diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 6cd3b7e9..ef206bf4 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -15,7 +15,7 @@ A clear and concise description of what the bug is. **Environment** - Ansible-NAS revision (`git rev-parse --short HEAD`): - Ansible version (paste the entire output of `ansible --version` on the machine you run the playbook from): -- Ansible-NAS operating system (`cat /etc/lsb-release` on the Ansible-NAS box) - _If this is anything other than Ubuntu 18.04 help will be limited_: +- Ansible-NAS operating system (`cat /etc/lsb-release` on the Ansible-NAS box) - _Support won't be provided for non-LTS releases of Ubuntu_: - Ansible-NAS kernel (`uname -a` on the Ansible-NAS box): - Ansible-NAS Python version (`python --version` on the Ansible-NAS box): - Ansible-NAS Docker version (`docker --version` on the Ansible-NAS box): diff --git a/.gitignore b/.gitignore index 494d8a60..6d5441ff 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,9 @@ tests/test.yml site .vagrant -roles *.retry *.log +inventories # Vim [._]sw[a-p] diff --git a/.travis.yml b/.travis.yml index 83369ee9..8f272a8c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,7 +16,7 @@ install: - pip install mkdocs-material script: - - ansible-lint ${PWD}/nas.yml + - ansible-lint ${PWD}/nas.yml -x 106,208 - ${PWD}/tests/test.sh - mkdocs build diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 23e9f478..448de533 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,6 +1,7 @@ { "recommendations": [ "haaaad.ansible", - "ybaumes.highlight-trailing-white-spaces" + "ybaumes.highlight-trailing-white-spaces", + "bungcip.better-toml" ] } \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 44f32403..4ad1f938 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,6 +1,6 @@ # Code of Conduct -Ansible-NAS follows the [Ansible Code Of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html). +Ansible-NAS follows the [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html). Specifically, Ansible-NAS community members are expected to be: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 39836293..3f437ae1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -11,16 +11,18 @@ If you're adding a new application: * Ensure that the new application is disabled by default. * Add a documentation page to `docs/applications/` - use an existing application as an example. -* Add to the list of Available Applications in 'README.md' +* Add to the list of Available Applications in `README.md` * Add the frontend port to `docs/configuration/application_ports.md`, ensuring you've not clashed with an existing application. -* Add to the list of certificate requests in 'templates/traefik/traefik.toml' if the program is to be used externally. +* Add to the list of certificate requests in `templates/traefik/traefik.toml` if the program is to be used externally. -A typical new application PR will include 2 new files (`docs/applications/application.md` and 'tasks/application.yml') and have 5 updated files ('README.md', 'nas.yml', `docs/configuration/application_ports.md`, 'group_vars/all.yml', 'templates/traefik/traefik.toml' +A typical new application PR will include 2 new files (`docs/applications/application.md` and `tasks/application.yml`) and have 5 updated files (`README.md`, `nas.yml`, `docs/configuration/application_ports.md`, `group_vars/all.yml`, `templates/traefik/traefik.toml`). ## Things to bear in mind * If you break the build with your PR, please fix it :) * Pull requests that unintentionally touch files, or that show files as removed then re-added will be rejected. +* Squash your commits before creating a PR. +* Don't mess with line endings, or tabs vs. spaces. * Please know that your efforts are appreciated, thanks! :+1: # Development Environment diff --git a/LICENSE b/LICENSE index 522ce4c5..d7789ada 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2017-2020 David Stephens +Copyright (c) 2017-2021 David Stephens Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 1995c062..e7bdb2c1 100644 --- a/README.md +++ b/README.md @@ -25,18 +25,17 @@ Ansible config and a bunch of Docker containers. * A Docker host with Portainer for image and container management * An automatic dynamic DNS updater if you use Cloudflare to host your domain DNS * A Personal finance manager -* eBook management with calibre-web +* eBook management with Calibre-web * Content management with Joomla * A dual panel local file manager * Self-service media request web application -* SEO tracking with Serposcope ### Available Applications * [Airsonic](https://airsonic.github.io/) - catalog and stream music * [Bazarr](https://github.com/morpheus65535/bazarr) - companion to Radarr and Sonarr for downloading subtitles * [Bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs) - Self-Hosting port of password manager -* [Calibre](https://hub.docker.com/r/linuxserver/calibre-web) - eBook Library +* [Calibre-web](https://github.com/janeczku/calibre-web) - Provides a clean interface for browsing, reading and downloading eBooks using an existing Calibre database. * [Cloud Commander](https://cloudcmd.io/) - A dual panel file manager with integrated web console and text editor * [Cloudflare DDNS](https://hub.docker.com/r/joshuaavalon/cloudflare-ddns/) - automatically update Cloudflare with your IP address * [CouchPotato](https://couchpota.to/) - for downloading and managing movies @@ -44,8 +43,8 @@ Ansible config and a bunch of Docker containers. * [Emby](https://emby.media/) - Media streaming and management * [Firefly III](https://firefly-iii.org/) - Free and open source personal finance manager * [get_iplayer](https://github.com/get-iplayer/get_iplayer) - download programmes from BBC iplayer -* [Gitea](https://gitea.io/en-us/) - Simple self-hosted Github clone -* [Gitlab](https://about.gitlab.com/features/) - Self-hosted Github clone of the highest order +* [Gitea](https://gitea.io/en-us/) - Simple self-hosted GitHub clone +* [GitLab](https://about.gitlab.com/features/) - Self-hosted GitHub clone of the highest order * [Glances](https://nicolargo.github.io/glances/) - for seeing the state of your system via a web browser * [Grafana](https://github.com/grafana/grafana) - Dashboarding tool * [Guacamole](https://guacamole.apache.org/) - Web based remote desktop gateway, supports VNC, RDP and SSH @@ -55,7 +54,7 @@ Ansible config and a bunch of Docker containers. * [Jackett](https://github.com/Jackett/Jackett) - API Support for your favorite torrent trackers * [Jellyfin](https://jellyfin.github.io) - The Free Software Media System * [Joomla](https://www.joomla.org/) - Open source content management system -* [https://krusader.org/](https://krusader.org/) - Twin panel file management for your desktop +* [Krusader](https://krusader.org/) - Twin panel file management for your desktop * [Lidarr](https://github.com/lidarr/Lidarr) - Music collection manager for Usenet and BitTorrent users * [MiniDLNA](https://sourceforge.net/projects/minidlna/) - simple media server which is fully compliant with DLNA/UPnP-AV clients * [Miniflux](https://miniflux.app/) - An RSS news reader @@ -73,7 +72,6 @@ Ansible config and a bunch of Docker containers. * [pyLoad](https://pyload.net/) - A download manager with a friendly web-interface * [PyTivo](http://pytivo.org) - An HMO and GoBack server for TiVos. * [Radarr](https://radarr.video/) - for organising and downloading movies -* [Serposcope](https://serposcope.serphacker.com/en/) - tracker to monitor website ranking * [Sickchill](https://sickchill.github.io/) - for managing TV episodes * [Sonarr](https://sonarr.tv/) - for downloading and managing TV episodes * [Tautulli](http://tautulli.com/) - Monitor Your Plex Media Server @@ -87,7 +85,7 @@ Ansible config and a bunch of Docker containers. * [Virtual Desktop](https://github.com/RattyDAVE/docker-ubuntu-xrdp-mate-custom) - A virtual desktop running on your NAS. * [Wallabag](https://wallabag.org/) - Save and classify articles. Read them later. * [Watchtower](https://github.com/v2tec/watchtower) - Monitor your Docker containers and update them if a new version is available -* [YouTubeDL-Material](https://ytdl-org.github.io/youtube-dl) - Self-hosted YouTube downloader built on Material Design +* [YouTubeDL-Material](https://github.com/Tzahi12345/YoutubeDL-Material) - Self-hosted YouTube downloader built on Material Design * [ZNC](https://wiki.znc.in/ZNC) - IRC bouncer to stay connected to favourite IRC networks and channels ## What This Could Do @@ -133,7 +131,7 @@ Assuming that your Ubuntu system disk is separate from your storage (it should b ## Requirements * Ansible NAS targets the latest Ubuntu LTS release, which is currently Ubuntu - Server 18.04.3 LTS. + Server 20.04 LTS. * You can run Ansible-NAS on whatever you like, read the docs for more info. I use an HP Microserver. diff --git a/docs/applications/bazarr.md b/docs/applications/bazarr.md index 328e73cf..ed0c9adf 100644 --- a/docs/applications/bazarr.md +++ b/docs/applications/bazarr.md @@ -12,4 +12,4 @@ Set `bazarr_enabled: true` in your `inventories//nas.yml` file. ## Specific Configuration -Follow the [Wiki](https://github.com/morpheus65535/bazarr/wiki) for conecting to Sonarr and Radarr. \ No newline at end of file +Follow the [Wiki](https://github.com/morpheus65535/bazarr/wiki) for connecting to Sonarr and Radarr. diff --git a/docs/applications/calibre.md b/docs/applications/calibre.md index dd722448..5677334e 100644 --- a/docs/applications/calibre.md +++ b/docs/applications/calibre.md @@ -1,6 +1,6 @@ -# Calibre(-web) eBook Library +# Calibre-web -Homepage: [https://github.com/janeczku/calibre-web](https://github.com/linuxserver/docker-calibre-web) +Homepage: [https://github.com/janeczku/calibre-web](https://github.com/janeczku/calibre-web) Calibre-Web is a web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database. diff --git a/docs/applications/cloudflare_ddns.md b/docs/applications/cloudflare_ddns.md index 46d239bc..2809a066 100644 --- a/docs/applications/cloudflare_ddns.md +++ b/docs/applications/cloudflare_ddns.md @@ -12,4 +12,6 @@ Set `cloudflare_ddns_enabled: true` in your `inventories//nas.ym ## Specific Configuration -Make sure you set your Cloudflare login, domain and API key details within your `inventories//nas.yml` file. \ No newline at end of file +Make sure you set your domain (if different than the ansible-nas default) and access token details within your `inventories//nas.yml` file. If you need to create an API token, see https://joshuaavalon.github.io/docker-cloudflare/guide/cloudflare.html#authentication for instructions. + +Cloudflare has deprecated global API key authentication. If you have an older ansible-nas configuration using a global API key, you can upgrade to the API token-based authentication by removing the `cloudflare_api_key` variable from your local `nas.yml` configuration file and setting the `cloudflare_token` variable appropriately. diff --git a/docs/applications/emby.md b/docs/applications/emby.md index 4ece0ae6..4f5a315a 100644 --- a/docs/applications/emby.md +++ b/docs/applications/emby.md @@ -35,7 +35,7 @@ configuration directory read/write. ## File system considerations -Movie and TV show files are almost alway very large and pre-compressed. If you +Movie and TV show files are almost always very large and pre-compressed. If you are using a specialized filesystem such as ZFS for bulk storage, you'll want to set the parameters accordingly. The [ZFS configuration documentation](../zfs/zfs_configuration.md) has an example of this. diff --git a/tasks/gitea.md b/docs/applications/gitea.md similarity index 100% rename from tasks/gitea.md rename to docs/applications/gitea.md diff --git a/docs/applications/gitlab.md b/docs/applications/gitlab.md index 21da3207..a554d3bb 100644 --- a/docs/applications/gitlab.md +++ b/docs/applications/gitlab.md @@ -2,7 +2,7 @@ Homepage: [https://docs.gitlab.com/omnibus/docker/](https://docs.gitlab.com/omnibus/docker/) -If Gitea isn't powerful enough for you then consider GitLab. It's a much more powerful (and consquently bigger) Git repository solution that includes a suite of code analytics. On the other hand it requires more RAM. +If Gitea isn't powerful enough for you then consider GitLab. It's a much more powerful (and consequently bigger) Git repository solution that includes a suite of code analytics. On the other hand it requires more RAM. ## Usage diff --git a/docs/applications/jellyfin.md b/docs/applications/jellyfin.md index 9d2ad19c..5c00713e 100644 --- a/docs/applications/jellyfin.md +++ b/docs/applications/jellyfin.md @@ -36,7 +36,7 @@ configuration directory read/write. ## File system considerations -Movie and TV show files are almost alway very large and pre-compressed. If you +Movie and TV show files are almost always very large and pre-compressed. If you are using a specialized filesystem such as ZFS for bulk storage, you'll want to set the parameters accordingly. The [ZFS configuration documentation](../zfs/zfs_configuration.md) has an example of this. diff --git a/docs/applications/nextcloud.md b/docs/applications/nextcloud.md index f68d95e3..946f8e10 100644 --- a/docs/applications/nextcloud.md +++ b/docs/applications/nextcloud.md @@ -9,7 +9,7 @@ Set `nextcloud_enabled: true` in your `inventories//nas.yml` fil Tread carefully. -External access may require that you manually configure your Fully Qualified Domain Name (FQDN) as a trusted domain within the application. There is an evnironment variable set up for this in the "nextcloud task" which will most likely make manual configuration unneccessary. If you get the following [screenshot](https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains) warning when trying to access nextcloud externally you'll need to manually set it up. +External access may require that you manually configure your Fully Qualified Domain Name (FQDN) as a trusted domain within the application. There is an environment variable set up for this in the "nextcloud task" which will most likely make manual configuration unnecessary. If you get the following [screenshot](https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains) warning when trying to access nextcloud externally you'll need to manually set it up. This can be accomplished in two commands. diff --git a/docs/applications/radarr.md b/docs/applications/radarr.md index acc7a547..bdc3cdfc 100644 --- a/docs/applications/radarr.md +++ b/docs/applications/radarr.md @@ -18,4 +18,4 @@ Radarr will get the file path from the Download client. On default settings with For Radarr to understand that the `/movies` folder is a folder, you'll need to add a new subfolder into it. You can also do this by adding a random movie to the folder. Keep in mind to have the internal setting **Create empty movie folders** on **yes** -Comprehensive setup information can be found on the [Radarr github wiki](https://github.com/Radarr/Radarr/wiki/Setup-Guide) +Comprehensive setup information can be found on the [Radarr GitHub wiki](https://github.com/Radarr/Radarr/wiki/Setup-Guide) diff --git a/docs/applications/serposcope.md b/docs/applications/serposcope.md deleted file mode 100644 index c450691d..00000000 --- a/docs/applications/serposcope.md +++ /dev/null @@ -1,11 +0,0 @@ -# Serposcope - -Homepage: [https://serposcope.serphacker.com/en/](https://serposcope.serphacker.com/en/) - -Serposcope is a free and open-source rank tracker to monitor websites ranking in Google and improve your SEO performances - -## Usage - -Set `serposcope_enabled: true` in your `inventories//nas.yml` file. - -The Serposcope web interface can be found at http://ansible_nas_host_or_ip:7134. diff --git a/docs/applications/sonarr.md b/docs/applications/sonarr.md index bbbd93ab..26dad584 100644 --- a/docs/applications/sonarr.md +++ b/docs/applications/sonarr.md @@ -19,4 +19,4 @@ Sonarr will get the file path from the Download client. On default settings with For Sonarr to understand that the `/tv` folder is a folder, you'll need to add a folder into it. You can also do this by adding a random series to the folder. Keep in mind to have the setting **Create empty movie folders** on **yes** -For comprehensive configuration instructions see the [Sonarr github wiki](https://github.com/Sonarr/Sonarr/wiki) +For comprehensive configuration instructions see the [Sonarr GitHub wiki](https://github.com/Sonarr/Sonarr/wiki) diff --git a/docs/applications/traefik.md b/docs/applications/traefik.md index cc827a3f..3493d47e 100644 --- a/docs/applications/traefik.md +++ b/docs/applications/traefik.md @@ -7,7 +7,7 @@ Traefik is a reverse proxy used to provide external access to your Ansible-NAS b You can configure which applications are available externally by enabling the `_available_externally` setting for each application in the Advanced Settings section of your `all.yml`. -See [External Access](configuration/external_access) for more info. +See [External Access](../configuration/external_access.md) for more info. ## Usage diff --git a/docs/applications/wallabag.md b/docs/applications/wallabag.md index 73b3ab5c..9bcaa20c 100644 --- a/docs/applications/wallabag.md +++ b/docs/applications/wallabag.md @@ -10,7 +10,7 @@ Set `wallabag_enabled: true` in your `inventories//nas.yml` file If you want to access wallabag externally, don't forget to set `wallabag_available_externally: "true"` in your `inventories//nas.yml` file. -I reccomend using the mobile app, which will sync with this installation so you have access to your saved articles even if you don't have signal or wifi access. +I recommend using the mobile app, which will sync with this installation so you have access to your saved articles even if you don't have signal or wifi access. The default credentials are wallabag:wallabag diff --git a/docs/applications/youtubedlmaterial.md b/docs/applications/youtubedlmaterial.md index ca499a88..912f601d 100644 --- a/docs/applications/youtubedlmaterial.md +++ b/docs/applications/youtubedlmaterial.md @@ -1,8 +1,8 @@ # YouTubeDL-Material -Homepage: [https://ytdl-org.github.io/youtube-dl/](https://ytdl-org.github.io/youtube-dl/) -Docker Container: [https://github.com/Tzahi12345/YoutubeDL-Material](https://github.com/Tzahi12345/YoutubeDL-Material) +Homepage: [https://github.com/Tzahi12345/YoutubeDL-Material](https://github.com/Tzahi12345/YoutubeDL-Material) +Docker Container: [https://hub.docker.com/r/tzahi12345/youtubedl-material](https://hub.docker.com/r/tzahi12345/youtubedl-material) YoutubeDL-Material is a Material Design frontend for youtube-dl. It's coded using Angular 9 for the frontend, and Node.js on the backend. diff --git a/docs/configuration/application_ports.md b/docs/configuration/application_ports.md index b64f3e67..73aff9d0 100644 --- a/docs/configuration/application_ports.md +++ b/docs/configuration/application_ports.md @@ -8,7 +8,7 @@ By default, applications can be found on the ports listed below. | Bazarr | 6767 | | | Bitwarden "hub" | 3012 | Web Not. | | Bitwarden | 19080 | HTTP | -| Calibre | 8084 | HTTP | +| Calibre-web | 8084 | HTTP | | Cloud Commander | 7373 | | | Couchpotato | 5050 | | | Duplicati | 8200 | | @@ -18,9 +18,9 @@ By default, applications can be found on the ports listed below. | get_iplayer | 8182 | | | Gitea | 3001 | Web | | Gitea | 222 | SSH | -| Gitlab | 4080 | HTTP | -| Gitlab | 4443 | HTTPS | -| Gitlab | 422 | SSH | +| GitLab | 4080 | HTTP | +| GitLab | 4443 | HTTPS | +| GitLab | 422 | SSH | | Glances | 61208 | SSH | | Grafana | 3000 | | | Guacamole | 8090 | | @@ -53,7 +53,6 @@ By default, applications can be found on the ports listed below. | PyTivo | 9032 | HTTP | | PyTivo | 2190 | UDP | | Radarr | 7878 | | -| Serposcope | 7134 | | | Sickchill | 8081 | | | Sonarr | 8989 | | | Tautulli | 8185 | | diff --git a/docs/overview.md b/docs/overview.md index 33c98eeb..5b55e28b 100644 --- a/docs/overview.md +++ b/docs/overview.md @@ -56,10 +56,10 @@ As a to-do list, before you can even install Ansible-NAS, you'll have to: account it [loves RAM](zfs/zfs_overview.md) and prefers to have the hard drives all to itself. -1. Install **Ubuntu Server**, currently 18.04 LTS, and keep it updated. You'll +1. Install **Ubuntu Server**, currently 20.04 LTS, and keep it updated. You'll probably want to perform other basic setup tasks like hardening SSH and including email notifications. There are [various - guides](https://devanswers.co/ubuntu-18-04-initial-server-setup/) for this, + guides](https://devanswers.co/ubuntu-20-04-initial-server-setup/) for this, but if you're just getting started, you'll probably need a book. You will probably want to install a specialized filesystem for bulk storage such @@ -81,4 +81,4 @@ The easiest way to take Ansible-NAS for a spin is in a virtual machine, for instance in [VirtualBox](https://www.virtualbox.org/). You'll want to create three virtual hard drives for testing: One of the actual NAS, and the two others to create a mirrored ZFS pool. This will let you experiment with installing, -configuring, and running a complete system. +configuring, and running a complete system. diff --git a/docs/upgrading.md b/docs/upgrading.md index 42280f5a..2dee7876 100644 --- a/docs/upgrading.md +++ b/docs/upgrading.md @@ -4,7 +4,7 @@ If you're upgrading from [this](https://github.com/davestephens/ansible-nas/commit/52c7fef3aba08e30331931747c81fb7b3bfd359a) commit or earlier, these instructions are relevant to you. -Rather than having to merge every new config line into your own `all.yml` file, now you only need to maintain the differences that are relevant to you in your own `nas.yml`, stored within an inventory directory. Your inventory `nas.yml` takes prescendence over `group_vars/all.yml`, which is how this setup works. `group_vars/all.yml` is now tracked as part of the repo. +Rather than having to merge every new config line into your own `all.yml` file, now you only need to maintain the differences that are relevant to you in your own `nas.yml`, stored within an inventory directory. Your inventory `nas.yml` takes precedence over `group_vars/all.yml`, which is how this setup works. `group_vars/all.yml` is now tracked as part of the repo. This will make updates from `master` much simpler, as there will be no requirement to merge changes from `all.yml.dist` into your own `all.yml` any more. You simply pull from master, then add the bits you're interested in into your inventory `nas.yml`. diff --git a/docs/zfs/zfs_configuration.md b/docs/zfs/zfs_configuration.md index 9fd375b5..5d032d7f 100644 --- a/docs/zfs/zfs_configuration.md +++ b/docs/zfs/zfs_configuration.md @@ -36,9 +36,9 @@ Ansible-NAS storage. These two drives will be **mirrored** to provide redundancy. The actual Ubuntu system will be on a different drive and is not our concern. -> [Root on ZFS](https://github.com/zfsonlinux/zfs/wiki/Ubuntu-18.04-Root-on-ZFS) -> is still a hassle for Ubuntu. If that changes, this document might be updated -> accordingly. Until then, don't ask us about it. +> [Root on ZFS](https://openzfs.github.io/openzfs-docs/Getting%20Started/Ubuntu/Ubuntu%2020.04%20Root%20on%20ZFS.html) +is possible, but not something that has been tested with Ansible-NAS. + The Ubuntu kernel is already ready for ZFS. We only need the utility package which we install with `sudo apt install zfsutils`. @@ -107,7 +107,7 @@ late. Pools have properties that apply either to the pool itself or to filesystems created in the pool. You can use the command `zpool get all tank` to see the pool properties and `zfs get all tank` to see the filesystem properties. Most -default values are perfecly sensible, some you'll [want to +default values are perfectly sensible, some you'll [want to change](https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/). Setting defaults makes life easier when we create our filesystems. diff --git a/group_vars/all.yml b/group_vars/all.yml index 4462bf75..56a35837 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -16,69 +16,46 @@ ### # Downloading -transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials -transmission_enabled: false nzbget_enabled: false pyload_enabled: false -utorrent_enabled: false # Media Serving -plex_enabled: false tautulli_enabled: false # Media Sourcing -sonarr_enabled: false # tv -sickchill_enabled: false -couchpotato_enabled: false -radarr_enabled: false get_iplayer_enabled: false jackett_enabled: false minidlna_enabled: false jellyfin_enabled: false -emby_enabled: false -bazarr_enabled: false -ombi_enabled: false -lidarr_enabled: false + + youtubedlmaterial_enabled: false mylar_enabled: false # Music -airsonic_enabled: false mymediaforalexa_enabled: false # News miniflux_enabled: false # System Management -heimdall_enabled: false -organizr_enabled: false -portainer_enabled: false glances_enabled: false stats_enabled: false guacamole_enabled: false -netdata_enabled: false -watchtower_enabled: false -cloudflare_ddns_enabled: false cloudcmd_enabled: false virtual_desktop_enabled: false krusader_enabled: false # Backup & Restore -duplicati_enabled: false -nextcloud_enabled: false timemachine_enabled: false # Software build and CI -gitea_enabled: false gitlab_enabled: false # IRC znc_enabled: false thelounge_enabled: false -# Password Management -bitwarden_enabled: false - # Finance firefly_enabled: false @@ -86,7 +63,6 @@ firefly_enabled: false wallabag_enabled: false # Home Automation -homeassistant_enabled: false mosquitto_enabled: false homebridge_enabled: false openhab_enabled: false @@ -103,30 +79,10 @@ joomla_enabled: false # PyTivo pytivo_enabled: false -# SEO -serposcope_enabled: false -# External Access -# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your -# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. -# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally" -# settings. -traefik_enabled: false -traefik_port_http: "80" -traefik_port_https: "443" -traefik_port_ui: "8083" ### ### General ### -# Sets the hostname of your Ansible NAS -ansible_nas_hostname: ansible-nas - -# Sets the timezone for your Ansible NAS -# You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -ansible_nas_timezone: Etc/UTC - -# Update all apt packages when playbook is run -keep_packages_updated: false # Will be added to the docker group to give user command line access to docker ansible_nas_user: david @@ -137,19 +93,6 @@ ansible_nas_email: me@example.com # Applications will have subdomain SSL certificates created if Traefik is enabled, e.g. ansible-nas., nextcloud. ansible_nas_domain: example.com -### -### Docker -### -# Where you want Docker to store images -docker_image_directory: "{{ docker_home }}/data" - -# Where you want Docker to store its container data. -docker_home: /mnt/Volume2/docker - -# Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems -# You might want to change this to ZFS, depending on your underlying filesystem. -docker_storage_driver: overlay2 - ### ### Samba ### @@ -197,7 +140,7 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes + browseable: yes path: "{{ downloads_root }}" - name: movies @@ -205,7 +148,7 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes + browseable: yes path: "{{ movies_root }}" - name: tv @@ -213,7 +156,7 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes + browseable: yes path: "{{ tv_root }}" - name: music @@ -221,7 +164,7 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes + browseable: yes path: "{{ music_root }}" - name: podcasts @@ -229,7 +172,7 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes + browseable: yes path: "{{ podcasts_root }}" - name: dump @@ -237,7 +180,7 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes + browseable: yes path: "{{ samba_shares_root }}/dump" - name: games @@ -245,7 +188,7 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes + browseable: yes path: "{{ samba_shares_root }}/games" - name: photos @@ -253,16 +196,16 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes - path: "{{ samba_shares_root }}/photos" + browseable: yes + path: "{{ photos_root }}" - name: books comment: 'Books' guest_ok: yes public: yes writable: yes - browsable: yes - path: "{{ samba_shares_root }}/books" + browseable: yes + path: "{{ books_root }}" - name: audiobooks comment: 'Audiobooks' @@ -277,8 +220,8 @@ samba_shares: guest_ok: yes public: yes writable: yes - browsable: yes - path: "{{ samba_shares_root }}/comics" + browseable: yes + path: "{{ comics_root }}" ### ### NFS @@ -292,36 +235,11 @@ nfs_shares_root: /mnt/Volume3 nfs_exports: - "{{ nfs_shares_root }}/public *(rw,sync,no_root_squash)" -### -### Cloudflare -### -# Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to -# set the options below. - -# Your domain name -cloudflare_zone: "{{ ansible_nas_domain }}" - -# The hostname you want the container to update. You shouldn't need to change this. -cloudflare_host: "*.