Compare commits
5 Commits
caa3e349ef
...
2a1b82bfa9
Author | SHA1 | Date |
---|---|---|
josiah | 2a1b82bfa9 | 4 months ago |
josiah | c5259ad963 | 4 months ago |
josiah | b268a75a20 | 4 months ago |
josiah | b4edd7550e | 4 months ago |
josiah | 200b21a54c | 4 months ago |
@ -0,0 +1,9 @@
|
||||
- name: deploy abjure media servers
|
||||
hosts: services
|
||||
remote_user: "{{ remote_user }}"
|
||||
tasks:
|
||||
- debug: msg="Deploying home services stack to local server"
|
||||
roles:
|
||||
- { name: debian_base }
|
||||
#- { name: tailscale }
|
||||
- { name: abjure }
|
@ -1,7 +0,0 @@
|
||||
- name: deploy home services
|
||||
hosts: mediaserver
|
||||
remote_user: "{{ remote_user }}"
|
||||
tasks:
|
||||
- debug: msg="Deploying home services stack to local server"
|
||||
roles:
|
||||
- { name: home-net, tags: ['home-net'] }
|
@ -0,0 +1,5 @@
|
||||
# abjure
|
||||
This role deploys media servers we use to serve the home and halo.
|
||||
|
||||
## notes
|
||||
If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers
|
@ -0,0 +1,70 @@
|
||||
---
|
||||
# deploy a media server from scratch.
|
||||
|
||||
# boot strap server
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Init a new swarm with default parameters
|
||||
community.general.docker_swarm:
|
||||
state: present
|
||||
|
||||
# set up mediaserver specific bullshit.
|
||||
- name: ensure traefik config directory exists
|
||||
file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: ensure mediaserver config directory exists
|
||||
file: state=directory path=/home/josiah/apps/mediaserver/ owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: ensure traefik.log exists
|
||||
file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: allow for pretty json errors
|
||||
pip:
|
||||
name: jsondiff
|
||||
|
||||
- name: Create deploy configs dir if it does not exist
|
||||
file:
|
||||
path: /home/josiah/deploys/mediaserver
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: copy over mediaserver config files
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: 0777
|
||||
with_items:
|
||||
- {src: 'mediaserver-compose.yml', dest: '/home/josiah/apps/mediaserver/mediaserver-compose.yml'}
|
||||
- {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'}
|
||||
|
||||
- name: Ensure acme.json exists
|
||||
copy:
|
||||
content: ""
|
||||
dest: /home/josiah/apps/traefik/acme.json
|
||||
force: no
|
||||
owner: root
|
||||
group: root
|
||||
state: file
|
||||
mode: '0600'
|
||||
|
||||
- name: Remove the mediaserver stack
|
||||
block:
|
||||
- name: Remove the mediaserver stack
|
||||
docker_stack:
|
||||
state: absent
|
||||
name: mediaserver
|
||||
compose:
|
||||
- /home/josiah/apps/mediaserver/mediaserver-compose.yml
|
||||
- name: Pause so the network gets deleted too
|
||||
pause:
|
||||
seconds: 15
|
||||
|
||||
- name: Deploy mediaserver stack
|
||||
docker_stack:
|
||||
state: present
|
||||
name: mediaserver
|
||||
prune: yes
|
||||
compose:
