: stat {{ directories.docker_compose_directory }}/{{ item.name }}/docker-compose.yml ansible.builtin.command: stat {{ directories.docker_compose_directory }}/{{ item.name
}}/docker-compose.yml
with_items: '{{ services }}' with_items: '{{ services }}'
changed_when: false changed_when: false
register: docker_compose_stat register: docker_compose_stat
@ -32,7 +32,8 @@
register: image_details register: image_details
- name: Assert desired images exist - name: Assert desired images exist
ansible.builtin.assert: ansible.builtin.assert:
that: "{{ item in image_details.images | map(attribute='RepoTags') | flatten }}" that: "{{ item in image_details.images | map(attribute='RepoTags') | flatten\
\ }}"
with_items: '{{ desired_docker_images }}' with_items: '{{ desired_docker_images }}'
- name: Fetch Sudoers Files - name: Fetch Sudoers Files

3
roles/backup_directory/meta/main.yml
Unescape Escape View File

@ -1,10 +1,9 @@
---
galaxy_info: galaxy_info:
author: Cian Hatton author: Cian Hatton
namespace: chatton namespace: chatton
description: Backup directories description: Backup directories
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
galaxy_tags: [] galaxy_tags: []
platforms: platforms:
- name: Debian - name: Debian

19
roles/backup_directory/tasks/main.yml
Unescape Escape View File

@ -1,24 +1,23 @@
---
- name: Determine backup timestamp. - name: Determine backup timestamp.
ansible.builtin.set_fact: backup_time="{{ ansible_date_time.iso8601 }}" ansible.builtin.set_fact: backup_time="{{ ansible_date_time.iso8601 }}"
- name: Compress Directory - name: Compress Directory
community.general.archive: community.general.archive:
path: "{{ backup.path }}" path: '{{ backup.path }}'
dest: /tmp/backup.tar.gz dest: /tmp/backup.tar.gz
mode: "0755" mode: '0755'
- name: Upload backups to S3 - name: Upload backups to S3
amazon.aws.aws_s3: amazon.aws.aws_s3:
s3_url: "{{ docker_backup_aws_s3_url }}" s3_url: '{{ docker_backup_aws_s3_url }}'
bucket: "{{ docker_backup_aws_s3_bucket }}" bucket: '{{ docker_backup_aws_s3_bucket }}'
object: "{{ backup.s3_name }}-{{ backup_time }}.tar.gz" object: '{{ backup.s3_name }}-{{ backup_time }}.tar.gz'
src: /tmp/backup.tar.gz src: /tmp/backup.tar.gz
aws_access_key: "{{ docker_backup_aws_s3_aws_access_key }}" aws_access_key: '{{ docker_backup_aws_s3_aws_access_key }}'
aws_secret_key: "{{ docker_backup_aws_s3_aws_secret_key }}" aws_secret_key: '{{ docker_backup_aws_s3_aws_secret_key }}'
region: "{{ docker_backup_aws_s3_region }}" region: '{{ docker_backup_aws_s3_region }}'
mode: put mode: put
permission: "{{ docker_backup_aws_s3_permissions }}" permission: '{{ docker_backup_aws_s3_permissions }}'
- name: Remove local backup. - name: Remove local backup.
ansible.builtin.file: ansible.builtin.file:

2
roles/bootstrap/meta/main.yml
Unescape Escape View File

@ -3,7 +3,7 @@ galaxy_info:
namespace: chatton namespace: chatton
description: Bootstrap ansible description: Bootstrap ansible
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
galaxy_tags: [] galaxy_tags: []
platforms: platforms:
- name: Debian - name: Debian

3
roles/bootstrap/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Add sources list - name: Add sources list
ansible.builtin.copy: ansible.builtin.copy:
src: sources_list src: sources_list
@ -27,7 +26,7 @@
- name: Add sudoers files - name: Add sudoers files
ansible.builtin.template: ansible.builtin.template:
src: sudoer_file src: sudoer_file
dest: "/etc/sudoers.d/{{ item }}" dest: /etc/sudoers.d/{{ item }}
owner: root owner: root
group: root group: root
mode: 0440 mode: 0440

3
roles/deploy_portainer_stack/defaults/main.yml
Unescape Escape View File

@ -1,7 +1,6 @@
---
# defaults file for chatton.deploy_portainer_stack # defaults file for chatton.deploy_portainer_stack
portainer_stack_name: "" portainer_stack_name: ''
# required directories for this stack # required directories for this stack
portainer_stack_directories: [] portainer_stack_directories: []

2
roles/deploy_portainer_stack/meta/main.yml
Unescape Escape View File

@ -3,7 +3,7 @@ galaxy_info:
namespace: chatton namespace: chatton
description: Deploy a single portainer stack. description: Deploy a single portainer stack.
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
galaxy_tags: [] galaxy_tags: []
platforms: platforms:
- name: Debian - name: Debian

35
roles/deploy_portainer_stack/tasks/main.yml
Unescape Escape View File

@ -1,11 +1,10 @@
--- - name: Stack {{ portainer_stack_name }} | Create a directory if it does not exist
- name: "Stack {{ portainer_stack_name }} | Create a directory if it does not exist"
ansible.builtin.file: ansible.builtin.file:
path: '{{ directories.docker_compose_directory }}/{{ portainer_stack_name }}' path: '{{ directories.docker_compose_directory }}/{{ portainer_stack_name }}'
state: directory state: directory
mode: '0755' mode: '0755'
- name: "Stack {{ portainer_stack_name }} | Template Docker Compose File" - name: Stack {{ portainer_stack_name }} | Template Docker Compose File
ansible.builtin.template: ansible.builtin.template:
src: '{{ portainer_stack_name }}.j2' src: '{{ portainer_stack_name }}.j2'
dest: '{{ directories.docker_compose_directory }}/{{ portainer_stack_name }}/docker-compose.yml' dest: '{{ directories.docker_compose_directory }}/{{ portainer_stack_name }}/docker-compose.yml'
@ -13,24 +12,25 @@
group: root group: root
mode: 0440 mode: 0440
vars: vars:
template_vars: "{{ portainer_stack_template_vars }}" template_vars: '{{ portainer_stack_template_vars }}'
- name: "Stack {{ portainer_stack_name }} | Ensure required directories" - name: Stack {{ portainer_stack_name }} | Ensure required directories
ansible.builtin.file: ansible.builtin.file:
path: '{{ item }}' path: '{{ item }}'
state: directory state: directory
mode: '0755' mode: '0755'
with_items: "{{ portainer_stack_directories }}" with_items: '{{ portainer_stack_directories }}'
- name: "Stack {{ portainer_stack_name }} | Find docker volumes" - name: Stack {{ portainer_stack_name }} | Find docker volumes
ansible.builtin.shell: docker volume ls -f name={{ portainer_stack_name }} --format '{{ '{{' }} .Name {{ '}}' }}' ansible.builtin.shell: docker volume ls -f name={{ portainer_stack_name }} --format
'{{ '{{' }} .Name {{ '}}' }}'
register: find_volumes register: find_volumes
changed_when: false changed_when: false
- name: "Stack {{ portainer_stack_name }} | Find docker volumes that need to be restored" - name: Stack {{ portainer_stack_name }} | Find docker volumes that need to be restored
ansible.builtin.script: scripts/find-volumes-to-restore.py ansible.builtin.script: scripts/find-volumes-to-restore.py
environment: environment:
EXISTING_VOLUMES: "{{ find_volumes.stdout_lines }}" EXISTING_VOLUMES: '{{ find_volumes.stdout_lines }}'
STACK_NAME: '{{ portainer_stack_name }}' STACK_NAME: '{{ portainer_stack_name }}'
DOCKER_COMPOSE_DIR: '{{ directories.docker_compose_directory }}' DOCKER_COMPOSE_DIR: '{{ directories.docker_compose_directory }}'
args: args:
@ -38,12 +38,12 @@
register: python_output register: python_output
changed_when: false changed_when: false
- name: "Stack {{ portainer_stack_name }} | Build list of volumes to restore." - name: Stack {{ portainer_stack_name }} | Build list of volumes to restore.
ansible.builtin.set_fact: ansible.builtin.set_fact:
restore_volumes: "{{ restore_volumes | default([]) + [{'name':item}] }}" restore_volumes: "{{ restore_volumes | default([]) + [{'name':item}] }}"
with_items: "{{ python_output.stdout_lines | list }}" with_items: '{{ python_output.stdout_lines | list }}'
- name: "Stack {{ portainer_stack_name }} | Restore any missing volumes from S3" - name: Stack {{ portainer_stack_name }} | Restore any missing volumes from S3
ansible.builtin.include_role: ansible.builtin.include_role:
name: chatton.docker_backup.docker_s3_volume_restore name: chatton.docker_backup.docker_s3_volume_restore
when: restore_volumes is defined when: restore_volumes is defined
@ -51,17 +51,18 @@
docker_backup_restore_force: false docker_backup_restore_force: false
docker_backup_restore_latest_s3_key: true docker_backup_restore_latest_s3_key: true
docker_backup_fail_on_no_s3_backups: false docker_backup_fail_on_no_s3_backups: false
docker_backup_s3_volume: "{{ volume }}" docker_backup_s3_volume: '{{ volume }}'
with_items: "{{ restore_volumes }}" with_items: '{{ restore_volumes }}'
loop_control: loop_control:
loop_var: volume loop_var: volume
- name: "Stack {{ portainer_stack_name }} | Update Portainer." - name: Stack {{ portainer_stack_name }} | Update Portainer.
chatton.portainer.portainer_stack: chatton.portainer.portainer_stack:
username: admin username: admin
password: '{{ portainer.password }}' password: '{{ portainer.password }}'
base_url: '{{ portainer_base_url }}' base_url: '{{ portainer_base_url }}'
docker_compose_file_path: '{{ directories.docker_compose_directory }}/{{ portainer_stack_name }}/docker-compose.yml' docker_compose_file_path: '{{ directories.docker_compose_directory }}/{{ portainer_stack_name
}}/docker-compose.yml'
stack_name: '{{ portainer_stack_name }}' stack_name: '{{ portainer_stack_name }}'
endpoint_id: '{{ portainer_stack_endpoint_id }}' endpoint_id: '{{ portainer_stack_endpoint_id }}'
state: present state: present

