Add bazarr deployment.

ansible/clients.yml

@@ -1,8 +0,0 @@
----
-
-- name: generate ios client config
-  hosts: dev #localhost
-  tasks:
-    - debug: msg="generate phone config"
-  roles:
-    - { name: wg_vpn }

ansible/cloud_wg.yml

@@ -1,8 +0,0 @@
----
-
-- name: cloud wg config
-  hosts: vpn
-  tasks:
-    - debug: msg="Deploying wg to cloud server"
-  roles:
-    - { name: wg_vpn, tags: ['wg_vpn'] }

ansible/halo.yml

@@ -0,0 +1,16 @@
+---
+
+- name: init droplet
+  hosts: halo
+  tasks:
+    - debug: msg="Deploying droplet config to cloud server"
+  roles:
+    - { name: droplets, tags: ['init']}
+
+- name: deploy the halo stack
+  hosts: halo
+  remote_user: "{{ remote_user }}"
+  tasks:
+    - debug: msg="Deploying halo stack to cloud server"
+  roles:
+    - { name: halo, tags: ['halo'] }

ansible/inventory/hosts.yml

@@ -12,19 +12,10 @@ all:
       hosts:
         storage.home.jowj.net:
         cloudkey.home.jowj.net:
-    vpn:
-      hosts:
-        vpn.awful.club:
     dev:
       hosts:
         localhost:
           ansible_connection: local
-    onprem_clients:
-      hosts:
-        hydra-ling:
-        lurker-ling:
-        ling-bane:
-        little-lady:
     mediaserver:
       hosts:
         hatchery:
@@ -33,3 +24,7 @@ all:
       hosts:
         larva.home.jowj.net:
           ansible_python_interpreter: /usr/bin/python3
+    halo:
+      hosts:
+        halo.awful.club:
+          ansible_python_interpreter: python3

ansible/roles/droplets/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+
+- name: Make sure we have a 'sudo' group
+  group:
+    name: sudo
+    state: present
+
+- name: Allow sudo group to have passwordless sudo
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+- name: Create a new regular user with sudo privileges
+  user:
+    name: "{{ create_user }}"
+    state: present
+    groups: sudo
+    append: true
+    create_home: true
+    shell: /bin/bash
+
+- name: Set authorized key for remote user
+  authorized_key:
+    user: "{{ create_user }}"
+    state: present
+    key: "{{ copy_local_key }}"
+
+
+# - name: Disable password authentication for root
+#   lineinfile:
+#     path: /etc/ssh/sshd_config
+#     state: present
+#     regexp: '^#?PermitRootLogin'
+#     line: 'PermitRootLogin no'
+
+- name: Update apt
+  apt: update_cache=yes
+
+- name: Install required system packages
+  apt: name={{ sys_packages }} state=latest
+
+- name: Restart sshd
+  service:
+    name: sshd.service
+    state: restarted

ansible/roles/droplets/tasks/serverbuild.yml

@@ -1,55 +0,0 @@
-- hosts: vpn
-  remote_user: root
-  gather_facts: false
-  vars:
-    create_user: josiah
-    copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}"
-    sys_packages: [ 'curl', 'vim', 'git', 'fail2ban', 'mosh', 'dnsutils' ]
-
-  tasks:
-    - name: Make sure we have a 'sudo' group
-      group:
-        name: sudo
-        state: present
-
-    - name: Allow sudo group to have passwordless sudo
-      lineinfile:
-        path: /etc/sudoers
-        state: present
-        regexp: '^%sudo'
-        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
-        validate: '/usr/sbin/visudo -cf %s'
-
-    - name: Create a new regular user with sudo privileges
-      user:
-        name: "{{ create_user }}"
-        state: present
-        groups: sudo
-        append: true
-        create_home: true
-        shell: /bin/bash
-
-    - name: Set authorized key for remote user
-      authorized_key:
-        user: "{{ create_user }}"
-        state: present
-        key: "{{ copy_local_key }}"
-
-
-    - name: Disable password authentication for root
-      lineinfile:
-        path: /etc/ssh/sshd_config
-        state: present
-        regexp: '^#?PermitRootLogin'
-        line: 'PermitRootLogin no'
-
-    - name: Update apt
-      apt: update_cache=yes
-
-    - name: Install required system packages
-      apt: name={{ sys_packages }} state=latest
-
-    - name: Restart sshd
-      service:
-        name: sshd.service
-        state: restarted