|
||||
- /home/josiah/apps/mediaserver/mediaserver-compose.yml
|
@ -0,0 +1,15 @@
|
||||
# Docker Compose can read environment variables from this file.
|
||||
# See https://docs.docker.com/compose/env-file/
|
||||
|
||||
# Put admin areas behind a login prompt, with username and password
|
||||
# specified here. Run `htpasswd -n admin` to create a password hash
|
||||
# for user "admin". Paste the output here. SSL strongly recommended.
|
||||
BASIC_AUTH=
|
||||
|
||||
# Let's Encrypt needs an email address for registration.
|
||||
ACME_EMAIL=admin@home.jowj.net
|
||||
|
||||
# The Traefik dashboard will be available at these domains.
|
||||
# The URL is http://example.com/traefik/
|
||||
# You'll need to fill in BASIC_AUTH above.
|
||||
TRAEFIK_DOMAINS=lair.home.jowj.net
|
@ -0,0 +1,98 @@
|
||||
---
|
||||
version: '3.7'
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:2.5
|
||||
networks:
|
||||
- pubnet
|
||||
command: --web --docker --docker.swarmmode --docker.watch --docker.domain="services.jowj.net" --providers.docker.network=pubnet --logLevel=DEBUG
|
||||
ports:
|
||||
- 80:80/tcp
|
||||
- 443:443/tcp
|
||||
- 8080:8080/tcp
|
||||
volumes:
|
||||
- /home/josiah/apps/traefik/acme.json:/acme.json
|
||||
- traefik_logs:/var/log/access.log
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /home/josiah/apps/traefik/traefik.yml:/traefik.yml
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == manager
|
||||
environment:
|
||||
DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
|
||||
labels:
|
||||
# Dashboard shit I stole from Micah:
|
||||
# WARNING: A TRAILING SLASH IS MANDATORY IN THE BROWSER
|
||||
# e.g. https://example.com/dashboard/, not merely /dashboard
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.tls.certResolver=mediaserver-resolver"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.rule=Host(`lair.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.service=api@internal"
|
||||
- "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8080"
|
||||
# - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http"
|
||||
- "traefik.http.routers.mediaserver-traefik-api.entrypoints=https"
|
||||
# middleware redirect
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
# global redirect to https
|
||||
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.http-catchall.entrypoints=http"
|
||||
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
||||
|
||||
|
||||
|
||||
whoami:
|
||||
image: containous/whoami:latest
|
||||
networks:
|
||||
- pubnet
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.mediaserver-whoami.rule=Host(`whoami.services.jowj.net`)"
|
||||
- "traefik.http.routers.mediaserver-whoami.service=mediaserver-whoami"
|
||||
- "traefik.http.services.mediaserver-whoami.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.mediaserver-whoami.tls.certResolver=mediaserver-resolver"
|
||||
- "traefik.http.routers.mediaserver-whoami.tls=true"
|
||||
|
||||
stash:
|
||||
image: git.awful.club/packages/hoard:latest
|
||||
## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
|
||||
# network_mode: host
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-file: "10"
|
||||
max-size: "2m"
|
||||
environment:
|
||||
- STASH_STASH=/data/
|
||||
- STASH_GENERATED=/generated/
|
||||
- STASH_METADATA=/metadata/
|
||||
- STASH_CACHE=/cache/
|
||||
## Adjust below to change default port (9999)
|
||||
# - STASH_PORT=9999
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- "{{ vault_stash_config }}:/root/.stash"
|
||||
- "{{ vault_stash_data }}:/data"
|
||||
- "{{ vault_stash_metadata }}:/metadata"
|
||||
- "{{ vault_stash_cache }}:/cache"
|
||||
- "{{ vault_stash_generated }}:/generated"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.mediaserver-hoard.loadbalancer.server.port=9999"
|
||||
- "traefik.http.routers.mediaserver-hoard.service=mediaserver-hoard"
|
||||
- "traefik.http.routers.mediaserver-hoard.rule=Host(`hoard.services.jowj.net`)"
|
||||
- "traefik.http.routers.mediaserver-hoard.tls.certResolver=mediaserver-resolver"
|
||||
- "traefik.http.routers.mediaserver-hoard.tls=true"
|
||||
networks:
|
||||
- pubnet
|
||||
|
||||
|
||||
volumes:
|
||||
traefik_acme:
|
||||
traefik_logs:
|
||||
|
||||
networks:
|
||||
pubnet:
|
||||
driver: overlay
|
@ -0,0 +1,49 @@
|
||||
---
|
||||
|
||||
# defaultEntryPoints must be at the top
|
||||
defaultEntryPoints:
|
||||
- http
|
||||
- https
|
||||
|
||||
log:
|
||||
level: DEBUG
|
||||
format: common
|
||||
accessLog:
|
||||
format: common
|
||||
|
||||
api:
|
||||
dashboard: true
|
||||
|
||||
entryPoints:
|
||||
http:
|
||||
address: ":80"
|
||||
https:
|
||||
address: ":443"
|
||||
|
||||
http:
|
||||
middlewares:
|
||||
mediaserver-https-redir:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