{{ cloudflare_zone }}" - -# Email address used to register for Cloudflare -cloudflare_email: "{{ ansible_nas_email }}" - -# Cloudflare 'Global API Key', can be found on the 'My Profile' page -cloudflare_api_key: abcdeabcdeabcdeabcde1234512345 ### ### General ### -# Extra packages to install -ansible_nas_extra_packages: - - smartmontools - - htop - - zfsutils-linux - - bonnie++ - - unzip - - lm-sensors - - ctop + ansible_python_interpreter: /usr/bin/python3 @@ -344,70 +262,6 @@ samba_map_to_guest: Bad Password # The NetBIOS hostname used by Samba on your network samba_netbios_name: "{{ ansible_nas_hostname }}" -### -### Traefik -### -traefik_docker_image: traefik:v1.7 -traefik_data_directory: "{{ docker_home }}/traefik" -traefik_debug: "false" - -### -### Heimdall -### -heimdall_available_externally: "false" -heimdall_docker_image: linuxserver/heimdall:latest -heimdall_data_directory: "{{ docker_home }}/heimdall" -heimdall_port_http: "10080" -heimdall_port_https: "10443" - -### -### Organizr -### -organizr_available_externally: "false" -organizr_data_directory: "{{ docker_home }}/organizr" -organizr_port_http: "10081" -organizr_port_https: "10444" -organizr_user_id: "1000" -organizr_group_id: "1000" - -### -### Transmission -### -transmission_available_externally: "false" -transmission_with_openvpn_available_externally: "false" -transmission_config_directory: "{{ docker_home }}/transmission/config" -transmission_download_directory: "{{ downloads_root }}" -transmission_watch_directory: "{{ torrents_root }}" -transmission_user_id: "0" -transmission_group_id: "0" -transmission_local_network: "192.168.1.0/24" -transmission_webui_port: "9092" -transmission_external_port: "51414" -transmission_openvpn_webui_port: "9091" -transmission_openvpn_external_port: "51415" -transmission_openvpn_proxy_port: "3128" -transmission_openvpn_ratio_limit_enabled: "true" -transmission_openvpn_ratio_limit: "2" - -# Transmission VPN Credentials -# If you're using Transmission with a VPN, you'll need to set these credentials. -# See https://github.com/haugene/docker-transmission-openvpn/ for supported VPN providers. -openvpn_username: leisure-suit-larry -openvpn_password: secretpassword -openvpn_provider: AWESOMEVPNPROVIDER -openvpn_config: United-Kingdom - -### -### uTorrent -### -utorrent_available_externally: "false" -utorrent_config_directory: "{{ docker_home }}/utorrent/config" -utorrent_download_directory: "{{ downloads_root }}" -utorrent_port_http: "8111" -utorrent_port_bt: "6881" -utorrent_user_id: "0" -utorrent_group_id: "0" - ### ### Joomla ### @@ -426,28 +280,6 @@ pyload_user_id: "0" pyload_group_id: "0" pyload_port: "8000" -### -### Plex -### -# If you're paranoid, set permissions to "ro" so Plex won't ever be able to -# delete your files -plex_available_externally: "false" -plex_config_directory: "{{ docker_home }}/plex/config" -plex_logs: "{{ docker_home }}/plex/logs" -plex_movies_directory: "{{ movies_root }}" -plex_movies_permissions: "rw" -plex_tv_directory: "{{ tv_root }}" -plex_tv_permissions: "rw" -plex_photos_directory: "{{ photos_root }}" -plex_photos_permissions: "rw" -plex_podcasts_directory: "{{ podcasts_root }}" -plex_podcasts_permissions: "rw" -plex_music_directory: "{{ music_root }}" -plex_music_permissions: "rw" -plex_user_id: "0" -plex_group_id: "0" -plex_port: "32400" - ### ### PyTivo ### @@ -470,21 +302,6 @@ homebridge_user_id: "0" homebridge_group_id: "0" homebridge_port: "8087" -### -### Emby -### -# If you're paranoid, set permissions to "ro" so Emby won't ever be able to -# delete your files -emby_available_externally: "false" -emby_config_directory: "{{ docker_home }}/emby/config" -emby_movies_directory: "{{ movies_root }}" -emby_movies_permissions: "rw" -emby_tv_directory: "{{ tv_root }}" -emby_tv_permissions: "rw" -emby_user_id: "0" -emby_group_id: "0" -emby_port_http: "8096" -emby_port_https: "8920" ### ### Tautulli @@ -495,14 +312,6 @@ tautulli_user_id: "0" tautulli_group_id: "0" tautulli_port: "8185" - -### -### Duplicati -### -duplicati_available_externally: "false" -duplicati_data_directory: "{{ docker_home }}/duplicati/config" -duplicati_port: "8200" - ### ### Mylar ### @@ -514,49 +323,6 @@ mylar_port_http: "8585" mylar_user_id: "0" mylar_group_id: "0" -### -### Sonarr -### -sonarr_available_externally: "false" -sonarr_data_directory: "{{ docker_home }}/sonarr/config" -sonarr_tv_directory: "{{ tv_root }}" -sonarr_download_directory: "{{ downloads_root }}" -sonarr_user_id: "0" -sonarr_group_id: "0" -sonarr_port: "8989" - -### -### Radarr -### -radarr_available_externally: "false" -radarr_movies_directory: "{{ movies_root }}" -radarr_download_directory: "{{ downloads_root }}" -radarr_data_directory: "{{ docker_home }}/radarr" -radarr_user_id: "0" -radarr_group_id: "0" -radarr_port: "7878" - -### -### Bazarr -### -bazarr_available_externally: "false" -bazarr_data_directory: "{{ docker_home }}/bazarr/config" -bazarr_tv_directory: "{{ tv_root }}" -bazarr_movies_directory: "{{ movies_root }}" -bazarr_user_id: "0" -bazarr_group_id: "0" -bazarr_port: "6767" - -### -### lidarr -### -lidarr_available_externally: "false" -lidarr_data_directory: "{{ docker_home }}/lidarr/config" -lidarr_music_directory: "{{ music_root }}" -lidarr_downloads_directory: "{{ downloads_root }}" -lidarr_user_id: "0" -lidarr_group_id: "0" -lidarr_port: "8686" ### ### YouTubeDL-Material @@ -568,43 +334,6 @@ youtubedlmaterial_dl_video_directory: "{{ downloads_root }}/youtube/video" youtubedlmaterial_dl_subscriptions_directory: "{{ downloads_root }}/youtube/subscriptions" youtubedlmaterial_port_http: "8998" -### -### Couchpotato -### -couchpotato_available_externally: "false" -couchpotato_config_directory: "{{ docker_home }}/couchpotato/config" -couchpotato_movies_directory: "{{ movies_root }}" -couchpotato_downloads_directory: "{{ downloads_root }}" -couchpotato_torrents_directory: "{{ torrents_root }}" -couchpotato_user_id: "0" -couchpotato_group_id: "0" -couchpotato_port: "5050" - -### -### Sickchill -### -sickchill_available_externally: "false" -sickchill_config_directory: "{{ docker_home }}/sickchill/config" -sickchill_tv_directory: "{{ tv_root }}" -sickchill_downloads_directory: "{{ downloads_root }}/completed" -sickchill_user_id: "0" -sickchill_group_id: "0" -sickchill_port: "8081" - - -### -### Ombi -### -ombi_available_externally: "false" -ombi_config_directory: "{{ docker_home }}/ombi/config" -ombi_user_id: "0" -ombi_group_id: "0" - -### -### Netdata -### -netdata_available_externally: "false" -netdata_port: "19999" ### ### OpenVPN @@ -612,13 +341,6 @@ netdata_port: "19999" openvpn_config_directory: "{{ docker_home }}/openvpn" -### -### Portainer -### -portainer_available_externally: "false" -portainer_data_directory: "{{ docker_home }}/portainer/config" -portainer_port: "9000" - ### ### ZNC ### @@ -640,13 +362,6 @@ stat_collection_interval: 15s grafana_influxdb_port: "8086" grafana_port: "3000" -### -### Gitea -### -gitea_available_externally: "false" -gitea_data_directory: "{{ docker_home }}/gitea" -gitea_port_http: "3001" -gitea_port_ssh: "222" ### ### Gitlab @@ -664,13 +379,6 @@ glances_available_externally: "false" glances_port_one: "61208" glances_port_two: "61209" -### -### Nextcloud -### -nextcloud_available_externally: "false" -nextcloud_data_directory: "{{ docker_home }}/nextcloud" -nextcloud_port: "8080" - ### ### nginx ### @@ -694,16 +402,6 @@ miniflux_admin_username: admin miniflux_admin_password: supersecure miniflux_port: "8070" -### -### Airsonic -### -airsonic_available_externally: "false" -airsonic_data_directory: "{{ docker_home }}/airsonic" -airsonic_music_directory: "{{ music_root }}" -airsonic_podcasts_directory: "{{ podcasts_root }}" -airsonic_port: "4040" - - ### ### CloudCmd ### @@ -727,24 +425,6 @@ krusader_vnc_password: "topsecret" krusader_port_http: "5800" krusader_port_vnc: "5900" -### -### Watchtower -### -# Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily. -watchtower_cron_schedule: 0 0 5 * * * - -# Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive -# notifications or not, some examples are provided below. See https://github.com/v2tec/watchtower for more info. - -# No notifications -watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug" - -# Email notifications -# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'" - -# Slack notifications -# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'" - ### ### Time Machine ### @@ -792,24 +472,6 @@ thelounge_data_directory: "{{ docker_home }}/thelounge" thelounge_port_one: "113" thelounge_port_two: "9002" -### -### Bitwarden -### -bitwarden_available_externally: "false" -bitwarden_data_directory: "{{ docker_home }}/bitwarden" -bitwarden_port_a: "19080" -bitwarden_port_b: "3012" - -# Keep this token secret, this is password to access admin area of your server! -# This token can be anything, but it's recommended to use a long, randomly generated string of characters, -# for example running openssl rand -base64 48 -bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321 - -# To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook. -# Once you have created your user, set to "false" and run one more time. -# Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden -bitwarden_allow_signups: false - ### ### Firefly ### @@ -843,7 +505,7 @@ mosquitto_port_a: "1883" mosquitto_port_b: "9001" ### -### Calibre +### Calibre-web ### calibre_available_externally: "false" calibre_data_directory: "{{ docker_home }}/calibre" @@ -854,13 +516,6 @@ calibre_port: "8084" # To disable ebook conversion set calibre_ebook_conversion to "". To enable it set it to "linuxserver/calibre-web:calibre" calibre_ebook_conversion: "linuxserver/calibre-web:calibre" -### -### Home Assistant -### -homeassistant_available_externally: "false" -homeassistant_data_directory: "{{ docker_home }}/homeassistant" -homeassistant_port: "8123" - ### ### openHAB ### @@ -904,13 +559,6 @@ ubooquity_group_id: "0" ubooquity_port_webui: "2202" ubooquity_port_admin: "2203" -### -### Serposcope -### -serposcope_data_directory: "{{ docker_home }}/serposcope" -serposcope_port: 7134 -serposcope_available_externally: "false" - ### ### Virtual Desktop ### diff --git a/nas.yml b/nas.yml index 7ac03a24..ebcf2c92 100644 --- a/nas.yml +++ b/nas.yml @@ -6,6 +6,10 @@ tags: users roles: + + ### + ### Requirements + ### - role: bertvv.samba tags: - samba @@ -21,57 +25,163 @@ - docker - skip_ansible_lint + + ### + ### Ansible-NAS Roles + ### + - role: ansible-nas-general + tags: + - ansible-nas-general + - ansible-nas + + - role: ansible-nas-docker + tags: + - ansible-nas-docker + - ansible-nas + + + ### + ### Applications + ### + - role: airsonic + tags: + - airsonic + when: (airsonic_enabled | default(False)) + + - role: bazarr + tags: + - bazarr + when: (bazarr_enabled | default(False)) + + - role: bitwarden + tags: + - bitwarden + when: (bitwarden_enabled | default(False)) + + - role: cloudflare_ddns + tags: + - cloudflare_ddns + when: (cloudflare_ddns_enabled | default(False)) + + - role: couchpotato + tags: + - couchpotato + when: (couchpotato_enabled | default(False)) + + - role: duplicati + tags: + - duplicati + when: (duplicati_enabled | default(False)) + + - role: emby + tags: + - emby + when: (emby_enabled | default(False)) + + - role: gitea + tags: + - gitea + when: (gitea_enabled | default(False)) + + - role: heimdall + tags: + - heimdall + when: (heimdall_enabled | default(False)) + + - role: homeassistant + tags: + - homeassistant + when: (homeassistant_enabled | default(False)) + + - role: lidarr + tags: + - lidarr + when: (lidarr_enabled | default(False)) + + - role: netdata + tags: + - netdata + when: (netdata_enabled | default(False)) + + - role: nextcloud + tags: + - nextcloud + when: (nextcloud_enabled | default(False)) + + - role: organizr + tags: + - organizr + when: (organizr_enabled | default(False)) + + - role: portainer + tags: + - portainer + when: (portainer_enabled | default(False)) + + - role: ombi + tags: + - ombi + when: (ombi_enabled | default(False)) + + - role: plex + tags: + - plex + when: (plex_enabled | default(False)) + + - role: radarr + tags: + - radarr + when: (radarr_enabled | default(False)) + + - role: radarr + tags: + - radarr + when: (radarr_enabled | default(False)) + + - role: sickchill + tags: + - sickchill + when: (sickchill_enabled | default(False)) + + - role: sonarr + tags: + - sonarr + when: (sonarr_enabled | default(False)) + + - role: transmission + tags: + - transmission + when: (transmission_enabled | default(False)) + + - role: transmission-with-openvpn + tags: + - transmission_with_openvpn_enabled + when: (transmission_with_openvpn_enabled | default(False)) + + - role: utorrent + tags: + - utorrent + when: (utorrent_enabled | default(False)) + + - role: traefik + tags: + - traefik + when: (traefik_enabled | default(False)) + + - role: watchtower + tags: + - watchtower + when: (watchtower_enabled | default(False)) + tasks: - - import_tasks: tasks/general.yml - tags: general - - - import_tasks: tasks/docker.yml - tags: docker - - - import_tasks: tasks/portainer.yml - when: (portainer_enabled | default(False)) - tags: portainer - - - import_tasks: tasks/traefik.yml - when: (traefik_enabled | default(False)) - tags: traefik - - - import_tasks: tasks/heimdall.yml - when: (heimdall_enabled | default(False)) - tags: heimdall - - - import_tasks: tasks/organizr.yml - when: (organizr_enabled | default(False)) - tags: organizr - - - import_tasks: tasks/watchtower.yml - when: (watchtower_enabled | default(False)) - tags: watchtower - - - import_tasks: tasks/plex.yml - when: (plex_enabled | default(False)) - tags: plex - - import_tasks: tasks/firefly.yml when: (firefly_enabled | default(False)) tags: firefly - - import_tasks: tasks/emby.yml - when: (emby_enabled | default(False)) - tags: emby - - import_tasks: tasks/tautulli.yml when: (tautulli_enabled | default(False)) tags: tautulli - - import_tasks: tasks/transmission.yml - when: (transmission_enabled | default(False)) - tags: transmission - - - import_tasks: tasks/transmission_with_openvpn.yml - when: (transmission_with_openvpn_enabled | default(False)) - tags: transmission - - import_tasks: tasks/pyload.yml when: (pyload_enabled | default(False)) tags: pyload @@ -84,34 +194,10 @@ when: (mylar_enabled | default(False)) tags: mylar - - import_tasks: tasks/sonarr.yml - when: (sonarr_enabled | default(False)) - tags: sonarr - - - import_tasks: tasks/radarr.yml - when: (radarr_enabled | default(False)) - tags: radarr - - import_tasks: tasks/glances.yml when: (glances_enabled | default(False)) tags: glances - - import_tasks: tasks/netdata.yml - when: (netdata_enabled | default(False)) - tags: netdata - - - import_tasks: tasks/duplicati.yml - when: (duplicati_enabled | default(False)) - tags: duplicati - - - import_tasks: tasks/couchpotato.yml - when: (couchpotato_enabled | default(False)) - tags: couchpotato - - - import_tasks: tasks/sickchill.yml - when: (sickchill_enabled | default(False)) - tags: sickchill - - import_tasks: tasks/znc.yml when: (znc_enabled | default(False)) tags: znc @@ -120,14 +206,6 @@ when: (miniflux_enabled | default(False)) tags: miniflux - - import_tasks: tasks/nextcloud.yml - when: (nextcloud_enabled | default(False)) - tags: nextcloud - - - import_tasks: tasks/gitea.yml - when: (gitea_enabled | default(False)) - tags: gitea - - import_tasks: tasks/gitlab.yml when: (gitlab_enabled | default(False)) tags: gitlab @@ -144,14 +222,6 @@ when: (guacamole_enabled | default(False)) tags: guacamole - - import_tasks: tasks/airsonic.yml - when: (airsonic_enabled | default(False)) - tags: airsonic - - - import_tasks: tasks/cloudflare_ddns.yml - when: (cloudflare_ddns_enabled | default(False)) - tags: cloudflare_ddns - - import_tasks: tasks/minidlna.yml when: (minidlna_enabled | default(False)) tags: minidlna @@ -172,10 +242,6 @@ when: (joomla_enabled | default(False)) tags: joomla - - import_tasks: tasks/bitwarden.yml - when: (bitwarden_enabled | default(False)) - tags: bitwarden - - import_tasks: tasks/nzbget.yml when: (nzbget_enabled | default(False)) tags: nzbget @@ -196,14 +262,6 @@ when: (calibre_enabled | default(False)) tags: calibre - - import_tasks: tasks/homeassistant.yml - when: (homeassistant_enabled | default(False)) - tags: homeassistant - - - import_tasks: tasks/bazarr.yml - when: (bazarr_enabled | default(False)) - tags: bazarr - - import_tasks: tasks/openhab.yml when: (openhab_enabled | default(False)) tags: openhab @@ -224,26 +282,10 @@ when: (ubooquity_enabled | default(False)) tags: ubooquity - - import_tasks: tasks/utorrent.yml - when: (utorrent_enabled | default(False)) - tags: utorrent - - - import_tasks: tasks/ombi.yml - when: (ombi_enabled | default(False)) - tags: ombi - - - import_tasks: tasks/lidarr.yml - when: (lidarr_enabled | default(False)) - tags: lidarr - - import_tasks: tasks/youtubedlmaterial.yml when: (youtubedlmaterial_enabled | default(False)) tags: youtubedlmaterial - - import_tasks: tasks/serposcope.yml - when: (serposcope_enabled | default(False)) - tags: serposcope - - import_tasks: tasks/virtual_desktop.yml when: (virtual_desktop_enabled | default(False)) tags: virtual_desktop diff --git a/requirements.yml b/requirements.yml index 5b83cb88..0749ad22 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,9 +1,9 @@ --- - name: geerlingguy.docker - version: 2.7.0 + version: 3.0.0 - name: bertvv.samba version: v2.7.1 - name: geerlingguy.nfs - version: 1.5.0 + version: 2.0.0 diff --git a/roles/airsonic/defaults/main.yml b/roles/airsonic/defaults/main.yml new file mode 100644 index 00000000..d79b5e4a --- /dev/null +++ b/roles/airsonic/defaults/main.yml @@ -0,0 +1,12 @@ +--- +airsonic_enabled: false +airsonic_available_externally: "false" + +# directories +airsonic_data_directory: "{{ docker_home }}/airsonic" +airsonic_music_directory: "{{ music_root }}" +airsonic_podcasts_directory: "{{ podcasts_root }}" + +# network +airsonic_port: "4040" +airsonic_hostname: "airsonic" \ No newline at end of file diff --git a/tasks/airsonic.yml b/roles/airsonic/tasks/main.yml similarity index 65% rename from tasks/airsonic.yml rename to roles/airsonic/tasks/main.yml index dcf21cca..15326e63 100644 --- a/tasks/airsonic.yml +++ b/roles/airsonic/tasks/main.yml @@ -23,8 +23,10 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "airsonic" - traefik.frontend.rule: "Host:airsonic.