4
roles/docker_restore_container/defaults/main.yml
Unescape Escape View File

@ -1,2 +1,2 @@
--- null
# defaults file for chatton.docker_restore ...

4
roles/docker_restore_container/handlers/main.yml
Unescape Escape View File

@ -1,2 +1,2 @@
--- null
# handlers file for chatton.docker_restore ...

83
roles/docker_restore_container/tasks/main.yml
Unescape Escape View File

@ -1,121 +1,124 @@
---
# tasks file for chatton.docker_backup # tasks file for chatton.docker_backup
# https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html#ansible-collections-community-docker-docker-container-module # https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html#ansible-collections-community-docker-docker-container-module
# https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes # https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes
- name: Get container details - name: Get container details
docker_container_info: docker_container_info:
name: "{{ container_restore }}" name: '{{ container_restore }}'
register: result register: result
- name: Fail if container is not present - name: Fail if container is not present
fail: fail:
msg: Cannot restore volumes for a container when it does not exist. Ensure the container exists and try again. msg: Cannot restore volumes for a container when it does not exist. Ensure the
container exists and try again.
when: result.exists == false when: result.exists == false
- debug: msg="{{ result }}" - debug: msg="{{ result }}"
- name: Extract only the volume mounts (not bind mounts) - name: Extract only the volume mounts (not bind mounts)
set_fact: volume_mounts="{{ result.container.Mounts | selectattr("Type", "equalto", "volume")}}" set_fact: volume_mounts="{{ result.container.Mounts | selectattr("Type", "equalto",
"volume")}}"
- debug: msg="{{ volume_mounts }}" - debug: msg="{{ volume_mounts }}"
- name: Find relevant volume(s) in S3 - name: Find relevant volume(s) in S3
amazon.aws.aws_s3: amazon.aws.aws_s3:
bucket: "{{ aws_s3.bucket }}" bucket: '{{ aws_s3.bucket }}'
mode: list mode: list
region: "{{ aws_s3.region }}" region: '{{ aws_s3.region }}'
s3_url: "https://{{ aws_s3.s3_url }}" s3_url: https://{{ aws_s3.s3_url }}
prefix: "{{ item.Name }}/{{ item.Name }}" prefix: '{{ item.Name }}/{{ item.Name }}'
aws_access_key: "{{ aws_s3.aws_access_key }}" aws_access_key: '{{ aws_s3.aws_access_key }}'
aws_secret_key: "{{ aws_s3.aws_secret_key }}" aws_secret_key: '{{ aws_s3.aws_secret_key }}'
register: s3_list_output register: s3_list_output
with_items: "{{ volume_mounts }}" with_items: '{{ volume_mounts }}'
- debug: msg="{{ s3_list_output }}" - debug: msg="{{ s3_list_output }}"
- name: Extract s3 keys for container - name: Extract s3 keys for container
set_fact: container_s3_keys="{{ container_s3_keys | default([]) + [item.s3_keys | last] }}" set_fact: container_s3_keys="{{ container_s3_keys | default([]) + [item.s3_keys
with_items: "{{ s3_list_output.results }}" | last] }}"
with_items: '{{ s3_list_output.results }}'
- debug: msg="{{ container_s3_keys }}" - debug: msg="{{ container_s3_keys }}"
- name: Create a directory for temporary backups if they do not exist - name: Create a directory for temporary backups if they do not exist
ansible.builtin.file: ansible.builtin.file:
path: "/tmp/{{ item.Name }}" path: /tmp/{{ item.Name }}
state: directory state: directory
mode: '0755' mode: '0755'
with_items: "{{ volume_mounts }}" with_items: '{{ volume_mounts }}'
- name: Download archives from S3 - name: Download archives from S3
amazon.aws.aws_s3: amazon.aws.aws_s3:
bucket: "{{ aws_s3.bucket }}" bucket: '{{ aws_s3.bucket }}'
object: "{{ item }}" object: '{{ item }}'
aws_access_key: "{{ aws_s3.aws_access_key }}" aws_access_key: '{{ aws_s3.aws_access_key }}'
aws_secret_key: "{{ aws_s3.aws_secret_key }}" aws_secret_key: '{{ aws_s3.aws_secret_key }}'
region: "{{ aws_s3.region }}" region: '{{ aws_s3.region }}'
s3_url: "https://{{ aws_s3.s3_url }}" s3_url: https://{{ aws_s3.s3_url }}
mode: get mode: get
dest: "/tmp/{{ item }}" dest: /tmp/{{ item }}
with_items: "{{ container_s3_keys }}" with_items: '{{ container_s3_keys }}'
register: get_out register: get_out
- debug: msg="{{ get_out }}" - debug: msg="{{ get_out }}"
- set_fact: - set_fact:
volume_details: "{{ volume_details | default([]) + [ {'mount': item.0, 's3_key': item.1} ] }}" volume_details: "{{ volume_details | default([]) + [ {'mount': item.0, 's3_key':\
\ item.1} ] }}"
with_together: with_together:
- "{{ volume_mounts }}" - '{{ volume_mounts }}'
- "{{ container_s3_keys }}" - '{{ container_s3_keys }}'
- debug: msg="{{ volume_details }}" - debug: msg="{{ volume_details }}"
- name: Stop a container - name: Stop a container
community.docker.docker_container: community.docker.docker_container:
name: "{{ container_restore }}" name: '{{ container_restore }}'
state: stopped state: stopped
- name: Ensure Volume - name: Ensure Volume
docker_volume: docker_volume:
name: "{{ item.mount.Name }}" name: '{{ item.mount.Name }}'
state: present state: present
with_items: "{{ volume_details }}" with_items: '{{ volume_details }}'
- name: Remove contents of volumes - name: Remove contents of volumes
community.docker.docker_container: community.docker.docker_container:
name: "restore-container-{{ item.mount.Name }}-{{ 10 | random }}" name: restore-container-{{ item.mount.Name }}-{{ 10 | random }}
image: ubuntu image: ubuntu
command: "rm -rf ./* " command: 'rm -rf ./* '
auto_remove: true auto_remove: true
detach: false # block until this container exists. detach: false # block until this container exists.
state: started state: started
# start inside the directory we want to wipe # start inside the directory we want to wipe
working_dir: "{{ item.mount.Destination }}" working_dir: '{{ item.mount.Destination }}'
volumes: volumes:
- /tmp:/tmp - /tmp:/tmp
volumes_from: volumes_from:
- "{{ container_restore }}" - '{{ container_restore }}'
with_items: "{{ volume_details }}" with_items: '{{ volume_details }}'
- name: Restore contents of volumes - name: Restore contents of volumes
community.docker.docker_container: community.docker.docker_container:
name: "restore-container-{{ item.mount.Name }}-{{ 10 | random }}" name: restore-container-{{ item.mount.Name }}-{{ 10 | random }}
image: ubuntu image: ubuntu
# extract the tar into the volume. # extract the tar into the volume.
command: "tar xvf /tmp/{{ item.s3_key }}" command: tar xvf /tmp/{{ item.s3_key }}
auto_remove: true auto_remove: true
detach: false # block until this container exists. detach: false # block until this container exists.
state: started state: started
# the compressed volume contains the directories, so we start from the root # the compressed volume contains the directories, so we start from the root
working_dir: "/" working_dir: /
volumes: volumes:
- /tmp:/tmp - /tmp:/tmp
volumes_from: volumes_from:
- "{{ container_restore }}" - '{{ container_restore }}'
with_items: "{{ volume_details }}" with_items: '{{ volume_details }}'
- name: Start a container - name: Start a container
community.docker.docker_container: community.docker.docker_container:
name: "{{ container_restore }}" name: '{{ container_restore }}'
state: started state: started

4
roles/docker_restore_container/vars/main.yml
Unescape Escape View File

@ -1,2 +1,2 @@
--- null
# vars file for chatton.docker_restore ...

