First portion of migration

freshrss, get_iplayer, gitlab, glances, gotify, guacamole, healthchecks.io

ansible-nas.code-workspace

@@ -0,0 +1,15 @@
+{
+	"folders": [
+		{
+			"path": "."
+		}
+	],
+	"settings": {
+		"yaml.schemas": {
+			"https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": "file:///c%3A/Users/anarion/Documents/repos/ansible-nas/roles/immich/tasks/main.yml"
+		},
+		 "files.associations": {
+			"*.yaml": "home-assistant"
+		}
+	},
+}

nas.yml

@@ -116,12 +116,10 @@
     - role: freshrss
       tags:
         - freshrss
-      when: (freshrss_enabled | default(False))
 
     - role: get_iplayer
       tags:
         - get_iplayer
-      when: (get_iplayer_enabled | default(False))
 
     - role: gitea
       tags:
@@ -130,27 +128,22 @@
     - role: gitlab
       tags:
         - gitlab
-      when: (gitlab_enabled | default(False))
 
     - role: glances
       tags:
         - glances
-      when: (glances_enabled | default(False))
 
     - role: gotify
       tags:
         - gotify
-      when: (gotify_enabled | default(False))
 
     - role: guacamole
       tags:
         - guacamole
-      when: (guacamole_enabled | default(False))
 
     - role: healthchecks.io
       tags:
         - healthchecks.io
-      when: (healthchecks_enabled | default(False))
 
     - role: heimdall
       tags:

roles/freshrss/defaults/main.yml

@@ -10,5 +10,10 @@ freshrss_extensions_directory: "{{ docker_home }}/freshrss"
 freshrss_port: "8089"
 freshrss_hostname: "freshrss"
 
+# docker
+freshrss_container_name: freshrss
+freshrss_image_name: "freshrss/freshrss"
+freshrss_image_version: latest
+
 # specs
 freshrss_memory: 1g

roles/freshrss/docs/freshrss.md

@@ -0,0 +1,21 @@
+# Freshrss
+
+Homepage: <https://freshrss.org/>
+
+FreshRSS is a self-hosted RSS feed aggregator like Leed or Kriss Feed.
+
+It is lightweight, easy to work with, powerful, and customizable.
+
+It is a multi-user application with an anonymous reading mode. It supports custom tags. There is an API for (mobile) clients, and a Command-Line Interface.
+
+Thanks to the WebSub standard (formerly PubSubHubbub), FreshRSS is able to receive instant push notifications from compatible sources, such as Mastodon, Friendica, WordPress, Blogger, FeedBurner, etc.
+
+FreshRSS natively supports basic Web scraping, based on XPath, for Web sites not providing any RSS / Atom feed.
+
+Finally, it supports extensions for further tuning.
+
+## Usage
+
+Set `freshrss_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+The FreshRSS web interface can be found at <http://ansible_nas_host_or_ip:8089>.

roles/freshrss/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        freshrss_enabled: true

roles/freshrss/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        freshrss_enabled: false

roles/freshrss/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get freshrss container state
+      community.docker.docker_container:
+        name: "{{ freshrss_container_name }}"
+      register: result
+
+    - name: Check if freshrss containers are running
+      ansible.builtin.assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false

roles/freshrss/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove freshrss
+      community.docker.docker_container:
+        name: "{{ freshrss_container_name }}"
+        state: absent
+      register: result
+
+    - name: Check if freshrss is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed

roles/freshrss/tasks/main.yml

@@ -1,32 +1,44 @@
 ---
-- name: Create FreshRSS Directories
+- name: Start FreshRSS
-  file:
+  block:
-    path: "{{ item }}"
+    - name: Create FreshRSS Directories
-    state: directory
+      ansible.builtin.file:
-    # mode: 0755
+        path: "{{ item }}"
-  with_items:
+        state: directory
-    - "{{ freshrss_data_directory }}/data"
+      with_items:
-    - "{{ freshrss_extensions_directory }}/extensions"
+        - "{{ freshrss_data_directory }}/data"
+        - "{{ freshrss_extensions_directory }}/extensions"
 
