Progress. Nice configuration. Still some TODO's

glenlivet99 · Jan 26, 2022 · 855575e · 855575e
1 parent 4f3bb35
commit 855575e
Show file tree

Hide file tree

Showing 50 changed files with 692 additions and 207 deletions.
diff --git a/.gitignore b/.gitignore
@@ -6,5 +6,5 @@ secret.yml
 /group_vars/
 /host_vars/
 !/host_vars/.gitkeep
-!/group_vars/gaia/vars.yml
+!/group_vars/all/vars.yml
 mountsraspi
diff --git a/TODO b/TODO
@@ -0,0 +1,4 @@
+- handle influxdb token as system var
+- dns
+- verify networks and open ports
+- verify creation process for nextcloud
diff --git a/files/icons/authelia.png b/files/icons/authelia.png
diff --git a/files/icons/duplicati.png b/files/icons/duplicati.png
diff --git a/files/icons/influxdb.png b/files/icons/influxdb.png
diff --git a/files/icons/linuxserver.png b/files/icons/linuxserver.png
diff --git a/files/icons/logo.png b/files/icons/logo.png
diff --git a/requirements.yml b/requirements.yml
@@ -8,4 +8,4 @@ roles:
   - name: oefenweb.dns
   - name: notthebee.ubuntu_autoinstall
   - name: ironicbadger.ansible_role_snapraid
-  - name: veselahouba.crowdsec
+  - name: veselahouba.crowdsec
diff --git a/roles/containers/media/sonarr/tasks/main.yml b/roles/containers/media/sonarr/tasks/main.yml
@@ -15,13 +15,11 @@
       "PGID": "{{ guid }}"
       "TZ": "{{ timezone }}"
     volumes:
-      - "/etc/localtime:/etc/localtime"
+      - "/etc/localtime:/etc/localtime:ro"
       - "{{ docker_dir }}/{{ container_name }}:/config"
       - "{{ mergerfs_root }}/Media/TV:/tv"
       - "{{ mergerfs_root }}/Downloads:/downloads"
     restart_policy: unless-stopped
-    ports:
-      - 8989:8989
 
 - name: Add {{ container_name }} to the SWAG network (reverse-proxy)
   docker_network:

diff --git a/roles/containers/services/duplicati/defaults/main.yml b/roles/containers/services/duplicati/defaults/main.yml
@@ -0,0 +1,7 @@
+container_name: duplicati
+
+dashboard_url: "https://duplicati.{{ host_local }}"
+
+dashboard_name: "Duplicati"
+
+homer_category: services
diff --git a/roles/containers/services/duplicati/tasks/main.yml b/roles/containers/services/duplicati/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Make sure the Duplicati container is created and running
+  docker_container:
+    name: "{{ container_name }}"
+    image: "ghcr.io/linuxserver/duplicati"
+    pull: yes
+    state: 'started'
+    env:
+      "PUID": "{{ guid }}"
+      "PGID": "{{ guid }}"
+      "TZ": "{{ timezone }}"
+    volumes:
+      - "{{ docker_dir }}/{{ container_name }}/config:/config"
+      - "{{ mergerfs_root }}/Media:/source"
+    restart_policy: unless-stopped
+
+- name: Add {{ container_name }} to the SWAG network (reverse-proxy)
+  docker_network:
+    name: swag_internal_network
+    connected:
+      - "{{ container_name }}"
+    appends: yes
+  when: enable_swag
diff --git a/roles/containers/services/nextcloud/defaults/main.yml b/roles/containers/services/nextcloud/defaults/main.yml
@@ -1,7 +1,3 @@
-mysql_db: "nextcloud_db"
-
-mysql_user: "nextcloud"
-
 container_name: nextcloud
 
 dashboard_url: "https://{{ subdomains['nextcloud'] }}.{{ host }}"

diff --git a/roles/containers/services/nextcloud/tasks/main.yml b/roles/containers/services/nextcloud/tasks/main.yml
@@ -1,8 +1,45 @@
 ---
+# 1. At the very beginning of time configure the main user. Select MariaDB:
+#    * {{ nextcloud_user }}  # this has to be equal to {{ username }} if you want PhotoPrism to share the same folder
+#    * {{ nextcloud_password }}
+#    * "/data"
+#    * {{ mysql_user }}
+#    * {{ mysql_password }}
+#    * "nextcloud_db"
+#    * "nextcloud-mariadb:3306"
+#
+# 2. It might take some time. You cannot mount {{ mergerfs_root }}/Nextcloud/{{ username }} before creating the user
+#    or it will complain about permissions. So first craete a {{ username }} user, then stop and remove the container,
+#    move {{ docker_dir }}/{{ container_name }}/data/{{ username }} to {{ mergerfs_root }}/Nextcloud/ and launch
+#    ansible role again with the mount active.
+
+- name: Create the necessary {{ container_name }} folders (1)
+  file:
+    path: "{{ docker_dir }}/{{ container_name }}/mariadb/"
+    state: directory
+    owner: "{{ username }}"
+    group: "{{ username }}"
+    mode: 0755
+
+- name: Create the necessary {{ container_name }} folders (2)
+  file:
+    path: "{{ docker_dir }}/{{ container_name }}/config/"
+    state: directory
+    owner: "{{ username }}"
+    group: "{{ username }}"
+
+- name: Create the necessary {{ container_name }} folders (3)
+  file:
+    path: "{{ docker_dir }}/{{ container_name }}/data/"
+    state: directory
+    owner: "{{ username }}"
+    group: "{{ username }}"
+    mode: 0755
+
 - name: Make sure the MariaDB container is created and running
   docker_container:
     name: "nextcloud-mariadb"
-    image: "mariadb:latest"
+    image: "mariadb"
     pull: yes
     command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed --innodb-read-only-compressed=OFF"
     state: 'started'
@@ -11,16 +48,15 @@
       "flame.name": "{{ container_name | title }}"
       "flame.url": "{{ dashboard_url }}"
       "flame.icon": "custom"
+    user: "{{ guid }}:{{ guid }}"
     env:
-      "PUID": "{{ guid }}"
-      "PGID": "{{ guid }}"
       "TZ": "{{ timezone }}"
       "MYSQL_ROOT_PASSWORD": "{{ mysql_root_password }}"
-      "MYSQL_DATABASE": "{{ mysql_db }}"
+      "MYSQL_DATABASE": "nextcloud_db"
       "MYSQL_USER": "{{ mysql_user }}"
       "MYSQL_PASSWORD": "{{ mysql_password }}"
     volumes:
-      - "{{ docker_dir }}/{{ container_name }}/mariadb/mysql:/var/lib/mysql"
+      - "{{ docker_dir }}/{{ container_name }}/mariadb:/var/lib/mysql"
     restart_policy: unless-stopped
 
 - name: Make sure the Redis container is created and running
@@ -41,6 +77,13 @@
       "PUID": "{{ guid }}"
       "PGID": "{{ guid }}"
       "TZ": "{{ timezone }}"
+      "MYSQL_USER": "{{ mysql_user }}"
+      "MYSQL_PASSWORD": "{{ mysql_password }}"
+      "MYSQL_DATABASE": "nextcloud_db"
+      "MYSQL_HOST": "nextcloud-mariadb"
+      "NEXTCLOUD_ADMIN_USER": "{{ nextcloud_user }}"
+      "NEXTCLOUD_ADMIN_PASSWORD": "{{ nextcloud_password }}"
+      "NEXTCLOUD_DATA_DIR": /data
     volumes:
       - "{{ docker_dir }}/{{ container_name }}/config:/config"
       - "{{ docker_dir }}/{{ container_name }}/data:/data"

diff --git a/roles/containers/services/photoprism/tasks/main.yml b/roles/containers/services/photoprism/tasks/main.yml
@@ -1,39 +1,54 @@
 ---
+- name: Create the necessary {{ container_name }} folder (1)
+  file:
+    path: "{{ docker_dir }}/{{ container_name }}/mariadb/"
+    state: directory
+    owner: "{{ username }}"
+    group: "{{ username }}"
+    mode: 0755
+
+- name: Create the necessary {{ container_name }} folder (1)
+  file:
+    path: "{{ docker_dir }}/{{ container_name }}/storage/"
+    state: directory
+    owner: "{{ username }}"
+    group: "{{ username }}"
+    mode: 0755
+
 - name: Make sure the PhotoPrism MariaDB container is created and running
   docker_container:
     name: "photoprism-mariadb"
     image: "mariadb:latest"
     pull: yes
     command: "mysqld --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120"
     state: 'started'
+    user: "{{ guid }}:{{ guid }}"
     env:
       "TZ": "{{ timezone }}"
       "MYSQL_ROOT_PASSWORD": "{{ mysql_root_password }}"
-      "MYSQL_DATABASE": "{{ mysql_db }}"
+      "MYSQL_DATABASE": "photoprism_db"
       "MYSQL_USER": "{{ mysql_user }}"
       "MYSQL_PASSWORD": "{{ mysql_password }}"
     volumes:
-      - "{{ docker_dir }}/{{ container_name }}/mariadb/mysql:/var/lib/mysql"
+      - "{{ docker_dir }}/{{ container_name }}/mariadb:/var/lib/mysql"
     restart_policy: unless-stopped
-
 