2
roles/geerlingguy.docker/.github/FUNDING.yml vendored
Unescape Escape View File

@ -1,4 +1,2 @@
# These are supported funding model platforms
---
github: geerlingguy github: geerlingguy
patreon: geerlingguy patreon: geerlingguy

16
roles/geerlingguy.docker/.github/stale.yml vendored
Unescape Escape View File

@ -1,5 +1,3 @@
# Configuration for probot-stale - https://github.com/probot/stale
---
# Number of days of inactivity before an Issue or Pull Request becomes stale # Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90 daysUntilStale: 90
@ -12,10 +10,10 @@ onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels: exemptLabels:
- bug - bug
- pinned - pinned
- security - security
- planned - planned
# Set to true to ignore issues in a project (defaults to false) # Set to true to ignore issues in a project (defaults to false)
exemptProjects: false exemptProjects: false
@ -42,7 +40,8 @@ pulls:
This pull request is no longer marked for closure. This pull request is no longer marked for closure.
closeComment: >- closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. This pull request has been closed due to inactivity. If you feel this is in error,
please reopen the pull request or file a new PR with the relevant details.
issues: issues:
markComment: |- markComment: |-
@ -54,4 +53,5 @@ issues:
This issue is no longer marked for closure. This issue is no longer marked for closure.
closeComment: >- closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. This issue has been closed due to inactivity. If you feel this is in error, please
reopen the issue or file a new issue with the relevant details.

15
roles/geerlingguy.docker/.github/workflows/ci.yml vendored
Unescape Escape View File

@ -1,16 +1,15 @@
---
name: CI name: CI
'on': on:
pull_request: pull_request:
push: push:
branches: branches:
- master - master
schedule: schedule:
- cron: "0 7 * * 0" - cron: 0 7 * * 0
defaults: defaults:
run: run:
working-directory: 'geerlingguy.docker' working-directory: geerlingguy.docker
jobs: jobs:
@ -21,12 +20,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.docker' path: geerlingguy.docker
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install test dependencies. - name: Install test dependencies.
run: pip3 install yamllint run: pip3 install yamllint
@ -54,12 +53,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.docker' path: geerlingguy.docker
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install test dependencies. - name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker run: pip3 install ansible molecule[docker] docker

12
roles/geerlingguy.docker/.github/workflows/release.yml vendored
Unescape Escape View File

@ -1,4 +1,3 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub # This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization. # repository or organization.
# #
@ -6,14 +5,14 @@
# See: https://github.com/ansible/galaxy/issues/46 # See: https://github.com/ansible/galaxy/issues/46
name: Release name: Release
'on': on:
push: push:
tags: tags:
- '*' - '*'
defaults: defaults:
run: run:
working-directory: 'geerlingguy.docker' working-directory: geerlingguy.docker
jobs: jobs:
@ -24,12 +23,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.docker' path: geerlingguy.docker
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install Ansible. - name: Install Ansible.
run: pip3 install ansible-core run: pip3 install ansible-core
@ -37,4 +36,5 @@ jobs:
- name: Trigger a new import on Galaxy. - name: Trigger a new import on Galaxy.
run: >- run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository
}} | cut -d/ -f2)

26
roles/geerlingguy.docker/defaults/main.yml
Unescape Escape View File

@ -1,11 +1,10 @@
---
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce' docker_edition: ce
docker_packages: docker_packages:
- "docker-{{ docker_edition }}" - docker-{{ docker_edition }}
- "docker-{{ docker_edition }}-cli" - docker-{{ docker_edition }}-cli
- "docker-{{ docker_edition }}-rootless-extras" - docker-{{ docker_edition }}-rootless-extras
- "containerd.io" - containerd.io
docker_packages_state: present docker_packages_state: present
# Service options. # Service options.
@ -21,9 +20,10 @@ docker_compose_package_state: present
# Docker Compose options. # Docker Compose options.
docker_install_compose: true docker_install_compose: true
docker_compose_version: "v2.4.1" docker_compose_version: v2.4.1
docker_compose_arch: x86_64 docker_compose_arch: x86_64
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}" docker_compose_url: https://github.com/docker/compose/releases/download/{{ docker_compose_version
}}/docker-compose-linux-{{ docker_compose_arch }}
docker_compose_path: /usr/local/bin/docker-compose docker_compose_path: /usr/local/bin/docker-compose
# Docker repo URL. # Docker repo URL.
@ -32,15 +32,17 @@ docker_repo_url: https://download.docker.com/linux
# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed. # Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
docker_apt_release_channel: stable docker_apt_release_channel: stable
docker_apt_arch: amd64 docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_repository: deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution
| lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}
docker_apt_ignore_key_error: true docker_apt_ignore_key_error: true
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" docker_apt_gpg_key: '{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg'
# Used only for RedHat/CentOS/Fedora. # Used only for RedHat/CentOS/Fedora.
docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora')\
\ | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
docker_yum_repo_enable_nightly: '0' docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0' docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" docker_yum_gpg_key: '{{ docker_repo_url }}/centos/gpg'
# A list of users who will be added to the docker group. # A list of users who will be added to the docker group.
docker_users: [] docker_users: []

5
roles/geerlingguy.docker/handlers/main.yml
Unescape Escape View File

@ -1,7 +1,6 @@
---
- name: restart docker - name: restart docker
service: service:
name: docker name: docker
state: "{{ docker_restart_handler_state }}" state: '{{ docker_restart_handler_state }}'
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: '{{ ansible_check_mode }}'
when: docker_service_manage | bool when: docker_service_manage | bool

5
roles/geerlingguy.docker/meta/main.yml
Unescape Escape View File

@ -1,12 +1,11 @@
---
dependencies: [] dependencies: []
galaxy_info: galaxy_info:
role_name: docker role_name: docker
author: geerlingguy author: geerlingguy
description: Docker for Linux. description: Docker for Linux.
company: "Midwestern Mac, LLC" company: Midwestern Mac, LLC
license: "license (BSD, MIT)" license: license (BSD, MIT)
min_ansible_version: 2.4 min_ansible_version: 2.4
platforms: platforms:
- name: EL - name: EL

1
roles/geerlingguy.docker/molecule/default/converge.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Converge - name: Converge
hosts: all hosts: all
become: true become: true

5
roles/geerlingguy.docker/molecule/default/molecule.yml
Unescape Escape View File

@ -1,12 +1,11 @@
---
role_name_check: 1 role_name_check: 1
dependency: dependency:
name: galaxy name: galaxy
driver: driver:
name: docker name: docker
platforms: platforms:
- name: instance - name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" image: geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest
command: ${MOLECULE_DOCKER_COMMAND:-""} command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes: volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro

15
roles/geerlingguy.docker/tasks/docker-compose.yml
Unescape Escape View File

@ -1,18 +1,18 @@
---
- name: Check current docker-compose version. - name: Check current docker-compose version.
command: "{{ docker_compose_path }} --version" command: '{{ docker_compose_path }} --version'
register: docker_compose_vsn register: docker_compose_vsn
check_mode: false check_mode: false
changed_when: false changed_when: false
failed_when: false failed_when: false
- set_fact: - set_fact:
docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}" docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\\
d+(\\.\\d+)+)') }}"
when: docker_compose_vsn.stdout is defined when: docker_compose_vsn.stdout is defined
- name: Delete existing docker-compose version if it's different. - name: Delete existing docker-compose version if it's different.
file: file:
path: "{{ docker_compose_path }}" path: '{{ docker_compose_path }}'
state: absent state: absent
when: > when: >
docker_compose_current_version is defined docker_compose_current_version is defined
@ -20,10 +20,11 @@
- name: Install Docker Compose (if configured). - name: Install Docker Compose (if configured).
get_url: get_url:
url: "{{ docker_compose_url }}" url: '{{ docker_compose_url }}'
dest: "{{ docker_compose_path }}" dest: '{{ docker_compose_path }}'
mode: 0755 mode: 0755
when: > when: >
(docker_compose_current_version is not defined) (docker_compose_current_version is not defined)
or (docker_compose_current_version|length == 0) or (docker_compose_current_version|length == 0)
or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<')) or (docker_compose_current_version is version((docker_compose_version | regex_replace('v',
'')), '<'))

