jowj
/
adc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: jowj:caa3e349ef99042b8fb03439069fe2cf0c26ee0b
Branches Tags
jowj:master
jowj:highsea-config
jowj:pms-docker
...
compare: jowj:2a1b82bfa948b89723933cb7b768c77c826d57ef
Branches Tags
jowj:master
jowj:highsea-config
jowj:pms-docker

5 Commits
caa3e349ef ... 2a1b82bfa9

Author SHA1 Message Date
josiah 2a1b82bfa9 Copy mediaserver to abjure role as a WIP starting point.
4 months ago
josiah c5259ad963 Remove old home-services file, add new abjure deploy play.
4 months ago
josiah b268a75a20 Add lair host.
4 months ago
josiah b4edd7550e Add Docker to base debian image.
4 months ago
josiah 200b21a54c Delete unneeded files.
4 months ago
13 changed files with 264 additions and 159 deletions
Show Stats

9
ansible/_deploy_abjure.yml
Unescape View File

@ -0,0 +1,9 @@
- name: deploy abjure media servers
hosts: services
remote_user: "{{ remote_user }}"
tasks:
- debug: msg="Deploying home services stack to local server"
roles:
- { name: debian_base }
#- { name: tailscale }
- { name: abjure }

7
ansible/home-services.yml
Unescape View File

@ -1,7 +0,0 @@
- name: deploy home services
hosts: mediaserver
remote_user: "{{ remote_user }}"
tasks:
- debug: msg="Deploying home services stack to local server"
roles:
- { name: home-net, tags: ['home-net'] }

10
ansible/inventory/hosts.yml
Unescape View File

@ -8,6 +8,8 @@ all:
hosts:
hatchery.home.jowj.net:
larva.home.jowj.net:
lair:
ansible_host: 192.168.1.120
appliances:
hosts:
storage.home.jowj.net:
@ -16,9 +18,13 @@ all:
hosts:
localhost:
ansible_connection: local
mediaserver:
# mediaserver:
# hosts:
# hatchery:
# ansible_python_interpreter: /usr/bin/python3
services:
hosts:
hatchery:
lair:
ansible_python_interpreter: /usr/bin/python3
syslog:
hosts:

5
ansible/roles/abjure/readme.md
Unescape View File

@ -0,0 +1,5 @@
# abjure
This role deploys media servers we use to serve the home and halo.
## notes
If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers

70
ansible/roles/abjure/tasks/main.yml
Unescape View File

@ -0,0 +1,70 @@
---
# deploy a media server from scratch.
# boot strap server
- name: Update apt
apt: update_cache=yes
- name: Init a new swarm with default parameters
community.general.docker_swarm:
state: present
# set up mediaserver specific bullshit.
- name: ensure traefik config directory exists
file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700
- name: ensure mediaserver config directory exists
file: state=directory path=/home/josiah/apps/mediaserver/ owner=josiah group=josiah mode=0700
- name: ensure traefik.log exists
file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700
- name: allow for pretty json errors
pip:
name: jsondiff
- name: Create deploy configs dir if it does not exist
file:
path: /home/josiah/deploys/mediaserver
state: directory
mode: '0755'
- name: copy over mediaserver config files
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0777
with_items:
- {src: 'mediaserver-compose.yml', dest: '/home/josiah/apps/mediaserver/mediaserver-compose.yml'}
- {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'}
- name: Ensure acme.json exists
copy:
content: ""
dest: /home/josiah/apps/traefik/acme.json
force: no
owner: root
group: root
state: file
mode: '0600'
- name: Remove the mediaserver stack
block:
- name: Remove the mediaserver stack
docker_stack:
state: absent
name: mediaserver
compose:
- /home/josiah/apps/mediaserver/mediaserver-compose.yml
- name: Pause so the network gets deleted too
pause:
seconds: 15
- name: Deploy mediaserver stack
docker_stack:
state: present
name: mediaserver
prune: yes
compose:
- /home/josiah/apps/mediaserver/mediaserver-compose.yml

