Merge pull request 'Merge highsea-config.' (#3) from highsea-config into master

Reviewed-on: #3
4 months ago · 886e6e9e4e
parent 1521bb5e1e 1b3f2a1e6d
commit 886e6e9e4e
19 changed files with 344 additions and 432 deletions
--- a/ansible/_deploy_highsea.yml
+++ b/ansible/_deploy_highsea.yml
@ -1,7 +1,8 @@
- name: deploy mediaserver
-  hosts: mediaserver
+- name: deploy highsea stack
+  hosts: highsea
  remote_user: "{{ remote_user }}"
  tasks:
    - debug: msg="Deploying mediaserver stack to local server"
  roles:
-    - { name: mediaserver, tags: ['mediaserver'] }
+#    - { name: debian_base }
+    - { name: highsea }
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@ -18,10 +18,11 @@ all:
      hosts:
        localhost:
          ansible_connection: local
-    # mediaserver:
-    #   hosts:
-    #     hatchery:
-    #       ansible_python_interpreter: /usr/bin/python3
+    highsea:
+      hosts:
+        highsea.home.jowj.net:
+          ansible_python_interpreter: /usr/bin/python3
+          ansible_user: alice
    services:
      hosts:
        lair:
--- a/ansible/roles/abjure/tasks/main.yml
+++ b/ansible/roles/abjure/tasks/main.yml
@ -20,9 +20,9 @@
 - name: ensure traefik.log exists
  file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700  

- name: Create deploy configs dir if it does not exist
+- name: Create calibre config dir
  file:
-    path: /home/josiah/deploys/abjure
+    path: /home/josiah/apps/calibre
    state: directory
    mode: '0755'

--- a/ansible/roles/abjure/templates/abjure-compose.yml
+++ b/ansible/roles/abjure/templates/abjure-compose.yml
@ -10,7 +10,7 @@ services:
    ports:
      - 80:80/tcp
      - 443:443/tcp
-      - 8080:8080/tcp  
+      - 8088:8088/tcp  
    volumes:
      - /home/josiah/apps/traefik/acme.json:/acme.json        
      - traefik_logs:/var/log/access.log
@ -31,7 +31,7 @@ services:
      - "traefik.http.routers.mediaserver-traefik-api.tls.certResolver=mediaserver-resolver"
      - "traefik.http.routers.mediaserver-traefik-api.rule=Host(`lair.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
      - "traefik.http.routers.mediaserver-traefik-api.service=api@internal"
-      - "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8080"      
+      - "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8088"      
      # - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http"
      - "traefik.http.routers.mediaserver-traefik-api.entrypoints=https"      
      # middleware redirect
@ -88,6 +88,30 @@ services:
    networks:
      - pubnet      

+  calibre:
+    image: lscr.io/linuxserver/calibre:latest
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - /home/josiah/apps/calibre/:/config # this is where the config / metadata db / cache live
+      - /media/usenet/book-library/readarr/:/books # this is the library
+    ports:
+    # don't use traefik for non 443 / 80 ports.
+      - 8080:8080
+      - 8181:8181
+      - 8081:8081
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.mediaserver-calibre.loadbalancer.server.port=8083"
+      - "traefik.http.routers.mediaserver-calibre.service=mediaserver-calibre"
+      - "traefik.http.routers.mediaserver-calibre.rule=Host(`calibre.services.jowj.net`)"
+      - "traefik.http.routers.mediaserver-calibre.tls.certResolver=mediaserver-resolver"
+      - "traefik.http.routers.mediaserver-calibre.tls=true"
+    networks:
+      - pubnet         
+    
 volumes:
  traefik_acme:
  traefik_logs:
--- a/ansible/roles/abjure/vars/main.yml
+++ b/ansible/roles/abjure/vars/main.yml
@ -1 +1 @@
-sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip', 'nfs-common' ]
+sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python3', 'python3-pip', 'nfs-common' ]
--- a/ansible/roles/mediaserver/readme.md
+++ b/ansible/roles/mediaserver/readme.md
--- a/ansible/roles/mediaserver/tasks/main.yml
+++ b/ansible/roles/mediaserver/tasks/main.yml
@ -30,52 +30,51 @@
    name='josiah'
    groups=docker
    append=yes
+    
+# TODO: Partition, detect PV, add new disk to LVM.
+
+- name: Mount usenet volume
+  ansible.posix.mount:
+    src: storage.home.jowj.net:/volume1/usenet
+    path: /media/usenet
+    opts: rw,sync,hard
+    state: mounted
+    fstype: nfs

 - name: Init a new swarm with default parameters
  community.general.docker_swarm:
    state: present    