-- name: FreshRSS Docker Container
+    - name: FreshRSS Docker Container
-  docker_container:
+      community.docker.docker_container:
-    name: freshrss
+        container_default_behavior: no_defaults
-    image: freshrss/freshrss
+        name: "{{ freshrss_container_name }}"
-    pull: true
+        image: "{{ freshrss_image_name }}:{{ freshrss_image_version }}"
-    volumes:
+        pull: true
-      - "{{ freshrss_data_directory }}/data:/var/www/FreshRSS/data:rw"
+        volumes:
-      - "{{ freshrss_extensions_directory }}/extensions:/var/www/FreshRSS/extensions:rw"
+          - "{{ freshrss_data_directory }}/data:/var/www/FreshRSS/data:rw"
-    ports:
+          - "{{ freshrss_extensions_directory }}/extensions:/var/www/FreshRSS/extensions:rw"
-      - "{{ freshrss_port }}:80"
+        ports:
-    env:
+          - "{{ freshrss_port }}:80"
-      TZ: "{{ ansible_nas_timezone }}"
+        env:
-      CRON_MIN: "1,31"
+          TZ: "{{ ansible_nas_timezone }}"
-    restart_policy: unless-stopped
+          CRON_MIN: "1,31"
-    memory: "{{ freshrss_memory }}"
+        restart_policy: unless-stopped
-    labels:
+        memory: "{{ freshrss_memory }}"
-      traefik.enable: "{{ freshrss_available_externally | string }}"
+        labels:
-      traefik.http.routers.freshrss.rule: "Host(`{{ freshrss_hostname }}.{{ ansible_nas_domain }}`)"
+          traefik.enable: "{{ freshrss_available_externally | string }}"
-      traefik.http.routers.freshrss.tls.certresolver: "letsencrypt"
+          traefik.http.routers.freshrss.rule: "Host(`{{ freshrss_hostname }}.{{ ansible_nas_domain }}`)"
-      traefik.http.routers.freshrss.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.freshrss.tls.certresolver: "letsencrypt"
-      traefik.http.routers.freshrss.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.routers.freshrss.tls.domains[0].main: "{{ ansible_nas_domain }}"
-      traefik.http.services.freshrss.loadbalancer.server.port: "80"
+          traefik.http.routers.freshrss.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.freshrss.loadbalancer.server.port: "80"
+  when: freshrss_enabled is true
+
+
+- name: Stop FreshRSS
+  block:
+    - name: Stop FreshRSS
+      community.docker.docker_container:
+        name: "{{ freshrss_container_name }}"
+        state: absent
+  when: freshrss_enabled is false

roles/get_iplayer/defaults/main.yml

@@ -8,5 +8,10 @@ get_iplayer_download_directory: "{{ tv_root }}/iplayer_downloads"
 # network
 get_iplayer_port: "8182"
 
+# docker
+get_iplayer_container_name: "get_iplayer"
+get_iplayer_image_name: "kolonuk/get_iplayer"
+get_iplayer_image_version: "latest"
+
 # specs
 get_iplayer_memory: "1g"

roles/get_iplayer/docs/get_iplayer.md

@@ -0,0 +1,11 @@
+# Get_iPlayer
+
+Homepage: <https://github.com/get-iplayer/get_iplayer>
+
+Downloads TV and radio programmes from BBC iPlayer.
+
+## Usage
+
+Set `get_iplayer_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+The get_iplayer web interface can be found at <http://ansible_nas_host_or_ip:8182>.

roles/get_iplayer/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        get_iplayer_enabled: true

roles/get_iplayer/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        get_iplayer_enabled: false

roles/get_iplayer/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get get_iplayer container state
+      community.docker.docker_container:
+        name: "{{ get_iplayer_container_name }}"
+      register: result
+
+    - name: Check if get_iplayer containers are running
+      ansible.builtin.assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false

roles/get_iplayer/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove get_iplayer
+      community.docker.docker_container:
+        name: "{{ get_iplayer_container_name }}"
+        state: absent
+      register: result
+
+    - name: Check if get_iplayer is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed

roles/get_iplayer/tasks/main.yml

@@ -1,21 +1,33 @@
 ---
-- name: Create get_iplayer Directories
+- name: Start get_iplayer
-  file:
+  block:
-    path: "{{ item }}"
+    - name: Create get_iplayer Directories
-    state: directory
+      ansible.builtin.file:
-  with_items:
+        path: "{{ item }}"
-    - "{{ get_iplayer_config_directory }}"
+        state: directory
-    - "{{ get_iplayer_download_directory }}"
+      with_items:
+        - "{{ get_iplayer_config_directory }}"
+        - "{{ get_iplayer_download_directory }}"
 