{{ ansible_nas_domain }}" traefik.enable: "{{ airsonic_available_externally }}" - traefik.port: "4040" + traefik.http.routers.airsonic.rule: "Host(`{{ airsonic_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.airsonic.tls.certresolver: "letsencrypt" + traefik.http.routers.airsonic.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.airsonic.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.airsonic.loadbalancer.server.port: "4040" diff --git a/roles/ansible-nas-docker/defaults/main.yml b/roles/ansible-nas-docker/defaults/main.yml new file mode 100644 index 00000000..c0eba9ac --- /dev/null +++ b/roles/ansible-nas-docker/defaults/main.yml @@ -0,0 +1,12 @@ +--- +ansible_nas_user: david + +# Where you want Docker to store its container data. +docker_home: /mnt/Volume2/docker + +# Where you want Docker to store images +docker_image_directory: "{{ docker_home }}/data" + +# Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems +# You might want to change this to ZFS, depending on your underlying filesystem. +docker_storage_driver: overlay2 \ No newline at end of file diff --git a/tasks/docker.yml b/roles/ansible-nas-docker/tasks/main.yml similarity index 69% rename from tasks/docker.yml rename to roles/ansible-nas-docker/tasks/main.yml index f7ff349c..335574c9 100644 --- a/tasks/docker.yml +++ b/roles/ansible-nas-docker/tasks/main.yml @@ -1,44 +1,44 @@ --- -- name: install python3-pip +- name: Install python3-pip apt: name: python3-pip state: present register: result until: result is succeeded -- name: 'Remove docker-py python module' +- name: Remove docker-py python module pip: name: docker-py state: absent register: result until: result is succeeded -- name: 'Install docker python module' +- name: Install docker python module pip: name: docker state: present register: result until: result is succeeded -- name: create docker home +- name: Create Docker home directory file: path: "{{ docker_home }}" mode: 0755 state: directory -- name: add user account to docker group +- name: Add user account to Docker group user: name: "{{ ansible_nas_user }}" groups: docker append: yes -- name: update docker home from install default +- name: Update Docker home from install default template: - src: docker/daemon.json + src: daemon.json dest: /etc/docker/daemon.json register: docker_config -- name: restart docker +- name: Restart Docker service: name: docker state: restarted diff --git a/templates/docker/daemon.json b/roles/ansible-nas-docker/templates/daemon.json similarity index 100% rename from templates/docker/daemon.json rename to roles/ansible-nas-docker/templates/daemon.json diff --git a/roles/ansible-nas-general/defaults/main.yml b/roles/ansible-nas-general/defaults/main.yml new file mode 100644 index 00000000..c80d62a1 --- /dev/null +++ b/roles/ansible-nas-general/defaults/main.yml @@ -0,0 +1,20 @@ +--- +# Sets the hostname of your Ansible NAS +ansible_nas_hostname: ansible-nas + +# Update all apt packages when playbook is run +keep_packages_updated: false + +# Extra packages to install +ansible_nas_extra_packages: + - smartmontools + - htop + - zfsutils-linux + - bonnie++ + - unzip + - lm-sensors + - ctop + +# Sets the timezone for your Ansible NAS +# You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +ansible_nas_timezone: Etc/UTC \ No newline at end of file diff --git a/templates/ansible-nas/motd.txt b/roles/ansible-nas-general/files/motd.txt similarity index 100% rename from templates/ansible-nas/motd.txt rename to roles/ansible-nas-general/files/motd.txt diff --git a/tasks/general.yml b/roles/ansible-nas-general/tasks/main.yml similarity index 92% rename from tasks/general.yml rename to roles/ansible-nas-general/tasks/main.yml index 7ad21cef..c4236cba 100644 --- a/tasks/general.yml +++ b/roles/ansible-nas-general/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Set login banner - template: - src: ansible-nas/motd.txt + copy: + src: motd.txt dest: /etc/motd - name: Enable Universe repository @@ -21,7 +21,7 @@ - name: Upgrade all packages apt: - upgrade: true + upgrade: yes state: latest when: keep_packages_updated tags: diff --git a/roles/bazarr/defaults/main.yml b/roles/bazarr/defaults/main.yml new file mode 100644 index 00000000..1244e1a7 --- /dev/null +++ b/roles/bazarr/defaults/main.yml @@ -0,0 +1,16 @@ +--- +bazarr_enabled: false +bazarr_available_externally: "false" + +# directories +bazarr_data_directory: "{{ docker_home }}/bazarr/config" +bazarr_tv_directory: "{{ tv_root }}" +bazarr_movies_directory: "{{ movies_root }}" + +# uid/gid +bazarr_user_id: "0" +bazarr_group_id: "0" + +# network +bazarr_port: "6767" +bazarr_hostname: "bazarr" \ No newline at end of file diff --git a/tasks/bazarr.yml b/roles/bazarr/tasks/main.yml similarity index 63% rename from tasks/bazarr.yml rename to roles/bazarr/tasks/main.yml index a606f5bc..c77d29f9 100644 --- a/tasks/bazarr.yml +++ b/roles/bazarr/tasks/main.yml @@ -24,7 +24,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "bazarr" - traefik.frontend.rule: "Host:bazarr.{{ ansible_nas_domain }}" traefik.enable: "{{ bazarr_available_externally }}" - traefik.port: "6767" \ No newline at end of file + traefik.http.routers.bazarr.rule: "Host(`{{ bazarr_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.bazarr.tls.certresolver: "letsencrypt" + traefik.http.routers.bazarr.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.bazarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.bazarr.loadbalancer.server.port: "6767" \ No newline at end of file diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml new file mode 100644 index 00000000..954b29bf --- /dev/null +++ b/roles/bitwarden/defaults/main.yml @@ -0,0 +1,16 @@ +--- +bitwarden_enabled: false +bitwarden_available_externally: "false" +bitwarden_data_directory: "{{ docker_home }}/bitwarden" +bitwarden_port_a: "19080" +bitwarden_port_b: "3012" + +# Keep this token secret, this is password to access admin area of your server! +# This token can be anything, but it's recommended to use a long, randomly generated string of characters, +# for example running openssl rand -base64 48 +bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321 + +# To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook. +# Once you have created your user, set to "false" and run one more time. +# Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden +bitwarden_allow_signups: false \ No newline at end of file diff --git a/tasks/bitwarden.yml b/roles/bitwarden/tasks/main.yml similarity index 100% rename from tasks/bitwarden.yml rename to roles/bitwarden/tasks/main.yml diff --git a/roles/cloudflare_ddns/defaults/main.yml b/roles/cloudflare_ddns/defaults/main.yml new file mode 100644 index 00000000..3b10e547 --- /dev/null +++ b/roles/cloudflare_ddns/defaults/main.yml @@ -0,0 +1,23 @@ +--- +cloudflare_ddns_enabled: false + +# Data directory for config file +cloudflare_data_directory: "{{ docker_home }}/cloudflare_ddns" + +# Your domain name +cloudflare_zone: "{{ ansible_nas_domain }}" + +# The hostname you want the container to update. You shouldn't need to change this. +cloudflare_host: "*.{{ cloudflare_zone }}" + +# Cloudflare scoped token (https://github.com/joshuaavalon/docker-cloudflare#api-token) +# Make sure token permissions include #DNS:Edit and #Zone:Read +cloudflare_token: "abcdabcdabcd123412341234" + +# Set to true to make traffic go through the CloudFlare CDN. +# Note that if the cloudflare host is a wildcard (the default), this must be false, as cloudflare +# does not support http proxy of wildcard CNAMEs. +cloudflare_proxy: false + +# Set to AAAA to use set IPv6 records instead of IPv4 records. +cloudflare_type: "A" diff --git a/roles/cloudflare_ddns/tasks/main.yml b/roles/cloudflare_ddns/tasks/main.yml new file mode 100644 index 00000000..647c8560 --- /dev/null +++ b/roles/cloudflare_ddns/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Check for deprecated API key + fail: + msg: "Using a Cloudflare global API key is no longer supported. Please unset cloudflare_api_key and set cloudflare_token" + when: cloudflare_api_key is defined + +- name: Create cloudflare Dynamic DNS Directories + file: + path: "{{ cloudflare_data_directory }}" + state: directory + +- name: Template Cloudflare Dynamic DNS config.yml with scoped token + template: + src: config.yml + dest: "{{ cloudflare_data_directory }}/config.yml" + register: template_files_result + + +- name: Cloudflare Dynamic DNS Container + docker_container: + name: cloudflare-ddns + image: joshava/cloudflare-ddns:latest + pull: true + volumes: + - "{{ cloudflare_data_directory }}/config.yml:/app/config.yaml" + restart_policy: unless-stopped + memory: 512MB + recreate: "{{ template_files_result is changed }}" diff --git a/roles/cloudflare_ddns/templates/config.yml b/roles/cloudflare_ddns/templates/config.yml new file mode 100644 index 00000000..6cf189f1 --- /dev/null +++ b/roles/cloudflare_ddns/templates/config.yml @@ -0,0 +1,8 @@ +auth: + scopedToken: "{{ cloudflare_token }}" +domains: + - name: "{{ cloudflare_host }}" + type: "{{ cloudflare_type }}" + proxied: {{ cloudflare_proxy | bool }} + create: true + zoneName: "{{ cloudflare_zone }}" diff --git a/roles/couchpotato/defaults/main.yml b/roles/couchpotato/defaults/main.yml new file mode 100644 index 00000000..7644aba1 --- /dev/null +++ b/roles/couchpotato/defaults/main.yml @@ -0,0 +1,16 @@ +--- +couchpotato_enabled: false +couchpotato_available_externally: "false" + +# directories +couchpotato_config_directory: "{{ docker_home }}/couchpotato/config" +couchpotato_movies_directory: "{{ movies_root }}" +couchpotato_downloads_directory: "{{ downloads_root }}" +couchpotato_torrents_directory: "{{ torrents_root }}" + +# uid / gid +couchpotato_user_id: "0" +couchpotato_group_id: "0" + +# network +couchpotato_port: "5050" \ No newline at end of file diff --git a/tasks/couchpotato.yml b/roles/couchpotato/tasks/main.yml similarity index 67% rename from tasks/couchpotato.yml rename to roles/couchpotato/tasks/main.yml index c57e390d..f6beb35a 100644 --- a/tasks/couchpotato.yml +++ b/roles/couchpotato/tasks/main.yml @@ -26,7 +26,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "couchpotato" - traefik.frontend.rule: "Host:couchpotato.{{ ansible_nas_domain }}" traefik.enable: "{{ couchpotato_available_externally }}" - traefik.port: "5050" \ No newline at end of file + traefik.http.routers.couchpotato.rule: "Host(`couchpotato.{{ ansible_nas_domain }}`)" + traefik.http.routers.couchpotato.tls.certresolver: "letsencrypt" + traefik.http.routers.couchpotato.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.couchpotato.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.couchpotato.loadbalancer.server.port: "5050" \ No newline at end of file diff --git a/roles/duplicati/defaults/main.yml b/roles/duplicati/defaults/main.yml new file mode 100644 index 00000000..c96a421b --- /dev/null +++ b/roles/duplicati/defaults/main.yml @@ -0,0 +1,10 @@ +--- +duplicati_enabled: false +duplicati_available_externally: "false" + +# directories +duplicati_data_directory: "{{ docker_home }}/duplicati/config" + +# network +duplicati_port: "8200" +duplicati_hostname: "duplicati" diff --git a/tasks/duplicati.yml b/roles/duplicati/tasks/main.yml similarity index 60% rename from tasks/duplicati.yml rename to roles/duplicati/tasks/main.yml index 593ce80e..288fa3c1 100644 --- a/tasks/duplicati.yml +++ b/roles/duplicati/tasks/main.yml @@ -21,7 +21,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "duplicati" - traefik.frontend.rule: "Host:duplicati.{{ ansible_nas_domain }}" traefik.enable: "{{ duplicati_available_externally }}" - traefik.port: "8200" + traefik.http.routers.duplicati.rule: "Host(`{{ duplicati_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.duplicati.tls.certresolver: "letsencrypt" + traefik.http.routers.duplicati.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.duplicati.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.duplicati.loadbalancer.server.port: "8200" diff --git a/roles/emby/defaults/main.yml b/roles/emby/defaults/main.yml new file mode 100644 index 00000000..4c72091e --- /dev/null +++ b/roles/emby/defaults/main.yml @@ -0,0 +1,23 @@ +--- +emby_enabled: false +emby_available_externally: "false" + +# directories +emby_config_directory: "{{ docker_home }}/emby/config" +emby_movies_directory: "{{ movies_root }}" +emby_tv_directory: "{{ tv_root }}" + + +# If you're paranoid, set permissions to "ro" so Emby won't ever be able to +# delete your files +emby_movies_permissions: "rw" +emby_tv_permissions: "rw" + +# uid / gid +emby_user_id: "0" +emby_group_id: "0" + +# network +emby_port_http: "8096" +emby_port_https: "8920" +emby_hostname: "emby" \ No newline at end of file diff --git a/tasks/emby.yml b/roles/emby/tasks/main.yml similarity index 66% rename from tasks/emby.yml rename to roles/emby/tasks/main.yml index 38ec652c..3dd068f6 100644 --- a/tasks/emby.yml +++ b/roles/emby/tasks/main.yml @@ -17,7 +17,6 @@ ports: - "{{ emby_port_http }}:8096" - "{{ emby_port_https }}:8920" - network_mode: host env: TZ: "{{ ansible_nas_timezone }}" PUID: "{{ emby_user_id }}" @@ -25,7 +24,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "emby" - traefik.frontend.rule: "Host:emby.{{ ansible_nas_domain }}" traefik.enable: "{{ emby_available_externally }}" - traefik.port: "8096" \ No newline at end of file + traefik.http.routers.emby.rule: "Host(`{{ emby_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.emby.tls.certresolver: "letsencrypt" + traefik.http.routers.emby.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.emby.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.emby.loadbalancer.server.port: "8096" \ No newline at end of file diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml new file mode 100644 index 00000000..86f4981a --- /dev/null +++ b/roles/gitea/defaults/main.yml @@ -0,0 +1,11 @@ +--- +gitea_enabled: false +gitea_available_externally: "false" + +# directories +gitea_data_directory: "{{ docker_home }}/gitea" + +# network +gitea_hostname: "gitea" +gitea_port_http: "3001" +gitea_port_ssh: "222" \ No newline at end of file diff --git a/tasks/gitea.yml b/roles/gitea/tasks/main.yml similarity index 77% rename from tasks/gitea.yml rename to roles/gitea/tasks/main.yml index 34efdfad..7a0ab802 100644 --- a/tasks/gitea.yml +++ b/roles/gitea/tasks/main.yml @@ -62,13 +62,15 @@ RUN_MODE: "prod" SSH_DOMAIN: "{{ ansible_nas_hostname }}" SSH_PORT: "{{ gitea_port_ssh }}" - ROOT_URL: "http://{{ ansible_nas_hostname }}:{{ gitea_port_http }}/" + ROOT_URL: "http://{{ gitea_hostname }}:{{ gitea_port_http }}/" USER_UID: "1309" USER_GID: "1309" restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "gitea" - traefik.frontend.rule: "Host:gitea.