Merge branch 'master' into jellyfin-books

This commit is contained in:
David Stephens 2021-01-22 16:02:59 +00:00 committed by GitHub
commit f59ceaf0fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
118 changed files with 1065 additions and 1086 deletions

View file

@ -15,7 +15,7 @@ A clear and concise description of what the bug is.
**Environment**
- Ansible-NAS revision (`git rev-parse --short HEAD`):
- Ansible version (paste the entire output of `ansible --version` on the machine you run the playbook from):
- Ansible-NAS operating system (`cat /etc/lsb-release` on the Ansible-NAS box) - _If this is anything other than Ubuntu 18.04 help will be limited_:
- Ansible-NAS operating system (`cat /etc/lsb-release` on the Ansible-NAS box) - _Support won't be provided for non-LTS releases of Ubuntu_:
- Ansible-NAS kernel (`uname -a` on the Ansible-NAS box):
- Ansible-NAS Python version (`python --version` on the Ansible-NAS box):
- Ansible-NAS Docker version (`docker --version` on the Ansible-NAS box):

2
.gitignore vendored
View file

@ -1,9 +1,9 @@
tests/test.yml
site
.vagrant
roles
*.retry
*.log
inventories
# Vim
[._]sw[a-p]

View file

@ -16,7 +16,7 @@ install:
- pip install mkdocs-material
script:
- ansible-lint ${PWD}/nas.yml
- ansible-lint ${PWD}/nas.yml -x 106,208
- ${PWD}/tests/test.sh
- mkdocs build

View file

@ -1,6 +1,7 @@
{
"recommendations": [
"haaaad.ansible",
"ybaumes.highlight-trailing-white-spaces"
"ybaumes.highlight-trailing-white-spaces",
"bungcip.better-toml"
]
}

View file

@ -1,6 +1,6 @@
# Code of Conduct
Ansible-NAS follows the [Ansible Code Of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
Ansible-NAS follows the [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
Specifically, Ansible-NAS community members are expected to be:

View file

@ -11,16 +11,18 @@ If you're adding a new application:
* Ensure that the new application is disabled by default.
* Add a documentation page to `docs/applications/` - use an existing application as an example.
* Add to the list of Available Applications in 'README.md'
* Add to the list of Available Applications in `README.md`
* Add the frontend port to `docs/configuration/application_ports.md`, ensuring you've not clashed with an existing application.
* Add to the list of certificate requests in 'templates/traefik/traefik.toml' if the program is to be used externally.
* Add to the list of certificate requests in `templates/traefik/traefik.toml` if the program is to be used externally.
A typical new application PR will include 2 new files (`docs/applications/application.md` and 'tasks/application.yml') and have 5 updated files ('README.md', 'nas.yml', `docs/configuration/application_ports.md`, 'group_vars/all.yml', 'templates/traefik/traefik.toml'
A typical new application PR will include 2 new files (`docs/applications/application.md` and `tasks/application.yml`) and have 5 updated files (`README.md`, `nas.yml`, `docs/configuration/application_ports.md`, `group_vars/all.yml`, `templates/traefik/traefik.toml`).
## Things to bear in mind
* If you break the build with your PR, please fix it :)
* Pull requests that unintentionally touch files, or that show files as removed then re-added will be rejected.
* Squash your commits before creating a PR.
* Don't mess with line endings, or tabs vs. spaces.
* Please know that your efforts are appreciated, thanks! :+1:
# Development Environment

View file

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2017-2020 David Stephens
Copyright (c) 2017-2021 David Stephens
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