 # set up mediaserver specific bullshit.
- name: ensure traefik config directory exists
-  file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700
-
- name: ensure the webdav-docker repo exists
-  git:
-    repo: 'https://git.awful.club/hosted/webdav-docker.git'
-    dest: /home/josiah/apps/webdav-docker/
-    version: master
-
- name: build jlj-webdav image
-  community.general.docker_image:    
-    name: jlj-webdav
-    build: 
-      path: /home/josiah/apps/webdav-docker/latest
-      dockerfile: Dockerfile
-    source: build
-
- name: ensure mediaserver config directory exists
-  file: state=directory path=/home/josiah/apps/mediaserver/ owner=josiah group=josiah mode=0700  
+- name: ensure app dir exists
+  file: 
+    path: /home/josiah/apps/  
+    state: directory 
+    recurse: yes
+    owner: josiah
+    group: josiah
+
+- name: ensure app config directory exists
+  file: 
+    path: /home/josiah/apps/{{ item }}
+    state: directory
+    recurse: yes
+    owner: josiah
+    group: josiah
+  loop: [ 'traefik', 'hydra2', 'sabnzbd', 'readarr', 'radarr', 'lidarr', 'sonarr', 'bazarr', 'highsea' ]

+# TODO: Figure out why this doesn't actually create the log if its not present?
 - name: ensure traefik.log exists
-  file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700  
-
- name: allow for pretty json errors
-  pip:
-    name: jsondiff
+  file: 
+    state: file 
+    path: /home/josiah/apps/traefik/traefik.log  
    
- name: Create deploy configs dir if it does not exist
-  file:
-    path: /home/josiah/deploys/mediaserver
-    state: directory
-    mode: '0755'
-
- name: copy over mediaserver config files
+- name: copy over highsea config files
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    mode: 0777
  with_items:
-    - {src: 'mediaserver-compose.yml', dest: '/home/josiah/apps/mediaserver/mediaserver-compose.yml'}
+    - {src: 'highsea-compose.yml', dest: '/home/josiah/apps/highsea/highsea-compose.yml'}
    - {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'}

 - name: Ensure acme.json exists
@ -88,22 +87,22 @@
    state: file
    mode: '0600'

- name: Remove the mediaserver stack
+- name: Remove the highsea stack
  block:
-    - name: Remove the mediaserver stack
+    - name: Remove the highsea stack
      docker_stack:
        state: absent
-        name: mediaserver
+        name: highsea
        compose:
-          - /home/josiah/apps/mediaserver/mediaserver-compose.yml
+          - /home/josiah/apps/highsea/highsea-compose.yml
    - name: Pause so the network gets deleted too
      pause:
        seconds: 15

