Update readme.

Move plex declares to their own compose file.
I wanted to have plex handled as part of swarm, but: a) it doesn't fucking matter becuase I don't intend to have fault tolerance for plex; i'm not even sure it can run well in a clustered way b) its just much much easier to get compose working rather than swarm. One day maybe i'd like to do that so that its a single stack to deliver, but meh.
6 changed files with 93 additions and 40 deletions
--- a/ansible/roles/abjure/defaults/main.yml
+++ b/ansible/roles/abjure/defaults/main.yml
@ -0,0 +1,36 @@
+---
+
+plex_ports:
+  - description: for access to the Plex Media Server [required]
+    port: 32400
+    protocol: tcp
+  - description: "https://forums.plex.tv/t/port-32401-is-listening-whats-it-used-for/83080"
+    port: 32401
+    protocol: tcp
+  - description: for access to the Plex DLNA Server
+    port: 1900
+    protocol: udp
+  - description: for controlling Plex Home Theater via Plex Companion
+    port: 3005
+    protocol: tcp
+  - description: for older Bonjour/Avahi network discovery
+    port: 5353
+    protocol: udp
+  - description: for controlling Plex for Roku via Plex Companion
+    port: 8324
+    protocol: tcp
+  - description: for current GDM network discovery
+    port: 32410
+    protocol: udp
+  - description: for current GDM network discovery
+    port: 32412
+    protocol: udp
+  - description: for current GDM network discovery
+    port: 32413
+    protocol: udp
+  - description: for current GDM network discovery
+    port: 32414
+    protocol: udp
+  - description: for access to the Plex DLNA Server
+    port: 32469
+    protocol: tcp
--- a/ansible/roles/abjure/readme.md
+++ b/ansible/roles/abjure/readme.md
@ -1,5 +1,20 @@
 # abjure
 This role deploys media servers we use to serve the home and halo.

+## why are you using swarm AND compose
+
+I wanted to have plex handled as part of swarm, but:
+a) it doesn't fucking matter becuase I don't intend to have fault
+tolerance for plex; i'm not even sure it can run well in a clustered
+way
+
+b) its just much much easier to get compose working rather than
+swarm. One day maybe i'd like to do that so that its a single stack to
+deliver, but meh.
+
 ## notes
-If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers
+- If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers
+- If you're installing this from scratch and building a new plex server then you MUST setup plex from the localhost:
+    - Create an ssh tunnel like this `ssh josiah@192.168.1.120 -L 32400:localhost:32400 -N`
+    - then open `localhost:32400/web` in your browser
+    - If you don't add the `/web` to the end of your request, you're going to get unformatted xml and you'll think you broke something. This will cost you a lot of time :(
--- a/ansible/roles/abjure/tasks/main.yml
+++ b/ansible/roles/abjure/tasks/main.yml
@ -62,4 +62,19 @@
    name: abjure
    prune: yes
    compose:
-      - /home/josiah/apps/abjure/abjure-compose.yml
+      - /home/josiah/apps/abjure/abjure-compose.yml
+
+- name: Install Plex compose file
+  template:
+    src: plex-compose.yml.j2
+    dest: "/home/josiah/apps/plex/plex-compose.yml"
+    owner: "josiah"
+    group: "josiah"
+    mode: "0640"
+
+- name: Deploy Plex with docker-compose
+  docker_compose:
+    project_src: "/home/josiah/apps/plex/"
+    project_name: plex
+    files:
+    - plex-compose.yml
--- a/ansible/roles/abjure/templates/abjure-compose.yml
+++ b/ansible/roles/abjure/templates/abjure-compose.yml
@ -11,14 +11,6 @@ services:
      - 80:80/tcp
      - 443:443/tcp
      - 8080:8080/tcp  
-      - 32400:32400/tcp
-      - 8324:8324/tcp
-      - 32469:32469/tcp
-      - 1900:1900/udp
-      - 32410:32410/udp
-      - 32412:32412/udp
-      - 32413:32413/udp
-      - 32414:32414/udp      
    volumes:
      - /home/josiah/apps/traefik/acme.json:/acme.json        
      - traefik_logs:/var/log/access.log
@ -96,35 +88,6 @@ services:
    networks:
      - pubnet      

-  plex:
-    image: plexinc/pms-docker
-    environment:
-      - TZ=America/Chicago
-      - PLEX_CLAIM="{{ vault_pms_claim_token }}"
-      - ADVERTISE_IP=http://192.168.1.120:443/
-    hostname: lair
-    volumes:
-      - /home/josiah/apps/pms/config:/config
-      - /home/josiah/apps/pms/transcode:/transcode
-      - /media/usenet:/data      
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32400"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=8324"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32469"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=1900"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32410"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32412"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32413"
-      - "traefik.http.services.mediaserver-pms.loadbalancer.server.port=32414"
-      - "traefik.http.routers.mediaserver-pms.service=mediaserver-pms"
-      - "traefik.http.routers.mediaserver-pms.rule=Host(`pms.services.jowj.net`)"
-      - "traefik.http.routers.mediaserver-pms.tls.certResolver=mediaserver-resolver"
-      - "traefik.http.routers.mediaserver-pms.tls=true"
-    networks:
-      - pubnet      
-    network_mode: bridge      
-        
 volumes:
  traefik_acme:
  traefik_logs:
--- a/ansible/roles/abjure/templates/plex-compose.yml.j2
+++ b/ansible/roles/abjure/templates/plex-compose.yml.j2
@ -0,0 +1,24 @@
+version: '3.7'
+services:
+  plex:
+    image: plexinc/pms-docker:latest
+    environment:
+      - "TZ=America/Chicago"
+      - "PLEX_CLAIM={{ vault_pms_claim_token }}"
+      - "ADVERTISE_IP=http://pms.services.jowj.net:32400/"
+      - "VERSION=docker"
+      - "UMASK_SET=022"
+    hostname: pms
+    volumes:
+      - /home/josiah/apps/plex/config:/config
+      - /home/josiah/apps/plex/transcode:/transcode
+      - /media/usenet:/data
+    devices:
+      - /dev/dri:/dev/dri      
+    network_mode: bridge      
+    ports:
+    # Note that traefik isn't used for these ports - we're just exposing them directly
+{% for port in plex_ports %}
+      - "{{ port.port }}:{{ port.port }}/{{ port.protocol }}"
+{% endfor %}      
+
--- a/ansible/roles/debian_base/vars/main.yml
+++ b/ansible/roles/debian_base/vars/main.yml
@ -1,3 +1,3 @@
 create_users: ['josiah', 'alice']
 copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
-sys_packages: [ 'sudo', 'python3-docker', 'python3-pip','python3-jsondiff', 'python3-yaml', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ]
+sys_packages: [ 'sudo', 'python3-docker', 'python3-pip','python3-jsondiff', 'python3-yaml', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin', 'docker-compose' ]