chatton
/
ansible-homelab
mirror of https://github.com/chatton/ansible-homelab
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated vpn stack to use definition

Browse Source
authelia
chatton 2 years ago
parent da712ef7b0
commit e444e29c8c
6 changed files with 196 additions and 189 deletions
Show Stats Download Patch File Download Diff File

20
host_vars/qnap.yml
Unescape Escape View File

@ -59,25 +59,6 @@ portainer_required_templates:
portainer_endpoint: 2 portainer_endpoint: 2
services: services:
- name: vpn-stack
template_vars:
vpn: protonwire # protonwire or surfshark
qbittorrent:
enabled: true
image: lscr.io/linuxserver/qbittorrent
tag: 4.5.3
radarr:
enabled: true
image: lscr.io/linuxserver/radarr
tag: 4.5.2
sonarr:
enabled: true
image: lscr.io/linuxserver/sonarr
tag: 3.0.10
jackett:
enabled: true
image: lscr.io/linuxserver/jackett
tag: 0.21.235
- name: gitea - name: gitea
template_vars: template_vars:
image: gitea/gitea image: gitea/gitea
@ -113,6 +94,5 @@ services:
- name: paperless - name: paperless
- name: gotify - name: gotify
- name: diun - name: diun
# - name: ghost

1
playbooks/setup-homelab.yml
Unescape Escape View File

@ -83,6 +83,7 @@
- role: portainer_dashy - role: portainer_dashy
- role: portainer_dashdot - role: portainer_dashdot
- role: portainer_glances - role: portainer_glances
- role: portainer_arr
# #
#- name: Setup and deploy templated portainer services. #- name: Setup and deploy templated portainer services.

45
roles/portainer_arr/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,45 @@
---
arr_portainer_stack_name: vpn-stack
arr_vpn_image: "ghcr.io/tprasadtp/protonwire"
arr_vpn_tag: "7.2.0"
arr_backup_enabled: true
arr_backup_schedule: nightly
# backup
arr_docker_backup_restore_force: false
arr_docker_backup_fail_on_no_s3_backups: false
arr_docker_backup_restore_latest_s3_key: true
# Qbittorrent
qbittorrent_image: lscr.io/linuxserver/qbittorrent
qbittorrent_tag: 4.5.3
qbittorrent_container_name: qbittorrent
qbittorrent_puid: 1000
qbittorrent_pgid: 1000
qbittorrent_exposed_web_ui_port: 15000
qbittorrent_exposed_download_port: 6881
# Radarr
radarr_image: lscr.io/linuxserver/radarr
radarr_tag: 4.5.2
radarr_container_name: radarr
radarr_exposed_port: 7878
radarr_puid: 1000
radarr_pgid: 1000
# Sonarr
sonarr_image: lscr.io/linuxserver/sonarr
sonarr_tag: 3.0.10
sonarr_exposed_port: 8989
sonarr_container_name: sonarr
sonarr_puid: 1000
sonarr_pgid: 1000
# Jackett
jackett_image: lscr.io/linuxserver/jackett
jackett_tag: 0.21.235
jackett_exposed_port: 9117
jackett_container_name: jackett
jackett_puid: 1000
jackett_pgid: 1000

