parent
c5259ad963
commit
2a1b82bfa9
@ -0,0 +1,5 @@
|
||||
# abjure
|
||||
This role deploys media servers we use to serve the home and halo.
|
||||
|
||||
## notes
|
||||
If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers
|
@ -0,0 +1,70 @@
|
||||
---
|
||||
# deploy a media server from scratch.
|
||||
|
||||
# boot strap server
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Init a new swarm with default parameters
|
||||
community.general.docker_swarm:
|
||||
state: present
|
||||
|
||||
# set up mediaserver specific bullshit.
|
||||
- name: ensure traefik config directory exists
|
||||
file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: ensure mediaserver config directory exists
|
||||
file: state=directory path=/home/josiah/apps/mediaserver/ owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: ensure traefik.log exists
|
||||
file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: allow for pretty json errors
|
||||
pip:
|
||||
name: jsondiff
|
||||
|
||||
- name: Create deploy configs dir if it does not exist
|
||||
file:
|
||||
path: /home/josiah/deploys/mediaserver
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: copy over mediaserver config files
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: 0777
|
||||
with_items:
|
||||
- {src: 'mediaserver-compose.yml', dest: '/home/josiah/apps/mediaserver/mediaserver-compose.yml'}
|
||||
- {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'}
|
||||
|
||||
- name: Ensure acme.json exists
|
||||
copy:
|
||||
content: ""
|
||||
dest: /home/josiah/apps/traefik/acme.json
|
||||
force: no
|
||||
owner: root
|
||||
group: root
|
||||
state: file
|
||||
mode: '0600'
|
||||
|
||||
- name: Remove the mediaserver stack
|
||||
block:
|
||||
- name: Remove the mediaserver stack
|
||||
docker_stack:
|
||||
state: absent
|
||||
name: mediaserver
|
||||
compose:
|
||||
- /home/josiah/apps/mediaserver/mediaserver-compose.yml
|
||||
- name: Pause so the network gets deleted too
|
||||
pause:
|
||||
seconds: 15
|
||||
|
||||
- name: Deploy mediaserver stack
|
||||
docker_stack:
|
||||
state: present
|
||||
name: mediaserver
|
||||
prune: yes
|
||||
compose:
|
||||
- /home/josiah/apps/mediaserver/mediaserver-compose.yml
|
@ -0,0 +1,15 @@
|
||||
# Docker Compose can read environment variables from this file.
|
||||
# See https://docs.docker.com/compose/env-file/
|
||||
|
||||
# Put admin areas behind a login prompt, with username and password
|
||||
# specified here. Run `htpasswd -n admin` to create a password hash
|
||||
# for user "admin". Paste the output here. SSL strongly recommended.
|
||||
BASIC_AUTH=
|
||||
|
||||
# Let's Encrypt needs an email address for registration.
|
||||
ACME_EMAIL=admin@home.jowj.net
|
||||
|
||||
# The Traefik dashboard will be available at these domains.
|
||||
# The URL is http://example.com/traefik/
|
||||
# You'll need to fill in BASIC_AUTH above.
|
||||
TRAEFIK_DOMAINS=lair.home.jowj.net
|
@ -0,0 +1,98 @@
|
||||
---
|
||||
version: '3.7'
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:2.5
|
||||
networks:
|
||||
- pubnet
|
||||
command: --web --docker --docker.swarmmode --docker.watch --docker.domain="services.jowj.net" --providers.docker.network=pubnet --logLevel=DEBUG
|
||||
ports:
|
||||
- 80:80/tcp
|
||||
- 443:443/tcp
|
||||
- 8080:8080/tcp
|
||||
volumes:
|
||||
- /home/josiah/apps/traefik/acme.json:/acme.json
|
||||
- traefik_logs:/var/log/access.log
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /home/josiah/apps/traefik/traefik.yml:/traefik.yml
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == manager
|
||||
environment:
|
||||
DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
|
||||
labels:
|
||||
# Dashboard shit I stole from Micah:
|
||||
# WARNING: A TRAILING SLASH IS MANDATORY IN THE BROWSER
|
||||
# e.g. https://example.com/dashboard/, not merely /dashboard
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.tls.certResolver=mediaserver-resolver"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.rule=Host(`lair.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.service=api@internal"
|
||||
- "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8080"
|
||||
# - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.entrypoints=https"
|
||||
# middleware redirect
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
# global redirect to https
|
||||
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.http-catchall.entrypoints=http"
|
||||
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
||||
|
||||
|
||||
|
||||
whoami:
|
||||
image: containous/whoami:latest
|
||||
networks:
|
||||
- pubnet
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.mediaserver-whoami.rule=Host(`whoami.services.jowj.net`)"
|
||||
- "traefik.http.routers.mediaserver-whoami.service=mediaserver-whoami"
|
||||
- "traefik.http.services.mediaserver-whoami.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.mediaserver-whoami.tls.certResolver=mediaserver-resolver"
|
||||
- "traefik.http.routers.mediaserver-whoami.tls=true"
|
||||
|
||||
stash:
|
||||
image: git.awful.club/packages/hoard:latest
|
||||
## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
|
||||
# network_mode: host
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-file: "10"
|
||||
max-size: "2m"
|
||||
environment:
|
||||
- STASH_STASH=/data/
|
||||
- STASH_GENERATED=/generated/
|
||||
- STASH_METADATA=/metadata/
|
||||
- STASH_CACHE=/cache/
|
||||
## Adjust below to change default port (9999)
|
||||
# - STASH_PORT=9999
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- "{{ vault_stash_config }}:/root/.stash"
|
||||
- "{{ vault_stash_data }}:/data"
|
||||
- "{{ vault_stash_metadata }}:/metadata"
|
||||
- "{{ vault_stash_cache }}:/cache"
|
||||
- "{{ vault_stash_generated }}:/generated"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.mediaserver-hoard.loadbalancer.server.port=9999"
|
||||
- "traefik.http.routers.mediaserver-hoard.service=mediaserver-hoard"
|
||||
- "traefik.http.routers.mediaserver-hoard.rule=Host(`hoard.services.jowj.net`)"
|
||||
- "traefik.http.routers.mediaserver-hoard.tls.certResolver=mediaserver-resolver"
|
||||
- "traefik.http.routers.mediaserver-hoard.tls=true"
|
||||
networks:
|
||||
- pubnet
|
||||
|
||||
|
||||
volumes:
|
||||
traefik_acme:
|
||||
traefik_logs:
|
||||
|
||||
networks:
|
||||
pubnet:
|
||||
driver: overlay
|
@ -0,0 +1,49 @@
|
||||
---
|
||||
|
||||
# defaultEntryPoints must be at the top
|
||||
defaultEntryPoints:
|
||||
- http
|
||||
- https
|
||||
|
||||
log:
|
||||
level: DEBUG
|
||||
format: common
|
||||
accessLog:
|
||||
format: common
|
||||
|
||||
api:
|
||||
dashboard: true
|
||||
|
||||
entryPoints:
|
||||
http:
|
||||
address: ":80"
|
||||
https:
|
||||
address: ":443"
|
||||
|
||||
http:
|
||||
middlewares:
|
||||
mediaserver-https-redir:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
permanent: true
|
||||
|
||||
certificatesResolvers:
|
||||
mediaserver-resolver:
|
||||
acme:
|
||||
storage: /acme.json
|
||||
email: "admin@home.jowj.net"
|
||||
dnsChallenge:
|
||||
provider: "digitalocean"
|
||||
|
||||
providers:
|
||||
docker: {}
|
||||
|
||||
docker:
|
||||
endpoint: unix:///var/run/docker.sock
|
||||
domain: "services.jowj.net"
|
||||
watch: true
|
||||
exposedbydefault: false
|
||||
|
||||
# smh https://github.com/traefik/traefik/issues/7360
|
||||
pilot:
|
||||
dashboard: false
|
@ -0,0 +1 @@
|
||||
sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ]
|
Loading…
Reference in new issue