-- name: Get_iplayer Docker Container
+    - name: Create get_iplayer Docker Container
-  docker_container:
+      community.docker.docker_container:
-    name: get_iplayer
+        container_default_behavior: no_defaults
-    image: kolonuk/get_iplayer
+        name: "{{ get_iplayer_container_name }}"
-    pull: true
+        image: "{{ get_iplayer_image_name }}:{{ get_iplayer_image_version }}"
-    volumes:
+        pull: true
-      - "{{ get_iplayer_config_directory }}:/root/.get_iplayer:rw"
+        volumes:
-      - "{{ get_iplayer_download_directory }}:/root/output:rw"
+          - "{{ get_iplayer_config_directory }}:/root/.get_iplayer:rw"
-    ports:
+          - "{{ get_iplayer_download_directory }}:/root/output:rw"
-      - "{{ get_iplayer_port }}:8181"
+        ports:
-    restart_policy: unless-stopped
+          - "{{ get_iplayer_port }}:8181"
-    memory: "{{ get_iplayer_memory }}"
+        restart_policy: unless-stopped
+        memory: "{{ get_iplayer_memory }}"
+  when: get_iplayer_enabled is true
+
+- name: Stop get_iplayer
+  block:
+    - name: Stop get_iplayer
+      community.docker.docker_container:
+        name: "{{ get_iplayer_container_name }}"
+        state: absent
+  when: get_iplayer_enabled is false

roles/gitlab/defaults/main.yml

@@ -12,5 +12,12 @@ gitlab_port_http: "4080"
 gitlab_port_https: "4443"
 gitlab_port_ssh: "422"
 
+# docker
+gitlab_container_name: "gitlab"
+gitlab_image_name: "gitlab/gitlab-ce"
+gitlab_image_version: "latest"
+gitlab_user_id: "1000"
+gitlab_group_id: "1000"
+
 # specs
 gitlab_memory: "4g"

roles/gitlab/docs/gitlab.md

@@ -0,0 +1,13 @@
+# GitLab
+
+Homepage: <https://docs.gitlab.com/omnibus/docker/>
+
+If Gitea isn't powerful enough for you then consider GitLab. It's a much more powerful (and consequently bigger) Git repository solution that includes a suite of code analytics. On the other hand it requires more RAM.
+
+## Usage
+
+Set `gitlab_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+To make GitLab available externally via Traefik set `gitlab_available_externally: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+The first time you run GitLab you'll be prompted for an account's password. The password is for GitLab's `root` administrator account. From there you can log in to create additional users and further configure the application.

roles/gitlab/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        gitlab_enabled: true

roles/gitlab/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        gitlab_enabled: false

roles/gitlab/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get gitlab container state
+      community.docker.docker_container:
+        name: "{{ gitlab_container_name }}"
+      register: result
+
+    - name: Check if gitlab containers are running
+      ansible.builtin.assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false

roles/gitlab/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove gitlab
+      community.docker.docker_container:
+        name: "{{ gitlab_container_name }}"
+        state: absent
+      register: result
+
+    - name: Check if gitlab is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed

roles/gitlab/tasks/main.yml

@@ -1,57 +1,69 @@
 ---
-# The gitlab uid/gid matches 'git:git' in the Gitlab Docker image.
+- name: Start Gitlab
-- name: Create Gitlab group account
+  block:
-  group:
+    # The gitlab uid/gid matches 'git:git' in the Gitlab Docker image.
-    name: gitlab
+    - name: Create Gitlab group account
-    gid: 998
+      group:
-    state: present
+        name: gitlab
+        gid: 998
+        state: present
 