View file

@ -25,18 +25,17 @@ Ansible config and a bunch of Docker containers.
* A Docker host with Portainer for image and container management
* An automatic dynamic DNS updater if you use Cloudflare to host your domain DNS
* A Personal finance manager
* eBook management with calibre-web
* eBook management with Calibre-web
* Content management with Joomla
* A dual panel local file manager
* Self-service media request web application
* SEO tracking with Serposcope
### Available Applications
* [Airsonic](https://airsonic.github.io/) - catalog and stream music
* [Bazarr](https://github.com/morpheus65535/bazarr) - companion to Radarr and Sonarr for downloading subtitles
* [Bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs) - Self-Hosting port of password manager
* [Calibre](https://hub.docker.com/r/linuxserver/calibre-web) - eBook Library
* [Calibre-web](https://github.com/janeczku/calibre-web) - Provides a clean interface for browsing, reading and downloading eBooks using an existing Calibre database.
* [Cloud Commander](https://cloudcmd.io/) - A dual panel file manager with integrated web console and text editor
* [Cloudflare DDNS](https://hub.docker.com/r/joshuaavalon/cloudflare-ddns/) - automatically update Cloudflare with your IP address
* [CouchPotato](https://couchpota.to/) - for downloading and managing movies
@ -44,8 +43,8 @@ Ansible config and a bunch of Docker containers.
* [Emby](https://emby.media/) - Media streaming and management
* [Firefly III](https://firefly-iii.org/) - Free and open source personal finance manager
* [get_iplayer](https://github.com/get-iplayer/get_iplayer) - download programmes from BBC iplayer
* [Gitea](https://gitea.io/en-us/) - Simple self-hosted Github clone
* [Gitlab](https://about.gitlab.com/features/) - Self-hosted Github clone of the highest order
* [Gitea](https://gitea.io/en-us/) - Simple self-hosted GitHub clone
* [GitLab](https://about.gitlab.com/features/) - Self-hosted GitHub clone of the highest order
* [Glances](https://nicolargo.github.io/glances/) - for seeing the state of your system via a web browser
* [Grafana](https://github.com/grafana/grafana) - Dashboarding tool
* [Guacamole](https://guacamole.apache.org/) - Web based remote desktop gateway, supports VNC, RDP and SSH
@ -55,7 +54,7 @@ Ansible config and a bunch of Docker containers.
* [Jackett](https://github.com/Jackett/Jackett) - API Support for your favorite torrent trackers
* [Jellyfin](https://jellyfin.github.io) - The Free Software Media System
* [Joomla](https://www.joomla.org/) - Open source content management system
* [https://krusader.org/](https://krusader.org/) - Twin panel file management for your desktop
* [Krusader](https://krusader.org/) - Twin panel file management for your desktop
* [Lidarr](https://github.com/lidarr/Lidarr) - Music collection manager for Usenet and BitTorrent users
* [MiniDLNA](https://sourceforge.net/projects/minidlna/) - simple media server which is fully compliant with DLNA/UPnP-AV clients
* [Miniflux](https://miniflux.app/) - An RSS news reader
@ -73,7 +72,6 @@ Ansible config and a bunch of Docker containers.
* [pyLoad](https://pyload.net/) - A download manager with a friendly web-interface
* [PyTivo](http://pytivo.org) - An HMO and GoBack server for TiVos.
* [Radarr](https://radarr.video/) - for organising and downloading movies
* [Serposcope](https://serposcope.serphacker.com/en/) - tracker to monitor website ranking
* [Sickchill](https://sickchill.github.io/) - for managing TV episodes
* [Sonarr](https://sonarr.tv/) - for downloading and managing TV episodes
* [Tautulli](http://tautulli.com/) - Monitor Your Plex Media Server
@ -87,7 +85,7 @@ Ansible config and a bunch of Docker containers.
* [Virtual Desktop](https://github.com/RattyDAVE/docker-ubuntu-xrdp-mate-custom) - A virtual desktop running on your NAS.
* [Wallabag](https://wallabag.org/) - Save and classify articles. Read them later.
* [Watchtower](https://github.com/v2tec/watchtower) - Monitor your Docker containers and update them if a new version is available
* [YouTubeDL-Material](https://ytdl-org.github.io/youtube-dl) - Self-hosted YouTube downloader built on Material Design
* [YouTubeDL-Material](https://github.com/Tzahi12345/YoutubeDL-Material) - Self-hosted YouTube downloader built on Material Design
* [ZNC](https://wiki.znc.in/ZNC) - IRC bouncer to stay connected to favourite IRC networks and channels
## What This Could Do
@ -133,7 +131,7 @@ Assuming that your Ubuntu system disk is separate from your storage (it should b
## Requirements
* Ansible NAS targets the latest Ubuntu LTS release, which is currently Ubuntu
Server 18.04.3 LTS.
Server 20.04 LTS.
* You can run Ansible-NAS on whatever you like, read the docs for more info. I
use an HP Microserver.

View file

@ -12,4 +12,4 @@ Set `bazarr_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
## Specific Configuration
Follow the [Wiki](https://github.com/morpheus65535/bazarr/wiki) for conecting to Sonarr and Radarr.
Follow the [Wiki](https://github.com/morpheus65535/bazarr/wiki) for connecting to Sonarr and Radarr.

View file

@ -1,6 +1,6 @@
# Calibre(-web) eBook Library
# Calibre-web
Homepage: [https://github.com/janeczku/calibre-web](https://github.com/linuxserver/docker-calibre-web)
Homepage: [https://github.com/janeczku/calibre-web](https://github.com/janeczku/calibre-web)
Calibre-Web is a web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database.

View file

@ -12,4 +12,6 @@ Set `cloudflare_ddns_enabled: true` in your `inventories/<your_inventory>/nas.ym
## Specific Configuration
Make sure you set your Cloudflare login, domain and API key details within your `inventories/<your_inventory>/nas.yml` file.
Make sure you set your domain (if different than the ansible-nas default) and access token details within your `inventories/<your_inventory>/nas.yml` file. If you need to create an API token, see https://joshuaavalon.github.io/docker-cloudflare/guide/cloudflare.html#authentication for instructions.
Cloudflare has deprecated global API key authentication. If you have an older ansible-nas configuration using a global API key, you can upgrade to the API token-based authentication by removing the `cloudflare_api_key` variable from your local `nas.yml` configuration file and setting the `cloudflare_token` variable appropriately.