{{ ansible_nas_domain }}" traefik.enable: "{{ gitea_available_externally }}" - traefik.port: "3000" + traefik.http.routers.gitea.rule: "Host(`{{ gitea_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.gitea.tls.certresolver: "letsencrypt" + traefik.http.routers.gitea.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.gitea.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.gitea.loadbalancer.server.port: "3000" diff --git a/roles/heimdall/defaults/main.yml b/roles/heimdall/defaults/main.yml new file mode 100644 index 00000000..342190bd --- /dev/null +++ b/roles/heimdall/defaults/main.yml @@ -0,0 +1,16 @@ +--- +heimdall_enabled: true +heimdall_available_externally: "false" + +# directories +heimdall_docker_image: linuxserver/heimdall:latest +heimdall_data_directory: "{{ docker_home }}/heimdall" + +# network +heimdall_port_http: "10080" +heimdall_port_https: "10443" +heimdall_hostname: heimdall + +# uid / gid +heimdall_user_id: "1310" +heimdall_group_id: "1310" \ No newline at end of file diff --git a/tasks/heimdall.yml b/roles/heimdall/tasks/main.yml similarity index 61% rename from tasks/heimdall.yml rename to roles/heimdall/tasks/main.yml index c7e9670b..75896a78 100644 --- a/tasks/heimdall.yml +++ b/roles/heimdall/tasks/main.yml @@ -2,13 +2,13 @@ - name: Create Heimdall group group: name: heimdall - gid: 1310 + gid: "{{ heimdall_group_id }}" state: present - name: Create Heimdall user user: name: heimdall - uid: 1310 + uid: "{{ heimdall_user_id }}" state: present system: yes update_password: on_create @@ -32,8 +32,8 @@ volumes: - "{{ heimdall_data_directory }}:/config:rw" env: - PUID: "1310" - PGID: "1310" + PUID: "{{ heimdall_user_id }}" + PGID: "{{ heimdall_group_id }}" TZ: "{{ ansible_nas_timezone }}" ports: - "{{ heimdall_port_http }}:80" @@ -41,7 +41,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "heimdall" - traefik.frontend.rule: "Host:heimdall.{{ ansible_nas_domain }}" traefik.enable: "{{ heimdall_available_externally }}" - traefik.port: "80" \ No newline at end of file + traefik.http.routers.heimdall.rule: "Host(`{{ heimdall_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.heimdall.tls.certresolver: "letsencrypt" + traefik.http.routers.heimdall.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.heimdall.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.heimdall.loadbalancer.server.port: "80" \ No newline at end of file diff --git a/roles/homeassistant/defaults/main.yml b/roles/homeassistant/defaults/main.yml new file mode 100644 index 00000000..1101b8b2 --- /dev/null +++ b/roles/homeassistant/defaults/main.yml @@ -0,0 +1,10 @@ +--- +homeassistant_enabled: false +homeassistant_available_externally: "false" + +# directories +homeassistant_data_directory: "{{ docker_home }}/homeassistant" + +# network +homeassistant_port: "8123" +homeassistant_hostname: "homeassistant" \ No newline at end of file diff --git a/tasks/homeassistant.yml b/roles/homeassistant/tasks/main.yml similarity index 56% rename from tasks/homeassistant.yml rename to roles/homeassistant/tasks/main.yml index 7645fd6e..960eda88 100644 --- a/tasks/homeassistant.yml +++ b/roles/homeassistant/tasks/main.yml @@ -17,9 +17,10 @@ env: TZ: "{{ ansible_nas_timezone }}" labels: - traefik.backend: "homeassistant" - traefik.frontend.rule: "Host:homeassistant.{{ ansible_nas_domain }}" traefik.enable: "{{ homeassistant_available_externally }}" - traefik.port: "8123" - traefik.frontend.headers.SSLRedirect: "true" + traefik.http.routers.homeassistant.rule: "Host(`{{ homeassistant_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.homeassistant.tls.certresolver: "letsencrypt" + traefik.http.routers.homeassistant.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.homeassistant.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.homeassistant.loadbalancer.server.port: "8123" memory: 1g diff --git a/roles/lidarr/defaults/main.yml b/roles/lidarr/defaults/main.yml new file mode 100644 index 00000000..5bdfe9a9 --- /dev/null +++ b/roles/lidarr/defaults/main.yml @@ -0,0 +1,16 @@ +--- +lidarr_enabled: false +lidarr_available_externally: "false" + +# directories +lidarr_data_directory: "{{ docker_home }}/lidarr/config" +lidarr_music_directory: "{{ music_root }}" +lidarr_downloads_directory: "{{ downloads_root }}" + +# uid/gid +lidarr_user_id: "0" +lidarr_group_id: "0" + +# network +lidarr_port: "8686" +lidarr_hostname: "lidarr" \ No newline at end of file diff --git a/tasks/lidarr.yml b/roles/lidarr/tasks/main.yml similarity index 56% rename from tasks/lidarr.yml rename to roles/lidarr/tasks/main.yml index 0c48a8b2..9a2497e7 100644 --- a/tasks/lidarr.yml +++ b/roles/lidarr/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: Create lidarr Directory +- name: Create Lidarr Directory file: path: "{{ lidarr_data_directory }}" state: directory -- name: lidarr +- name: Lidarr Docker Container docker_container: name: lidarr image: linuxserver/lidarr @@ -22,7 +22,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "lidarr" - traefik.frontend.rule: "Host:lidarr.{{ ansible_nas_domain }}" traefik.enable: "{{ lidarr_available_externally }}" - traefik.port: "8686" \ No newline at end of file + traefik.http.routers.lidarr.rule: "Host(`{{ lidarr_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.lidarr.tls.certresolver: "letsencrypt" + traefik.http.routers.lidarr.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.lidarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.lidarr.loadbalancer.server.port: "8686" diff --git a/roles/netdata/defaults/main.yml b/roles/netdata/defaults/main.yml new file mode 100644 index 00000000..3c8823f2 --- /dev/null +++ b/roles/netdata/defaults/main.yml @@ -0,0 +1,6 @@ +netdata_enabled: false +netdata_available_externally: "false" + +# network +netdata_hostname: "netdata" +netdata_port: "19999" \ No newline at end of file diff --git a/tasks/netdata.yml b/roles/netdata/tasks/main.yml similarity index 63% rename from tasks/netdata.yml rename to roles/netdata/tasks/main.yml index 7065a4f0..735d2a5c 100644 --- a/tasks/netdata.yml +++ b/roles/netdata/tasks/main.yml @@ -1,4 +1,4 @@ -###### Create +--- - name: Get docker group id group: name: docker @@ -26,7 +26,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "netdata" - traefik.frontend.rule: "Host:netdata.{{ ansible_nas_domain }}" traefik.enable: "{{ netdata_available_externally }}" - traefik.port: "19999" \ No newline at end of file + traefik.http.routers.netdata.rule: "Host(`{{ netdata_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.netdata.tls.certresolver: "letsencrypt" + traefik.http.routers.netdata.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.netdata.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.netdata.loadbalancer.server.port: "19999" \ No newline at end of file diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml new file mode 100644 index 00000000..4ba82b18 --- /dev/null +++ b/roles/nextcloud/defaults/main.yml @@ -0,0 +1,15 @@ +--- +nextcloud_enabled: false +nextcloud_available_externally: "false" + +# directories +nextcloud_data_directory: "{{ docker_home }}/nextcloud" + +# network +nextcloud_port: "8080" +nextcloud_hostname: "nextcloud" + +# username / passwords +nextcloud_sql_user: "nextcloud-user" +nextcloud_sql_pass: "nextcloud-pass" +nextcloud_sql_secret: "nextcloud-secret" \ No newline at end of file diff --git a/tasks/nextcloud.yml b/roles/nextcloud/tasks/main.yml similarity index 56% rename from tasks/nextcloud.yml rename to roles/nextcloud/tasks/main.yml index d712ded0..6ae1b9cd 100644 --- a/tasks/nextcloud.yml +++ b/roles/nextcloud/tasks/main.yml @@ -16,9 +16,9 @@ - "{{ nextcloud_data_directory }}/mysql:/var/lib/mysql:rw" env: MYSQL_DATABASE: "nextcloud" - MYSQL_USER: "nextcloud-user" - MYSQL_PASSWORD: "nextcloud-pass" - MYSQL_ROOT_PASSWORD: "nextcloud-secret" + MYSQL_USER: "{{ nextcloud_sql_user }}" + MYSQL_PASSWORD: "{{ nextcloud_sql_pass }}" + MYSQL_ROOT_PASSWORD: "{{ nextcloud_sql_secret }}" restart_policy: unless-stopped memory: 1g @@ -36,13 +36,16 @@ env: MYSQL_HOST: "mysql" MYSQL_DATABASE: "nextcloud" - MYSQL_USER: "nextcloud-user" - MYSQL_PASSWORD: "nextcloud-pass" - NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.{{ ansible_nas_domain }}" + MYSQL_USER: "{{ nextcloud_sql_user }}" + MYSQL_PASSWORD: "{{ nextcloud_sql_pass }}" + NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_hostname }}.{{ ansible_nas_domain }}" restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "nextcloud" - traefik.frontend.rule: "Host:nextcloud.{{ ansible_nas_domain }}" traefik.enable: "{{ nextcloud_available_externally }}" - traefik.port: "80" \ No newline at end of file + traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.nextcloud.tls.certresolver: "letsencrypt" + traefik.http.routers.nextcloud.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.nextcloud.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.nextcloud.loadbalancer.server.port: "80" + diff --git a/roles/ombi/defaults/main.yml b/roles/ombi/defaults/main.yml new file mode 100644 index 00000000..acd962c5 --- /dev/null +++ b/roles/ombi/defaults/main.yml @@ -0,0 +1,14 @@ +--- +ombi_enabled: false +ombi_available_externally: "false" + +# directories +ombi_config_directory: "{{ docker_home }}/ombi/config" + +# network +ombi_port: "3579" +ombi_hostname: "ombi" + +# uid / gid +ombi_user_id: "0" +ombi_group_id: "0" \ No newline at end of file diff --git a/roles/ombi/tasks/main.yml b/roles/ombi/tasks/main.yml new file mode 100644 index 00000000..442ceb9b --- /dev/null +++ b/roles/ombi/tasks/main.yml @@ -0,0 +1,29 @@ + +--- +- name: Create Ombi Directories + file: + path: "{{ ombi_config_directory }}" + state: directory + +- name: Ombi Docker Container + docker_container: + name: ombi + image: linuxserver/ombi + pull: true + volumes: + - "{{ ombi_config_directory }}:/config:rw" + ports: + - "{{ ombi_port }}:3579" + env: + TZ: "{{ ansible_nas_timezone }}" + PUID: "{{ ombi_user_id }}" + PGID: "{{ ombi_group_id }}" + restart_policy: unless-stopped + memory: 1g + labels: + traefik.enable: "{{ ombi_available_externally }}" + traefik.http.routers.ombi.rule: "Host(`{{ ombi_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.ombi.tls.certresolver: "letsencrypt" + traefik.http.routers.ombi.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.ombi.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.ombi.loadbalancer.server.port: "3579" diff --git a/roles/organizr/defaults/main.yml b/roles/organizr/defaults/main.yml new file mode 100644 index 00000000..6823a3d6 --- /dev/null +++ b/roles/organizr/defaults/main.yml @@ -0,0 +1,15 @@ +--- +organizr_enabled: false +organizr_available_externally: "false" + +# directories +organizr_data_directory: "{{ docker_home }}/organizr" + +# network +organizr_port_http: "10081" +organizr_port_https: "10444" +organizr_hostname: "organizr" + +# uid / gid +organizr_user_id: "1000" +organizr_group_id: "1000" \ No newline at end of file diff --git a/tasks/organizr.yml b/roles/organizr/tasks/main.yml similarity index 58% rename from tasks/organizr.yml rename to roles/organizr/tasks/main.yml index df35aeb1..3b92f276 100644 --- a/tasks/organizr.yml +++ b/roles/organizr/tasks/main.yml @@ -1,4 +1,3 @@ - --- - name: Create Organizr Directories file: @@ -10,7 +9,7 @@ - name: Create Organizr container docker_container: name: organizr - image: organizrtools/organizr-v2:latest + image: organizr/organizr:latest pull: true volumes: - "{{ organizr_data_directory }}:/config:rw" @@ -24,7 +23,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "organizr" - traefik.frontend.rule: "Host:organizr.{{ ansible_nas_domain }}" traefik.enable: "{{ organizr_available_externally }}" - traefik.port: "80" + traefik.http.routers.organizr.rule: "Host(`{{ organizr_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.organizr.tls.certresolver: "letsencrypt" + traefik.http.routers.organizr.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.organizr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.organizr.loadbalancer.server.port: "80" diff --git a/roles/plex/defaults/main.yml b/roles/plex/defaults/main.yml new file mode 100644 index 00000000..6c457b29 --- /dev/null +++ b/roles/plex/defaults/main.yml @@ -0,0 +1,39 @@ +--- +plex_enabled: false +plex_available_externally: "false" + +# directories +plex_config_directory: "{{ docker_home }}/plex/config" +plex_logs: "{{ docker_home }}/plex/logs" +plex_movies_directory: "{{ movies_root }}" +plex_tv_directory: "{{ tv_root }}" +plex_photos_directory: "{{ photos_root }}" +plex_podcasts_directory: "{{ podcasts_root }}" +plex_music_directory: "{{ music_root }}" + +# uid / gid +plex_user_id: "0" +plex_group_id: "0" + +# If you're paranoid, set permissions to "ro" so Plex won't ever be able to +# delete your files +plex_movies_permissions: "rw" +plex_tv_permissions: "rw" +plex_photos_permissions: "rw" +plex_podcasts_permissions: "rw" +plex_music_permissions: "rw" + +# network +plex_hostname: "plex" + +# specs +plex_memory: "2g" + +# Device mappings for the docker container. E.g. To enable hardware transcoding: +# plex_devices: +# - "/dev/dri:/dev/dri" + + +# see https://hub.docker.com/r/linuxserver/plex for details on this setting +plex_version: "docker" + diff --git a/tasks/plex.yml b/roles/plex/tasks/main.yml similarity index 67% rename from tasks/plex.yml rename to roles/plex/tasks/main.yml index f3627b26..59df6d3c 100644 --- a/tasks/plex.yml +++ b/roles/plex/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create Plex Directories file: path: "{{ item }}" @@ -21,14 +22,18 @@ - "{{ plex_podcasts_directory }}:/podcasts:{{ plex_podcasts_permissions }}" - "{{ plex_music_directory }}:/music:{{ plex_music_permissions }}" network_mode: "host" + devices: "{{ plex_devices | default(omit) }}" env: TZ: "{{ ansible_nas_timezone }}" PUID: "{{ plex_user_id }}" PGID: "{{ plex_group_id }}" + VERSION: "{{ plex_version }}" restart_policy: unless-stopped - memory: 2g + memory: "{{ plex_memory }}" labels: - traefik.backend: "plex" - traefik.frontend.rule: "Host:plex.{{ ansible_nas_domain }}" traefik.enable: "{{ plex_available_externally }}" - traefik.port: "32400" + traefik.http.routers.plex.rule: "Host(`{{ plex_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.plex.tls.certresolver: "letsencrypt" + traefik.http.routers.plex.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.plex.