Change to machine based host ideology
This commit is contained in:
parent
4ef29933fb
commit
3b2d045d6c
|
|
@ -1,25 +0,0 @@
|
|||
---
|
||||
# Gluetun SELinux access
|
||||
selinux_allow_gluetun: true
|
||||
|
||||
# Servarr stack
|
||||
servarr_stack:
|
||||
- src: qbittorrent.container.j2
|
||||
dest: qbittorrent.container
|
||||
- src: prowlarr.container.j2
|
||||
dest: prowlarr.container
|
||||
- src: radarr.container.j2
|
||||
dest: radarr.container
|
||||
- src: sonarr.container.j2
|
||||
dest: sonarr.container
|
||||
- src: bazarr.container.j2
|
||||
dest: bazarr.container
|
||||
- src: flaresolverr.container.j2
|
||||
dest: flaresolverr.container
|
||||
|
||||
# Gluetun setup
|
||||
vpn_provider: mullvad
|
||||
vpn_type: wireguard
|
||||
vpn_countries: "Netherlands,USA,Canada"
|
||||
vpn_private_key: "replace-with-wireguard-private-key"
|
||||
vpn_addresses: "10.0.0.2/32"
|
||||
|
|
@ -19,3 +19,28 @@ bazarr_domain: "bazarr.example.{{ caddy_node }}"
|
|||
bazarr_upstream: host.containers.internal:6767
|
||||
|
||||
caddy_email: "admin@example.{{ caddy_node }}"
|
||||
|
||||
# Gluetun SELinux access
|
||||
selinux_allow_gluetun: true
|
||||
|
||||
# Servarr stack
|
||||
servarr_stack:
|
||||
- src: qbittorrent.container.j2
|
||||
dest: qbittorrent.container
|
||||
- src: prowlarr.container.j2
|
||||
dest: prowlarr.container
|
||||
- src: radarr.container.j2
|
||||
dest: radarr.container
|
||||
- src: sonarr.container.j2
|
||||
dest: sonarr.container
|
||||
- src: bazarr.container.j2
|
||||
dest: bazarr.container
|
||||
- src: flaresolverr.container.j2
|
||||
dest: flaresolverr.container
|
||||
|
||||
# Gluetun setup
|
||||
vpn_provider: mullvad
|
||||
vpn_type: wireguard
|
||||
vpn_countries: "Netherlands,USA,Canada"
|
||||
vpn_private_key: "replace-with-wireguard-private-key"
|
||||
vpn_addresses: "10.0.0.2/32"
|
||||
109
playbook.yml
109
playbook.yml
|
|
@ -1,68 +1,83 @@
|
|||
- name: Storage
|
||||
- name: Common host foundation
|
||||
hosts: nas:services:workstation
|
||||
become: true
|
||||
roles:
|
||||
- role: base_os
|
||||
tags: base_os
|
||||
- role: firewall_base
|
||||
tags: firewall_base
|
||||
- role: cli_productivity
|
||||
tags: cli_productivity
|
||||
|
||||
- name: Shared storage clients
|
||||
hosts: nfs_clients
|
||||
become: true
|
||||
roles:
|
||||
- role: nfs_client
|
||||
tags: nfs_client
|
||||
|
||||
- name: Storage services
|
||||
hosts: nas
|
||||
become: true
|
||||
roles:
|
||||
- base_os
|
||||
- firewall_base
|
||||
- container_runtime
|
||||
- storage_client
|
||||
- nfs_server
|
||||
- role: storage_client
|
||||
tags: storage_client
|
||||
- role: nfs_server
|
||||
tags: nfs_server
|
||||
|
||||
- name: Jellyfin
|
||||
- name: Containers stack
|
||||
hosts: services
|
||||
become: true
|
||||
roles:
|
||||
- role: container_runtime
|
||||
tags: container_runtime
|
||||
- role: selinux_containers
|
||||
tags: selinux_containers
|
||||
|
||||
- name: Media services
|
||||
hosts: media
|
||||
become: true
|
||||
roles:
|
||||
- base_os
|
||||
- firewall_base
|
||||
- container_runtime
|
||||
# Jellyfin role will go here later.
|
||||
# - role: jellyfin
|
||||
# tags: jellyfin
|
||||
|
||||
- name: Bots
|
||||
hosts: bots
|
||||
- name: DNS and reverse proxy
|
||||
hosts: services
|
||||
become: true
|
||||
roles:
|
||||
- base_os
|
||||
- firewall_base
|
||||
- container_runtime
|
||||
- nfs_client
|
||||
- servarr
|
||||
|
||||
- name: DNS
|
||||
hosts: controller
|
||||
become: true
|
||||
roles:
|
||||
- name: base_os
|
||||
tags: base_os
|
||||
- name: firewall_base
|
||||
tags: firewall_base
|
||||
- name: container_runtime
|
||||
tags: container_runtime
|
||||
- name: adguard
|
||||
- role: adguard
|
||||
tags: adguard
|
||||
- name: trilium
|
||||
tags: trilium
|
||||
- name: caddy
|
||||
- role: caddy
|
||||
tags: caddy
|
||||
|
||||
- name: Workstation Setup
|
||||
hosts: workstation
|
||||
- name: Servarr stack
|
||||
hosts: servarr_hosts
|
||||
become: true
|
||||
roles:
|
||||
- base_os
|
||||
- firewall_base
|
||||
- container_runtime
|
||||
- selinux_containers
|
||||
- role: servarr
|
||||
tags: servarr
|
||||
|
||||
- name: Matrix
|
||||
hosts: matrix
|
||||
- name: Matrix stack
|
||||
hosts: matrix_hosts
|
||||
become: true
|
||||
roles:
|
||||
- base_os
|
||||
- firewall_base
|
||||
- container_runtime
|
||||
- matrix_synapse
|
||||
- role: matrix_synapse
|
||||
tags: matrix
|
||||
|
||||
- name: Configure RHEL machines
|
||||
hosts: rhel
|
||||
- name: Notes stack
|
||||
hosts: notes_hosts
|
||||
become: true
|
||||
roles:
|
||||
- cli_productivity
|
||||
- role: trilium
|
||||
tags: trilium
|
||||
|
||||
- name: ML workloads
|
||||
hosts: ml_hosts
|
||||
become: true
|
||||
roles:
|
||||
# Future roles:
|
||||
# - role: immich_ml
|
||||
# tags: immich_ml
|
||||
# - role: whisper
|
||||
# tags: whisper
|
||||
|
|
@ -7,7 +7,8 @@ Requires=homelab-network.service
|
|||
[Container]
|
||||
Image=docker.io/adguard/adguardhome:latest
|
||||
ContainerName=adguard
|
||||
Network=homelab:alias=adguard
|
||||
Network=homelab.network
|
||||
NetworkAlias=adguard
|
||||
|
||||
Volume={{ adguard_dir }}/work:/opt/adguardhome/work
|
||||
Volume={{ adguard_dir }}/conf:/opt/adguardhome/conf
|
||||
|
|
|
|||
|
|
@ -1,29 +1,44 @@
|
|||
---
|
||||
#base_os/tasks/time_sync.yml
|
||||
- name: Chrony time sync (dev only)
|
||||
# base_os/tasks/time_sync.yml
|
||||
- name: Chrony time sync correction for test environments
|
||||
when: env == "test"
|
||||
block:
|
||||
|
||||
- name: Ensure chronyd is running
|
||||
- name: Ensure chronyd is enabled and running
|
||||
become: true
|
||||
ansible.builtin.service:
|
||||
name: chronyd
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Wait for chrony to have reachable sources
|
||||
- name: Initial chrony time step
|
||||
become: true
|
||||
command: chronyc activity
|
||||
register: chrony_activity
|
||||
retries: 20
|
||||
delay: 2
|
||||
until: "'sources online' in chrony_activity.stdout and '0 sources online' not in chrony_activity.stdout"
|
||||
ansible.builtin.command: chronyc makestep
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Force time step correction
|
||||
- name: Wait after initial chrony time step
|
||||
ansible.builtin.pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Restart chronyd after initial time step
|
||||
become: true
|
||||
command: chronyc -a makestep
|
||||
ansible.builtin.service:
|
||||
name: chronyd
|
||||
state: restarted
|
||||
enabled: true
|
||||
|
||||
- name: Wait after chronyd restart
|
||||
ansible.builtin.pause:
|
||||
seconds: 2
|
||||
|
||||
- name: Final chrony time step
|
||||
