diff --git a/host_vars/qnap.yml b/host_vars/qnap.yml index c37f476..6fe9859 100644 --- a/host_vars/qnap.yml +++ b/host_vars/qnap.yml @@ -59,25 +59,6 @@ portainer_required_templates: portainer_endpoint: 2 services: - - name: vpn-stack - template_vars: - vpn: protonwire # protonwire or surfshark - qbittorrent: - enabled: true - image: lscr.io/linuxserver/qbittorrent - tag: 4.5.3 - radarr: - enabled: true - image: lscr.io/linuxserver/radarr - tag: 4.5.2 - sonarr: - enabled: true - image: lscr.io/linuxserver/sonarr - tag: 3.0.10 - jackett: - enabled: true - image: lscr.io/linuxserver/jackett - tag: 0.21.235 - name: gitea template_vars: image: gitea/gitea @@ -113,6 +94,5 @@ services: - name: paperless - name: gotify - name: diun -# - name: ghost diff --git a/playbooks/setup-homelab.yml b/playbooks/setup-homelab.yml index b8a746a..0d12f12 100644 --- a/playbooks/setup-homelab.yml +++ b/playbooks/setup-homelab.yml @@ -83,6 +83,7 @@ - role: portainer_dashy - role: portainer_dashdot - role: portainer_glances + - role: portainer_arr # #- name: Setup and deploy templated portainer services. diff --git a/roles/portainer_arr/defaults/main.yml b/roles/portainer_arr/defaults/main.yml new file mode 100644 index 0000000..a7c9bc2 --- /dev/null +++ b/roles/portainer_arr/defaults/main.yml @@ -0,0 +1,45 @@ +--- +arr_portainer_stack_name: vpn-stack +arr_vpn_image: "ghcr.io/tprasadtp/protonwire" +arr_vpn_tag: "7.2.0" +arr_backup_enabled: true +arr_backup_schedule: nightly + +# backup +arr_docker_backup_restore_force: false +arr_docker_backup_fail_on_no_s3_backups: false +arr_docker_backup_restore_latest_s3_key: true + +# Qbittorrent +qbittorrent_image: lscr.io/linuxserver/qbittorrent +qbittorrent_tag: 4.5.3 +qbittorrent_container_name: qbittorrent +qbittorrent_puid: 1000 +qbittorrent_pgid: 1000 +qbittorrent_exposed_web_ui_port: 15000 +qbittorrent_exposed_download_port: 6881 + + +# Radarr +radarr_image: lscr.io/linuxserver/radarr +radarr_tag: 4.5.2 +radarr_container_name: radarr +radarr_exposed_port: 7878 +radarr_puid: 1000 +radarr_pgid: 1000 + +# Sonarr +sonarr_image: lscr.io/linuxserver/sonarr +sonarr_tag: 3.0.10 +sonarr_exposed_port: 8989 +sonarr_container_name: sonarr +sonarr_puid: 1000 +sonarr_pgid: 1000 + +# Jackett +jackett_image: lscr.io/linuxserver/jackett +jackett_tag: 0.21.235 +jackett_exposed_port: 9117 +jackett_container_name: jackett +jackett_puid: 1000 +jackett_pgid: 1000 diff --git a/roles/portainer_arr/tasks/main.yml b/roles/portainer_arr/tasks/main.yml new file mode 100644 index 0000000..0ce53ea --- /dev/null +++ b/roles/portainer_arr/tasks/main.yml @@ -0,0 +1,148 @@ +--- +- name: "Arr | Restore any missing volumes from S3" + ansible.builtin.include_role: + name: chatton.docker_backup.docker_s3_volume_restore + vars: + docker_backup_restore_force: "{{ arr_docker_backup_restore_force }}" + docker_backup_restore_latest_s3_key: "{{ arr_docker_backup_restore_latest_s3_key }}" + docker_backup_fail_on_no_s3_backups: "{{ arr_docker_backup_fail_on_no_s3_backups }}" + docker_backup_s3_volume: "{{ item }}" + with_items: + - name: "{{ arr_portainer_stack_name }}_qbittorrent_config" + - name: "{{ arr_portainer_stack_name }}_radarr_config" + - name: "{{ arr_portainer_stack_name }}_sonarr_config" + - name: "{{ arr_portainer_stack_name }}_jackett_config" + +- name: "Arr | Update Portainer." + chatton.portainer.portainer_stack: + username: admin + password: '{{ portainer.password }}' + base_url: '{{ portainer_base_url }}' + stack_name: '{{ arr_portainer_stack_name }}' + endpoint_id: '{{ portainer_endpoint }}' + state: present + definition: + version: "3.1" + services: + protonwire: + container_name: protonwire + image: "{{ arr_vpn_image }}:{{ arr_vpn_tag }}" + init: true + restart: unless-stopped + environment: + # Quote this value as server name can contain '#'. + PROTONVPN_SERVER: "{{ vpn.protonvpn_server }}" + # Set this to 1 to show debug logs for issue forms. + DEBUG: "1" + # Set this to 0 to disable kill-switch. + KILL_SWITCH: "0" + # follow instructions here https://github.com/tprasadtp/protonvpn-docker + WIREGUARD_PRIVATE_KEY: "{{ vpn.wireguard_private_key }}" + LAN_NETWORK: "{{ vpn.lan_network }}" + cap_add: + - NET_ADMIN + # sysctl net.ipv4.conf.all.rp_filter is mandatory! + # net.ipv6.conf.all.disable_ipv6 disables IPv6 as protonVPN does not support IPv6. + # 'net.