View file

@ -35,7 +35,7 @@ configuration directory read/write.
## File system considerations
Movie and TV show files are almost alway very large and pre-compressed. If you
Movie and TV show files are almost always very large and pre-compressed. If you
are using a specialized filesystem such as ZFS for bulk storage, you'll want to
set the parameters accordingly. The [ZFS configuration
documentation](../zfs/zfs_configuration.md) has an example of this.

View file

@ -2,7 +2,7 @@
Homepage: [https://docs.gitlab.com/omnibus/docker/](https://docs.gitlab.com/omnibus/docker/)
If Gitea isn't powerful enough for you then consider GitLab. It's a much more powerful (and consquently bigger) Git repository solution that includes a suite of code analytics. On the other hand it requires more RAM.
If Gitea isn't powerful enough for you then consider GitLab. It's a much more powerful (and consequently bigger) Git repository solution that includes a suite of code analytics. On the other hand it requires more RAM.
## Usage

View file

@ -36,7 +36,7 @@ configuration directory read/write.
## File system considerations
Movie and TV show files are almost alway very large and pre-compressed. If you
Movie and TV show files are almost always very large and pre-compressed. If you
are using a specialized filesystem such as ZFS for bulk storage, you'll want to
set the parameters accordingly. The [ZFS configuration
documentation](../zfs/zfs_configuration.md) has an example of this.

View file

@ -9,7 +9,7 @@ Set `nextcloud_enabled: true` in your `inventories/<your_inventory>/nas.yml` fil
Tread carefully.
External access may require that you manually configure your Fully Qualified Domain Name (FQDN) as a trusted domain within the application. There is an evnironment variable set up for this in the "nextcloud task" which will most likely make manual configuration unneccessary. If you get the following [screenshot](https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains) warning when trying to access nextcloud externally you'll need to manually set it up.
External access may require that you manually configure your Fully Qualified Domain Name (FQDN) as a trusted domain within the application. There is an environment variable set up for this in the "nextcloud task" which will most likely make manual configuration unnecessary. If you get the following [screenshot](https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains) warning when trying to access nextcloud externally you'll need to manually set it up.
This can be accomplished in two commands.

View file

@ -18,4 +18,4 @@ Radarr will get the file path from the Download client. On default settings with
For Radarr to understand that the `/movies` folder is a folder, you'll need to add a new subfolder into it.
You can also do this by adding a random movie to the folder. Keep in mind to have the internal setting **Create empty movie folders** on **yes**
Comprehensive setup information can be found on the [Radarr github wiki](https://github.com/Radarr/Radarr/wiki/Setup-Guide)
Comprehensive setup information can be found on the [Radarr GitHub wiki](https://github.com/Radarr/Radarr/wiki/Setup-Guide)

View file

@ -1,11 +0,0 @@
# Serposcope
Homepage: [https://serposcope.serphacker.com/en/](https://serposcope.serphacker.com/en/)
Serposcope is a free and open-source rank tracker to monitor websites ranking in Google and improve your SEO performances
## Usage
Set `serposcope_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
The Serposcope web interface can be found at http://ansible_nas_host_or_ip:7134.

View file

@ -19,4 +19,4 @@ Sonarr will get the file path from the Download client. On default settings with
For Sonarr to understand that the `/tv` folder is a folder, you'll need to add a folder into it.
You can also do this by adding a random series to the folder. Keep in mind to have the setting **Create empty movie folders** on **yes**
For comprehensive configuration instructions see the [Sonarr github wiki](https://github.com/Sonarr/Sonarr/wiki)
For comprehensive configuration instructions see the [Sonarr GitHub wiki](https://github.com/Sonarr/Sonarr/wiki)

View file

@ -7,7 +7,7 @@ Traefik is a reverse proxy used to provide external access to your Ansible-NAS b
You can configure which applications are available externally by enabling the `<application_name>_available_externally` setting
for each application in the Advanced Settings section of your `all.yml`.
See [External Access](configuration/external_access) for more info.
See [External Access](../configuration/external_access.md) for more info.
## Usage

View file

@ -10,7 +10,7 @@ Set `wallabag_enabled: true` in your `inventories/<your_inventory>/nas.yml` file
If you want to access wallabag externally, don't forget to set `wallabag_available_externally: "true"` in your `inventories/<your_inventory>/nas.yml` file.
I reccomend using the mobile app, which will sync with this installation so you have access to your saved articles even if you don't have signal or wifi access.
I recommend using the mobile app, which will sync with this installation so you have access to your saved articles even if you don't have signal or wifi access.
The default credentials are wallabag:wallabag