become: true
|
||||
ansible.builtin.command: chronyc makestep
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Verify system time is reasonable
|
||||
command: date
|
||||
ansible.builtin.command: date
|
||||
register: date_check
|
||||
changed_when: false
|
||||
failed_when: "'2026-04-13' in date_check.stdout"
|
||||
|
|
@ -77,8 +77,8 @@ cli_optional_packages:
|
|||
cli_starship_install_method: "script"
|
||||
cli_starship_bin_path: "/usr/local/bin/starship"
|
||||
|
||||
cli_git_user_name: ""
|
||||
cli_git_user_email: ""
|
||||
cli_git_user_name: "drew"
|
||||
cli_git_user_email: "drew.wells007@icloud.com"
|
||||
|
||||
cli_fish_abbreviations:
|
||||
- name: ll
|
||||
|
|
|
|||
|
|
@ -36,14 +36,6 @@
|
|||
register: cli_optional_package_install
|
||||
failed_when: false
|
||||
|
||||
- name: Report optional CLI packages that could not be installed
|
||||
ansible.builtin.debug:
|
||||
msg: "Optional package was not installed: {{ item.item }} - {{ item.failures | default(item.msg | default('unknown reason')) }}"
|
||||
loop: "{{ cli_optional_package_install.results | default([]) }}"
|
||||
when:
|
||||
- item.rc is defined
|
||||
- item.rc != 0
|
||||
|
||||
- name: Check whether Starship is installed
|
||||
ansible.builtin.stat:
|
||||
path: "{{ cli_starship_bin_path }}"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
#container_runtime/tasks/main.yml
|
||||
---
|
||||
# container_runtime/tasks/main.yml
|
||||
- name: Install required base packages
|
||||
become: true
|
||||
dnf:
|
||||
|
|
@ -43,11 +44,6 @@
|
|||
owner: "{{ container_user }}"
|
||||
group: "{{ container_group }}"
|
||||
|
||||
#- name: Force systemd reload (blocking)
|
||||
# become: true
|
||||
# become_user: "{{ container_user }}"
|
||||
# command: systemctl --user daemon-reload
|
||||
|
||||
- name: Force systemd reload (blocking)
|
||||
become: true
|
||||
become_user: "{{ container_user }}"
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@
|
|||
owner: "{{ container_user }}"
|
||||
group: "{{ container_group }}"
|
||||
mode: '0600'
|
||||
force: "{{ matrix_overwrite_config | default(false) | bool }}"
|
||||
|
||||
- name: Ensure Synapse signing key is deployed
|
||||
copy:
|
||||
|
|
@ -32,6 +33,7 @@
|
|||
owner: "{{ container_user }}"
|
||||
group: "{{ container_group }}"
|
||||
mode: '0600'
|
||||
force: "{{ matrix_overwrite_signing_key | default(false) | bool }}"
|
||||
|
||||
- name: Deploy Synapse Quadlet
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
#nfs_client/tasks/main.yml
|
||||
- name: Create dummy NAS root for test environment
|
||||
# nfs_client/tasks/main.yml
|
||||
- name: Configure dummy NAS storage for test environment
|
||||
when: env == "test"
|
||||
block:
|
||||
- name: Create dummy NAS root for test environment
|
||||
become: true
|
||||
file:
|
||||
path: "{{ nfs_mount_point }}"
|
||||
|
|
@ -8,9 +11,8 @@
|
|||
owner: "{{ container_user }}"
|
||||
group: "{{ container_group }}"
|
||||
mode: "0755"
|
||||
when: env == "test"
|
||||
|
||||
- name: Create dummy NAS storage tree for test environment
|
||||
- name: Create dummy NAS storage tree for test environment
|
||||
become: true
|
||||
file:
|
||||
path: "{{ nfs_mount_point }}/{{ item }}"
|
||||
|
|
@ -19,38 +21,36 @@
|
|||
group: "{{ container_group }}"
|
||||
mode: "0775"
|
||||
loop: "{{ storage_tree }}"
|
||||
when: env == "test"
|
||||
|
||||
- name: Set SELinux context for dummy NAS storage in test environment
|
||||
- name: Set SELinux context for dummy NAS storage in test environment
|
||||
become: true
|
||||
community.general.sefcontext:
|
||||
target: "{{ nfs_mount_point }}(/.*)?"