15
ansible/roles/abjure/templates/.env.j2
Unescape View File

@ -0,0 +1,15 @@
# Docker Compose can read environment variables from this file.
# See https://docs.docker.com/compose/env-file/
# Put admin areas behind a login prompt, with username and password
# specified here. Run `htpasswd -n admin` to create a password hash
# for user "admin". Paste the output here. SSL strongly recommended.
BASIC_AUTH=
# Let's Encrypt needs an email address for registration.
ACME_EMAIL=admin@home.jowj.net
# The Traefik dashboard will be available at these domains.
# The URL is http://example.com/traefik/
# You'll need to fill in BASIC_AUTH above.
TRAEFIK_DOMAINS=lair.home.jowj.net

98
ansible/roles/abjure/templates/mediaserver-compose.yml
Unescape View File

@ -0,0 +1,98 @@
---
version: '3.7'
services:
traefik:
image: traefik:2.5
networks:
- pubnet
command: --web --docker --docker.swarmmode --docker.watch --docker.domain="services.jowj.net" --providers.docker.network=pubnet --logLevel=DEBUG
ports:
- 80:80/tcp
- 443:443/tcp
- 8080:8080/tcp
volumes:
- /home/josiah/apps/traefik/acme.json:/acme.json
- traefik_logs:/var/log/access.log
- /var/run/docker.sock:/var/run/docker.sock
- /home/josiah/apps/traefik/traefik.yml:/traefik.yml
deploy:
mode: global
placement:
constraints:
- node.role == manager
environment:
DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
labels:
# Dashboard shit I stole from Micah:
# WARNING: A TRAILING SLASH IS MANDATORY IN THE BROWSER
# e.g. https://example.com/dashboard/, not merely /dashboard
- "traefik.enable=true"
- "traefik.http.routers.mediaserver-traefik-api.tls.certResolver=mediaserver-resolver"
- "traefik.http.routers.mediaserver-traefik-api.rule=Host(`lair.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
- "traefik.http.routers.mediaserver-traefik-api.service=api@internal"
- "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8080"
# - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http"
- "traefik.http.routers.mediaserver-traefik-api.entrypoints=https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
whoami:
image: containous/whoami:latest
networks:
- pubnet
labels:
- "traefik.enable=true"
- "traefik.http.routers.mediaserver-whoami.rule=Host(`whoami.services.jowj.net`)"
- "traefik.http.routers.mediaserver-whoami.service=mediaserver-whoami"
- "traefik.http.services.mediaserver-whoami.loadbalancer.server.port=80"
- "traefik.http.routers.mediaserver-whoami.tls.certResolver=mediaserver-resolver"
- "traefik.http.routers.mediaserver-whoami.tls=true"
stash:
image: git.awful.club/packages/hoard:latest
## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
# network_mode: host
logging:
driver: "json-file"
options:
max-file: "10"
max-size: "2m"
environment:
- STASH_STASH=/data/
- STASH_GENERATED=/generated/
- STASH_METADATA=/metadata/
- STASH_CACHE=/cache/
## Adjust below to change default port (9999)
# - STASH_PORT=9999
volumes:
- /etc/localtime:/etc/localtime:ro
- "{{ vault_stash_config }}:/root/.stash"
- "{{ vault_stash_data }}:/data"
- "{{ vault_stash_metadata }}:/metadata"
- "{{ vault_stash_cache }}:/cache"
- "{{ vault_stash_generated }}:/generated"
labels:
- "traefik.enable=true"
- "traefik.http.services.mediaserver-hoard.loadbalancer.server.port=9999"
- "traefik.http.routers.mediaserver-hoard.service=mediaserver-hoard"
- "traefik.http.routers.mediaserver-hoard.rule=Host(`hoard.services.jowj.net`)"
- "traefik.http.routers.mediaserver-hoard.tls.certResolver=mediaserver-resolver"
- "traefik.http.routers.mediaserver-hoard.tls=true"
networks:
- pubnet
volumes:
traefik_acme:
traefik_logs:
networks:
pubnet:
driver: overlay

49
ansible/roles/abjure/templates/traefik.yml.j2
Unescape View File

@ -0,0 +1,49 @@
---
# defaultEntryPoints must be at the top
defaultEntryPoints:
- http
- https
log:
level: DEBUG
format: common
accessLog:
format: common
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
http:
middlewares:
mediaserver-https-redir:
redirectScheme:
scheme: https
permanent: true
certificatesResolvers:
mediaserver-resolver:
acme:
storage: /acme.json
email: "admin@home.jowj.net"
dnsChallenge:
provider: "digitalocean"
providers:
docker: {}
docker:
endpoint: unix:///var/run/docker.sock
domain: "services.jowj.net"
watch: true
exposedbydefault: false
# smh https://github.com/traefik/traefik/issues/7360
pilot:
dashboard: false

