From 3b2d045d6c9f63016efedf7c7ad9407c8244858e Mon Sep 17 00:00:00 2001 From: drew Date: Mon, 25 May 2026 21:26:50 -0400 Subject: [PATCH] Change to machine based host ideology --- inventory/group_vars/bots.example.yml | 25 ---- ...oller.example.yml => services.example.yml} | 25 ++++ playbook.yml | 117 +++++++++-------- roles/adguard/templates/adguard.container.j2 | 3 +- roles/base_os/tasks/time_sync.yml | 41 ++++-- roles/cli_productivity/defaults/main.yml | 4 +- roles/cli_productivity/tasks/main.yml | 8 -- roles/container_runtime/tasks/main.yml | 8 +- roles/matrix_synapse/tasks/main.yml | 2 + roles/nfs_client/tasks/main.yml | 123 +++++++++--------- roles/nfs_server/defaults/main.yml | 8 +- roles/nfs_server/tasks/main.yml | 6 +- roles/servarr/templates/byparr.container.j2 | 4 +- 13 files changed, 197 insertions(+), 177 deletions(-) delete mode 100644 inventory/group_vars/bots.example.yml rename inventory/group_vars/{controller.example.yml => services.example.yml} (50%) diff --git a/inventory/group_vars/bots.example.yml b/inventory/group_vars/bots.example.yml deleted file mode 100644 index d38b29c..0000000 --- a/inventory/group_vars/bots.example.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Gluetun SELinux access -selinux_allow_gluetun: true - -# Servarr stack -servarr_stack: - - src: qbittorrent.container.j2 - dest: qbittorrent.container - - src: prowlarr.container.j2 - dest: prowlarr.container - - src: radarr.container.j2 - dest: radarr.container - - src: sonarr.container.j2 - dest: sonarr.container - - src: bazarr.container.j2 - dest: bazarr.container - - src: flaresolverr.container.j2 - dest: flaresolverr.container - -# Gluetun setup -vpn_provider: mullvad -vpn_type: wireguard -vpn_countries: "Netherlands,USA,Canada" -vpn_private_key: "replace-with-wireguard-private-key" -vpn_addresses: "10.0.0.2/32" diff --git a/inventory/group_vars/controller.example.yml b/inventory/group_vars/services.example.yml similarity index 50% rename from inventory/group_vars/controller.example.yml rename to inventory/group_vars/services.example.yml index 6ffc8df..bf4f521 100644 --- a/inventory/group_vars/controller.example.yml +++ b/inventory/group_vars/services.example.yml @@ -19,3 +19,28 @@ bazarr_domain: "bazarr.example.{{ caddy_node }}" bazarr_upstream: host.containers.internal:6767 caddy_email: "admin@example.{{ caddy_node }}" + +# Gluetun SELinux access +selinux_allow_gluetun: true + +# Servarr stack +servarr_stack: + - src: qbittorrent.container.j2 + dest: qbittorrent.container + - src: prowlarr.container.j2 + dest: prowlarr.container + - src: radarr.container.j2 + dest: radarr.container + - src: sonarr.container.j2 + dest: sonarr.container + - src: bazarr.container.j2 + dest: bazarr.container + - src: flaresolverr.container.j2 + dest: flaresolverr.container + +# Gluetun setup +vpn_provider: mullvad +vpn_type: wireguard +vpn_countries: "Netherlands,USA,Canada" +vpn_private_key: "replace-with-wireguard-private-key" +vpn_addresses: "10.0.0.2/32" \ No newline at end of file diff --git a/playbook.yml b/playbook.yml index 7d1dcd5..2c2c2ac 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,68 +1,83 @@ -- name: Storage +- name: Common host foundation + hosts: nas:services:workstation + become: true + roles: + - role: base_os + tags: base_os + - role: firewall_base + tags: firewall_base + - role: cli_productivity + tags: cli_productivity + +- name: Shared storage clients + hosts: nfs_clients + become: true + roles: + - role: nfs_client + tags: nfs_client + +- name: Storage services hosts: nas become: true roles: - - base_os - - firewall_base - - container_runtime - - storage_client - - nfs_server - -- name: Jellyfin + - role: storage_client + tags: storage_client + - role: nfs_server + tags: nfs_server + +- name: Containers stack + hosts: services + become: true + roles: + - role: container_runtime + tags: container_runtime + - role: selinux_containers + tags: selinux_containers + +- name: Media services hosts: media become: true roles: - - base_os - - firewall_base - - container_runtime + # Jellyfin role will go here later. + # - role: jellyfin + # tags: jellyfin -- name: Bots - hosts: bots +- name: DNS and reverse proxy + hosts: services become: true roles: - - base_os - - firewall_base - - container_runtime - - nfs_client - - servarr - -- name: DNS - hosts: controller - become: true - roles: - - name: base_os - tags: base_os - - name: firewall_base - tags: firewall_base - - name: container_runtime - tags: container_runtime - - name: adguard + - role: adguard tags: adguard - - name: trilium - tags: trilium - - name: caddy + - role: caddy tags: caddy - -- name: Workstation Setup - hosts: workstation + +- name: Servarr stack + hosts: servarr_hosts become: true roles: - - base_os - - firewall_base - - container_runtime - - selinux_containers - -- name: Matrix - hosts: matrix + - role: servarr + tags: servarr + +- name: Matrix stack + hosts: matrix_hosts become: true roles: - - base_os - - firewall_base - - container_runtime - - matrix_synapse - -- name: Configure RHEL machines - hosts: rhel + - role: matrix_synapse + tags: matrix + +- name: Notes stack + hosts: notes_hosts become: true roles: - - cli_productivity \ No newline at end of file + - role: trilium + tags: trilium + +- name: ML workloads + hosts: ml_hosts + become: true + roles: + # Future roles: + # - role: immich_ml + # tags: immich_ml + # - role: whisper + # tags: whisper \ No newline at end of file diff --git a/roles/adguard/templates/adguard.container.j2 b/roles/adguard/templates/adguard.container.j2 index 4885ea5..925864e 100644 --- a/roles/adguard/templates/adguard.container.j2 +++ b/roles/adguard/templates/adguard.container.j2 @@ -7,7 +7,8 @@ Requires=homelab-network.service [Container] Image=docker.io/adguard/adguardhome:latest ContainerName=adguard -Network=homelab:alias=adguard +Network=homelab.network +NetworkAlias=adguard Volume={{ adguard_dir }}/work:/opt/adguardhome/work Volume={{ adguard_dir }}/conf:/opt/adguardhome/conf diff --git a/roles/base_os/tasks/time_sync.yml b/roles/base_os/tasks/time_sync.yml index a47e6a1..22f0b5c 100644 --- a/roles/base_os/tasks/time_sync.yml +++ b/roles/base_os/tasks/time_sync.yml @@ -1,29 +1,44 @@ --- -#base_os/tasks/time_sync.yml -- name: Chrony time sync (dev only) +# base_os/tasks/time_sync.yml +- name: Chrony time sync correction for test environments when: env == "test" block: - - - name: Ensure chronyd is running + - name: Ensure chronyd is enabled and running become: true ansible.builtin.service: name: chronyd state: started enabled: true - - name: Wait for chrony to have reachable sources + - name: Initial chrony time step become: true - command: chronyc activity - register: chrony_activity - retries: 20 - delay: 2 - until: "'sources online' in chrony_activity.stdout and '0 sources online' not in chrony_activity.stdout" + ansible.builtin.command: chronyc makestep + changed_when: false + failed_when: false - - name: Force time step correction + - name: Wait after initial chrony time step + ansible.builtin.pause: + seconds: 5 + + - name: Restart chronyd after initial time step become: true - command: chronyc -a makestep + ansible.builtin.service: + name: chronyd + state: restarted + enabled: true + + - name: Wait after chronyd restart + ansible.builtin.pause: + seconds: 2 + + - name: Final chrony time step + become: true + ansible.builtin.command: chronyc makestep + changed_when: false + failed_when: false - name: Verify system time is reasonable - command: date + ansible.builtin.command: date register: date_check + changed_when: false failed_when: "'2026-04-13' in date_check.stdout" \ No newline at end of file