- name: Deploy mediaserver stack
+- name: Deploy highsea stack
  docker_stack:
    state: present
-    name: mediaserver
+    name: highsea
    prune: yes
    compose:
-      - /home/josiah/apps/mediaserver/mediaserver-compose.yml
+      - /home/josiah/apps/highsea/highsea-compose.yml
--- a/ansible/roles/mediaserver/templates/.env.j2
+++ b/ansible/roles/mediaserver/templates/.env.j2
@ -12,11 +12,4 @@ ACME_EMAIL=admin@home.jowj.net
 # The Traefik dashboard will be available at these domains.
 # The URL is http://example.com/traefik/
 # You'll need to fill in BASIC_AUTH above.
-TRAEFIK_DOMAINS=hatchery.home.jowj.net
-
-# Your WebDAV site will be available at these domains. Every domain
-# needs DNS records pointing to your server for SSL to work.
-WEBDAV_DOMAINS=example.com,www.example.com
-
-# Set the URL path where you want your WebDAV site to be.
-WEBDAV_LOCATION=/webdav
+TRAEFIK_DOMAINS=highsea.home.jowj.net
--- a/ansible/roles/highsea/templates/highsea-compose.yml
+++ b/ansible/roles/highsea/templates/highsea-compose.yml
@ -0,0 +1,208 @@
+---
+version: '3.7'
+
+services:
+  traefik:
+    image: traefik:2.5    
+    networks:
+      - pubnet    
+    command: --web --docker --docker.swarmmode --docker.watch --docker.domain="services.jowj.net" --providers.docker.network=pubnet --logLevel=DEBUG
+    ports:
+      - 80:80/tcp
+      - 443:443/tcp
+      - 8080:8080/tcp  
+    volumes:
+      - /home/josiah/apps/traefik/acme.json:/acme.json        
+      - traefik_logs:/var/log/access.log
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /home/josiah/apps/traefik/traefik.yml:/traefik.yml
+    deploy:
+      mode: global      
+      placement:
+        constraints:
+          - node.role == manager
+    environment:
+      DO_AUTH_TOKEN: "{{  DO_AUTH_TOKEN  }}"
+    labels:
+      # Dashboard shit I stole from Micah:
+      # WARNING: A TRAILING SLASH IS MANDATORY IN THE BROWSER
+      # e.g. https://example.com/dashboard/, not merely /dashboard      
+      - "traefik.enable=true"    
+      - "traefik.http.routers.highsea-traefik-api.tls.certResolver=highsea-resolver"
+      - "traefik.http.routers.highsea-traefik-api.rule=Host(`highsea.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
+      - "traefik.http.routers.highsea-traefik-api.service=api@internal"
+      - "traefik.http.services.highsea-traefik-api.loadbalancer.server.port=8080"      
+      # - "traefik.http.routers.highsea-traefik-api.entrypoints=http"
+      - "traefik.http.routers.highsea-traefik-api.entrypoints=https"      
+      # middleware redirect
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # global redirect to https
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=http"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+
+  whoami:
+    image: containous/whoami:latest
+    networks:
+      - pubnet
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.highsea-whoami.rule=Host(`whoami.services.jowj.net`)"
+      - "traefik.http.routers.highsea-whoami.service=highsea-whoami"
+      - "traefik.http.services.highsea-whoami.loadbalancer.server.port=80"
+      - "traefik.http.routers.highsea-whoami.tls.certResolver=highsea-resolver"        
+      - "traefik.http.routers.highsea-whoami.tls=true"      
+        
+  hydra2:
+    image: linuxserver/nzbhydra2:latest
+    networks:
+      - pubnet
+    volumes:
+      - /home/josiah/apps/hydra2/:/config
+      - /home/josiah/Downloads/usenet-complete/:/data/downloads
+    environment:
+      PGID: 1000
+      PUID: 1000
+      TZ: American/Chicago
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.highsea-hydra2.loadbalancer.server.port=5076"
+      - "traefik.http.routers.highsea-hydra2.service=highsea-hydra2"
+      - "traefik.http.routers.highsea-hydra2.rule=Host(`hydra.services.jowj.net`)"
+      - "traefik.http.routers.highsea-hydra2.tls.certResolver=highsea-resolver"        
+      - "traefik.http.routers.highsea-hydra2.tls=true"
+
+  sabnzb:
+    image: "linuxserver/sabnzbd"
+    networks:
+      - pubnet    
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: America/Chicago
+    volumes:
+      - "/home/josiah/apps/sabnzbd:/config"
+      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
+      - "/home/josiah/Downloads/usenet-incomplete/:/data/incomplete-downloads"
+      - "/home/josiah/Downloads/usenet-watched/:/data/watched-folder"      
+      - "/media/usenet/tv:/data/tv"
+      - "/media/usenet/audio/:/data/music"
+      - "/media/usenet/movies/:/data/movies"
+      - "/media/usenet/book-library/yet-to-be-added:/data/books"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.highsea-sabnzbd.loadbalancer.server.port=8080"
+      - "traefik.http.routers.highsea-sabnzbd.service=highsea-sabnzbd"
+      - "traefik.http.routers.highsea-sabnzbd.rule=Host(`sab.services.jowj.net`)"
+      - "traefik.http.routers.highsea-sabnzbd.tls.certResolver=highsea-resolver"
+      - "traefik.http.routers.highsea-sabnzbd.tls=true"
+
+  sonarr:
+    image: "linuxserver/sonarr"
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: America/Chicago
+    volumes:
+      - "/home/josiah/apps/sonarr:/config"
+      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
+      - "/media/usenet/tv/:/data/tv"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.highsea-sonarr.loadbalancer.server.port=8989"
+      - "traefik.http.routers.highsea-sonarr.service=highsea-sonarr"
+      - "traefik.http.routers.highsea-sonarr.rule=Host(`sonarr.services.jowj.net`)"
+      - "traefik.http.routers.highsea-sonarr.tls.certResolver=highsea-resolver"
+      - "traefik.http.routers.highsea-sonarr.tls=true"        
+    networks:
+      - pubnet
+      
+  lidarr:
+    image: "linuxserver/lidarr"
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: America/Chicago
+    volumes:
+      - "/home/josiah/apps/lidarr:/config"
+      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
+      - "/media/usenet/audio/:/data/music"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.highsea-lidarr.loadbalancer.server.port=8686"
+      - "traefik.http.routers.highsea-lidarr.service=highsea-lidarr"
+      - "traefik.http.routers.highsea-lidarr.rule=Host(`lidarr.services.jowj.net`)"
+      - "traefik.http.routers.highsea-lidarr.tls.certResolver=highsea-resolver"
+      - "traefik.http.routers.highsea-lidarr.tls=true"                
+    networks:
+      - pubnet
+
+  radarr:
+    image: "linuxserver/radarr"
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: America/Chicago
+    volumes:
+      - "/home/josiah/apps/radarr:/config"
+      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
+      - "/media/usenet/movies/:/data/movies"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.highsea-radarr.loadbalancer.server.port=7878"
+      - "traefik.http.routers.highsea-radarr.service=highsea-radarr"
+      - "traefik.http.routers.highsea-radarr.rule=Host(`radarr.services.jowj.net`)"
+      - "traefik.http.routers.highsea-radarr.tls.certResolver=highsea-resolver"
+      - "traefik.http.routers.highsea-radarr.tls=true"                        
+    networks:
+      - pubnet
+
+  readarr:
+    image: lscr.io/linuxserver/readarr:develop
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: America/Chicago      
+    volumes:
+      - "/home/josiah/apps/readarr:/config"
+      - "/media/usenet/audiobooks:/media/usenet/book-library/readarr/audiobooks"
+      - "/media/usenet/book-library/readarr:/media/usenet/book-library/readarr" # not ready
+      - "/home/josiah/Downloads/usenet-complete/books:/data/downloads/books"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.highsea-readarr.loadbalancer.server.port=8787"
+      - "traefik.http.routers.highsea-readarr.service=highsea-readarr"
+      - "traefik.http.routers.highsea-readarr.rule=Host(`readarr.services.jowj.net`)"
+      - "traefik.http.routers.highsea-readarr.tls.certResolver=highsea-resolver"
+      - "traefik.http.routers.highsea-readarr.tls=true"                        
+    networks:
+      - pubnet
+
+  bazarr:
+    image: lscr.io/linuxserver/bazarr:latest
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: America/Chicago      
+    volumes:
+      - "/home/josiah/apps/bazarr:/config"
+      - "/home/josiah/Downloads/usenet-complete/:/media/downloads"
+      - "/media/usenet/tv/:/media/tv"
+      - "/media/usenet/movies/:/media/movies"      
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.highsea-bazarr.loadbalancer.server.port=6767"
+      - "traefik.http.routers.highsea-bazarr.service=highsea-bazarr"
+      - "traefik.http.routers.highsea-bazarr.rule=Host(`bazarr.services.jowj.net`)"
+      - "traefik.http.routers.highsea-bazarr.tls.certResolver=highsea-resolver"
+      - "traefik.http.routers.highsea-bazarr.tls=true"
+    networks:
+      - pubnet
+        
+volumes:
+  traefik_acme:
+  traefik_logs:
+
+networks:
+  pubnet:
+    driver: overlay
--- a/ansible/roles/mediaserver/templates/traefik.yml.j2
+++ b/ansible/roles/mediaserver/templates/traefik.yml.j2
@ -22,13 +22,13 @@ entryPoints:

 http:
  middlewares:
-    mediaserver-https-redir:
+    highsea-https-redir:
      redirectScheme:
        scheme: https
        permanent: true

 certificatesResolvers:
-  mediaserver-resolver:
+  highsea-resolver:
    acme:
      storage: /acme.json
      email: "admin@home.jowj.net"
--- a/ansible/roles/highsea/vars/main.yml
+++ b/ansible/roles/highsea/vars/main.yml
@ -0,0 +1 @@
+sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python3', 'python3-pip', 'nfs-common', 'python3-jsondiff']
--- a/ansible/roles/mediaserver/templates/mediaserver-compose.yml
+++ b/ansible/roles/mediaserver/templates/mediaserver-compose.yml
@ -1,291 +0,0 @@
---
-version: '3.7'
-
-services:
-  traefik:
-    image: traefik:2.5    
-    networks:
-      - pubnet    
-    command: --web --docker --docker.swarmmode --docker.watch --docker.domain="services.jowj.net" --providers.docker.network=pubnet --logLevel=DEBUG
-    ports:
-      - 80:80/tcp
-      - 443:443/tcp
-      - 8080:8080/tcp  
-    volumes:
-      - /home/josiah/apps/traefik/acme.json:/acme.json        
-      - traefik_logs:/var/log/access.log
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /home/josiah/apps/traefik/traefik.yml:/traefik.yml
-    deploy:
-      mode: global      
-      placement:
-        constraints:
-          - node.role == manager
-    environment:
-      DO_AUTH_TOKEN: "{{  DO_AUTH_TOKEN  }}"
-    labels:
-      # Dashboard shit I stole from Micah:
-      # WARNING: A TRAILING SLASH IS MANDATORY IN THE BROWSER
-      # e.g. https://example.com/dashboard/, not merely /dashboard      
-      - "traefik.enable=true"    
-      - "traefik.http.routers.mediaserver-traefik-api.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-traefik-api.rule=Host(`hatchery.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
-      - "traefik.http.routers.mediaserver-traefik-api.service=api@internal"
-      - "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8080"      
-      # - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http"
-      - "traefik.http.routers.mediaserver-traefik-api.entrypoints=https"      
-      # middleware redirect
-      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-      # global redirect to https
-      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
-      - "traefik.http.routers.http-catchall.entrypoints=http"
-      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
-        
-
-  hydra2:
-    image: linuxserver/nzbhydra2:latest
-    networks:
-      - pubnet
-    volumes:
-      - /home/josiah/apps/hydra2/:/config
-      - /home/josiah/Downloads/usenet-complete/:/data/downloads
-    environment:
-      PGID: 1000
-      PUID: 1000
-      TZ: American/Chicago
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-hydra2.loadbalancer.server.port=5076"
-      - "traefik.http.routers.mediaserver-hydra2.service=mediaserver-hydra2"
-      - "traefik.http.routers.mediaserver-hydra2.rule=Host(`hydra.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-hydra2.tls.certResolver=mediaserver-resolver"        
-      - "traefik.http.routers.mediaserver-hydra2.tls=true"
-
-  sabnzb:
-    image: "linuxserver/sabnzbd"
-    networks:
-      - pubnet    
-    environment:
-      PUID: 1000
-      PGID: 1000
-      TZ: America/Chicago
-    volumes:
-      - "/home/josiah/apps/sabnzbd:/config"
-      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
-      - "/home/josiah/Downloads/usenet-incomplete/:/data/incomplete-downloads"
-      - "/home/josiah/Downloads/usenet-watched/:/data/watched-folder"      
-      - "/media/usenet/tv:/data/tv"
-      - "/media/usenet/audio/:/data/music"
-      - "/media/usenet/movies/:/data/movies"
-      - "/media/usenet/book-library/yet-to-be-added:/data/books"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-sabnzbd.loadbalancer.server.port=8080"
-      - "traefik.http.routers.mediaserver-sabnzbd.service=mediaserver-sabnzbd"
-      - "traefik.http.routers.mediaserver-sabnzbd.rule=Host(`sab.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-sabnzbd.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-sabnzbd.tls=true"
-
-  sonarr:
-    image: "linuxserver/sonarr"
-    environment:
-      PUID: 1000
-      PGID: 1000
-      TZ: America/Chicago
-    volumes:
-      - "/home/josiah/apps/sonarr:/config"
-      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
-      - "/media/usenet/tv/:/data/tv"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-sonarr.loadbalancer.server.port=8989"
-      - "traefik.http.routers.mediaserver-sonarr.service=mediaserver-sonarr"