permanent: true
|
||||
|
||||
certificatesResolvers:
|
||||
mediaserver-resolver:
|
||||
acme:
|
||||
storage: /acme.json
|
||||
email: "admin@home.jowj.net"
|
||||
dnsChallenge:
|
||||
provider: "digitalocean"
|
||||
|
||||
providers:
|
||||
docker: {}
|
||||
|
||||
docker:
|
||||
endpoint: unix:///var/run/docker.sock
|
||||
domain: "services.jowj.net"
|
||||
watch: true
|
||||
exposedbydefault: false
|
||||
|
||||
# smh https://github.com/traefik/traefik/issues/7360
|
||||
pilot:
|
||||
dashboard: false
|
@ -0,0 +1 @@
|
||||
sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ]
|
@ -1,3 +1,3 @@
|
||||
create_users: ['josiah', 'alice']
|
||||
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
|
||||
sys_packages: [ 'sudo', 'tailscale' ]
|
||||
sys_packages: [ 'sudo', 'python3-docker','docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ]
|
||||
|
@ -1,142 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
traefik:
|
||||
# The official v2 Traefik docker image
|
||||
image: traefik:v2.2
|
||||
# Enables the web UI and tells Traefik to listen to docker
|
||||
volumes:
|
||||
# So that Traefik can listen to the Docker events
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
command: --web --docker --docker.swarmmode --docker.watch --docker.domain=home.jowj.net --logLevel=DEBUG
|
||||
ports:
|
||||
- target: 80
|
||||
published: 80
|
||||
protocol: tcp
|
||||
mode: host
|
||||
- target: 443
|
||||
published: 443
|
||||
protocol: tcp
|
||||
mode: host
|
||||
- target: 8080
|
||||
published: 8080
|
||||
protocol: tcp
|
||||
sonarr:
|
||||
image: "linuxserver/sonarr"
|
||||
ports:
|
||||
- "8989:8989"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/sonarr:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/tv/:/tv"
|
||||
lidarr:
|
||||
image: "linuxserver/lidarr"
|
||||
ports:
|
||||
- "8686:8686"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/lidarr:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/audio/:/music"
|
||||
# headphones:
|
||||
# image: "linuxserver/headphones"
|
||||
# ports:
|
||||
# - "8181:8181"
|
||||
# restart: unless-stopped
|
||||
# environment:
|
||||
# PUID: 1000
|
||||
# PGID: 1000
|
||||
# TZ: America/Chicago
|
||||
# volumes:
|
||||
# - "/home/josiah/Documents/apps/headphones:/config"
|
||||
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
# - "/media/usenet/audio/:/music"
|
||||
radarr:
|
||||
image: "linuxserver/radarr"
|
||||
ports:
|
||||
- "7878:7878"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/radarr:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/movies/:/movies"
|
||||
sabnzb:
|
||||
image: "funkypenguin/sabnzbd"
|
||||
ports:
|
||||
- "8080:8080"
|
||||
- "9090:9090"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/sabnzbd:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/home/josiah/Downloads/usenet-incomplete/:/incomplete-downloads"
|
||||
- "/home/josiah/Downloads/usenet-watched/:/watched-folder"
|
||||
- "/media/usenet/tv:/tv"
|
||||
- "/media/usenet/audio/:/music"
|
||||
- "/media/usenet/movies/:/movies"
|
||||
- "/media/usenet/itunes-synology/iTunes Media/Automatically Add to iTunes.localized/:/itunes"
|
||||
- "/media/usenet/book-library/books/:/books"
|
||||
lazylibrarian:
|
||||
image: "thraxis/lazylibrarian-calibre"
|
||||
ports:
|
||||
- "5299:5299"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: America/Chicago
|
||||
volumes:
|
||||
- "/home/josiah/apps/lazylibrarian:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
- "/media/usenet/book-library/calibre-library/:/calibre-library"
|
||||
- "/media/usenet/book-library/books/:/books"
|
||||
- "/media/usenet/book-library/audiobooks:/audiobooks"
|
||||
# calibre:
|
||||
# image: "linuxserver/calibre"
|
||||
# container_name: calibre
|
||||
# ports:
|
||||
# - "8219:8080"
|
||||
# - "8081:8081"
|
||||
# restart: unless-stopped
|
||||
# environment:
|
||||
# PUID: 1000
|
||||
# PGID: 1000
|
||||
# TZ: America/Chicago
|
||||
# volumes:
|
||||
# - "/home/josiah/apps/calibre:/config"
|
||||
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
# - "/media/usenet/book-library/calibre-library/:/calibre-library"
|
||||
# - "/media/usenet/book-library/temp/:/import"
|
||||
|
||||
hydra2:
|
||||
image: linuxserver/hydra2
|
||||
container_name: hydra2
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/London
|
||||
volumes:
|
||||
- "/home/josiah/apps/sabnzbd:/config"
|
||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
||||
ports:
|
||||
- 5076:5076
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "traefik.http.routers.hatchery-hydra2.rule=Host(`hatchery.home.jowj.net/hydra2`)"
|
@ -1 +0,0 @@
|
||||
Subproject commit 3105f4748eeb3f45512f348ffd34629cd17c4017
|
Loading…
Reference in new issue