1
ansible/roles/abjure/vars/main.yml
Unescape View File

@ -0,0 +1 @@
sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ]

14
ansible/roles/debian_base/tasks/main.yml
Unescape View File

@ -6,16 +6,18 @@
- name: Install aptitude using apt
apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
# Add custom packages to apt.
- name: Add tailscale GPG apt Key
- name: Add Docker GPG apt Key
apt_key:
url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add tailscsale Repository
- name: Add Docker Repository
apt_repository:
repo: deb https://pkgs.tailscale.com/stable/debian bullseye main
state: present
repo: deb https://download.docker.com/linux/ubuntu bionic stable
state: present
- name: Update apt
apt: update_cache=yes
# Add our packages
- name: Install required system packages

2
ansible/roles/debian_base/vars/main.yml
Unescape View File

@ -1,3 +1,3 @@
create_users: ['josiah', 'alice']
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
sys_packages: [ 'sudo', 'tailscale' ]
sys_packages: [ 'sudo', 'python3-docker','docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ]

142
docker/media-server/docker-compose.yml
Unescape View File

@ -1,142 +0,0 @@
version: '3'
services:
traefik:
# The official v2 Traefik docker image
image: traefik:v2.2
# Enables the web UI and tells Traefik to listen to docker
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
command: --web --docker --docker.swarmmode --docker.watch --docker.domain=home.jowj.net --logLevel=DEBUG
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
sonarr:
image: "linuxserver/sonarr"
ports:
- "8989:8989"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/sonarr:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/tv/:/tv"
lidarr:
image: "linuxserver/lidarr"
ports:
- "8686:8686"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/lidarr:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/audio/:/music"
# headphones:
# image: "linuxserver/headphones"
# ports:
# - "8181:8181"
# restart: unless-stopped
# environment:
# PUID: 1000
# PGID: 1000
# TZ: America/Chicago
# volumes:
# - "/home/josiah/Documents/apps/headphones:/config"
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
# - "/media/usenet/audio/:/music"
radarr:
image: "linuxserver/radarr"
ports:
- "7878:7878"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/radarr:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/movies/:/movies"
sabnzb:
image: "funkypenguin/sabnzbd"
ports:
- "8080:8080"
- "9090:9090"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/sabnzbd:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/home/josiah/Downloads/usenet-incomplete/:/incomplete-downloads"
- "/home/josiah/Downloads/usenet-watched/:/watched-folder"
- "/media/usenet/tv:/tv"
- "/media/usenet/audio/:/music"
- "/media/usenet/movies/:/movies"
- "/media/usenet/itunes-synology/iTunes Media/Automatically Add to iTunes.localized/:/itunes"
- "/media/usenet/book-library/books/:/books"
lazylibrarian:
image: "thraxis/lazylibrarian-calibre"
ports:
- "5299:5299"
restart: unless-stopped
environment:
PUID: 1000
PGID: 1000
TZ: America/Chicago
volumes:
- "/home/josiah/apps/lazylibrarian:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
- "/media/usenet/book-library/calibre-library/:/calibre-library"
- "/media/usenet/book-library/books/:/books"
- "/media/usenet/book-library/audiobooks:/audiobooks"
# calibre:
# image: "linuxserver/calibre"
# container_name: calibre
# ports:
# - "8219:8080"
# - "8081:8081"
# restart: unless-stopped
# environment:
# PUID: 1000
# PGID: 1000
# TZ: America/Chicago
# volumes:
# - "/home/josiah/apps/calibre:/config"
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
# - "/media/usenet/book-library/calibre-library/:/calibre-library"
# - "/media/usenet/book-library/temp/:/import"
hydra2:
image: linuxserver/hydra2
container_name: hydra2
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- "/home/josiah/apps/sabnzbd:/config"
- "/home/josiah/Downloads/usenet-complete/:/downloads"
ports:
- 5076:5076
restart: unless-stopped
labels:
- "traefik.http.routers.hatchery-hydra2.rule=Host(`hatchery.home.jowj.net/hydra2`)"

1
submod/jlj-matrix

@ -1 +0,0 @@
Subproject commit 3105f4748eeb3f45512f348ffd34629cd17c4017
Write Preview
Loading…
Cancel
Save