From 200b21a54c2e910777c3835b6149fd29faae4c4b Mon Sep 17 00:00:00 2001 From: josiah Date: Fri, 22 Dec 2023 15:38:43 -0600 Subject: [PATCH 01/15] Delete unneeded files. --- docker/media-server/docker-compose.yml | 142 ------------------------- submod/jlj-matrix | 1 - 2 files changed, 143 deletions(-) delete mode 100644 docker/media-server/docker-compose.yml delete mode 160000 submod/jlj-matrix diff --git a/docker/media-server/docker-compose.yml b/docker/media-server/docker-compose.yml deleted file mode 100644 index ce282c3..0000000 --- a/docker/media-server/docker-compose.yml +++ /dev/null @@ -1,142 +0,0 @@ -version: '3' - -services: - traefik: - # The official v2 Traefik docker image - image: traefik:v2.2 - # Enables the web UI and tells Traefik to listen to docker - volumes: - # So that Traefik can listen to the Docker events - - /var/run/docker.sock:/var/run/docker.sock - command: --web --docker --docker.swarmmode --docker.watch --docker.domain=home.jowj.net --logLevel=DEBUG - ports: - - target: 80 - published: 80 - protocol: tcp - mode: host - - target: 443 - published: 443 - protocol: tcp - mode: host - - target: 8080 - published: 8080 - protocol: tcp - sonarr: - image: "linuxserver/sonarr" - ports: - - "8989:8989" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/sonarr:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/tv/:/tv" - lidarr: - image: "linuxserver/lidarr" - ports: - - "8686:8686" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/lidarr:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/audio/:/music" - # headphones: - # image: "linuxserver/headphones" - # ports: - # - "8181:8181" - # restart: unless-stopped - # environment: - # PUID: 1000 - # PGID: 1000 - # TZ: America/Chicago - # volumes: - # - "/home/josiah/Documents/apps/headphones:/config" - # - "/home/josiah/Downloads/usenet-complete/:/downloads" - # - "/media/usenet/audio/:/music" - radarr: - image: "linuxserver/radarr" - ports: - - "7878:7878" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/radarr:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/movies/:/movies" - sabnzb: - image: "funkypenguin/sabnzbd" - ports: - - "8080:8080" - - "9090:9090" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/sabnzbd:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/home/josiah/Downloads/usenet-incomplete/:/incomplete-downloads" - - "/home/josiah/Downloads/usenet-watched/:/watched-folder" - - "/media/usenet/tv:/tv" - - "/media/usenet/audio/:/music" - - "/media/usenet/movies/:/movies" - - "/media/usenet/itunes-synology/iTunes Media/Automatically Add to iTunes.localized/:/itunes" - - "/media/usenet/book-library/books/:/books" - lazylibrarian: - image: "thraxis/lazylibrarian-calibre" - ports: - - "5299:5299" - restart: unless-stopped - environment: - PUID: 1000 - PGID: 1000 - TZ: America/Chicago - volumes: - - "/home/josiah/apps/lazylibrarian:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - - "/media/usenet/book-library/calibre-library/:/calibre-library" - - "/media/usenet/book-library/books/:/books" - - "/media/usenet/book-library/audiobooks:/audiobooks" - # calibre: - # image: "linuxserver/calibre" - # container_name: calibre - # ports: - # - "8219:8080" - # - "8081:8081" - # restart: unless-stopped - # environment: - # PUID: 1000 - # PGID: 1000 - # TZ: America/Chicago - # volumes: - # - "/home/josiah/apps/calibre:/config" - # - "/home/josiah/Downloads/usenet-complete/:/downloads" - # - "/media/usenet/book-library/calibre-library/:/calibre-library" - # - "/media/usenet/book-library/temp/:/import" - - hydra2: - image: linuxserver/hydra2 - container_name: hydra2 - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - volumes: - - "/home/josiah/apps/sabnzbd:/config" - - "/home/josiah/Downloads/usenet-complete/:/downloads" - ports: - - 5076:5076 - restart: unless-stopped - labels: - - "traefik.http.routers.hatchery-hydra2.rule=Host(`hatchery.home.jowj.net/hydra2`)" diff --git a/submod/jlj-matrix b/submod/jlj-matrix deleted file mode 160000 index 3105f47..0000000 --- a/submod/jlj-matrix +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 3105f4748eeb3f45512f348ffd34629cd17c4017 From b4edd7550ec6b0c99dcc59dd0a7467616dd44549 Mon Sep 17 00:00:00 2001 From: josiah Date: Fri, 22 Dec 2023 15:38:54 -0600 Subject: [PATCH 02/15] Add Docker to base debian image. --- ansible/roles/debian_base/tasks/main.yml | 14 ++++++++------ ansible/roles/debian_base/vars/main.yml | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ansible/roles/debian_base/tasks/main.yml b/ansible/roles/debian_base/tasks/main.yml index fd2195f..bef74ba 100644 --- a/ansible/roles/debian_base/tasks/main.yml +++ b/ansible/roles/debian_base/tasks/main.yml @@ -6,16 +6,18 @@ - name: Install aptitude using apt apt: name=aptitude state=latest update_cache=yes force_apt_get=yes -# Add custom packages to apt. -- name: Add tailscale GPG apt Key +- name: Add Docker GPG apt Key apt_key: - url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg + url: https://download.docker.com/linux/debian/gpg state: present -- name: Add tailscsale Repository +- name: Add Docker Repository apt_repository: - repo: deb https://pkgs.tailscale.com/stable/debian bullseye main - state: present + repo: deb https://download.docker.com/linux/ubuntu bionic stable + state: present + +- name: Update apt + apt: update_cache=yes # Add our packages - name: Install required system packages diff --git a/ansible/roles/debian_base/vars/main.yml b/ansible/roles/debian_base/vars/main.yml index d46ffed..119fa91 100644 --- a/ansible/roles/debian_base/vars/main.yml +++ b/ansible/roles/debian_base/vars/main.yml @@ -1,3 +1,3 @@ create_users: ['josiah', 'alice'] copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}" -sys_packages: [ 'sudo', 'tailscale' ] +sys_packages: [ 'sudo', 'python3-docker','docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ] From b268a75a20afac60016c165e25bbda820a1f409d Mon Sep 17 00:00:00 2001 From: josiah Date: Fri, 22 Dec 2023 15:39:05 -0600 Subject: [PATCH 03/15] Add lair host. --- ansible/inventory/hosts.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index 2b7252e..2cb3f09 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -8,6 +8,8 @@ all: hosts: hatchery.home.jowj.net: larva.home.jowj.net: + lair: + ansible_host: 192.168.1.120 appliances: hosts: storage.home.jowj.net: @@ -16,9 +18,13 @@ all: hosts: localhost: ansible_connection: local - mediaserver: + # mediaserver: + # hosts: + # hatchery: + # ansible_python_interpreter: /usr/bin/python3 + services: hosts: - hatchery: + lair: ansible_python_interpreter: /usr/bin/python3 syslog: hosts: From c5259ad963fee3b9e72233a3cdfea36578f9beeb Mon Sep 17 00:00:00 2001 From: josiah Date: Fri, 22 Dec 2023 15:39:20 -0600 Subject: [PATCH 04/15] Remove old home-services file, add new abjure deploy play. --- ansible/_deploy_abjure.yml | 9 +++++++++ ansible/home-services.yml | 7 ------- 2 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 ansible/_deploy_abjure.yml delete mode 100644 ansible/home-services.yml diff --git a/ansible/_deploy_abjure.yml b/ansible/_deploy_abjure.yml new file mode 100644 index 0000000..b1dd706 --- /dev/null +++ b/ansible/_deploy_abjure.yml @@ -0,0 +1,9 @@ +- name: deploy abjure media servers + hosts: services + remote_user: "{{ remote_user }}" + tasks: + - debug: msg="Deploying home services stack to local server" + roles: + - { name: debian_base } + #- { name: tailscale } + - { name: abjure } diff --git a/ansible/home-services.yml b/ansible/home-services.yml deleted file mode 100644 index 08b6b7d..0000000 --- a/ansible/home-services.