From d717013e6d01609c35090830121a52c54b57471f Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Thu, 9 Apr 2026 23:20:40 +0100 Subject: [PATCH] feat: media+app VMs, Komodo periphery working --- .../inventories/group_vars/all/app_disks.yml | 18 ++++ ansible/inventories/group_vars/all/main.yml | 2 + ansible/inventories/group_vars/all/vault.yml | 86 ++++++++++--------- ansible/inventories/group_vars/all/vms.yml | 39 +++++---- ansible/inventories/host_vars/edge-1/main.yml | 2 + ansible/inventories/host_vars/edge-2/main.yml | 2 + ansible/inventories/production.yml | 12 +-- ansible/playbooks/configure_vms.yml | 33 +++++++ ansible/playbooks/provision_vms.yml | 25 +----- .../templates/docker-compose.yml.j2 | 8 +- .../komodo/templates/docker-compose.yml.j2 | 24 +----- .../traefik/templates/remote-services.yml.j2 | 34 ++++---- ansible/roles/vm_apps/tasks/main.yml | 11 --- ansible/roles/vm_infra/tasks/main.yml | 10 --- ansible/roles/vm_plex/tasks/main.yml | 10 --- 15 files changed, 152 insertions(+), 164 deletions(-) create mode 100644 ansible/playbooks/configure_vms.yml delete mode 100644 ansible/roles/vm_apps/tasks/main.yml delete mode 100644 ansible/roles/vm_infra/tasks/main.yml delete mode 100644 ansible/roles/vm_plex/tasks/main.yml diff --git a/ansible/inventories/group_vars/all/app_disks.yml b/ansible/inventories/group_vars/all/app_disks.yml index 6d1557e..0164b40 100644 --- a/ansible/inventories/group_vars/all/app_disks.yml +++ b/ansible/inventories/group_vars/all/app_disks.yml @@ -20,3 +20,21 @@ app_data_disks: disk_id: scsi2 mount_point: /data/komodo device: /dev/sdc + komodo-periphery-media: + vm: media-1 + vmid: 420 + node: purah + size: "20" + storage: purah-mirror-860gb + disk_id: scsi1 + mount_point: /data/komodo-periphery + device: /dev/sdb + komodo-periphery-apps: + vm: apps-1 + vmid: 430 + node: yunobo + size: "20" + storage: nvme-2tb + disk_id: scsi1 + mount_point: /data/komodo-periphery + device: /dev/sdb diff --git a/ansible/inventories/group_vars/all/main.yml b/ansible/inventories/group_vars/all/main.yml index 7c8f71d..0f1c944 100644 --- a/ansible/inventories/group_vars/all/main.yml +++ b/ansible/inventories/group_vars/all/main.yml @@ -241,3 +241,5 @@ komodo_db_username: "{{ vault_komodo_db_username }}" komodo_db_password: "{{ vault_komodo_db_password }}" komodo_webhook_secret: "{{ vault_komodo_webhook_secret }}" komodo_jwt_secret: "{{ vault_komodo_jwt_secret }}" +komodo_onboarding_key: "{{ vault_komodo_onboarding_key }}" +komodo_core_address: "komodo.lino.cooking" diff --git a/ansible/inventories/group_vars/all/vault.yml b/ansible/inventories/group_vars/all/vault.yml index c84884e..f37293e 100644 --- a/ansible/inventories/group_vars/all/vault.yml +++ b/ansible/inventories/group_vars/all/vault.yml @@ -1,42 +1,46 @@ $ANSIBLE_VAULT;1.1;AES256 -38316332346633663733346561333162356230356539346265303565316635353866333166363663 -6238393162336531616335643063353061653339393163360a323365376231393636393938356663 -39636234653963653930393462323034613361366230323661633537326638346335643235653335 -3931313539333239330a306238646231306333353137656332656263363135343830653864323435 -63636337346165323030646264653036616237313134653537386436383632353237306136366361 -34626530643230353732366135616661633934323638313430386561636362363961613462653839 -31656130313765326431356437326435343431306561393938356162396562316638343333386164 -62396231323661626438356235393033313834366631343539613430333863653836316132373833 -62373665363062336530613462643839616633653233323135376564653134303134323230623833 -65356133646335663333376137613565386462303137336431346338616239653464633839633462 -66633465363365363037613564636336306261393931303065633839336331656264613534323030 -39303736343835646430326535333264383438343631623036326162653964653664303663383833 -36326430653862303539626461303334313436363930633033343339373464313663326464393633 -33623235643432666430336262626130346564396135343064333837633264383435666266333138 -39613830613639636433326334396165353035623136633534393638376532666134626631333764 -34653061346464306632386162633263616365636536656432666636663935353431633562663635 -64363038633561633532633139356236393463656139333933643261366262386364326231633434 -32326462633834613961303266313963363366613534363961383633366435626466666436306232 -65323365303932343933303238323363326637346363353938653630646135623636313636643437 -34393530343133356432616331386332383632333734346563306162396564373332373761643030 -39343561633764376138643634353463663066303637383262383762623534633536663138383363 -62613863383463316634653633343939343863336531623537343563373065616231393038616335 -63336562306435316338323934343331323436326661373762306533346530326637313863333432 -32316164333164353037313762396532343663623537313461376265666162316239366661396666 -66633637303361333065323234656461663333366163313138666465643634313961326431336331 -35336437626664356431313631353661666465353230303663393931373639326566646338333135 -39626334303438313631366466356431663536353639633931323633333135306432326166383937 -64626630666536343138643034663961353133643166633738663864366266643337636132386334 -37366464346364313166393835633465626535623332386162303564363030386430383966396461 -31626630643432376436396537306362633437663763616432633039386564393966333963386133 -62626563383831636136633539353731626463393861393132353834613936643564333365353934 -32376162636466393637336364363239636530316436653632336233613634623261373037646332 -36346162623164613736316263333132356131643461346332303531633439363037316437393661 -33646234333132393333383461663635626161306431323530333666373935323035373833363462 -33623237393033363930323533663434353535353962376539333431313561393062343466343337 -65303230376136323838313730623866306534646531356637323865393262663363383163623131 -31613063623935616438353735386134356139393634383136363935343739313836653637616533 -38316364303332646135373339343830306437613936323235616133363837616363666435613432 -32313830316164306463623861656361353961313235653730363633616464666533343863396662 -38646138326363386164623062353738363236643164666639383532373934636466303138383637 -37313466353036643766353266653737646363626439303962346235306338396631 +32666164303261303561346338303530366438613032393865383765643635386564383762343730 +3733623235313239653631623739393638396436323863630a643738343132313766626133663932 +64373061613562343864313735383730383362643332636630343665353130383165363437323832 +6565636230646430370a643833656235646262323032393933323734336434653432616430376233 +33336263323533636134633439323536643231396435623362633832643738313538353331313661 +61666133386331396132346336623337323662636566303262666238356438623930333339303430 +36653839383336613466313833343830346535363665643233646239623730386539613934323430 +62316333376164363839376330653333353339343135303837356466396266373639323533353064 +38646533656638623039633137386366643866336436373432333339313336653866346639303665 +35353162356165366637323031333133343561663534376665636263633739376437333834373233 +35616538383466656133663332656361653139313835323266626631636432373230323561616166 +62393031653035646132356562366133353839613137323465376266326130613439393664323335 +34663965396638613131626534643864373331656435386265303463656636373630643361346365 +64353861643231326466343262636664336532653338373866663462636239336166653261646437 +35343062303832633439393439643833303166663464303934613030666664363461376333353835 +34613361333932623864373037643630396635656138643666336263633431633839643937343630 +38343439326237313431626265623161313433636233326335623231376261396236383366653737 +62366365666465393132303130646661303765346535666132626562313761623630323936333562 +66343331363832393032353631393037616566343238363165663836396635656530356366363066 +66343435303037316362623265316566333938643439393937383839363235363131323030303465 +37303266303833353236363566383238353039623638376265353332323535353862373864356634 +34303939633836643336663236306639393163373264353565643031623336383965316333393862 +35633763653665383438333165626561663838336533633865623339363761333430356434373465 +37346634616638333738626630346538366631653237626538373864383837666535663931326361 +30643031366230653038623732623265383231656633393934323263303930666434623861326630 +30626136306431653539353135336237376432393638663961396431376434386438343633666261 +32653063373630303263646232626637313163366436363862346263343365363362393833303339 +30343437646466313566383238353632653361316461323331633438346562363038376639633932 +61653039626431366564643938336135353230636336306639373062666362666463656164363136 +61343434623636636136636334313865333864353061623363663865646364653238363337333439 +35353539343632653339336133313066626565333533336334303834653930346362333538363164 +34303334366562626665653630666539623735626661663435643236626537356630666433393835 +31383131333066616365363463333937636162633133343732343530336565333334373338323033 +36636439323766373563636664346433643263356466313566313662633438623462383334393438 +30383031376362376639346362386334333131343361646338623034356265373262643561656335 +31636265333833653839313830653230383733663635356562323062373365336137623738336530 +66636564663339626464356135646666376432313464346535636636613165353836386365333738 +62323739383939313561396235353537343637636262343338666332656238393566313231396135 +63393331326136656461316363346465633435653863663065633633663737616534353064643934 +34666565343437333839346235613766623334393166666162366430616439343364323661396230 +34393438663163313762653263653537376462316561306634666637356465646139323831343337 +32613736396437343064626233353532376263663338366337303832656166343063666231643037 +39303239633731306465303036356266353035626566313466623866346635363464333133346262 +30313235336231666363346361393064346432353533363937366663373536306632343439616133 +3365 diff --git a/ansible/inventories/group_vars/all/vms.yml b/ansible/inventories/group_vars/all/vms.yml index a89337f..b027274 100644 --- a/ansible/inventories/group_vars/all/vms.yml +++ b/ansible/inventories/group_vars/all/vms.yml @@ -11,26 +11,27 @@ vms: storage: purah-mirror-860gb cpu_type: host - # media-1: - # vmid: 420 - # node: purah - # cores: 8 - # memory: 16384 - # disk: 200G - # ip: 10.0.4.20 - # igpu: true - # network_bridge: "vmbr0" - # storage: purah-mirror-860gb + media-1: + vmid: 420 + node: purah + template_vmid: 9000 + cores: 8 + memory: 16384 + disk: 50G + ip: 10.0.4.20 + network_bridge: "vmbr0" + storage: purah-mirror-860gb - # apps-1: - # vmid: 430 - # node: yunobo - # cores: 6 - # memory: 16384 - # disk: 100G - # ip: 10.0.4.30 - # network_bridge: "vmbr2" - # storage: nvme-2tb + apps-1: + vmid: 430 + node: yunobo + template_vmid: 9003 + cores: 6 + memory: 16384 + disk: 100G + ip: 10.0.4.30 + network_bridge: "vmbr2" + storage: nvme-2tb edge-1: vmid: 401 diff --git a/ansible/inventories/host_vars/edge-1/main.yml b/ansible/inventories/host_vars/edge-1/main.yml index 1fb8638..2f8e317 100644 --- a/ansible/inventories/host_vars/edge-1/main.yml +++ b/ansible/inventories/host_vars/edge-1/main.yml @@ -6,3 +6,5 @@ keepalived_interface: eth0 keepalived_router_id: 51 keepalived_vip: 10.0.4.254 keepalived_password: "{{ vault_keepalived_password | default('changeme') }}" + +komodo_core_address: "10.0.4.10:9120" diff --git a/ansible/inventories/host_vars/edge-2/main.yml b/ansible/inventories/host_vars/edge-2/main.yml index 573e101..7b1dbb3 100644 --- a/ansible/inventories/host_vars/edge-2/main.yml +++ b/ansible/inventories/host_vars/edge-2/main.yml @@ -6,3 +6,5 @@ keepalived_interface: eth0 keepalived_router_id: 51 keepalived_vip: 10.0.4.254 keepalived_password: "{{ vault_keepalived_password | default('changeme') }}" + +komodo_core_address: "10.0.4.10:9120" diff --git a/ansible/inventories/production.yml b/ansible/inventories/production.yml index cb1aaaf..d885065 100644 --- a/ansible/inventories/production.yml +++ b/ansible/inventories/production.yml @@ -14,17 +14,11 @@ all: hosts: infra-core-1: ansible_host: 10.0.4.10 - yunobo: + media: hosts: media-1: ansible_host: 10.0.4.20 + apps: + hosts: apps-1: ansible_host: 10.0.4.30 - mipha: - hosts: - edge-1: - ansible_host: 10.0.4.1 - sidon: - hosts: - edge-2: - ansible_host: 10.0.4.2 diff --git a/ansible/playbooks/configure_vms.yml b/ansible/playbooks/configure_vms.yml new file mode 100644 index 0000000..ccc8fc1 --- /dev/null +++ b/ansible/playbooks/configure_vms.yml @@ -0,0 +1,33 @@ +--- +- hosts: infra + become: yes + roles: + - base + - docker + - komodo + - tinyauth + - pocketid + - website + +- hosts: edge + become: yes + roles: + - base + - docker + - keepalived + - traefik + - komodo-periphery + +- hosts: media + become: yes + roles: + - base + - docker + - komodo-periphery + +- hosts: apps + become: yes + roles: + - base + - docker + - komodo-periphery diff --git a/ansible/playbooks/provision_vms.yml b/ansible/playbooks/provision_vms.yml index f280fa0..c7f7472 100644 --- a/ansible/playbooks/provision_vms.yml +++ b/ansible/playbooks/provision_vms.yml @@ -1,24 +1,5 @@ --- -# - hosts: localhost -# gather_facts: no -# roles: -# - proxmox_vm - -- hosts: infra - become: yes +- hosts: localhost + gather_facts: no roles: - - base - - docker - - komodo - - tinyauth - - pocketid - - website - -- hosts: edge - become: yes - roles: - - base - - docker - - komodo-periphery - - keepalived - - traefik + - proxmox_vm diff --git a/ansible/roles/komodo-periphery/templates/docker-compose.yml.j2 b/ansible/roles/komodo-periphery/templates/docker-compose.yml.j2 index a4a5e4b..07a5027 100644 --- a/ansible/roles/komodo-periphery/templates/docker-compose.yml.j2 +++ b/ansible/roles/komodo-periphery/templates/docker-compose.yml.j2 @@ -1,17 +1,21 @@ services: periphery: - image: ghcr.io/moghtech/komodo-periphery:2 + image: ghcr.io/moghtech/komodo-periphery:2.1.0 init: true container_name: komodo-periphery restart: unless-stopped environment: - PERIPHERY_CORE_ADDRESS: 10.0.4.10:9120 + PERIPHERY_CORE_ADDRESS: {{ komodo_core_address }} PERIPHERY_CONNECT_AS: {{ inventory_hostname }} PERIPHERY_CORE_PUBLIC_KEYS: file:/config/keys/core.pub PERIPHERY_ROOT_DIRECTORY: /etc/komodo PERIPHERY_DISABLE_TERMINALS: false PERIPHERY_DISABLE_CONTAINER_TERMINALS: false PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname + KOMODO_SSL_ENABLED: false + PERIPHERY_BIND_IP: 0.0.0.0 + PERIPHERY_ONBOARDING_KEY: "{{ komodo_onboarding_key }}" + PERIPHERY_CORE_TLS_INSECURE_SKIP_VERIFY: true TZ: Europe/Lisbon volumes: - /data/komodo/app/keys:/config/keys diff --git a/ansible/roles/komodo/templates/docker-compose.yml.j2 b/ansible/roles/komodo/templates/docker-compose.yml.j2 index 6cfe1f7..b7d4a58 100644 --- a/ansible/roles/komodo/templates/docker-compose.yml.j2 +++ b/ansible/roles/komodo/templates/docker-compose.yml.j2 @@ -38,30 +38,10 @@ services: KOMODO_RESOURCE_POLL_INTERVAL: "1-hr" KOMODO_DISABLE_USER_REGISTRATION: true KOMODO_ENABLE_NEW_USERS: false + KOMODO_SSL_ENABLED: false + KOMODO_TLS_INSECURE_SKIP_VERIFY: true TZ: "Europe/Lisbon" volumes: - /data/komodo/app/keys:/config/keys - /data/komodo/app/backups:/backups - /var/run/docker.sock:/var/run/docker.sock - - periphery: - image: ghcr.io/moghtech/komodo-periphery:2 - init: true - container_name: komodo-periphery - restart: unless-stopped - depends_on: - - komodo-core - environment: - PERIPHERY_CORE_ADDRESS: ws://komodo-core:9120 - PERIPHERY_CONNECT_AS: "infra-core-1" - PERIPHERY_CORE_PUBLIC_KEYS: file:/config/keys/core.pub - PERIPHERY_ROOT_DIRECTORY: /etc/komodo - PERIPHERY_DISABLE_TERMINALS: false - PERIPHERY_DISABLE_CONTAINER_TERMINALS: false - PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname - TZ: "Europe/Lisbon" - volumes: - - /data/komodo/app/keys:/config/keys - - /var/run/docker.sock:/var/run/docker.sock - - /proc:/proc - - /etc/komodo:/etc/komodo diff --git a/ansible/roles/traefik/templates/remote-services.yml.j2 b/ansible/roles/traefik/templates/remote-services.yml.j2 index ebcc0f5..3487532 100644 --- a/ansible/roles/traefik/templates/remote-services.yml.j2 +++ b/ansible/roles/traefik/templates/remote-services.yml.j2 @@ -122,6 +122,22 @@ http: tls: certResolver: cloudflare {% endfor %} +{% endif %} +{% if config.auth_required | default(true) %} + # {{ service_name }} - internal network (no auth) + {{ service_name }}-int: + rule: "Host(`{{ config.subdomain }}.{{ domain }}`) && ClientIP(`10.0.0.0/21`)" + entryPoints: + - https + priority: 50 +{% if config.forward_https | default(false) %} + middlewares: + - {{ service_name }}-https-headers +{% endif %} + service: {{ service_name }} + tls: + certResolver: cloudflare +{% endif %} # {{ service_name }} - default path (with auth if required) {{ service_name }}: rule: "Host(`{{ config.subdomain }}.{{ domain }}`)" @@ -140,24 +156,6 @@ http: service: {{ service_name }} tls: certResolver: cloudflare -{% else %} - {{ service_name }}: - rule: "Host(`{{ config.subdomain }}.{{ domain }}`)" - entryPoints: - - https -{% if config.auth_required | default(true) or config.forward_https | default(false) %} - middlewares: -{% if config.auth_required | default(true) %} - - pocketid-auth -{% endif %} -{% if config.forward_https | default(false) %} - - {{ service_name }}-https-headers -{% endif %} -{% endif %} - service: {{ service_name }} - tls: - certResolver: cloudflare -{% endif %} {% endfor %} # Auto-configured services - HTTP to HTTPS redirect diff --git a/ansible/roles/vm_apps/tasks/main.yml b/ansible/roles/vm_apps/tasks/main.yml deleted file mode 100644 index e06f0fd..0000000 --- a/ansible/roles/vm_apps/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Create app directories - ansible.builtin.file: - path: "/data/{{ item }}" - state: directory - mode: "0755" - loop: - - paperless - - nextcloud - - mealie - - outline diff --git a/ansible/roles/vm_infra/tasks/main.yml b/ansible/roles/vm_infra/tasks/main.yml deleted file mode 100644 index 284a0fb..0000000 --- a/ansible/roles/vm_infra/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Create infra directories - ansible.builtin.file: - path: "/data/{{ item }}" - state: directory - mode: "0755" - loop: - - vaultwarden - - pi-hole - - uptime-kuma diff --git a/ansible/roles/vm_plex/tasks/main.yml b/ansible/roles/vm_plex/tasks/main.yml deleted file mode 100644 index 35fc76d..0000000 --- a/ansible/roles/vm_plex/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Ensure VM has iGPU passthrough (requires Proxmox pre-config) - ansible.builtin.debug: - msg: "Ensure /dev/dri is passed through on this VM: {{ inventory_hostname }}" - -- name: Mount media storage - ansible.builtin.file: - path: /data/media - state: directory - mode: "0755"