*' sysctls are not required on application containers, + # as they share network stack with protonwire container. + sysctls: + net.ipv4.conf.all.rp_filter: 2 + net.ipv6.conf.all.disable_ipv6: 1 + volumes: + - type: tmpfs + target: /tmp + ports: + # qbittorrent + - "{{ qbittorrent_exposed_web_ui_port }}:15000" + - "{{ qbittorrent_exposed_download_port }}:6881" + - "{{ qbittorrent_exposed_download_port }}:6881/udp" + # radarr + - "{{ radarr_exposed_port }}:7878" + # sonarr + - "{{ sonarr_exposed_port }}:8989" + # jackett + - "{{ jackett_exposed_port }}:9117" + dns: + - 1.1.1.1 + - 8.8.8.8 + + qbittorrent: + labels: + ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}" + ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}" + depends_on: + - protonwire + image: "{{ qbittorrent_image }}:{{ qbittorrent_tag }}" + container_name: "{{ qbittorrent_container_name }}" + network_mode: "service:protonwire" + environment: + - "PUID={{ qbittorrent_puid }}" + - "PGID={{ qbittorrent_pgid }}" + - TZ=Europe/London + - "WEBUI_PORT=15000" + volumes: + - qbittorrent_config:/config + - "{{ directories.downloads_dir }}:/downloads" + restart: unless-stopped + + radarr: + labels: + ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}" + ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}" + depends_on: + - protonwire + image: "{{ radarr_image }}:{{ radarr_tag }}" + container_name: "{{ radarr_container_name }}" + network_mode: "service:protonwire" + environment: + - "PUID={{ radarr_puid }}" + - "PGID={{ radarr_pgid }}" + - TZ=Europe/London + volumes: + - radarr_config:/config + - "{{ directories.movies_dir }}:/movies" + - "{{ directories.downloads_dir }}:/downloads" + restart: unless-stopped + + sonarr: + depends_on: + - protonwire + image: "{{ sonarr_image }}:{{ sonarr_tag }}" + labels: + ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}" + ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}" + container_name: "{{ sonarr_container_name }}" + network_mode: "service:protonwire" + environment: + - "PUID={{ sonarr_puid }}" + - "PGID={{ sonarr_pgid }}" + - TZ=Europe/London + volumes: + - sonarr_config:/config + - "{{ directories.tv_dir }}:/tv" + - "{{ directories.downloads_dir }}:/downloads" + restart: unless-stopped + + jackett: + labels: + ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}" + ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}" + depends_on: + - protonwire + image: "{{ jackett_image }}:{{ jackett_tag }}" + container_name: "{{ jackett_container_name }}" + network_mode: "service:protonwire" + environment: + - "PUID={{ jackett_puid }}" + - "PGID={{ jackett_pgid }}" + - TZ=Europe/London + - AUTO_UPDATE=true + volumes: + - jackett_config:/config + - "{{ directories.downloads_dir }}:/downloads" + restart: unless-stopped + volumes: + qbittorrent_config: {} + radarr_config: {} + sonarr_config: {} + jackett_config: {} diff --git a/roles/setup_hosted_services/templates/vpn-stack.j2 b/roles/setup_hosted_services/templates/vpn-stack.j2 deleted file mode 100644 index 319bf4a..0000000 --- a/roles/setup_hosted_services/templates/vpn-stack.j2 +++ /dev/null @@ -1,169 +0,0 @@ ---- -version: "3" -services: -{% if template_vars.vpn == "protonwire" %} - protonwire: - container_name: protonwire - image: ghcr.io/tprasadtp/protonwire:7.2.0 - init: true - restart: unless-stopped - environment: - # Quote this value as server name can contain '#'. - PROTONVPN_SERVER: "{{ vpn.protonvpn_server }}" - # Set this to 1 to show debug logs for issue forms. - DEBUG: "1" - # Set this to 0 to disable kill-switch. - KILL_SWITCH: "0" - - # follow instructions here https://github.com/tprasadtp/protonvpn-docker - WIREGUARD_PRIVATE_KEY: "{{ vpn.wireguard_private_key }}" - LAN_NETWORK: "{{ vpn.lan_network }}" - cap_add: - - NET_ADMIN - # sysctl net.ipv4.conf.all.rp_filter is mandatory! - # net.ipv6.conf.all.disable_ipv6 disables IPv6 as protonVPN does not support IPv6. - # 'net.