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: deploy home services - hosts: mediaserver - remote_user: "{{ remote_user }}" - tasks: - - debug: msg="Deploying home services stack to local server" - roles: - - { name: home-net, tags: ['home-net'] } From 2a1b82bfa948b89723933cb7b768c77c826d57ef Mon Sep 17 00:00:00 2001 From: josiah Date: Fri, 22 Dec 2023 15:39:39 -0600 Subject: [PATCH 05/15] Copy mediaserver to abjure role as a WIP starting point. --- ansible/roles/abjure/readme.md | 5 + ansible/roles/abjure/tasks/main.yml | 70 +++++++++++++ ansible/roles/abjure/templates/.env.j2 | 15 +++ .../abjure/templates/mediaserver-compose.yml | 98 +++++++++++++++++++ ansible/roles/abjure/templates/traefik.yml.j2 | 49 ++++++++++ ansible/roles/abjure/vars/main.yml | 1 + 6 files changed, 238 insertions(+) create mode 100644 ansible/roles/abjure/readme.md create mode 100644 ansible/roles/abjure/tasks/main.yml create mode 100644 ansible/roles/abjure/templates/.env.j2 create mode 100644 ansible/roles/abjure/templates/mediaserver-compose.yml create mode 100644 ansible/roles/abjure/templates/traefik.yml.j2 create mode 100644 ansible/roles/abjure/vars/main.yml diff --git a/ansible/roles/abjure/readme.md b/ansible/roles/abjure/readme.md new file mode 100644 index 0000000..e8fdbd9 --- /dev/null +++ b/ansible/roles/abjure/readme.md @@ -0,0 +1,5 @@ +# abjure +This role deploys media servers we use to serve the home and halo. + +## notes +If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers diff --git a/ansible/roles/abjure/tasks/main.yml b/ansible/roles/abjure/tasks/main.yml new file mode 100644 index 0000000..74c3f4d --- /dev/null +++ b/ansible/roles/abjure/tasks/main.yml @@ -0,0 +1,70 @@ +--- +# deploy a media server from scratch. + +# boot strap server + +- name: Update apt + apt: update_cache=yes + +- name: Init a new swarm with default parameters + community.general.docker_swarm: + state: present + +# set up mediaserver specific bullshit. +- name: ensure traefik config directory exists + file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700 + +- name: ensure mediaserver config directory exists + file: state=directory path=/home/josiah/apps/mediaserver/ owner=josiah group=josiah mode=0700 + +- name: ensure traefik.log exists + file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700 + +- name: allow for pretty json errors + pip: + name: jsondiff + +- name: Create deploy configs dir if it does not exist + file: + path: /home/josiah/deploys/mediaserver + state: directory + mode: '0755' + +- name: copy over mediaserver config files + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0777 + with_items: + - {src: 'mediaserver-compose.yml', dest: '/home/josiah/apps/mediaserver/mediaserver-compose.yml'} + - {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'} + +- name: Ensure acme.json exists + copy: + content: "" + dest: /home/josiah/apps/traefik/acme.json + force: no + owner: root + group: root + state: file + mode: '0600' + +- name: Remove the mediaserver stack + block: + - name: Remove the mediaserver stack + docker_stack: + state: absent + name: mediaserver + compose: + - /home/josiah/apps/mediaserver/mediaserver-compose.yml + - name: Pause so the network gets deleted too + pause: + seconds: 15 + +- name: Deploy mediaserver stack + docker_stack: + state: present + name: mediaserver + prune: yes + compose: + - /home/josiah/apps/mediaserver/mediaserver-compose.yml diff --git a/ansible/roles/abjure/templates/.env.j2 b/ansible/roles/abjure/templates/.env.j2 new file mode 100644 index 0000000..2ab3e59 --- /dev/null +++ b/ansible/roles/abjure/templates/.env.j2 @@ -0,0 +1,15 @@ +# Docker Compose can read environment variables from this file. +# See https://docs.docker.com/compose/env-file/ + +# Put admin areas behind a login prompt, with username and password +# specified here. Run `htpasswd -n admin` to create a password hash +# for user "admin". Paste the output here. SSL strongly recommended. +BASIC_AUTH= + +# Let's Encrypt needs an email address for registration. +ACME_EMAIL=admin@home.jowj.net + +# The Traefik dashboard will be available at these domains. +# The URL is http://example.com/traefik/ +# You'll need to fill in BASIC_AUTH above. +TRAEFIK_DOMAINS=lair.home.jowj.net diff --git a/ansible/roles/abjure/templates/mediaserver-compose.yml b/ansible/roles/abjure/templates/mediaserver-compose.yml new file mode 100644 index 0000000..e8cc284 --- /dev/null +++ b/ansible/roles/abjure/templates/mediaserver-compose.yml @@ -0,0 +1,98 @@ +--- +version: '3.7' + +services: + traefik: + image: traefik:2.5 + networks: + - pubnet + command: --web --docker --docker.swarmmode --docker.watch --docker.domain="services.jowj.net" --providers.docker.network=pubnet --logLevel=DEBUG + ports: + - 80:80/tcp + - 443:443/tcp + - 8080:8080/tcp + volumes: + - /home/josiah/apps/traefik/acme.json:/acme.json + - traefik_logs:/var/log/access.log + - /var/run/docker.sock:/var/run/docker.sock + - /home/josiah/apps/traefik/traefik.yml:/traefik.yml + deploy: + mode: global + placement: + constraints: + - node.role == manager + environment: + DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}" + labels: + # Dashboard shit I stole from Micah: + # WARNING: A TRAILING SLASH IS MANDATORY IN THE BROWSER + # e.g. https://example.com/dashboard/, not merely /dashboard + - "traefik.enable=true" + - "traefik.http.routers.mediaserver-traefik-api.tls.certResolver=mediaserver-resolver" + - "traefik.http.routers.mediaserver-traefik-api.rule=Host(`lair.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))" + - "traefik.http.routers.mediaserver-traefik-api.service=api@internal" + - "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8080" + # - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http" + - "traefik.http.routers.mediaserver-traefik-api.entrypoints=https" + # middleware redirect + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + # global redirect to https + - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" + - "traefik.http.routers.http-catchall.entrypoints=http" + - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" + + + + whoami: + image: containous/whoami:latest + networks: + - pubnet + labels: + - "traefik.enable=true" + - "traefik.http.routers.mediaserver-whoami.rule=Host(`whoami.services.jowj.net`)" + - "traefik.http.routers.mediaserver-whoami.service=mediaserver-whoami" + - "traefik.http.services.mediaserver-whoami.loadbalancer.server.port=80" + - "traefik.http.routers.mediaserver-whoami.tls.certResolver=mediaserver-resolver" + - "traefik.http.routers.mediaserver-whoami.tls=true" + + stash: + image: git.awful.club/packages/hoard:latest + ## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section + # network_mode: host + logging: + driver: "json-file" + options: + max-file: "10" + max-size: "2m" + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_METADATA=/metadata/ + - STASH_CACHE=/cache/ + ## Adjust below to change default port (9999) + # - STASH_PORT=9999 + volumes: + - /etc/localtime:/etc/localtime:ro + - "{{ vault_stash_config }}:/root/.stash" + - "{{ vault_stash_data }}:/data" + - "{{ vault_stash_metadata }}:/metadata" + - "{{ vault_stash_cache }}:/cache" + - "{{ vault_stash_generated }}:/generated" + labels: + - "traefik.enable=true" + - "traefik.http.services.mediaserver-hoard.loadbalancer.server.port=9999" + - "traefik.http.routers.mediaserver-hoard.service=mediaserver-hoard" + - "traefik.http.routers.mediaserver-hoard.rule=Host(`hoard.services.jowj.net`)" + - "traefik.http.routers.mediaserver-hoard.tls.certResolver=mediaserver-resolver" + - "traefik.http.routers.mediaserver-hoard.tls=true" + networks: + - pubnet + + +volumes: + traefik_acme: + traefik_logs: + +networks: + pubnet: + driver: overlay diff --git a/ansible/roles/abjure/templates/traefik.yml.j2 b/ansible/roles/abjure/templates/traefik.yml.j2 new file mode 100644 index 0000000..b365df5 --- /dev/null +++ b/ansible/roles/abjure/templates/traefik.yml.j2 @@ -0,0 +1,49 @@ +--- + +# defaultEntryPoints must be at the top +defaultEntryPoints: + - http + - https + +log: + level: DEBUG + format: common +accessLog: + format: common + +api: + dashboard: true + +entryPoints: + http: + address: ":80" + https: + address: ":443" + +http: + middlewares: + mediaserver-https-redir: + redirectScheme: + scheme: https + permanent: true + +certificatesResolvers: + mediaserver-resolver: + acme: + storage: /acme.json + email: "admin@home.jowj.net" + dnsChallenge: + provider: "digitalocean" + +providers: + docker: {} + +docker: + endpoint: unix:///var/run/docker.sock + domain: "services.jowj.net" + watch: true + exposedbydefault: false + +# smh https://github.com/traefik/traefik/issues/7360 +pilot: + dashboard: false diff --git a/ansible/roles/abjure/vars/main.yml b/ansible/roles/abjure/vars/main.yml new file mode 100644 index 0000000..ef86eef --- /dev/null +++ b/ansible/roles/abjure/vars/main.yml @@ -0,0 +1 @@ +sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ] From fb408d0f2f85ad95db7e97001b8c820266bd194f Mon Sep 17 00:00:00 2001 From: josiah Date: Fri, 22 Dec 2023 23:58:50 -0600 Subject: [PATCH 06/15] Rename files, WIP pms deploy. - Trying to manage ports via TRaefik, not sure if this will work. - Added packages to be deployed; nfs common is what you need to mount - nfs shares! --- ansible/roles/abjure/tasks/main.yml | 34 ++++++++---------- ...aserver-compose.yml => abjure-compose.yml} | 35 +++++++++++++++++++ ansible/roles/abjure/vars/main.yml | 2 +- 3 files changed, 51 insertions(+), 20 deletions(-) rename ansible/roles/abjure/templates/{mediaserver-compose.yml => abjure-compose.yml} (70%) diff --git a/ansible/roles/abjure/tasks/main.yml b/ansible/roles/abjure/tasks/main.yml index 74c3f4d..28bfe13 100644 --- a/ansible/roles/abjure/tasks/main.yml +++ b/ansible/roles/abjure/tasks/main.yml @@ -10,61 +10,57 @@ community.general.docker_swarm: state: present -# set up mediaserver specific bullshit. +# set up abjure specific bullshit. - name: ensure traefik config directory exists file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700 -- name: ensure mediaserver config directory exists - file: state=directory path=/home/josiah/apps/mediaserver/ owner=josiah group=josiah mode=0700 +- name: ensure abjure config directory exists + file: state=directory path=/home/josiah/apps/abjure/ owner=josiah group=josiah mode=0700 - name: ensure traefik.log exists file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700 -- name: allow for pretty json errors - pip: - name: jsondiff - - name: Create deploy configs dir if it does not exist file: - path: /home/josiah/deploys/mediaserver + path: /home/josiah/deploys/abjure state: directory mode: '0755' -- name: copy over mediaserver config files +- name: copy over abjure config files template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: 0777 with_items: - - {src: 'mediaserver-compose.yml', dest: '/home/josiah/apps/mediaserver/mediaserver-compose.yml'} + - {src: 'abjure-compose.yml', dest: '/home/josiah/apps/abjure/abjure-compose.yml'} + - {src: 'pms-compose.yml', dest: '/home/josiah/apps/pms/pms-compose.yml'} - {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'} - name: Ensure acme.json exists - copy: + ansible.builtin.copy: content: "" dest: /home/josiah/apps/traefik/acme.json force: no owner: root group: root - state: file mode: '0600' -- name: Remove the mediaserver stack +- name: Remove the abjure stack block: - - name: Remove the mediaserver stack + - name: Remove the abjure stack docker_stack: state: absent - name: mediaserver + name: abjure compose: - - /home/josiah/apps/mediaserver/mediaserver-compose.yml + - /home/josiah/apps/abjure/abjure-compose.yml - name: Pause so the network gets deleted too pause: seconds: 15 -- name: Deploy mediaserver stack +- name: Deploy abjure stack docker_stack: state: present - name: mediaserver + name: abjure prune: yes compose: - - /home/josiah/apps/mediaserver/mediaserver-compose.yml + - /home/josiah/apps/abjure/abjure-compose.yml \ No newline at end of file diff --git a/ansible/roles/abjure/templates/mediaserver-compose.yml b/ansible/roles/abjure/templates/abjure-compose.yml similarity index 70% rename from ansible/roles/abjure/templates/mediaserver-compose.yml rename to ansible/roles/abjure/templates/abjure-compose.yml index e8cc284..f3edf05 100644 --- a/ansible/roles/abjure/templates/mediaserver-compose.yml +++ b/ansible/roles/abjure/templates/abjure-compose.yml @@ -11,6 +11,14 @@ services: - 80:80/tcp - 443:443/tcp - 8080:8080/tcp + - 32400:32400/tcp + - 8324:8324/tcp + - 32469:32469/tcp + - 1900:1900/udp + - 32410:32410/udp + - 32412:32412/udp + - 32413:32413/udp + - 32414:32414/udp volumes: - /home/josiah/apps/traefik/acme.json:/acme.json - traefik_logs:/var/log/access.log @@ -88,6 +96,33 @@ services: networks: - pubnet + plex: + image: plexinc/pms-docker + environment: + - TZ=America/Chicago + - PLEX_CLAIM="{{ vault_pms_claim_token }}" + - ADVERTISE_IP=http://192.168.1.120:32400/ + hostname: lair + volumes: + - /home/josiah/apps/pms/config:/config + - /home/josiah/apps/pms/transcode:/transcode + - /media/usenet:/data + labels: + - "traefik.enable=true" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32400" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=8324" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32469" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=1900" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32410" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32412" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32413" + - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32414" + - "traefik.http.routers.mediaserver-pms.service=mediaserver-pms" + - "traefik.http.routers.mediaserver-pms.rule=Host(`pms.services.jowj.net`)" + - "traefik.http.routers.mediaserver-pms.tls.certResolver=mediaserver-resolver" + - "traefik.http.routers.mediaserver-pms.tls=true" + networks: + - pubnet volumes: traefik_acme: diff --git a/ansible/roles/abjure/vars/main.yml b/ansible/roles/abjure/vars/main.yml index ef86eef..71ca1a3 100644 --- a/ansible/roles/abjure/vars/main.yml +++ b/ansible/roles/abjure/vars/main.yml @@ -1 +1 @@ -sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ] +sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip', 'nfs-common' ] From 30e9e127813911c7915479b288e4439a57e4629c Mon Sep 17 00:00:00 2001 From: josiah Date: Fri, 22 Dec 2023 23:59:49 -0600 Subject: [PATCH 07/15] Remember what public key you want. --- terraform/readme.org | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/readme.org b/terraform/readme.org index ec34d6b..3c7f474 100644 --- a/terraform/readme.org +++ b/terraform/readme.org @@ -26,6 +26,8 @@ This is how I got everything in here in the first place! secrets are managed via ~pass~, mostly *** Add secrets +1. install pass +2. pass init `your gpg id` - make sure you use the right one, jesus FUCK. you want this public key: `98D96C71214AFB7583C03F5EDC798A32AE57BA46` ~pass insert ~ *** Reference secrets From d41e565febc84ebbe48ea47841ec5449979aee5a Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 00:00:11 -0600 Subject: [PATCH 08/15] Update old dns, create pms record. --- terraform/do_domains/records_home.jowj.net.tf | 4 ++-- terraform/do_domains/records_services.jowj.net.tf | 14 +++++++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/terraform/do_domains/records_home.jowj.net.tf b/terraform/do_domains/records_home.jowj.net.tf index e4e1b65..3a313e7 100644 --- a/terraform/do_domains/records_home.jowj.net.tf +++ b/terraform/do_domains/records_home.jowj.net.tf @@ -133,12 +133,12 @@ resource "digitalocean_record" "tfer--87843293" { resource "digitalocean_record" "tfer--87843462" { domain = "home.jowj.net" flags = "0" - name = "hatchery" + name = "lair" port = "0" priority = "0" ttl = "900" type = "A" - value = "192.168.1.133" + value = "192.168.1.120" weight = "0" } diff --git a/terraform/do_domains/records_services.jowj.net.tf b/terraform/do_domains/records_services.jowj.net.tf index 62b01e0..321b085 100644 --- a/terraform/do_domains/records_services.jowj.net.tf +++ b/terraform/do_domains/records_services.jowj.net.tf @@ -249,6 +249,18 @@ resource "digitalocean_record" "tfer--360787392" { priority = "0" ttl = "900" type = "CNAME" - value = "hatchery.home.jowj.net." + value = "lair.home.jowj.net." + weight = "0" +} + +resource "digitalocean_record" "pms-services-jowj-net" { + domain = "services.jowj.net" + flags = "0" + name = "pms" + port = "0" + priority = "0" + ttl = "900" + type = "CNAME" + value = "lair.home.jowj.net." weight = "0" } From 5b0eb9d8a063c875a0a105cc732affe5a8bf1846 Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 00:00:44 -0600 Subject: [PATCH 09/15] Misc tf changes; lock update. --- terraform/do_domains/.terraform.lock.hcl | 1 + terraform/do_domains/provider.tf | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/do_domains/.terraform.lock.hcl b/terraform/do_domains/.terraform.lock.hcl index aa62900..c76716e 100644 --- a/terraform/do_domains/.terraform.lock.hcl +++ b/terraform/do_domains/.terraform.lock.hcl @@ -6,6 +6,7 @@ provider "registry.terraform.io/digitalocean/digitalocean" { constraints = "~> 2.29.0" hashes = [ "h1:OLSxMaqLOUl6DjQ3vz14odCyMCcLA63ltBNPgrIQHG4=", + "h1:mJrr4YaOsB7bWfCSJZneiXB6JMnVNnFxYRmQ8vKaOSQ=", "zh:0af0a1a2de818c5dc8ee7ad4dc4731452848e84cfa0c1ce514af1c7aad15c53c", "zh:27229f3162b4142be48554f56227265982f3b74e4c79fa5d2528c8a3912d1e19", "zh:31d6e73bfe12231fa0ab3bbeef0e4aa9822a2008ae2a1a8b22557bdada4af7a3", diff --git a/terraform/do_domains/provider.tf b/terraform/do_domains/provider.tf index a61b56f..9b28c82 100755 --- a/terraform/do_domains/provider.tf +++ b/terraform/do_domains/provider.tf @@ -15,8 +15,8 @@ terraform { skip_metadata_api_check = true # This is actually not needed, but declaring it here helps me remember where its supposed to live. - shared_credentials_files = ["~/.aws/credentials"] - shared_config_files = ["~/.aws/config"] + #shared_credentials_files = ["~/.aws/credentials"] + #shared_config_files = ["~/.aws/config"] } } From e43f616a3aaab75a5b22efd97873bff33dc55e2b Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 00:00:57 -0600 Subject: [PATCH 10/15] Update vars. --- ansible/group_vars/all/vault.yml | 325 ++++++++++++------------ ansible/roles/debian_base/vars/main.yml | 2 +- 2 files changed, 165 insertions(+), 162 deletions(-) diff --git a/ansible/group_vars/all/vault.yml b/ansible/group_vars/all/vault.yml index 8db9b61..dc1f9a1 100644 --- a/ansible/group_vars/all/vault.yml +++ b/ansible/group_vars/all/vault.yml @@ -1,162 +1,165 @@ $ANSIBLE_VAULT;1.1;AES256 -34313437653632323666613139306239353364663635373535316466343461386162393036643939 -3064353433373365383238373437643832626230646536660a333433306631363963653664323465 -36356237643762346137356263633562616166363161316130393238373934656166333539306234 -6435323235356430330a656362343438333963663062313936383166653837326136663936303361 -39643930303834643964383632336431303830363833626265313935316363393961643039313030 -62353138623330653339373366376531656137613330646366396137313532366162363065333838 -37343931633136343737326133323734643965646163323931643864653939346665356537346534 -62626130383738333730623432326138323036666232663433353336633334613232613238613531 -33363738346462623338623739346365343564626465323933356232663537636132643736633465 -32383938613665383266326332363833613063356632666364333734346336323732626630343639 -64653833373639333162643132393639353038343934326638346263623963613438626534626462 -31323562633463326162306233393032376530613964646231313134663437333538383463656536 -32346338393262633431326365653834373664363232326631643662643632333862376563393563 -34343661666139653730626533613731613465386463323836376433383331376639306666313932 -66333039656262346633313538623965383038653566616637616139636430643365343130383837 -64346665646238333336643361366364623536323431393334386436316233396637363932663664 -62666432353231353337343835633861636233623363383235343733653363613330656362656564 -30346136666661363665313934623462616533356361353034316630653432393539366334613164 -32666238313638386536303663623830363933353436626239323465643731393831336639306237 -34613433653636393236303237633130646138396436613930336436613265313765393630303332 -30306537396437653937363039386330353833396230333331323064313634623130363664323239 -62633239306664643561336661383432386135396464613136373163613033666431356339396636 -33353437393731356433626231316235303162633031346438336531306663346365616530376433 -62353332313764613033616162393231646337623131613663663764306464336564326161336339 -36373862313961623363643764383064613366643765383464323565636333356562343735613634 -61643964366133633131303333623161646665343032653633666334636630383034656263386437 -65316462643163666330333064613564373830633536353731366539626464626261353065343765 -65636539343931333862303934323136353865376335373162653735663765663432623033646365 -63303137393336643237336533306562353962666237636466383133333631633539643864326632 -66323461353036633231386436343462616530653939323639313832623839376462336361356137 -64343737666361376134626538313339316335636463646265663261363130323762656632346634 -62343363393835646361333161376533663835386362663739386665356132376666306431353962 -39373730316461636334313630383936336437323333663836396233656334393964306231396533 -61326339633030663735383531623933386564333036653538353232343237383264643961363064 -61373735373663396533366334366432653861666262316234626136313834356331666137316230 -64633538646438303434313930643565653765616565316537326638313038356430653134396334 -34386432613362626633363536393535363534316133393136363262323333336236363032323762 -34366464383138626638343734303233383139356336613633303030316362656433386162613737 -39353661323031663334346461646262613966656636316662303561636430303333643834373438 -61646430366262373136356563616561336237363837663266383139323466666634386665346236 -30363765613965343966653062346361306132353533626262633665666461343435663038303935 -35313236346365626566316465313236326335356666626463343638393633303936336435626266 -32316463613761383034653332626263646532656635653136623435333937623533613363356163 -37373631303563633131376639343731333763373266643434313138313138613164623463343762 -61393732323763663530333032303833303939393364393635326639313838366165626535613666 -31666165306133316236633264366633333139373731346531633933633139396531363531376562 -30353837653666376332313962626237376137653662643235353865363064663034653861623864 -62386565326261616465643934616335326131316564363033643561623566643030643535313265 -62626637643866653731363864383061613861343837376162333366373935326631386234666466 -66623461313035323966303430663834353135373961323234656232633733646533623236623933 -31393139343332373263666632306565656336346335303239666230373139636362656334656436 -38333261393764643835633666343261323034396562353939383765353539396663613166616462 -65643062346635636639663134363430366139633636333966306166656164333566306438656564 -32383831643134636565373464353231663562353530313765376565376464653330653838373665 -65646565663932316666356263396563663764646662313936393063353366393763393464366163 -66363362653735303132613064363836343765323461376238626435626536613534333966373330 -38633532393563353663653232633263303961373866303139643637376630666138343262653330 -32356239316466363362383461343631356134613031653563653434313865616637616237616436 -33383364323138613639366136666230386337353438653763343436663662363463376637353463 -35376166383763333133663663653932376133333266623532623735343237636161323937396461 -33383863303439666437376131303465346361613535323364306634363733303561366339663032 -64643963643065663164316634643037316435613539613362373462323861383562306230643965 -66626362613333666537653265373337323361356364313839333039316139393561333234383637 -36386362396466313034366334313136386265373333353932386366313434643931333337653238 -36383164316139663963363461303339613931326131653633393562653061353961626435643232 -61626630373466303463396433633166383831303839386532663966313339653238363361383965 -33306134653839313931643232323262656363616336373332356462356431373834653032373862 -33343664646634326136316633653162633335343239373434633737313866326532383866646337 -31643336346464616233393761636132663830383038323764323033626362333365353663626664 -63623165383737373039383337346262383431373131633530376534323431333464666131363035 -37626333623965623236363034336261346665323534623234346366363464663232386431636564 -33616162383539303632316661363730386637356232353337663431613738343864343633316339 -32303535363232393336333232356238303231343333373338646565323436343930303533353232 -66343939656564643365383439393633363661373566656261306364373532616232386234386630 -34393736333265303062383036663833326235346464323833623866613036323830386635613032 -34613063303861316431393837613033353732636437666261383033633132326636616433363237 -63653861623166646238663061306631353738316237356137663561386662333038303737653938 -34313133616630323462306537336161373665346564613938313963303231323366366534303666 -65656432386335353739623861363332393333316230656662643735353462393866663333316532 -62616235616138396264396561666134386661383830643539663865376466653863306161653439 -32313335623465396635623037336237343930386663303038366638623562356334396233633334 -66313139333839396165323862346533346362656537643638323237633064306230653461653766 -33343638396234626263666230376365396461383234363264656461346537303962613033626230 -33653265653735343435383737343762336662373166396530636435323239393031663936643532 -37646434633733646137313661666538643164383837643165383039383335386239373566333066 -31336363343733373130616331366366656336333364303936363762333766646439353836616330 -63643830343938363339316434376237386162356439383362643436613365386561373836613130 -30616632346436613065366239333634316364306236643466643536326365643163336332313234 -36346332653931646666623937303132383536386434396666323166653337646433303932376535 -31373538366563363861323730333936656538303664313632326335383930316565666262313531 -34623139633539666132656230363963656631376334393132336535623664346434313965646438 -39623032383164643638383836353165343562623565666462663235616138396166316631313431 -36616166383133316533373261313366336238383663616565343732363665636332386539353534 -64653232386538323430323166316566333538363736353761316130663331373465623661643332 -34666165626366646433663237386264366162333039613334653237663661613633316131363736 -34366164636663616562366561383036663637663633313631626634306635303263636638613835 -39666462353535303437303065393137383866343330323335343663663531623664323964393934 -63353333373764353838393330303634373362346532313032666233316666336333343935633263 -32316431333566353564326339666237623964613666663666643863353633643865663037383231 -32666365643065313563323430333164353939626435663430306464383930366230343334306566 -34333634333934653462663036383439623264393834616438386561396237323238393862353337 -64306565633662626434633637633333313663343665363532663863313061316431636166353735 -37616361653065303238353134316537303937336431323736393265346536653364393933373635 -61666139643338666636643139336139633564323337656536356632353736386434343731633631 -61326138343461623936303731383138663030663738373866356561363538656230386136633533 -61656464303464623866343334363030346333656636663731373863333166323061336664643333 -38383637623035323933333632396332306438396534633830623861663634626462303432316665 -62336538383734663332306238366164366631343565393432316165643436366237386464633838 -32353162383333333333353137323034386631646666306332613538316265373964663636643463 -63343733636636336561326366363161333535623463386161396464333231343031366434366264 -30373737353036363535326433336135633663386361386630336533396638393863393034343666 -32393461356330353462633931633761323133386534323731643735393339633735623735653439 -63343365363761373735326165306630346663306232353465613261646135663265373061373437 -30303163363339613465373637363637636636653862323662613161613436616238343262633462 -34626266303639313161356234343264356438623261383735363539623938613137316466636232 -34396562313933303537346535386663623366313833633232343030666539356432363962613338 -63653531343233316265373839633131366630373236613131616132643338666365663735383536 -65663030356630333164386636376630343165383061386131313933656562626431353466653534 -61613932353939396131343331636464366534353033313732653836336636633939306235386564 -61373132373633646436313038613463353535666530356162633737633461333639623331633266 -31376335383661326137366464313938336131346230303335626230356633633065303334353638 -66303864633132363639653834363137643462646361393564333261383231366266616139323437 -31356139366364323830393264646232316664633536373965393564306437653138656534323363 -34363734373537303433306337393130346233613364336435663432663534653132396335343237 -61336261613739346462663261343537616664633139346639373132666562346662393864653634 -39656132316366643232656132366238643565343737333439313039633762626638643465653264 -36343239336433383738633962343766346231653966346635366363343666313731643366336562 -65613535333361646363396664653363626463623561393064643338303232373336323761636432 -37393562626136623166363766643735333238616336363732343665366539636363383530326532 -38316663356133373765396165323634646335613036353037326366613837643664656339336438 -66396466373734646661633361363534376433656235666533626433343332383038393836373235 -65646231353161343337663538346432636131366262663339356662343636623239353132316130 -62666536663630303634366431363662393635613266653032303330613935633435383966656438 -31303235353033643239366132656431623731386235643361616337636564376138316231386561 -62326233356366616630343739643762313834353761646562636536363365393037393536393665 -32323933643330396261633437333761636530313638343064316233363937633961386462646261 -65376330303461643861376466346638343738393232663466373433636334343564646430336531 -61336133656637336337623565393534616634623662393030376532623763343834663265383032 -34376237306266656366656365363366633765653630623632643634316561376162366439396562 -38353732333732326261333761633433636330666561323864386465313739313438393263353739 -39343734656330353936336539373665363665333261303232393032653233333665353638393334 -31393861333337623038396531306230303335646333343236343936336464373735363434613636 -38623234326566313834373064663132623034363830653866393531313062383963353563613863 -36636463623133653931633864343132373538326461323538316537373130373638633533306433 -35653437386436386361646533623033363139306133616136633234636539363734333339316335 -64356535373666373630373536353937626230326231616161626438653965663233636536343933 -34316430373634383535633238633538323133396539623665623937633335643236663762326435 -33356161316661653539613930653636653830643534623138396438303538363237633565303966 -39646530343330336366383933343766636337303861656632663831616362643236323163363534 -35373132636330613937363330653031376530623162383262376639333732316461613938363634 -31373866633530386564393138613164353933643061373437653065386230663339383232626535 -38633338653231366466373634303865313964373330393766653462336466653436346362613232 -63663965623936333938326366376263633538383364323831373166646130326438343364336666 -35306332356132643361353536303265616233656163306261386139323930396336613535386665 -65333163633434633833386236636630393434616136633837393737643630646330356636306264 -66316438666632633831363630396531383137366133356461376135633865353963613463303464 -64653764616463626135313166323930623561646666386433313135306564653738313235613662 -33366664326364613838386564666535663536356266633832373066383932636666336366623936 -32303039623135666636633936333836366337363834333864376265383966373434326664306439 -31366666376363316631383238666635636137356466363431653461343266663033333834643237 -34316533373030656639383236633266383230316432383665393666323264656137 +34393834633038343935336333333062633363383632633964613262613139343566303763653966 +3238633737333834336537313935653864643366623861300a373737656263303436376334346563 +35323234313634363334613131353837393932326430626230313333353433663566613336663033 +3731333939333164660a393434383165346239656337663864323235313836303937313864376434 +38303533313265376130303535613439363239363836653931326430303135343464336564306566 +61313963373435366666356564333534636531343863626664313362646664343465326331376364 +64333563393932623662653436333835663262646462366531363135366664623663656336303166 +64656339663632653765356362666566356662353535623534626566343562356139333935326264 +63623266363461636335623064393132663064303536666431643931623266643332373964656131 +66366166313461626262346633616332333463356430656434663834313062306637656135323734 +37323834653166633337383865393435336662633663363639373438633837303837343766313864 +34626665353063353631613631653732366130653032346233313438623338396165393630373865 +32326337633635363163633830663934333639653539313533373835316136656532386262323138 +39323439346163396566373433333033383738353432656366363265643866366165663461626361 +66396139313135353035666666363535653737326337316439323862366135343062313766323763 +37356230383666626463356635383935623234663137326464343161356462303464623439383762 +65323665653364623666626261386532363063653532626134616362393131636237393837333861 +36666439613731646639653863386462646532326632306230323335363835366266653663376230 +39383331343538333934346533383262373365303132643430636665303036616162613634663465 +39643630353832313138333035353863323639343035613962616138323430353966616461613135 +39356566623332626634393837363763353530626435616230333336383636623533323034366136 +35643736656363623339386236643666316136656334623665396161386632613530643864653138 +30353037366139626239393064313862616333343937616465636439643736646533623339383962 +34376163333133646636333430663862663236636135363536623733353861663034336132643239 +35643964656361396262613661323839363865346566613937393266313731393837333865316233 +31376130613638303739313630653662323465303762616463343963303862643830323530333136 +63323036303561303738353536373336336438343966353933613233323464396662613037356465 +62396433386639626435326438346134393364383664336539363034663534386164306134363162 +61656166343439636561643861363136363832383938313733333634373036303730303461396637 +63346530306366623731363565646165623163316539636466343765356239343636383734643938 +38313230363232306638653263653431313132613432393863346533636430643630336334643634 +30333664356563376135653762643435643539356466353235633936643335353932656136356134 +62633432643833653462343438393761643664303662336133353437333536646561346439656433 +62356133373431626139333362336233666232333030643862643963326463383565356535303265 +32646132633631373339393662316462353865333936323261356163373139383865623231323232 +32356634396638383265653437386633303965313936343137343631636263373335633131366139 +63363936396134663436613835633462373936346564386534336335343837333164623034353362 +37666666316131376437316264373338373863616238313366316132653666626137323561326633 +39383231633038313265306563636236623036373733333635326263353939656131393065353561 +61336438376138643337616136336531356433663464316361383932386664383231336162666231 +61613765646234303936396531303436326464313463316264633434396566623361363363356336 +64663036376433306135326639643862643661386663303237323235306365343031326637396437 +36333939363539383933343766373963633630326630653330336330313464313465396264346564 +66346464346230363731616536626161636261343435363337663936313261383639383036386262 +30613135373863353232663764663461636564363032636664376364383463343432393232303733 +66383461356333333632633837336237323434313734653330303535653561343733653330653739 +62383736386538316465663036313636363065386637616561343064393131313763376330323130 +39353634356436333665373962393237316436373763616234363666323239653961383832616362 +32313433666134323537376638313730333639306663646238636462393034346463656164373864 +62303162323339393534303237663430313034373732363566383064373962383134653331333939 +65343765653338636163323666353337653833373635343335623662623733323161643362613936 +62613263663337363037613462383333353138613364366334376566646331623435313936633136 +61653738656231383364393839663235373532376264326238356330363364333539363062616262 +32386566653534343664643564366538316533636236393036326262383162393536326139346466 +61643634666563316230373133613731303231636535326233623438316132643534383730633230 +33303033363634323233363162316361363666383735373939663238376531363330373639616434 +38656538316230653237656666666136366165613630643664646462646534306537336631343363 +34666535346132366437343536306462663561346564623565393630626566363937656163653361 +63346266666161313533346634383064613233303132393739303539346138316330343530663264 +31343233363264396333363131396431623531326138633432623939633333363538623736396630 +63633233663730653163653664343465323735386532323162616366366230636636646437323333 +63633336343165636362303238616333613631623962613661326661623337643961323534663865 +34336538396331396534643863353334313662663264636336316138636564613837316239386632 +35306530303662653639643932653264366132373866616638393563643838613837306566616165 +65306233616232306666616534653463343665616538663666653365373365313339376663313462 +62616137663965663634353838303861346566663565666133663338613365613832393632383065 +38373961386234643961366135313461323936643963613061366239626139643135663439383734 +62653839346562336139623066363161343338643661313135323962653362393461376335643730 +65353764666438353563376332653137383030646462346364646663613335653862656235663031 +63306266643130663663643336613431353733663734323735363438666134616537376630393362 +64333534343666323834393730383962316538393135313766653431333130386465616539366664 +62323763333230646239626132326336313939383536323133393333346364306231393361326466 +62373061323030383934663264656238366335303434396163623137313039656635386530663831 +64303637653437366665653832643065643636343931616466623062343036303364336435633336 +61343263346365316530626366356165363361643039616561623566626361313632386330343863 +35626265613061376132353562633235363737333938373336313338366337373532383262376638 +33353031333463663635656236363130343766636461343631343230316139643664393032663737 +34636136303164323337623038613637633666653834356166303635616636393764363531333866 +35656332633333306636373861343864666235303566653464643865643161353436353335313936 +39653437376537616434666362356334633736393961656332653464623962623865323535356465 +66356230616334643832303235623966393235333037653265363530356435656664666236616463 +64633135333232626164303331623866623861653333333235646664633135616365393738393765 +39356139373366353761366563623261616333303561383261383431303061633066646330616338 +37346433666135373035616666353966653139353665613865653632646361366339616235373431 +39626466333764643262336264316436313839663864633964623266396638386562313362303033 +30316435313265383231303366303266313435613265356361663165656461383765333834653437 +61326330316335636535616431326265656362313333386232373762633534363336383034396361 +64626264303833663036623335336564663830356230653863613738663565323132383631326166 +65366232383763313565376364366662353063363333313031363136393165323664663333363665 +36386562346265343435323161313837656433613632656238623338393435616335616436373061 +63386563383730653932306661653732336236316263643534613365383932383438346161613565 +35313232656233316630613836616337346665393366376362643238386662653665383864633131 +66313437336263333862326137383231373265663963643432623337666366396264393565306232 +32333034366637336463363461656162303862373437373961376465333232323230353638656330 +34616366393134616133653637646139383766646536663362323933343863653434393364313831 +37623934313330373263656265356364613661623431343663333439666639373236663539353134 +35663438363737326635663462666261663532343263623662366465376137343336356338363231 +30393936303639663434653261336432363438643061316438613831393233323666356365353663 +31376137326362396461663663306434633562323434313936616233396138393361616266353466 +35653664623561653336313466386136613663653964393834623539303235343736373031633664 +66323839313165626163343362313530636634353564623164336464346438336434373637343932 +30373235343536363734633336373532613164646231386161653935333234663739393539646237 +62326238356238303962626665383466383233383833636562323334666565336337376537613863 +31346163373037386666313731333137386162616630613038383161613231373866376466316264 +35653334353064323431636330613838643035623135663734336362383431366534313032646164 +35373866653438633362613434643737663334393732666538363935393135353565363066396133 +65383736306130353662643531343762643962643834396230613262616133363330393332383966 +38396162633665326633643030623336316565306164393330316338616631346430666430303263 +61323639633363316661613963663564663439363461346631353439306162333933636261303162 +35343537653631383632643230386561323930323936373732373233613439663839356134303164 +63313063623663303964643730633638653561383434623139643736636365663666323833313465 +61643965383764343162346666306362323039353036373462643232396365316431636638306462 +34376333616337346636333664323465643333376230616532663763663037373964633162363639 +32666438643637333663353639646163373837646363343934306435636336643362363565616564 +32313433656338643230323338386132643536393835623664633238333737653339623462666635 +66393932303330663636613662643138376335303661353333356464666334386439343461663064 +39383637343666623239623631373461623632396565343830356534613230333930326365313637 +63653862626530303362313763343961643265636239623632653734336664323734383330306132 +37643934303837376336336331383064636331313335316338303734616338336634643634393731 +64356635353064316437376665643733313165363531656533653132623166313234633332633164 +61323935363962636264316564333066303738316534663064653432653066356664346532653164 +37623138643435316531656339313935646636336133396330643630626335636461643035346638 +35646339393736386336396566346633383934343464636134373738343139373937636630663238 +66363839393934323034353166356133616566633730313438336233343461393437356534356132 +37303435373666636161333662663164396435373435396630626165636239306232373032633038 +35623630623639303037383364376334393966306533333833646436346539313333366534303737 +30313661653264663837626537326266623233376434666134666466383237626233386164333131 +66656433326434376131383630376134303464653539666261386139393933613834313262393561 +30336462643233396630633037373836343033363261366136303765386266613031363331343266 +32333835353834623864396635653233366461313731373133303030386161333333383830623433 +63393531346533336134336133343033656665376461343133303033616663343065306633646361 +64633661313538663930663032306665353164346339363033643662303239663566343232353263 +64323362363639383033383334383738303638373138313665373032333732653261616465373038 +63616661386539393738363331366233626132363132663435326330363264623431326539393630 +32393361646538616439396437666537356361383465303161666363383533663831623564396432 +32653630616133343635646162393630653631393861333737636438663466343862386637643961 +61623864663338616437333739303836633736626432326361363834386431666330313038316135 +39633863346235653435646133643739626666653031373039373230343131336164653231653530 +63656663393466383236666362643634383966306563343166393738333738383065633466643135 +38313961326134356539323938323166356535356264643863323437656631316366316238303839 +36616366383439336165313137306138613564616364323261346436323764346436633539666263 +65393234623435323038626662633631386363633636323165396132303663636532316130373538 +31613537373464303237633933643935386265303034636637613730663734373763333239393636 +62376334633866616566373865393131663061656335376564373062383830303039363936653131 +30363366633363346233633035326262313139323639363662303163653033383031376666353330 +65363061626266613432336133343135383533653838383661663538346230323339386264353166 +61626330616361643462303333666262613437653866316163343266383531336332306634303233 +36646564373536656438386261373831353235353033636563313563326664326537313138353066 +63353764353665613430383865616238386439636361616239363565386364303538666161616636 +37356237366136336665663332303865383633616462336430663663396564633838373033326533 +64623833393663376665353931656533316166633933636332616132663834343939363832346637 +61313964326137336339626339386634613839373134633864323937633136643531376463653163 +63396235393965353766373533643836363761613962633164353664346531633966373563386230 +63636364313263393966616561326237373433616162346637613865363732376130616463666664 +34623630306238386131393031323238393731353338393764646331643033356338643036656235 +62316361336631646633313833633430336562343062383766386232626533646163353136643534 +62303166393737623138396633613834633530396239643537313565313361306262393765623866 +66346161626436346461326234313132343533323933356635643333393430356332653238313631 +38393761653265653365663964366330333234333831333334623466643165376361316363353236 +63643037666266326637383761353234623563343132336136626266613936643961383437363762 +62303466383234336539643335353232336430376262376662316366633566376637626361323436 +36626531323262323262386235306137303334643861663436666462653232616135383537353735 +62353733643161393534326233653930646636396139306465646637323833313632623861643963 +64363834303933613631 diff --git a/ansible/roles/debian_base/vars/main.yml b/ansible/roles/debian_base/vars/main.yml index 119fa91..ef2611b 100644 --- a/ansible/roles/debian_base/vars/main.yml +++ b/ansible/roles/debian_base/vars/main.yml @@ -1,3 +1,3 @@ create_users: ['josiah', 'alice'] copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}" -sys_packages: [ 'sudo', 'python3-docker','docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ] +sys_packages: [ 'sudo', 'python3-docker', 'python3-pip','python3-jsondiff', 'python3-yaml', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ] From 160a633efe10d13392adae50243c00a7d5133164 Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 00:07:35 -0600 Subject: [PATCH 11/15] Remove dangling file. --- ansible/roles/abjure/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/abjure/tasks/main.yml b/ansible/roles/abjure/tasks/main.yml index 28bfe13..fbd05ed 100644 --- a/ansible/roles/abjure/tasks/main.yml +++ b/ansible/roles/abjure/tasks/main.yml @@ -33,7 +33,6 @@ mode: 0777 with_items: - {src: 'abjure-compose.yml', dest: '/home/josiah/apps/abjure/abjure-compose.yml'} - - {src: 'pms-compose.yml', dest: '/home/josiah/apps/pms/pms-compose.yml'} - {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'} - name: Ensure acme.json exists From 2efdae9cf7bbb087eac1bdb66f8fdb00332d46e5 Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 00:07:41 -0600 Subject: [PATCH 12/15] Attempting 2 fixes: - network_mode is explicitly set in this one aritcle i found - advertise IP apparently can / should be 443 here? --- ansible/roles/abjure/templates/abjure-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/abjure/templates/abjure-compose.yml b/ansible/roles/abjure/templates/abjure-compose.yml index f3edf05..a29669e 100644 --- a/ansible/roles/abjure/templates/abjure-compose.yml +++ b/ansible/roles/abjure/templates/abjure-compose.yml @@ -101,7 +101,7 @@ services: environment: - TZ=America/Chicago - PLEX_CLAIM="{{ vault_pms_claim_token }}" - - ADVERTISE_IP=http://192.168.1.120:32400/ + - ADVERTISE_IP=http://192.168.1.120:443/ hostname: lair volumes: - /home/josiah/apps/pms/config:/config @@ -123,6 +123,7 @@ services: - "traefik.http.routers.mediaserver-pms.tls=true" networks: - pubnet + network_mode: bridge volumes: traefik_acme: From e879095816be9935b5238ff11086f721779e87ce Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 