diff --git a/roles/setup_hosted_services/defaults/main-vault.yml b/roles/setup_hosted_services/defaults/main-vault.yml new file mode 100644 index 0000000..4002deb --- /dev/null +++ b/roles/setup_hosted_services/defaults/main-vault.yml @@ -0,0 +1,24 @@ +$ANSIBLE_VAULT;1.1;AES256 +34303937666432373666386464363363616138323364316661303139346439313734653936346661 +3132663235346134336538636365333733333631343237650a386439386338656164396563373639 +33326139656239373133636538643162323930306465626436376237393564303063333731383234 +3363663435623766320a646633643164313630653730643366366533666139626565346139353666 +38613363306531326237646663316131366363323437633436383536633262353365623434633432 +34346538333536343336303635373230323038326162646331666238383363336563353637303130 +38666566666534623837323136383165316135643034373134666265373839646165333663366662 +36636439313639623562663062316462643438303031663065333861626231623132643630353739 +37333735663065366432383139383265666161633466646661656163306635343732613835633165 +39326131333930313830306363343131653632613131613161333235363035663662373036323634 +61316366633666346638616262353234346232366132346266303433653665636136383463613630 +31393263373336376130326237663466653431366330646262363535653862373538366636356534 +66376163316532653038396332316366666136666430613734653535643038653163343838396464 +63616666656538376537653832393665356438316336323865323561303664303730303235326264 +35356338643763303864616238623733663163626633386634326539656433343839363136343865 +33343333623961343338656463386435643165616665313032646365376231646461626533633830 +31623736333863356630623964373565343633393030666161626164656666386163386662636666 +34326537303631393834306165613435616430613931343237383632316533306363303165366233 +30633361373863353366353861666665383562646236643666366336306332666261613462373861 +64353234346137333738336235326230353531613532636664393561393334623064333032323665 +31336134313439656362313166633364303639653866623162393362656661393563386434653134 +63616637656236663632633339613432323335316535663531633639343732306661626565356561 +323064636133396263656461336634336562 diff --git a/roles/setup_hosted_services/defaults/main.yml b/roles/setup_hosted_services/defaults/main.yml index d2d00a4..9f594a6 100644 --- a/roles/setup_hosted_services/defaults/main.yml +++ b/roles/setup_hosted_services/defaults/main.yml @@ -1,16 +1,16 @@ --- docker_compose_directory: /etc/docker-compose services: - - name: gitea - - name: mealie - - name: linkding - - name: overseerr - - name: nextcloud - - name: dashboards - - name: nginx-proxy-manager - - name: plex - - name: uptime-kuma - - name: vpn-stack +# - name: gitea +# - name: mealie +# - name: linkding +# - name: overseerr +# - name: nextcloud +# - name: dashboards +# - name: nginx-proxy-manager +# - name: plex +# - name: uptime-kuma +# - name: vpn-stack - name: docker-volume-backup - name: mariadb - name: photoprism diff --git a/roles/setup_hosted_services/tasks/main.yml b/roles/setup_hosted_services/tasks/main.yml index b9a16b3..109bf88 100644 --- a/roles/setup_hosted_services/tasks/main.yml +++ b/roles/setup_hosted_services/tasks/main.yml @@ -1,3 +1,6 @@ +- name: Include all defaults + include_vars: defaults/main-vault.yml + - name: Docker | Pull images docker_image: name: "{{item}}" @@ -13,18 +16,12 @@ mode: '0755' with_items: "{{services}}" -- name: Docker Compose | Copy Docker Compose Files - copy: - src: "{{item.name}}/docker-compose.yml" +- name: Docker Compose | Template Docker Compose Files + template: + src: "{{item.name}}.j2" dest: "{{docker_compose_directory}}/{{item.name}}/docker-compose.yml" with_items: "{{services}}" -- name: Docker Compose | Copy Stack Env File - copy: - src: "{{item.name}}/stack.env" - dest: "{{docker_compose_directory}}/{{item.name}}/stack.env" - with_items: "{{services}}" - - name: Config Files | Create a directory if it does not exist file: diff --git a/roles/setup_hosted_services/files/docker-volume-backup/docker-compose.yml b/roles/setup_hosted_services/templates/docker-volume-backup.j2 similarity index 62% rename from roles/setup_hosted_services/files/docker-volume-backup/docker-compose.yml rename to roles/setup_hosted_services/templates/docker-volume-backup.j2 index 5f6d91e..449f430 100644 --- a/roles/setup_hosted_services/files/docker-volume-backup/docker-compose.yml +++ b/roles/setup_hosted_services/templates/docker-volume-backup.j2 @@ -16,14 +16,13 @@ services: - --modes - "filesystem,s3" environment: - AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} - AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} - AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION} - AWS_BUCKET: ${AWS_BUCKET} - AWS_ENDPOINT: ${AWS_ENDPOINT} + AWS_ACCESS_KEY_ID: {{ docker_volume_backup.