-      - "traefik.http.routers.mediaserver-sonarr.rule=Host(`sonarr.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-sonarr.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-sonarr.tls=true"        
-    networks:
-      - pubnet
-      
-  lidarr:
-    image: "linuxserver/lidarr"
-    environment:
-      PUID: 1000
-      PGID: 1000
-      TZ: America/Chicago
-    volumes:
-      - "/home/josiah/apps/lidarr:/config"
-      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
-      - "/media/usenet/audio/:/data/music"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-lidarr.loadbalancer.server.port=8686"
-      - "traefik.http.routers.mediaserver-lidarr.service=mediaserver-lidarr"
-      - "traefik.http.routers.mediaserver-lidarr.rule=Host(`lidarr.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-lidarr.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-lidarr.tls=true"                
-    networks:
-      - pubnet
-
-  radarr:
-    image: "linuxserver/radarr"
-    environment:
-      PUID: 1000
-      PGID: 1000
-      TZ: America/Chicago
-    volumes:
-      - "/home/josiah/apps/radarr:/config"
-      - "/home/josiah/Downloads/usenet-complete/:/data/downloads"
-      - "/media/usenet/movies/:/data/movies"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-radarr.loadbalancer.server.port=7878"
-      - "traefik.http.routers.mediaserver-radarr.service=mediaserver-radarr"
-      - "traefik.http.routers.mediaserver-radarr.rule=Host(`radarr.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-radarr.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-radarr.tls=true"                        
-    networks:
-      - pubnet
-
-  whoami:
-    image: containous/whoami:latest
-    networks:
-      - pubnet
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.mediaserver-whoami.rule=Host(`whoami.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-whoami.service=mediaserver-whoami"
-      - "traefik.http.services.mediaserver-whoami.loadbalancer.server.port=80"
-      - "traefik.http.routers.mediaserver-whoami.tls.certResolver=mediaserver-resolver"        
-      - "traefik.http.routers.mediaserver-whoami.tls=true"
-
-  tubesync:
-    image: ghcr.io/meeb/tubesync:latest
-    networks:
-      - pubnet    
-    environment:
-      PUID: 1000
-      PGID: 1000
-      TZ: America/Chicago
-      LISTEN_HOST: "0.0.0.0"
-      LISTEN_PORT: '8080'
-    volumes:
-      - "/home/josiah/apps/tubesync-config:/config"
-      - "/media/usenet/youtube:/downloads"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=pubnet"
-      - "traefik.http.routers.mediaserver-tubesync.rule=Host(`tubesync.services.jowj.net`)"
-      - "traefik.http.services.mediaserver-tubesync.loadbalancer.server.port=4848"
-      - "traefik.http.routers.mediaserver-tubesync.service=mediaserver-tubesync"
-      - "traefik.http.routers.mediaserver-tubesync.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-tubesync.tls=true"
-
-  audiobookshelf:
-    image: ghcr.io/advplyr/audiobookshelf:latest
-    networks:
-      - pubnet
-    environment:
-      PUID: 1000
-      PGID: 1000
-      AUDIOBOOKSHELF_UID: 1000
-      AUDIOBOOKSHELF_GID: 1000
-      TZ: America/Chicago
-    volumes:
-      - "/home/josiah/apps/audiobookshelf/config:/config"
-      - "/home/josiah/apps/audiobookshelf/metadata:/metadata"
-      - "/media/usenet/audiobooks:/audiobooks"
-      - "/media/usenet/podcasts:/podcasts"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=pubnet"
-      - "traefik.http.routers.mediaserver-audiobookshelf.rule=Host(`audiobookshelf.services.jowj.net`)"
-      - "traefik.http.services.mediaserver-audiobookshelf.loadbalancer.server.port=80"
-      - "traefik.http.routers.mediaserver-audiobookshelf.service=mediaserver-audiobookshelf"
-      - "traefik.http.routers.mediaserver-audiobookshelf.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-audiobookshelf.tls=true"
-
-  readarr:
-    image: lscr.io/linuxserver/readarr:develop
-    container_name: readarr
-    environment:
-      PUID: 1000
-      PGID: 1000
-      TZ: America/Chicago      
-    volumes:
-      - "/home/josiah/apps/readarr/config:/config"
-      - "/media/usenet/audiobooks:/media/usenet/book-library/readarr/audiobooks"
-      - "/media/usenet/book-library/readarr:/media/usenet/book-library/readarr" # not ready
-      - "/home/josiah/Downloads/usenet-complete/:/media/downloads"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-readarr.loadbalancer.server.port=8787"
-      - "traefik.http.routers.mediaserver-readarr.service=mediaserver-readarr"