ansible/roles/droplets/vars/main.yml

@@ -0,0 +1,3 @@
+create_user: josiah
+copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}"
+sys_packages: [ 'curl', 'vim', 'git', 'fail2ban', 'mosh', 'dnsutils' ]

ansible/roles/halo/readme.org

@@ -0,0 +1,6 @@
+* halo
+halo hosts my shared services for my tailnet. right now thats just
+- smokeping
+- oversearr
+
+

ansible/roles/halo/tasks/main.yml

@@ -0,0 +1,73 @@
+---
+# deploy a halo host
+
+# boot strap server
+- name: Install aptitude using apt
+  apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
+
+- name: Install required system packages for docker install
+  apt: name={{ item }} state=latest update_cache=yes
+  loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common']
+
+- name: Add Docker GPG apt Key
+  apt_key:
+    url: https://download.docker.com/linux/debian/gpg
+    state: present
+
+- name: Add Docker Repository
+  apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu bionic stable
+    state: present
+
+- name: Add tailscale GPG apt Key
+  apt_key:
+    url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
+    state: present
+
+- name: Add tailscsale Repository
+  apt_repository:
+    repo: deb https://pkgs.tailscale.com/stable/debian bullseye main
+    state: present    
+
+- name: Update apt
+  apt: update_cache=yes
+
+- name: Install required system packages
+  apt: name={{ sys_packages }} state=latest
+
+- name: add 'josiah' to docker group
+  user:
+    name='josiah'
+    groups=docker
+    append=yes
+
+- name: install python packages
+  pip:
+    name: ["jsondiff", "docker"]
+
+# init new swarm, set up 
+- name: Init a new swarm with default parameters
+  docker_swarm:
+    state: present
+    advertise_addr: "100.108.51.49"
+
+- name: ensure the app folders exist
+  file: state=directory path={{ item }} owner=josiah group=josiah mode=0700
+  loop: [ '/home/josiah/apps/smokeping/',  '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/letsencrypt/',  '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/smokeping/data' ]
+
+- name: copy over awful-All config files
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0777
+  with_items:
+    - {src: 'halo-compose.yml', dest: '/home/josiah/apps/halo-compose.yml'}
+    - {src: 'traefik.yml', dest: '/home/josiah/apps/traefik.yml'}
+    - {src: 'Targets', dest: '/home/josiah/apps/smokeping/config/Targets'}    
+
+- name: Deploy halo stack
+  docker_stack:
+    state: present
+    name: halo
+    compose:
+      - /home/josiah/apps/halo-compose.yml

