From 4fbe12c3367b82e78b843360e4a687b61e24a41e Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Wed, 12 Apr 2023 13:50:33 +0100 Subject: [PATCH] Added mastodon, tautulli --- inventory/my-cluster/group_vars/all.yml | 89 ++++++++++++++++++- inventory/my-cluster/host_vars/mastodon | 6 ++ inventory/my-cluster/host_vars/tautulli | 6 ++ inventory/my-cluster/hosts.ini | 2 + playbook-mastodon.yml | 23 +++++ playbook-tautulli.yml | 23 +++++ roles/mastodon/enable-ssh/tasks/main.yml | 8 ++ roles/mastodon/install-app/tasks/main.yml | 28 ++++++ roles/mastodon/install-app/templates/.env | 39 ++++++++ .../install-app/templates/docker-compose.yml | 30 +++++++ roles/mastodon/install-docker/tasks/main.yml | 27 ++++++ .../mastodon/provision/create/tasks/main.yml | 28 ++++++ .../mastodon/provision/delete/tasks/main.yml | 26 ++++++ roles/mastodon/provision/start/tasks/main.yml | 8 ++ roles/mastodon/update/tasks/main.yml | 6 ++ .../templates/authelia-configuration.yml | 2 +- .../templates/mastodon.subdomain.conf | 50 +++++++++++ roles/tautulli/enable-ssh/tasks/main.yml | 8 ++ roles/tautulli/install-app/tasks/main.yml | 20 +++++ .../install-app/templates/docker-compose.yml | 12 +++ roles/tautulli/install-docker/tasks/main.yml | 27 ++++++ .../tautulli/provision/create/tasks/main.yml | 27 ++++++ .../tautulli/provision/delete/tasks/main.yml | 26 ++++++ roles/tautulli/provision/start/tasks/main.yml | 8 ++ roles/tautulli/update/tasks/main.yml | 6 ++ 25 files changed, 533 insertions(+), 2 deletions(-) create mode 100644 inventory/my-cluster/host_vars/mastodon create mode 100644 inventory/my-cluster/host_vars/tautulli create mode 100644 playbook-mastodon.yml create mode 100644 playbook-tautulli.yml create mode 100644 roles/mastodon/enable-ssh/tasks/main.yml create mode 100644 roles/mastodon/install-app/tasks/main.yml create mode 100644 roles/mastodon/install-app/templates/.env create mode 100644 roles/mastodon/install-app/templates/docker-compose.yml create mode 100644 roles/mastodon/install-docker/tasks/main.yml create mode 100644 roles/mastodon/provision/create/tasks/main.yml create mode 100644 roles/mastodon/provision/delete/tasks/main.yml create mode 100644 roles/mastodon/provision/start/tasks/main.yml create mode 100644 roles/mastodon/update/tasks/main.yml create mode 100644 roles/swag/install-app/templates/mastodon.subdomain.conf create mode 100644 roles/tautulli/enable-ssh/tasks/main.yml create mode 100644 roles/tautulli/install-app/tasks/main.yml create mode 100644 roles/tautulli/install-app/templates/docker-compose.yml create mode 100644 roles/tautulli/install-docker/tasks/main.yml create mode 100644 roles/tautulli/provision/create/tasks/main.yml create mode 100644 roles/tautulli/provision/delete/tasks/main.yml create mode 100644 roles/tautulli/provision/start/tasks/main.yml create mode 100644 roles/tautulli/update/tasks/main.yml diff --git a/inventory/my-cluster/group_vars/all.yml b/inventory/my-cluster/group_vars/all.yml index fe471d2..c2a38e9 100644 --- a/inventory/my-cluster/group_vars/all.yml +++ b/inventory/my-cluster/group_vars/all.yml @@ -135,4 +135,91 @@ igdb_secret: !vault | 3730323833613961326161643730363434643363346138610a313230656534626137373232653633 30303163646261666461366161336131326134633832643834623438363137323531393865613761 3137316331353531350a306636306233326637623030666634353066396663623663386235393238 - 63303939666561353032396135646666623564616562306637613430663933626530 \ No newline at end of file + 63303939666561353032396135646666623564616562306637613430663933626530 + +mastodon_db_user: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38613037323362636233336166643239636334333333366137306335643836636338343938303135 + 3134373363343964613236313562393966363033623231310a613236383134616566646466633334 + 61323031393663363438336265613062636432343338383936323161313264326662346538366436 + 3863633263643239390a383664663636343934383333623830333931326330613861353333643663 + 66303131633433376562643938313333383335323665643030623461623836643362633034613834 + 61626134386236616538366332313032383732356638356531613534313638316165383665313939 + 633035373238333032303637663366326431 + +mastodon_db_name: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64376131373562633437313062366334663738336463613938653564323831316531373233396634 + 