Change to machine based host ideology
This commit is contained in:
parent
4ef29933fb
commit
3b2d045d6c
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
# Gluetun SELinux access
|
|
||||||
selinux_allow_gluetun: true
|
|
||||||
|
|
||||||
# Servarr stack
|
|
||||||
servarr_stack:
|
|
||||||
- src: qbittorrent.container.j2
|
|
||||||
dest: qbittorrent.container
|
|
||||||
- src: prowlarr.container.j2
|
|
||||||
dest: prowlarr.container
|
|
||||||
- src: radarr.container.j2
|
|
||||||
dest: radarr.container
|
|
||||||
- src: sonarr.container.j2
|
|
||||||
dest: sonarr.container
|
|
||||||
- src: bazarr.container.j2
|
|
||||||
dest: bazarr.container
|
|
||||||
- src: flaresolverr.container.j2
|
|
||||||
dest: flaresolverr.container
|
|
||||||
|
|
||||||
# Gluetun setup
|
|
||||||
vpn_provider: mullvad
|
|
||||||
vpn_type: wireguard
|
|
||||||
vpn_countries: "Netherlands,USA,Canada"
|
|
||||||
vpn_private_key: "replace-with-wireguard-private-key"
|
|
||||||
vpn_addresses: "10.0.0.2/32"
|
|
||||||
|
|
@ -19,3 +19,28 @@ bazarr_domain: "bazarr.example.{{ caddy_node }}"
|
||||||
bazarr_upstream: host.containers.internal:6767
|
bazarr_upstream: host.containers.internal:6767
|
||||||
|
|
||||||
caddy_email: "admin@example.{{ caddy_node }}"
|
caddy_email: "admin@example.{{ caddy_node }}"
|
||||||
|
|
||||||
|
# Gluetun SELinux access
|
||||||
|
selinux_allow_gluetun: true
|
||||||
|
|
||||||
|
# Servarr stack
|
||||||
|
servarr_stack:
|
||||||
|
- src: qbittorrent.container.j2
|
||||||
|
dest: qbittorrent.container
|
||||||
|
- src: prowlarr.container.j2
|
||||||
|
dest: prowlarr.container
|
||||||
|
- src: radarr.container.j2
|
||||||
|
dest: radarr.container
|
||||||
|
- src: sonarr.container.j2
|
||||||
|
dest: sonarr.container
|
||||||
|
- src: bazarr.container.j2
|
||||||
|
dest: bazarr.container
|
||||||
|
- src: flaresolverr.container.j2
|
||||||
|
dest: flaresolverr.container
|
||||||
|
|
||||||
|
# Gluetun setup
|
||||||
|
vpn_provider: mullvad
|
||||||
|
vpn_type: wireguard
|
||||||
|
vpn_countries: "Netherlands,USA,Canada"
|
||||||
|
vpn_private_key: "replace-with-wireguard-private-key"
|
||||||
|
vpn_addresses: "10.0.0.2/32"