ansible/roles/halo/templates/Targets

@@ -0,0 +1,213 @@
+*** Targets ***
+
+probe = FPing
+
+menu = Top
+title = work Latency Grapher
+remark = Welcome to the SmokePing website of WORKS Company. \
+         Here you will learn all about the latency of our network.
+
++ HomeNet 
+menu = HomeNet
+title = HomeNet
+
+++ hatchery
+menu = hatchery
+title = hatchery
+host = hatchery.home.jowj.net
+
+++ hoyden
+menu = hoyden
+title = hoyden
+host = 192.168.1.20
+
+++ synology-as-1
+menu = syn-nas
+title = syn-nas 
+host = storage.home.jowj.net
+
+++ sainthood
+menu = sainthood
+title = sainthood
+host = sainthood.home.jowj.net
+
++ Services
+menu = Services
+title = Services
+
+++ sonarr
+menu = sonarr
+title = sonarr
+host = sonarr.services.jowj.net
+
+++ readarr
+menu = readarr
+title = readarr
+host = readarr.services.jowj.net
+
+++ lidarr
+menu = lidarr
+title = lidarr
+host = lidarr.services.jowj.net
+
+++ radarr
+menu = radarr
+title = radarr
+host = radarr.services.jowj.net
+
+++ sabnzb
+menu = sabnzbd
+title = sabnzbd
+host = sab.services.jowj.net
+
++ AwfulNet
+menu = AwfulNet
+title = AwfulNet
+
+++ matrix
+menu = matrix
+title = matrix.awful.club
+host = matrix.awful.club
+
+++ awful1
+menu = awful1
+title = awful1
+host = awful-1.awful.club
+
+
++ InternetSites
+
+menu = Internet Sites
+title = Internet Sites
+
+++ GoogleSearch
+menu = Google
+title = google.com
+host = google.com
+
+++ GoogleSearchIpv6
+menu = Google
+probe = FPing6
+title = ipv6.google.com
+host = ipv6.google.com
+
+++ linuxserverio
+menu = linuxserver.io
+title = linuxserver.io
+host = linuxserver.io
+
++ USA
+
+menu = North America
+title = North American Connectivity
+
+++ MIT
+
+menu = MIT
+title = Massachusetts Institute of Technology Webserver
+host = web.mit.edu
+
+++ OSUOSL
+
+menu = Oregon State University Open Source Lab
+title = Oregon State University Open Source Lab
+host = osuosl.org
+
++ DNS
+menu = DNS
+title = DNS
+
+++ GoogleDNS1
+menu = Google DNS 1
+title = Google DNS 8.8.8.8
+host = 8.8.8.8
+
+++ GoogleDNS2
+menu = Google DNS 2
+title = Google DNS 8.8.4.4
+host = 8.8.4.4
+
+++ OpenDNS1
+menu = OpenDNS1
+title = OpenDNS1
+host = 208.67.222.222
+
+++ OpenDNS2
+menu = OpenDNS2
+title = OpenDNS2
+host = 208.67.220.220
+
+++ CloudflareDNS1
+menu = Cloudflare DNS 1
+title = Cloudflare DNS 1.1.1.1
+host = 1.1.1.1
+
+++ CloudflareDNS2
+menu = Cloudflare DNS 2
+title = Cloudflare DNS 1.0.0.1
+host = 1.0.0.1
+
+++ L3-1
+menu = Level3 DNS 1
+title = Level3 DNS 4.2.2.1
+host = 4.2.2.1
+
+++ L3-2
+menu = Level3 DNS 2
+title = Level3 DNS 4.2.2.2
+host = 4.2.2.2
+
+++ Quad9
+menu = Quad9
+title = Quad9 DNS 9.9.9.9
+host = 9.9.9.9
+
++ DNSProbes
+menu = DNS Probes
+title = DNS Probes
+probe = DNS
+
+++ GoogleDNS1
+menu = Google DNS 1
+title = Google DNS 8.8.8.8
+host = 8.8.8.8
+
+++ GoogleDNS2
+menu = Google DNS 2
+title = Google DNS 8.8.4.4
+host = 8.8.4.4
+
+++ OpenDNS1
+menu = OpenDNS1
+title = OpenDNS1
+host = 208.67.222.222
+
+++ OpenDNS2
+menu = OpenDNS2
+title = OpenDNS2
+host = 208.67.220.220
+
+++ CloudflareDNS1
+menu = Cloudflare DNS 1
+title = Cloudflare DNS 1.1.1.1
+host = 1.1.1.1
+
+++ CloudflareDNS2
+menu = Cloudflare DNS 2
+title = Cloudflare DNS 1.0.0.1
+host = 1.0.0.1
+
+++ L3-1
+menu = Level3 DNS 1
+title = Level3 DNS 4.2.2.1
+host = 4.2.2.1
+
+++ L3-2
+menu = Level3 DNS 2
+title = Level3 DNS 4.2.2.2
+host = 4.2.2.2
+
+++ Quad9
+menu = Quad9
+title = Quad9 DNS 9.9.9.9
+host = 9.9.9.9

