chatton
/
ansible-homelab
mirror of https://github.com/chatton/ansible-homelab
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

adding formatting

Browse Source
pull/20/head
Cian Hatton 3 years ago
parent e644a03958
commit 4f3e9b552c
28 changed files with 423 additions and 436 deletions
Show Stats Download Patch File Download Diff File

9
Makefile
Unescape Escape View File

@ -17,3 +17,12 @@ verify:
deps: deps:
pip install -r requirements.txt pip install -r requirements.txt
ansible-galaxy install -r requirements.yml ansible-galaxy install -r requirements.yml
format:
scripts/format_all_yaml.sh
lint:
ansible-lint host_vars
ansible-lint group_vars
ansible-lint roles
ansible-lint playbooks

27
group_vars/linodes.yml
Unescape Escape View File

@ -1,25 +1,24 @@
---
# all encrypted variables should go in the linked file. # all encrypted variables should go in the linked file.
vault_file: vault_vars/linode-vault.yml vault_file: vault_vars/linode-vault.yml
# any linode specific variables go here # any linode specific variables go here
services: services:
- name: gitea - name: gitea
- name: mealie - name: mealie
- name: linkding - name: linkding
- name: overseerr - name: overseerr
- name: nextcloud - name: nextcloud
- name: nginx-proxy-manager - name: nginx-proxy-manager
- name: uptime-kuma - name: uptime-kuma
- name: docker-volume-backup - name: docker-volume-backup
- name: mariadb - name: mariadb
- name: photoprism - name: photoprism
- name: olivetin - name: olivetin
# any additional docker networks that should be created # any additional docker networks that should be created
docker_networks: docker_networks:
- mariadb_net - mariadb_net
# use docker compose # use docker compose
container_deployment_mode: "compose" container_deployment_mode: compose
restore_from_s3: false restore_from_s3: false

23
group_vars/servers.yml
Unescape Escape View File

@ -1,8 +1,7 @@
---
backups: backups:
schedule_keys: schedule_keys:
monthly: "monthly" monthly: monthly
nightly: "nightly" nightly: nightly
# TODO: docker_volume_backup exists in vault. Clean this up. # TODO: docker_volume_backup exists in vault. Clean this up.
dockervolumebackup: dockervolumebackup:
@ -30,15 +29,15 @@ configure_samba: true
samba_group: smbgroup samba_group: smbgroup
samba_user: smbuser samba_user: smbuser
users: users:
- name: cianhatton - name: cianhatton
group: cianhatton group: cianhatton
passwordless_sudo: true passwordless_sudo: true
shares: shares:
- /share - /share
- /share/public_files - /share/public_files
- /share/private_files - /share/private_files
- /share/cian_files - /share/cian_files
directories: directories:
# path on qnap where downloads go # path on qnap where downloads go
@ -57,5 +56,5 @@ directories:
photoprism_dir: /mnt/mergerfs/photoprism photoprism_dir: /mnt/mergerfs/photoprism
desired_docker_images: desired_docker_images:
- ubuntu:latest - ubuntu:latest
- busybox:latest - busybox:latest

83
host_vars/qnap.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
# all encrypted variables should go in the linked file. # all encrypted variables should go in the linked file.
vault_file: vault_vars/qnap-vault.yml vault_file: vault_vars/qnap-vault.yml
# any qnap specific variables go here # any qnap specific variables go here
@ -6,56 +5,56 @@ mounts:
- path: /mnt/mergerfs - path: /mnt/mergerfs
state: mounted state: mounted
branches: branches:
- "/mnt/data/device0" - /mnt/data/device0
- "/mnt/data/device1" - /mnt/data/device1
- "/mnt/data/device2" - /mnt/data/device2
options: allow_other,use_ino options: allow_other,use_ino
devices: devices:
- uuid: "a54c1bde-1400-4975-bf24-08c603ca3a11" # /dev/sdc1 - uuid: a54c1bde-1400-4975-bf24-08c603ca3a11 # /dev/sdc1
path: "/mnt/data/device0" path: /mnt/data/device0
- uuid: "727dddaa-f7a1-439a-995f-5f4d35322e08" # /dev/sdd1 - uuid: 727dddaa-f7a1-439a-995f-5f4d35322e08 # /dev/sdd1
path: "/mnt/data/device1" path: /mnt/data/device1
- uuid: "f3cff115-9adc-4761-b1e9-e81055f3e0af" # /dev/sda1 - uuid: f3cff115-9adc-4761-b1e9-e81055f3e0af # /dev/sda1
path: "/mnt/data/device2" path: /mnt/data/device2
# SSD for downloads / transcoding # SSD for downloads / transcoding
- uuid: "c528bf82-61ab-4f3d-87e0-d1e6e02ef7ec" # /dev/sdf - uuid: c528bf82-61ab-4f3d-87e0-d1e6e02ef7ec # /dev/sdf
path: "/mnt/ssd0/" path: /mnt/ssd0/
services: services:
- name: gitea - name: gitea
endpoint_id: 2 endpoint_id: 2
- name: mealie - name: mealie
endpoint_id: 2 endpoint_id: 2
- name: linkding - name: linkding
endpoint_id: 2 endpoint_id: 2
- name: overseerr - name: overseerr
endpoint_id: 2 endpoint_id: 2
- name: nextcloud - name: nextcloud
endpoint_id: 2 endpoint_id: 2
- name: dashboards - name: dashboards
endpoint_id: 2 endpoint_id: 2
- name: nginx-proxy-manager - name: nginx-proxy-manager
endpoint_id: 2 endpoint_id: 2
- name: plex - name: plex
endpoint_id: 2 endpoint_id: 2
- name: uptime-kuma - name: uptime-kuma
endpoint_id: 2 endpoint_id: 2
- name: vpn-stack - name: vpn-stack
endpoint_id: 2 endpoint_id: 2
- name: docker-volume-backup - name: docker-volume-backup
endpoint_id: 2 endpoint_id: 2
- name: mariadb - name: mariadb
endpoint_id: 2 endpoint_id: 2
- name: photoprism - name: photoprism
endpoint_id: 2 endpoint_id: 2
- name: olivetin - name: olivetin
endpoint_id: 2 endpoint_id: 2
# any additional docker networks that should be created # any additional docker networks that should be created
docker_networks: docker_networks:
- mariadb_net - mariadb_net
# use portainer # use portainer
container_deployment_mode: "portainer" container_deployment_mode: portainer
restore_from_s3: true restore_from_s3: true

