From 60094d192b0b8c781878655e4a9fa348a67ae26e Mon Sep 17 00:00:00 2001 From: David Stephens Date: Thu, 4 Jul 2019 00:22:20 +0100 Subject: [PATCH 1/9] Rejig config to reduce merging headache --- README.md | 39 +- docs/applications/transmission.md | 13 +- group_vars/all.yml.dist | 574 -------------------------- group_vars/vpn_credentials.yml.dist | 9 - inventories/sample/group_vars/all.yml | 18 + inventory.dist | 6 - tasks/transmission_with_openvpn.yml | 3 - 7 files changed, 57 insertions(+), 605 deletions(-) delete mode 100644 group_vars/all.yml.dist delete mode 100644 group_vars/vpn_credentials.yml.dist create mode 100644 inventories/sample/group_vars/all.yml delete mode 100644 inventory.dist diff --git a/README.md b/README.md index cae3cf95..5a06ba26 100644 --- a/README.md +++ b/README.md @@ -87,19 +87,36 @@ gained by automating it. Check out the [docs](https://davestephens.github.io/ans :skull: Before running anything, check out the playbook and understand what it does. Run it against a VM and make sure you're happy. ***Do not*** blindly download code from the internet and trust that it's going to work as you expect. -:skull: +:skull: + + +1. Enable the Ubuntu Universe repository: + + `sudo add-apt-repository universe` + +2. Install Ansible: + + `sudo apt install ansible` + +3. Clone Ansible-NAS: + + `git clone https://github.com/davestephens/ansible-nas.git && cd ansible-nas` + +4. Create your own inventory and config files by copying `inventories/sample` to your own directory: + + `cp -rfp inventories/sample inventories/my-ansible-nas` + +5. Review `group_vars/all.yml`. Change settings by overriding them in inventories/my-ansible-nas/group_vars/all.yml`. + +6. If you plan to use Transmission with OpenVPN, update `inventories/my-ansible-nas/group_vars/vpn_credentials.yml`. + +7. Update `inventories/my-ansible-nas/inventory`. + +8. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need `sudo` to install Ansible roles). -1. Enable the Ubuntu Universe repository: `sudo add-apt-repository universe` -2. Install Ansible: `sudo apt install ansible` -3. `git clone https://github.com/davestephens/ansible-nas.git && cd ansible-nas` -4. Copy `group_vars/all.yml.dist` to `group_vars/all.yml`. -5. Open up `group_vars/all.yml` and follow the instructions there for configuring your Ansible NAS. -6. If you plan to use Transmission with OpenVPN, also copy `group_vars/vpn_credentials.yml.dist` to -`group_vars/vpn_credentials.yml` and fill in your settings. -7. Copy `inventory.dist` to `inventory` and update it. -8. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need sudo to install Ansible roles) 9. Run the playbook - something like `ansible-playbook -i inventory nas.yml -b -K` should do you nicely. + ## Documentation You can read the docs [here](https://davestephens.github.io/ansible-nas). PRs @@ -119,7 +136,7 @@ Assuming that your Ubuntu system disk is separate from your storage (it should b ## Requirements * Ansible NAS targets the latest Ubuntu LTS release, which is currently Ubuntu - Server 18.04.2 LTS. + Server 18.04 LTS. * You can run Ansible-NAS on whatever you like, read the docs for more info. I use an HP Microserver. diff --git a/docs/applications/transmission.md b/docs/applications/transmission.md index 7fed5f63..9f2638d2 100644 --- a/docs/applications/transmission.md +++ b/docs/applications/transmission.md @@ -13,5 +13,14 @@ Transmission's web interface can be found at http://ansible_nas_host_or_ip:9091 ## Specific Configuration -If you enable Transmission with OpenVPN, you'll need to copy `group_vars/vpn_credentials.yml.dist` to -`group_vars/vpn_credentials.yml` and fill in your settings. +If you enable Transmission with OpenVPN, you'll need to add the following to your inventory `all.yml`: + +``` +openvpn_username: super_secret_username +openvpn_password: super_secret_password +openvpn_provider: NORDVPN +openvpn_config: uk686.nordvpn.com.udp +``` + +See https://hub.docker.com/r/haugene/transmission-openvpn/ for supported VPN providers. + diff --git a/group_vars/all.yml.dist b/group_vars/all.yml.dist deleted file mode 100644 index 08a5dc04..00000000 --- a/group_vars/all.yml.dist +++ /dev/null @@ -1,574 +0,0 @@ -### -### Ansible NAS Features -### -# Set these options to true or false to toggle specific features - -# External Access -# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your -# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. -# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "availble_externally" -# settings. -traefik_enabled: false - -# Downloading -# If you plan to use Transmission with OpenVPN, you'll need to copy group_vars/vpn_credentials.yml.dist -# to group_vars/vpn_credentials.yml, then update it with your own settings. -transmission_with_openvpn_enabled: false -transmission_enabled: false -nzbget_enabled: false - -# Downloaders -pyload_enabled: false - -# Plex -plex_enabled: false -tautulli_enabled: false - -# Emby -emby_enabled: false - -# minidlna -minidlna_enabled: false - -# Media Sourcing -sonarr_enabled: false -sickchill_enabled: false -couchpotato_enabled: false -radarr_enabled: false -get_iplayer_enabled: false -jackett_enabled: false - -# Music -airsonic_enabled: false -mymediaforalexa_enabled: false - -# News -miniflux_enabled: false - -# System Management -heimdall_enabled: true -portainer_enabled: true -glances_enabled: false -stats_enabled: false -guacamole_enabled: false -netdata_enabled: false -watchtower_enabled: false -cloudflare_ddns_enabled: false - -# Backup & Restore -duplicati_enabled: false -nextcloud_enabled: false -gitea_enabled: false -timemachine_enabled: false - -# IRC -znc_enabled: false -thelounge_enabled: false - -# Password Management -bitwarden_enabled: false - -# Finance -firefly_enabled: false - -# Wallabag -wallabag_enabled: false - -# MQTT -mosquitto_enabled: false - -### -### General -### -# Sets the hostname of your Ansible NAS -ansible_nas_hostname: ansible-nas - -# Sets the timezone for your Ansible NAS -# You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -ansible_nas_timezone: Etc/UTC - -# Update all apt packages when playbook is run -keep_packages_updated: false - -# Will be added to the docker group to give user command line access to docker -ansible_nas_user: david - -# Your email and domain, used for LetsEncrypt SSL certs -ansible_nas_email: me@example.com - -# Applications will have subdomain SSL certificates created, eg ansible-nas., nextcloud. -ansible_nas_domain: example.com - -### -### Docker -### -# Where you want Docker to store images -docker_image_directory: "{{ docker_home }}/data" - -# Where you want Docker to store its container data. -docker_home: /mnt/Volume2/docker - -# Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems -# You might want to change this to ZFS, depending on your underlying filesystem. -docker_storage_driver: overlay2 - -### -### Samba -### -# The location where all shares will be created by default. Can be overridden on a per-share basis. -# This path will be mounted to backup containers, Duplicati -samba_shares_root: /mnt/Volume3 - -# Where stuff downloaded will be stored -downloads_root: "{{ samba_shares_root }}/downloads" - -# Where your movies are stored -movies_root: "{{ samba_shares_root }}/movies" - -# Where your TV episodes are stored -tv_root: "{{ samba_shares_root }}/tv" - -# Where torrent files are stored (picked up by Transmission for downloading) -torrents_root: "{{ samba_shares_root }}/torrents" - -# Where music is stored -music_root: "{{ samba_shares_root }}/music" - -# Where podcasts are stored -podcasts_root: "{{ samba_shares_root }}/podcasts" - -# The description that'll appear next to your Ansible-NAS box when browsing your network -samba_server_string: Ansible NAS - -# Shares you want published over Samba. -samba_shares: - - name: downloads - comment: 'Stuff downloaded' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ downloads_root }}" - - - name: movies - comment: 'Movies' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ movies_root }}" - - - name: tv - comment: 'TV Episodes' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ tv_root }}" - - - name: music - comment: 'Music' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ music_root }}" - - - name: podcasts - comment: 'Podcasts' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ podcasts_root }}" - - - name: dump - comment: 'File dump' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ samba_shares_root }}/dump" - - - name: games - comment: 'Games' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ samba_shares_root }}/games" - - - name: photos - comment: 'Pictures' - guest_ok: yes - public: yes - writable: yes - browsable: yes - path: "{{ samba_shares_root }}/photos" - -### -### NFS -### -# Data you want published over NFS. More info on the nfs config format can be found at -# https://help.ubuntu.com/community/SettingUpNFSHowTo#Shares -# WARNING: Weird things might happen if you share the same data over Samba and NFS and allow writes on both! - -nfs_shares_root: /mnt/Volume3 - -nfs_exports: - - "{{ nfs_shares_root }}/public *(rw,sync,no_root_squash)" - -### -### Cloudflare -### -# Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to -# set the options below. - -# Your domain name -cloudflare_zone: "{{ ansible_nas_domain }}" - -# The hostname you want the container to update. You shouldn't need to change this. -cloudflare_host: "*.{{ cloudflare_zone }}" - -# Email address used to register for Cloudflare -cloudflare_email: "{{ ansible_nas_email }}" - -# Cloudflare 'Global API Key', can be found on the 'My Profile' page -cloudflare_api_key: abcdeabcdeabcdeabcde1234512345 - -################################################################## -###### You shouldn't need to edit anything below this point ###### -################################################################## - -### -### General -### -# Extra packages to install -ansible_nas_extra_packages: - - smartmontools - - htop - - zfsutils-linux - - bonnie++ - - unzip - - lm-sensors - -ansible_python_interpreter: /usr/bin/python3 - -### -### Samba -### -# Seems to break browsing of the \\server-name shares root when enabled -samba_mitigate_cve_2017_7494: false - -# The account used when Samba shares are accessed. Shouldn't need to change this unless you want to -# mess with Samba user permissions. -samba_guest_account: ansible-nas - -# How Samba behaves when an unknown user connects, see Samba docs for more info -samba_map_to_guest: Bad Password - -# The Netbios hostname used by Samba on your network -samba_netbios_name: "{{ ansible_nas_hostname }}" - -### -### Traefik -### -traefik_docker_image: traefik:latest -traefik_data_directory: "{{ docker_home }}/traefik" -traefik_debug: "false" - -### -### Heimdall -### -heimdall_available_externally: "false" -heimdall_docker_image: linuxserver/heimdall:latest -heimdall_data_directory: "{{ docker_home }}/heimdall" - -### -### Transmission -### -transmission_available_externally: "false" -transmission_with_openvpn_available_externally: "false" -transmission_config_directory: "{{ docker_home }}/transmission/config" -transmission_download_directory: "{{ downloads_root }}" -transmission_watch_directory: "{{ torrents_root }}" -transmission_user_id: 0 -transmission_group_id: 0 -transmission_local_network: "192.168.1.0/24" - -### -### pyLoad -### -pyload_available_externally: "false" -pyload_config_directory: "{{ docker_home }}/pyload" -pyload_download_directory: "{{ downloads_root }}" -pyload_user_id: 0 -pyload_group_id: 0 - -### -### Plex -### -# If you're paranoid, set permissions to "ro" so Plex won't ever be able to -# delete your files -plex_available_externally: "false" -plex_config_directory: "{{ docker_home }}/plex/config" -plex_movies_directory: "{{ movies_root }}" -plex_movies_permissions: "rw" -plex_tv_directory: "{{ tv_root }}" -plex_tv_permissions: "rw" -plex_user_id: 0 -plex_group_id: 0 - -### -### Emby -### -# If you're paranoid, set permissions to "ro" so Emby won't ever be able to -# delete your files -emby_available_externally: "false" -emby_config_directory: "{{ docker_home }}/emby/config" -emby_movies_directory: "{{ movies_root }}" -emby_movies_permissions: "rw" -emby_tv_directory: "{{ tv_root }}" -emby_tv_permissions: "rw" -emby_user_id: 0 -emby_group_id: 0 - -### -### Tautulli -### -tautulli_available_externally: "false" -tautulli_config_directory: "{{ docker_home }}/tautulli/config" -tautulli_user_id: 0 -tautulli_group_id: 0 - - -### -### Duplicati -### -duplicati_available_externally: "false" -duplicati_data_directory: "{{ docker_home }}/duplicati/config" - - -### -### Sonarr -### -sonarr_available_externally: "false" -sonarr_data_directory: "{{ docker_home }}/sonarr/config" -sonarr_tv_directory: "{{ tv_root }}" -sonarr_download_directory: "{{ downloads_root }}" -sonarr_user_id: 0 -sonarr_group_id: 0 - - -### -### Radarr -### -radarr_available_externally: "false" -radarr_movies_directory: "{{ movies_root }}" -radarr_download_directory: "{{ downloads_root }}" -radarr_data_directory: "{{ docker_home }}/radarr" -radarr_user_id: 0 -radarr_group_id: 0 - - -### -### Couchpotato -### -couchpotato_available_externally: "false" -couchpotato_config_directory: "{{ docker_home }}/couchpotato/config" -couchpotato_movies_directory: "{{ movies_root }}" -couchpotato_downloads_directory: "{{ downloads_root }}" -couchpotato_torrents_directory: "{{ torrents_root }}" -couchpotato_user_id: 0 -couchpotato_group_id: 0 - - -### -### Sickchill -### -sickchill_available_externally: "false" -sickchill_config_directory: "{{ docker_home }}/sickchill/config" -sickchill_tv_directory: "{{ tv_root }}" -sickchill_downloads_directory: "{{ downloads_root }}/completed" -sickchill_user_id: 0 -sickchill_group_id: 0 - -### -### Netdata -### -netdata_available_externally: "false" - -### -### OpenVPN -### -openvpn_config_directory: "{{ docker_home }}/openvpn" - - -### -### Portainer -### -portainer_available_externally: "false" -portainer_data_directory: "{{ docker_home }}/portainer/config" - - -### -### ZNC -### -znc_available_externally: "false" -znc_data_directory: "{{ docker_home }}/znc" -znc_user_id: 0 -znc_group_id: 0 - - -### -### Stats -### -grafana_available_externally: "false" -telegraf_data_directory: "{{ docker_home }}/telegraf" -influxdb_data_directory: "{{ docker_home }}/influxdb" -grafana_data_directory: "{{ docker_home }}/grafana" -stat_collection_interval: 15s - -### -### Gitea -### -gitea_available_externally: "false" -gitea_data_directory: "{{ docker_home }}/gitea" - -### -### Glances -### -glances_available_externally: "false" - -### -### Nextcloud -### -nextcloud_available_externally: "false" -nextcloud_data_directory: "{{ docker_home }}/nextcloud" - -### -### nginx -### -nginx_data_directory: "{{ docker_home }}/nginx" - -### -### Guacamole -### -guacamole_available_externally: "false" -guacamole_docker_image: guacamole/guacamole:0.9.14 -guacamole_guacd_docker_image: guacamole/guacd:0.9.14 -guacamole_data_directory: "{{ docker_home }}/guacamole" - -### -### Miniflux -### -miniflux_available_externally: "false" -miniflux_data_directory: "{{ docker_home }}/miniflux" -miniflux_admin_username: admin -miniflux_admin_password: supersecure - -### -### Airsonic -### -airsonic_available_externally: "false" -airsonic_data_directory: "{{ docker_home }}/airsonic" - -### -### Watchtower -### -# Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily. -watchtower_cron_schedule: 0 0 5 * * * - -# Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive -# notifications or not, some examples are provided below. See https://github.com/v2tec/watchtower for more info. - -# No notifications -watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug" - -# Email notifications -# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'" - -# Slack notifications -# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'" - -### -### Time Machine -### -timemachine_data_directory: "{{ docker_home }}/timemachine" -timemachine_volume_size_limit: 0 -timemachine_password: timemachine -timemachine_share_name: TimeMachine -timemachine_log_level: error - -### -### minidlna -### -minidlna_media_directory1: "{{ movies_root }}" -minidlna_media_directory2: "{{ tv_root }}" -minidlna_friendly_name: "{{ ansible_nas_hostname }}" - -### -### get_iplayer -### -get_iplayer_config_directory: "{{ docker_home }}/get_iplayer" -get_iplayer_download_directory: "{{ tv_root }}/iplayer_downloads" - -### -### mymediaforalexa -### -mymediaforalexa_media_directory: "{{ music_root }}" -mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa" - -### -### Jackett -### -jackett_available_externally: "false" -jackett_data_directory: "{{ docker_home }}/jackett" - -### -### The Lounge -### -thelounge_available_externally: "false" -thelounge_data_directory: "{{ docker_home }}/thelounge" - -### -### Bitwarden -### -bitwarden_available_externally: "false" -bitwarden_data_directory: "{{ docker_home }}/bitwarden" - -# Keep this token secret, this is password to access admin area of your server! -# This token can be anything, but it's recommended to use a long, randomly generated string of characters, -# for example running openssl rand -base64 48 -bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321 - -# To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook. -# Once you have created your user, set to "false" and run one more time. -# Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden -bitwarden_allow_signups: false - -### -### Firefly -### -firefly_available_externally: "false" -firefly_data_directory: "{{ docker_home }}/firefly" - -### -### Nzbget -### -nzbget_available_externally: "false" -nzbget_data_directory: "{{ docker_home }}/nzbget" -nzbget_download_directory: "{{ downloads_root }}" -nzbget_user_id: 0 -nzbget_group_id: 0 - -### -### Wallabag -### -wallabag_available_externally: "false" -wallabag_data_directory: "{{ docker_home }}/wallabag" - -### Mosquitto -### -mosquitto_available_externally: "false" -mosquitto_data_directory: "{{ docker_home }}/mosquitto" diff --git a/group_vars/vpn_credentials.yml.dist b/group_vars/vpn_credentials.yml.dist deleted file mode 100644 index d1462fc0..00000000 --- a/group_vars/vpn_credentials.yml.dist +++ /dev/null @@ -1,9 +0,0 @@ -### -### VPN Credentials -### -# If you're using Transmission with a VPN, you'll need to set these credentials. -# See https://hub.docker.com/r/haugene/transmission-openvpn/ for supported VPN providers. -openvpn_username: super_secret_username -openvpn_password: super_secret_password -openvpn_provider: NORDVPN -openvpn_config: uk686.nordvpn.com.udp \ No newline at end of file diff --git a/inventories/sample/group_vars/all.yml b/inventories/sample/group_vars/all.yml new file mode 100644 index 00000000..b2334ae7 --- /dev/null +++ b/inventories/sample/group_vars/all.yml @@ -0,0 +1,18 @@ +## ._____. .