drew
/
Homelab-Infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: drew:bd16ea01bcceca87ffb904f0572d1194055ee818
Branches Tags
drew:main
..
compare: drew:4ef29933fbb93065c1f3fd7ce5d8436d23899ed8
Branches Tags
drew:main

No commits in common. "bd16ea01bcceca87ffb904f0572d1194055ee818" and "4ef29933fbb93065c1f3fd7ce5d8436d23899ed8" have entirely different histories.
bd16ea01bc ... 4ef29933fb

13 changed files with 181 additions and 201 deletions
Show Stats Expand all files Collapse all files

25
inventory/group_vars/bots.example.yml Normal file
View File

@ -0,0 +1,25 @@
---
# Gluetun SELinux access
selinux_allow_gluetun: true
# Servarr stack
servarr_stack:
- src: qbittorrent.container.j2
dest: qbittorrent.container
- src: prowlarr.container.j2
dest: prowlarr.container
- src: radarr.container.j2
dest: radarr.container
- src: sonarr.container.j2
dest: sonarr.container
- src: bazarr.container.j2
dest: bazarr.container
- src: flaresolverr.container.j2
dest: flaresolverr.container
# Gluetun setup
vpn_provider: mullvad
vpn_type: wireguard
vpn_countries: "Netherlands,USA,Canada"
vpn_private_key: "replace-with-wireguard-private-key"
vpn_addresses: "10.0.0.2/32"

25
inventory/group_vars/services.example.yml → inventory/group_vars/controller.example.yml
View File

@ -19,28 +19,3 @@ bazarr_domain: "bazarr.example.{{ caddy_node }}"
bazarr_upstream: host.containers.internal:6767 bazarr_upstream: host.containers.internal:6767
caddy_email: "admin@example.{{ caddy_node }}" caddy_email: "admin@example.{{ caddy_node }}"
# Gluetun SELinux access
selinux_allow_gluetun: true
# Servarr stack
servarr_stack:
- src: qbittorrent.container.j2
dest: qbittorrent.container
- src: prowlarr.container.j2
dest: prowlarr.container
- src: radarr.container.j2
dest: radarr.container
- src: sonarr.container.j2
dest: sonarr.container
- src: bazarr.container.j2
dest: bazarr.container
- src: flaresolverr.container.j2
dest: flaresolverr.container
# Gluetun setup
vpn_provider: mullvad
vpn_type: wireguard
vpn_countries: "Netherlands,USA,Canada"
vpn_private_key: "replace-with-wireguard-private-key"
vpn_addresses: "10.0.0.2/32"

125
playbook.yml
View File

@ -1,83 +1,68 @@
- name: Common host foundation - name: Storage
hosts: nas:services:workstation
become: true
roles:
- role: base_os
tags: base_os
- role: firewall_base
tags: firewall_base
- role: cli_productivity
tags: cli_productivity
- name: Shared storage clients
hosts: nfs_clients
become: true
roles:
- role: nfs_client
tags: nfs_client
- name: Storage services
hosts: nas hosts: nas
become: true become: true
roles: roles:
- role: storage_client - base_os
tags: storage_client - firewall_base
- role: nfs_server - container_runtime
tags: nfs_server - storage_client
- nfs_server
- name: Containers stack
hosts: services - name: Jellyfin
become: true
roles:
- role: container_runtime
tags: container_runtime
- role: selinux_containers
tags: selinux_containers
- name: Media services
hosts: media hosts: media
become: true become: true
roles: roles:
# Jellyfin role will go here later. - base_os
# - role: jellyfin - firewall_base
# tags: jellyfin - container_runtime
- name: DNS and reverse proxy - name: Bots
hosts: services hosts: bots
become: true become: true
roles: roles:
- role: adguard - base_os
- firewall_base
- container_runtime
- nfs_client
- servarr
- name: DNS
hosts: controller
become: true
roles:
- name: base_os
tags: base_os
- name: firewall_base
tags: firewall_base
- name: container_runtime
tags: container_runtime
- name: adguard
tags: adguard tags: adguard
- role: caddy - name: trilium
tags: caddy
- name: Servarr stack
hosts: servarr_hosts
become: true
roles:
- role: servarr
tags: servarr
- name: Matrix stack
hosts: matrix_hosts
become: true
roles:
- role: matrix_synapse
tags: matrix
- name: Notes stack
hosts: notes_hosts
become: true
roles:
- role: trilium
tags: trilium tags: trilium
- name: caddy
- name: ML workloads tags: caddy
hosts: ml_hosts
- name: Workstation Setup
hosts: workstation
become: true become: true
roles: roles:
# Future roles: - base_os
# - role: immich_ml - firewall_base
# tags: immich_ml - container_runtime
# - role: whisper - selinux_containers
# tags: whisper
- name: Matrix
hosts: matrix
become: true
roles:
- base_os
- firewall_base
- container_runtime
- matrix_synapse
- name: Configure RHEL machines
hosts: rhel
become: true
roles:
- cli_productivity