11
playbooks/bootstrap.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
# needs to be run with a different user with access to create ansible key and user. # needs to be run with a different user with access to create ansible key and user.
# e.g. # e.g.
# ansible-playbook bootstrap.yml -e ansible_ssh_user=cianhatton # ansible-playbook bootstrap.yml -e ansible_ssh_user=cianhatton
@ -8,12 +7,12 @@
hosts: localhost hosts: localhost
connection: local connection: local
tasks: tasks:
- name: Generate an OpenSSH rsa keypair for ansible - name: Generate an OpenSSH rsa keypair for ansible
community.crypto.openssh_keypair: community.crypto.openssh_keypair:
path: ~/.ssh/ansible path: ~/.ssh/ansible
passphrase: "" passphrase: ''
- hosts: all - hosts: all
become: true become: true
roles: roles:
- role: bootstrap - role: bootstrap

57
playbooks/setup-homelab.yml
Unescape Escape View File

@ -1,54 +1,53 @@
---
- name: Update packages and ensure users on all hosts - name: Update packages and ensure users on all hosts
tags: ["always"] tags: [always]
hosts: all hosts: all
become: true become: true
pre_tasks: pre_tasks:
- name: Update Packages - name: Update Packages
apt: apt:
upgrade: dist upgrade: dist
update_cache: true update_cache: true
roles: roles:
- role: setup_users - role: setup_users
- name: Install docker on docker hosts - name: Install docker on docker hosts
hosts: dockerhosts hosts: dockerhosts
become: true become: true
roles: roles:
- role: setup_docker - role: setup_docker
tags: ["setup","docker"] tags: [setup, docker]
- name: Setup and deploy services on the QNAP - name: Setup and deploy services on the QNAP
hosts: qnap hosts: qnap
become: true become: true
pre_tasks: pre_tasks:
- name: Include vault variables. - name: Include vault variables.
include_vars: "{{vault_file}}" include_vars: '{{vault_file}}'
tags: ["always"] tags: [always]
roles: roles:
- role: setup_mergerfs - role: setup_mergerfs
tags: ["mergerfs"] tags: [mergerfs]
- role: setup_samba - role: setup_samba
tags: ["samba"] tags: [samba]
- role: setup_portainer - role: setup_portainer
tags: ["services", "portainer"] tags: [services, portainer]
- role: setup_hosted_services - role: setup_hosted_services
tags: ["services"] tags: [services]
- hosts: linodes - hosts: linodes
become: true become: true
pre_tasks: pre_tasks:
- name: Include vault variables. - name: Include vault variables.
include_vars: "{{vault_file}}" include_vars: '{{vault_file}}'
tags: ["always"] tags: [always]
roles: roles:
- role: setup_samba - role: setup_samba
tags: ["samba"] tags: [samba]
- role: setup_docker - role: setup_docker
tags: ["docker"] tags: [docker]
- role: setup_hosted_services - role: setup_hosted_services
tags: ["services"] tags: [services]

7
playbooks/setup-linode.yml
Unescape Escape View File

@ -1,7 +1,6 @@
---
- hosts: localhost - hosts: localhost
become: true become: true
roles: roles:
- role: 'roles/setup_linode' - role: roles/setup_linode
vars: vars:
state: present state: present