ansible/roles/halo/templates/halo-compose.yml

@@ -0,0 +1,54 @@
+version: '3'
+
+networks:
+  gitea:
+    external: false
+  pubnet:
+    external: false
+
+volumes:
+  traefik_acme:
+  traefik_logs:
+    
+services:      
+  traefik:
+    image: "traefik:v2.2"
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
+    networks:
+      pubnet:
+    volumes:
+      - "/home/josiah/apps/letsencrypt/:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "/home/josiah/apps/traefik.yml:/etc/traefik/traefik.yml"
+      - traefik_logs:/log
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)"      
+      - "traefik.http.routers.edge.entrypoints=web"
+      - "traefik.http.routers.edge.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+  smokeping:
+    image: lscr.io/linuxserver/smokeping:latest
+    networks:
+      pubnet:
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Chicago
+    volumes:
+      - /home/josiah/apps/smokeping/config/:/config
+      - /home/josiah/apps/smokeping/data:/data
+    restart: unless-stopped
+    labels:
+      # global rules
+      - "traefik.enable=true"
+      # the web ui
+      - "traefik.http.routers.freshrss.rule=Host(`monitor.awful.club`)"      
+      - "traefik.http.routers.freshrss.entrypoints=websecure"
+      - "traefik.http.routers.freshrss.tls=true"      
+      - "traefik.http.routers.freshrss.tls.certresolver=awful-letsencrypt"      

ansible/roles/halo/templates/traefik.yml

@@ -0,0 +1,37 @@
+# defaultEntryPoints must be at the top
+# because it should not be in any table below
+defaultEntryPoints: ["http", "https"]
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: true
+api:
+  dashboard: false
+  debug: true
+  insecure: false
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+
+providers:
+  docker:
+    watch: true
+    swarmMode: false
+    endpoint: "unix:///var/run/docker.sock"
+    exposedbydefault: false
+certificatesResolvers:
+  awful-letsencrypt:
+    acme:
+      email: "admin@awful.club"
+      storage: "/letsencrypt/acme.json"
+      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      dnsChallenge:
+        provider: "digitalocean"
+log:
+  filePath: "/log/traefik.log"
+  level: DEBUG
+accessLog:
+  filePath: "/log/access.log"
+  bufferingSize: 100

ansible/roles/halo/vars/main.yml

@@ -0,0 +1 @@
+sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip', 'docker', 'ca-certificates', 'curl', 'gnupg', 'lsb-release', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-compose-plugin', 'tailscale']

ansible/roles/mediaserver/templates/mediaserver-compose.yml

@@ -225,7 +225,28 @@ services:
       - "traefik.http.routers.mediaserver-readarr.tls.certResolver=mediaserver-resolver"
       - "traefik.http.routers.mediaserver-readarr.tls=true"                        
     networks:
-      - pubnet    
+      - pubnet
+
+  bazarr:
+    image: lscr.io/linuxserver/bazarr:latest
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: America/Chicago      
+    volumes:
+      - "/home/josiah/apps/bazarr/config:/config"
+      - "/home/josiah/Downloads/usenet-complete/:/media/downloads"
+      - "/media/usenet/tv/:/media/tv"
+      - "/media/usenet/movies/:/media/movies"      
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.mediaserver-bazarr.loadbalancer.server.port=6767"
+      - "traefik.http.routers.mediaserver-bazarr.service=mediaserver-bazarr"
+      - "traefik.http.routers.mediaserver-bazarr.rule=Host(`bazarr.services.jowj.net`)"
+      - "traefik.http.routers.mediaserver-bazarr.tls.certResolver=mediaserver-resolver"
+      - "traefik.http.routers.mediaserver-bazarr.tls=true"
+    networks:
+      - pubnet      
         
 volumes:
   traefik_acme:
@@ -234,4 +255,4 @@ volumes:
 
 networks:
   pubnet:
-    driver: overlay    
+    driver: overlay