5
roles/geerlingguy.docker/tasks/docker-users.yml
Unescape Escape View File

@ -1,10 +1,9 @@
---
- name: Ensure docker users are added to the docker group. - name: Ensure docker users are added to the docker group.
user: user:
name: "{{ item }}" name: '{{ item }}'
groups: docker groups: docker
append: true append: true
with_items: "{{ docker_users }}" with_items: '{{ docker_users }}'
- name: Reset ssh connection to apply user changes. - name: Reset ssh connection to apply user changes.
meta: reset_connection meta: reset_connection

49
roles/geerlingguy.docker/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Load OS-specific vars. - name: Load OS-specific vars.
include_vars: "{{ lookup('first_found', params) }}" include_vars: "{{ lookup('first_found', params) }}"
vars: vars:
@ -8,7 +7,7 @@
- '{{ansible_os_family}}.yml' - '{{ansible_os_family}}.yml'
- main.yml - main.yml
paths: paths:
- 'vars' - vars
- include_tasks: setup-RedHat.yml - include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
@ -18,37 +17,41 @@
- name: Install Docker packages. - name: Install Docker packages.
package: package:
name: "{{ docker_packages }}" name: '{{ docker_packages }}'
state: "{{ docker_packages_state }}" state: '{{ docker_packages_state }}'
notify: restart docker notify: restart docker
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: '{{ ansible_check_mode }}'
when: "ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian']" when: ansible_version.full is version_compare('2.12', '<') or ansible_os_family
not in ['RedHat', 'Debian']
- name: Install Docker packages (with downgrade option). - name: Install Docker packages (with downgrade option).
package: package:
name: "{{ docker_packages }}" name: '{{ docker_packages }}'
state: "{{ docker_packages_state }}" state: '{{ docker_packages_state }}'
allow_downgrade: true allow_downgrade: true
notify: restart docker notify: restart docker
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: '{{ ansible_check_mode }}'
when: "ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']" when: ansible_version.full is version_compare('2.12', '>=') and ansible_os_family
in ['RedHat', 'Debian']
- name: Install docker-compose plugin. - name: Install docker-compose plugin.
package: package:
name: "{{ docker_compose_package }}" name: '{{ docker_compose_package }}'
state: "{{ docker_compose_package_state }}" state: '{{ docker_compose_package_state }}'
notify: restart docker notify: restart docker
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: '{{ ansible_check_mode }}'
when: "docker_install_compose_plugin | bool == true and (ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian'])" when: docker_install_compose_plugin | bool == true and (ansible_version.full is
version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian'])
- name: Install docker-compose-plugin (with downgrade option). - name: Install docker-compose-plugin (with downgrade option).
package: package:
name: "{{ docker_compose_package }}" name: '{{ docker_compose_package }}'
state: "{{ docker_compose_package_state }}" state: '{{ docker_compose_package_state }}'
allow_downgrade: true allow_downgrade: true
notify: restart docker notify: restart docker
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: '{{ ansible_check_mode }}'
when: "docker_install_compose_plugin | bool == true and ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']" when: docker_install_compose_plugin | bool == true and ansible_version.full is version_compare('2.12',
'>=') and ansible_os_family in ['RedHat', 'Debian']
- name: Ensure /etc/docker/ directory exists. - name: Ensure /etc/docker/ directory exists.
file: file:
@ -59,7 +62,7 @@
- name: Configure Docker daemon options. - name: Configure Docker daemon options.
copy: copy:
content: "{{ docker_daemon_options | to_nice_json }}" content: '{{ docker_daemon_options | to_nice_json }}'
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
mode: 0644 mode: 0644
when: docker_daemon_options.keys() | length > 0 when: docker_daemon_options.keys() | length > 0
@ -68,9 +71,9 @@
- name: Ensure Docker is started and enabled at boot. - name: Ensure Docker is started and enabled at boot.
service: service:
name: docker name: docker
state: "{{ docker_service_state }}" state: '{{ docker_service_state }}'
enabled: "{{ docker_service_enabled }}" enabled: '{{ docker_service_enabled }}'
ignore_errors: "{{ ansible_check_mode }}" ignore_errors: '{{ ansible_check_mode }}'
when: docker_service_manage | bool when: docker_service_manage | bool
- name: Ensure handlers are notified now to avoid firewall conflicts. - name: Ensure handlers are notified now to avoid firewall conflicts.
@ -92,7 +95,7 @@
when: when:
- docker_users | length > 0 - docker_users | length > 0
- item not in ansible_facts.getent_group["docker"][2] - item not in ansible_facts.getent_group["docker"][2]
with_items: "{{ docker_users }}" with_items: '{{ docker_users }}'
- include_tasks: docker-users.yml - include_tasks: docker-users.yml
when: at_least_one_user_to_modify is defined when: at_least_one_user_to_modify is defined

16
roles/geerlingguy.docker/tasks/setup-Debian.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Ensure old versions of Docker are not installed. - name: Ensure old versions of Docker are not installed.
package: package:
name: name:
@ -13,25 +12,28 @@
- ca-certificates - ca-certificates
state: present state: present
- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems). - name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other
systems).
apt: apt:
name: gnupg2 name: gnupg2
state: present state: present
when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04', '<') when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04',
'<')
- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04). - name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
apt: apt:
name: gnupg name: gnupg
state: present state: present
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=') when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04',
'>=')
- name: Add Docker apt key. - name: Add Docker apt key.
apt_key: apt_key:
url: "{{ docker_apt_gpg_key }}" url: '{{ docker_apt_gpg_key }}'
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present state: present
register: add_repository_key register: add_repository_key
ignore_errors: "{{ docker_apt_ignore_key_error }}" ignore_errors: '{{ docker_apt_ignore_key_error }}'
- name: Ensure curl is present (on older systems without SNI). - name: Ensure curl is present (on older systems without SNI).
package: name=curl state=present package: name=curl state=present
@ -46,6 +48,6 @@
- name: Add Docker repository. - name: Add Docker repository.
apt_repository: apt_repository:
repo: "{{ docker_apt_repository }}" repo: '{{ docker_apt_repository }}'
state: present state: present
update_cache: true update_cache: true

15
roles/geerlingguy.docker/tasks/setup-RedHat.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Ensure old versions of Docker are not installed. - name: Ensure old versions of Docker are not installed.
package: package:
name: name:
@ -9,21 +8,21 @@
- name: Add Docker GPG key. - name: Add Docker GPG key.
rpm_key: rpm_key:
key: "{{ docker_yum_gpg_key }}" key: '{{ docker_yum_gpg_key }}'
state: present state: present
- name: Add Docker repository. - name: Add Docker repository.
get_url: get_url:
url: "{{ docker_yum_repo_url }}" url: '{{ docker_yum_repo_url }}'
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' dest: /etc/yum.repos.d/docker-{{ docker_edition }}.repo
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
- name: Configure Docker Nightly repo. - name: Configure Docker Nightly repo.
ini_file: ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' dest: /etc/yum.repos.d/docker-{{ docker_edition }}.repo
section: 'docker-{{ docker_edition }}-nightly' section: docker-{{ docker_edition }}-nightly
option: enabled option: enabled
value: '{{ docker_yum_repo_enable_nightly }}' value: '{{ docker_yum_repo_enable_nightly }}'
mode: 0644 mode: 0644
@ -31,8 +30,8 @@
- name: Configure Docker Test repo. - name: Configure Docker Test repo.
ini_file: ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' dest: /etc/yum.repos.d/docker-{{ docker_edition }}.repo
section: 'docker-{{ docker_edition }}-test' section: docker-{{ docker_edition }}-test
option: enabled option: enabled
value: '{{ docker_yum_repo_enable_test }}' value: '{{ docker_yum_repo_enable_test }}'
mode: 0644 mode: 0644

3
roles/geerlingguy.docker/vars/Alpine.yml
Unescape Escape View File

@ -1,2 +1 @@
--- docker_package: docker
docker_package: "docker"

4
roles/geerlingguy.docker/vars/main.yml
Unescape Escape View File

@ -1,2 +1,2 @@
--- null
# Empty file ...

2
roles/geerlingguy.pip/.github/FUNDING.yml vendored
Unescape Escape View File

@ -1,4 +1,2 @@
# These are supported funding model platforms
---
github: geerlingguy github: geerlingguy
patreon: geerlingguy patreon: geerlingguy

14
roles/geerlingguy.pip/.github/stale.yml vendored
Unescape Escape View File

@ -12,10 +12,10 @@ onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels: exemptLabels:
- bug - bug
- pinned - pinned
- security - security
- planned - planned
# Set to true to ignore issues in a project (defaults to false) # Set to true to ignore issues in a project (defaults to false)
exemptProjects: false exemptProjects: false
@ -42,7 +42,8 @@ pulls:
This pull request is no longer marked for closure. This pull request is no longer marked for closure.
closeComment: >- closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. This pull request has been closed due to inactivity. If you feel this is in error,
please reopen the pull request or file a new PR with the relevant details.
issues: issues:
markComment: |- markComment: |-
@ -54,4 +55,5 @@ issues:
This issue is no longer marked for closure. This issue is no longer marked for closure.
closeComment: >- closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. This issue has been closed due to inactivity. If you feel this is in error, please
reopen the issue or file a new issue with the relevant details.