76
playbooks/verify-homelab.yml
Unescape Escape View File

@ -1,48 +1,48 @@
- hosts: all - hosts: all
become: true become: true
pre_tasks: pre_tasks:
- name: Include vault variables. - name: Include vault variables.
include_vars: '../{{vault_file}}' include_vars: ../{{vault_file}}
tags: tags:
- always - always
tasks: tasks:
- name: Docker Compose Files Exist - name: Docker Compose Files Exist
command: >- command: >-
stat {{directories.docker_compose_directory}}/{{ item.name }}/docker-compose.yml stat {{directories.docker_compose_directory}}/{{ item.name }}/docker-compose.yml
with_items: '{{services}}' with_items: '{{services}}'
changed_when: false changed_when: false
register: docker_compose_stat register: docker_compose_stat
- name: Assert all Docker Compose files were created - name: Assert all Docker Compose files were created
assert: assert:
that: item.rc == 0 that: item.rc == 0
with_items: '{{docker_compose_stat.results}}' with_items: '{{docker_compose_stat.results}}'
- name: Populate service facts - name: Populate service facts
service_facts: {} service_facts: {}
- name: Assert docker is installed and started - name: Assert docker is installed and started
assert: assert:
that: that:
- ansible_facts.services.docker.state == "running" - ansible_facts.services.docker.state == "running"
- ansible_facts.services['docker.service'].status == "enabled" - ansible_facts.services['docker.service'].status == "enabled"
- name: Inspect all images - name: Inspect all images
docker_image_info: {} docker_image_info: {}
register: image_details register: image_details
- name: Assert desired images exist - name: Assert desired images exist
assert: assert:
that: {{item in image_details.images | map(attribute='RepoTags') | flatten }} that: {{item in image_details.images | map(attribute='RepoTags') | flatten: !!null ''}: !!null ''}
with_items: '{{desired_docker_images}}' with_items: '{{desired_docker_images}}'
- name: Fetch Sudoers Files - name: Fetch Sudoers Files
command: 'stat /etc/sudoers.d/{{item.name}}' command: stat /etc/sudoers.d/{{item.name}}
changed_when: false changed_when: false
register: sudoers_stat register: sudoers_stat
with_items: '{{users}}' with_items: '{{users}}'
when: item.passwordless_sudo == true when: item.passwordless_sudo == true
- name: Assert sudoers files are created - name: Assert sudoers files are created
assert: assert:
that: item.rc == 0 that: item.rc == 0
with_items: '{{sudoers_stat.results}}' with_items: '{{sudoers_stat.results}}'

3
requirements.txt
Unescape Escape View File

@ -49,7 +49,7 @@ PyYAML==6.0
requests==2.28.1 requests==2.28.1
resolvelib==0.8.1 resolvelib==0.8.1
rich==12.5.1 rich==12.5.1
ruamel.yaml==0.17.21 ruamel.yaml==0.15.100
ruamel.yaml.clib==0.2.6 ruamel.yaml.clib==0.2.6
six==1.16.0 six==1.16.0
subprocess-tee==0.3.5 subprocess-tee==0.3.5
@ -57,5 +57,6 @@ text-unidecode==1.3
typing_extensions==4.3.0 typing_extensions==4.3.0
urllib3==1.26.12 urllib3==1.26.12
wcmatch==8.4 wcmatch==8.4
yamlfmt==1.1.0
yamllint==1.27.1 yamllint==1.27.1
zipp==3.8.1 zipp==3.8.1

9
roles/bootstrap/tasks/main.yml
Unescape Escape View File

@ -1,10 +1,3 @@
# @meta author: Cian Hatton
# @meta description: >
# Role to bootstrap a target host. This role will add an ansible
# user and allow paswordless sudo.
# @end
---
- name: Update Packages - name: Update Packages
apt: apt:
upgrade: dist upgrade: dist
@ -18,7 +11,7 @@
- name: Add ssh key for ansible - name: Add ssh key for ansible
authorized_key: authorized_key:
user: "ansible" user: ansible
state: present state: present
key: "{{ lookup('file', '~/.ssh/ansible.pub') }}" key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"

18
roles/setup_docker/tasks/main.yml
Unescape Escape View File

@ -9,11 +9,11 @@
- name: Install packages using apt - name: Install packages using apt
apt: apt:
name: name:
- ca-certificates - ca-certificates
- curl - curl
- gnupg2 - gnupg2
- lsb-release - lsb-release
- pip - pip
state: present state: present
update_cache: yes update_cache: yes
@ -31,10 +31,10 @@
- name: Install docker packages using apt - name: Install docker packages using apt
apt: apt:
name: name:
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- containerd.io - containerd.io
- docker-compose-plugin - docker-compose-plugin
state: present state: present
update_cache: yes update_cache: yes

3
roles/setup_hosted_services/defaults/main.yml
Unescape Escape View File

@ -1 +1,2 @@
--- null
...

185
roles/setup_hosted_services/files/dashboards/dashy-config.yml
Unescape Escape View File