*' sysctls are not required on application containers, - # as they share network stack with protonwire container. - sysctls: - net.ipv4.conf.all.rp_filter: 2 - net.ipv6.conf.all.disable_ipv6: 1 - volumes: - - type: tmpfs - target: /tmp - ports: - # qbittorrent - - 15000:15000 - - 6881:6881 - - 6881:6881/udp - # radarr - - 7878:7878 - # sonarr - - 8989:8989 - # jackett - - 9117:9117 - dns: - - 1.1.1.1 - - 8.8.8.8 -{% elif template_vars.vpn == "surfshark" %} - surfshark: - image: ilteoood/docker-surfshark - container_name: surfshark - environment: - - SURFSHARK_USER={{ vpn.surfshark_username }} - - SURFSHARK_PASSWORD={{ vpn.surfshark_password }} - # must specify LAN_NETWORK otherwise you will not be able - # to access ports which are exposed here. - - LAN_NETWORK={{ vpn.lan_network }} - cap_add: - - NET_ADMIN - devices: - - /dev/net/tun - ports: - # qbittorrent - - 15000:15000 - - 6881:6881 - - 6881:6881/udp - # radarr - - 7878:7878 - # sonarr - - 8989:8989 - # jackett - - 9117:9117 - restart: unless-stopped - dns: - - 1.1.1.1 - - 8.8.8.8 -{% endif %} -{% if template_vars.qbittorrent.enabled %} - qbittorrent: - labels: - ie.cianhatton.backup.enabled: "true" - ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}" - depends_on: - - {{ template_vars.vpn }} - image: "{{ template_vars.qbittorrent.image }}:{{ template_vars.qbittorrent.tag }}" - container_name: qbittorrent - network_mode: "service:{{ template_vars.vpn }}" - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - - WEBUI_PORT=15000 - volumes: - - qbittorrent_config:/config - - {{ directories.downloads_dir }}:/downloads - restart: unless-stopped -{% endif %} -{% if template_vars.radarr.enabled %} - radarr: - labels: - ie.cianhatton.backup.enabled: "true" - ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}" - depends_on: - - {{ template_vars.vpn }} - image: "{{ template_vars.radarr.image }}:{{ template_vars.radarr.tag }}" - container_name: radarr - network_mode: "service:{{ template_vars.vpn }}" - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - volumes: - - radarr_config:/config - - {{ directories.movies_dir }}:/movies - - {{ directories.downloads_dir }}:/downloads - restart: unless-stopped -{% endif %} -{% if template_vars.sonarr.enabled %} - sonarr: - depends_on: - - {{ template_vars.vpn }} - image: "{{ template_vars.sonarr.image }}:{{ template_vars.sonarr.tag }}" - labels: - ie.cianhatton.backup.enabled: "true" - ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}" - container_name: sonarr - network_mode: "service:{{ template_vars.vpn }}" - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - volumes: - - sonarr_config:/config - - {{ directories.tv_dir }}:/tv - - {{ directories.downloads_dir }}:/downloads - restart: unless-stopped -{% endif %} -{% if template_vars.jackett.enabled %} - jackett: - labels: - ie.cianhatton.backup.enabled: "true" - ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}" - depends_on: - - {{ template_vars.vpn }} - image: "{{ template_vars.jackett.image }}:{{ template_vars.jackett.tag }}" - container_name: jackett - network_mode: "service:{{ template_vars.vpn }}" - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - - AUTO_UPDATE=true - volumes: - - jackett_config:/config - - {{ directories.downloads_dir }}:/downloads - restart: unless-stopped -{% endif %} -volumes: -{% if template_vars.jackett.enabled %} - jackett_config: -{% endif %} -{% if template_vars.qbittorrent.enabled %} - qbittorrent_config: -{% endif %} -{% if template_vars.radarr.enabled %} - radarr_config: -{% endif %} -{% if template_vars.sonarr.enabled %} - sonarr_config: -{% endif %} diff --git a/roles/setup_users/tasks/main.yml b/roles/setup_users/tasks/main.yml index d9d2b29..7e92043 100644 --- a/roles/setup_users/tasks/main.yml +++ b/roles/setup_users/tasks/main.yml @@ -3,7 +3,9 @@ ansible.builtin.apt: pkg: - sudo + # TODO move these somewhere else - ufw + - htop state: latest update_cache: true