16:39:17 -0600 Subject: [PATCH 13/15] Add new packages to install. --- ansible/roles/debian_base/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/debian_base/vars/main.yml b/ansible/roles/debian_base/vars/main.yml index ef2611b..4ca84b8 100644 --- a/ansible/roles/debian_base/vars/main.yml +++ b/ansible/roles/debian_base/vars/main.yml @@ -1,3 +1,3 @@ create_users: ['josiah', 'alice'] copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}" -sys_packages: [ 'sudo', 'python3-docker', 'python3-pip','python3-jsondiff', 'python3-yaml', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ] +sys_packages: [ 'sudo', 'python3-docker', 'python3-pip','python3-jsondiff', 'python3-yaml', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin', 'docker-compose' ] From 35f7d0beb747d96bb7f9ce81c731ed37098ee1af Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 16:39:36 -0600 Subject: [PATCH 14/15] Move plex declares to their own compose file. I wanted to have plex handled as part of swarm, but: a) it doesn't fucking matter becuase I don't intend to have fault tolerance for plex; i'm not even sure it can run well in a clustered way b) its just much much easier to get compose working rather than swarm. One day maybe i'd like to do that so that its a single stack to deliver, but meh. --- ansible/roles/abjure/defaults/main.yml | 36 ++++++++++++++++++ ansible/roles/abjure/tasks/main.yml | 17 ++++++++- .../roles/abjure/templates/abjure-compose.yml | 37 ------------------- .../abjure/templates/plex-compose.yml.j2 | 24 ++++++++++++ 4 files changed, 76 insertions(+), 38 deletions(-) create mode 100644 ansible/roles/abjure/defaults/main.yml create mode 100644 ansible/roles/abjure/templates/plex-compose.yml.j2 diff --git a/ansible/roles/abjure/defaults/main.yml b/ansible/roles/abjure/defaults/main.yml new file mode 100644 index 0000000..b5fb6a1 --- /dev/null +++ b/ansible/roles/abjure/defaults/main.yml @@ -0,0 +1,36 @@ +--- + +plex_ports: + - description: for access to the Plex Media Server [required] + port: 32400 + protocol: tcp + - description: "https://forums.plex.tv/t/port-32401-is-listening-whats-it-used-for/83080" + port: 32401 + protocol: tcp + - description: for access to the Plex DLNA Server + port: 1900 + protocol: udp + - description: for controlling Plex Home Theater via Plex Companion + port: 3005 + protocol: tcp + - description: for older Bonjour/Avahi network discovery + port: 5353 + protocol: udp + - description: for controlling Plex for Roku via Plex Companion + port: 8324 + protocol: tcp + - description: for current GDM network discovery + port: 32410 + protocol: udp + - description: for current GDM network discovery + port: 32412 + protocol: udp + - description: for current GDM network discovery + port: 32413 + protocol: udp + - description: for current GDM network discovery + port: 32414 + protocol: udp + - description: for access to the Plex DLNA Server + port: 32469 + protocol: tcp \ No newline at end of file diff --git a/ansible/roles/abjure/tasks/main.yml b/ansible/roles/abjure/tasks/main.yml index fbd05ed..ab288b0 100644 --- a/ansible/roles/abjure/tasks/main.yml +++ b/ansible/roles/abjure/tasks/main.yml @@ -62,4 +62,19 @@ name: abjure prune: yes compose: - - /home/josiah/apps/abjure/abjure-compose.yml \ No newline at end of file + - /home/josiah/apps/abjure/abjure-compose.yml + +- name: Install Plex compose file + template: + src: plex-compose.yml.j2 + dest: "/home/josiah/apps/plex/plex-compose.yml" + owner: "josiah" + group: "josiah" + mode: "0640" + +- name: Deploy Plex with docker-compose + docker_compose: + project_src: "/home/josiah/apps/plex/" + project_name: plex + files: + - plex-compose.yml diff --git a/ansible/roles/abjure/templates/abjure-compose.yml b/ansible/roles/abjure/templates/abjure-compose.yml index a29669e..4e16b75 100644 --- a/ansible/roles/abjure/templates/abjure-compose.yml +++ b/ansible/roles/abjure/templates/abjure-compose.yml @@ -11,14 +11,6 @@ services: - 80:80/tcp - 443:443/tcp - 8080:8080/tcp - - 32400:32400/tcp - - 8324:8324/tcp - - 32469:32469/tcp - - 1900:1900/udp - - 32410:32410/udp - - 32412:32412/udp - - 32413:32413/udp - - 32414:32414/udp volumes: - /home/josiah/apps/traefik/acme.json:/acme.json - traefik_logs:/var/log/access.log @@ -96,35 +88,6 @@ services: networks: - pubnet - plex: - image: plexinc/pms-docker - environment: - - TZ=America/Chicago - - PLEX_CLAIM="{{ vault_pms_claim_token }}" - - ADVERTISE_IP=http://192.168.1.120:443/ - hostname: lair - volumes: - - /home/josiah/apps/pms/config:/config - - /home/josiah/apps/pms/transcode:/transcode - - /media/usenet:/data - labels: - - "traefik.enable=true" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32400" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=8324" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32469" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=1900" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32410" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32412" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32413" - - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32414" - - "traefik.http.routers.mediaserver-pms.service=mediaserver-pms" - - "traefik.http.routers.mediaserver-pms.rule=Host(`pms.services.jowj.net`)" - - "traefik.http.routers.mediaserver-pms.tls.certResolver=mediaserver-resolver" - - "traefik.http.routers.mediaserver-pms.tls=true" - networks: - - pubnet - network_mode: bridge - volumes: traefik_acme: traefik_logs: diff --git a/ansible/roles/abjure/templates/plex-compose.yml.j2 b/ansible/roles/abjure/templates/plex-compose.yml.j2 new file mode 100644 index 0000000..9e8f2ad --- /dev/null +++ b/ansible/roles/abjure/templates/plex-compose.yml.j2 @@ -0,0 +1,24 @@ +version: '3.7' +services: + plex: + image: plexinc/pms-docker:latest + environment: + - "TZ=America/Chicago" + - "PLEX_CLAIM={{ vault_pms_claim_token }}" + - "ADVERTISE_IP=http://pms.services.jowj.net:32400/" + - "VERSION=docker" + - "UMASK_SET=022" + hostname: pms + volumes: + - /home/josiah/apps/plex/config:/config + - /home/josiah/apps/plex/transcode:/transcode + - /media/usenet:/data + devices: + - /dev/dri:/dev/dri + network_mode: bridge + ports: + # Note that traefik isn't used for these ports - we're just exposing them directly +{% for port in plex_ports %} + - "{{ port.port }}:{{ port.port }}/{{ port.protocol }}" +{% endfor %} + From fba60774d63aa2c74dec524b2bc274b6b4ff0360 Mon Sep 17 00:00:00 2001 From: josiah Date: Sat, 23 Dec 2023 16:42:48 -0600 Subject: [PATCH 15/15] Update readme. --- ansible/roles/abjure/readme.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/ansible/roles/abjure/readme.md b/ansible/roles/abjure/readme.md index e8fdbd9..0543e02 100644 --- a/ansible/roles/abjure/readme.md +++ b/ansible/roles/abjure/readme.md @@ -1,5 +1,20 @@ # abjure This role deploys media servers we use to serve the home and halo. +## why are you using swarm AND compose + +I wanted to have plex handled as part of swarm, but: +a) it doesn't fucking matter becuase I don't intend to have fault +tolerance for plex; i'm not even sure it can run well in a clustered +way + +b) its just much much easier to get compose working rather than +swarm. One day maybe i'd like to do that so that its a single stack to +deliver, but meh. + ## notes -If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers +- If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers +- If you're installing this from scratch and building a new plex server then you MUST setup plex from the localhost: + - Create an ssh tunnel like this `ssh josiah@192.168.1.120 -L 32400:localhost:32400 -N` + - then open `localhost:32400/web` in your browser + - If you don't add the `/web` to the end of your request, you're going to get unformatted xml and you'll think you broke something. This will cost you a lot of time :(