@ -1,101 +1,96 @@
# https://github.com/Lissy93/dashy/blob/master/docs/showcase.md
# Details about config.
# https://github.com/Lissy93/dashy/blob/master/docs/configuring.md
# Widgets: https://github.com/Lissy93/dashy/blob/master/docs/widgets.md
---
pageInfo: pageInfo:
title: Home Lab title: Home Lab
sections: sections:
- name: Dashboards - name: Dashboards
widgets: widgets:
- type: gl-disk-space - type: gl-disk-space
options: options:
hostname: http://qnap:8083 hostname: http://qnap:8083
- type: crypto-watch-list - type: crypto-watch-list
options: options:
currency: GBP currency: GBP
sortBy: marketCap sortBy: marketCap
assets: assets:
- bitcoin - bitcoin
- ethereum - ethereum
- cosmos - cosmos
- polkadot - polkadot
- dogecoin - dogecoin
items: items:
- title: Dash Dot - title: Dash Dot
icon: hl-dashdot icon: hl-dashdot
url: "http://qnap:3010" url: http://qnap:3010
- title: Uptime Kuma - title: Uptime Kuma
icon: hl-uptime-kuma icon: hl-uptime-kuma
url: "http://qnap:3001" url: http://qnap:3001
- title: Tautulli - title: Tautulli
icon: hl-tautulli icon: hl-tautulli
url: "http://qnap:8182" url: http://qnap:8182
- title: Glances - title: Glances
icon: hl-glances icon: hl-glances
url: "http://qnap:8083" url: http://qnap:8083
- name: Media Stack - name: Media Stack
items: items:
- title: Plex - title: Plex
icon: hl-plex icon: hl-plex
url: "http://qnap:32400" url: http://qnap:32400
statusCheck: false statusCheck: false
- title: Sonarr - title: Sonarr
icon: hl-sonarr icon: hl-sonarr
url: "http://qnap:8989" url: http://qnap:8989
- title: Radarr - title: Radarr
icon: hl-radarr icon: hl-radarr
url: "http://qnap:7878" url: http://qnap:7878
- title: Overseerr - title: Overseerr
icon: hl-overseerr icon: hl-overseerr
url: "http://qnap:5055" url: http://qnap:5055
- title: Jackett - title: Jackett
icon: hl-jackett icon: hl-jackett
url: "http://qnap:9117" url: http://qnap:9117
statusCheckUrl: "http://qnap:9117/health" statusCheckUrl: http://qnap:9117/health
- title: Qbittorrent - title: Qbittorrent
icon: hl-qbittorrent icon: hl-qbittorrent
url: "http://qnap:15000" url: http://qnap:15000
- name: Tools - name: Tools
items: items:
- title: Photoprism - title: Photoprism
description: Manager photos description: Manager photos
icon: hl-photoprism icon: hl-photoprism
url: "http://qnap:2342" url: http://qnap:2342
- title: Olivetin - title: Olivetin
description: Run pre-defined shell commands description: Run pre-defined shell commands
icon: hl-olivetin icon: hl-olivetin
url: "http://qnap:1337" url: http://qnap:1337
- title: Linkding - title: Linkding
description: Manager photos description: Manager photos
icon: hl-linkding icon: hl-linkding
url: "http://qnap:9090" url: http://qnap:9090
- title: Nextcloud - title: Nextcloud
icon: hl-nextcloud icon: hl-nextcloud
url: "http://qnap:8081" url: http://qnap:8081
- title: Mealie - title: Mealie
icon: hl-mealie icon: hl-mealie
url: "https://mealie.cianhatton.ie" url: https://mealie.cianhatton.ie
- title: Gitea - title: Gitea
icon: hl-gitea icon: hl-gitea
url: "https://git.cianhatton.ie" url: https://git.cianhatton.ie
- name: System Admin - name: System Admin
items: items:
- title: Portainer - title: Portainer
description: Manage docker apps using Portainer description: Manage docker apps using Portainer
icon: hl-portainer icon: hl-portainer
url: "http://qnap:9000" url: http://qnap:9000
- title: Webmin - title: Webmin
icon: hl-webmin icon: hl-webmin
url: "http://qnap:10000" url: http://qnap:10000
- title: Adminer - title: Adminer
description: Manage MariaDB description: Manage MariaDB
icon: hl-adminer icon: hl-adminer
url: "http://qnap:3307" url: http://qnap:3307
- title: Nginx Proxy Manager - title: Nginx Proxy Manager
description: Manage reverse proxies description: Manage reverse proxies
icon: hl-nginx icon: hl-nginx
url: "http://qnap:8181" url: http://qnap:8181
appConfig: appConfig:
statusCheck: true statusCheck: true
showSplashScreen: false showSplashScreen: false

34
roles/setup_hosted_services/files/olivetin/config.yml
Unescape Escape View File

@ -1,23 +1,23 @@
# Listen on all addresses available, port 1337 # Listen on all addresses available, port 1337
listenAddressSingleHTTPFrontend: 0.0.0.0:1337 listenAddressSingleHTTPFrontend: 0.0.0.0:1337
# Choose from INFO (default), WARN and DEBUG # Choose from INFO (default), WARN and DEBUG
logLevel: "INFO" logLevel: INFO
# Actions (buttons) to show up on the WebUI: # Actions (buttons) to show up on the WebUI:
actions: actions:
# Docs: https://docs.olivetin.app/action-container-control.html # Docs: https://docs.olivetin.app/action-container-control.html
- title: Restart Plex - title: Restart Plex
icon: plex icon: plex
shell: docker restart plex shell: docker restart plex
timeout: 30 timeout: 30
- title: Restart Dashy - title: Restart Dashy
icon: restart icon: restart
shell: docker restart dashy shell: docker restart dashy
timeout: 30 timeout: 30
- title: Restart Dashy 2 - title: Restart Dashy 2
icon: restart icon: restart
shell: docker restart dashy shell: docker restart dashy
timeout: 30 timeout: 30
- title: Restart Olivetin - title: Restart Olivetin
icon: restart icon: restart
shell: docker restart olivetin shell: docker restart olivetin
timeout: 30 timeout: 30

3
roles/setup_hosted_services/handlers/main.yml
Unescape Escape View File

@ -1,8 +1,7 @@
---
# handlers file for setup_hosted_services # handlers file for setup_hosted_services
- name: restart-dashy - name: restart-dashy
shell: docker restart dashy shell: docker restart dashy
ignore_errors: True ignore_errors: true
- name: restart-olivetin - name: restart-olivetin
shell: docker restart olivetin shell: docker restart olivetin