148
roles/portainer_arr/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,148 @@
---
- name: "Arr | Restore any missing volumes from S3"
ansible.builtin.include_role:
name: chatton.docker_backup.docker_s3_volume_restore
vars:
docker_backup_restore_force: "{{ arr_docker_backup_restore_force }}"
docker_backup_restore_latest_s3_key: "{{ arr_docker_backup_restore_latest_s3_key }}"
docker_backup_fail_on_no_s3_backups: "{{ arr_docker_backup_fail_on_no_s3_backups }}"
docker_backup_s3_volume: "{{ item }}"
with_items:
- name: "{{ arr_portainer_stack_name }}_qbittorrent_config"
- name: "{{ arr_portainer_stack_name }}_radarr_config"
- name: "{{ arr_portainer_stack_name }}_sonarr_config"
- name: "{{ arr_portainer_stack_name }}_jackett_config"
- name: "Arr | Update Portainer."
chatton.portainer.portainer_stack:
username: admin
password: '{{ portainer.password }}'
base_url: '{{ portainer_base_url }}'
stack_name: '{{ arr_portainer_stack_name }}'
endpoint_id: '{{ portainer_endpoint }}'
state: present
definition:
version: "3.1"
services:
protonwire:
container_name: protonwire
image: "{{ arr_vpn_image }}:{{ arr_vpn_tag }}"
init: true
restart: unless-stopped
environment:
# Quote this value as server name can contain '#'.
PROTONVPN_SERVER: "{{ vpn.protonvpn_server }}"
# Set this to 1 to show debug logs for issue forms.
DEBUG: "1"
# Set this to 0 to disable kill-switch.
KILL_SWITCH: "0"
# follow instructions here https://github.com/tprasadtp/protonvpn-docker
WIREGUARD_PRIVATE_KEY: "{{ vpn.wireguard_private_key }}"
LAN_NETWORK: "{{ vpn.lan_network }}"
cap_add:
- NET_ADMIN
# sysctl net.ipv4.conf.all.rp_filter is mandatory!
# net.ipv6.conf.all.disable_ipv6 disables IPv6 as protonVPN does not support IPv6.
# 'net.*' sysctls are not required on application containers,
# as they share network stack with protonwire container.
sysctls:
net.ipv4.conf.all.rp_filter: 2
net.ipv6.conf.all.disable_ipv6: 1
volumes:
- type: tmpfs
target: /tmp
ports:
# qbittorrent
- "{{ qbittorrent_exposed_web_ui_port }}:15000"
- "{{ qbittorrent_exposed_download_port }}:6881"
- "{{ qbittorrent_exposed_download_port }}:6881/udp"
# radarr
- "{{ radarr_exposed_port }}:7878"
# sonarr
- "{{ sonarr_exposed_port }}:8989"
# jackett
- "{{ jackett_exposed_port }}:9117"
dns:
- 1.1.1.1
- 8.8.8.8
qbittorrent:
labels:
ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}"
ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}"
depends_on:
- protonwire
image: "{{ qbittorrent_image }}:{{ qbittorrent_tag }}"
container_name: "{{ qbittorrent_container_name }}"
network_mode: "service:protonwire"
environment:
- "PUID={{ qbittorrent_puid }}"
- "PGID={{ qbittorrent_pgid }}"
- TZ=Europe/London
- "WEBUI_PORT=15000"
volumes:
- qbittorrent_config:/config
- "{{ directories.downloads_dir }}:/downloads"
restart: unless-stopped
radarr:
labels:
ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}"
ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}"
depends_on:
- protonwire
image: "{{ radarr_image }}:{{ radarr_tag }}"
container_name: "{{ radarr_container_name }}"
network_mode: "service:protonwire"
environment:
- "PUID={{ radarr_puid }}"
- "PGID={{ radarr_pgid }}"
- TZ=Europe/London
volumes:
- radarr_config:/config
- "{{ directories.movies_dir }}:/movies"
- "{{ directories.downloads_dir }}:/downloads"
restart: unless-stopped
sonarr:
depends_on:
- protonwire
image: "{{ sonarr_image }}:{{ sonarr_tag }}"
labels:
ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}"
ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}"
container_name: "{{ sonarr_container_name }}"
network_mode: "service:protonwire"
environment:
- "PUID={{ sonarr_puid }}"
- "PGID={{ sonarr_pgid }}"
- TZ=Europe/London
volumes:
- sonarr_config:/config
- "{{ directories.tv_dir }}:/tv"
- "{{ directories.downloads_dir }}:/downloads"
restart: unless-stopped
jackett:
labels:
ie.cianhatton.backup.enabled: "{{ arr_backup_enabled }}"
ie.cianhatton.backup.schedule: "{{ arr_backup_schedule }}"
depends_on:
- protonwire
image: "{{ jackett_image }}:{{ jackett_tag }}"
container_name: "{{ jackett_container_name }}"
network_mode: "service:protonwire"
environment:
- "PUID={{ jackett_puid }}"
- "PGID={{ jackett_pgid }}"
- TZ=Europe/London
- AUTO_UPDATE=true
volumes:
- jackett_config:/config
- "{{ directories.downloads_dir }}:/downloads"
restart: unless-stopped
volumes:
qbittorrent_config: {}
radarr_config: {}
sonarr_config: {}
jackett_config: {}