 - name: Make sure the Photoprism container is created and running
   docker_container:
     name: "{{ container_name }}"
     image: photoprism/photoprism:latest
     pull: yes
-    expose: 
+    expose:
       - "2342"
     security_opts:
       - seccomp:unconfined
       - apparmor:unconfined
     state: 'started'
     shm_size: 2G
     env:
-      "UID": "{{ guid }}"
-      "GID": "{{ guid }}"
       "PHOTOPRISM_GID": "{{ guid }}"
       "PHOTOPRISM_UID": "{{ guid }}"
+      "PHOTOPRISM_UMASK": "0000"
       "TZ": "{{ timezone }}"
       "PHOTOPRISM_ADMIN_PASSWORD": "{{ photoprism_password }}"
       "PHOTOPRISM_SITE_URL": "http://{{ ansible_default_ipv4.address }}:2342/"
@@ -43,23 +58,23 @@
       "PHOTOPRISM_HTTP_COMPRESSION": "gzip"
       "PHOTOPRISM_DATABASE_DRIVER": "mysql"
       "PHOTOPRISM_DATABASE_SERVER": "photoprism-mariadb:3306"
-      "PHOTOPRISM_DATABASE_NAME": "{{ mysql_db }}"
+      "PHOTOPRISM_DATABASE_NAME": "photoprism_db"
       "PHOTOPRISM_DATABASE_USER": "{{ mysql_user }}"
       "PHOTOPRISM_DATABASE_PASSWORD": "{{ mysql_password }}"
-      "PHOTOPRISM_DISABLE_CHOWN": "false"              
-      "PHOTOPRISM_DISABLE_BACKUPS": "true"            
-      "PHOTOPRISM_DISABLE_WEBDAV": "true"             
+      "PHOTOPRISM_DISABLE_CHOWN": "false"
+      "PHOTOPRISM_DISABLE_BACKUPS": "true"
+      "PHOTOPRISM_DISABLE_WEBDAV": "true"
       "PHOTOPRISM_DETECT_NSFW": "true"
       "PHOTOPRISM_UPLOAD_NSFW": "false"
       "PHOTOPRISM_THUMB_FILTER": "lanczos"
       "PHOTOPRISM_THUMB_UNCACHED": "true"
       "PHOTOPRISM_THUMB_SIZE": "2048"
-      "PHOTOPRISM_THUMB_SIZE_UNCACHED": "7680"           
-      "PHOTOPRISM_JPEG_SIZE": "7680" 
+      "PHOTOPRISM_THUMB_SIZE_UNCACHED": "7680"
+      "PHOTOPRISM_JPEG_SIZE": "7680"
       "PHOTOPRISM_JPEG_QUALITY": "92"
-      "TF_CPP_MIN_LOG_LEVEL": "0" 
-      "PHOTOPRISM_FFMPEG_ENCODER": "h264_qsv"        
-      "PHOTOPRISM_INIT": "intel-graphics tensorflow-amd64-avx2" 
+      "TF_CPP_MIN_LOG_LEVEL": "0"
+      "PHOTOPRISM_FFMPEG_ENCODER": "h264_qsv"
+      "PHOTOPRISM_INIT": "intel-graphics tensorflow-amd64-avx"
     devices:
       - "/dev/dri/renderD128:/dev/dri/renderD128" # Intel GPU
     working_dir: "/photoprism"

diff --git a/roles/containers/system/influxdb/defaults/main.yml b/roles/containers/system/influxdb/defaults/main.yml
@@ -0,0 +1,7 @@
+container_name: influxdb
+
+dashboard_url: "https://influxdb.{{ host_local }}/"
+
+homer_category: system
+
+dashboard_name: "InfluxDB"
diff --git a/roles/containers/system/influxdb/tasks/main.yml b/roles/containers/system/influxdb/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Make sure the InfluxDB container is created and running
+  docker_container:
+    name: "{{ container_name }}"
+    image: "influxdb"
+    pull: yes
+    state: 'started'
+    env:
+      DOCKER_INFLUXDB_INIT_MODE: "setup"
+      DOCKER_INFLUXDB_INIT_USERNAME: "{{ influxdb_user }}"
+      DOCKER_INFLUXDB_INIT_PASSWORD: "{{ influxdb_pass }}"
+      DOCKER_INFLUXDB_INIT_ORG: "{{ influxdb_org}}"
+      DOCKER_INFLUXDB_INIT_BUCKET: "{{ influxdb_bucket }}"
+    volumes:
+      - "{{ docker_dir }}/{{ container_name }}:/var/lib/influxdb2"
+    ports:
+      - 8086:8086/tcp
+    restart_policy: unless-stopped
+
+- name: Add {{ container_name }} to the SWAG network (reverse-proxy)
+  docker_network:
+    name: swag_internal_network
+    connected:
+      - "{{ container_name }}"
+    appends: yes
+  when: enable_swag
diff --git a/roles/containers/system/watchtower/tasks/main.yml b/roles/containers/system/watchtower/tasks/main.yml
@@ -5,6 +5,9 @@
     image: "containrrr/watchtower"
     pull: yes
     state: 'started'
+    env:
+      "WATCHTOWER_CLEANUP": "true"
+      "WATCHTOWER_POLL_INTERVAL": "7200"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
     restart_policy: unless-stopped