diff --git a/roles/cli_productivity/defaults/main.yml b/roles/cli_productivity/defaults/main.yml index 3c4d47a..7409836 100644 --- a/roles/cli_productivity/defaults/main.yml +++ b/roles/cli_productivity/defaults/main.yml @@ -77,8 +77,8 @@ cli_optional_packages: cli_starship_install_method: "script" cli_starship_bin_path: "/usr/local/bin/starship" -cli_git_user_name: "" -cli_git_user_email: "" +cli_git_user_name: "drew" +cli_git_user_email: "drew.wells007@icloud.com" cli_fish_abbreviations: - name: ll diff --git a/roles/cli_productivity/tasks/main.yml b/roles/cli_productivity/tasks/main.yml index c052ce5..f0e4e5f 100644 --- a/roles/cli_productivity/tasks/main.yml +++ b/roles/cli_productivity/tasks/main.yml @@ -36,14 +36,6 @@ register: cli_optional_package_install failed_when: false -- name: Report optional CLI packages that could not be installed - ansible.builtin.debug: - msg: "Optional package was not installed: {{ item.item }} - {{ item.failures | default(item.msg | default('unknown reason')) }}" - loop: "{{ cli_optional_package_install.results | default([]) }}" - when: - - item.rc is defined - - item.rc != 0 - - name: Check whether Starship is installed ansible.builtin.stat: path: "{{ cli_starship_bin_path }}" diff --git a/roles/container_runtime/tasks/main.yml b/roles/container_runtime/tasks/main.yml index edbbc54..501f086 100644 --- a/roles/container_runtime/tasks/main.yml +++ b/roles/container_runtime/tasks/main.yml @@ -1,4 +1,5 @@ -#container_runtime/tasks/main.yml +--- +# container_runtime/tasks/main.yml - name: Install required base packages become: true dnf: @@ -42,11 +43,6 @@ mode: "0644" owner: "{{ container_user }}" group: "{{ container_group }}" - -#- name: Force systemd reload (blocking) -# become: true -# become_user: "{{ container_user }}" -# command: systemctl --user daemon-reload - name: Force systemd reload (blocking) become: true diff --git a/roles/matrix_synapse/tasks/main.yml b/roles/matrix_synapse/tasks/main.yml index 3573f16..8704947 100644 --- a/roles/matrix_synapse/tasks/main.yml +++ b/roles/matrix_synapse/tasks/main.yml @@ -24,6 +24,7 @@ owner: "{{ container_user }}" group: "{{ container_group }}" mode: '0600' + force: "{{ matrix_overwrite_config | default(false) | bool }}" - name: Ensure Synapse signing key is deployed copy: @@ -32,6 +33,7 @@ owner: "{{ container_user }}" group: "{{ container_group }}" mode: '0600' + force: "{{ matrix_overwrite_signing_key | default(false) | bool }}" - name: Deploy Synapse Quadlet template: diff --git a/roles/nfs_client/tasks/main.yml b/roles/nfs_client/tasks/main.yml index c746fee..7f8034f 100644 --- a/roles/nfs_client/tasks/main.yml +++ b/roles/nfs_client/tasks/main.yml @@ -1,73 +1,70 @@ --- -#nfs_client/tasks/main.yml -- name: Create dummy NAS root for test environment - become: true - file: - path: "{{ nfs_mount_point }}" - state: directory - owner: "{{ container_user }}" - group: "{{ container_group }}" - mode: "0755" +# nfs_client/tasks/main.yml +- name: Configure dummy NAS storage for test environment when: env == "test" + block: + - name: Create dummy NAS root for test environment + become: true + file: + path: "{{ nfs_mount_point }}" + state: directory + owner: "{{ container_user }}" + group: "{{ container_group }}" + mode: "0755" -- name: Create dummy NAS storage tree for test environment - become: true - file: - path: "{{ nfs_mount_point }}/{{ item }}" - state: directory - owner: "{{ container_user }}" - group: "{{ container_group }}" - mode: "0775" - loop: "{{ storage_tree }}" - when: env == "test" + - name: Create dummy NAS storage tree for test environment + become: true + file: + path: "{{ nfs_mount_point }}/{{ item }}" + state: directory + owner: "{{ container_user }}" + group: "{{ container_group }}" + mode: "0775" + loop: "{{ storage_tree }}" -- name: Set SELinux context for dummy NAS storage in test environment - become: true - community.general.sefcontext: - target: "{{ nfs_mount_point }}(/.