diff --git a/Dockerfile b/Dockerfile index fc4bacb..e4640e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,4 +12,9 @@ FROM base as update WORKDIR /ansible -COPY . . \ No newline at end of file +COPY collections/requirements.yml ./collections/requirements.yml +COPY ansible.cfg . + +RUN ansible-galaxy collection install -r collections/requirements.yml + +COPY . . diff --git a/inventory/my-cluster/host_vars/arr b/inventory/my-cluster/host_vars/arr index ee1e6a3..f0ae20e 100644 --- a/inventory/my-cluster/host_vars/arr +++ b/inventory/my-cluster/host_vars/arr @@ -3,4 +3,4 @@ ansible_user: root ansible_host: 10.0.2.25 ansible_ssh_pass: "{{ proxmox_api_password }}" -vmid: 616 +vmid: 225 diff --git a/inventory/my-cluster/host_vars/cloudflare-ddns b/inventory/my-cluster/host_vars/cloudflare-ddns index 7f28b8e..f613870 100644 --- a/inventory/my-cluster/host_vars/cloudflare-ddns +++ b/inventory/my-cluster/host_vars/cloudflare-ddns @@ -3,4 +3,5 @@ ansible_user: root ansible_host: 10.0.2.16 ansible_ssh_pass: "{{ proxmox_api_password }}" -vmid: 607 \ No newline at end of file +vmid: 100216 +: revali diff --git a/inventory/my-cluster/host_vars/n8n b/inventory/my-cluster/host_vars/n8n new file mode 100644 index 0000000..eae5b32 --- /dev/null +++ b/inventory/my-cluster/host_vars/n8n @@ -0,0 +1,6 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.40 +ansible_ssh_pass: "{{ proxmox_api_password }}" +vmid: 640 diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index f82fad6..0768d4f 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -4,7 +4,6 @@ swag cloudflare-ddns dahua-to-mqtt immich -# folding mastodon tautulli openvpn @@ -21,6 +20,7 @@ outline nginx-proxy-manager upsnap geoguessr +n8n [baremetal] mipha diff --git a/playbook-lxc-update.yml b/playbook-lxc-update.yml index 5cbcf16..db02d84 100644 --- a/playbook-lxc-update.yml +++ b/playbook-lxc-update.yml @@ -2,4 +2,4 @@ - hosts: lxc become: yes roles: - - role: lxc/update + - role: common/lxc/update diff --git a/playbook-n8n.yml b/playbook-n8n.yml new file mode 100644 index 0000000..e67e0a6 --- /dev/null +++ b/playbook-n8n.yml @@ -0,0 +1,27 @@ +--- +- hosts: localhost + become: yes + roles: + - role: n8n/provision/delete + vars: + vmid: 640 + - role: n8n/provision/create + vars: + vmid: 640 + - role: n8n/provision/start + vars: + vmid: 640 + +- hosts: impa + become: yes + roles: + - role: n8n/enable-ssh + vars: + vmid: 640 + +- hosts: n8n + become: yes + roles: + - role: n8n/update + - role: n8n/install-docker + - role: n8n/install-app diff --git a/roles/cloudflare-ddns/enable-ssh/tasks/main.yml b/roles/cloudflare-ddns/enable-ssh/tasks/main.yml index 3a179de..4e55b1d 100644 --- a/roles/cloudflare-ddns/enable-ssh/tasks/main.yml +++ b/roles/cloudflare-ddns/enable-ssh/tasks/main.yml @@ -2,7 +2,7 @@ # Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) - name: Allow SSH into LXC - ansible.builtin.command: lxc-attach -n 607 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + ansible.builtin.command: lxc-attach -n {{vmid}} -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config - name: Restart SSH Service - ansible.builtin.command: lxc-attach -n 607 service ssh restart + ansible.builtin.command: lxc-attach -n {{vmid}} service ssh restart diff --git a/roles/lxc/update/tasks/main.yml b/roles/common/lxc/update/tasks/main.yml similarity index 100% rename from roles/lxc/update/tasks/main.yml rename to roles/common/lxc/update/tasks/main.yml diff --git a/roles/immich/provision/create/tasks/main.yml b/roles/immich/provision/create/tasks/main.yml index b457afa..a982b76 100644 --- a/roles/immich/provision/create/tasks/main.yml +++ b/roles/immich/provision/create/tasks/main.yml @@ -8,7 +8,7 @@ api_host: 10.0.2.2 password: "{{ lxc_password }}" hostname: immich - ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst" netif: "{'net0':'name=eth0,\ gw=10.0.0.1,\ ip=10.0.2.18/21,\ diff --git a/roles/n8n/enable-ssh/tasks/main.yml b/roles/n8n/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..919593a --- /dev/null +++ b/roles/n8n/enable-ssh/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Pause for 10 seconds to wait for SSH server + ansible.builtin.pause: + seconds: 10 + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n 640 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n 640 service ssh restart diff --git a/roles/n8n/install-app/tasks/main.yml b/roles/n8n/install-app/tasks/main.yml new file mode 100644 index 0000000..98d60c2 --- /dev/null +++ b/roles/n8n/install-app/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Create directory for docker-compose + ansible.builtin.file: + path: /root/docker/ + state: directory + mode: "0755" + +- name: Copy .env file + template: + src: ".env" + dest: /root/docker/.env + owner: root + group: root + mode: 0755 + +- name: Copy docker-compose file + template: + src: "docker-compose.yml" + dest: /root/docker/docker-compose.yml + owner: root + group: root + mode: 0755 + +- name: Run docker-compose + ansible.builtin.shell: + args: + cmd: docker compose up -d + chdir: /root/docker/ diff --git a/roles/n8n/install-app/templates/.env b/roles/n8n/install-app/templates/.env new file mode 100644 index 0000000..c96d5d0 --- /dev/null +++ b/roles/n8n/install-app/templates/.env @@ -0,0 +1 @@ +WEBHOOK_URL=https://n8n.lino.cooking/ \ No newline at end of file diff --git a/roles/n8n/install-app/templates/docker-compose.yml b/roles/n8n/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..c380e22 --- /dev/null +++ b/roles/n8n/install-app/templates/docker-compose.yml @@ -0,0 +1,12 @@ +version: "3" +services: + n8n: + container_name: n8n + image: docker.n8n.io/n8nio/n8n + restart: always + env_file: + - .env + ports: + - 5678:5678 + volumes: + - /data/n8n:/home/node/.n8n \ No newline at end of file diff --git a/roles/n8n/install-docker/tasks/main.yml b/roles/n8n/install-docker/tasks/main.yml new file mode 100644 index 0000000..d5baba9 --- /dev/null +++ b/roles/n8n/install-docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Get convenience script + uri: + url: "https://get.docker.com" + method: GET + dest: /tmp/get-docker.sh + mode: a+x + creates: /tmp/get-docker.sh + +- name: Execute script + ansible.builtin.shell: /tmp/get-docker.sh + +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + +- name: Add root user to docker group + ansible.builtin.user: + name: root + groups: docker + append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/n8n/provision/create/tasks/main.yml b/roles/n8n/provision/create/tasks/main.yml new file mode 100644 index 0000000..7aa6226 --- /dev/null +++ b/roles/n8n/provision/create/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Create container + community.general.proxmox: + vmid: 640 + node: impa + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: n8n + ostemplate: "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip=10.0.2.40/21,\ + hwaddr=cc:c6:cf:de:20:40,\ + bridge=vmbr0'}" + cores: 2 + memory: 2048 + unprivileged: no + swap: 0 + searchdomain: "home" + onboot: 1 + features: + - nesting=1 + - keyctl=1 + mounts: '{ + "mp0":"ssd250:2,mp=/data,backup=1" + }' + disk: ssd250:10 + force: yes diff --git a/roles/n8n/provision/delete/tasks/main.yml b/roles/n8n/provision/delete/tasks/main.yml new file mode 100644 index 0000000..9ac89e8 --- /dev/null +++ b/roles/n8n/provision/delete/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Stop container + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^10.0.2.40" + diff --git a/roles/n8n/provision/start/tasks/main.yml b/roles/n8n/provision/start/tasks/main.yml new file mode 100644 index 0000000..de86b9b --- /dev/null +++ b/roles/n8n/provision/start/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started diff --git a/roles/n8n/update/tasks/main.yml b/roles/n8n/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/n8n/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full diff --git a/roles/paperless/install-app/templates/docker-compose.yml b/roles/paperless/install-app/templates/docker-compose.yml index 891ecb2..a0fe59b 100644 --- a/roles/paperless/install-app/templates/docker-compose.yml +++ b/roles/paperless/install-app/templates/docker-compose.yml @@ -35,6 +35,7 @@ services: - /data/paperless/consume:/usr/src/paperless/consume environment: PAPERLESS_URL: https://paperless.lino.cooking + PAPERLESS_OCR_USER_ARGS: {"invalidate_digital_signatures": true} PAPERLESS_REDIS: redis://paperless-broker:6379 PAPERLESS_DBHOST: paperless-db # The UID and GID of the user used to run paperless in the container. Set this diff --git a/roles/swag/install-app/templates/n8n.subdomain.conf b/roles/swag/install-app/templates/n8n.subdomain.conf new file mode 100755 index 0000000..501f05b --- /dev/null +++ b/roles/swag/install-app/templates/n8n.subdomain.conf @@ -0,0 +1,47 @@ +## Version 2023/05/31 +# make sure that your n8n container is named n8n +# make sure that your dns has a cname set for n8n +# add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name n8n.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + # include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + # include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.40; + set $upstream_port 5678; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} \ No newline at end of file