-- name: Create Gitlab user account
+    - name: Create Gitlab user account
-  user:
+      user:
-    name: gitlab
+        name: gitlab
-    uid: 998
+        uid: 998
-    state: present
+        state: present
-    system: yes
+        system: yes
-    update_password: on_create
+        update_password: on_create
-    create_home: no
+        create_home: no
-    group: gitlab
+        group: gitlab
 
-- name: Create Gitlab Directories
+    - name: Create Gitlab Directories
-  file:
+      file:
-    path: "{{ item }}"
+        path: "{{ item }}"
-    state: directory
+        state: directory
-    owner: gitlab
+        owner: gitlab
-    group: gitlab
+        group: gitlab
-  with_items:
+      with_items:
-    - "{{ gitlab_data_directory }}/config"
+        - "{{ gitlab_data_directory }}/config"
-    - "{{ gitlab_data_directory }}/log"
+        - "{{ gitlab_data_directory }}/log"
-    - "{{ gitlab_data_directory }}/data"
+        - "{{ gitlab_data_directory }}/data"
 
-- name: Create Gitlab Docker Container
+    - name: Create Gitlab Docker Container
-  docker_container:
+      community.docker.docker_container:
-    name: gitlab
+        container_default_behavior: no_defaults
-    image: gitlab/gitlab-ce:latest
+        name: "{{ gitlab_container_name }}"
-    pull: true
+        image: "{{ gitlab_image_name }}:{{ gitlab_image_version }}"
-    volumes:
+        pull: true
-      - "{{ gitlab_data_directory }}/config:/etc/gitlab:rw"
+        volumes:
-      - "{{ gitlab_data_directory }}/log:/var/log/gitlab:rw"
+          - "{{ gitlab_data_directory }}/config:/etc/gitlab:rw"
-      - "{{ gitlab_data_directory }}/data:/var/opt/gitlab:rw"
+          - "{{ gitlab_data_directory }}/log:/var/log/gitlab:rw"
-    network_mode: "bridge"
+          - "{{ gitlab_data_directory }}/data:/var/opt/gitlab:rw"
-    ports:
+        network_mode: "bridge"
-      - "{{ gitlab_port_http }}:80"
+        ports:
-      - "{{ gitlab_port_https }}:443"
+          - "{{ gitlab_port_http }}:80"
-      - "{{ gitlab_port_ssh }}:22"
+          - "{{ gitlab_port_https }}:443"
-    env:
+          - "{{ gitlab_port_ssh }}:22"
-      TZ: "{{ ansible_nas_timezone }}"
+        env:
-      PUID: "{{ gitlab_user_id }}"
+          TZ: "{{ ansible_nas_timezone }}"
-      PGID: "{{ gitlab_group_id }}"
+          PUID: "{{ gitlab_user_id }}"
-    restart_policy: unless-stopped
+          PGID: "{{ gitlab_group_id }}"
-    hostname: "{{ gitlab_hostname }}.{{ ansible_nas_domain }}"
+        restart_policy: unless-stopped
-    memory: "{{ gitlab_memory }}"
+        hostname: "{{ gitlab_hostname }}.{{ ansible_nas_domain }}"
-    labels:
+        memory: "{{ gitlab_memory }}"
-      traefik.enable: "{{ gitlab_available_externally | string }}"
+        labels:
-      traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_hostname }}.{{ ansible_nas_domain }}`)"
+          traefik.enable: "{{ gitlab_available_externally | string }}"
-      traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
+          traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_hostname }}.{{ ansible_nas_domain }}`)"
-      traefik.http.routers.gitlab.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
-      traefik.http.routers.gitlab.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.routers.gitlab.tls.domains[0].main: "{{ ansible_nas_domain }}"
-      traefik.http.services.gitlab.loadbalancer.server.port: "80"
+          traefik.http.routers.gitlab.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.gitlab.loadbalancer.server.port: "80"
+  when: gitlab_enabled is true
+
+- name: Stop Gitlab
+  block:
+    - name: Stop Gitlab
+      community.docker.docker_container:
+        name: "{{ gitlab_container_name }}"
+        state: absent
+  when: gitlab_enabled is false

roles/glances/defaults/main.yml

@@ -12,5 +12,10 @@ glances_port_two: "61209"
 glances_security_options:
   - "apparmor=unconfined"
 