169
roles/setup_hosted_services/templates/vpn-stack.j2
Unescape Escape View File

@ -1,169 +0,0 @@
---
version: "3"
services:
{% if template_vars.vpn == "protonwire" %}
protonwire:
container_name: protonwire
image: ghcr.io/tprasadtp/protonwire:7.2.0
init: true
restart: unless-stopped
environment:
# Quote this value as server name can contain '#'.
PROTONVPN_SERVER: "{{ vpn.protonvpn_server }}"
# Set this to 1 to show debug logs for issue forms.
DEBUG: "1"
# Set this to 0 to disable kill-switch.
KILL_SWITCH: "0"
# follow instructions here https://github.com/tprasadtp/protonvpn-docker
WIREGUARD_PRIVATE_KEY: "{{ vpn.wireguard_private_key }}"
LAN_NETWORK: "{{ vpn.lan_network }}"
cap_add:
- NET_ADMIN
# sysctl net.ipv4.conf.all.rp_filter is mandatory!
# net.ipv6.conf.all.disable_ipv6 disables IPv6 as protonVPN does not support IPv6.
# 'net.*' sysctls are not required on application containers,
# as they share network stack with protonwire container.
sysctls:
net.ipv4.conf.all.rp_filter: 2
net.ipv6.conf.all.disable_ipv6: 1
volumes:
- type: tmpfs
target: /tmp
ports:
# qbittorrent
- 15000:15000
- 6881:6881
- 6881:6881/udp
# radarr
- 7878:7878
# sonarr
- 8989:8989
# jackett
- 9117:9117
dns:
- 1.1.1.1
- 8.8.8.8
{% elif template_vars.vpn == "surfshark" %}
surfshark:
image: ilteoood/docker-surfshark
container_name: surfshark
environment:
- SURFSHARK_USER={{ vpn.surfshark_username }}
- SURFSHARK_PASSWORD={{ vpn.surfshark_password }}
# must specify LAN_NETWORK otherwise you will not be able
# to access ports which are exposed here.
- LAN_NETWORK={{ vpn.lan_network }}
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
ports:
# qbittorrent
- 15000:15000
- 6881:6881
- 6881:6881/udp
# radarr
- 7878:7878
# sonarr
- 8989:8989
# jackett
- 9117:9117
restart: unless-stopped
dns:
- 1.1.1.1
- 8.8.8.8
{% endif %}
{% if template_vars.qbittorrent.enabled %}
qbittorrent:
labels:
ie.cianhatton.backup.enabled: "true"
ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}"
depends_on:
- {{ template_vars.vpn }}
image: "{{ template_vars.qbittorrent.image }}:{{ template_vars.qbittorrent.tag }}"
container_name: qbittorrent
network_mode: "service:{{ template_vars.vpn }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- WEBUI_PORT=15000
volumes:
- qbittorrent_config:/config
- {{ directories.downloads_dir }}:/downloads
restart: unless-stopped
{% endif %}
{% if template_vars.radarr.enabled %}
radarr:
labels:
ie.cianhatton.backup.enabled: "true"
ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}"
depends_on:
- {{ template_vars.vpn }}
image: "{{ template_vars.radarr.image }}:{{ template_vars.radarr.tag }}"
container_name: radarr
network_mode: "service:{{ template_vars.vpn }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- radarr_config:/config
- {{ directories.movies_dir }}:/movies
- {{ directories.downloads_dir }}:/downloads
restart: unless-stopped
{% endif %}
{% if template_vars.sonarr.enabled %}
sonarr:
depends_on:
- {{ template_vars.vpn }}
image: "{{ template_vars.sonarr.image }}:{{ template_vars.sonarr.tag }}"
labels:
ie.cianhatton.backup.enabled: "true"
ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}"
container_name: sonarr
network_mode: "service:{{ template_vars.vpn }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- sonarr_config:/config
- {{ directories.tv_dir }}:/tv
- {{ directories.downloads_dir }}:/downloads
restart: unless-stopped
{% endif %}
{% if template_vars.jackett.enabled %}
jackett:
labels:
ie.cianhatton.backup.enabled: "true"
ie.cianhatton.backup.schedule: "{{ backups.schedule_keys.nightly }}"
depends_on:
- {{ template_vars.vpn }}
image: "{{ template_vars.jackett.image }}:{{ template_vars.jackett.tag }}"
container_name: jackett
network_mode: "service:{{ template_vars.vpn }}"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- AUTO_UPDATE=true
volumes:
- jackett_config:/config
- {{ directories.downloads_dir }}:/downloads
restart: unless-stopped
{% endif %}
volumes:
{% if template_vars.jackett.enabled %}
jackett_config:
{% endif %}
{% if template_vars.qbittorrent.enabled %}
qbittorrent_config:
{% endif %}
{% if template_vars.radarr.enabled %}
radarr_config:
{% endif %}
{% if template_vars.sonarr.enabled %}
sonarr_config:
{% endif %}

2
roles/setup_users/tasks/main.yml
Unescape Escape View File

@ -3,7 +3,9 @@
ansible.builtin.apt: ansible.builtin.apt:
pkg: pkg:
- sudo - sudo
# TODO move these somewhere else
- ufw - ufw
- htop
state: latest state: latest
update_cache: true update_cache: true

Write Preview
Loading…
Cancel
Save