105
roles/setup_hosted_services/tasks/main.yml
Unescape Escape View File

@ -1,122 +1,125 @@
---
- name: Docker | Pull images - name: Docker | Pull images
docker_image: docker_image:
name: "{{item}}" name: '{{item}}'
source: pull source: pull
with_items: with_items:
- ubuntu - ubuntu
- busybox - busybox
- name: Docker Compose | Create a directory if it does not exist - name: Docker Compose | Create a directory if it does not exist
file: file:
path: "{{directories.docker_compose_directory}}/{{item.name}}" path: '{{directories.docker_compose_directory}}/{{item.name}}'
state: directory state: directory
mode: '0755' mode: '0755'
with_items: "{{services}}" with_items: '{{services}}'
- name: Docker Compose | Template Docker Compose Files - name: Docker Compose | Template Docker Compose Files
template: template:
src: "{{item.name}}.j2" src: '{{item.name}}.j2'
dest: "{{directories.docker_compose_directory}}/{{item.name}}/docker-compose.yml" dest: '{{directories.docker_compose_directory}}/{{item.name}}/docker-compose.yml'
with_items: "{{services}}" with_items: '{{services}}'
- name: Directories | Ensure required directories - name: Directories | Ensure required directories
file: file:
path: "{{item}}" path: '{{item}}'
state: directory state: directory
mode: '0755' mode: '0755'
with_items: with_items:
- "{{dashy.config_directory}}" - '{{dashy.config_directory}}'
- "{{olivetin.config_directory}}" - '{{olivetin.config_directory}}'
- "{{dockervolumebackup.config_directory}}" - '{{dockervolumebackup.config_directory}}'
- "{{directories.backups_dir}}/.s3tmp" - '{{directories.backups_dir}}/.s3tmp'
- name: Dashy | Config Files - name: Dashy | Config Files
copy: copy:
src: "{{dashy.source_file}}" src: '{{dashy.source_file}}'
dest: "{{dashy.config_directory}}/{{dashy.config_file}}" dest: '{{dashy.config_directory}}/{{dashy.config_file}}'
notify: notify:
- restart-dashy - restart-dashy
- name: Olivetin | Config Files - name: Olivetin | Config Files
copy: copy:
src: "{{olivetin.source_file}}" src: '{{olivetin.source_file}}'
dest: "{{olivetin.config_directory}}/{{olivetin.config_file}}" dest: '{{olivetin.config_directory}}/{{olivetin.config_file}}'
notify: notify:
- restart-olivetin - restart-olivetin
- name: Docker Volume Backup | Config Files - name: Docker Volume Backup | Config Files
template: template:
src: "docker-volume-backup/config.j2" src: docker-volume-backup/config.j2
dest: "{{dockervolumebackup.config_directory}}/config.yml" dest: '{{dockervolumebackup.config_directory}}/config.yml'
notify: notify:
- restart-docker-volume-backup - restart-docker-volume-backup
- name: Install python dependencies (requests) - name: Install python dependencies (requests)
pip: pip:
name: requests name: requests
- name: Docker | Find docker volumes - name: Docker | Find docker volumes
shell: docker volume ls -f name={{item.name}} --format '{{ '{{' }} .Name {{ '}}' }}' shell: docker volume ls -f name={{item.name}} --format '{{ '{{' }} .Name {{ '}}'
with_items: "{{services}}" }}'
with_items: '{{services}}'
register: find_volumes register: find_volumes
changed_when: False changed_when: false
- debug: msg="{{find_volumes.results | map(attribute='stdout_lines') | list | flatten }}" - debug: msg="{{find_volumes.results | map(attribute='stdout_lines') | list | flatten
}}"
- name: Docker | Find volumes that need to be restored - name: Docker | Find volumes that need to be restored
script: scripts/find-volumes-to-restore.py script: scripts/find-volumes-to-restore.py
environment: environment:
EXISTING_VOLUMES: "{{ find_volumes.results | map(attribute='stdout_lines') | list | flatten }}" EXISTING_VOLUMES: "{{ find_volumes.results | map(attribute='stdout_lines') | list\
SERVICES: "{{ services }}" \ | flatten }}"
DOCKER_COMPOSE_DIR: "{{directories.docker_compose_directory}}" SERVICES: '{{ services }}'
DOCKER_COMPOSE_DIR: '{{directories.docker_compose_directory}}'
args: args:
executable: python3 executable: python3
register: python_output register: python_output
changed_when: False changed_when: false
- debug: msg="{{python_output.stdout_lines | list }}" - debug: msg="{{python_output.stdout_lines | list }}"
- name: Docker Volume Backup | Restore any missing backups from S3 - name: Docker Volume Backup | Restore any missing backups from S3
when: restore_from_s3 when: restore_from_s3
docker_container: docker_container:
command: "restore-volume --s3 --volume {{item}}" command: restore-volume --s3 --volume {{item}}
image: "ghcr.io/chatton/docker-volume-backup:v0.3.0" image: ghcr.io/chatton/docker-volume-backup:v0.3.0
name: "s3-restore-{{item}}" name: s3-restore-{{item}}
cleanup: true # delete container after it's done. cleanup: true # delete container after it's done.
state: started # container should execute. state: started # container should execute.
detach: no # task fails if container exits. detach: no # task fails if container exits.
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /tmp:/tmp # temp s3 archive goes here - /tmp:/tmp # temp s3 archive goes here
env: env:
AWS_ACCESS_KEY_ID: "{{aws_s3.aws_access_key}}" AWS_ACCESS_KEY_ID: '{{aws_s3.aws_access_key}}'
AWS_SECRET_ACCESS_KEY: "{{aws_s3.aws_secret_key}}" AWS_SECRET_ACCESS_KEY: '{{aws_s3.aws_secret_key}}'
AWS_DEFAULT_REGION: "{{aws_s3.region}}" AWS_DEFAULT_REGION: '{{aws_s3.region}}'
AWS_BUCKET: "{{aws_s3.bucket}}" AWS_BUCKET: '{{aws_s3.bucket}}'
AWS_ENDPOINT: "{{aws_s3.s3_url}}" AWS_ENDPOINT: '{{aws_s3.s3_url}}'
with_items: "{{ python_output.stdout_lines }}" with_items: '{{ python_output.stdout_lines }}'
- name: Docker | Create required docker networks - name: Docker | Create required docker networks
docker_network: docker_network:
name: "{{item}}" name: '{{item}}'
with_items: "{{ docker_networks }}" with_items: '{{ docker_networks }}'
- name: Portainer | Update Stack - name: Portainer | Update Stack
when: container_deployment_mode == "portainer" when: container_deployment_mode == "portainer"
chatton.portainer.portainer_stack: chatton.portainer.portainer_stack:
username: admin username: admin
password: "{{portainer.password}}" password: '{{portainer.password}}'
docker_compose_file_path: "{{directories.docker_compose_directory}}/{{ item.name }}/docker-compose.yml" docker_compose_file_path: '{{directories.docker_compose_directory}}/{{ item.name
stack_name: "{{ item.name }}" }}/docker-compose.yml'
endpoint_id: "{{ item.endpoint_id }}" stack_name: '{{ item.name }}'
endpoint_id: '{{ item.endpoint_id }}'
state: present state: present
with_items: "{{services}}" with_items: '{{services}}'
- name: Docker compose | Update Stack - name: Docker compose | Update Stack
when: container_deployment_mode == "compose" when: container_deployment_mode == "compose"
docker_compose: docker_compose:
project_src: "{{directories.docker_compose_directory}}/{{ item.name }}" project_src: '{{directories.docker_compose_directory}}/{{ item.name }}'
state: present state: present
with_items: "{{services}}" with_items: '{{services}}'