|
||||
setype: container_file_t
|
||||
state: present
|
||||
when: env == "test"
|
||||
|
||||
- name: Apply SELinux context for dummy NAS storage in test environment
|
||||
- name: Apply SELinux context for dummy NAS storage in test environment
|
||||
become: true
|
||||
command: restorecon -Rv "{{ nfs_mount_point }}"
|
||||
changed_when: false
|
||||
when: env == "test"
|
||||
|
||||
- name: Install required NFS client packages
|
||||
- name: Configure NFS client for non-test environments
|
||||
when: env != "test"
|
||||
block:
|
||||
- name: Install required NFS client packages
|
||||
become: true
|
||||
dnf:
|
||||
name: nfs-utils
|
||||
state: present
|
||||
when: env != "test"
|
||||
|
||||
- name: Check whether NFS mount point is already mounted
|
||||
- name: Check whether NFS mount point is already mounted
|
||||
become: true
|
||||
command: findmnt --mountpoint "{{ nfs_mount_point }}"
|
||||
ansible.builtin.command: findmnt --mountpoint "{{ nfs_mount_point }}"
|
||||
register: nfs_mount_check
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
when: env != "test"
|
||||
|
||||
- name: Create NFS mount point
|
||||
- name: Ensure local NFS mount point exists before mounting
|
||||
become: true
|
||||
file:
|
||||
path: "{{ nfs_mount_point }}"
|
||||
|
|
@ -58,11 +58,9 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
when:
|
||||
- env != "test"
|
||||
- nfs_mount_check.rc != 0
|
||||
when: nfs_mount_check.rc != 0
|
||||
|
||||
- name: Configure NFS mount
|
||||
- name: Ensure NFS mount is present in fstab and mounted
|
||||
become: true
|
||||
ansible.posix.mount:
|
||||
path: "{{ nfs_mount_point }}"
|
||||
|
|
@ -70,4 +68,3 @@
|
|||
fstype: "{{ nfs_fstype }}"
|
||||
opts: "{{ nfs_options }}"
|
||||
state: mounted
|
||||
when: env != "test"
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#nfw_server/defaults/main.yml
|
||||
nfs_packages:
|
||||
---
|
||||
# nfs_server/defaults/main.yml
|
||||
base_nfs_packages:
|
||||
- nfs-utils
|
||||
- nfs-server
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
#nfs_server/tasks/main.yml
|
||||
- name: Install NFS utilities
|
||||
- name: Install required NFS utilities packages
|
||||
become: true
|
||||
dnf:
|
||||
name: nfs-utils
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ nfs_packages }}"
|
||||
loop: "{{ base_nfs_packages }}"
|
||||
|
||||
- name: Build NFS exports entries
|
||||
become: true
|
||||
|
|
|
|||
|
|
@ -7,9 +7,11 @@ After=gluetun.service
|
|||
ContainerName=byparr
|
||||
Image=ghcr.io/thephaseless/byparr:latest
|
||||
|
||||
Environment=TZ=America/New_York
|
||||
Environment=TZ={{ timezone }}
|
||||
Environment=LOG_LEVEL=info
|
||||
Network=container:gluetun
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
|
|
|
|||
Loading…
Reference in New Issue