3530613830303835666431366438376163383433623561350a653834353761616462316161613037 + 64353430643062316465363764653830313065363261356231356466613533643565613562613437 + 3338303632653865330a326337373830396230343764333231356134616365643138663731613264 + 61323132363839666365326665323236373935666361663063343763363062333130663135366530 + 30366231633932356662663863343330366266366538326232623136363934643334656366343763 + 363833363666643162396434636536323166 + +mastodon_db_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 66383339653334616233336439376164616532333062393161346238643839393161653932386265 + 3765376366323334613739316162336433623330373131360a653838663436663166373933353064 + 30646663316631653236383437616637396331616339323439353238643866633732323438636138 + 3530306635663631340a306237356664653033663865373964333835613733373565616638363864 + 36333139633033333538306335336165306537303265396631616530366534643465323232336334 + 33636635656130633131623437323764326565656635373265653065646135633066383561643033 + 373333313535343534346331643865616539 + +mastodon_key_base: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33346261623634626666383762613065613865306530363831303032656335636332393564653030 + 3866306433323432643930326133303831633437393265620a643234376332336262636364363866 + 33396431653531626538396266626337623735666165636163616262393263373065356330343139 + 3935356133653332370a313039366431343734363430353966386534363234316666613335353562 + 36316435363862646437333431303430613138353338663233646130636436316366323831343531 + 37623063656132336135313964333134323830373761316262386433363337303964366163313265 + 61376438386466636332383932346431313537656332656362376630646565626130303939313432 + 36646233633434383565386465376238373065303831326162386331653631633962353035376266 + 33653332316563333138336439393839336263393438333663383536663834396365666332356334 + 62316264633161363233346263366164643136656464373963303539623465383734326664386130 + 633539303831656364653861336263613432 + +mastodon_otp_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65316136326539313931396665656663356536636530613533306531663965303933643939643866 + 3635646438363739303730343834623035613135623130390a316463366362386465353134663264 + 64393337663866333333636635656535373064356263666161633033643635366533653530643336 + 6236396264303463350a306333373231343566653939306564323332633237343463353566343836 + 31323337633238393761656133613230393235663261383961616266373165376263376666333032 + 62313033383339643438376662613235333464323566323763623031616531303238386334623133 + 62653637323034613934313065646565323363313535653931306434393136663961663634313232 + 33653933373537333834363538343432643037646165386633363334613566653538353464303839 + 63373632653235376338336332303064356363653537333363326432306139666238393966306535 + 66633266313465333066613161393734353263366561643865323666633733656439386564326233 + 666338346237313564313937633466373937 + +mastodon_vapid_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38396438623163636339353633356339363435616262303865663834633436326331363365326433 + 6438633038623639346566376233356339333832383939370a353533356630346163633434346533 + 35386565386438383665623661653533646530623337373334356336396636376630356232656632 + 6634376435383163300a613635613633383765646363643563393062653465353663353935333262 + 35313830623635393737316337336436373730303963303962393365643165656164303633656233 + 3766303666323931623230623533316139666265363231356237 + +mastodon_vapid_public_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 61653763663734616263633063323466333064636230643263383935313134306163383135353131 + 6166383263353435306333336131373431313363373334330a383031303163346238343061356537 + 36653764366265323165336161303965353434366262616464646162353038353665363132616630 + 6465353939316534340a626533343835303433383531373666643462326162653535313966373963 + 65636561633532613166356666303833306332656266383237363561663239616139666465383532 + 65613361663534616533343631386634316661616132383035333734353561643934353339373832 + 34626531373530306464336437383636633830616336393265373934613030386534323335303436 + 32373034336162346364643139353961323831636134313538333162373665373330636564306162 + 3337 + +gmail_smtp_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31396436653866313237616361636439343765323730383231633739643433646365383137343037 + 3535373866653261303761396163373334383461323661380a376561663864346633646230633531 + 35326435323434386564363037383961383934363163653635346233306139303664323037383435 + 3763313639656566620a623639386437353662316631316638363862323334323838643037336464 + 64373730623035616464303230626462666166636236363033633132363236306132 \ No newline at end of file diff --git a/inventory/my-cluster/host_vars/mastodon b/inventory/my-cluster/host_vars/mastodon new file mode 100644 index 0000000..6d4d409 --- /dev/null +++ b/inventory/my-cluster/host_vars/mastodon @@ -0,0 +1,6 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.20 +ansible_ssh_pass: "{{ proxmox_api_password }}" +vmid: 611 diff --git a/inventory/my-cluster/host_vars/tautulli b/inventory/my-cluster/host_vars/tautulli new file mode 100644 index 0000000..1a33c92 --- /dev/null +++ b/inventory/my-cluster/host_vars/tautulli @@ -0,0 +1,6 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.21 +ansible_ssh_pass: "{{ proxmox_api_password }}" +vmid: 612 diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index 3d95233..0e492ee 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -5,6 +5,8 @@ cloudflare-ddns dahua-to-mqtt immich folding +mastodon +tautulli [baremetal] mipha diff --git a/playbook-mastodon.yml b/playbook-mastodon.yml new file mode 100644 index 0000000..6edce02 --- /dev/null +++ b/playbook-mastodon.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + become: yes + roles: + - role: mastodon/provision/delete + - role: mastodon/provision/create + - role: mastodon/provision/start + vars: + vmid: 611 + +- hosts: epona + become: yes + roles: + - role: mastodon/enable-ssh + vars: + vmid: 611 + +- hosts: mastodon + become: yes + roles: + - role: mastodon/update + - role: mastodon/install-docker + - role: mastodon/install-app diff --git a/playbook-tautulli.yml b/playbook-tautulli.yml new file mode 100644 index 0000000..d2a9a57 --- /dev/null +++ b/playbook-tautulli.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + become: yes + roles: + - role: tautulli/provision/delete + - role: tautulli/provision/create + - role: tautulli/provision/start + vars: + vmid: 612 + +- hosts: epona + become: yes + roles: + - role: tautulli/enable-ssh + vars: + vmid: 612 + +- hosts: tautulli + become: yes + roles: + - role: tautulli/update + - role: tautulli/install-docker + - role: tautulli/install-app diff --git a/roles/mastodon/enable-ssh/tasks/main.yml b/roles/mastodon/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..5e4b846 --- /dev/null +++ b/roles/mastodon/enable-ssh/tasks/main.yml @@ -0,0 +1,8 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n 611 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n 611 service ssh restart diff --git a/roles/mastodon/install-app/tasks/main.yml b/roles/mastodon/install-app/tasks/main.yml new file mode 100644 index 0000000..98d60c2 --- /dev/null +++ b/roles/mastodon/install-app/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Create directory for docker-compose + ansible.builtin.file: + path: /root/docker/ + state: directory + mode: "0755" + +- name: Copy .env file + template: + src: ".env" + dest: /root/docker/.env + owner: root + group: root + mode: 0755 + +- name: Copy docker-compose file + template: + src: "docker-compose.yml" + dest: /root/docker/docker-compose.yml + owner: root + group: root + mode: 0755 + +- name: Run docker-compose + ansible.builtin.shell: + args: + cmd: docker compose up -d + chdir: /root/docker/ diff --git a/roles/mastodon/install-app/templates/.env b/roles/mastodon/install-app/templates/.env new file mode 100644 index 0000000..a78255e --- /dev/null +++ b/roles/mastodon/install-app/templates/.env @@ -0,0 +1,39 @@ +PUID=1000 +PGID=1000 +TZ=Europe/Lisbon +LOCAL_DOMAIN=social.lino.cooking +REDIS_HOST=redis +REDIS_PORT=6379 +DB_HOST=database +DB_USER={{ mastodon_db_user }} +DB_NAME={{ mastodon_db_name }} +DB_PASS={{ mastodon_db_pass }} +DB_PORT=5432 +POSTGRES_PASSWORD={{ mastodon_db_pass }} +POSTGRES_USER={{ mastodon_db_user }} +POSTGRES_DB={{ mastodon_db_name }} +ES_ENABLED=false +SECRET_KEY_BASE={{ mastodon_key_base }} +OTP_SECRET={{ mastodon_otp_secret }} +VAPID_PRIVATE_KEY={{ mastodon_vapid_private_key }} +VAPID_PUBLIC_KEY={{ mastodon_vapid_public_key }} +SMTP_SERVER=smtp.gmail.com +SMTP_PORT=587 +SMTP_LOGIN=okulto@gmail.com +SMTP_PASSWORD={{ gmail_smtp_pass }} +SMTP_FROM_ADDRESS=mastodon@lino.cooking +S3_ENABLED=false +WEB_DOMAIN=social.lino.cooking +#ES_HOST=es #optional +#ES_PORT=9200 #optional +#ES_USER=elastic #optional +#ES_PASS=elastic #optional +#S3_BUCKET= #optional +#AWS_ACCESS_KEY_ID= #optional +#AWS_SECRET_ACCESS_KEY= #optional +#S3_ALIAS_HOST= #optional +#SIDEKIQ_ONLY=false #optional +#SIDEKIQ_QUEUE= #optional +#SIDEKIQ_DEFAULT=false #optional +#SIDEKIQ_THREADS=5 #optional +#DB_POOL=5 #optional \ No newline at end of file diff --git a/roles/mastodon/install-app/templates/docker-compose.yml b/roles/mastodon/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..427b800 --- /dev/null +++ b/roles/mastodon/install-app/templates/docker-compose.yml @@ -0,0 +1,30 @@ +version: "2.1" +services: + mastodon: + image: lscr.io/linuxserver/mastodon:latest + container_name: mastodon + env_file: + - .env + volumes: + - /config:/config + ports: + - 80:80 + restart: unless-stopped + + redis: + container_name: redis + image: redis:latest + restart: always + env_file: + - .env + + database: + container_name: database + image: postgres:14 + env_file: + - .env + environment: + PG_DATA: /var/lib/postgresql/data + volumes: + - /psql/data:/var/lib/postgresql/data + restart: always diff --git a/roles/mastodon/install-docker/tasks/main.yml b/roles/mastodon/install-docker/tasks/main.yml new file mode 100644 index 0000000..d5baba9 --- /dev/null +++ b/roles/mastodon/install-docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Get convenience script + uri: + url: "https://get.docker.com" + method: GET + dest: /tmp/get-docker.sh + mode: a+x + creates: /tmp/get-docker.sh + +- name: Execute script + ansible.builtin.shell: /tmp/get-docker.sh + +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + +- name: Add root user to docker group + ansible.builtin.user: + name: root + groups: docker + append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/mastodon/provision/create/tasks/main.yml b/roles/mastodon/provision/create/tasks/main.yml new file mode 100644 index 0000000..3832836 --- /dev/null +++ b/roles/mastodon/provision/create/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Create container + community.general.proxmox: + vmid: 611 + node: epona + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: mastodon + ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip=10.0.2.20/21,\ + hwaddr=cc:c6:cf:de:17:80,\ + bridge=vmbr0'}" + cores: 4 + memory: 8192 + unprivileged: no + swap: 0 + searchdomain: "home" + onboot: 1 + features: + - nesting=1 + - keyctl=1 + disk: local-lvm:50 + mounts: '{"mp0":"local-lvm:5,mp=/psql,backup=1", "mp1":"local-lvm:5,mp=/redis,backup=1", "mp2":"local-lvm:1,mp=/config,backup=1"}' + force: yes diff --git a/roles/mastodon/provision/delete/tasks/main.yml b/roles/mastodon/provision/delete/tasks/main.yml new file mode 100644 index 0000000..32583c3 --- /dev/null +++ b/roles/mastodon/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop container + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^10.0.2.20" diff --git a/roles/mastodon/provision/start/tasks/main.yml b/roles/mastodon/provision/start/tasks/main.yml new file mode 100644 index 0000000..de86b9b --- /dev/null +++ b/roles/mastodon/provision/start/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started diff --git a/roles/mastodon/update/tasks/main.yml b/roles/mastodon/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/mastodon/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full diff --git a/roles/swag/install-app/templates/authelia-configuration.yml b/roles/swag/install-app/templates/authelia-configuration.yml index 9b0300f..46da68e 100644 --- a/roles/swag/install-app/templates/authelia-configuration.yml +++ b/roles/swag/install-app/templates/authelia-configuration.yml @@ -51,7 +51,7 @@ notifier: disable_startup_check: false smtp: username: okulto@gmail.com - password: tcqmoqyeoknwqcqj + password: {{ gmail_smtp_pass }} host: smtp.gmail.com port: 587 sender: okulto@gmail.com diff --git a/roles/swag/install-app/templates/mastodon.subdomain.conf b/roles/swag/install-app/templates/mastodon.subdomain.conf new file mode 100644 index 0000000..0a9368b --- /dev/null +++ b/roles/swag/install-app/templates/mastodon.subdomain.conf @@ -0,0 +1,50 @@ +## Version 2023/02/05 +# make sure that your mastodon container is named mastodon +# make sure that your dns has a cname set for mastodon +# make sure you set `WEB_DOMAIN=mastodon.example.com` env var for the mastodon container +# if you set `LOCAL_DOMAIN=example.com` (without the mastodon subdomain), then don't forget to add +# the location block for redirecting `/.well-known/webfinger` into your main server block for the WEB_DOMAIN +# See the upstream docs for more info: https://docs.joinmastodon.org/admin/config/#basic + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name social.