Added mastodon, tautulli

2023-04-12 13:50:33 +01:00
parent e37782b856
commit 4fbe12c336
25 changed files with 533 additions and 2 deletions
@@ -135,4 +135,91 @@ igdb_secret: !vault |
          3730323833613961326161643730363434643363346138610a313230656534626137373232653633
          30303163646261666461366161336131326134633832643834623438363137323531393865613761
          3137316331353531350a306636306233326637623030666634353066396663623663386235393238
-          63303939666561353032396135646666623564616562306637613430663933626530
+          63303939666561353032396135646666623564616562306637613430663933626530
 mastodon_db_user: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          38613037323362636233336166643239636334333333366137306335643836636338343938303135
          3134373363343964613236313562393966363033623231310a613236383134616566646466633334
          61323031393663363438336265613062636432343338383936323161313264326662346538366436
          3863633263643239390a383664663636343934383333623830333931326330613861353333643663
          66303131633433376562643938313333383335323665643030623461623836643362633034613834
          61626134386236616538366332313032383732356638356531613534313638316165383665313939
          633035373238333032303637663366326431
 mastodon_db_name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          64376131373562633437313062366334663738336463613938653564323831316531373233396634
          3530613830303835666431366438376163383433623561350a653834353761616462316161613037
          64353430643062316465363764653830313065363261356231356466613533643565613562613437
          3338303632653865330a326337373830396230343764333231356134616365643138663731613264
          61323132363839666365326665323236373935666361663063343763363062333130663135366530
          30366231633932356662663863343330366266366538326232623136363934643334656366343763
          363833363666643162396434636536323166
 mastodon_db_pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          66383339653334616233336439376164616532333062393161346238643839393161653932386265
          3765376366323334613739316162336433623330373131360a653838663436663166373933353064
          30646663316631653236383437616637396331616339323439353238643866633732323438636138
          3530306635663631340a306237356664653033663865373964333835613733373565616638363864
          36333139633033333538306335336165306537303265396631616530366534643465323232336334
          33636635656130633131623437323764326565656635373265653065646135633066383561643033
          373333313535343534346331643865616539
 mastodon_key_base: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          33346261623634626666383762613065613865306530363831303032656335636332393564653030
          3866306433323432643930326133303831633437393265620a643234376332336262636364363866
          33396431653531626538396266626337623735666165636163616262393263373065356330343139
          3935356133653332370a313039366431343734363430353966386534363234316666613335353562
          36316435363862646437333431303430613138353338663233646130636436316366323831343531
          37623063656132336135313964333134323830373761316262386433363337303964366163313265
          61376438386466636332383932346431313537656332656362376630646565626130303939313432
          36646233633434383565386465376238373065303831326162386331653631633962353035376266
          33653332316563333138336439393839336263393438333663383536663834396365666332356334
          62316264633161363233346263366164643136656464373963303539623465383734326664386130
          633539303831656364653861336263613432
 mastodon_otp_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65316136326539313931396665656663356536636530613533306531663965303933643939643866
          3635646438363739303730343834623035613135623130390a316463366362386465353134663264
          64393337663866333333636635656535373064356263666161633033643635366533653530643336
          6236396264303463350a306333373231343566653939306564323332633237343463353566343836
          31323337633238393761656133613230393235663261383961616266373165376263376666333032