15
roles/geerlingguy.pip/.github/workflows/ci.yml vendored
Unescape Escape View File

@ -1,16 +1,15 @@
---
name: CI name: CI
'on': on:
pull_request: pull_request:
push: push:
branches: branches:
- master - master
schedule: schedule:
- cron: "0 4 * * 5" - cron: 0 4 * * 5
defaults: defaults:
run: run:
working-directory: 'geerlingguy.pip' working-directory: geerlingguy.pip
jobs: jobs:
@ -21,12 +20,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.pip' path: geerlingguy.pip
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install test dependencies. - name: Install test dependencies.
run: pip3 install yamllint run: pip3 install yamllint
@ -51,12 +50,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.pip' path: geerlingguy.pip
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install test dependencies. - name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker run: pip3 install ansible molecule[docker] docker

12
roles/geerlingguy.pip/.github/workflows/release.yml vendored
Unescape Escape View File

@ -1,4 +1,3 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub # This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization. # repository or organization.
# #
@ -6,14 +5,14 @@
# See: https://github.com/ansible/galaxy/issues/46 # See: https://github.com/ansible/galaxy/issues/46
name: Release name: Release
'on': on:
push: push:
tags: tags:
- '*' - '*'
defaults: defaults:
run: run:
working-directory: 'geerlingguy.pip' working-directory: geerlingguy.pip
jobs: jobs:
@ -24,12 +23,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.pip' path: geerlingguy.pip
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install Ansible. - name: Install Ansible.
run: pip3 install ansible-core run: pip3 install ansible-core
@ -37,4 +36,5 @@ jobs:
- name: Trigger a new import on Galaxy. - name: Trigger a new import on Galaxy.
run: >- run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository
}} | cut -d/ -f2)

1
roles/geerlingguy.pip/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
# For Python 3, use python3-pip. # For Python 3, use python3-pip.
pip_package: python3-pip pip_package: python3-pip
pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}" pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"

5
roles/geerlingguy.pip/meta/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
dependencies: [] dependencies: []
galaxy_info: galaxy_info:
@ -6,8 +5,8 @@ galaxy_info:
author: geerlingguy author: geerlingguy
description: Pip (Python package manager) for Linux. description: Pip (Python package manager) for Linux.
issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
company: "Midwestern Mac, LLC" company: Midwestern Mac, LLC
license: "MIT" license: MIT
min_ansible_version: 2.4 min_ansible_version: 2.4
platforms: platforms:
- name: EL - name: EL

12
roles/geerlingguy.pip/molecule/default/converge.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Converge - name: Converge
hosts: all hosts: all
become: true become: true
@ -7,7 +6,7 @@
pip_install_packages: pip_install_packages:
# Test installing a specific version of a package. # Test installing a specific version of a package.
- name: ipaddress - name: ipaddress
version: "1.0.18" version: 1.0.18
# Test installing a package by name. # Test installing a package by name.
- colorama - colorama
@ -20,9 +19,12 @@
set_fact: set_fact:
pip_package: python-pip pip_package: python-pip
when: > when: >
(ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int < 8) (ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int
or (ansible_distribution == 'Debian') and (ansible_distribution_major_version | int < 10) < 8)
or (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version | int < 18) or (ansible_distribution == 'Debian') and (ansible_distribution_major_version
| int < 10)
or (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version
| int < 18)
roles: roles:
- role: geerlingguy.pip - role: geerlingguy.pip

5
roles/geerlingguy.pip/molecule/default/molecule.yml
Unescape Escape View File

@ -1,12 +1,11 @@
---
role_name_check: 1 role_name_check: 1
dependency: dependency:
name: galaxy name: galaxy
driver: driver:
name: docker name: docker
platforms: platforms:
- name: instance - name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" image: geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest
command: ${MOLECULE_DOCKER_COMMAND:-""} command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes: volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro

17
roles/geerlingguy.pip/tasks/main.yml
Unescape Escape View File

@ -1,15 +1,14 @@
---
- name: Ensure Pip is installed. - name: Ensure Pip is installed.
package: package:
name: "{{ pip_package }}" name: '{{ pip_package }}'
state: present state: present
- name: Ensure pip_install_packages are installed. - name: Ensure pip_install_packages are installed.
pip: pip:
name: "{{ item.name | default(item) }}" name: '{{ item.name | default(item) }}'
version: "{{ item.version | default(omit) }}" version: '{{ item.version | default(omit) }}'
virtualenv: "{{ item.virtualenv | default(omit) }}" virtualenv: '{{ item.virtualenv | default(omit) }}'
state: "{{ item.state | default(omit) }}" state: '{{ item.state | default(omit) }}'
extra_args: "{{ item.extra_args | default(omit) }}" extra_args: '{{ item.extra_args | default(omit) }}'
executable: "{{ pip_executable }}" executable: '{{ pip_executable }}'
loop: "{{ pip_install_packages }}" loop: '{{ pip_install_packages }}'

2
roles/geerlingguy.samba/.github/FUNDING.yml vendored
Unescape Escape View File

@ -1,4 +1,2 @@
# These are supported funding model platforms
---
github: geerlingguy github: geerlingguy
patreon: geerlingguy patreon: geerlingguy

12
roles/geerlingguy.samba/.github/stale.yml vendored
Unescape Escape View File

@ -12,9 +12,9 @@ onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels: exemptLabels:
- pinned - pinned
- security - security
- planned - planned
# Set to true to ignore issues in a project (defaults to false) # Set to true to ignore issues in a project (defaults to false)
exemptProjects: false exemptProjects: false
@ -41,7 +41,8 @@ pulls:
This pull request is no longer marked for closure. This pull request is no longer marked for closure.
closeComment: >- closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. This pull request has been closed due to inactivity. If you feel this is in error,
please reopen the pull request or file a new PR with the relevant details.
issues: issues:
markComment: |- markComment: |-
@ -53,4 +54,5 @@ issues:
This issue is no longer marked for closure. This issue is no longer marked for closure.
closeComment: >- closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. This issue has been closed due to inactivity. If you feel this is in error, please
reopen the issue or file a new issue with the relevant details.

15
roles/geerlingguy.samba/.github/workflows/ci.yml vendored
Unescape Escape View File

@ -1,16 +1,15 @@
---
name: CI name: CI
'on': on:
pull_request: pull_request:
push: push:
branches: branches:
- master - master
schedule: schedule:
- cron: "0 3 * * 4" - cron: 0 3 * * 4
defaults: defaults:
run: run:
working-directory: 'geerlingguy.samba' working-directory: geerlingguy.samba
jobs: jobs:
@ -21,12 +20,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.samba' path: geerlingguy.samba
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install test dependencies. - name: Install test dependencies.
run: pip3 install yamllint ansible-lint run: pip3 install yamllint ansible-lint
@ -49,12 +48,12 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.samba' path: geerlingguy.samba
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install test dependencies. - name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker run: pip3 install ansible molecule[docker] docker

13
roles/geerlingguy.samba/.github/workflows/release.yml vendored
Unescape Escape View File

@ -1,4 +1,3 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub # This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization. # repository or organization.
# #
@ -6,14 +5,14 @@
# See: https://github.com/ansible/galaxy/issues/46 # See: https://github.com/ansible/galaxy/issues/46
name: Release name: Release
'on': on:
push: push:
tags: tags:
- '*' - '*'
defaults: defaults:
run: run:
working-directory: 'geerlingguy.samba' working-directory: geerlingguy.samba
jobs: jobs:
@ -24,15 +23,17 @@ jobs:
- name: Check out the codebase. - name: Check out the codebase.
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
path: 'geerlingguy.samba' path: geerlingguy.samba
- name: Set up Python 3. - name: Set up Python 3.
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install Ansible. - name: Install Ansible.
run: pip3 install ansible-base run: pip3 install ansible-base
- name: Trigger a new import on Galaxy. - name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo
${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} |
cut -d/ -f2)

3
roles/geerlingguy.samba/handlers/main.yml
Unescape Escape View File

@ -1,3 +1,2 @@
---
- name: restart smb - name: restart smb
service: "name={{ samba_daemon }} state=restarted" service: name={{ samba_daemon }} state=restarted