-      - "traefik.http.routers.mediaserver-readarr.rule=Host(`readarr.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-readarr.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-readarr.tls=true"                        
-    networks:
-      - pubnet
-
-  bazarr:
-    image: lscr.io/linuxserver/bazarr:latest
-    environment:
-      PUID: 1000
-      PGID: 1000
-      TZ: America/Chicago      
-    volumes:
-      - "/home/josiah/apps/bazarr/config:/config"
-      - "/home/josiah/Downloads/usenet-complete/:/media/downloads"
-      - "/media/usenet/tv/:/media/tv"
-      - "/media/usenet/movies/:/media/movies"      
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-bazarr.loadbalancer.server.port=6767"
-      - "traefik.http.routers.mediaserver-bazarr.service=mediaserver-bazarr"
-      - "traefik.http.routers.mediaserver-bazarr.rule=Host(`bazarr.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-bazarr.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-bazarr.tls=true"
-    networks:
-      - pubnet
-
-  stash:
-    image: git.awful.club/packages/hoard:latest
-    ## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
-    # network_mode: host
-    logging:
-      driver: "json-file"
-      options:
-        max-file: "10"
-        max-size: "2m"
-    environment:
-      - STASH_STASH=/data/
-      - STASH_GENERATED=/generated/
-      - STASH_METADATA=/metadata/
-      - STASH_CACHE=/cache/
-      ## Adjust below to change default port (9999)
-      # - STASH_PORT=9999
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - "{{ vault_stash_config }}:/root/.stash"
-      - "{{ vault_stash_data }}:/data"
-      - "{{ vault_stash_metadata }}:/metadata"
-      - "{{ vault_stash_cache }}:/cache"
-      - "{{ vault_stash_generated }}:/generated"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-hoard.loadbalancer.server.port=9999"
-      - "traefik.http.routers.mediaserver-hoard.service=mediaserver-hoard"
-      - "traefik.http.routers.mediaserver-hoard.rule=Host(`hoard.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-hoard.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-hoard.tls=true"
-    networks:
-      - pubnet      
-
-        
-volumes:
-  traefik_acme:
-  traefik_logs:
-  vol-webdav:
-
-networks:
-  pubnet:
-    driver: overlay
--- a/ansible/roles/mediaserver/vars/main.yml
+++ b/ansible/roles/mediaserver/vars/main.yml
@ -1 +0,0 @@
-sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ]
--- a/terraform/bikeshed/.terraform.lock.hcl
+++ b/terraform/bikeshed/.terraform.lock.hcl
@ -6,6 +6,7 @@ provider "registry.terraform.io/digitalocean/digitalocean" {
  constraints = "~> 2.29.0"
  hashes = [
    "h1:OLSxMaqLOUl6DjQ3vz14odCyMCcLA63ltBNPgrIQHG4=",
+    "h1:mJrr4YaOsB7bWfCSJZneiXB6JMnVNnFxYRmQ8vKaOSQ=",
    "zh:0af0a1a2de818c5dc8ee7ad4dc4731452848e84cfa0c1ce514af1c7aad15c53c",
    "zh:27229f3162b4142be48554f56227265982f3b74e4c79fa5d2528c8a3912d1e19",
    "zh:31d6e73bfe12231fa0ab3bbeef0e4aa9822a2008ae2a1a8b22557bdada4af7a3",
@ -30,6 +31,7 @@ provider "registry.terraform.io/telmate/proxmox" {
  constraints = "2.7.4"
  hashes = [
    "h1:ivNrl7WU2BJwIKmB1lLr70+GtXBCfzW+K5tvNpYy454=",
+    "h1:lgfUuXLdyY2Uf5mO7eJNfJC/fsoUDyBsCpxA/rbs3Z4=",
    "zh:3c2163b167d1e342e1683015cd08c70838d1c631b8e374ac6f86ca2c41271a8c",
    "zh:453596419e07cd0c41f5f58dd7775664fa685de403e9776197b1502e79bf3814",
    "zh:492045cf7859bc31a57730b876dcc29d902a24d543a30a67f34b0ee2b4a71a33",
--- a/terraform/bikeshed/high-sea.tf
+++ b/terraform/bikeshed/high-sea.tf
@ -19,15 +19,27 @@ resource "proxmox_vm_qemu" "high-sea" {
    memory = 4096
    scsihw = "virtio-scsi-pci"
    bootdisk = "scsi0"
+
+    # This is our OS disk    
    disk {
        slot = 0
        # set disk size here. leave it small for testing because expanding the disk takes time.
-        size = "40G"
+        # You can't actually set this to anything, it doesn't seem? I'm not sure why. if you clone from a template you ALWAYS get that templates size, and any changes made are not seen on the clone vm. 
+        # Maybe a function of the kind of disk that was created?
+        size = "32G"
        type = "scsi"
        storage = "sainthood-cifs"
        iothread = 0
    }
-    
+    # This is our data disk; we're just adding the data disk capaccity to LVM, so its maybe dumb? but that's what i'm doing for now.
+    disk {
+        slot = 1
+        size = "240G"
+        type = "scsi"
+        storage = "sainthood-cifs"
+        iothread = 0
+    }    
+
    # if you want two NICs, just copy this whole network section and duplicate it
    network {
        model = "virtio"
@ -40,11 +52,10 @@ resource "proxmox_vm_qemu" "high-sea" {
        ]
    }
    