+# docker
+glances_container_name: "glances"
+glances_image_name: "nicolargo/glances"
+glances_image_version: "latest"
+
 # specs
 glances_memory: 1g

roles/glances/docs/glances.md

@@ -0,0 +1,15 @@
+# Glances
+
+Homepage: <https://nicolargo.github.io/glances/>
+
+Glances is a cross-platform system monitoring tool written in Python.
+
+## Usage
+
+Set `glances_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+The Glances web interface can be found at <http://ansible_nas_host_or_ip:61208>.
+
+## Specific Configuration
+
+Glances can be integrated with InfluxDB and Grafana.

roles/glances/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        glances_enabled: true

roles/glances/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        glances_enabled: false

roles/glances/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get glances container state
+      community.docker.docker_container:
+        name: "{{ glances_container_name }}"
+      register: result
+
+    - name: Check if glances containers are running
+      ansible.builtin.assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false

roles/glances/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove glances
+      community.docker.docker_container:
+        name: "{{ glances_container_name }}"
+        state: absent
+      register: result
+
+    - name: Check if glances is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed

roles/glances/tasks/main.yml

@@ -1,25 +1,37 @@
 ---
-- name: Create Glances Docker Container
+- name: Start Glances
-  docker_container:
+  block:
-    name: glances
+    - name: Create Glances Docker Container
-    image: nicolargo/glances
+      community.docker.docker_container:
-    pull: true
+        container_default_behavior: no_defaults
-    volumes:
+        name: "{{ glances_container_name }}"
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+        image: "{{ glances_image_name }}:{{ glances_image_version }}"
-      - "/etc/timezone:/etc/timezone:ro"
+        pull: true
-    pid_mode: host
+        volumes:
-    ports:
+          - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "{{ glances_port_one }}:61208"
+          - "/etc/timezone:/etc/timezone:ro"
-      - "{{ glances_port_two }}:61209"
+        pid_mode: host
-    env:
+        ports:
-      GLANCES_OPT: "-w"
+          - "{{ glances_port_one }}:61208"
-    restart_policy: unless-stopped
+          - "{{ glances_port_two }}:61209"
-    security_opts: "{{ glances_security_options }}"
+        env:
-    memory: "{{ glances_memory }}"
+          GLANCES_OPT: "-w"
-    labels:
+        restart_policy: unless-stopped
-      traefik.enable: "{{ glances_available_externally | string }}"
+        security_opts: "{{ glances_security_options }}"
-      traefik.http.routers.glances.rule: "Host(`{{ glances_hostname }}.{{ ansible_nas_domain }}`)"
+        memory: "{{ glances_memory }}"
-      traefik.http.routers.glances.tls.certresolver: "letsencrypt"
+        labels:
-      traefik.http.routers.glances.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.enable: "{{ glances_available_externally | string }}"
-      traefik.http.routers.glances.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.routers.glances.rule: "Host(`{{ glances_hostname }}.{{ ansible_nas_domain }}`)"
-      traefik.http.services.glances.loadbalancer.server.port: "61208"
+          traefik.http.routers.glances.tls.certresolver: "letsencrypt"
+          traefik.http.routers.glances.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.glances.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.glances.loadbalancer.server.port: "61208"
+  when: glances_enabled is true
+
+- name: Stop Glances
+  block:
+    - name: Stop Glances
+      community.docker.docker_container:
+        name: "{{ glances_container_name }}"
+        state: absent
+  when: glances_enabled is false

roles/gotify/defaults/main.yml

@@ -5,14 +5,14 @@ gotify_available_externally: false
 # data directory
 gotify_data_directory: "{{ docker_home }}/gotify"
 
-# docker image to use
-gotify_docker_image: gotify/server:latest
-
 # network
 gotify_port: "2346"
 gotify_hostname: "gotify"
 