19
roles/setup_linode/defaults/main-vault.yml
Unescape Escape View File

@ -1,12 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256 36356161663039666634393933383830653035633438343866643730303434353632383031303965
36356161663039666634393933383830653035633438343866643730303434353632383031303965 3465343332353437616663643662343262373333366162300a373662386533363234636234633339 35383439373430656130353938653531636563663066646265643838323230356231333836326262
3465343332353437616663643662343262373333366162300a373662386533363234636234633339 6439626538643837390a383039373366626637333738386332356361306131323133383534323462 32376564376363663666383639313064316365353037356633363035373632313561643030643933
35383439373430656130353938653531636563663066646265643838323230356231333836326262 34663533313231636162306465656433663634643038343938396462643261656238626432633136 39356562353463353034373534386537313634326534623830616362336638396337386631663538
6439626538643837390a383039373366626637333738386332356361306131323133383534323462 30663236653532316461306636333536373836626537363430613961346137626261333238366234 30633438653936316539326436393634366236616664383835396434373966333166366265636661
32376564376363663666383639313064316365353037356633363035373632313561643030643933 39666335653265323565313831303264336331363339333532353939653330383362363965353032 383434386133323961373833303262336439
34663533313231636162306465656433663634643038343938396462643261656238626432633136 ...
39356562353463353034373534386537313634326534623830616362336638396337386631663538
30663236653532316461306636333536373836626537363430613961346137626261333238366234
30633438653936316539326436393634366236616664383835396434373966333166366265636661
39666335653265323565313831303264336331363339333532353939653330383362363965353032
383434386133323961373833303262336439

5
roles/setup_linode/defaults/main.yml
Unescape Escape View File

@ -1,13 +1,12 @@
---
# defaults file for setup_linode # defaults file for setup_linode
ssh_keys: ssh_keys:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
label: simple-linode label: simple-linode
# hosts that are added to the generated .ini file. # hosts that are added to the generated .ini file.
hosts: hosts:
- user: root - user: root
ip: "{{my_linode.instance.ipv4[0]}}" ip: '{{my_linode.instance.ipv4[0]}}'
# https://www.linode.com/community/questions/17190/obtain-a-list-of-image-and-plan-types-using-linode-apicli # https://www.linode.com/community/questions/17190/obtain-a-list-of-image-and-plan-types-using-linode-apicli
type: g6-standard-2 type: g6-standard-2

22
roles/setup_linode/tasks/main.yml
Unescape Escape View File

@ -1,31 +1,27 @@
---
- name: Include vault variables. - name: Include vault variables.
include_vars: defaults/main-vault.yml include_vars: defaults/main-vault.yml
- name: Create a new Linode. - name: Create a new Linode.
linode_v4: linode_v4:
label: "{{ label }}" label: '{{ label }}'
access_token: "{{ token }}" access_token: '{{ token }}'
type: "{{ type }}" type: '{{ type }}'
region: "{{ region }}" region: '{{ region }}'
image: linode/debian11 image: linode/debian11
root_pass: "{{ password }}" root_pass: '{{ password }}'
authorized_keys: "{{ ssh_keys }}" authorized_keys: '{{ ssh_keys }}'
group: servers group: servers
state: "{{ state }}" state: '{{ state }}'
register: my_linode register: my_linode
- name: Wait for SSH to come up - name: Wait for SSH to come up
local_action: local_action:
module: wait_for module: wait_for host={{ my_linode.instance.ipv4[0] }} port=22 search_regex=OpenSSH
host={{ my_linode.instance.ipv4[0] }}
port=22
search_regex=OpenSSH
timeout=320 timeout=320
- name: Instance Details - name: Instance Details
debug: debug:
msg: "{{my_linode}}" msg: '{{my_linode}}'
- name: Update hosts.ini - name: Update hosts.ini
blockinfile: blockinfile:

4
roles/setup_linode/vars/main.yml
Unescape Escape View File

@ -1,2 +1,2 @@
--- null
# vars file for setup_linode ...

9
roles/setup_mergerfs/tasks/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
# dangerous to use this as the device name changes when there are new drives. # dangerous to use this as the device name changes when there are new drives.
# can this be done with an ID? # can this be done with an ID?
#- name: Create a ext4 filesystem on /dev/sdb1 #- name: Create a ext4 filesystem on /dev/sdb1
@ -9,12 +8,12 @@
- name: Mount Volumes - name: Mount Volumes
mount: mount:
path: "{{item.path}}" path: '{{item.path}}'
src: "UUID={{item.uuid}}" src: UUID={{item.uuid}}
fstype: ext4 fstype: ext4
state: mounted state: mounted
opts: defaults,nofail opts: defaults,nofail
loop: "{{ devices }}" loop: '{{ devices }}'
register: volume_out register: volume_out
- debug: msg="{{volume_out}}" - debug: msg="{{volume_out}}"
@ -38,4 +37,4 @@
include_role: include_role:
name: sprat.mergerfs name: sprat.mergerfs
vars: vars:
mergerfs_mounts: "{{mounts}}" mergerfs_mounts: '{{mounts}}'

13
roles/setup_portainer/files/docker-compose.yml
Unescape Escape View File

@ -1,17 +1,16 @@
---
version: '3.2' version: '3.2'
services: services:
portainer: portainer:
labels: labels:
ie.cianhatton.backup.enabled: "true" ie.cianhatton.backup.enabled: 'true'
ie.cianhatton.backup.key: "nightly" ie.cianhatton.backup.key: nightly
image: portainer/portainer-ce image: portainer/portainer-ce
container_name: "portainer" container_name: portainer
ports: ports:
- "9000:9000" - 9000:9000
volumes: volumes:
- portainer_data:/data - portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
volumes: volumes:
portainer_data: portainer_data:

46
roles/setup_portainer/tasks/main.yml
Unescape Escape View File

@ -1,59 +1,51 @@
# @meta author: Cian Hatton
# @meta description: >
# Role to configure Portainer. This role copies the docker-compose.yml
# onto the host and starts portainer with docker compose.
# If there is a backup of the portainer volume stored in s3, it will
# be restored before portainer is started.
# @end
---
- name: Portainer | Create directory if it does not exist - name: Portainer | Create directory if it does not exist
ansible.builtin.file: ansible.builtin.file:
path: "{{directories.docker_compose_directory}}" path: '{{directories.docker_compose_directory}}'
state: directory state: directory
mode: '0755' mode: '0755'
- name: Portainer | Copy docker compose file - name: Portainer | Copy docker compose file
copy: copy:
src: docker-compose.yml src: docker-compose.yml
dest: "{{directories.docker_compose_directory}}/docker-compose.yml" dest: '{{directories.docker_compose_directory}}/docker-compose.yml'
- name: Portainer | Check if volume exists - name: Portainer | Check if volume exists
shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }} .Name {{ '}}' }}' shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }} .Name
{{ '}}' }}'
register: portainer_volume register: portainer_volume
changed_when: False changed_when: false
- name: Portainer | Pull images - name: Portainer | Pull images
docker_image: docker_image:
name: "{{item}}" name: '{{item}}'
source: pull source: pull
with_items: with_items:
- ubuntu - ubuntu
- busybox - busybox
- name: Docker Volume Backup | Restore Portainer volume from S3 - name: Docker Volume Backup | Restore Portainer volume from S3
when: (portainer_volume.stdout_lines | length) == 0 when: (portainer_volume.stdout_lines | length) == 0
docker_container: docker_container:
command: "restore-volume --s3 --volume portainer_portainer_data" command: restore-volume --s3 --volume portainer_portainer_data
image: "ghcr.io/chatton/docker-volume-backup:v0.3.0" image: ghcr.io/chatton/docker-volume-backup:v0.3.0
name: "s3-restore-portainer" name: s3-restore-portainer
cleanup: true # delete container after it's done. cleanup: true # delete container after it's done.
state: started # container should execute. state: started # container should execute.
detach: no # task fails if container exits. detach: no # task fails if container exits.
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /tmp:/tmp # temp s3 archive goes here - /tmp:/tmp # temp s3 archive goes here
env: env:
AWS_ACCESS_KEY_ID: "{{aws_s3.aws_access_key}}" AWS_ACCESS_KEY_ID: '{{aws_s3.aws_access_key}}'
AWS_SECRET_ACCESS_KEY: "{{aws_s3.aws_secret_key}}" AWS_SECRET_ACCESS_KEY: '{{aws_s3.aws_secret_key}}'
AWS_DEFAULT_REGION: "{{aws_s3.region}}" AWS_DEFAULT_REGION: '{{aws_s3.region}}'
AWS_BUCKET: "{{aws_s3.bucket}}" AWS_BUCKET: '{{aws_s3.bucket}}'
AWS_ENDPOINT: "{{aws_s3.s3_url}}" AWS_ENDPOINT: '{{aws_s3.s3_url}}'
- name: Portainer | Docker compose up - name: Portainer | Docker compose up
community.docker.docker_compose: community.docker.docker_compose:
project_src: "{{directories.docker_compose_directory}}/portainer" project_src: '{{directories.docker_compose_directory}}/portainer'
# Don't really need this as long as there is an S3 backup. # Don't really need this as long as there is an S3 backup.
#- name: Portainer | Register Admin User #- name: Portainer | Register Admin User

