From fd32f290afcaa70605181bb61761c47391bb097c Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Mon, 10 Jul 2023 11:26:20 +0100 Subject: [PATCH] feat: Add nginx-proxy-manager --- .vscode/settings.json | 3 +- .../my-cluster/host_vars/nginx-proxy-manager | 6 + inventory/my-cluster/hosts.ini | 1 + playbook-lxc-update.yml | 5 + playbook-nginx-proxy-manager.yml | 23 ++ .../install-app/templates/docker-compose.yml | 205 +++++++++++------- roles/lxc/update/tasks/main.yml | 6 + .../enable-ssh/tasks/main.yml | 12 + .../install-app/tasks/main.yml | 20 ++ .../install-app/templates/docker-compose.yml | 12 + .../install-docker/tasks/main.yml | 27 +++ .../provision/create/tasks/main.yml | 27 +++ .../provision/delete/tasks/main.yml | 26 +++ .../provision/start/tasks/main.yml | 8 + .../nginx-proxy-manager/update/tasks/main.yml | 6 + 15 files changed, 305 insertions(+), 82 deletions(-) create mode 100644 inventory/my-cluster/host_vars/nginx-proxy-manager create mode 100644 playbook-lxc-update.yml create mode 100644 playbook-nginx-proxy-manager.yml create mode 100644 roles/lxc/update/tasks/main.yml create mode 100644 roles/nginx-proxy-manager/enable-ssh/tasks/main.yml create mode 100644 roles/nginx-proxy-manager/install-app/tasks/main.yml create mode 100644 roles/nginx-proxy-manager/install-app/templates/docker-compose.yml create mode 100644 roles/nginx-proxy-manager/install-docker/tasks/main.yml create mode 100644 roles/nginx-proxy-manager/provision/create/tasks/main.yml create mode 100644 roles/nginx-proxy-manager/provision/delete/tasks/main.yml create mode 100644 roles/nginx-proxy-manager/provision/start/tasks/main.yml create mode 100644 roles/nginx-proxy-manager/update/tasks/main.yml diff --git a/.vscode/settings.json b/.vscode/settings.json index 60f16e3..ac11ff0 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,3 +1,4 @@ { - "prettier.bracketSpacing": false + "prettier.bracketSpacing": false, + "ansible.python.interpreterPath": "/usr/local/bin/python3" } diff --git a/inventory/my-cluster/host_vars/nginx-proxy-manager b/inventory/my-cluster/host_vars/nginx-proxy-manager new file mode 100644 index 0000000..02fa7ad --- /dev/null +++ b/inventory/my-cluster/host_vars/nginx-proxy-manager @@ -0,0 +1,6 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.37 +ansible_ssh_pass: "{{ proxmox_api_password }}" +vmid: 637 diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index 8e63ba3..e78df36 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -18,6 +18,7 @@ paperless nextcloud minio outline +nginx-proxy-manager [baremetal] mipha diff --git a/playbook-lxc-update.yml b/playbook-lxc-update.yml new file mode 100644 index 0000000..5cbcf16 --- /dev/null +++ b/playbook-lxc-update.yml @@ -0,0 +1,5 @@ +--- +- hosts: lxc + become: yes + roles: + - role: lxc/update diff --git a/playbook-nginx-proxy-manager.yml b/playbook-nginx-proxy-manager.yml new file mode 100644 index 0000000..95b6c6b --- /dev/null +++ b/playbook-nginx-proxy-manager.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + become: yes + roles: + - role: nginx-proxy-manager/provision/delete + - role: nginx-proxy-manager/provision/create + - role: nginx-proxy-manager/provision/start + vars: + vmid: 637 + +- hosts: mipha + become: yes + roles: + - role: nginx-proxy-manager/enable-ssh + vars: + vmid: 637 + +- hosts: nginx-proxy-manager + become: yes + roles: + - role: nginx-proxy-manager/update + - role: nginx-proxy-manager/install-docker + - role: nginx-proxy-manager/install-app diff --git a/roles/arr/install-app/templates/docker-compose.yml b/roles/arr/install-app/templates/docker-compose.yml index 0997de6..0e907de 100644 --- a/roles/arr/install-app/templates/docker-compose.yml +++ b/roles/arr/install-app/templates/docker-compose.yml @@ -1,89 +1,132 @@ version: '3' services: - radarr: - image: linuxserver/radarr - container_name: radarr - restart: unless-stopped - volumes: - - /data/radarr:/config - - /downloads:/downloads - - /movies:/movies - ports: - - 7878:7878 - env_file: - - .env + radarr: + image: linuxserver/radarr + container_name: radarr + restart: unless-stopped + volumes: + - /data/radarr:/config + - /downloads:/downloads + - /movies:/movies + ports: + - 7878:7878 + env_file: + - .env - prowlarr: - image: linuxserver/prowlarr - container_name: prowlarr - restart: unless-stopped - ports: - - 9696:9696 - env_file: - - .env - volumes: - - /data/prowlarr:/config + prowlarr: + image: linuxserver/prowlarr + container_name: prowlarr + restart: unless-stopped + ports: + - 9696:9696 + env_file: + - .env + volumes: + - /data/prowlarr:/config - sonarr: - image: linuxserver/sonarr - container_name: sonarr - restart: unless-stopped - volumes: - - /data/sonarr:/config - - /downloads:/downloads - - /tv:/tv - ports: - - 8989:8989 - env_file: - - .env + sonarr: + image: linuxserver/sonarr + container_name: sonarr + restart: unless-stopped + volumes: + - /data/sonarr:/config + - /downloads:/downloads + - /tv:/tv + ports: + - 8989:8989 + env_file: + - .env - overseerr: - image: ghcr.io/linuxserver/overseerr - container_name: overseerr - restart: unless-stopped - ports: - - 5055:5055 - env_file: - - .env - volumes: - - /data/overseerr:/config + overseerr: + image: ghcr.io/linuxserver/overseerr + container_name: overseerr + restart: unless-stopped + ports: + - 5055:5055 + env_file: + - .env + volumes: + - /data/overseerr:/config - transmission: - image: ghcr.io/linuxserver/transmission - container_name: transmission - restart: unless-stopped - env_file: - - .env - volumes: - - /data/transmission:/config - - /downloads:/downloads - ports: - - 9091:9091 - - 51413:51413 - - 51413:51413/udp + transmission: + image: ghcr.io/linuxserver/transmission + container_name: transmission + restart: unless-stopped + env_file: + - .env + volumes: + - /data/transmission:/config + - /downloads:/downloads + ports: + - 9091:9091 + - 51413:51413 + - 51413:51413/udp - lidarr: - image: ghcr.io/linuxserver/lidarr - container_name: lidarr - ports: - - 8686:8686 - env_file: - - .env - volumes: - - /data/lidarr:/config - - /music:/music #optional - - /downloads:/downloads #optional - restart: unless-stopped + lidarr: + image: ghcr.io/linuxserver/lidarr + container_name: lidarr + ports: + - 8686:8686 + env_file: + - .env + volumes: + - /data/lidarr:/config + - /music:/music #optional + - /downloads:/downloads + restart: unless-stopped - bazarr: - image: lscr.io/linuxserver/bazarr - container_name: bazarr - restart: unless-stopped - ports: - - 6767:6767 - env_file: - - .env - volumes: - - /data/bazaar/config:/config - - /movies:/movies - - /tv:/tv + bazarr: + image: lscr.io/linuxserver/bazarr + container_name: bazarr + restart: unless-stopped + ports: + - 6767:6767 + env_file: + - .env + volumes: + - /data/bazaar/config:/config + - /movies:/movies + - /tv:/tv + + unpackerr: + image: golift/unpackerr + container_name: unpackerr + volumes: + - /data/unpackerr/config:/config + - /downloads:/downloads + - /movies:/movies + - /tv:/tv + restart: always + user: ${PUID}:${PGID} + ports: + - 5656:5656 + env_file: + - .env + environment: + - TZ=${TZ} + - UN_SONARR_0_URL=http://sonarr:8989 + - UN_SONARR_0_API_KEY=077e025b68d34102ac2c983450f306fb + - UN_SONARR_0_PATHS_0=/downloads + - UN_SONARR_0_PROTOCOLS=torrent + - UN_SONARR_0_TIMEOUT=10s + - UN_SONARR_0_DELETE_ORIG=false + - UN_SONARR_0_DELETE_DELAY=5m + # Radarr Config + - UN_RADARR_0_URL=http://radarr:7878 + - UN_RADARR_0_API_KEY=9676cdb6dc174d48b28d7561b7b7325a + - UN_RADARR_0_PATHS_0=/downloads + - UN_RADARR_0_PROTOCOLS=torrent + - UN_RADARR_0_TIMEOUT=10s + - UN_RADARR_0_DELETE_ORIG=false + - UN_RADARR_0_DELETE_DELAY=5m + # Lidarr Config + - UN_LIDARR_0_URL=http://lidarr:8686 + - UN_LIDARR_0_API_KEY=7653e6fb1af24a078225f608ee484b73 + - UN_LIDARR_0_PATHS_0=/downloads + - UN_LIDARR_0_PROTOCOLS=torrent + - UN_LIDARR_0_TIMEOUT=10s + - UN_LIDARR_0_DELETE_ORIG=false + - UN_LIDARR_0_DELETE_DELAY=5m + + security_opt: + - no-new-privileges:true diff --git a/roles/lxc/update/tasks/main.yml b/roles/lxc/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/lxc/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full