|
||||||
117
playbook.yml
117
playbook.yml
|
|
@ -1,68 +1,83 @@
|
||||||
- name: Storage
|
- name: Common host foundation
|
||||||
|
hosts: nas:services:workstation
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: base_os
|
||||||
|
tags: base_os
|
||||||
|
- role: firewall_base
|
||||||
|
tags: firewall_base
|
||||||
|
- role: cli_productivity
|
||||||
|
tags: cli_productivity
|
||||||
|
|
||||||
|
- name: Shared storage clients
|
||||||
|
hosts: nfs_clients
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: nfs_client
|
||||||
|
tags: nfs_client
|
||||||
|
|
||||||
|
- name: Storage services
|
||||||
hosts: nas
|
hosts: nas
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- base_os
|
- role: storage_client
|
||||||
- firewall_base
|
tags: storage_client
|
||||||
- container_runtime
|
- role: nfs_server
|
||||||
- storage_client
|
tags: nfs_server
|
||||||
- nfs_server
|
|
||||||
|
- name: Containers stack
|
||||||
- name: Jellyfin
|
hosts: services
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: container_runtime
|
||||||
|
tags: container_runtime
|
||||||
|
- role: selinux_containers
|
||||||
|
tags: selinux_containers
|
||||||
|
|
||||||
|
- name: Media services
|
||||||
hosts: media
|
hosts: media
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- base_os
|
# Jellyfin role will go here later.
|
||||||
- firewall_base
|
# - role: jellyfin
|
||||||
- container_runtime
|
# tags: jellyfin
|
||||||
|
|
||||||
- name: Bots
|
- name: DNS and reverse proxy
|
||||||
hosts: bots
|
hosts: services
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- base_os
|
- role: adguard
|
||||||
- firewall_base
|
|
||||||
- container_runtime
|
|
||||||
- nfs_client
|
|
||||||
- servarr
|
|
||||||
|
|
||||||
- name: DNS
|
|
||||||
hosts: controller
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- name: base_os
|
|
||||||
tags: base_os
|
|
||||||
- name: firewall_base
|
|
||||||
tags: firewall_base
|
|
||||||
- name: container_runtime
|
|
||||||
tags: container_runtime
|
|
||||||
- name: adguard
|
|
||||||
tags: adguard
|
tags: adguard
|
||||||
- name: trilium
|
- role: caddy
|
||||||
tags: trilium
|
|
||||||
- name: caddy
|
|
||||||
tags: caddy
|
tags: caddy
|
||||||
|
|
||||||
- name: Workstation Setup
|
- name: Servarr stack
|
||||||
hosts: workstation
|
hosts: servarr_hosts
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- base_os
|
- role: servarr
|
||||||
- firewall_base
|
tags: servarr
|
||||||
- container_runtime
|
|
||||||
- selinux_containers
|
- name: Matrix stack
|
||||||
|
hosts: matrix_hosts
|
||||||
- name: Matrix
|
|
||||||
hosts: matrix
|
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- base_os
|
- role: matrix_synapse
|
||||||
- firewall_base
|
tags: matrix
|
||||||
- container_runtime
|
|
||||||
- matrix_synapse
|
- name: Notes stack
|
||||||
|
hosts: notes_hosts
|
||||||
- name: Configure RHEL machines
|
|
||||||
hosts: rhel
|
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- cli_productivity
|
- role: trilium
|
||||||
|
tags: trilium
|
||||||
|
|
||||||
|
- name: ML workloads
|
||||||
|
hosts: ml_hosts
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
# Future roles:
|
||||||
|
# - role: immich_ml
|
||||||
|
# tags: immich_ml
|
||||||
|
# - role: whisper
|
||||||
|
# tags: whisper
|
||||||
|
|
@ -7,7 +7,8 @@ Requires=homelab-network.service
|
||||||
[Container]
|
[Container]
|
||||||
Image=docker.io/adguard/adguardhome:latest
|
Image=docker.io/adguard/adguardhome:latest
|
||||||
ContainerName=adguard
|
ContainerName=adguard
|
||||||
Network=homelab:alias=adguard
|
Network=homelab.network
|
||||||
|
NetworkAlias=adguard
|
||||||
|
|
||||||
Volume={{ adguard_dir }}/work:/opt/adguardhome/work
|
Volume={{ adguard_dir }}/work:/opt/adguardhome/work
|
||||||
Volume={{ adguard_dir }}/conf:/opt/adguardhome/conf
|
Volume={{ adguard_dir }}/conf:/opt/adguardhome/conf
|
||||||
|
|
|
||||||
|
|
@ -1,29 +1,44 @@
|
||||||
---
|
---
|
||||||
#base_os/tasks/time_sync.yml
|
# base_os/tasks/time_sync.yml
|
||||||
- name: Chrony time sync (dev only)
|
- name: Chrony time sync correction for test environments
|
||||||
when: env == "test"
|
when: env == "test"
|
||||||
block:
|
block:
|
||||||
|
- name: Ensure chronyd is enabled and running
|
||||||
- name: Ensure chronyd is running
|
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: chronyd
|
name: chronyd
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Wait for chrony to have reachable sources
|
- name: Initial chrony time step
|
||||||
become: true
|
become: true
|
||||||
command: chronyc activity
|
ansible.builtin.command: chronyc makestep
|
||||||
register: chrony_activity
|
changed_when: false
|
||||||
retries: 20
|
failed_when: false
|
||||||
delay: 2
|
|
||||||
until: "'sources online' in chrony_activity.stdout and '0 sources online' not in chrony_activity.stdout"
|
|
||||||
|
|
||||||
- name: Force time step correction
|
- name: Wait after initial chrony time step
|
||||||
|
ansible.builtin.pause:
|
||||||
|
seconds: 5
|
||||||
|
|
||||||
|
- name: Restart chronyd after initial time step
|
||||||
become: true
|
become: true
|
||||||
command: chronyc -a makestep
|
ansible.builtin.service:
|
||||||
|
name: chronyd
|
||||||
|
state: restarted
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Wait after chronyd restart