__ +## _____ ____ _____|__\_ |__ | | ____ ____ _____ ______ +## \__ \ / \ / ___/ || __ \| | _/ __ \ ______ / \\__ \ / ___/ +## / __ \| | \\___ \| || \_\ \ |_\ ___/ /_____/ | | \/ __ \_\___ \ +## (____ /___| /____ >__||___ /____/\___ > |___| (____ /____ > +## \/ \/ \/ \/ \/ \/ \/ \/ +## a n s i b l e - n a s https://github.com/davestephens/ansible-nas + +# Add your all.yml config overrides to this file. See group_vars/all.yml for all possible settings. + +# Example options +ansible_nas_hostname: ansible-nas +ansible_nas_timezone: Etc/UTC + +## Enable some applications +heimdall_enabled: true +portainer_enabled: true + diff --git a/inventory.dist b/inventory.dist deleted file mode 100644 index ae6484c9..00000000 --- a/inventory.dist +++ /dev/null @@ -1,6 +0,0 @@ -# Example for running it directly on NAS server -# localhost ansible_connection=local - -# Example using from remote workstation -# [all] -# 192.168.1.30 \ No newline at end of file diff --git a/tasks/transmission_with_openvpn.yml b/tasks/transmission_with_openvpn.yml index 9bb8ad1f..3b41fa45 100644 --- a/tasks/transmission_with_openvpn.yml +++ b/tasks/transmission_with_openvpn.yml @@ -1,7 +1,4 @@ --- -- name: Include VPN credentials - include_vars: group_vars/vpn_credentials.yml - - name: Create Transmission Directories file: path: "{{ item }}" From 2af7b2a599e0d807db13d216e56500e1184184e9 Mon Sep 17 00:00:00 2001 From: David Stephens Date: Thu, 4 Jul 2019 00:28:57 +0100 Subject: [PATCH 2/9] Update gitignore --- .gitignore | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitignore b/.gitignore index 48c7b2c0..494d8a60 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,5 @@ -group_vars/all.yml -group_vars/vpn_credentials.yml tests/test.yml site -inventory .vagrant roles *.retry From 7c27cc871631c21965608657e357ee8e72649c70 Mon Sep 17 00:00:00 2001 From: David Stephens Date: Thu, 4 Jul 2019 00:29:18 +0100 Subject: [PATCH 3/9] Include previously ignored files for config rejig --- group_vars/all.yml | 583 +++++++++++++++++++++++++++++++++++ inventories/sample/inventory | 15 + 2 files changed, 598 insertions(+) create mode 100644 group_vars/all.yml create mode 100644 inventories/sample/inventory diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 00000000..65b0897a --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,583 @@ +## ._____. .__ +## _____ ____ _____|__\_ |__ | | ____ ____ _____ ______ +## \__ \ / \ / ___/ || __ \| | _/ __ \ ______ / \\__ \ / ___/ +## / __ \| | \\___ \| || \_\ \ |_\ ___/ /_____/ | | \/ __ \_\___ \ +## (____ /___| /____ >__||___ /____/\___ > |___| (____ /____ > +## \/ \/ \/ \/ \/ \/ \/ \/ +## a n s i b l e - n a s https://github.com/davestephens/ansible-nas + +### +### DO NOT CHANGE THE VARIABLES IN THIS FILE! +### Add your customisations to inventories//group_vars/all.yml +### + + +# Set these options to true or false to toggle specific features + +# External Access +# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your +# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. +# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "availble_externally" +# settings. +traefik_enabled: false + +# Downloading +transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials +transmission_enabled: false +nzbget_enabled: false + +# Downloaders +pyload_enabled: false + +# Plex +plex_enabled: false +tautulli_enabled: false + +# Emby +emby_enabled: false + +# minidlna +minidlna_enabled: false + +# Media Sourcing +sonarr_enabled: false +sickchill_enabled: false +couchpotato_enabled: false +radarr_enabled: false +get_iplayer_enabled: false +jackett_enabled: false + +# Music +airsonic_enabled: false +mymediaforalexa_enabled: false + +# News +miniflux_enabled: false + +# System Management +heimdall_enabled: false +portainer_enabled: false +glances_enabled: false +stats_enabled: false +guacamole_enabled: false +netdata_enabled: false +watchtower_enabled: false +cloudflare_ddns_enabled: false + +# Backup & Restore +duplicati_enabled: false +nextcloud_enabled: false +gitea_enabled: false +timemachine_enabled: false + +# IRC +znc_enabled: false +thelounge_enabled: false + +# Password Management +bitwarden_enabled: false + +# Finance +firefly_enabled: false + +# Wallabag +wallabag_enabled: false + +# MQTT +mosquitto_enabled: false + +### +### General +### +# Sets the hostname of your Ansible NAS +ansible_nas_hostname: ansible-nas + +# Sets the timezone for your Ansible NAS +# You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +ansible_nas_timezone: Etc/UTC + +# Update all apt packages when playbook is run +keep_packages_updated: false + +# Will be added to the docker group to give user command line access to docker +ansible_nas_user: david + +# Your email and domain, used for LetsEncrypt SSL certs +ansible_nas_email: me@example.com + +# Applications will have subdomain SSL certificates created, eg ansible-nas., nextcloud. +ansible_nas_domain: example.com + +### +### Docker +### +# Where you want Docker to store images +docker_image_directory: "{{ docker_home }}/data" + +# Where you want Docker to store its container data. +docker_home: /mnt/Volume2/docker + +# Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems +# You might want to change this to ZFS, depending on your underlying filesystem. +docker_storage_driver: overlay2 + +### +### Samba +### +# The location where all shares will be created by default. Can be overridden on a per-share basis. +# This path will be mounted to backup containers, Duplicati +samba_shares_root: /mnt/Volume3 + +# Where stuff downloaded will be stored +downloads_root: "{{ samba_shares_root }}/downloads" + +# Where your movies are stored +movies_root: "{{ samba_shares_root }}/movies" + +# Where your TV episodes are stored +tv_root: "{{ samba_shares_root }}/tv" + +# Where torrent files are stored (picked up by Transmission for downloading) +torrents_root: "{{ samba_shares_root }}/torrents" + +# Where music is stored +music_root: "{{ samba_shares_root }}/music" + +# Where podcasts are stored +podcasts_root: "{{ samba_shares_root }}/podcasts" + +# The description that'll appear next to your Ansible-NAS box when browsing your network +samba_server_string: Ansible NAS + +# Shares you want published over Samba. +samba_shares: + - name: downloads + comment: 'Stuff downloaded' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ downloads_root }}" + + - name: movies + comment: 'Movies' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ movies_root }}" + + - name: tv + comment: 'TV Episodes' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ tv_root }}" + + - name: music + comment: 'Music' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ music_root }}" + + - name: podcasts + comment: 'Podcasts' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ podcasts_root }}" + + - name: dump + comment: 'File dump' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ samba_shares_root }}/dump" + + - name: games + comment: 'Games' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ samba_shares_root }}/games" + + - name: photos + comment: 'Pictures' + guest_ok: yes + public: yes + writable: yes + browsable: yes + path: "{{ samba_shares_root }}/photos" + +### +### NFS +### +# Data you want published over NFS. More info on the nfs config format can be found at +# https://help.ubuntu.com/community/SettingUpNFSHowTo#Shares +# WARNING: Weird things might happen if you share the same data over Samba and NFS and allow writes on both! + +nfs_shares_root: /mnt/Volume3 + +nfs_exports: + - "{{ nfs_shares_root }}/public *(rw,sync,no_root_squash)" + +### +### Cloudflare +### +# Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to +# set the options below. + +# Your domain name +cloudflare_zone: "{{ ansible_nas_domain }}" + +# The hostname you want the container to update. You shouldn't need to change this. +cloudflare_host: "*.