*)?" - setype: container_file_t - state: present - when: env == "test" + - name: Set SELinux context for dummy NAS storage in test environment + become: true + community.general.sefcontext: + target: "{{ nfs_mount_point }}(/.*)?" + setype: container_file_t + state: present -- name: Apply SELinux context for dummy NAS storage in test environment - become: true - command: restorecon -Rv "{{ nfs_mount_point }}" - changed_when: false - when: env == "test" + - name: Apply SELinux context for dummy NAS storage in test environment + become: true + command: restorecon -Rv "{{ nfs_mount_point }}" + changed_when: false -- name: Install required NFS client packages - become: true - dnf: - name: nfs-utils - state: present +- name: Configure NFS client for non-test environments when: env != "test" + block: + - name: Install required NFS client packages + become: true + dnf: + name: nfs-utils + state: present -- name: Check whether NFS mount point is already mounted - become: true - command: findmnt --mountpoint "{{ nfs_mount_point }}" - register: nfs_mount_check - changed_when: false - failed_when: false - when: env != "test" + - name: Check whether NFS mount point is already mounted + become: true + ansible.builtin.command: findmnt --mountpoint "{{ nfs_mount_point }}" + register: nfs_mount_check + changed_when: false + failed_when: false -- name: Create NFS mount point - become: true - file: - path: "{{ nfs_mount_point }}" - state: directory - owner: root - group: root - mode: "0755" - when: - - env != "test" - - nfs_mount_check.rc != 0 + - name: Ensure local NFS mount point exists before mounting + become: true + file: + path: "{{ nfs_mount_point }}" + state: directory + owner: root + group: root + mode: "0755" + when: nfs_mount_check.rc != 0 -- name: Configure NFS mount - become: true - ansible.posix.mount: - path: "{{ nfs_mount_point }}" - src: "{{ nfs_server }}:{{ nfs_export }}" - fstype: "{{ nfs_fstype }}" - opts: "{{ nfs_options }}" - state: mounted - when: env != "test" \ No newline at end of file + - name: Ensure NFS mount is present in fstab and mounted + become: true + ansible.posix.mount: + path: "{{ nfs_mount_point }}" + src: "{{ nfs_server }}:{{ nfs_export }}" + fstype: "{{ nfs_fstype }}" + opts: "{{ nfs_options }}" + state: mounted \ No newline at end of file diff --git a/roles/nfs_server/defaults/main.yml b/roles/nfs_server/defaults/main.yml index 96078ea..bc895ae 100644 --- a/roles/nfs_server/defaults/main.yml +++ b/roles/nfs_server/defaults/main.yml @@ -1,4 +1,4 @@ -#nfw_server/defaults/main.yml -nfs_packages: - - nfs-utils - - nfs-server \ No newline at end of file +--- +# nfs_server/defaults/main.yml +base_nfs_packages: + - nfs-utils \ No newline at end of file diff --git a/roles/nfs_server/tasks/main.yml b/roles/nfs_server/tasks/main.yml index 102438b..683e9d3 100644 --- a/roles/nfs_server/tasks/main.yml +++ b/roles/nfs_server/tasks/main.yml @@ -1,11 +1,11 @@ --- #nfs_server/tasks/main.yml -- name: Install NFS utilities +- name: Install required NFS utilities packages become: true dnf: - name: nfs-utils + name: "{{ item }}" state: present - loop: "{{ nfs_packages }}" + loop: "{{ base_nfs_packages }}" - name: Build NFS exports entries become: true diff --git a/roles/servarr/templates/byparr.container.j2 b/roles/servarr/templates/byparr.container.j2 index 294bddb..1b728e3 100644 --- a/roles/servarr/templates/byparr.container.j2 +++ b/roles/servarr/templates/byparr.container.j2 @@ -7,9 +7,11 @@ After=gluetun.service ContainerName=byparr Image=ghcr.io/thephaseless/byparr:latest -Environment=TZ=America/New_York +Environment=TZ={{ timezone }} Environment=LOG_LEVEL=info Network=container:gluetun + +[Service] Restart=always [Install] -- 2.40.1