|
||||||
|
ansible.builtin.pause:
|
||||||
|
seconds: 2
|
||||||
|
|
||||||
|
- name: Final chrony time step
|
||||||
|
become: true
|
||||||
|
ansible.builtin.command: chronyc makestep
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
- name: Verify system time is reasonable
|
- name: Verify system time is reasonable
|
||||||
command: date
|
ansible.builtin.command: date
|
||||||
register: date_check
|
register: date_check
|
||||||
|
changed_when: false
|
||||||
failed_when: "'2026-04-13' in date_check.stdout"
|
failed_when: "'2026-04-13' in date_check.stdout"
|
||||||
|
|
@ -77,8 +77,8 @@ cli_optional_packages:
|
||||||
cli_starship_install_method: "script"
|
cli_starship_install_method: "script"
|
||||||
cli_starship_bin_path: "/usr/local/bin/starship"
|
cli_starship_bin_path: "/usr/local/bin/starship"
|
||||||
|
|
||||||
cli_git_user_name: ""
|
cli_git_user_name: "drew"
|
||||||
cli_git_user_email: ""
|
cli_git_user_email: "drew.wells007@icloud.com"
|
||||||
|
|
||||||
cli_fish_abbreviations:
|
cli_fish_abbreviations:
|
||||||
- name: ll
|
- name: ll
|
||||||
|
|
|
||||||
|
|
@ -36,14 +36,6 @@
|
||||||
register: cli_optional_package_install
|
register: cli_optional_package_install
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
- name: Report optional CLI packages that could not be installed
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "Optional package was not installed: {{ item.item }} - {{ item.failures | default(item.msg | default('unknown reason')) }}"
|
|
||||||
loop: "{{ cli_optional_package_install.results | default([]) }}"
|
|
||||||
when:
|
|
||||||
- item.rc is defined
|
|
||||||
- item.rc != 0
|
|
||||||
|
|
||||||
- name: Check whether Starship is installed
|
- name: Check whether Starship is installed
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "{{ cli_starship_bin_path }}"
|
path: "{{ cli_starship_bin_path }}"
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
#container_runtime/tasks/main.yml
|
---
|
||||||
|
# container_runtime/tasks/main.yml
|
||||||
- name: Install required base packages
|
- name: Install required base packages
|
||||||
become: true
|
become: true
|
||||||
dnf:
|
dnf:
|
||||||
|
|
@ -42,11 +43,6 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
owner: "{{ container_user }}"
|
owner: "{{ container_user }}"
|
||||||
group: "{{ container_group }}"
|
group: "{{ container_group }}"
|
||||||
|
|
||||||
#- name: Force systemd reload (blocking)
|
|
||||||
# become: true
|
|
||||||
# become_user: "{{ container_user }}"
|
|
||||||
# command: systemctl --user daemon-reload
|
|
||||||
|
|
||||||
- name: Force systemd reload (blocking)
|
- name: Force systemd reload (blocking)
|
||||||
become: true
|
become: true
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@
|
||||||
owner: "{{ container_user }}"
|
owner: "{{ container_user }}"
|
||||||
group: "{{ container_group }}"
|
group: "{{ container_group }}"
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
|
force: "{{ matrix_overwrite_config | default(false) | bool }}"
|
||||||
|
|
||||||
- name: Ensure Synapse signing key is deployed
|
- name: Ensure Synapse signing key is deployed
|
||||||
copy:
|
copy:
|
||||||
|
|
@ -32,6 +33,7 @@
|
||||||
owner: "{{ container_user }}"
|
owner: "{{ container_user }}"
|
||||||
group: "{{ container_group }}"
|
group: "{{ container_group }}"
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
|
force: "{{ matrix_overwrite_signing_key | default(false) | bool }}"
|
||||||
|
|
||||||
- name: Deploy Synapse Quadlet
|
- name: Deploy Synapse Quadlet
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -1,73 +1,70 @@
|
||||||
---
|
---
|
||||||
#nfs_client/tasks/main.yml
|
# nfs_client/tasks/main.yml
|
||||||
- name: Create dummy NAS root for test environment
|
- name: Configure dummy NAS storage for test environment
|
||||||
become: true
|
|
||||||
file:
|
|
||||||
path: "{{ nfs_mount_point }}"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ container_user }}"
|
|
||||||
group: "{{ container_group }}"
|
|
||||||
mode: "0755"
|
|
||||||
when: env == "test"
|
when: env == "test"
|
||||||
|
block:
|
||||||
|
- name: Create dummy NAS root for test environment
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: "{{ nfs_mount_point }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ container_user }}"
|
||||||
|
group: "{{ container_group }}"
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
- name: Create dummy NAS storage tree for test environment
|
- name: Create dummy NAS storage tree for test environment
|
||||||
become: true
|
become: true
|
||||||
file:
|
file:
|
||||||
path: "{{ nfs_mount_point }}/{{ item }}"
|
path: "{{ nfs_mount_point }}/{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ container_user }}"
|
owner: "{{ container_user }}"
|
||||||
group: "{{ container_group }}"
|
group: "{{ container_group }}"
|
||||||
mode: "0775"
|
mode: "0775"
|
||||||
loop: "{{ storage_tree }}"
|
loop: "{{ storage_tree }}"
|
||||||
when: env == "test"
|
|
||||||
|
|
||||||
- name: Set SELinux context for dummy NAS storage in test environment
|
- name: Set SELinux context for dummy NAS storage in test environment
|
||||||
become: true
|
become: true
|
||||||
community.general.sefcontext:
|
community.general.sefcontext:
|
||||||
target: "{{ nfs_mount_point }}(/.*)?"