11
roles/setup_samba/defaults/main.yml
Unescape Escape View File

@ -1,10 +1,9 @@
---
samba_group: smbgroup samba_group: smbgroup
samba_user: smbuser samba_user: smbuser
users: users:
- name: cianhatton - name: cianhatton
shares: shares:
- /share - /share
- /share/public_files - /share/public_files
- /share/private_files - /share/private_files
- /share/cian_files - /share/cian_files

1
roles/setup_samba/handlers/main.yml
Unescape Escape View File

@ -1,4 +1,3 @@
---
- name: restart-samba - name: restart-samba
ansible.builtin.service: ansible.builtin.service:
name: smbd name: smbd

41
roles/setup_samba/tasks/main.yml
Unescape Escape View File

@ -1,54 +1,53 @@
---
- name: Install samba packages using apt - name: Install samba packages using apt
apt: apt:
name: name:
- samba - samba
state: present state: present
update_cache: yes update_cache: yes
- name: Ensure samba group exists - name: Ensure samba group exists
ansible.builtin.group: ansible.builtin.group:
name: "{{samba_group}}" name: '{{samba_group}}'
state: present state: present
system: true system: true
notify: notify:
- reload-samba - reload-samba
- name: Ensure samba user - name: Ensure samba user
ansible.builtin.user: ansible.builtin.user:
name: "{{samba_user}}" name: '{{samba_user}}'
comment: Samba user comment: Samba user
group: "{{samba_group}}" group: '{{samba_group}}'
shell: /bin/false shell: /bin/false
create_home: false create_home: false
notify: notify:
- reload-samba - reload-samba
- name: Add the User(s) to Samba group - name: Add the User(s) to Samba group
user: user:
name: "{{ item.name }}" name: '{{ item.name }}'
groups: "{{ samba_group }}" groups: '{{ samba_group }}'
append: yes append: yes
with_items: "{{users}}" with_items: '{{users}}'
- name: Ensure Share directories - name: Ensure Share directories
ansible.builtin.file: ansible.builtin.file:
path: "{{item}}" path: '{{item}}'
recurse: yes recurse: yes
state: directory state: directory
owner: "{{samba_user}}" owner: '{{samba_user}}'
group: "{{samba_group}}" group: '{{samba_group}}'
mode: 'u+rw,g+rw' mode: u+rw,g+rw
with_items: "{{shares}}" with_items: '{{shares}}'
notify: notify:
- reload-samba - reload-samba
- name: Copy smb conf files - name: Copy smb conf files
copy: copy:
src: "{{item}}" src: '{{item}}'
dest: "/etc/samba/{{item}}" dest: /etc/samba/{{item}}
with_items: with_items:
- smb.conf - smb.conf
- shares.conf - shares.conf
notify: notify:
- reload-samba - reload-samba

20
roles/setup_users/tasks/main.yml
Unescape Escape View File

@ -2,32 +2,32 @@
- name: Install Sudo - name: Install Sudo
apt: apt:
pkg: pkg:
- sudo - sudo
state: latest state: latest
update_cache: true update_cache: true
- name: Make sure we have a groups - name: Make sure we have a groups
group: group:
name: "{{item.group}}" name: '{{item.group}}'
state: present state: present
with_items: "{{users}}" with_items: '{{users}}'
- name: Add Users - name: Add Users
ansible.builtin.user: ansible.builtin.user:
name: "{{item.name}}" name: '{{item.name}}'
comment: "{{item.name}} user" comment: '{{item.name}} user'
group: "{{item.group}}" group: '{{item.group}}'
with_items: "{{users}}" with_items: '{{users}}'
- name: Add sudoers - name: Add sudoers
template: template:
src: sudoers.j2 src: sudoers.j2
dest: "/etc/sudoers.d/{{item.name}}" dest: /etc/sudoers.d/{{item.name}}
with_items: "{{users}}" with_items: '{{users}}'
when: item.passwordless_sudo == true when: item.passwordless_sudo == true
- name: Set authorized key - name: Set authorized key
authorized_key: authorized_key:
user: "{{homelab_user}}" user: '{{homelab_user}}'
state: present state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

15
scripts/format_all_yaml.sh
Unescape Escape View File

@ -0,0 +1,15 @@
#!/bin/bash
function format_dir(){
dir="${1}"
yaml_files="$(find ${dir} -type f -name "*.yml")"
for f in $yaml_files
do
yamlfmt $f -w
done
}
format_dir roles
format_dir playbooks
format_dir host_vars
format_dir group_vars
Write Preview
Loading…
Cancel
Save