-# user to run container with
+# docker
+gotify_container_name: "gotify"
+gotify_image_name: "gotify/server"
+gotify_image_version: "latest"
 gotify_user_id: "0"
 gotify_group_id: "0"
 

roles/gotify/docs/gotify.md

@@ -0,0 +1,16 @@
+# Gotify
+
+Homepage: <https://gotify.net/>
+
+A simple server for sending and receiving messages in real-time per WebSocket. (Includes a sleek web-ui)
+
+## Usage
+
+Set `gotify_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+The Gotify web interface can be found at <http://ansible_nas_host_or_ip:2346>.
+
+Android client: [https://play.google.com/store/apps/details?id=com.github.gotify](https://play.google.com/store/apps/details?id=com.github.gotify)
+iOS client: n/a
+Chrome extension: n/a
+Firefox extension: <https://addons.mozilla.org/en-US/firefox/addon/gotify-for-firefox/>

roles/gotify/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        gotify_enabled: true

roles/gotify/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        gotify_enabled: false

roles/gotify/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get gotify container state
+      community.docker.docker_container:
+        name: "{{ gotify_container_name }}"
+      register: result
+
+    - name: Check if gotify containers are running
+      ansible.builtin.assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false

roles/gotify/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove gotify
+      community.docker.docker_container:
+        name: "{{ gotify_container_name }}"
+        state: absent
+      register: result
+
+    - name: Check if gotify is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed

roles/gotify/tasks/main.yml

@@ -1,31 +1,43 @@
 ---
-- name: Create Gotify Data Directory
+- name: Start Gotify
-  file:
+  block:
-    path: "{{ item }}"
+    - name: Create Gotify Data Directory
-    state: directory
+      ansible.builtin.file:
-  with_items:
+        path: "{{ item }}"
-    - "{{ gotify_data_directory }}"
+        state: directory
+      with_items:
+        - "{{ gotify_data_directory }}"
 
-- name: Gotify Docker Container
+    - name: Gotify Docker Container
-  docker_container:
+      community.docker.docker_container:
-    name: gotify
+        container_default_behavior: no_defaults
-    image: "{{ gotify_docker_image }}"
+        name: "{{ gotify_container_name }}"
-    pull: true
+        image: "{{ gotify_image_name }}:{{ gotify_image_version }}"
-    ports:
+        pull: true
-      - "{{ gotify_port }}:80"
+        ports:
-    volumes:
+          - "{{ gotify_port }}:80"
-      - "/var/run/docker.sock:/var/run/docker.sock"
+        volumes:
-      - "{{ gotify_data_directory }}:/app/data:rw"
+          - "/var/run/docker.sock:/var/run/docker.sock"
-    env:
+          - "{{ gotify_data_directory }}:/app/data:rw"
-      TZ: "{{ ansible_nas_timezone }}"
+        env:
-      PUID: "{{ gotify_user_id }}"
+          TZ: "{{ ansible_nas_timezone }}"
-      PGID: "{{ gotify_group_id }}"
+          PUID: "{{ gotify_user_id }}"
-    restart_policy: unless-stopped
+          PGID: "{{ gotify_group_id }}"
-    memory: "{{ gotify_memory }}"
+        restart_policy: unless-stopped
-    labels:
+        memory: "{{ gotify_memory }}"
-      traefik.enable: "{{ gotify_available_externally | string }}"
+        labels:
-      traefik.http.routers.gotify.rule: "Host(`{{ gotify_hostname }}.{{ ansible_nas_domain }}`)"
+          traefik.enable: "{{ gotify_available_externally | string }}"
-      traefik.http.routers.gotify.tls.certresolver: "letsencrypt"
+          traefik.http.routers.gotify.rule: "Host(`{{ gotify_hostname }}.{{ ansible_nas_domain }}`)"
-      traefik.http.routers.gotify.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.gotify.tls.certresolver: "letsencrypt"
-      traefik.http.routers.gotify.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.routers.gotify.tls.domains[0].main: "{{ ansible_nas_domain }}"
-      traefik.http.services.gotify.loadbalancer.server.port: "80"
+          traefik.http.routers.gotify.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.gotify.loadbalancer.server.port: "80"
+  when: gotify_enabled is true
+
+- name: Stop Gotify
+  block:
+    - name: Stop Gotify
+      community.docker.docker_container:
+        name: "{{ gotify_container_name }}"
+        state: absent
+  when: gotify_enabled is false

roles/guacamole/defaults/main.yml

@@ -9,5 +9,10 @@ guacamole_data_directory: "{{ docker_home }}/guacamole"
 guacamole_port: "8090"
 guacamole_hostname: "guacamole"
 