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: {{ docker_volume_backup.aws_secret_access_key }} + AWS_DEFAULT_REGION: {{ docker_volume_backup.aws_default_region }} + AWS_BUCKET: {{ docker_volume_backup.aws_bucket }} + AWS_ENDPOINT: {{ docker_volume_backup.aws_endpoint }} volumes: - /var/run/docker.sock:/var/run/docker.sock - /mnt/hdds/backups:/backups - /tmp:/tmp - diff --git a/roles/setup_hosted_services/files/mariadb/docker-compose.yml b/roles/setup_hosted_services/templates/mariadb.j2 similarity index 87% rename from roles/setup_hosted_services/files/mariadb/docker-compose.yml rename to roles/setup_hosted_services/templates/mariadb.j2 index f89e814..c50c97f 100644 --- a/roles/setup_hosted_services/files/mariadb/docker-compose.yml +++ b/roles/setup_hosted_services/templates/mariadb.j2 @@ -13,7 +13,7 @@ services: - data:/var/lib/mysql - config:/etc/mysql/conf.d environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_ROOT_PASSWORD={{ mariadb.mysql_root_password }} adminer: restart: unless-stopped @@ -31,4 +31,4 @@ volumes: networks: default: name: nextcloud_net - external: true \ No newline at end of file + external: true diff --git a/roles/setup_hosted_services/templates/photoprism.j2 b/roles/setup_hosted_services/templates/photoprism.j2 new file mode 100644 index 0000000..f2d12d7 --- /dev/null +++ b/roles/setup_hosted_services/templates/photoprism.j2 @@ -0,0 +1,53 @@ +version: '3.5' +services: + photoprism: + image: photoprism/photoprism:latest + container_name: photoprism + restart: unless-stopped + security_opt: + - seccomp:unconfined + - apparmor:unconfined + ports: + - "2342:2342" # HTTP port (host:container) + environment: + PHOTOPRISM_ADMIN_PASSWORD: {{ photoprism.admin_password }} # INITIAL PASSWORD FOR "admin" USER, MINIMUM 8 CHARACTERS + PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) + PHOTOPRISM_SITE_URL: "http://localhost:2342/" # public server URL incl http:// or https:// and /path, :port is optional + PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) + PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) + PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic + PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) + PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features + PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup + PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server + PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API + PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow + PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) + PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) + PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW files + PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance) + PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) + PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) + PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow) + PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance + PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) + PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name + PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name + PHOTOPRISM_DATABASE_PASSWORD: {{ photoprism.database_password }} # MariaDB or MySQL database user password + PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" + PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description + PHOTOPRISM_SITE_AUTHOR: "" # meta site author + ## Share hardware devices with FFmpeg and TensorFlow (optional): + devices: + - "/dev/dri:/dev/dri" # Intel QSV + working_dir: "/photoprism" # do not change or remove + volumes: + - "/mnt/hdds/photoprism/originals:/photoprism/originals" # Original media files (DO NOT REMOVE) + - "/mnt/hdds/photoprism/import:/photoprism/import" # *Optional* base folder from which files can be imported to originals + - "/mnt/hdds/photoprism/storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) + + +networks: + default: + name: nextcloud_net + external: true diff --git a/roles/setup_hosted_services/vars/main.yml b/roles/setup_hosted_services/vars/main.yml index caa9bc1..11f9d15 100644 --- a/roles/setup_hosted_services/vars/main.yml +++ b/roles/setup_hosted_services/vars/main.yml @@ -1,2 +1,2 @@ --- -# vars file for setup_hosted_services \ No newline at end of file +# vars file for setup_hosted_services