-    ipconfig0 = "ip=10.10.1.10/24,gw=10.98.1.1"
-    
    # sshkeys set using variables. the variable contains the text of the key.
 }

 # Configure DO DNS after VM is build. A record to point to machine?
+# See records_home.jowj.net.tf file in do_domains.


--- a/terraform/bikeshed/provider.tf
+++ b/terraform/bikeshed/provider.tf
@ -20,8 +20,8 @@ terraform {

        # This is actually not needed, but declaring it here helps me remember where its supposed to live.	
        # You gotta comment these out when initing the terraform backend? for some reason.
-        shared_credentials_files = ["~/.aws/credentials"]
-        shared_config_files = ["~/.aws/config"]    	
+        #shared_credentials_files = ["~/.aws/credentials"]
+        #shared_config_files = ["~/.aws/config"]    	
    }
 }

--- a/terraform/do_domains/outputs.tf
+++ b/terraform/do_domains/outputs.tf
@ -66,10 +66,6 @@ output "digitalocean_record_tfer--273019966_id" {
  value = "${digitalocean_record.tfer--273019966.id}"
 }

-output "digitalocean_record_tfer--273019998_id" {
-  value = "${digitalocean_record.tfer--273019998.id}"
-}
-
 output "digitalocean_record_tfer--273021791_id" {
  value = "${digitalocean_record.tfer--273021791.id}"
 }
@ -82,10 +78,6 @@ output "digitalocean_record_tfer--273021839_id" {
  value = "${digitalocean_record.tfer--273021839.id}"
 }