+# docker
+guacamole_container_name: "guacamole"
+guacamole_image_name: "oznu/guacamole"
+guacamole_image_version: "latest"
+
 # specs
 guacamole_memory: 1g

roles/guacamole/docs/guacamole.md

@@ -0,0 +1,17 @@
+# Guacamole
+
+Homepage: <https://guacamole.apache.org/>
+
+Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
+
+## Usage
+
+Set `guacamole_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+## Specific Configuration
+
+The default username and password is `guacadmin`. Change it!
+
+## What to connect to?
+
+You can run a virtual desktop from your Ansible-NAS box, check out the [Virtual Desktop docs](virtual_desktop.md).

roles/guacamole/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        guacamole_enabled: true

roles/guacamole/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        guacamole_enabled: false

roles/guacamole/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get guacamole container state
+      community.docker.docker_container:
+        name: "{{ guacamole_container_name }}"
+      register: result
+
+    - name: Check if guacamole containers are running
+      ansible.builtin.assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false

roles/guacamole/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove guacamole
+      community.docker.docker_container:
+        name: "{{ guacamole_container_name }}"
+        state: absent
+      register: result
+
+    - name: Check if guacamole is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed

roles/guacamole/tasks/main.yml

@@ -1,51 +1,63 @@
 ---
-- name: Create Guacamole directories
+- name: Start Guacamole
-  file:
+  block:
-    path: "{{ item }}"
+    - name: Create Guacamole directories
-    state: directory
+      ansible.builtin.file:
-  with_items:
+        path: "{{ item }}"
-    - "{{ guacamole_data_directory }}/config"
+        state: directory
+      with_items:
+        - "{{ guacamole_data_directory }}/config"
 
-- name: Remove Old Guacamole Mysql Docker Container
+    - name: Remove Old Guacamole Mysql Docker Container
-  docker_container:
+      docker_container:
-    name: guacamole-mysql
+        name: guacamole-mysql
-    state: absent
+        state: absent
-    keep_volumes: true
+        keep_volumes: true
 
-- name: Remove Old Guacamole guacd Docker Container
+    - name: Remove Old Guacamole guacd Docker Container
-  docker_container:
+      docker_container:
-    name: guacamole-guacd
+        name: guacamole-guacd
-    state: absent
+        state: absent
-    keep_volumes: true
+        keep_volumes: true
 
-- name: Remove old Guacamole directories
+    - name: Remove old Guacamole directories
-  file:
+      file:
-    path: "{{ item }}"
+        path: "{{ item }}"
-    state: absent
+        state: absent
-  with_items:
+      with_items:
-    - "{{ guacamole_data_directory }}/mysql"
+        - "{{ guacamole_data_directory }}/mysql"
 
-- name: Guacamole Container
+    - name: Guacamole Container
-  docker_container:
+      community.docker.docker_container:
-    name: guacamole
+        container_default_behavior: no_defaults
-    image: "oznu/guacamole"
+        name: "{{ guacamole_container_name }}"
-    pull: true
+        image: "{{ guacamole_image_name }}:{{ guacamole_image_version }}"
-    volumes:
+        pull: true
-      - "{{ guacamole_data_directory }}/config:/config:rw"
+        volumes:
-    ports:
+          - "{{ guacamole_data_directory }}/config:/config:rw"
-      - "{{ guacamole_port }}:8080"
+        ports:
-    restart_policy: unless-stopped
+          - "{{ guacamole_port }}:8080"
-    memory: "{{ guacamole_memory }}"
+        restart_policy: unless-stopped
-    labels:
+        memory: "{{ guacamole_memory }}"
-      traefik.enable: "{{ guacamole_available_externally | string }}"
+        labels:
-      traefik.http.routers.guacamole.rule: "Host(`{{ guacamole_hostname }}.{{ ansible_nas_domain }}`)"
+          traefik.enable: "{{ guacamole_available_externally | string }}"
-      traefik.http.routers.guacamole.tls.certresolver: "letsencrypt"
+          traefik.http.routers.guacamole.rule: "Host(`{{ guacamole_hostname }}.{{ ansible_nas_domain }}`)"
-      traefik.http.routers.guacamole.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.guacamole.tls.certresolver: "letsencrypt"
-      traefik.http.routers.guacamole.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.routers.guacamole.tls.domains[0].main: "{{ ansible_nas_domain }}"
-      traefik.http.services.guacamole.loadbalancer.server.port: "8080"
+          traefik.http.routers.guacamole.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.guacamole.loadbalancer.server.port: "8080"
 
-- name: Restart Guacamole Container
+    - name: Restart Guacamole Container
-  docker_container:
+      community.docker.docker_container:
-    name: guacamole
+        name: "{{ guacamole_container_name }}"
-    image: "oznu/guacamole"
+        image: "{{ guacamole_image_name }}:{{ guacamole_image_version }}"
-    restart: true
+        restart: true
+  when: guacamole_enabled is true
+
+- name: Stop Guacamole
+  block:
+    - name: Stop Guacamole
+      community.docker.docker_container:
+        name: "{{ guacamole_container_name }}"
+        state: absent
+  when: guacamole_enabled is false

roles/healthchecks.io/docs/healthchecks.io.md

@@ -0,0 +1,11 @@
+# Healthchecks.io
+
+Homepage: <https://healthchecks.io/>
+
+A simple cronjob that uses `curl` to ping a given endpoint on the `healthchecks.io` servers. You can choose how often it should ping the endpoint, and what happens when it doesn't. Email/Slack/Telegram and many more services can be integrated.
+
+## Usage
+
+Create your own project on <https://healthchecks.io/>, and set both the time between pings and the grace time. Set your prefered integration such as email.
+
+Set `healthchecks_enabled: true` in your `inventories/<your_inventory>/nas.yml` file, and if your time between pings is different than the default `healthchecks_ping_minutes`, change it. Finally, set your ping url in the `healthchecks_url` variable.

roles/healthchecks.io/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        healthchecks_enabled: true

roles/healthchecks.io/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        healthchecks_enabled: false

roles/healthchecks.io/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Check cron job file
+      ansible.builtin.fetch:
+        src: /var/spool/cron/crontabs/root
+        dest: /tmp/fetched
+
+    - name: Check if cron job does exist
+      ansible.builtin.assert:
+        that: "lookup('file', '/tmp/fetched/instance/var/spool/cron/crontabs/root') is search('healthchecks.io')"
+        fail_msg: "Cron job 'healthchecks.io' does not exist!"
+        success_msg: "Cron job 'healthchecks.io' does exist!"

roles/healthchecks.io/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Check cron job file
+      ansible.builtin.fetch:
+        src: /var/spool/cron/crontabs/root
+        dest: /tmp/fetched
+
+    - name: Check if cron job does not exist
+      ansible.builtin.assert:
+        that: "not lookup('file', '/tmp/fetched/instance/var/spool/cron/crontabs/root') is search('healthchecks.io')"
+        fail_msg: "Cron job 'healthchecks.io' still exists!"
+        success_msg: "Cron job 'healthchecks.io' does not exist!"

roles/healthchecks.io/tasks/main.yml

@@ -1,7 +1,19 @@
 ---
-- name: Add healthchecks.io cronjob
+- name: Start Healthchecks
-  cron:
+  block:
-    name: healthchecks.io
+    - name: Add healthchecks.io cronjob
-    minute: "*/{{ healthchecks_ping_minutes }}"
+      ansible.builtin.cron:
-    user: root
+        name: healthchecks.io
-    job: "curl -m 10 --retry 5 {{ healthchecks_url }}"
+        minute: "*/{{ healthchecks_ping_minutes }}"
+        user: root
+        job: "curl -m 10 --retry 5 {{ healthchecks_url }}"
+  when: healthchecks_enabled is true
+
+- name: Stop Healthchecks
+  block:
+    - name: Remove healthchecks.io cronjob
+      ansible.builtin.cron:
+        name: healthchecks.io
+        user: root
+        state: absent
+  when: healthchecks_enabled is false