|
target: "{{ nfs_mount_point }}(/.*)?"
|
||||||
setype: container_file_t
|
setype: container_file_t
|
||||||
state: present
|
state: present
|
||||||
when: env == "test"
|
|
||||||
|
|
||||||
- name: Apply SELinux context for dummy NAS storage in test environment
|
- name: Apply SELinux context for dummy NAS storage in test environment
|
||||||
become: true
|
become: true
|
||||||
command: restorecon -Rv "{{ nfs_mount_point }}"
|
command: restorecon -Rv "{{ nfs_mount_point }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: env == "test"
|
|
||||||
|
|
||||||
- name: Install required NFS client packages
|
- name: Configure NFS client for non-test environments
|
||||||
become: true
|
|
||||||
dnf:
|
|
||||||
name: nfs-utils
|
|
||||||
state: present
|
|
||||||
when: env != "test"
|
when: env != "test"
|
||||||
|
block:
|
||||||
|
- name: Install required NFS client packages
|
||||||
|
become: true
|
||||||
|
dnf:
|
||||||
|
name: nfs-utils
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: Check whether NFS mount point is already mounted
|
- name: Check whether NFS mount point is already mounted
|
||||||
become: true
|
become: true
|
||||||
command: findmnt --mountpoint "{{ nfs_mount_point }}"
|
ansible.builtin.command: findmnt --mountpoint "{{ nfs_mount_point }}"
|
||||||
register: nfs_mount_check
|
register: nfs_mount_check
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
when: env != "test"
|
|
||||||
|
|
||||||
- name: Create NFS mount point
|
- name: Ensure local NFS mount point exists before mounting
|
||||||
become: true
|
become: true
|
||||||
file:
|
file:
|
||||||
path: "{{ nfs_mount_point }}"
|
path: "{{ nfs_mount_point }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when:
|
when: nfs_mount_check.rc != 0
|
||||||
- env != "test"
|
|
||||||
- nfs_mount_check.rc != 0
|
|
||||||
|
|
||||||
- name: Configure NFS mount
|
- name: Ensure NFS mount is present in fstab and mounted
|
||||||
become: true
|
become: true
|
||||||
ansible.posix.mount:
|
ansible.posix.mount:
|
||||||
path: "{{ nfs_mount_point }}"
|
path: "{{ nfs_mount_point }}"
|
||||||
src: "{{ nfs_server }}:{{ nfs_export }}"
|
src: "{{ nfs_server }}:{{ nfs_export }}"
|
||||||
fstype: "{{ nfs_fstype }}"
|
fstype: "{{ nfs_fstype }}"
|
||||||
opts: "{{ nfs_options }}"
|
opts: "{{ nfs_options }}"
|
||||||
state: mounted
|
state: mounted
|
||||||
when: env != "test"
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
#nfw_server/defaults/main.yml
|
---
|
||||||
nfs_packages:
|
# nfs_server/defaults/main.yml
|
||||||
- nfs-utils
|
base_nfs_packages:
|
||||||
- nfs-server
|
- nfs-utils
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
#nfs_server/tasks/main.yml
|
#nfs_server/tasks/main.yml
|
||||||
- name: Install NFS utilities
|
- name: Install required NFS utilities packages
|
||||||
become: true
|
become: true
|
||||||
dnf:
|
dnf:
|
||||||
name: nfs-utils
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
loop: "{{ nfs_packages }}"
|
loop: "{{ base_nfs_packages }}"
|
||||||
|
|
||||||
- name: Build NFS exports entries
|
- name: Build NFS exports entries
|
||||||
become: true
|
become: true
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,11 @@ After=gluetun.service
|
||||||
ContainerName=byparr
|
ContainerName=byparr
|
||||||
Image=ghcr.io/thephaseless/byparr:latest
|
Image=ghcr.io/thephaseless/byparr:latest
|
||||||
|
|
||||||
Environment=TZ=America/New_York
|
Environment=TZ={{ timezone }}
|
||||||
Environment=LOG_LEVEL=info
|
Environment=LOG_LEVEL=info
|
||||||
Network=container:gluetun
|
Network=container:gluetun
|
||||||
|
|
||||||
|
[Service]
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue