Compare commits
5 Commits
caa3e349ef
...
2a1b82bfa9
Author | SHA1 | Date |
---|---|---|
josiah | 2a1b82bfa9 | 5 months ago |
josiah | c5259ad963 | 5 months ago |
josiah | b268a75a20 | 5 months ago |
josiah | b4edd7550e | 5 months ago |
josiah | 200b21a54c | 5 months ago |
@ -0,0 +1,9 @@
|
|||||||
|
- name: deploy abjure media servers
|
||||||
|
hosts: services
|
||||||
|
remote_user: "{{ remote_user }}"
|
||||||
|
tasks:
|
||||||
|
- debug: msg="Deploying home services stack to local server"
|
||||||
|
roles:
|
||||||
|
- { name: debian_base }
|
||||||
|
#- { name: tailscale }
|
||||||
|
- { name: abjure }
|
@ -1,7 +0,0 @@
|
|||||||
- name: deploy home services
|
|
||||||
hosts: mediaserver
|
|
||||||
remote_user: "{{ remote_user }}"
|
|
||||||
tasks:
|
|
||||||
- debug: msg="Deploying home services stack to local server"
|
|
||||||
roles:
|
|
||||||
- { name: home-net, tags: ['home-net'] }
|
|
@ -0,0 +1,5 @@
|
|||||||
|
# abjure
|
||||||
|
This role deploys media servers we use to serve the home and halo.
|
||||||
|
|
||||||
|
## notes
|
||||||
|
If a container is failing, use docker service logs mediaserver_SERVICENAME to see the logs from the failed containers
|
@ -0,0 +1,70 @@
|
|||||||
|
---
|
||||||
|
# deploy a media server from scratch.
|
||||||
|
|
||||||
|
# boot strap server
|
||||||
|
|
||||||
|
- name: Update apt
|
||||||
|
apt: update_cache=yes
|
||||||
|
|
||||||
|
- name: Init a new swarm with default parameters
|
||||||
|
community.general.docker_swarm:
|
||||||
|
state: present
|
||||||
|
|
||||||
|
# set up mediaserver specific bullshit.
|
||||||
|
- name: ensure traefik config directory exists
|
||||||
|
file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700
|
||||||
|
|
||||||
|
- name: ensure mediaserver config directory exists
|
||||||
|
file: state=directory path=/home/josiah/apps/mediaserver/ owner=josiah group=josiah mode=0700
|
||||||
|
|
||||||
|
- name: ensure traefik.log exists
|
||||||
|
file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700
|
||||||
|
|
||||||
|
- name: allow for pretty json errors
|
||||||
|
pip:
|
||||||
|
name: jsondiff
|
||||||
|
|
||||||
|
- name: Create deploy configs dir if it does not exist
|
||||||
|
file:
|
||||||
|
path: /home/josiah/deploys/mediaserver
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: copy over mediaserver config files
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: 0777
|
||||||
|
with_items:
|
||||||
|
- {src: 'mediaserver-compose.yml', dest: '/home/josiah/apps/mediaserver/mediaserver-compose.yml'}
|
||||||
|
- {src: 'traefik.yml.j2', dest: '/home/josiah/apps/traefik/traefik.yml'}
|
||||||
|
|
||||||
|
- name: Ensure acme.json exists
|
||||||
|
copy:
|
||||||
|
content: ""
|
||||||
|
dest: /home/josiah/apps/traefik/acme.json
|
||||||
|
force: no
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: file
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Remove the mediaserver stack
|
||||||
|
block:
|
||||||
|
- name: Remove the mediaserver stack
|
||||||
|
docker_stack:
|
||||||
|
state: absent
|
||||||
|
name: mediaserver
|
||||||
|
compose:
|
||||||
|
- /home/josiah/apps/mediaserver/mediaserver-compose.yml
|
||||||
|
- name: Pause so the network gets deleted too
|
||||||
|
pause:
|
||||||
|
seconds: 15
|
||||||
|
|
||||||
|
- name: Deploy mediaserver stack
|
||||||
|
docker_stack:
|
||||||
|
state: present
|
||||||
|
name: mediaserver
|
||||||
|
prune: yes
|
||||||
|
compose:
|
||||||
|
- /home/josiah/apps/mediaserver/mediaserver-compose.yml
|
@ -0,0 +1,15 @@
|
|||||||
|
# Docker Compose can read environment variables from this file.
|
||||||
|
# See https://docs.docker.com/compose/env-file/
|
||||||
|
|
||||||
|
# Put admin areas behind a login prompt, with username and password
|
||||||
|
# specified here. Run `htpasswd -n admin` to create a password hash
|
||||||
|
# for user "admin". Paste the output here. SSL strongly recommended.
|
||||||
|
BASIC_AUTH=
|
||||||
|
|
||||||
|
# Let's Encrypt needs an email address for registration.
|
||||||
|
ACME_EMAIL=admin@home.jowj.net
|
||||||
|
|
||||||
|
# The Traefik dashboard will be available at these domains.
|
||||||
|
# The URL is http://example.com/traefik/
|
||||||
|
# You'll need to fill in BASIC_AUTH above.
|
||||||
|
TRAEFIK_DOMAINS=lair.home.jowj.net
|
@ -0,0 +1,98 @@
|
|||||||
|
---
|
||||||
|
version: '3.7'
|
||||||
|
|
||||||
|
services:
|
||||||
|
traefik:
|
||||||
|
image: traefik:2.5
|
||||||
|
networks:
|
||||||
|
- pubnet
|
||||||
|
command: --web --docker --docker.swarmmode --docker.watch --docker.domain="services.jowj.net" --providers.docker.network=pubnet --logLevel=DEBUG
|
||||||
|
ports:
|
||||||
|
- 80:80/tcp
|
||||||
|
- 443:443/tcp
|
||||||
|
- 8080:8080/tcp
|
||||||
|
volumes:
|
||||||
|
- /home/josiah/apps/traefik/acme.json:/acme.json
|
||||||
|
- traefik_logs:/var/log/access.log
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- /home/josiah/apps/traefik/traefik.yml:/traefik.yml
|
||||||
|
deploy:
|
||||||
|
mode: global
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.role == manager
|
||||||
|
environment:
|
||||||
|
DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
|
||||||
|
labels:
|
||||||
|
# Dashboard shit I stole from Micah:
|
||||||
|
# WARNING: A TRAILING SLASH IS MANDATORY IN THE BROWSER
|
||||||
|
# e.g. https://example.com/dashboard/, not merely /dashboard
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.mediaserver-traefik-api.tls.certResolver=mediaserver-resolver"
|
||||||
|
- "traefik.http.routers.mediaserver-traefik-api.rule=Host(`lair.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
|
||||||
|
- "traefik.http.routers.mediaserver-traefik-api.service=api@internal"
|
||||||
|
- "traefik.http.services.mediaserver-traefik-api.loadbalancer.server.port=8080"
|
||||||
|
# - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http"
|
||||||
|
- "traefik.http.routers.mediaserver-traefik-api.entrypoints=https"
|
||||||
|
# middleware redirect
|
||||||
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||||
|
# global redirect to https
|
||||||
|
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||||
|
- "traefik.http.routers.http-catchall.entrypoints=http"
|
||||||
|
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
whoami:
|
||||||
|
image: containous/whoami:latest
|
||||||
|
networks:
|
||||||
|
- pubnet
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.mediaserver-whoami.rule=Host(`whoami.services.jowj.net`)"
|
||||||
|
- "traefik.http.routers.mediaserver-whoami.service=mediaserver-whoami"
|
||||||
|
- "traefik.http.services.mediaserver-whoami.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.mediaserver-whoami.tls.certResolver=mediaserver-resolver"
|
||||||
|
- "traefik.http.routers.mediaserver-whoami.tls=true"
|
||||||
|
|
||||||
|
stash:
|
||||||
|
image: git.awful.club/packages/hoard:latest
|
||||||
|
## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section
|
||||||
|
# network_mode: host
|
||||||
|
logging:
|
||||||
|
driver: "json-file"
|
||||||
|
options:
|
||||||
|
max-file: "10"
|
||||||
|
max-size: "2m"
|
||||||
|
environment:
|
||||||
|
- STASH_STASH=/data/
|
||||||
|
- STASH_GENERATED=/generated/
|
||||||
|
- STASH_METADATA=/metadata/
|
||||||
|
- STASH_CACHE=/cache/
|
||||||
|
## Adjust below to change default port (9999)
|
||||||
|
# - STASH_PORT=9999
|
||||||
|
volumes:
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- "{{ vault_stash_config }}:/root/.stash"
|
||||||
|
- "{{ vault_stash_data }}:/data"
|
||||||
|
- "{{ vault_stash_metadata }}:/metadata"
|
||||||
|
- "{{ vault_stash_cache }}:/cache"
|
||||||
|
- "{{ vault_stash_generated }}:/generated"
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.mediaserver-hoard.loadbalancer.server.port=9999"
|
||||||
|
- "traefik.http.routers.mediaserver-hoard.service=mediaserver-hoard"
|
||||||
|
- "traefik.http.routers.mediaserver-hoard.rule=Host(`hoard.services.jowj.net`)"
|
||||||
|
- "traefik.http.routers.mediaserver-hoard.tls.certResolver=mediaserver-resolver"
|
||||||
|
- "traefik.http.routers.mediaserver-hoard.tls=true"
|
||||||
|
networks:
|
||||||
|
- pubnet
|
||||||
|
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
traefik_acme:
|
||||||
|
traefik_logs:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
pubnet:
|
||||||
|
driver: overlay
|
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# defaultEntryPoints must be at the top
|
||||||
|
defaultEntryPoints:
|
||||||
|
- http
|
||||||
|
- https
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: DEBUG
|
||||||
|
format: common
|
||||||
|
accessLog:
|
||||||
|
format: common
|
||||||
|
|
||||||
|
api:
|
||||||
|
dashboard: true
|
||||||
|
|
||||||
|
entryPoints:
|
||||||
|
http:
|
||||||
|
address: ":80"
|
||||||
|
https:
|
||||||
|
address: ":443"
|
||||||
|
|
||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
mediaserver-https-redir:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
|
||||||
|
certificatesResolvers:
|
||||||
|
mediaserver-resolver:
|
||||||
|
acme:
|
||||||
|
storage: /acme.json
|
||||||
|
email: "admin@home.jowj.net"
|
||||||
|
dnsChallenge:
|
||||||
|
provider: "digitalocean"
|
||||||
|
|
||||||
|
providers:
|
||||||
|
docker: {}
|
||||||
|
|
||||||
|
docker:
|
||||||
|
endpoint: unix:///var/run/docker.sock
|
||||||
|
domain: "services.jowj.net"
|
||||||
|
watch: true
|
||||||
|
exposedbydefault: false
|
||||||
|
|
||||||
|
# smh https://github.com/traefik/traefik/issues/7360
|
||||||
|
pilot:
|
||||||
|
dashboard: false
|
@ -0,0 +1 @@
|
|||||||
|
sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ]
|
@ -1,3 +1,3 @@
|
|||||||
create_users: ['josiah', 'alice']
|
create_users: ['josiah', 'alice']
|
||||||
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
|
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
|
||||||
sys_packages: [ 'sudo', 'tailscale' ]
|
sys_packages: [ 'sudo', 'python3-docker','docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-buildx-plugin', 'docker-compose-plugin' ]
|
||||||
|
@ -1,142 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
traefik:
|
|
||||||
# The official v2 Traefik docker image
|
|
||||||
image: traefik:v2.2
|
|
||||||
# Enables the web UI and tells Traefik to listen to docker
|
|
||||||
volumes:
|
|
||||||
# So that Traefik can listen to the Docker events
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
command: --web --docker --docker.swarmmode --docker.watch --docker.domain=home.jowj.net --logLevel=DEBUG
|
|
||||||
ports:
|
|
||||||
- target: 80
|
|
||||||
published: 80
|
|
||||||
protocol: tcp
|
|
||||||
mode: host
|
|
||||||
- target: 443
|
|
||||||
published: 443
|
|
||||||
protocol: tcp
|
|
||||||
mode: host
|
|
||||||
- target: 8080
|
|
||||||
published: 8080
|
|
||||||
protocol: tcp
|
|
||||||
sonarr:
|
|
||||||
image: "linuxserver/sonarr"
|
|
||||||
ports:
|
|
||||||
- "8989:8989"
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
PUID: 1000
|
|
||||||
PGID: 1000
|
|
||||||
TZ: America/Chicago
|
|
||||||
volumes:
|
|
||||||
- "/home/josiah/apps/sonarr:/config"
|
|
||||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
- "/media/usenet/tv/:/tv"
|
|
||||||
lidarr:
|
|
||||||
image: "linuxserver/lidarr"
|
|
||||||
ports:
|
|
||||||
- "8686:8686"
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
PUID: 1000
|
|
||||||
PGID: 1000
|
|
||||||
TZ: America/Chicago
|
|
||||||
volumes:
|
|
||||||
- "/home/josiah/apps/lidarr:/config"
|
|
||||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
- "/media/usenet/audio/:/music"
|
|
||||||
# headphones:
|
|
||||||
# image: "linuxserver/headphones"
|
|
||||||
# ports:
|
|
||||||
# - "8181:8181"
|
|
||||||
# restart: unless-stopped
|
|
||||||
# environment:
|
|
||||||
# PUID: 1000
|
|
||||||
# PGID: 1000
|
|
||||||
# TZ: America/Chicago
|
|
||||||
# volumes:
|
|
||||||
# - "/home/josiah/Documents/apps/headphones:/config"
|
|
||||||
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
# - "/media/usenet/audio/:/music"
|
|
||||||
radarr:
|
|
||||||
image: "linuxserver/radarr"
|
|
||||||
ports:
|
|
||||||
- "7878:7878"
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
PUID: 1000
|
|
||||||
PGID: 1000
|
|
||||||
TZ: America/Chicago
|
|
||||||
volumes:
|
|
||||||
- "/home/josiah/apps/radarr:/config"
|
|
||||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
- "/media/usenet/movies/:/movies"
|
|
||||||
sabnzb:
|
|
||||||
image: "funkypenguin/sabnzbd"
|
|
||||||
ports:
|
|
||||||
- "8080:8080"
|
|
||||||
- "9090:9090"
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
PUID: 1000
|
|
||||||
PGID: 1000
|
|
||||||
TZ: America/Chicago
|
|
||||||
volumes:
|
|
||||||
- "/home/josiah/apps/sabnzbd:/config"
|
|
||||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
- "/home/josiah/Downloads/usenet-incomplete/:/incomplete-downloads"
|
|
||||||
- "/home/josiah/Downloads/usenet-watched/:/watched-folder"
|
|
||||||
- "/media/usenet/tv:/tv"
|
|
||||||
- "/media/usenet/audio/:/music"
|
|
||||||
- "/media/usenet/movies/:/movies"
|
|
||||||
- "/media/usenet/itunes-synology/iTunes Media/Automatically Add to iTunes.localized/:/itunes"
|
|
||||||
- "/media/usenet/book-library/books/:/books"
|
|
||||||
lazylibrarian:
|
|
||||||
image: "thraxis/lazylibrarian-calibre"
|
|
||||||
ports:
|
|
||||||
- "5299:5299"
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
PUID: 1000
|
|
||||||
PGID: 1000
|
|
||||||
TZ: America/Chicago
|
|
||||||
volumes:
|
|
||||||
- "/home/josiah/apps/lazylibrarian:/config"
|
|
||||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
- "/media/usenet/book-library/calibre-library/:/calibre-library"
|
|
||||||
- "/media/usenet/book-library/books/:/books"
|
|
||||||
- "/media/usenet/book-library/audiobooks:/audiobooks"
|
|
||||||
# calibre:
|
|
||||||
# image: "linuxserver/calibre"
|
|
||||||
# container_name: calibre
|
|
||||||
# ports:
|
|
||||||
# - "8219:8080"
|
|
||||||
# - "8081:8081"
|
|
||||||
# restart: unless-stopped
|
|
||||||
# environment:
|
|
||||||
# PUID: 1000
|
|
||||||
# PGID: 1000
|
|
||||||
# TZ: America/Chicago
|
|
||||||
# volumes:
|
|
||||||
# - "/home/josiah/apps/calibre:/config"
|
|
||||||
# - "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
# - "/media/usenet/book-library/calibre-library/:/calibre-library"
|
|
||||||
# - "/media/usenet/book-library/temp/:/import"
|
|
||||||
|
|
||||||
hydra2:
|
|
||||||
image: linuxserver/hydra2
|
|
||||||
container_name: hydra2
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Europe/London
|
|
||||||
volumes:
|
|
||||||
- "/home/josiah/apps/sabnzbd:/config"
|
|
||||||
- "/home/josiah/Downloads/usenet-complete/:/downloads"
|
|
||||||
ports:
|
|
||||||
- 5076:5076
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.http.routers.hatchery-hydra2.rule=Host(`hatchery.home.jowj.net/hydra2`)"
|
|
@ -1 +0,0 @@
|
|||||||
Subproject commit 3105f4748eeb3f45512f348ffd34629cd17c4017
|
|
Loading…
Reference in new issue