3
roles/adguard/templates/adguard.container.j2
View File

@ -7,8 +7,7 @@ Requires=homelab-network.service
[Container] [Container]
Image=docker.io/adguard/adguardhome:latest Image=docker.io/adguard/adguardhome:latest
ContainerName=adguard ContainerName=adguard
Network=homelab.network Network=homelab:alias=adguard
NetworkAlias=adguard
Volume={{ adguard_dir }}/work:/opt/adguardhome/work Volume={{ adguard_dir }}/work:/opt/adguardhome/work
Volume={{ adguard_dir }}/conf:/opt/adguardhome/conf Volume={{ adguard_dir }}/conf:/opt/adguardhome/conf

41
roles/base_os/tasks/time_sync.yml
View File

@ -1,44 +1,29 @@
--- ---
# base_os/tasks/time_sync.yml #base_os/tasks/time_sync.yml
- name: Chrony time sync correction for test environments - name: Chrony time sync (dev only)
when: env == "test" when: env == "test"
block: block:
- name: Ensure chronyd is enabled and running
- name: Ensure chronyd is running
become: true become: true
ansible.builtin.service: ansible.builtin.service:
name: chronyd name: chronyd
state: started state: started
enabled: true enabled: true
- name: Initial chrony time step - name: Wait for chrony to have reachable sources
become: true become: true
ansible.builtin.command: chronyc makestep command: chronyc activity
changed_when: false register: chrony_activity
failed_when: false retries: 20
delay: 2
until: "'sources online' in chrony_activity.stdout and '0 sources online' not in chrony_activity.stdout"
- name: Wait after initial chrony time step - name: Force time step correction
ansible.builtin.pause:
seconds: 5
- name: Restart chronyd after initial time step
become: true become: true
ansible.builtin.service: command: chronyc -a makestep
name: chronyd
state: restarted
enabled: true
- name: Wait after chronyd restart
ansible.builtin.pause:
seconds: 2
- name: Final chrony time step
become: true
ansible.builtin.command: chronyc makestep
changed_when: false
failed_when: false
- name: Verify system time is reasonable - name: Verify system time is reasonable
ansible.builtin.command: date command: date
register: date_check register: date_check
changed_when: false
failed_when: "'2026-04-13' in date_check.stdout" failed_when: "'2026-04-13' in date_check.stdout"

4
roles/cli_productivity/defaults/main.yml
View File

@ -77,8 +77,8 @@ cli_optional_packages:
cli_starship_install_method: "script" cli_starship_install_method: "script"
cli_starship_bin_path: "/usr/local/bin/starship" cli_starship_bin_path: "/usr/local/bin/starship"
cli_git_user_name: "drew" cli_git_user_name: ""
cli_git_user_email: "drew.wells007@icloud.com" cli_git_user_email: ""
cli_fish_abbreviations: cli_fish_abbreviations:
- name: ll - name: ll

8
roles/cli_productivity/tasks/main.yml
View File

@ -36,6 +36,14 @@
register: cli_optional_package_install register: cli_optional_package_install
failed_when: false failed_when: false
- name: Report optional CLI packages that could not be installed
ansible.builtin.debug:
msg: "Optional package was not installed: {{ item.item }} - {{ item.failures | default(item.msg | default('unknown reason')) }}"
loop: "{{ cli_optional_package_install.results | default([]) }}"
when:
- item.rc is defined
- item.rc != 0
- name: Check whether Starship is installed - name: Check whether Starship is installed
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ cli_starship_bin_path }}" path: "{{ cli_starship_bin_path }}"

8
roles/container_runtime/tasks/main.yml
View File

@ -1,5 +1,4 @@
--- #container_runtime/tasks/main.yml
# container_runtime/tasks/main.yml
- name: Install required base packages - name: Install required base packages
become: true become: true
dnf: dnf:
@ -43,6 +42,11 @@
mode: "0644" mode: "0644"
owner: "{{ container_user }}" owner: "{{ container_user }}"
group: "{{ container_group }}" group: "{{ container_group }}"
#- name: Force systemd reload (blocking)
# become: true
# become_user: "{{ container_user }}"
# command: systemctl --user daemon-reload
- name: Force systemd reload (blocking) - name: Force systemd reload (blocking)
become: true become: true

2
roles/matrix_synapse/tasks/main.yml
View File

@ -24,7 +24,6 @@
owner: "{{ container_user }}" owner: "{{ container_user }}"
group: "{{ container_group }}" group: "{{ container_group }}"
mode: '0600' mode: '0600'
force: "{{ matrix_overwrite_config | default(false) | bool }}"
- name: Ensure Synapse signing key is deployed - name: Ensure Synapse signing key is deployed
copy: copy:
@ -33,7 +32,6 @@
owner: "{{ container_user }}" owner: "{{ container_user }}"
group: "{{ container_group }}" group: "{{ container_group }}"
mode: '0600' mode: '0600'
force: "{{ matrix_overwrite_signing_key | default(false) | bool }}"
- name: Deploy Synapse Quadlet - name: Deploy Synapse Quadlet
template: template:

123
roles/nfs_client/tasks/main.yml
View File

@ -1,70 +1,73 @@
--- ---
# nfs_client/tasks/main.yml #nfs_client/tasks/main.yml
- name: Configure dummy NAS storage for test environment - name: Create dummy NAS root for test environment
become: true
file:
path: "{{ nfs_mount_point }}"
state: directory
owner: "{{ container_user }}"
group: "{{ container_group }}"
mode: "0755"
when: env == "test" when: env == "test"
block:
- name: Create dummy NAS root for test environment
become: true
file:
path: "{{ nfs_mount_point }}"
state: directory
owner: "{{ container_user }}"
group: "{{ container_group }}"
mode: "0755"
- name: Create dummy NAS storage tree for test environment - name: Create dummy NAS storage tree for test environment
become: true become: true
file: file:
path: "{{ nfs_mount_point }}/{{ item }}" path: "{{ nfs_mount_point }}/{{ item }}"
state: directory state: directory
owner: "{{ container_user }}" owner: "{{ container_user }}"
group: "{{ container_group }}" group: "{{ container_group }}"
mode: "0775" mode: "0775"
loop: "{{ storage_tree }}" loop: "{{ storage_tree }}"
when: env == "test"
- name: Set SELinux context for dummy NAS storage in test environment - name: Set SELinux context for dummy NAS storage in test environment
become: true become: true
community.general.sefcontext: community.general.sefcontext:
target: "{{ nfs_mount_point }}(/.*)?" target: "{{ nfs_mount_point }}(/.*)?"
setype: container_file_t setype: container_file_t
state: present state: present
when: env == "test"
- name: Apply SELinux context for dummy NAS storage in test environment - name: Apply SELinux context for dummy NAS storage in test environment
become: true become: true
command: restorecon -Rv "{{ nfs_mount_point }}" command: restorecon -Rv "{{ nfs_mount_point }}"
changed_when: false changed_when: false
when: env == "test"
- name: Configure NFS client for non-test environments - name: Install required NFS client packages
become: true
dnf:
name: nfs-utils
state: present
when: env != "test" when: env != "test"
block:
- name: Install required NFS client packages
become: true
dnf:
name: nfs-utils
state: present
- name: Check whether NFS mount point is already mounted - name: Check whether NFS mount point is already mounted
become: true become: true
ansible.builtin.command: findmnt --mountpoint "{{ nfs_mount_point }}" command: findmnt --mountpoint "{{ nfs_mount_point }}"
register: nfs_mount_check register: nfs_mount_check
changed_when: false changed_when: false
failed_when: false failed_when: false
when: env != "test"
- name: Ensure local NFS mount point exists before mounting - name: Create NFS mount point
become: true become: true
file: file:
path: "{{ nfs_mount_point }}" path: "{{ nfs_mount_point }}"
state: directory state: directory
owner: root owner: root
group: root group: root
mode: "0755" mode: "0755"
when: nfs_mount_check.rc != 0 when:
- env != "test"
- nfs_mount_check.rc != 0
- name: Ensure NFS mount is present in fstab and mounted - name: Configure NFS mount
become: true become: true
ansible.posix.mount: ansible.posix.mount:
path: "{{ nfs_mount_point }}" path: "{{ nfs_mount_point }}"
src: "{{ nfs_server }}:{{ nfs_export }}" src: "{{ nfs_server }}:{{ nfs_export }}"
fstype: "{{ nfs_fstype }}" fstype: "{{ nfs_fstype }}"
opts: "{{ nfs_options }}" opts: "{{ nfs_options }}"
state: mounted state: mounted
when: env != "test"

8
roles/nfs_server/defaults/main.yml
View File

@ -1,4 +1,4 @@
--- #nfw_server/defaults/main.yml
# nfs_server/defaults/main.yml nfs_packages:
base_nfs_packages: - nfs-utils
- nfs-utils - nfs-server

6
roles/nfs_server/tasks/main.yml
View File

@ -1,11 +1,11 @@
--- ---
#nfs_server/tasks/main.yml #nfs_server/tasks/main.yml
- name: Install required NFS utilities packages - name: Install NFS utilities
become: true become: true
dnf: dnf:
name: "{{ item }}" name: nfs-utils
state: present state: present
loop: "{{ base_nfs_packages }}" loop: "{{ nfs_packages }}"
- name: Build NFS exports entries - name: Build NFS exports entries
become: true become: true

4
roles/servarr/templates/byparr.container.j2
View File

@ -7,11 +7,9 @@ After=gluetun.service
ContainerName=byparr ContainerName=byparr
Image=ghcr.io/thephaseless/byparr:latest Image=ghcr.io/thephaseless/byparr:latest
Environment=TZ={{ timezone }} Environment=TZ=America/New_York
Environment=LOG_LEVEL=info Environment=LOG_LEVEL=info
Network=container:gluetun Network=container:gluetun
[Service]
Restart=always Restart=always
[Install] [Install]