Rejig config to reduce merging headache

2024-12-26 19:43:11 +00:00 · 2019-07-04 00:22:20 +01:00 · 2019-07-04 00:22:20 +01:00 · 60094d192b
commit 60094d192b
parent a25b52b850
7 changed files with 57 additions and 605 deletions
--- a/README.md
+++ b/README.md
@ -89,17 +89,34 @@ does. Run it against a VM and make sure you're happy. ***Do not*** blindly
 download code from the internet and trust that it's going to work as you expect.
 :skull:
-1. Enable the Ubuntu Universe repository: `sudo add-apt-repository universe`
+
-2. Install Ansible: `sudo apt install ansible`
+1. Enable the Ubuntu Universe repository:
-3. `git clone https://github.com/davestephens/ansible-nas.git && cd ansible-nas`
+
-4. Copy `group_vars/all.yml.dist` to  `group_vars/all.yml`.
+    `sudo add-apt-repository universe`
-5. Open up `group_vars/all.yml` and follow the instructions there for configuring your Ansible NAS.
+
-6. If you plan to use Transmission with OpenVPN, also copy `group_vars/vpn_credentials.yml.dist` to
+2. Install Ansible:
-`group_vars/vpn_credentials.yml` and fill in your settings.
+
-7. Copy `inventory.dist` to `inventory` and update it.
+    `sudo apt install ansible`
-8. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need sudo to install Ansible roles)
+
 3. Clone Ansible-NAS:
    `git clone https://github.com/davestephens/ansible-nas.git && cd ansible-nas`
 4. Create your own inventory and config files by copying `inventories/sample` to your own directory:
    `cp -rfp inventories/sample inventories/my-ansible-nas`
 5. Review `group_vars/all.yml`. Change settings by overriding them in inventories/my-ansible-nas/group_vars/all.yml`.
 6. If you plan to use Transmission with OpenVPN, update `inventories/my-ansible-nas/group_vars/vpn_credentials.yml`.
 7. Update `inventories/my-ansible-nas/inventory`.
 8. Install the dependent roles: `ansible-galaxy install -r requirements.yml` (you might need `sudo` to install Ansible roles).
 9. Run the playbook - something like `ansible-playbook -i inventory nas.yml -b -K` should do you nicely.
 ## Documentation
 You can read the docs [here](https://davestephens.github.io/ansible-nas). PRs
@ -119,7 +136,7 @@ Assuming that your Ubuntu system disk is separate from your storage (it should b
 ## Requirements
 * Ansible NAS targets the latest Ubuntu LTS release, which is currently Ubuntu
-  Server 18.04.2 LTS. 
+  Server 18.04 LTS. 
 * You can run Ansible-NAS on whatever you like, read the docs for more info. I
  use an HP Microserver.
--- a/docs/applications/transmission.md
+++ b/docs/applications/transmission.md
@ -13,5 +13,14 @@ Transmission's web interface can be found at http://ansible_nas_host_or_ip:9091
 ## Specific Configuration
-If you enable Transmission with OpenVPN, you'll need to copy `group_vars/vpn_credentials.yml.dist` to
+If you enable Transmission with OpenVPN, you'll need to add the following to your inventory `all.yml`:
-`group_vars/vpn_credentials.yml` and fill in your settings.
+
 ```
 openvpn_username: super_secret_username
 openvpn_password: super_secret_password
 openvpn_provider: NORDVPN
 openvpn_config: uk686.nordvpn.com.udp
 ```
 See https://hub.docker.com/r/haugene/transmission-openvpn/ for supported VPN providers.
--- a/group_vars/all.yml.dist
+++ b/group_vars/all.yml.dist
@ -1,574 +0,0 @@
 ###
 ### Ansible NAS Features
 ###
 # Set these options to true or false to toggle specific features
 # External Access
 # Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your 
 # home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip.
 # You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "availble_externally" 
 # settings.
 traefik_enabled: false
 # Downloading
 # If you plan to use Transmission with OpenVPN, you'll need to copy group_vars/vpn_credentials.yml.dist
 # to group_vars/vpn_credentials.yml, then update it with your own settings.
 transmission_with_openvpn_enabled: false
 transmission_enabled: false
 nzbget_enabled: false
 # Downloaders
 pyload_enabled: false
 # Plex
 plex_enabled: false
 tautulli_enabled: false
 # Emby
 emby_enabled: false
 # minidlna
 minidlna_enabled: false
 # Media Sourcing
 sonarr_enabled: false
 sickchill_enabled: false
 couchpotato_enabled: false
 radarr_enabled: false
 get_iplayer_enabled: false
 jackett_enabled: false
 # Music
 airsonic_enabled: false
 mymediaforalexa_enabled: false
 # News
 miniflux_enabled: false
 # System Management
 heimdall_enabled: true
 portainer_enabled: true
 glances_enabled: false
 stats_enabled: false
 guacamole_enabled: false
 netdata_enabled: false
 watchtower_enabled: false
 cloudflare_ddns_enabled: false
 # Backup & Restore
 duplicati_enabled: false
 nextcloud_enabled: false
 gitea_enabled: false
 timemachine_enabled: false
 # IRC
 znc_enabled: false
 thelounge_enabled: false
 # Password Management
 bitwarden_enabled: false
 # Finance
 firefly_enabled: false
 # Wallabag
 wallabag_enabled: false
 # MQTT
 mosquitto_enabled: false
 ###
 ### General
 ###
 # Sets the hostname of your Ansible NAS
 ansible_nas_hostname: ansible-nas
 # Sets the timezone for your Ansible NAS
 # You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 ansible_nas_timezone: Etc/UTC
 # Update all apt packages when playbook is run
 keep_packages_updated: false
 # Will be added to the docker group to give user command line access to docker
 ansible_nas_user: david
 # Your email and domain, used for LetsEncrypt SSL certs
 ansible_nas_email: me@example.com
 # Applications will have subdomain SSL certificates created, eg ansible-nas.<your-domain>, nextcloud.<your-domain>
 ansible_nas_domain: example.com
 ###
 ### Docker
 ###
 # Where you want Docker to store images
 docker_image_directory: "{{ docker_home }}/data"
 # Where you want Docker to store its container data.
 docker_home: /mnt/Volume2/docker
 # Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems
 # You might want to change this to ZFS, depending on your underlying filesystem.
 docker_storage_driver: overlay2
 ###
 ### Samba
 ###
 # The location where all shares will be created by default. Can be overridden on a per-share basis.
 # This path will be mounted to backup containers, Duplicati
 samba_shares_root: /mnt/Volume3
 # Where stuff downloaded will be stored
 downloads_root: "{{ samba_shares_root }}/downloads"
 # Where your movies are stored
 movies_root: "{{ samba_shares_root }}/movies"
 # Where your TV episodes are stored
 tv_root: "{{ samba_shares_root }}/tv"
 # Where torrent files are stored (picked up by Transmission for downloading)
 torrents_root: "{{ samba_shares_root }}/torrents"
 # Where music is stored
 music_root: "{{ samba_shares_root }}/music"
 # Where podcasts are stored
 podcasts_root: "{{ samba_shares_root }}/podcasts"
 # The description that'll appear next to your Ansible-NAS box when browsing your network
 samba_server_string: Ansible NAS
 # Shares you want published over Samba.
 samba_shares:
  - name: downloads
    comment: 'Stuff downloaded'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ downloads_root }}"
  - name: movies
    comment: 'Movies'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ movies_root }}"
  - name: tv
    comment: 'TV Episodes'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ tv_root }}"
  - name: music
    comment: 'Music'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ music_root }}"
  - name: podcasts
    comment: 'Podcasts'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ podcasts_root }}"
  - name: dump
    comment: 'File dump'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/dump"
  - name: games
    comment: 'Games'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/games"
  - name: photos
    comment: 'Pictures'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/photos"
 ###
 ### NFS
 ###
 # Data you want published over NFS. More info on the nfs config format can be found at
 # https://help.ubuntu.com/community/SettingUpNFSHowTo#Shares
 # WARNING: Weird things might happen if you share the same data over Samba and NFS and allow writes on both!
 nfs_shares_root: /mnt/Volume3
 nfs_exports:
  - "{{ nfs_shares_root }}/public *(rw,sync,no_root_squash)"
 ###
 ### Cloudflare
 ###
 # Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to
 # set the options below.
 # Your domain name
 cloudflare_zone: "{{ ansible_nas_domain }}"
 # The hostname you want the container to update. You shouldn't need to change this.
 cloudflare_host: "*.{{ cloudflare_zone }}"
 # Email address used to register for Cloudflare
 cloudflare_email: "{{ ansible_nas_email }}"
 # Cloudflare 'Global API Key', can be found on the 'My Profile' page
 cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
 ##################################################################
 ###### You shouldn't need to edit anything below this point ######
 ##################################################################
 ###
 ### General
 ###
 # Extra packages to install
 ansible_nas_extra_packages:
  - smartmontools
  - htop
  - zfsutils-linux
  - bonnie++
  - unzip
  - lm-sensors
 ansible_python_interpreter: /usr/bin/python3
 ###
 ### Samba
 ###
 # Seems to break browsing of the \\server-name shares root when enabled
 samba_mitigate_cve_2017_7494: false
 # The account used when Samba shares are accessed. Shouldn't need to change this unless you want to
 # mess with Samba user permissions.
 samba_guest_account: ansible-nas
 # How Samba behaves when an unknown user connects, see Samba docs for more info
 samba_map_to_guest: Bad Password
 # The Netbios hostname used by Samba on your network
 samba_netbios_name: "{{ ansible_nas_hostname }}"
 ###
 ### Traefik
 ###
 traefik_docker_image: traefik:latest
 traefik_data_directory: "{{ docker_home }}/traefik"
 traefik_debug: "false"
 ###
 ### Heimdall
 ###
 heimdall_available_externally: "false"
 heimdall_docker_image: linuxserver/heimdall:latest
 heimdall_data_directory: "{{ docker_home }}/heimdall"
 ###
 ### Transmission
 ###
 transmission_available_externally: "false"
 transmission_with_openvpn_available_externally: "false"
 transmission_config_directory: "{{ docker_home }}/transmission/config"
 transmission_download_directory: "{{ downloads_root }}"
 transmission_watch_directory: "{{ torrents_root }}"
 transmission_user_id: 0
 transmission_group_id: 0
 transmission_local_network: "192.168.1.0/24"
 ###
 ### pyLoad
 ###
 pyload_available_externally: "false"
 pyload_config_directory: "{{ docker_home }}/pyload"
 pyload_download_directory: "{{ downloads_root }}"
 pyload_user_id: 0
 pyload_group_id: 0
 ###
 ### Plex
 ###
 # If you're paranoid, set permissions to "ro" so Plex won't ever be able to
 # delete your files
 plex_available_externally: "false"
 plex_config_directory: "{{ docker_home }}/plex/config"
 plex_movies_directory: "{{ movies_root }}"
 plex_movies_permissions: "rw"
 plex_tv_directory: "{{ tv_root }}"
 plex_tv_permissions: "rw"
 plex_user_id: 0
 plex_group_id: 0
 ###
 ### Emby
 ###
 # If you're paranoid, set permissions to "ro" so Emby won't ever be able to
 # delete your files
 emby_available_externally: "false"
 emby_config_directory: "{{ docker_home }}/emby/config"
 emby_movies_directory: "{{ movies_root }}"
 emby_movies_permissions: "rw"
 emby_tv_directory: "{{ tv_root }}"
 emby_tv_permissions: "rw"
 emby_user_id: 0
 emby_group_id: 0
 ###
 ### Tautulli
 ###
 tautulli_available_externally: "false"
 tautulli_config_directory: "{{ docker_home }}/tautulli/config"
 tautulli_user_id: 0
 tautulli_group_id: 0
 ###
 ### Duplicati
 ###
 duplicati_available_externally: "false"
 duplicati_data_directory: "{{ docker_home }}/duplicati/config"
 ###
 ### Sonarr
 ###
 sonarr_available_externally: "false"
 sonarr_data_directory: "{{ docker_home }}/sonarr/config"
 sonarr_tv_directory: "{{ tv_root }}"
 sonarr_download_directory: "{{ downloads_root }}"
 sonarr_user_id: 0
 sonarr_group_id: 0
 ###
 ### Radarr
 ###
 radarr_available_externally: "false"
 radarr_movies_directory: "{{ movies_root }}"
 radarr_download_directory: "{{ downloads_root }}"
 radarr_data_directory: "{{ docker_home }}/radarr"
 radarr_user_id: 0
 radarr_group_id: 0
 ###
 ### Couchpotato
 ###
 couchpotato_available_externally: "false"
 couchpotato_config_directory: "{{ docker_home }}/couchpotato/config"
 couchpotato_movies_directory: "{{ movies_root }}"
 couchpotato_downloads_directory: "{{ downloads_root }}"
 couchpotato_torrents_directory: "{{ torrents_root }}"
 couchpotato_user_id: 0
 couchpotato_group_id: 0
 ###
 ### Sickchill
 ###
 sickchill_available_externally: "false"
 sickchill_config_directory: "{{ docker_home }}/sickchill/config"
 sickchill_tv_directory: "{{ tv_root }}"
 sickchill_downloads_directory: "{{ downloads_root }}/completed"
 sickchill_user_id: 0
 sickchill_group_id: 0
 ###
 ### Netdata
 ###
 netdata_available_externally: "false"
 ###
 ### OpenVPN
 ###
 openvpn_config_directory: "{{ docker_home }}/openvpn"
 ###
 ### Portainer
 ###
 portainer_available_externally: "false"
 portainer_data_directory: "{{ docker_home }}/portainer/config"
 ###
 ### ZNC
 ###
 znc_available_externally: "false"
 znc_data_directory: "{{ docker_home }}/znc"
 znc_user_id: 0
 znc_group_id: 0
 ###
 ### Stats
 ###
 grafana_available_externally: "false"
 telegraf_data_directory: "{{ docker_home }}/telegraf"
 influxdb_data_directory: "{{ docker_home }}/influxdb"
 grafana_data_directory: "{{ docker_home }}/grafana"
 stat_collection_interval: 15s
 ###
 ### Gitea
 ###
 gitea_available_externally: "false"
 gitea_data_directory: "{{ docker_home }}/gitea"
 ###
 ### Glances
 ###
 glances_available_externally: "false"
 ###
 ### Nextcloud
 ###
 nextcloud_available_externally: "false"
 nextcloud_data_directory: "{{ docker_home }}/nextcloud"
 ###
 ### nginx
 ###
 nginx_data_directory: "{{ docker_home }}/nginx"
 ###
 ### Guacamole
 ###
 guacamole_available_externally: "false"
 guacamole_docker_image: guacamole/guacamole:0.9.14
 guacamole_guacd_docker_image: guacamole/guacd:0.9.14
 guacamole_data_directory: "{{ docker_home }}/guacamole"
 ###
 ### Miniflux
 ###
 miniflux_available_externally: "false"
 miniflux_data_directory: "{{ docker_home }}/miniflux"
 miniflux_admin_username: admin
 miniflux_admin_password: supersecure
 ###
 ### Airsonic
 ###
 airsonic_available_externally: "false"
 airsonic_data_directory: "{{ docker_home }}/airsonic"
 ###
 ### Watchtower
 ###
 # Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily.
 watchtower_cron_schedule: 0 0 5 * * *
 # Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive
 # notifications or not, some examples are provided below. See https://github.com/v2tec/watchtower for more info.
 # No notifications
 watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug"
 # Email notifications
 # watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'"
 # Slack notifications
 # watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'"
 ###
 ### Time Machine
 ###
 timemachine_data_directory: "{{ docker_home }}/timemachine"
 timemachine_volume_size_limit: 0
 timemachine_password: timemachine
 timemachine_share_name: TimeMachine
 timemachine_log_level: error
 ###
 ### minidlna
 ###
 minidlna_media_directory1: "{{ movies_root }}"
 minidlna_media_directory2: "{{ tv_root }}"
 minidlna_friendly_name: "{{ ansible_nas_hostname }}"
 ###
 ### get_iplayer
 ###
 get_iplayer_config_directory: "{{ docker_home }}/get_iplayer"
 get_iplayer_download_directory: "{{ tv_root }}/iplayer_downloads"
 ###
 ### mymediaforalexa
 ###
 mymediaforalexa_media_directory: "{{ music_root }}"
 mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa"
 ###
 ### Jackett
 ###
 jackett_available_externally: "false"
 jackett_data_directory: "{{ docker_home }}/jackett"
 ###
 ### The Lounge
 ###
 thelounge_available_externally: "false"
 thelounge_data_directory: "{{ docker_home }}/thelounge"
 ###
 ### Bitwarden
 ###
 bitwarden_available_externally: "false"
 bitwarden_data_directory: "{{ docker_home }}/bitwarden"
 # Keep this token secret, this is password to access admin area of your server!
 # This token can be anything, but it's recommended to use a long, randomly generated string of characters,
 # for example running openssl rand -base64 48
 bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321
 # To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook.
 # Once you have created your user, set to "false" and run one more time.
 # Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden
 bitwarden_allow_signups: false
 ###
 ### Firefly
 ###
 firefly_available_externally: "false"
 firefly_data_directory: "{{ docker_home }}/firefly"
 ###
 ### Nzbget
 ###
 nzbget_available_externally: "false"
 nzbget_data_directory: "{{ docker_home }}/nzbget"
 nzbget_download_directory: "{{ downloads_root }}"
 nzbget_user_id: 0
 nzbget_group_id: 0
 ###
 ### Wallabag
 ###
 wallabag_available_externally: "false"
 wallabag_data_directory: "{{ docker_home }}/wallabag"
 ### Mosquitto
 ###
 mosquitto_available_externally: "false"
 mosquitto_data_directory: "{{ docker_home }}/mosquitto"
--- a/group_vars/vpn_credentials.yml.dist
+++ b/group_vars/vpn_credentials.yml.dist
@ -1,9 +0,0 @@
 ###
 ### VPN Credentials
 ###
 # If you're using Transmission with a VPN, you'll need to set these credentials.
 # See https://hub.docker.com/r/haugene/transmission-openvpn/ for supported VPN providers.
 openvpn_username: super_secret_username
 openvpn_password: super_secret_password
 openvpn_provider: NORDVPN
 openvpn_config: uk686.nordvpn.com.udp
--- a/inventories/sample/group_vars/all.yml
+++ b/inventories/sample/group_vars/all.yml
@ -0,0 +1,18 @@
 ##                       ._____.   .__
 ##  _____    ____   _____|__\_ |__ |  |   ____             ____ _____    ______
 ##  \__  \  /    \ /  ___/  || __ \|  | _/ __ \   ______  /    \\__  \  /  ___/
 ##   / __ \|   |  \\___ \|  || \_\ \  |_\  ___/  /_____/ |   |  \/ __ \_\___ \
 ##  (____  /___|  /____  >__||___  /____/\___  >         |___|  (____  /____  >
 ##       \/     \/     \/        \/          \/               \/     \/     \/
 ##     a n s i b l e - n a s      https://github.com/davestephens/ansible-nas
 # Add your all.yml config overrides to this file. See group_vars/all.yml for all possible settings.
 # Example options
 ansible_nas_hostname: ansible-nas
 ansible_nas_timezone: Etc/UTC
 ## Enable some applications
 heimdall_enabled: true
 portainer_enabled: true
--- a/inventory.dist
+++ b/inventory.dist
@ -1,6 +0,0 @@
 # Example for running it directly on NAS server
 # localhost ansible_connection=local
 # Example using from remote workstation
 # [all]
 # 192.168.1.30
--- a/tasks/transmission_with_openvpn.yml
+++ b/tasks/transmission_with_openvpn.yml
@ -1,7 +1,4 @@
 ---
 - name: Include VPN credentials
  include_vars: group_vars/vpn_credentials.yml
 - name: Create Transmission Directories
  file:
    path: "{{ item }}"