7
roles/geerlingguy.samba/meta/main.yml
Unescape Escape View File

@ -1,12 +1,11 @@
---
dependencies: [] dependencies: []
galaxy_info: galaxy_info:
role_name: samba role_name: samba
author: geerlingguy author: geerlingguy
description: "Samba for RHEL/CentOS." description: Samba for RHEL/CentOS.
company: "Midwestern Mac, LLC" company: Midwestern Mac, LLC
license: "license (BSD, MIT)" license: license (BSD, MIT)
min_ansible_version: 2.0 min_ansible_version: 2.0
platforms: platforms:
- name: EL - name: EL

1
roles/geerlingguy.samba/molecule/default/converge.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Converge - name: Converge
hosts: all hosts: all
become: true become: true

5
roles/geerlingguy.samba/molecule/default/molecule.yml
Unescape Escape View File

@ -1,11 +1,10 @@
---
dependency: dependency:
name: galaxy name: galaxy
driver: driver:
name: docker name: docker
platforms: platforms:
- name: instance - name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" image: geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest
command: ${MOLECULE_DOCKER_COMMAND:-""} command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes: volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro

5
roles/geerlingguy.samba/tasks/main.yml
Unescape Escape View File

@ -1,6 +1,5 @@
---
- name: Include OS-specific variables. - name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml" include_vars: '{{ ansible_os_family }}.yml'
- name: Ensure Samba-related packages are installed (RedHat). - name: Ensure Samba-related packages are installed (RedHat).
package: package:
@ -22,6 +21,6 @@
- name: Ensure Samba is running and set to start on boot. - name: Ensure Samba is running and set to start on boot.
service: service:
name: "{{ samba_daemon }}" name: '{{ samba_daemon }}'
state: started state: started
enabled: true enabled: true

1
roles/geerlingguy.samba/vars/Debian.yml
Unescape Escape View File

@ -1,2 +1 @@
---
samba_daemon: smbd samba_daemon: smbd

1
roles/geerlingguy.samba/vars/RedHat.yml
Unescape Escape View File

@ -1,2 +1 @@
---
samba_daemon: smb samba_daemon: smb

3
roles/setup_hosted_services/defaults/main.yml
Unescape Escape View File

@ -1 +1,2 @@
--- null
...

16
roles/setup_hosted_services/files/dashboards/dashy-config.yml
Unescape Escape View File

@ -1,7 +1,7 @@
pageInfo: pageInfo:
title: Home Lab title: Home Lab
sections: sections:
- name: Tools - name: Tools
items: items:
- title: Hastey Paste - title: Hastey Paste
description: Paste bin service. description: Paste bin service.
@ -31,14 +31,14 @@ sections:
- title: Paperless - title: Paperless
icon: hl-paperless icon: hl-paperless
url: http://qnap:8001 url: http://qnap:8001
- name: Docker Admin - name: Docker Admin
items: items:
- title: Portainer - title: Portainer
description: Manage docker apps using Portainer description: Manage docker apps using Portainer
icon: hl-portainer icon: hl-portainer
url: http://qnap:9000 url: http://qnap:9000
- name: System Admin - name: System Admin
items: items:
- title: Webmin - title: Webmin
icon: hl-webmin icon: hl-webmin
@ -52,7 +52,7 @@ sections:
icon: hl-nginx icon: hl-nginx
url: http://qnap:8181 url: http://qnap:8181
- name: QNAP Dashboards - name: QNAP Dashboards
items: items:
- title: Dash Dot - title: Dash Dot
icon: hl-dashdot icon: hl-dashdot
@ -69,7 +69,7 @@ sections:
- title: Pihole - title: Pihole
icon: hl-pihole icon: hl-pihole
url: http://qnap:85/admin url: http://qnap:85/admin
- name: Snunmu Dashboards - name: Snunmu Dashboards
items: items:
- title: Dash Dot - title: Dash Dot
icon: hl-dashdot icon: hl-dashdot
@ -81,7 +81,7 @@ sections:
icon: hl-pihole icon: hl-pihole
url: http://snunmu:85/admin url: http://snunmu:85/admin
- name: Media Stack - name: Media Stack
items: items:
- title: Plex - title: Plex
icon: hl-plex icon: hl-plex
@ -103,7 +103,7 @@ sections:
- title: Qbittorrent - title: Qbittorrent
icon: hl-qbittorrent icon: hl-qbittorrent
url: http://qnap:15000 url: http://qnap:15000
- name: QNAP - name: QNAP
widgets: widgets:
- type: gl-disk-space - type: gl-disk-space
options: options:
@ -119,7 +119,7 @@ sections:
- evmos - evmos
- osmosis - osmosis
- name: Snunmu - name: Snunmu
widgets: widgets:
- type: gl-disk-space - type: gl-disk-space
options: options:

6
roles/setup_hosted_services/files/olivetin/config.yml
Unescape Escape View File

@ -5,14 +5,14 @@ logLevel: INFO
# Actions (buttons) to show up on the WebUI: # Actions (buttons) to show up on the WebUI:
actions: actions:
# Docs: https://docs.olivetin.app/action-container-control.html # Docs: https://docs.olivetin.app/action-container-control.html
- title: Restart Plex - title: Restart Plex
icon: plex icon: plex
shell: docker restart plex shell: docker restart plex
timeout: 30 timeout: 30
- title: Restart Overseerr - title: Restart Overseerr
icon: overseerr icon: overseerr
shell: docker restart plex shell: docker restart plex
timeout: 30 timeout: 30
- title: Restart VPN Stack - title: Restart VPN Stack
shell: docker restart surfshark sonarr radarr jackett qbittorrent shell: docker restart surfshark sonarr radarr jackett qbittorrent
timeout: 90 timeout: 90

2
roles/setup_hosted_services/meta/main.yml
Unescape Escape View File

@ -3,7 +3,7 @@ galaxy_info:
namespace: chatton namespace: chatton
description: Deploy all my hosted services description: Deploy all my hosted services
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
galaxy_tags: [] galaxy_tags: []
platforms: platforms:
- name: Debian - name: Debian

43
roles/setup_hosted_services/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Install Modules for Python - name: Install Modules for Python
ansible.builtin.pip: ansible.builtin.pip:
name: name:
@ -16,42 +15,42 @@
path: '{{ file_item.dest_directory }}' path: '{{ file_item.dest_directory }}'
state: directory state: directory
mode: '0755' mode: '0755'
with_items: "{{ portainer_required_files }}" with_items: '{{ portainer_required_files }}'
loop_control: loop_control:
loop_var: file_item loop_var: file_item
- name: Create required files. - name: Create required files.
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ file_item.source_file }}" src: '{{ file_item.source_file }}'
dest: '{{ file_item.dest_directory }}/{{ file_item.dest_file_name }}' dest: '{{ file_item.dest_directory }}/{{ file_item.dest_file_name }}'
owner: root owner: root
group: root group: root
mode: 0440 mode: 0440
with_items: "{{ portainer_required_files }}" with_items: '{{ portainer_required_files }}'
loop_control: loop_control:
loop_var: file_item loop_var: file_item
notify: "{{ file_item.handler }}" notify: '{{ file_item.handler }}'
- name: Create required directories (templates). - name: Create required directories (templates).
ansible.builtin.file: ansible.builtin.file:
path: '{{ file_template.dest_directory }}' path: '{{ file_template.dest_directory }}'
state: directory state: directory
mode: '0755' mode: '0755'
with_items: "{{ portainer_required_templates }}" with_items: '{{ portainer_required_templates }}'
loop_control: loop_control:
loop_var: file_template loop_var: file_template
- name: Create required templates. - name: Create required templates.
ansible.builtin.template: ansible.builtin.template:
src: "{{ file_template.source_file }}" src: '{{ file_template.source_file }}'
dest: "{{ file_template.dest_directory }}/{{ file_template.dest_file_name }}" dest: '{{ file_template.dest_directory }}/{{ file_template.dest_file_name }}'
owner: root owner: root
group: root group: root
mode: 0440 mode: 0440
with_items: "{{ portainer_required_templates }}" with_items: '{{ portainer_required_templates }}'
loop_control: loop_control:
loop_var: file_template loop_var: file_template
notify: "{{ file_template.handler }}" notify: '{{ file_template.handler }}'
- name: Create external docker networks. - name: Create external docker networks.
docker_network: docker_network:
@ -62,30 +61,32 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: deploy_portainer_stack name: deploy_portainer_stack
vars: vars:
portainer_stack_name: "{{ portainer_stack.name }}" portainer_stack_name: '{{ portainer_stack.name }}'
portainer_stack_endpoint_id: "{{ portainer_endpoint }}" portainer_stack_endpoint_id: '{{ portainer_endpoint }}'
portainer_stack_template_vars: "{{ portainer_stack.template_vars | default({}) }}" portainer_stack_template_vars: '{{ portainer_stack.template_vars | default({})
with_items: "{{ services }}" }}'
with_items: '{{ services }}'
loop_control: loop_control:
loop_var: portainer_stack loop_var: portainer_stack
- name: Install Ansible pull - name: Install Ansible pull
tags: ["cron"] tags: [cron]
ansible.builtin.pip: ansible.builtin.pip:
name: name:
- ansible - ansible
# TODO: need to specify ansible pull directly, it doesn't find it when it's in PATH # TODO: need to specify ansible pull directly, it doesn't find it when it's in PATH
- name: Ensure Nightly Cron Backups - name: Ensure Nightly Cron Backups
tags: ["cron"] tags: [cron]
ansible.builtin.cron: ansible.builtin.cron:
name: backup docker volumes (nightly) name: backup docker volumes (nightly)
weekday: "*" weekday: '*'
minute: "0" minute: '0'
hour: "{{ cron_hour }}" hour: '{{ cron_hour }}'
user: "{{ homelab_user }}" user: '{{ homelab_user }}'
job: > job: >
{{ ansible_pull_path }} {{ ansible_pull_path }}
-U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly >> ~/logs/nightly.log 2>&1 -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml
-e schedule=nightly >> ~/logs/nightly.log 2>&1
cron_file: ansible_nightly_docker_volume_backup cron_file: ansible_nightly_docker_volume_backup
state: present state: present