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.plex.loadbalancer.server.port: "32400" diff --git a/roles/portainer/defaults/main.yml b/roles/portainer/defaults/main.yml new file mode 100644 index 00000000..1ac3e2ec --- /dev/null +++ b/roles/portainer/defaults/main.yml @@ -0,0 +1,10 @@ +--- +portainer_enabled: false +portainer_available_externally: "false" + +# directories +portainer_data_directory: "{{ docker_home }}/portainer/config" + +# network +portainer_port: "9000" +portainer_hostname: "portainer" \ No newline at end of file diff --git a/tasks/portainer.yml b/roles/portainer/tasks/main.yml similarity index 55% rename from tasks/portainer.yml rename to roles/portainer/tasks/main.yml index ceaac16b..b45ddc49 100644 --- a/tasks/portainer.yml +++ b/roles/portainer/tasks/main.yml @@ -9,7 +9,7 @@ - name: Portainer Docker Container docker_container: name: portainer - image: portainer/portainer + image: portainer/portainer-ce pull: true volumes: - "{{ portainer_data_directory }}:/data:rw" @@ -20,7 +20,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "portainer" - traefik.frontend.rule: "Host:portainer.{{ ansible_nas_domain }}" traefik.enable: "{{ portainer_available_externally }}" - traefik.port: "9000" \ No newline at end of file + traefik.http.routers.portainer.rule: "Host(`{{ portainer_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.portainer.tls.certresolver: "letsencrypt" + traefik.http.routers.portainer.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.portainer.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.portainer.loadbalancer.server.port: "9000" diff --git a/roles/radarr/defaults/main.yml b/roles/radarr/defaults/main.yml new file mode 100644 index 00000000..805ee8c8 --- /dev/null +++ b/roles/radarr/defaults/main.yml @@ -0,0 +1,16 @@ +--- +radarr_enabled: false +radarr_available_externally: "false" + +# directories +radarr_movies_directory: "{{ movies_root }}" +radarr_download_directory: "{{ downloads_root }}" +radarr_data_directory: "{{ docker_home }}/radarr" + +# uid / gid +radarr_user_id: "0" +radarr_group_id: "0" + +# network +radarr_port: "7878" +radarr_hostname: "radarr" \ No newline at end of file diff --git a/tasks/radarr.yml b/roles/radarr/tasks/main.yml similarity index 63% rename from tasks/radarr.yml rename to roles/radarr/tasks/main.yml index 3a802e80..80c615c6 100644 --- a/tasks/radarr.yml +++ b/roles/radarr/tasks/main.yml @@ -24,7 +24,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "radarr" - traefik.frontend.rule: "Host:radarr.{{ ansible_nas_domain }}" traefik.enable: "{{ radarr_available_externally }}" - traefik.port: "7878" \ No newline at end of file + traefik.http.routers.radarr.rule: "Host(`{{ radarr_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.radarr.tls.certresolver: "letsencrypt" + traefik.http.routers.radarr.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.radarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.radarr.loadbalancer.server.port: "7878" \ No newline at end of file diff --git a/roles/sickchill/defaults/main.yml b/roles/sickchill/defaults/main.yml new file mode 100644 index 00000000..a7cbfcc7 --- /dev/null +++ b/roles/sickchill/defaults/main.yml @@ -0,0 +1,16 @@ +--- +sickchill_enabled: false +sickchill_available_externally: "false" + +# directories +sickchill_config_directory: "{{ docker_home }}/sickchill/config" +sickchill_tv_directory: "{{ tv_root }}" +sickchill_downloads_directory: "{{ downloads_root }}/completed" + +# uid / gid +sickchill_user_id: "0" +sickchill_group_id: "0" + +# network +sickchill_port: "8081" +sickchill_hostname: "sickchill" \ No newline at end of file diff --git a/tasks/sickchill.yml b/roles/sickchill/tasks/main.yml similarity index 64% rename from tasks/sickchill.yml rename to roles/sickchill/tasks/main.yml index 4883501f..c037e447 100644 --- a/tasks/sickchill.yml +++ b/roles/sickchill/tasks/main.yml @@ -1,10 +1,4 @@ --- -- name: Remove Old Sickrage Docker Container - docker_container: - name: sickrage - state: absent - keep_volumes: true - - name: Create Sickchill Directories file: path: "{{ item }}" @@ -31,7 +25,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "sickchill" - traefik.frontend.rule: "Host:sickchill.{{ ansible_nas_domain }}" traefik.enable: "{{ sickchill_available_externally }}" - traefik.port: "8081" + traefik.http.routers.sickchill.rule: "Host(`{{ sickchill_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.sickchill.tls.certresolver: "letsencrypt" + traefik.http.routers.sickchill.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.sickchill.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.sickchill.loadbalancer.server.port: "8081" diff --git a/roles/sonarr/defaults/main.yml b/roles/sonarr/defaults/main.yml new file mode 100644 index 00000000..9004c5f0 --- /dev/null +++ b/roles/sonarr/defaults/main.yml @@ -0,0 +1,16 @@ +--- +sonarr_enabled: false +sonarr_available_externally: "false" + +# directories +sonarr_data_directory: "{{ docker_home }}/sonarr/config" +sonarr_tv_directory: "{{ tv_root }}" +sonarr_download_directory: "{{ downloads_root }}" + +# uid / gid +sonarr_user_id: "0" +sonarr_group_id: "0" + +# network +sonarr_port: "8989" +sonarr_hostname: "sonarr" \ No newline at end of file diff --git a/tasks/sonarr.yml b/roles/sonarr/tasks/main.yml similarity index 63% rename from tasks/sonarr.yml rename to roles/sonarr/tasks/main.yml index e0f6d76d..8af72def 100644 --- a/tasks/sonarr.yml +++ b/roles/sonarr/tasks/main.yml @@ -24,7 +24,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "sonarr" - traefik.frontend.rule: "Host:sonarr.{{ ansible_nas_domain }}" traefik.enable: "{{ sonarr_available_externally }}" - traefik.port: "8989" \ No newline at end of file + traefik.http.routers.sonarr.rule: "Host(`{{ sonarr_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.sonarr.tls.certresolver: "letsencrypt" + traefik.http.routers.sonarr.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.sonarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.sonarr.loadbalancer.server.port: "8989" \ No newline at end of file diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml new file mode 100644 index 00000000..1a0eda9c --- /dev/null +++ b/roles/traefik/defaults/main.yml @@ -0,0 +1,29 @@ +--- +# External Access +# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your +# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. +# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally" +# settings. +traefik_enabled: false + +# directories +traefik_data_directory: "{{ docker_home }}/traefik" + +# network +traefik_port_http: "80" +traefik_port_https: "443" +traefik_port_ui: "8083" + +traefik_docker_image: traefik:v2.4 +traefik_log_level: "INFO" + +# find the relevant name and environment variables for your DNS provider at https://go-acme.github.io/lego/dns/ +traefik_dns_provider: cloudflare +traefik_environment_variables: + CF_DNS_API_TOKEN: "abcdabcd123412341234" + +# Ansible-NAS requests a wildcard certificate for your domain, so there should be no reason to have to use the staging +# letsencrypt acme server. If you do want to flip between staging/production, you might need to stop Traefik and clear +# the "{{ docker_home }}/traefik" after changing this setting. +# traefik_acme_server: "https://acme-staging-v02.api.letsencrypt.org/directory" # staging +traefik_acme_server: "https://acme-v02.api.letsencrypt.org/directory" # production diff --git a/tasks/traefik.yml b/roles/traefik/tasks/main.yml similarity index 68% rename from tasks/traefik.yml rename to roles/traefik/tasks/main.yml index dfcb8ec2..85f2f691 100644 --- a/tasks/traefik.yml +++ b/roles/traefik/tasks/main.yml @@ -1,25 +1,17 @@ --- -- name: Ensure Nginx Docker Container is absent - docker_container: - name: nginx-proxy - state: absent - -- name: Nginx Letsencrypt Container is absent - docker_container: - name: letsencrypt-nginx-proxy-companion - state: absent - - name: Create Traefik Directories file: path: "{{ item }}" state: directory with_items: - "{{ traefik_data_directory }}" + - "{{ traefik_data_directory }}/letsencrypt" - name: Template Traefik config.toml template: - src: traefik/traefik.toml + src: traefik.toml dest: "{{ traefik_data_directory }}/traefik.toml" + register: template_config - name: Traefik Docker Container docker_container: @@ -29,6 +21,9 @@ network_mode: host volumes: - "{{ traefik_data_directory }}/traefik.toml:/etc/traefik/traefik.toml:ro" + - "{{ traefik_data_directory }}/letsencrypt:/letsencrypt:rw" - "/var/run/docker.sock:/var/run/docker.sock:ro" + env: "{{ traefik_environment_variables }}" restart_policy: unless-stopped memory: 1g + recreate: "{{ template_config is changed }}" diff --git a/roles/traefik/templates/traefik.toml b/roles/traefik/templates/traefik.toml new file mode 100644 index 00000000..6d356da9 --- /dev/null +++ b/roles/traefik/templates/traefik.toml @@ -0,0 +1,46 @@ +[entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web.http.redirections.entryPoint] + to = "websecure" + + [entryPoints.websecure] + address = ":{{ traefik_port_https }}" + + [entryPoints.websecure.http.tls] + certResolver = "letsencrypt" + + [entryPoints.websecure.http.tls.domains] + main = "{{ ansible_nas_domain }}" + sans = [ + "*.{{ ansible_nas_domain }}" + ] + + [entryPoints.traefik] + address = ":{{ traefik_port_ui }}" + +[providers] + providersThrottleDuration = "2s" + [providers.docker] + exposedbydefault = false + +[api] + insecure = true + dashboard = true + +[log] + level = "{{ traefik_log_level }}" + +[ping] + terminatingStatusCode = 0 + +[certificatesResolvers] + [certificatesResolvers.letsencrypt] + [certificatesResolvers.letsencrypt.acme] + email = "{{ ansible_nas_email }}" + storage = "/letsencrypt/acme.json" + caserver = "{{ traefik_acme_server }}" + + [certificatesResolvers.letsencrypt.acme.dnsChallenge] + provider = "{{ traefik_dns_provider }}" diff --git a/roles/transmission-with-openvpn/defaults/main.yml b/roles/transmission-with-openvpn/defaults/main.yml new file mode 100644 index 00000000..d58ff75e --- /dev/null +++ b/roles/transmission-with-openvpn/defaults/main.yml @@ -0,0 +1,31 @@ +--- +transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials +transmission_with_openvpn_available_externally: "false" + +# directories +transmission_config_directory: "{{ docker_home }}/transmission/config" +transmission_download_directory: "{{ downloads_root }}" +transmission_watch_directory: "{{ torrents_root }}" + +# uid / gid +transmission_openvpn_user_id: "0" +transmission_openvpn_group_id: "0" + +# transmission config +transmission_openvpn_ratio_limit_enabled: "true" +transmission_openvpn_ratio_limit: "2" +transmission_openvpn_local_network: "192.168.1.0/24" + +# network config +transmission_openvpn_webui_port: "9091" +transmission_openvpn_external_port: "51415" +transmission_openvpn_proxy_port: "3128" +transmission_openvpn_hostname: "transmission_openvpn" + +# Transmission VPN Credentials +# If you're using Transmission with a VPN, you'll need to set these credentials. +# See https://github.com/haugene/docker-transmission-openvpn/ for supported VPN providers. +openvpn_username: leisure-suit-larry +openvpn_password: secretpassword +openvpn_provider: AWESOMEVPNPROVIDER +openvpn_config: United-Kingdom \ No newline at end of file diff --git a/tasks/transmission_with_openvpn.yml b/roles/transmission-with-openvpn/tasks/main.yml similarity index 69% rename from tasks/transmission_with_openvpn.yml rename to roles/transmission-with-openvpn/tasks/main.yml index 379a639e..3374ab8b 100644 --- a/tasks/transmission_with_openvpn.yml +++ b/roles/transmission-with-openvpn/tasks/main.yml @@ -38,9 +38,9 @@ OPENVPN_CONFIG: "{{ openvpn_config }}" WEBPROXY_ENABLED: "true" WEBPROXY_PORT: "3128" - PUID: "{{ transmission_user_id }}" - PGID: "{{ transmission_group_id }}" - LOCAL_NETWORK: "{{ transmission_local_network }}" + PUID: "{{ transmission_openvpn_user_id }}" + PGID: "{{ transmission_openvpn_group_id }}" + LOCAL_NETWORK: "{{ transmission_openvpn_local_network }}" ENABLE_UFW: "false" devices: - /dev/net/tun @@ -49,7 +49,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "transmission-openvpn" - traefik.frontend.rule: "Host:transmission-openvpn.{{ ansible_nas_domain }}" - traefik.enable: "{{ transmission_with_openvpn_available_externally }}" - traefik.port: "9091" + traefik.enable: "{{ transmission_openvpn_available_externally }}" + traefik.http.routers.transmission_openvpn.rule: "Host(`{{ transmission_openvpn_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.transmission_openvpn.tls.certresolver: "letsencrypt" + traefik.http.routers.transmission_openvpn.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.transmission_openvpn.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.transmission_openvpn.loadbalancer.server.port: "9091" diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml new file mode 100644 index 00000000..8b466b6d --- /dev/null +++ b/roles/transmission/defaults/main.yml @@ -0,0 +1,19 @@ +--- +transmission_enabled: false +transmission_available_externally: "false" + +# directories +transmission_config_directory: "{{ docker_home }}/transmission/config" +transmission_download_directory: "{{ downloads_root }}" +transmission_watch_directory: "{{ torrents_root }}" + +# uid / gid +transmission_user_id: "0" +transmission_group_id: "0" + +# network +transmission_webui_port: "9092" +transmission_external_port: "51414" +transmission_hostname: "transmission" + +transmission_timezone: "{{ ansible_nas_timezone }}" \ No newline at end of file diff --git a/tasks/transmission.yml b/roles/transmission/tasks/main.yml similarity index 66% rename from tasks/transmission.yml rename to roles/transmission/tasks/main.yml index 6a04e67c..99e2fe63 100644 --- a/tasks/transmission.yml +++ b/roles/transmission/tasks/main.yml @@ -23,13 +23,15 @@ - "{{ transmission_external_port }}:51413" - "{{ transmission_external_port }}:51413/udp" env: - TZ: "{{ ansible_nas_timezone }}" + TZ: "{{ transmission_timezone }}" PUID: "{{ transmission_user_id }}" PGID: "{{ transmission_group_id }}" restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "transmission" - traefik.frontend.rule: "Host:transmission.{{ ansible_nas_domain }}" traefik.enable: "{{ transmission_available_externally }}" - traefik.port: "9091" + traefik.http.routers.transmission.rule: "Host(`{{ transmission_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.transmission.tls.certresolver: "letsencrypt" + traefik.http.routers.transmission.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.transmission.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.transmission.loadbalancer.server.port: "9091" \ No newline at end of file diff --git a/roles/utorrent/defaults/main.yml b/roles/utorrent/defaults/main.yml new file mode 100644 index 00000000..340b756a --- /dev/null +++ b/roles/utorrent/defaults/main.yml @@ -0,0 +1,17 @@ +--- +utorrent_enabled: false +utorrent_available_externally: "false" + +# directories +utorrent_config_directory: "{{ docker_home }}/utorrent/config" +utorrent_download_directory: "{{ downloads_root }}" +utorrent_download_directory_active: "{{ downloads_root }}/.incomplete" + +# uid / gid +utorrent_user_id: "0" +utorrent_group_id: "0" + +# network +utorrent_port_http: "8111" +utorrent_port_bt: "6881" +utorrent_hostname: "utorrent" \ No newline at end of file diff --git a/tasks/utorrent.yml b/roles/utorrent/tasks/main.yml similarity index 67% rename from tasks/utorrent.yml rename to roles/utorrent/tasks/main.yml index e92c8fd1..7eb7377e 100644 --- a/tasks/utorrent.yml +++ b/roles/utorrent/tasks/main.yml @@ -6,6 +6,7 @@ with_items: - "{{ utorrent_config_directory }}" - "{{ utorrent_download_directory }}" + - "{{ utorrent_download_directory_active }}" - name: uTorrent Docker Container docker_container: @@ -30,7 +31,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "utorrent" - traefik.frontend.rule: "Host:utorrent.