          62313033383339643438376662613235333464323566323763623031616531303238386334623133
          62653637323034613934313065646565323363313535653931306434393136663961663634313232
          33653933373537333834363538343432643037646165386633363334613566653538353464303839
          63373632653235376338336332303064356363653537333363326432306139666238393966306535
          66633266313465333066613161393734353263366561643865323666633733656439386564326233
          666338346237313564313937633466373937
 mastodon_vapid_private_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          38396438623163636339353633356339363435616262303865663834633436326331363365326433
          6438633038623639346566376233356339333832383939370a353533356630346163633434346533
          35386565386438383665623661653533646530623337373334356336396636376630356232656632
          6634376435383163300a613635613633383765646363643563393062653465353663353935333262
          35313830623635393737316337336436373730303963303962393365643165656164303633656233
          3766303666323931623230623533316139666265363231356237
 mastodon_vapid_public_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          61653763663734616263633063323466333064636230643263383935313134306163383135353131
          6166383263353435306333336131373431313363373334330a383031303163346238343061356537
          36653764366265323165336161303965353434366262616464646162353038353665363132616630
          6465353939316534340a626533343835303433383531373666643462326162653535313966373963
          65636561633532613166356666303833306332656266383237363561663239616139666465383532
          65613361663534616533343631386634316661616132383035333734353561643934353339373832
          34626531373530306464336437383636633830616336393265373934613030386534323335303436
          32373034336162346364643139353961323831636134313538333162373665373330636564306162
          3337
 gmail_smtp_pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          31396436653866313237616361636439343765323730383231633739643433646365383137343037
          3535373866653261303761396163373334383461323661380a376561663864346633646230633531
          35326435323434386564363037383961383934363163653635346233306139303664323037383435
          3763313639656566620a623639386437353662316631316638363862323334323838643037336464
          64373730623035616464303230626462666166636236363033633132363236306132
@@ -0,0 +1,6 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.20
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 vmid: 611
@@ -0,0 +1,6 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.21
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 vmid: 612
@@ -5,6 +5,8 @@ cloudflare-ddns
 dahua-to-mqtt
 immich
 folding
 mastodon
 tautulli
 [baremetal]
 mipha
@@ -0,0 +1,23 @@
 ---
 - hosts: localhost
  become: yes
  roles:
    - role: mastodon/provision/delete
    - role: mastodon/provision/create
    - role: mastodon/provision/start
      vars:
        vmid: 611
 - hosts: epona
  become: yes
  roles:
    - role: mastodon/enable-ssh
      vars:
        vmid: 611
 - hosts: mastodon
  become: yes
  roles:
    - role: mastodon/update
    - role: mastodon/install-docker
    - role: mastodon/install-app
@@ -0,0 +1,23 @@
 ---
 - hosts: localhost
  become: yes
  roles:
    - role: tautulli/provision/delete
    - role: tautulli/provision/create
    - role: tautulli/provision/start
      vars:
        vmid: 612
 - hosts: epona
  become: yes
  roles:
    - role: tautulli/enable-ssh
      vars:
        vmid: 612
 - hosts: tautulli
  become: yes
  roles:
    - role: tautulli/update
    - role: tautulli/install-docker
    - role: tautulli/install-app
@@ -0,0 +1,8 @@
 ---
 # Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
 - name: Allow SSH into LXC
  ansible.builtin.command: lxc-attach -n 611 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
 - name: Restart SSH Service
  ansible.builtin.command: lxc-attach -n 611 service ssh restart
@@ -0,0 +1,28 @@
 ---
 - name: Create directory for docker-compose
  ansible.builtin.file:
    path: /root/docker/