{{ cloudflare_zone }}" + +# Email address used to register for Cloudflare +cloudflare_email: "{{ ansible_nas_email }}" + +# Cloudflare 'Global API Key', can be found on the 'My Profile' page +cloudflare_api_key: abcdeabcdeabcdeabcde1234512345 + +################################################################## +###### You shouldn't need to edit anything below this point ###### +################################################################## + +### +### General +### +# Extra packages to install +ansible_nas_extra_packages: + - smartmontools + - htop + - zfsutils-linux + - bonnie++ + - unzip + - lm-sensors + +ansible_python_interpreter: /usr/bin/python3 + +### +### Samba +### +# Seems to break browsing of the \\server-name shares root when enabled +samba_mitigate_cve_2017_7494: false + +# The account used when Samba shares are accessed. Shouldn't need to change this unless you want to +# mess with Samba user permissions. +samba_guest_account: ansible-nas + +# How Samba behaves when an unknown user connects, see Samba docs for more info +samba_map_to_guest: Bad Password + +# The Netbios hostname used by Samba on your network +samba_netbios_name: "{{ ansible_nas_hostname }}" + +### +### Traefik +### +traefik_docker_image: traefik:latest +traefik_data_directory: "{{ docker_home }}/traefik" +traefik_debug: "false" + +### +### Heimdall +### +heimdall_available_externally: "false" +heimdall_docker_image: linuxserver/heimdall:latest +heimdall_data_directory: "{{ docker_home }}/heimdall" + +### +### Transmission +### +transmission_available_externally: "false" +transmission_with_openvpn_available_externally: "false" +transmission_config_directory: "{{ docker_home }}/transmission/config" +transmission_download_directory: "{{ downloads_root }}" +transmission_watch_directory: "{{ torrents_root }}" +transmission_user_id: 0 +transmission_group_id: 0 +transmission_local_network: "192.168.1.0/24" + +### +### pyLoad +### +pyload_available_externally: "false" +pyload_config_directory: "{{ docker_home }}/pyload" +pyload_download_directory: "{{ downloads_root }}" +pyload_user_id: 0 +pyload_group_id: 0 + +### +### Plex +### +# If you're paranoid, set permissions to "ro" so Plex won't ever be able to +# delete your files +plex_available_externally: "false" +plex_config_directory: "{{ docker_home }}/plex/config" +plex_movies_directory: "{{ movies_root }}" +plex_movies_permissions: "rw" +plex_tv_directory: "{{ tv_root }}" +plex_tv_permissions: "rw" +plex_user_id: 0 +plex_group_id: 0 + +### +### Emby +### +# If you're paranoid, set permissions to "ro" so Emby won't ever be able to +# delete your files +emby_available_externally: "false" +emby_config_directory: "{{ docker_home }}/emby/config" +emby_movies_directory: "{{ movies_root }}" +emby_movies_permissions: "rw" +emby_tv_directory: "{{ tv_root }}" +emby_tv_permissions: "rw" +emby_user_id: 0 +emby_group_id: 0 + +### +### Tautulli +### +tautulli_available_externally: "false" +tautulli_config_directory: "{{ docker_home }}/tautulli/config" +tautulli_user_id: 0 +tautulli_group_id: 0 + + +### +### Duplicati +### +duplicati_available_externally: "false" +duplicati_data_directory: "{{ docker_home }}/duplicati/config" + + +### +### Sonarr +### +sonarr_available_externally: "false" +sonarr_data_directory: "{{ docker_home }}/sonarr/config" +sonarr_tv_directory: "{{ tv_root }}" +sonarr_download_directory: "{{ downloads_root }}" +sonarr_user_id: 0 +sonarr_group_id: 0 + + +### +### Radarr +### +radarr_available_externally: "false" +radarr_movies_directory: "{{ movies_root }}" +radarr_download_directory: "{{ downloads_root }}" +radarr_data_directory: "{{ docker_home }}/radarr" +radarr_user_id: 0 +radarr_group_id: 0 + + +### +### Couchpotato +### +couchpotato_available_externally: "false" +couchpotato_config_directory: "{{ docker_home }}/couchpotato/config" +couchpotato_movies_directory: "{{ movies_root }}" +couchpotato_downloads_directory: "{{ downloads_root }}" +couchpotato_torrents_directory: "{{ torrents_root }}" +couchpotato_user_id: 0 +couchpotato_group_id: 0 + + +### +### Sickchill +### +sickchill_available_externally: "false" +sickchill_config_directory: "{{ docker_home }}/sickchill/config" +sickchill_tv_directory: "{{ tv_root }}" +sickchill_downloads_directory: "{{ downloads_root }}/completed" +sickchill_user_id: 0 +sickchill_group_id: 0 + +### +### Netdata +### +netdata_available_externally: "false" + +### +### OpenVPN +### +openvpn_config_directory: "{{ docker_home }}/openvpn" + + +### +### Portainer +### +portainer_available_externally: "false" +portainer_data_directory: "{{ docker_home }}/portainer/config" + + +### +### ZNC +### +znc_available_externally: "false" +znc_data_directory: "{{ docker_home }}/znc" +znc_user_id: 0 +znc_group_id: 0 + + +### +### Stats +### +grafana_available_externally: "false" +telegraf_data_directory: "{{ docker_home }}/telegraf" +influxdb_data_directory: "{{ docker_home }}/influxdb" +grafana_data_directory: "{{ docker_home }}/grafana" +stat_collection_interval: 15s + +### +### Gitea +### +gitea_available_externally: "false" +gitea_data_directory: "{{ docker_home }}/gitea" + +### +### Glances +### +glances_available_externally: "false" + +### +### Nextcloud +### +nextcloud_available_externally: "false" +nextcloud_data_directory: "{{ docker_home }}/nextcloud" + +### +### nginx +### +nginx_data_directory: "{{ docker_home }}/nginx" + +### +### Guacamole +### +guacamole_available_externally: "false" +guacamole_docker_image: guacamole/guacamole:0.9.14 +guacamole_guacd_docker_image: guacamole/guacd:0.9.14 +guacamole_data_directory: "{{ docker_home }}/guacamole" + +### +### Miniflux +### +miniflux_available_externally: "false" +miniflux_data_directory: "{{ docker_home }}/miniflux" +miniflux_admin_username: admin +miniflux_admin_password: supersecure + +### +### Airsonic +### +airsonic_available_externally: "false" +airsonic_data_directory: "{{ docker_home }}/airsonic" + +### +### Watchtower +### +# Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily. +watchtower_cron_schedule: 0 0 5 * * * + +# Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive +# notifications or not, some examples are provided below. See https://github.com/v2tec/watchtower for more info. + +# No notifications +watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug" + +# Email notifications +# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'" + +# Slack notifications +# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'" + +### +### Time Machine +### +timemachine_data_directory: "{{ docker_home }}/timemachine" +timemachine_volume_size_limit: 0 +timemachine_password: timemachine +timemachine_share_name: TimeMachine +timemachine_log_level: error + +### +### minidlna +### +minidlna_media_directory1: "{{ movies_root }}" +minidlna_media_directory2: "{{ tv_root }}" +minidlna_friendly_name: "{{ ansible_nas_hostname }}" + +### +### get_iplayer +### +get_iplayer_config_directory: "{{ docker_home }}/get_iplayer" +get_iplayer_download_directory: "{{ tv_root }}/iplayer_downloads" + +### +### mymediaforalexa +### +mymediaforalexa_media_directory: "{{ music_root }}" +mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa" + +### +### Jackett +### +jackett_available_externally: "false" +jackett_data_directory: "{{ docker_home }}/jackett" + +### +### The Lounge +### +thelounge_available_externally: "false" +thelounge_data_directory: "{{ docker_home }}/thelounge" + +### +### Bitwarden +### +bitwarden_available_externally: "false" +bitwarden_data_directory: "{{ docker_home }}/bitwarden" + +# Keep this token secret, this is password to access admin area of your server! +# This token can be anything, but it's recommended to use a long, randomly generated string of characters, +# for example running openssl rand -base64 48 +bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321 + +# To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook. +# Once you have created your user, set to "false" and run one more time. +# Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden +bitwarden_allow_signups: false + +### +### Firefly +### +firefly_available_externally: "false" +firefly_data_directory: "{{ docker_home }}/firefly" + +### +### Nzbget +### +nzbget_available_externally: "false" +nzbget_data_directory: "{{ docker_home }}/nzbget" +nzbget_download_directory: "{{ downloads_root }}" +nzbget_user_id: 0 +nzbget_group_id: 0 + +### +### Wallabag +### +wallabag_available_externally: "false" +wallabag_data_directory: "{{ docker_home }}/wallabag" + +### Mosquitto +### +mosquitto_available_externally: "false" +mosquitto_data_directory: "{{ docker_home }}/mosquitto" diff --git a/inventories/sample/inventory b/inventories/sample/inventory new file mode 100644 index 00000000..11b9a776 --- /dev/null +++ b/inventories/sample/inventory @@ -0,0 +1,15 @@ +## ._____. .__ +## _____ ____ _____|__\_ |__ | | ____ ____ _____ ______ +## \__ \ / \ / ___/ || __ \| | _/ __ \ ______ / \\__ \ / ___/ +## / __ \| | \\___ \| || \_\ \ |_\ ___/ /_____/ | | \/ __ \_\___ \ +## (____ /___| /____ >__||___ /____/\___ > |___| (____ /____ > +## \/ \/ \/ \/ \/ \/ \/ \/ +## a n s i b l e - n a s https://github.com/davestephens/ansible-nas + +[all] + +## Example when running directly on your Ansible-NAS server +# localhost ansible_connection=local + +## Example when running from a remote workstation +# 192.168.1.30 \ No newline at end of file From b96a0aaf249a0e55b8fdbc3970f2e649eb135018 Mon Sep 17 00:00:00 2001 From: David Stephens Date: Sun, 5 Jan 2020 09:00:27 +0000 Subject: [PATCH 4/9] Rejig WIP --- group_vars/all.yml | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index b91d15a0..ff334f22 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -25,31 +25,24 @@ traefik_enabled: false transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials transmission_enabled: false nzbget_enabled: false - -# Downloaders pyload_enabled: false -# Plex + +# Media Serving plex_enabled: false tautulli_enabled: false -# Emby -emby_enabled: false - -# Jellyfin -jellyfin_enabled: false - -# minidlna -minidlna_enabled: false - # Media Sourcing -sonarr_enabled: false +sonarr_enabled: false # tv sickchill_enabled: false couchpotato_enabled: false radarr_enabled: false get_iplayer_enabled: false jackett_enabled: false -bazarr_enabled: false +bazarr_enabled: false # subtitles +minidlna_enabled: false +jellyfin_enabled: false +emby_enabled: false # Music airsonic_enabled: false @@ -72,9 +65,11 @@ cloudcmd_enabled: false # Backup & Restore duplicati_enabled: false nextcloud_enabled: false -gitea_enabled: false timemachine_enabled: false +# Software build and CI +gitea_enabled: false + # IRC znc_enabled: false thelounge_enabled: false @@ -94,10 +89,10 @@ mosquitto_enabled: false homebridge_enabled: false openhab_enabled: false -# Calibre +# Books calibre_enabled: false -# Joomla +# CMS joomla_enabled: false ### @@ -297,6 +292,7 @@ ansible_python_interpreter: /usr/bin/python3 ### # Seems to break browsing of the \\server-name shares root when enabled samba_mitigate_cve_2017_7494: false + # Enable apple exentensions for compatibility with apple clients samba_apple_extensions: yes From 37fdec3de84a3c3d78bbac8f68d0ba65611c5a00 Mon Sep 17 00:00:00 2001 From: David Stephens Date: Mon, 6 Jan 2020 00:11:53 +0000 Subject: [PATCH 5/9] Config rejig WIP --- README.md | 15 +++++++-------- docs/upgrading.md | 29 +++++++++++++++++++++++++++-- group_vars/all.yml | 33 +++++++++++++++++++-------------- 3 files changed, 53 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 87ab3fb0..2c4357d8 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ Ansible config and a bunch of Docker containers. * Any number of Samba shares or NFS exports for you to store your stuff * A BitTorrent client * A Usenet downloader - * Various media management tools - Sonarr, Sickchill, CouchPotato, Radarr, Bazarr, Lidarr * Media streaming via Plex or Emby * Music streaming with Airsonic @@ -31,7 +30,7 @@ Ansible config and a bunch of Docker containers. * A dual panel local file manager * Self-service media request web application -### Docker Containers Used +### Available Applications * [Airsonic](https://airsonic.github.io/) - catalog and stream music * [Bazarr](https://github.com/morpheus65535/bazarr) - companion to Radarr and Sonarr for downloading subtitles @@ -121,16 +120,17 @@ download code from the internet and trust that it's going to work as you expect. `cp -rfp inventories/sample inventories/my-ansible-nas` -5. Review `group_vars/all.yml`. Change settings by overriding them in inventories/my-ansible-nas/group_vars/all.yml`. +5. Review `group_vars/all.yml`. Change settings by overriding them in `inventories/my-ansible-nas/group_vars/all.yml`. -6. If you plan to use Transmission with OpenVPN, update `inventories/my-ansible-nas/group_vars/vpn_credentials.yml`. +6. Update `inventories/my-ansible-nas/inventory`. -7. Update `inventories/my-ansible-nas/inventory`. +7. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need `sudo` to install Ansible roles). -8. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need `sudo` to install Ansible roles). +8. Run the playbook - something like `ansible-playbook -i inventory nas.yml -b -K` should do you nicely. -9. Run the playbook - something like `ansible-playbook -i inventory nas.yml -b -K` should do you nicely. +## Upgrading +**The way Ansible-NAS configuration is structured has changed!** See [Upgrading](https://davestephens.github.io/ansible-nas/upgrading/) for more information. See the **Getting Help** section if you get stuck. ## Documentation @@ -167,7 +167,6 @@ Getting help is easy! You can: Contributions are always welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) first. - ## Support If you've enjoyed Ansible-NAS as much as I do working on it, please consider [buying me a coffee](https://ko-fi.com/davestephens) :coffee: diff --git a/docs/upgrading.md b/docs/upgrading.md index d769a826..b603458b 100644 --- a/docs/upgrading.md +++ b/docs/upgrading.md @@ -1,3 +1,28 @@ -# Upgrading +# Upgrading Ansible-NAS + +## Upgrading from prior to January 2020 (`all.yml.dist` config style) + +If you're upgrading from [this](https://github.com/davestephens/ansible-nas/commit/52c7fef3aba08e30331931747c81fb7b3bfd359a) commit or earlier, these instructions are relevant to you. + +Rather than having to merge every new config line into your own `all.yml` file, now you only need to maintain the differences that are relevant to you in your own `all.yml`, stored within an inventory directory. Your inventory `all.yml` takes prescendence over `group_vars/all.yml`, which is how this setup works. `group_vars/all.yml` is now tracked as part of the repo. + +This will make updates from `master` much simpler, as there will be no requirement to merge changes from `all.yml.dist` into your own `all.yml` any more. You simply pull from master, then add the bits you're interested in into your inventory `all.yml`. + +Instructions to upgrade from prior to January 2020 ([this]([this](https://github.com/davestephens/ansible-nas/commit/52c7fef3aba08e30331931747c81fb7b3bfd359a)) commit or earlier): + +- Move your `group_vars/all.yml` somewhere safe. + +- Pull from master. There shouldn't be any merge conflicts unless you've been hacking on the project. + +- Create your own inventory and config files by copying `inventories/sample` to your own directory: + + `cp -rfp inventories/sample inventories/my-ansible-nas` + + Note that `my-ansible-nas` can be anything you want, but adjust the following instructions accordingly. + +- Then: + + - **Quick and Dirty:** Copy the contents of your `all.yml` into `inventories/my-ansible-nas/all.yml`. + + - **Nice and Tidy:** Copy only the differences between your own `all.yml` and the distribution `group_vars/all.yml` into `inventories/my-ansible-nas/all.yml`. This is likely to be things like `ansible_nas_hostname`, `samba_shares`, `ansible_nas_timezone`, enabled applications, any application tweaks you've made in config etc. -Pull the latest Ansible-NAS repo, merge any new config sections from `group_vars/all.yml.dist` into your `group_vars/all.yml`, then run the playbook. \ No newline at end of file diff --git a/group_vars/all.yml b/group_vars/all.yml index 8fb4048f..ddd382d5 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -7,19 +7,13 @@ ## a n s i b l e - n a s https://github.com/davestephens/ansible-nas ### -### DO NOT CHANGE THE VARIABLES IN THIS FILE! +### DO NOT EDIT THIS FILE! ### Add your customisations to inventories//group_vars/all.yml ### - -# Set these options to true or false to toggle specific features - -# External Access -# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your -# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. -# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally" -# settings. -traefik_enabled: false +### +### Ansible-NAS Applications +### # Downloading transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials @@ -100,6 +94,13 @@ ubooquity_enabled: false # Joomla joomla_enabled: false +# External Access +# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your +# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. +# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally" +# settings. +traefik_enabled: false + ### ### General ### @@ -284,9 +285,6 @@ cloudflare_email: "{{ ansible_nas_email }}" # Cloudflare 'Global API Key', can be found on the 'My Profile' page cloudflare_api_key: abcdeabcdeabcdeabcde1234512345 -################################################################## -###### You shouldn't need to edit anything below this point ###### -################################################################## ### ### General @@ -348,6 +346,14 @@ transmission_user_id: "0" transmission_group_id: "0" transmission_local_network: "192.168.1.0/24" +# Transmission VPN Credentials +# If you're using Transmission with a VPN, you'll need to set these credentials. +# See https://hub.docker.com/r/dceschmidt/openvpn-client/ for supported VPN providers. +openvpn_username: leisure-suit-larry +openvpn_password: secretpassword +openvpn_provider: AWESOMEVPNPROVIDER +openvpn_config: United-Kingdom + ### ### Joomla ### @@ -364,7 +370,6 @@ pyload_download_directory: "{{ downloads_root }}" pyload_user_id: "0" pyload_group_id: "0" - ### ### Plex ### From 67e80f346e6b310636cc7443428f14092b271a0d Mon Sep 17 00:00:00 2001 From: David Stephens Date: Mon, 6 Jan 2020 11:39:54 +0000 Subject: [PATCH 6/9] Fix broken travis build --- .travis.