{{ ansible_nas_domain }}" traefik.enable: "{{ utorrent_available_externally }}" - traefik.port: "8080" + traefik.http.routers.utorrent.rule: "Host(`{{ utorrent_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.utorrent.tls.certresolver: "letsencrypt" + traefik.http.routers.utorrent.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.utorrent.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.utorrent.loadbalancer.server.port: "8080" diff --git a/roles/watchtower/defaults/main.yml b/roles/watchtower/defaults/main.yml new file mode 100644 index 00000000..84b766ce --- /dev/null +++ b/roles/watchtower/defaults/main.yml @@ -0,0 +1,17 @@ +--- +watchtower_enabled: false + +# Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily. +watchtower_cron_schedule: 0 0 5 * * * + +# Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive +# notifications or not, some examples are provided below. See https://containrrr.dev/watchtower/arguments/ for more options. + +# No notifications +watchtower_command: "--schedule '{{ watchtower_cron_schedule }}'" + +# Email notifications +# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'" + +# Slack notifications +# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'" diff --git a/tasks/watchtower.yml b/roles/watchtower/tasks/main.yml similarity index 85% rename from tasks/watchtower.yml rename to roles/watchtower/tasks/main.yml index cec090f6..65ed092c 100644 --- a/tasks/watchtower.yml +++ b/roles/watchtower/tasks/main.yml @@ -2,7 +2,7 @@ - name: Watchtower Docker Container docker_container: name: watchtower - image: v2tec/watchtower + image: containrrr/watchtower pull: true volumes: - "/var/run/docker.sock:/var/run/docker.sock" diff --git a/tasks/calibre.yml b/tasks/calibre.yml index 321fe00d..b19d0187 100644 --- a/tasks/calibre.yml +++ b/tasks/calibre.yml @@ -1,11 +1,11 @@ -- name: Create Calibre Directories +- name: Create Calibre-web Directories file: path: "{{ item }}" state: directory with_items: - "{{ calibre_data_directory }}/config" -- name: Calibre Docker Container +- name: Calibre-web Docker Container docker_container: name: calibre image: linuxserver/calibre-web:latest @@ -21,9 +21,11 @@ ports: - "{{ calibre_port }}:8083" restart_policy: unless-stopped + memory: 1g labels: - traefik.backend: "calibre" - traefik.frontend.rule: "Host:calibre.{{ ansible_nas_domain }}" traefik.enable: "{{ calibre_available_externally }}" - traefik.port: "8083" - memory: 1g \ No newline at end of file + traefik.http.routers.calibre.rule: "Host(`calibre.{{ ansible_nas_domain }}`)" + traefik.http.routers.calibre.tls.certresolver: "letsencrypt" + traefik.http.routers.calibre.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.calibre.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.calibre.loadbalancer.server.port: "8083" diff --git a/tasks/cloudcmd.yml b/tasks/cloudcmd.yml index 3943b761..f67936d0 100644 --- a/tasks/cloudcmd.yml +++ b/tasks/cloudcmd.yml @@ -23,7 +23,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "cloudcmd" - traefik.frontend.rule: "Host:cloudcmd.{{ ansible_nas_domain }}" traefik.enable: "{{ cloudcmd_available_externally }}" - traefik.port: "8000" \ No newline at end of file + traefik.http.routers.cloudcmd.rule: "Host(`cloudcmd.{{ ansible_nas_domain }}`)" + traefik.http.routers.cloudcmd.tls.certresolver: "letsencrypt" + traefik.http.routers.cloudcmd.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.cloudcmd.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.cloudcmd.loadbalancer.server.port: "8000" \ No newline at end of file diff --git a/tasks/cloudflare_ddns.yml b/tasks/cloudflare_ddns.yml deleted file mode 100644 index 77650b0a..00000000 --- a/tasks/cloudflare_ddns.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: Cloudflare Dynamic DNS Container - docker_container: - name: cloudflare-ddns - image: joshava/cloudflare-ddns:latest - pull: true - env: - ZONE: "{{ cloudflare_zone }}" - HOST: "{{ cloudflare_host }}" - EMAIL: "{{ cloudflare_email }}" - API: "{{ cloudflare_api_key }}" - PROXY: "false" - restart_policy: unless-stopped - memory: 512MB - diff --git a/tasks/firefly.yml b/tasks/firefly.yml index 79adc796..04516bd4 100644 --- a/tasks/firefly.yml +++ b/tasks/firefly.yml @@ -38,7 +38,7 @@ links: - firefly-mysql:db ports: - - "{{ firefly_port }}:80" + - "{{ firefly_port }}:8080" env: APP_ENV: "local" APP_KEY: "S0m3R@nd0mString0f32Ch@rsEx@ct1y" @@ -51,7 +51,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "firefly" - traefik.frontend.rule: "Host:firefly.{{ ansible_nas_domain }}" traefik.enable: "{{ firefly_available_externally }}" - traefik.port: "80" \ No newline at end of file + traefik.http.routers.firefly.rule: "Host(`firefly.{{ ansible_nas_domain }}`)" + traefik.http.routers.firefly.tls.certresolver: "letsencrypt" + traefik.http.routers.firefly.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.firefly.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.firefly.loadbalancer.server.port: "8080" diff --git a/tasks/gitlab.yml b/tasks/gitlab.yml index 256ef701..c0cfbc6e 100644 --- a/tasks/gitlab.yml +++ b/tasks/gitlab.yml @@ -44,7 +44,9 @@ restart_policy: unless-stopped memory: 4g labels: - traefik.backend: "gitlab" - traefik.frontend.rule: "Host:gitlab.{{ ansible_nas_domain }}" traefik.enable: "{{ gitlab_available_externally }}" - traefik.port: "80" + traefik.http.routers.gitlab.rule: "Host(`gitlab.{{ ansible_nas_domain }}`)" + traefik.http.routers.gitlab.tls.certresolver: "letsencrypt" + traefik.http.routers.gitlab.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.gitlab.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.gitlab.loadbalancer.server.port: "80" diff --git a/tasks/glances.yml b/tasks/glances.yml index 8b93b1f5..20bc1387 100644 --- a/tasks/glances.yml +++ b/tasks/glances.yml @@ -11,13 +11,14 @@ - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/etc/timezone:/etc/timezone:ro" pid_mode: host - network_mode: host env: GLANCES_OPT: "-w" restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "glances" - traefik.frontend.rule: "Host:glances.{{ ansible_nas_domain }}" traefik.enable: "{{ glances_available_externally }}" - traefik.port: "61208" \ No newline at end of file + traefik.http.routers.glances.rule: "Host(`glances.{{ ansible_nas_domain }}`)" + traefik.http.routers.glances.tls.certresolver: "letsencrypt" + traefik.http.routers.glances.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.glances.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.glances.loadbalancer.server.port: "61208" \ No newline at end of file diff --git a/tasks/guacamole.yml b/tasks/guacamole.yml index 09f167c3..50b591ef 100644 --- a/tasks/guacamole.yml +++ b/tasks/guacamole.yml @@ -40,10 +40,12 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "guacamole" - traefik.frontend.rule: "Host:guacamole.{{ ansible_nas_domain }}" traefik.enable: "{{ guacamole_available_externally }}" - traefik.port: "8080" + traefik.http.routers.guacamole.rule: "Host(`guacamole.{{ ansible_nas_domain }}`)" + traefik.http.routers.guacamole.tls.certresolver: "letsencrypt" + traefik.http.routers.guacamole.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.guacamole.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.guacamole.loadbalancer.server.port: "8080" - name: Restart Guacamole Container docker_container: diff --git a/tasks/homebridge.yml b/tasks/homebridge.yml index fffd970c..f54c42db 100644 --- a/tasks/homebridge.yml +++ b/tasks/homebridge.yml @@ -23,7 +23,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "homebridge" - traefik.frontend.rule: "Host:homebridge.{{ ansible_nas_domain }}" traefik.enable: "{{ homebridge_available_externally }}" - traefik.port: "8087" + traefik.http.routers.homebridge.rule: "Host(`homebridge.{{ ansible_nas_domain }}`)" + traefik.http.routers.homebridge.tls.certresolver: "letsencrypt" + traefik.http.routers.homebridge.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.homebridge.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.homebridge.loadbalancer.server.port: "8087" diff --git a/tasks/jackett.yml b/tasks/jackett.yml index 7842f544..18eed198 100644 --- a/tasks/jackett.yml +++ b/tasks/jackett.yml @@ -20,7 +20,9 @@ TZ: "{{ ansible_nas_timezone }}" restart_policy: unless-stopped labels: - traefik.backend: "jackett" - traefik.frontend.rule: "Host:jackett.{{ ansible_nas_domain }}" traefik.enable: "{{ jackett_available_externally }}" - traefik.port: "9117" \ No newline at end of file + traefik.http.routers.jackett.rule: "Host(`jackett.{{ ansible_nas_domain }}`)" + traefik.http.routers.jackett.tls.certresolver: "letsencrypt" + traefik.http.routers.jackett.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.jackett.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.jackett.loadbalancer.server.port: "9117" \ No newline at end of file diff --git a/tasks/jellyfin.yml b/tasks/jellyfin.yml index 45124de8..be7b40ae 100644 --- a/tasks/jellyfin.yml +++ b/tasks/jellyfin.yml @@ -28,7 +28,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "jellyfin" - traefik.frontend.rule: "Host:jellyfin.{{ ansible_nas_domain }}" traefik.enable: "{{ jellyfin_available_externally }}" - traefik.port: "8096" + traefik.http.routers.jellyfin.rule: "Host(`jellyfin.{{ ansible_nas_domain }}`)" + traefik.http.routers.jellyfin.tls.certresolver: "letsencrypt" + traefik.http.routers.jellyfin.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.jellyfin.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.jellyfin.loadbalancer.server.port: "8096" diff --git a/tasks/joomla.yml b/tasks/joomla.yml index c5507932..0f93e844 100644 --- a/tasks/joomla.yml +++ b/tasks/joomla.yml @@ -39,7 +39,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "joomla" - traefik.frontend.rule: "Host: joomla.{{ ansible_nas_domain }}" traefik.enable: "{{ joomla_available_externally }}" - traefik.port: "80" \ No newline at end of file + traefik.http.routers.joomla.rule: "Host(`joomla.{{ ansible_nas_domain }}`)" + traefik.http.routers.joomla.tls.certresolver: "letsencrypt" + traefik.http.routers.joomla.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.joomla.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.joomla.loadbalancer.server.port: "80" \ No newline at end of file diff --git a/tasks/krusader.yml b/tasks/krusader.yml index 164b250d..c5afd15b 100644 --- a/tasks/krusader.yml +++ b/tasks/krusader.yml @@ -25,9 +25,11 @@ TZ: "{{ ansible_nas_timezone }}" VNC_PASSWORD: "{{ krusader_vnc_password }}" restart_policy: unless-stopped - labels: - traefik.backend: "krusader" - traefik.frontend.rule: "Host:krusader.{{ ansible_nas_domain }}" - traefik.enable: "{{ krusader_available_externally }}" - traefik.port: "5800" memory: 1g + labels: + traefik.enable: "{{ krusader_available_externally }}" + traefik.http.routers.krusader.rule: "Host(`krusader.{{ ansible_nas_domain }}`)" + traefik.http.routers.krusader.tls.certresolver: "letsencrypt" + traefik.http.routers.krusader.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.krusader.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.krusader.loadbalancer.server.port: "5800" diff --git a/tasks/minidlna.yml b/tasks/minidlna.yml index 672681ad..f4d82da0 100644 --- a/tasks/minidlna.yml +++ b/tasks/minidlna.yml @@ -6,8 +6,6 @@ volumes: - "{{ minidlna_media_directory1 }}:/media1:rw" - "{{ minidlna_media_directory2 }}:/media2:rw" - ports: - - "{{ minidlna_port }}:8201" env: MINIDLNA_MEDIA_DIR1: "/media1" MINIDLNA_MEDIA_DIR2: "/media2" diff --git a/tasks/miniflux.yml b/tasks/miniflux.yml index 056809d0..a22110e0 100644 --- a/tasks/miniflux.yml +++ b/tasks/miniflux.yml @@ -36,7 +36,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "miniflux" - traefik.frontend.rule: "Host:miniflux.{{ ansible_nas_domain }}" traefik.enable: "{{ miniflux_available_externally }}" - traefik.port: "8080" \ No newline at end of file + traefik.http.routers.miniflux.rule: "Host(`miniflux.{{ ansible_nas_domain }}`)" + traefik.http.routers.miniflux.tls.certresolver: "letsencrypt" + traefik.http.routers.miniflux.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.miniflux.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.miniflux.loadbalancer.server.port: "8080" \ No newline at end of file diff --git a/tasks/mylar.yml b/tasks/mylar.yml index e4108a8e..40a4e819 100644 --- a/tasks/mylar.yml +++ b/tasks/mylar.yml @@ -24,7 +24,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "mylar" - traefik.frontend.rule: "Host:mylar.{{ ansible_nas_domain }}" traefik.enable: "{{ mylar_available_externally }}" - traefik.port: "{{ mylar_port_http }}" + traefik.http.routers.mylar.rule: "Host(`mylar.{{ ansible_nas_domain }}`)" + traefik.http.routers.mylar.tls.certresolver: "letsencrypt" + traefik.http.routers.mylar.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.mylar.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.mylar.loadbalancer.server.port: "8090" diff --git a/tasks/nginx.yml b/tasks/nginx.yml deleted file mode 100644 index 56cd23a7..00000000 --- a/tasks/nginx.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Create Nginx Directories - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ nginx_data_directory }}" - - "{{ nginx_data_directory }}/certs" - - "{{ nginx_data_directory }}/html" - - "{{ nginx_data_directory }}/vhost.d" - -- name: Nginx Docker Container - docker_container: - name: nginx-proxy - image: jwilder/nginx-proxy - pull: true - ports: - - "{{ nginx_port_http }}:80" - - "{{ nginx_port_https }}:443" - volumes: - - "{{ nginx_data_directory }}/certs:/etc/nginx/certs:ro" - - "{{ nginx_data_directory }}/vhost.d:/etc/nginx/vhost.d:rw" - - "{{ nginx_data_directory }}/html:/usr/share/nginx/html:rw" - - "/var/run/docker.sock:/tmp/docker.sock:ro" - restart_policy: unless-stopped - memory: 1g - -- name: Nginx Letsencrypt Container - docker_container: - name: letsencrypt-nginx-proxy-companion - image: jrcs/letsencrypt-nginx-proxy-companion - pull: true - volumes: - - "{{ nginx_data_directory }}/certs:/etc/nginx/certs:rw" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - volumes_from: nginx-proxy - restart_policy: unless-stopped - memory: 1g \ No newline at end of file diff --git a/tasks/nzbget.yml b/tasks/nzbget.yml index 88ad126c..b66c5b68 100644 --- a/tasks/nzbget.yml +++ b/tasks/nzbget.yml @@ -23,7 +23,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "nzbget" - traefik.frontend.rule: "Host:nzbget.{{ ansible_nas_domain }}" traefik.enable: "{{ nzbget_available_externally }}" - traefik.port: "6789" \ No newline at end of file + traefik.http.routers.nzbget.rule: "Host(`nzbget.{{ ansible_nas_domain }}`)" + traefik.http.routers.nzbget.tls.certresolver: "letsencrypt" + traefik.http.routers.nzbget.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.nzbget.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.nzbget.loadbalancer.server.port: "6789" \ No newline at end of file diff --git a/tasks/ombi.yml b/tasks/ombi.yml deleted file mode 100644 index 1bd0307b..00000000 --- a/tasks/ombi.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Create ombi Directories - file: - path: "{{ ombi_config_directory }}" - state: directory - -- name: ombi - docker_container: - name: ombi - image: linuxserver/ombi - pull: true - volumes: - - "{{ ombi_config_directory }}:/config:rw" - ports: - - "3579:3579" - env: - TZ: "{{ ansible_nas_timezone }}" - PUID: "{{ ombi_user_id }}" - PGID: "{{ ombi_group_id }}" - restart_policy: unless-stopped - memory: 1g - labels: - traefik.backend: "ombi" - traefik.frontend.rule: "Host:ombi.