    state: directory
    mode: "0755"
 - name: Copy .env file
  template:
    src: ".env"
    dest: /root/docker/.env
    owner: root
    group: root
    mode: 0755
 - name: Copy docker-compose file
  template:
    src: "docker-compose.yml"
    dest: /root/docker/docker-compose.yml
    owner: root
    group: root
    mode: 0755
 - name: Run docker-compose
  ansible.builtin.shell:
  args:
    cmd: docker compose up -d
    chdir: /root/docker/
@@ -0,0 +1,39 @@
 PUID=1000
 PGID=1000
 TZ=Europe/Lisbon
 LOCAL_DOMAIN=social.lino.cooking
 REDIS_HOST=redis
 REDIS_PORT=6379
 DB_HOST=database
 DB_USER={{ mastodon_db_user }}
 DB_NAME={{ mastodon_db_name }}
 DB_PASS={{ mastodon_db_pass }}
 DB_PORT=5432
 POSTGRES_PASSWORD={{ mastodon_db_pass }}
 POSTGRES_USER={{ mastodon_db_user }}
 POSTGRES_DB={{ mastodon_db_name }}
 ES_ENABLED=false
 SECRET_KEY_BASE={{ mastodon_key_base }}
 OTP_SECRET={{ mastodon_otp_secret }}
 VAPID_PRIVATE_KEY={{ mastodon_vapid_private_key }}
 VAPID_PUBLIC_KEY={{ mastodon_vapid_public_key }}
 SMTP_SERVER=smtp.gmail.com
 SMTP_PORT=587
 SMTP_LOGIN=okulto@gmail.com
 SMTP_PASSWORD={{ gmail_smtp_pass }}
 SMTP_FROM_ADDRESS=mastodon@lino.cooking
 S3_ENABLED=false
 WEB_DOMAIN=social.lino.cooking
 #ES_HOST=es #optional
 #ES_PORT=9200 #optional
 #ES_USER=elastic #optional
 #ES_PASS=elastic #optional
 #S3_BUCKET= #optional
 #AWS_ACCESS_KEY_ID= #optional
 #AWS_SECRET_ACCESS_KEY= #optional
 #S3_ALIAS_HOST= #optional
 #SIDEKIQ_ONLY=false #optional
 #SIDEKIQ_QUEUE= #optional
 #SIDEKIQ_DEFAULT=false #optional
 #SIDEKIQ_THREADS=5 #optional
 #DB_POOL=5 #optional
@@ -0,0 +1,30 @@
 version: "2.1"
 services:
  mastodon:
    image: lscr.io/linuxserver/mastodon:latest
    container_name: mastodon
    env_file:
      - .env
    volumes:
      - /config:/config
    ports:
      - 80:80
    restart: unless-stopped
  redis:
    container_name: redis
    image: redis:latest
    restart: always
    env_file:
      - .env
  database:
    container_name: database
    image: postgres:14
    env_file:
      - .env
    environment:
      PG_DATA: /var/lib/postgresql/data
    volumes:
      - /psql/data:/var/lib/postgresql/data
    restart: always
@@ -0,0 +1,27 @@
 ---
 - name: Get convenience script
  uri:
    url: "https://get.docker.com"
    method: GET
    dest: /tmp/get-docker.sh
    mode: a+x
    creates: /tmp/get-docker.sh
 - name: Execute script
  ansible.builtin.shell: /tmp/get-docker.sh
 - name: Ensure group "docker" exists
  ansible.builtin.group:
    name: docker
    state: present
 - name: Add root user to docker group
  ansible.builtin.user:
    name: root
    groups: docker
    append: yes
 - name: Enable docker on startup
  ansible.builtin.shell: |
    systemctl enable docker.service
    systemctl enable containerd.service
@@ -0,0 +1,28 @@
 ---
 - name: Create container
  community.general.proxmox:
    vmid: 611
    node: epona
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: mastodon
    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.20/21,\
      hwaddr=cc:c6:cf:de:17:80,\
      bridge=vmbr0'}"
    cores: 4
    memory: 8192
    unprivileged: no
    swap: 0
    searchdomain: "home"
    onboot: 1
    features:
      - nesting=1
      - keyctl=1
    disk: local-lvm:50
    mounts: '{"mp0":"local-lvm:5,mp=/psql,backup=1", "mp1":"local-lvm:5,mp=/redis,backup=1", "mp2":"local-lvm:1,mp=/config,backup=1"}'
    force: yes
@@ -0,0 +1,26 @@
 ---
 - name: Stop container
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: stopped
  ignore_errors: true
  timeout: 90
 - name: Remove containers
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: absent
  ignore_errors: true
  timeout: 90
 - name: Remove .ssh/known_hosts lines
  ansible.builtin.lineinfile:
    path: /Users/lino.silva/.ssh/known_hosts
    state: absent
    regexp: "^10.0.2.20"
@@ -0,0 +1,8 @@
 ---
 - name: Start deployments
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: started
@@ -0,0 +1,6 @@
 ---
 - name: Update all packages to their latest version
  become: true
  ansible.builtin.apt:
    update_cache: yes
    upgrade: full
@@ -51,7 +51,7 @@ notifier:
  disable_startup_check: false