-output "digitalocean_record_tfer--273024307_id" {
-  value = "${digitalocean_record.tfer--273024307.id}"
-}
-
 output "digitalocean_record_tfer--273196064_id" {
  value = "${digitalocean_record.tfer--273196064.id}"
 }
@ -130,14 +122,6 @@ output "digitalocean_record_tfer--282785137_id" {
  value = "${digitalocean_record.tfer--282785137.id}"
 }

-output "digitalocean_record_tfer--289972404_id" {
-  value = "${digitalocean_record.tfer--289972404.id}"
-}
-
-output "digitalocean_record_tfer--318001321_id" {
-  value = "${digitalocean_record.tfer--318001321.id}"
-}
-
 output "digitalocean_record_tfer--318333757_id" {
  value = "${digitalocean_record.tfer--318333757.id}"
 }
--- a/terraform/do_domains/records_home.jowj.net.tf
+++ b/terraform/do_domains/records_home.jowj.net.tf
@ -213,3 +213,19 @@ resource "digitalocean_record" demiurge-dns {
  value    = "100.108.60.46"
  weight   = "0"
 }
+
+
+# this motherfucker is currently set manually. 
+# TODO: Figure out how to do this programmatically
+# Especailly because getting the output of tailscale is difficult??
+resource "digitalocean_record" highsea-dns {
+  domain   = "home.jowj.net"
+  flags    = "0"
+  name     = "highsea"
+  port     = "0"
+  priority = "0"
+  ttl      = "900"
+  type     = "A"
+  value    = "100.72.101.61"
+  weight   = "0"
+}
--- a/terraform/do_domains/records_services.jowj.net.tf
+++ b/terraform/do_domains/records_services.jowj.net.tf
@ -46,30 +46,6 @@ resource "digitalocean_record" "tfer--273019966" {
  weight   = "0"
 }

-resource "digitalocean_record" "tfer--273019998" {
-  domain   = "services.jowj.net"
-  flags    = "0"
-  name     = "tubesync"
-  port     = "0"
-  priority = "0"
-  ttl      = "900"
-  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
-  weight   = "0"
-}
-
-resource "digitalocean_record" "tfer--273024307" {
-  domain   = "services.jowj.net"
-  flags    = "0"
-  name     = "watchtower"
-  port     = "0"
-  priority = "0"
-  ttl      = "900"
-  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
-  weight   = "0"
-}
-
 resource "digitalocean_record" "tfer--273196064" {
  domain   = "services.jowj.net"
  flags    = "0"
@ -78,7 +54,7 @@ resource "digitalocean_record" "tfer--273196064" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -140,7 +116,7 @@ resource "digitalocean_record" "tfer--282780675" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -152,7 +128,7 @@ resource "digitalocean_record" "tfer--282785060" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -164,7 +140,7 @@ resource "digitalocean_record" "tfer--282785080" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -176,7 +152,7 @@ resource "digitalocean_record" "tfer--282785089" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -188,31 +164,7 @@ resource "digitalocean_record" "tfer--282785137" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
-  weight   = "0"
-}
-
-resource "digitalocean_record" "tfer--289972404" {
-  domain   = "services.jowj.net"
-  flags    = "0"
-  name     = "requests"
-  port     = "0"
-  priority = "0"
-  ttl      = "900"
-  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
-  weight   = "0"
-}
-
-resource "digitalocean_record" "tfer--318001321" {
-  domain   = "services.jowj.net"
-  flags    = "0"
-  name     = "audiobookshelf"
-  port     = "0"
-  priority = "0"
-  ttl      = "900"
-  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -224,7 +176,7 @@ resource "digitalocean_record" "tfer--318333757" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -236,7 +188,7 @@ resource "digitalocean_record" "tfer--326222435" {
  priority = "0"
  ttl      = "900"
  type     = "CNAME"
-  value    = "hatchery.home.jowj.net."
+  value    = "highsea.home.jowj.net."
  weight   = "0"
 }

@ -264,3 +216,15 @@ resource "digitalocean_record" "pms-services-jowj-net" {
  value    = "lair.home.jowj.net."
  weight   = "0"
 }
+
+resource "digitalocean_record" "calibre-services-jowj-net" {
+  domain   = "services.jowj.net"
+  flags    = "0"
+  name     = "calibre"
+  port     = "0"
+  priority = "0"
+  ttl      = "900"
+  type     = "CNAME"
+  value    = "lair.home.jowj.net."
+  weight   = "0"
+}
				`@ -0,0 +1 @@`
				`sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python3', 'python3-pip', 'nfs-common', 'python3-jsondiff']`
				`@ -1 +0,0 @@`
				`sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ]`