{{ ansible_nas_domain }}" - traefik.enable: "{{ ombi_available_externally }}" - traefik.port: "3579" \ No newline at end of file diff --git a/tasks/openhab.yml b/tasks/openhab.yml index e7ceefe9..2f7e963d 100644 --- a/tasks/openhab.yml +++ b/tasks/openhab.yml @@ -45,7 +45,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "openhab" - traefik.frontend.rule: "Host:openhab.{{ ansible_nas_domain }}" traefik.enable: "{{ openhab_available_externally }}" - traefik.port: "7777" + traefik.http.routers.openhab.rule: "Host(`openhab.{{ ansible_nas_domain }}`)" + traefik.http.routers.openhab.tls.certresolver: "letsencrypt" + traefik.http.routers.openhab.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.openhab.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.openhab.loadbalancer.server.port: "7777" diff --git a/tasks/pyload.yml b/tasks/pyload.yml index e8587d73..3f783c3a 100644 --- a/tasks/pyload.yml +++ b/tasks/pyload.yml @@ -25,7 +25,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "pyload" - traefik.frontend.rule: "Host:pyload.{{ ansible_nas_domain }}" traefik.enable: "{{ pyload_available_externally }}" - traefik.port: "8000" + traefik.http.routers.pyload.rule: "Host(`pyload.{{ ansible_nas_domain }}`)" + traefik.http.routers.pyload.tls.certresolver: "letsencrypt" + traefik.http.routers.pyload.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.pyload.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.pyload.loadbalancer.server.port: "8000" diff --git a/tasks/pytivo.yml b/tasks/pytivo.yml index fced4d3e..fe50b24b 100644 --- a/tasks/pytivo.yml +++ b/tasks/pytivo.yml @@ -31,7 +31,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "pytivo" - traefik.frontend.rule: "Host:pytivo.{{ ansible_nas_domain }}" traefik.enable: "{{ pytivo_available_externally }}" - traefik.port: "9032" + traefik.http.routers.pytivo.rule: "Host(`pytivo.{{ ansible_nas_domain }}`)" + traefik.http.routers.pytivo.tls.certresolver: "letsencrypt" + traefik.http.routers.pytivo.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.pytivo.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.pytivo.loadbalancer.server.port: "9032" diff --git a/tasks/serposcope.yml b/tasks/serposcope.yml deleted file mode 100644 index 9e855eed..00000000 --- a/tasks/serposcope.yml +++ /dev/null @@ -1,44 +0,0 @@ -- name: Create Serposcope Directories - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ serposcope_data_directory }}/mysql" - -- name: Create MySQL container for Serposcope - docker_container: - name: serposcope-mysql - image: mysql:5.7 - pull: true - volumes: - - "{{ serposcope_data_directory }}/mysql:/var/lib/mysql:rw" - env: - MYSQL_DATABASE: "serposcope" - MYSQL_USER: "serposcope" - MYSQL_PASSWORD: "serposcope" - MYSQL_ROOT_PASSWORD: "serposcope" - restart_policy: unless-stopped - memory: 1g - -- name: Wait for MySQL to init - pause: - seconds: 30 - -- name: Create Serposcope container - docker_container: - name: serposcope - image: davestephens/serposcope:2.11.0 - pull: true - links: - - serposcope-mysql:db - ports: - - "{{ serposcope_port }}:7134" - env: - SERPOSCOPE_DB_URL: 'jdbc:mysql://db:3306/serposcope?user=serposcope\&password=serposcope\&allowMultiQueries=true' - restart_policy: unless-stopped - memory: 1g - labels: - traefik.backend: "serposcope" - traefik.frontend.rule: "Host:serposcope.{{ ansible_nas_domain }}" - traefik.enable: "{{ serposcope_available_externally }}" - traefik.port: "7134" \ No newline at end of file diff --git a/tasks/stats.yml b/tasks/stats.yml index f7c3f32c..fcaffaa9 100644 --- a/tasks/stats.yml +++ b/tasks/stats.yml @@ -109,7 +109,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "grafana" - traefik.frontend.rule: "Host:grafana.{{ ansible_nas_domain }}" traefik.enable: "{{ grafana_available_externally }}" - traefik.port: "3000" \ No newline at end of file + traefik.http.routers.grafana.rule: "Host(`grafana.{{ ansible_nas_domain }}`) " + traefik.http.routers.grafana.tls.certresolver: "letsencrypt" + traefik.http.routers.grafana.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.grafana.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.grafana.netdata.loadbalancer.server.port: "3000" \ No newline at end of file diff --git a/tasks/tautulli.yml b/tasks/tautulli.yml index 9bf4af67..277d4f65 100644 --- a/tasks/tautulli.yml +++ b/tasks/tautulli.yml @@ -24,7 +24,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "tautulli" - traefik.frontend.rule: "Host:tautulli.{{ ansible_nas_domain }}" traefik.enable: "{{ tautulli_available_externally }}" - traefik.port: "8181" \ No newline at end of file + traefik.http.routers.tautulli.rule: "Host(`tautulli.{{ ansible_nas_domain }}`)" + traefik.http.routers.tautulli.tls.certresolver: "letsencrypt" + traefik.http.routers.tautulli.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.tautulli.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.tautulli.loadbalancer.server.port: "8181" \ No newline at end of file diff --git a/tasks/thelounge.yml b/tasks/thelounge.yml index 94696948..920e4ca3 100644 --- a/tasks/thelounge.yml +++ b/tasks/thelounge.yml @@ -27,8 +27,10 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "thelounge" - traefik.frontend.rule: "Host:thelounge.{{ ansible_nas_domain }}" traefik.enable: "{{ thelounge_available_externally }}" - traefik.port: "9000" + traefik.http.routers.thelounge.rule: "Host(`thelounge.{{ ansible_nas_domain }}`)" + traefik.http.routers.thelounge.tls.certresolver: "letsencrypt" + traefik.http.routers.thelounge.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.thelounge.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.thelounge.loadbalancer.server.port: "9000" diff --git a/tasks/ubooquity.yml b/tasks/ubooquity.yml index 31e2b3a6..a1601482 100644 --- a/tasks/ubooquity.yml +++ b/tasks/ubooquity.yml @@ -26,7 +26,9 @@ - "{{ ubooquity_port_admin }}:2203" restart_policy: unless-stopped labels: - traefik.backend: "ubooquity" - traefik.frontend.rule: "Host:ubooquity.{{ ansible_nas_domain }}" traefik.enable: "{{ ubooquity_available_externally }}" - traefik.port: "2202" + traefik.http.routers.ubooquity.rule: "Host(`ubooquity.{{ ansible_nas_domain }}`)" + traefik.http.routers.ubooquity.tls.certresolver: "letsencrypt" + traefik.http.routers.ubooquity.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.ubooquity.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.ubooquity.loadbalancer.server.port: "2202" diff --git a/tasks/wallabag.yml b/tasks/wallabag.yml index c1a6065c..b98968c0 100644 --- a/tasks/wallabag.yml +++ b/tasks/wallabag.yml @@ -19,10 +19,11 @@ env: SYMFONY__ENV__DOMAIN_NAME: "https://wallabag.{{ ansible_nas_domain }}" restart_policy: unless-stopped + memory: 1g labels: - traefik.backend: "wallabag" - traefik.frontend.rule: "Host:wallabag.{{ ansible_nas_domain }}" traefik.enable: "{{ wallabag_available_externally }}" - traefik.port: "80" - traefik.frontend.headers.SSLRedirect: "true" - memory: 1g \ No newline at end of file + traefik.http.routers.wallabag.rule: "Host(`wallabag.{{ ansible_nas_domain }}`)" + traefik.http.routers.wallabag.tls.certresolver: "letsencrypt" + traefik.http.routers.wallabag.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.wallabag.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.wallabag.loadbalancer.server.port: "80" \ No newline at end of file diff --git a/tasks/youtubedlmaterial.yml b/tasks/youtubedlmaterial.yml index a7ffdc5a..f7f3cc6c 100644 --- a/tasks/youtubedlmaterial.yml +++ b/tasks/youtubedlmaterial.yml @@ -29,9 +29,11 @@ ALLOW_CONFIG_MUTATIONS: "true" TZ: "{{ ansible_nas_timezone }}" restart_policy: always - labels: - traefik.backend: "youtubedlmaterial" - traefik.frontend.rule: "Host:youtubedlmaterial.{{ ansible_nas_domain }}" - traefik.enable: "{{ youtubedlmaterial_available_externally }}" - traefik.port: "17442" memory: 1g + labels: + traefik.enable: "{{ youtubedlmaterial_available_externally }}" + traefik.http.routers.youtubedlmaterial.rule: "Host(`youtubedlmaterial.{{ ansible_nas_domain }}`)" + traefik.http.routers.youtubedlmaterial.tls.certresolver: "letsencrypt" + traefik.http.routers.youtubedlmaterial.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.youtubedlmaterial.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.youtubedlmaterial.loadbalancer.server.port: "17442" diff --git a/tasks/znc.yml b/tasks/znc.yml index 63fa3a34..2401b53b 100644 --- a/tasks/znc.yml +++ b/tasks/znc.yml @@ -22,7 +22,9 @@ restart_policy: unless-stopped memory: 1g labels: - traefik.backend: "znc" - traefik.frontend.rule: "Host:znc.{{ ansible_nas_domain }}" traefik.enable: "{{ znc_available_externally }}" - traefik.port: "6677" \ No newline at end of file + traefik.http.routers.znc.rule: "Host(`znc.{{ ansible_nas_domain }}`)" + traefik.http.routers.znc.tls.certresolver: "letsencrypt" + traefik.http.routers.znc.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.znc.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.znc.loadbalancer.server.port: "6677" \ No newline at end of file diff --git a/templates/grafana/provisioning/datasources/ansible-nas.yml b/templates/grafana/provisioning/datasources/ansible-nas.yml index 661c0a78..e67b3cfb 100644 --- a/templates/grafana/provisioning/datasources/ansible-nas.yml +++ b/templates/grafana/provisioning/datasources/ansible-nas.yml @@ -9,7 +9,7 @@ datasources: # datasource type. Required type: influxdb # access mode. direct or proxy. Required - access: direct + access: proxy # org id. will default to orgId 1 if not specified orgId: 1 # url diff --git a/templates/traefik/traefik.toml b/templates/traefik/traefik.toml deleted file mode 100644 index 1ac2512b..00000000 --- a/templates/traefik/traefik.toml +++ /dev/null @@ -1,227 +0,0 @@ -################################################################ -# Global configuration -################################################################ - -# Enable debug mode -# -# Optional -# Default: false -# -debug = {{ traefik_debug }} - -# Log level -# -# Optional -# Default: "ERROR" -# -# logLevel = "DEBUG" - -# Entrypoints to be used by frontends that do not specify any entrypoint. -# Each frontend can specify its own entrypoints. -# -# Optional -# Default: ["http"] -# -defaultEntryPoints = ["http", "https"] - -################################################################ -# Entrypoints configuration -################################################################ - -[entryPoints] - [entryPoints.http] - address = ":{{ traefik_port_http }}" - [entryPoints.http.redirect] - entryPoint = "https" - - [entryPoints.https] - address = ":{{ traefik_port_https }}" - [entryPoints.https.tls] - - [entryPoints.traefik] - address = ":{{ traefik_port_ui }}" - -################################################################ -# Traefik logs configuration -################################################################ - -# Traefik logs -# Enabled by default and log to stdout -# -# Optional -# -# [traefikLog] - -# Sets the filepath for the traefik log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "log/traefik.log" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -################################################################ -# Access logs configuration -################################################################ - -# Enable access logs -# By default it will write to stdout and produce logs in the textual -# Common Log Format (CLF), extended with additional fields. -# -# Optional -# -# [accessLog] - -# Sets the file path for the access log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "/path/to/log/log.txt" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -################################################################ -# API and dashboard configuration -################################################################ - -# Enable API and dashboard -[api] - - # Name of the related entry point - # - # Optional - # Default: "traefik" - # - entryPoint = "traefik" - - # Enabled Dashboard - # - # Optional - # Default: true - # - dashboard = true - -################################################################ -# Ping configuration -################################################################ - -# Enable ping -[ping] - - # Name of the related entry point - # - # Optional - # Default: "traefik" - # - # entryPoint = "traefik" - -################################################################ -# Docker configuration backend -################################################################ - -# Enable Docker configuration backend -[docker] - -# Docker server endpoint. Can be a tcp or a unix socket endpoint. -# -# Required -# Default: "unix:///var/run/docker.sock" -# -# endpoint = "tcp://10.10.10.10:2375" - -# Default domain used. -# Can be overridden by setting the "traefik.domain" label on a container. -# -# Optional -# Default: "" -# -# domain = "docker.localhost" - -# Expose containers by default in traefik -# -# Optional -# Default: true -exposedByDefault = false - - -[acme] -email = "{{ ansible_nas_email }}" -storage = "acme.json" -entryPoint = "https" -acmeLogging = true -onDemand = false # create certificate when container is created - - # [acme.dnsChallenge] - # provider = "cloudflare" - # delayBeforeCheck = 0 - - # [acme.httpChallenge] - # entryPoint = "http" - - [acme.tlsChallenge] - - [[acme.domains]] - main = "{{ ansible_nas_hostname }}.{{ ansible_nas_domain }}" - - - # we request a certificate for everything, because why not. - sans = ["airsonic.{{ ansible_nas_domain }}", - "bazarr.{{ ansible_nas_domain }}", - "bitwarden.{{ ansible_nas_domain }}", - "calibre.{{ ansible_nas_domain }}", - "cloudcmd.{{ ansible_nas_domain }}", - "couchpotato.{{ ansible_nas_domain }}", - "duplicati.{{ ansible_nas_domain }}", - "emby.{{ ansible_nas_domain }}", - "firefly.{{ ansible_nas_domain }}", - "gitea.{{ ansible_nas_domain }}", - "gitlab.{{ ansible_nas_domain }}", - "glances.{{ ansible_nas_domain }}", - "grafana.{{ ansible_nas_domain }}", - "guacamole.{{ ansible_nas_domain }}", - "heimdall.{{ ansible_nas_domain }}", - "homeassistant.{{ ansible_nas_domain }}", - "jackett.{{ ansible_nas_domain }}", - "jellyfin.{{ ansible_nas_domain }}", - "joomla.{{ ansible_nas_domain }}", - "krusader.{{ ansible_nas_domain }}", - "lidarr.{{ ansible_nas_domain }}", - "mylar.{{ ansible_nas_domain }}", - "miniflux.{{ ansible_nas_domain }}", - "netdata.{{ ansible_nas_domain }}", - "nextcloud.{{ ansible_nas_domain }}", - "nzbget.{{ ansible_nas_domain }}", - "ombi.{{ ansible_nas_domain }}", - "openhab.{{ ansible_nas_domain }}", - "organizr.{{ ansible_nas_domain }}", - "plex.{{ ansible_nas_domain }}", - "portainer.{{ ansible_nas_domain }}", - "pyload.{{ ansible_nas_domain }}", - "pytivo.{{ ansible_nas_domain }}", - "radarr.{{ ansible_nas_domain }}", - "serposcope.{{ ansible_nas_domain }}", - "sickchill.{{ ansible_nas_domain }}", - "sonarr.{{ ansible_nas_domain }}", - "tautulli.{{ ansible_nas_domain }}", - "thelounge.{{ ansible_nas_domain }}", - "transmission.{{ ansible_nas_domain }}", - "transmission-openvpn.{{ ansible_nas_domain }}", - "ubooquity.{{ ansible_nas_domain }}", - "utorrent.{{ ansible_nas_domain }}", - "wallabag.{{ ansible_nas_domain }}", - "youtubedlmaterial.{{ ansible_nas_domain }}", - "znc.{{ ansible_nas_domain }}"]