  smtp:
    username: okulto@gmail.com
-    password: tcqmoqyeoknwqcqj
+    password: {{ gmail_smtp_pass }}
    host: smtp.gmail.com
    port: 587
    sender: okulto@gmail.com
@@ -0,0 +1,50 @@
 ## Version 2023/02/05
 # make sure that your mastodon container is named mastodon
 # make sure that your dns has a cname set for mastodon
 # make sure you set `WEB_DOMAIN=mastodon.example.com` env var for the mastodon container
 # if you set `LOCAL_DOMAIN=example.com` (without the mastodon subdomain), then don't forget to add
 # the location block for redirecting `/.well-known/webfinger` into your main server block for the WEB_DOMAIN
 # See the upstream docs for more info: https://docs.joinmastodon.org/admin/config/#basic
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name social.*;
    include /config/nginx/ssl.conf;
    client_max_body_size 0;
    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;
    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;
    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;
    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;
        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;
        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;
        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 10.0.2.20;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
 }
@@ -0,0 +1,8 @@
 ---
 # Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
 - name: Allow SSH into LXC
  ansible.builtin.command: lxc-attach -n 612 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
 - name: Restart SSH Service
  ansible.builtin.command: lxc-attach -n 612 service ssh restart
@@ -0,0 +1,20 @@
 ---
 - name: Create directory for docker-compose
  ansible.builtin.file:
    path: /root/docker/
    state: directory
    mode: "0755"
 - name: Copy docker-compose file
  template:
    src: "docker-compose.yml"
    dest: /root/docker/docker-compose.yml
    owner: root
    group: root
    mode: 0755
 - name: Run docker-compose
  ansible.builtin.shell:
  args:
    cmd: docker compose up -d
    chdir: /root/docker/
@@ -0,0 +1,12 @@
 version: '3'
 services:
  tautulli:
    image: ghcr.io/tautulli/tautulli
    container_name: tautulli
    restart: unless-stopped
    volumes:
      - /root/config:/config
    environment:
      - TZ=Europe/Lisbon
    ports:
      - 8181:8181
@@ -0,0 +1,27 @@
 ---
 - name: Get convenience script
  uri:
    url: "https://get.docker.com"
    method: GET
    dest: /tmp/get-docker.sh
    mode: a+x
    creates: /tmp/get-docker.sh
 - name: Execute script
  ansible.builtin.shell: /tmp/get-docker.sh
 - name: Ensure group "docker" exists
  ansible.builtin.group:
    name: docker
    state: present
 - name: Add root user to docker group
  ansible.builtin.user:
    name: root
    groups: docker
    append: yes
 - name: Enable docker on startup
  ansible.builtin.shell: |
    systemctl enable docker.service
    systemctl enable containerd.service
@@ -0,0 +1,27 @@
 ---
 - name: Create container
  community.general.proxmox:
    vmid: 612
    node: epona
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: tautulli
    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.21/21,\
      hwaddr=cc:c6:cf:de:17:81,\
      bridge=vmbr0'}"
    cores: 4
    memory: 8192
    unprivileged: no
    swap: 0
    searchdomain: "home"
    onboot: 1
    features:
      - nesting=1
      - keyctl=1
    disk: local-lvm:15
    force: yes
@@ -0,0 +1,26 @@
 ---
 - name: Stop container
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: stopped
  ignore_errors: true
  timeout: 90
 - name: Remove containers
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: absent
  ignore_errors: true
  timeout: 90
 - name: Remove .ssh/known_hosts lines
  ansible.builtin.lineinfile:
    path: /Users/lino.silva/.ssh/known_hosts
    state: absent
    regexp: "^10.0.2.21"
@@ -0,0 +1,8 @@
 ---
 - name: Start deployments
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: started
@@ -0,0 +1,6 @@
 ---
 - name: Update all packages to their latest version
  become: true
  ansible.builtin.apt:
    update_cache: yes
    upgrade: full