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.20; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} \ No newline at end of file diff --git a/roles/tautulli/enable-ssh/tasks/main.yml b/roles/tautulli/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..8e26928 --- /dev/null +++ b/roles/tautulli/enable-ssh/tasks/main.yml @@ -0,0 +1,8 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n 612 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n 612 service ssh restart diff --git a/roles/tautulli/install-app/tasks/main.yml b/roles/tautulli/install-app/tasks/main.yml new file mode 100644 index 0000000..3aa3110 --- /dev/null +++ b/roles/tautulli/install-app/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create directory for docker-compose + ansible.builtin.file: + path: /root/docker/ + state: directory + mode: "0755" + +- name: Copy docker-compose file + template: + src: "docker-compose.yml" + dest: /root/docker/docker-compose.yml + owner: root + group: root + mode: 0755 + +- name: Run docker-compose + ansible.builtin.shell: + args: + cmd: docker compose up -d + chdir: /root/docker/ diff --git a/roles/tautulli/install-app/templates/docker-compose.yml b/roles/tautulli/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..06e48bb --- /dev/null +++ b/roles/tautulli/install-app/templates/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3' +services: + tautulli: + image: ghcr.io/tautulli/tautulli + container_name: tautulli + restart: unless-stopped + volumes: + - /root/config:/config + environment: + - TZ=Europe/Lisbon + ports: + - 8181:8181 diff --git a/roles/tautulli/install-docker/tasks/main.yml b/roles/tautulli/install-docker/tasks/main.yml new file mode 100644 index 0000000..d5baba9 --- /dev/null +++ b/roles/tautulli/install-docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Get convenience script + uri: + url: "https://get.docker.com" + method: GET + dest: /tmp/get-docker.sh + mode: a+x + creates: /tmp/get-docker.sh + +- name: Execute script + ansible.builtin.shell: /tmp/get-docker.sh + +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + +- name: Add root user to docker group + ansible.builtin.user: + name: root + groups: docker + append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/tautulli/provision/create/tasks/main.yml b/roles/tautulli/provision/create/tasks/main.yml new file mode 100644 index 0000000..8997403 --- /dev/null +++ b/roles/tautulli/provision/create/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Create container + community.general.proxmox: + vmid: 612 + node: epona + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: tautulli + ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip=10.0.2.21/21,\ + hwaddr=cc:c6:cf:de:17:81,\ + bridge=vmbr0'}" + cores: 4 + memory: 8192 + unprivileged: no + swap: 0 + searchdomain: "home" + onboot: 1 + features: + - nesting=1 + - keyctl=1 + disk: local-lvm:15 + force: yes diff --git a/roles/tautulli/provision/delete/tasks/main.yml b/roles/tautulli/provision/delete/tasks/main.yml new file mode 100644 index 0000000..ae21012 --- /dev/null +++ b/roles/tautulli/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop container + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^10.0.2.21" diff --git a/roles/tautulli/provision/start/tasks/main.yml b/roles/tautulli/provision/start/tasks/main.yml new file mode 100644 index 0000000..de86b9b --- /dev/null +++ b/roles/tautulli/provision/start/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started diff --git a/roles/tautulli/update/tasks/main.yml b/roles/tautulli/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/tautulli/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full