19
roles/setup_linode/defaults/main-vault.yml
Unescape Escape View File

@ -1,12 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256 38343033383061343739363362626366376630376337376639376235316665363736376362633830
38343033383061343739363362626366376630376337376639376235316665363736376362633830 6638383135303063363866623262303736393337386364630a353533323537376437343033666334 32353832353466343832643238313834616662333736363738353565623063316438393635343631
6638383135303063363866623262303736393337386364630a353533323537376437343033666334 6662366132396337320a326335353333306262666561353037356539633432376439666133386463 30326230316634346431346266333030303435313065616665656362663164313638313639313633
32353832353466343832643238313834616662333736363738353565623063316438393635343631 63343538653230653330383336386138643636333361326139346336646665366530343537663331 61303639313335343162613838303034616362303935653862666166656634613562376330306165
6662366132396337320a326335353333306262666561353037356539633432376439666133386463 32373832666438623638616363363931636664633337396336653237356234616438623261353134 62373463313235323233343734363561353237613439663534393537333964323932373837356564
30326230316634346431346266333030303435313065616665656362663164313638313639313633 32383536613332323532633534306632373762666236366664383636323264363433396437666437 323637336362613139633237316237666365
63343538653230653330383336386138643636333361326139346336646665366530343537663331 ...
61303639313335343162613838303034616362303935653862666166656634613562376330306165
32373832666438623638616363363931636664633337396336653237356234616438623261353134
62373463313235323233343734363561353237613439663534393537333964323932373837356564
32383536613332323532633534306632373762666236366664383636323264363433396437666437
323637336362613139633237316237666365

4
roles/setup_linode/defaults/main.yml
Unescape Escape View File

@ -1,10 +1,10 @@
ssh_keys: ssh_keys:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
label: simple-linode label: simple-linode
# hosts that are added to the generated .ini file. # hosts that are added to the generated .ini file.
linode_hosts: linode_hosts:
- user: root - user: root
ip: '{{ my_linode.instance.ipv4[0] }}' ip: '{{ my_linode.instance.ipv4[0] }}'
# https://www.linode.com/community/questions/17190/obtain-a-list-of-image-and-plan-types-using-linode-apicli # https://www.linode.com/community/questions/17190/obtain-a-list-of-image-and-plan-types-using-linode-apicli

2
roles/setup_linode/meta/main.yml
Unescape Escape View File

@ -4,7 +4,7 @@ galaxy_info:
description: Setup Linode instance description: Setup Linode instance
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
platforms: platforms:
- name: Debian - name: Debian
versions: versions:

3
roles/setup_linode/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Include vault variables. - name: Include vault variables.
ansible.builtin.include_vars: defaults/main-vault.yml ansible.builtin.include_vars: defaults/main-vault.yml
@ -18,7 +17,7 @@
- name: Wait for SSH to come up - name: Wait for SSH to come up
delegate_to: localhost delegate_to: localhost
ansible.builtin.wait_for: ansible.builtin.wait_for:
host: "{{ my_linode.instance.ipv4[0] }}" host: '{{ my_linode.instance.ipv4[0] }}'
port: 22 port: 22
search_regex: OpenSSH search_regex: OpenSSH
timeout: 320 timeout: 320

2
roles/setup_mergerfs/meta/main.yml
Unescape Escape View File

@ -3,7 +3,7 @@ galaxy_info:
namespace: chatton namespace: chatton
description: Configures Mergerfs description: Configures Mergerfs
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
platforms: platforms:
- name: Debian - name: Debian
versions: versions:

3
roles/setup_mergerfs/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Mount Volumes - name: Mount Volumes
ansible.builtin.mount: ansible.builtin.mount:
path: '{{ item.path }}' path: '{{ item.path }}'
@ -11,7 +10,7 @@
- name: Display volumes. - name: Display volumes.
ansible.builtin.debug: ansible.builtin.debug:
var: "{{ volume_out }}" var: '{{ volume_out }}'
verbosity: 3 verbosity: 3
# tasks file for setup_mergerfs # tasks file for setup_mergerfs

3
roles/setup_portainer/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Portainer | Pull images - name: Portainer | Pull images
docker_image: docker_image:
name: ubuntu name: ubuntu
@ -24,7 +23,7 @@
labels: labels:
ie.cianhatton.backup.enabled: 'true' ie.cianhatton.backup.enabled: 'true'
ie.cianhatton.backup.schedule: nightly ie.cianhatton.backup.schedule: nightly
image: "portainer/portainer-ce:{{ portainer_version }}" image: portainer/portainer-ce:{{ portainer_version }}
container_name: portainer container_name: portainer
restart: unless-stopped restart: unless-stopped
ports: ports:

3
roles/setup_samba/defaults/main.yml
Unescape Escape View File

@ -1,5 +1,4 @@
---
samba_group: smbgroup samba_group: smbgroup
samba_user: smbuser samba_user: smbuser
users: users:
- name: cianhatton - name: cianhatton

2
roles/setup_samba/meta/main.yml
Unescape Escape View File

@ -4,7 +4,7 @@ galaxy_info:
description: Setup Samba Shares for my Home Lab. description: Setup Samba Shares for my Home Lab.
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
platforms: platforms:
- name: Debian - name: Debian
versions: versions:

7
roles/setup_samba/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Ensure samba group exists. - name: Ensure samba group exists.
ansible.builtin.group: ansible.builtin.group:
name: '{{ samba_group }}' name: '{{ samba_group }}'
@ -26,10 +25,10 @@
- name: Copy smb conf files. - name: Copy smb conf files.
ansible.builtin.copy: ansible.builtin.copy:
src: '{{ item }}' src: '{{ item }}'
dest: "/etc/samba/{{ item }}" dest: /etc/samba/{{ item }}
mode: 0644 mode: 0644
owner: "{{ samba_user }}" owner: '{{ samba_user }}'
group: "{{ samba_group }}" group: '{{ samba_group }}'
with_items: with_items:
- smb.conf - smb.conf
- shares.conf - shares.conf

2
roles/setup_users/meta/main.yml
Unescape Escape View File

@ -4,7 +4,7 @@ galaxy_info:
description: Setup users for my Home Lab description: Setup users for my Home Lab
license: MIT license: MIT
min_ansible_version: "2.1" min_ansible_version: '2.1'
platforms: platforms:
- name: Debian - name: Debian
versions: versions:

14
roles/setup_users/tasks/main.yml
Unescape Escape View File

@ -37,21 +37,21 @@
- name: Copy Bashrc. - name: Copy Bashrc.
ansible.builtin.copy: ansible.builtin.copy:
src: bash_rc src: bash_rc
dest: "/home/{{ homelab_user }}/.bash_rc" dest: /home/{{ homelab_user }}/.bash_rc
group: "{{ homelab_user }}" group: '{{ homelab_user }}'
owner: "{{ homelab_user }}" owner: '{{ homelab_user }}'
mode: 0644 mode: 0644
- name: Disable password authentication for root. - name: Disable password authentication for root.
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
state: present state: present
regexp: '^#?PermitRootLogin' regexp: ^#?PermitRootLogin
line: 'PermitRootLogin prohibit-password' line: PermitRootLogin prohibit-password
- name: Disable password authentication for users. - name: Disable password authentication for users.
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
state: present state: present
regexp: '^#?PasswordAuthentication' regexp: ^#?PasswordAuthentication
line: 'PasswordAuthentication no' line: PasswordAuthentication no

5
roles/sprat.mergerfs/.github/workflows/ci.yml vendored
Unescape Escape View File

@ -1,9 +1,8 @@
---
name: CI name: CI
on: # yamllint disable-line rule:truthy on: # yamllint disable-line rule:truthy
push: push:
schedule: schedule:
- cron: "0 5 * * 1" - cron: 0 5 * * 1
jobs: jobs:
# test the role # test the role
@ -44,7 +43,7 @@ jobs:
- name: Setup Python 3 - name: Setup Python 3
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: '3.x' python-version: 3.x
- name: Install dependencies - name: Install dependencies
run: | run: |

1
roles/sprat.mergerfs/.yamllint.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
extends: default extends: default
ignore: | ignore: |

1
roles/sprat.mergerfs/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
# Install mode: defines where to download and install the package from: # Install mode: defines where to download and install the package from:
# - "github_releases": install from Mergerfs' GitHub releases # - "github_releases": install from Mergerfs' GitHub releases
# - "package_manager": install from the Linux distribution package manager. # - "package_manager": install from the Linux distribution package manager.