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 662b5471..83369ee9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,7 +16,6 @@ install: - pip install mkdocs-material script: - - cp ${PWD}/group_vars/all.yml.dist ${PWD}/group_vars/all.yml - ansible-lint ${PWD}/nas.yml - ${PWD}/tests/test.sh - mkdocs build @@ -29,11 +28,11 @@ deploy: keep-history: true on: branch: master - + notifications: webhooks: urls: - https://webhooks.gitter.im/e/bd52710d464f2b82036b on_success: change on_failure: always - on_start: never + on_start: never From 59a6a5e57c772cf0739fb61b725679fdd8a2a917 Mon Sep 17 00:00:00 2001 From: David Stephens Date: Tue, 7 Jan 2020 14:57:56 +0000 Subject: [PATCH 7/9] Fix README.md instructions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2c4357d8..af42b536 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,7 @@ download code from the internet and trust that it's going to work as you expect. 7. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need `sudo` to install Ansible roles). -8. Run the playbook - something like `ansible-playbook -i inventory nas.yml -b -K` should do you nicely. +8. Run the playbook - something like `ansible-playbook -i inventories/my-ansible-nas/inventory nas.yml -b -K` should do you nicely. ## Upgrading From be254a4424106491b2d1378b4fd3b15530697fce Mon Sep 17 00:00:00 2001 From: David Stephens Date: Tue, 7 Jan 2020 22:23:21 +0000 Subject: [PATCH 8/9] Installation docs in one place only --- README.md | 32 ++------------------------------ docs/installation.md | 34 ++++++++++++++++++++-------------- 2 files changed, 22 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index af42b536..f57c4ee9 100644 --- a/README.md +++ b/README.md @@ -96,37 +96,9 @@ Ansible NAS doesn't set up your disk partitions, primarily because getting it wr That aside, configuring partitions is usually a one-time (or very infrequent) event, so there's not much to be gained by automating it. Check out the [docs](https://davestephens.github.io/ansible-nas) for recommended setups. -## Quick Start +## Installation -:skull: Before running anything, check out the playbook and understand what it -does. Run it against a VM and make sure you're happy. ***Do not*** blindly -download code from the internet and trust that it's going to work as you expect. -:skull: - - -1. Enable the Ubuntu Universe repository: - - `sudo add-apt-repository universe` - -2. Install Ansible: - - `sudo apt install ansible` - -3. Clone Ansible-NAS: - - `git clone https://github.com/davestephens/ansible-nas.git && cd ansible-nas` - -4. Create your own inventory and config files by copying `inventories/sample` to your own directory: - - `cp -rfp inventories/sample inventories/my-ansible-nas` - -5. Review `group_vars/all.yml`. Change settings by overriding them in `inventories/my-ansible-nas/group_vars/all.yml`. - -6. Update `inventories/my-ansible-nas/inventory`. - -7. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need `sudo` to install Ansible roles). - -8. Run the playbook - something like `ansible-playbook -i inventories/my-ansible-nas/inventory nas.yml -b -K` should do you nicely. +See [Installation](https://davestephens.github.io/ansible-nas/installation/). ## Upgrading diff --git a/docs/installation.md b/docs/installation.md index 362b52ca..bf31f689 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -1,24 +1,30 @@ +:skull: :skull: :skull: Before running anything, check out the playbook and understand what it +does. Run it against a VM and make sure you're happy. ***Do not*** blindly +download code from the internet and trust that it's going to work as you expect. +:skull: :skull: :skull: + You can run Ansible-NAS from the computer you plan to use for your NAS, or from a remote controlling machine. The steps for deployment are exactly the same, just pay attention to editing the inventory file in step 7. -1. Enable the Ubuntu Universe repository: `sudo add-apt-repository universe` +1. Enable the Ubuntu Universe repository: -1. Install Ansible: `sudo apt install ansible` + `sudo add-apt-repository universe` -1. `git clone https://github.com/davestephens/ansible-nas.git && cd ansible-nas` +2. Install Ansible: -1. Copy `group_vars/all.yml.dist` to `group_vars/all.yml`. + `sudo apt install ansible` -1. Open up `group_vars/all.yml` and follow the instructions there for - configuring your Ansible NAS. +3. Clone Ansible-NAS: -1. If you plan to use Transmission with OpenVPN, also copy - `group_vars/vpn_credentials.yml.dist` to `group_vars/vpn_credentials.yml` and - fill in your settings. + `git clone https://github.com/davestephens/ansible-nas.git && cd ansible-nas` -1. Copy `inventory.dist` to `inventory` and update it. +4. Create your own inventory and config files by copying `inventories/sample` to your own directory: -1. Install the dependent roles: `ansible-galaxy install -r requirements.yml` - (you might need sudo to install Ansible roles) + `cp -rfp inventories/sample inventories/my-ansible-nas` -1. Run the playbook - something like `ansible-playbook -i inventory nas.yml -b - -K` should do you nicely. +5. Review `group_vars/all.yml`. Change settings by overriding them in `inventories/my-ansible-nas/group_vars/all.yml`. + +6. Update `inventories/my-ansible-nas/inventory`. + +7. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need `sudo` to install Ansible roles). + +8. Run the playbook - something like `ansible-playbook -i inventories/my-ansible-nas/inventory nas.yml -b -K` should do you nicely. \ No newline at end of file From 3da6be500072b0343862b56b274729599965059c Mon Sep 17 00:00:00 2001 From: David Stephens Date: Tue, 7 Jan 2020 22:57:15 +0000 Subject: [PATCH 9/9] Fix duplicate variable in all.yml --- group_vars/all.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index ddd382d5..abbbbb8d 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -32,7 +32,6 @@ couchpotato_enabled: false radarr_enabled: false get_iplayer_enabled: false jackett_enabled: false -bazarr_enabled: false # subtitles minidlna_enabled: false jellyfin_enabled: false emby_enabled: false @@ -120,7 +119,7 @@ ansible_nas_user: david # Your email and domain, used for Let's Encrypt SSL certs ansible_nas_email: me@example.com -# Applications will have subdomain SSL certificates created, e.g. ansible-nas., nextcloud. +# Applications will have subdomain SSL certificates created if Traefik is enabled, e.g. ansible-nas., nextcloud. ansible_nas_domain: example.com ###