diff --git a/roles/nginx-proxy-manager/enable-ssh/tasks/main.yml b/roles/nginx-proxy-manager/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..6a1d666 --- /dev/null +++ b/roles/nginx-proxy-manager/enable-ssh/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Pause for 10 seconds to wait for SSH server + ansible.builtin.pause: + seconds: 10 + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n 637 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n 637 service ssh restart diff --git a/roles/nginx-proxy-manager/install-app/tasks/main.yml b/roles/nginx-proxy-manager/install-app/tasks/main.yml new file mode 100644 index 0000000..3aa3110 --- /dev/null +++ b/roles/nginx-proxy-manager/install-app/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create directory for docker-compose + ansible.builtin.file: + path: /root/docker/ + state: directory + mode: "0755" + +- name: Copy docker-compose file + template: + src: "docker-compose.yml" + dest: /root/docker/docker-compose.yml + owner: root + group: root + mode: 0755 + +- name: Run docker-compose + ansible.builtin.shell: + args: + cmd: docker compose up -d + chdir: /root/docker/ diff --git a/roles/nginx-proxy-manager/install-app/templates/docker-compose.yml b/roles/nginx-proxy-manager/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..e207906 --- /dev/null +++ b/roles/nginx-proxy-manager/install-app/templates/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3.8' +services: + app: + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + ports: + - '80:80' # Public HTTP Port + - '443:443' # Public HTTPS Port + - '81:81' # Admin Web Port + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt diff --git a/roles/nginx-proxy-manager/install-docker/tasks/main.yml b/roles/nginx-proxy-manager/install-docker/tasks/main.yml new file mode 100644 index 0000000..d5baba9 --- /dev/null +++ b/roles/nginx-proxy-manager/install-docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Get convenience script + uri: + url: "https://get.docker.com" + method: GET + dest: /tmp/get-docker.sh + mode: a+x + creates: /tmp/get-docker.sh + +- name: Execute script + ansible.builtin.shell: /tmp/get-docker.sh + +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + +- name: Add root user to docker group + ansible.builtin.user: + name: root + groups: docker + append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/nginx-proxy-manager/provision/create/tasks/main.yml b/roles/nginx-proxy-manager/provision/create/tasks/main.yml new file mode 100644 index 0000000..08f7a41 --- /dev/null +++ b/roles/nginx-proxy-manager/provision/create/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Create container + community.general.proxmox: + vmid: 637 + node: mipha + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: nginx-proxy-manager + ostemplate: "local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip=10.0.2.37/21,\ + hwaddr=cc:c6:cf:de:20:37,\ + bridge=vmbr0'}" + cores: 2 + memory: 2048 + unprivileged: no + swap: 0 + searchdomain: "home" + onboot: 1 + features: + - nesting=1 + - keyctl=1 + disk: local-lvm:10 + force: yes diff --git a/roles/nginx-proxy-manager/provision/delete/tasks/main.yml b/roles/nginx-proxy-manager/provision/delete/tasks/main.yml new file mode 100644 index 0000000..ae3e6c4 --- /dev/null +++ b/roles/nginx-proxy-manager/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop container + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^10.0.2.37" diff --git a/roles/nginx-proxy-manager/provision/start/tasks/main.yml b/roles/nginx-proxy-manager/provision/start/tasks/main.yml new file mode 100644 index 0000000..de86b9b --- /dev/null +++ b/roles/nginx-proxy-manager/provision/start/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started diff --git a/roles/nginx-proxy-manager/update/tasks/main.yml b/roles/nginx-proxy-manager/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/nginx-proxy-manager/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full