1
roles/sprat.mergerfs/meta/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
galaxy_info: galaxy_info:
author: Sylvain Prat author: Sylvain Prat
role_name: mergerfs role_name: mergerfs

1
roles/sprat.mergerfs/molecule/default/converge.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Converge - name: Converge
hosts: all hosts: all
vars: vars:

3
roles/sprat.mergerfs/molecule/default/molecule.yml
Unescape Escape View File

@ -1,11 +1,10 @@
---
dependency: dependency:
name: galaxy name: galaxy
driver: driver:
name: docker name: docker
lint: yamllint -s . && ansible-lint . && flake8 lint: yamllint -s . && ansible-lint . && flake8
platforms: platforms:
- name: instance - name: instance
image: ${IMAGE:-geerlingguy/docker-ubuntu2004-ansible} image: ${IMAGE:-geerlingguy/docker-ubuntu2004-ansible}
volumes: volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro

5
roles/sprat.mergerfs/molecule/default/prepare.yml
Unescape Escape View File

@ -1,11 +1,10 @@
---
- name: Prepare - name: Prepare
hosts: all hosts: all
tasks: tasks:
- name: Create directories - name: Create directories
become: true become: true
file: file:
path: "{{ item }}" path: '{{ item }}'
state: directory state: directory
loop: loop:
- /mnt/data1 - /mnt/data1
@ -15,7 +14,7 @@
become: true become: true
copy: copy:
content: "{{ item.content }}\n" content: "{{ item.content }}\n"
dest: "{{ item.path }}" dest: '{{ item.path }}'
loop: loop:
- path: /mnt/data1/file1.txt - path: /mnt/data1/file1.txt
content: file1 content: file1

13
roles/sprat.mergerfs/tasks/install_from_github_releases.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
# Note: we don't use the GitHub API to retrieve the latest version because # Note: we don't use the GitHub API to retrieve the latest version because
# it has rate limits which are hard to avoid in CI (we need a token, authenticate # it has rate limits which are hard to avoid in CI (we need a token, authenticate
# with the API, etc.). Instead, we browse the latest release url which redirects # with the API, etc.). Instead, we browse the latest release url which redirects
@ -9,7 +8,7 @@
block: block:
- name: Get latest release information from GitHub - name: Get latest release information from GitHub
uri: uri:
url: "{{ mergerfs_github_releases_url }}/latest" url: '{{ mergerfs_github_releases_url }}/latest'
register: mergerfs_github_release_page register: mergerfs_github_release_page
- name: Set latest mergerfs version fact - name: Set latest mergerfs version fact
set_fact: set_fact:
@ -18,8 +17,8 @@
- name: Determine package download url - name: Determine package download url
set_fact: set_fact:
mergerfs_package_url: "{{ mergerfs_github_releases_url }}/download/{{ mergerfs_version }}/\ mergerfs_package_url: '{{ mergerfs_github_releases_url }}/download/{{ mergerfs_version
{{ mergerfs_pkg_prefix }}{{ mergerfs_version }}{{ mergerfs_pkg_suffix }}" }}/{{ mergerfs_pkg_prefix }}{{ mergerfs_version }}{{ mergerfs_pkg_suffix }}'
- name: Install xz-utils package for .deb package installation - name: Install xz-utils package for .deb package installation
become: true become: true
@ -32,7 +31,7 @@
- name: Install mergerfs package with apt - name: Install mergerfs package with apt
become: true become: true
apt: apt:
deb: "{{ mergerfs_package_url }}" deb: '{{ mergerfs_package_url }}'
state: present state: present
update_cache: true update_cache: true
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
@ -40,7 +39,7 @@
- name: Install mergerfs package with yum - name: Install mergerfs package with yum
become: true become: true
yum: yum:
name: "{{ mergerfs_package_url }}" name: '{{ mergerfs_package_url }}'
state: present state: present
disable_gpg_check: true # the package is not signed disable_gpg_check: true # the package is not signed
when: ansible_pkg_mgr == 'yum' when: ansible_pkg_mgr == 'yum'
@ -48,7 +47,7 @@
- name: Install mergerfs package with dnf - name: Install mergerfs package with dnf
become: true become: true
dnf: dnf:
name: "{{ mergerfs_package_url }}" name: '{{ mergerfs_package_url }}'
state: present state: present
disable_gpg_check: true # the package is not signed disable_gpg_check: true # the package is not signed
when: ansible_pkg_mgr == 'dnf' when: ansible_pkg_mgr == 'dnf'

1
roles/sprat.mergerfs/tasks/install_from_package_manager.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: Install mergerfs package with package manager - name: Install mergerfs package with package manager
become: true become: true
package: package:

9
roles/sprat.mergerfs/tasks/main.yml
Unescape Escape View File

@ -1,13 +1,12 @@
---
- name: Include OS-specific variables - name: Include OS-specific variables
include_vars: "{{ ansible_os_family }}.yml" include_vars: '{{ ansible_os_family }}.yml'
tags: tags:
- mergerfs - mergerfs
- name: Install mergerfs prerequisites - name: Install mergerfs prerequisites
become: true become: true
package: package:
name: "{{ mergerfs_prerequisites }}" name: '{{ mergerfs_prerequisites }}'
state: present state: present
update_cache: true update_cache: true
tags: tags:
@ -25,10 +24,10 @@
mount: mount:
fstype: fuse.mergerfs fstype: fuse.mergerfs
src: "{{ ':'.join(item.branches | mandatory) }}" src: "{{ ':'.join(item.branches | mandatory) }}"
path: "{{ item.path | mandatory }}" path: '{{ item.path | mandatory }}'
opts: "{{ item.options | default('defaults') }}" opts: "{{ item.options | default('defaults') }}"
state: "{{ item.state | default('mounted') }}" state: "{{ item.state | default('mounted') }}"
loop: "{{ mergerfs_mounts }}" loop: '{{ mergerfs_mounts }}'
tags: tags:
- mergerfs - mergerfs
- mergerfs_mount - mergerfs_mount

12
roles/sprat.mergerfs/vars/Debian.yml
Unescape Escape View File

@ -1,12 +1,12 @@
---
mergerfs_prerequisites: mergerfs_prerequisites:
- fuse - fuse
mergerfs_dist: "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}" mergerfs_dist: '{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}'
mergerfs_arch_map: mergerfs_arch_map:
x86_64: amd64 x86_64: amd64
i386: i386 i386: i386
aarch64: arm64 aarch64: arm64
armv7l: armhf armv7l: armhf
mergerfs_arch: "{{ mergerfs_arch_map[ansible_userspace_architecture | default(ansible_architecture) ] }}" mergerfs_arch: '{{ mergerfs_arch_map[ansible_userspace_architecture | default(ansible_architecture)
mergerfs_pkg_prefix: "mergerfs_" ] }}'
mergerfs_pkg_suffix: ".{{ mergerfs_dist }}_{{ mergerfs_arch }}.deb" mergerfs_pkg_prefix: mergerfs_
mergerfs_pkg_suffix: .{{ mergerfs_dist }}_{{ mergerfs_arch }}.deb

12
roles/sprat.mergerfs/vars/RedHat.yml
Unescape Escape View File

@ -1,7 +1,7 @@
---
mergerfs_prerequisites: mergerfs_prerequisites:
- fuse - fuse
mergerfs_dist: "{{ 'fc' if ansible_distribution == 'Fedora' else 'el' }}{{ ansible_distribution_major_version }}" mergerfs_dist: "{{ 'fc' if ansible_distribution == 'Fedora' else 'el' }}{{ ansible_distribution_major_version\
mergerfs_arch: "{{ ansible_userspace_architecture }}" \ }}"
mergerfs_pkg_prefix: "mergerfs-" mergerfs_arch: '{{ ansible_userspace_architecture }}'
mergerfs_pkg_suffix: "-1.{{ mergerfs_dist }}.{{ mergerfs_arch }}.rpm" mergerfs_pkg_prefix: mergerfs-
mergerfs_pkg_suffix: -1.{{ mergerfs_dist }}.{{ mergerfs_arch }}.rpm

Write Preview
Loading…
Cancel
Save