View file

@ -1,8 +1,8 @@
# YouTubeDL-Material
Homepage: [https://ytdl-org.github.io/youtube-dl/](https://ytdl-org.github.io/youtube-dl/)
Docker Container: [https://github.com/Tzahi12345/YoutubeDL-Material](https://github.com/Tzahi12345/YoutubeDL-Material)
Homepage: [https://github.com/Tzahi12345/YoutubeDL-Material](https://github.com/Tzahi12345/YoutubeDL-Material)
Docker Container: [https://hub.docker.com/r/tzahi12345/youtubedl-material](https://hub.docker.com/r/tzahi12345/youtubedl-material)
YoutubeDL-Material is a Material Design frontend for youtube-dl. It's coded using Angular 9 for the frontend, and Node.js on the backend.

View file

@ -8,7 +8,7 @@ By default, applications can be found on the ports listed below.
| Bazarr | 6767 | |
| Bitwarden "hub" | 3012 | Web Not. |
| Bitwarden | 19080 | HTTP |
| Calibre | 8084 | HTTP |
| Calibre-web | 8084 | HTTP |
| Cloud Commander | 7373 | |
| Couchpotato | 5050 | |
| Duplicati | 8200 | |
@ -18,9 +18,9 @@ By default, applications can be found on the ports listed below.
| get_iplayer | 8182 | |
| Gitea | 3001 | Web |
| Gitea | 222 | SSH |
| Gitlab | 4080 | HTTP |
| Gitlab | 4443 | HTTPS |
| Gitlab | 422 | SSH |
| GitLab | 4080 | HTTP |
| GitLab | 4443 | HTTPS |
| GitLab | 422 | SSH |
| Glances | 61208 | SSH |
| Grafana | 3000 | |
| Guacamole | 8090 | |
@ -53,7 +53,6 @@ By default, applications can be found on the ports listed below.
| PyTivo | 9032 | HTTP |
| PyTivo | 2190 | UDP |
| Radarr | 7878 | |
| Serposcope | 7134 | |
| Sickchill | 8081 | |
| Sonarr | 8989 | |
| Tautulli | 8185 | |

View file

@ -56,10 +56,10 @@ As a to-do list, before you can even install Ansible-NAS, you'll have to:
account it [loves RAM](zfs/zfs_overview.md) and prefers to have the hard
drives all to itself.
1. Install **Ubuntu Server**, currently 18.04 LTS, and keep it updated. You'll
1. Install **Ubuntu Server**, currently 20.04 LTS, and keep it updated. You'll
probably want to perform other basic setup tasks like hardening SSH and
including email notifications. There are [various
guides](https://devanswers.co/ubuntu-18-04-initial-server-setup/) for this,
guides](https://devanswers.co/ubuntu-20-04-initial-server-setup/) for this,
but if you're just getting started, you'll probably need a book.
You will probably want to install a specialized filesystem for bulk storage such

View file

@ -4,7 +4,7 @@
If you're upgrading from [this](https://github.com/davestephens/ansible-nas/commit/52c7fef3aba08e30331931747c81fb7b3bfd359a) commit or earlier, these instructions are relevant to you.
Rather than having to merge every new config line into your own `all.yml` file, now you only need to maintain the differences that are relevant to you in your own `nas.yml`, stored within an inventory directory. Your inventory `nas.yml` takes prescendence over `group_vars/all.yml`, which is how this setup works. `group_vars/all.yml` is now tracked as part of the repo.
Rather than having to merge every new config line into your own `all.yml` file, now you only need to maintain the differences that are relevant to you in your own `nas.yml`, stored within an inventory directory. Your inventory `nas.yml` takes precedence over `group_vars/all.yml`, which is how this setup works. `group_vars/all.yml` is now tracked as part of the repo.
This will make updates from `master` much simpler, as there will be no requirement to merge changes from `all.yml.dist` into your own `all.yml` any more. You simply pull from master, then add the bits you're interested in into your inventory `nas.yml`.

View file

@ -36,9 +36,9 @@ Ansible-NAS storage. These two drives will be **mirrored** to provide
redundancy. The actual Ubuntu system will be on a different drive and is not our
concern.
> [Root on ZFS](https://github.com/zfsonlinux/zfs/wiki/Ubuntu-18.04-Root-on-ZFS)
> is still a hassle for Ubuntu. If that changes, this document might be updated
> accordingly. Until then, don't ask us about it.
> [Root on ZFS](https://openzfs.github.io/openzfs-docs/Getting%20Started/Ubuntu/Ubuntu%2020.04%20Root%20on%20ZFS.html)
is possible, but not something that has been tested with Ansible-NAS.
The Ubuntu kernel is already ready for ZFS. We only need the utility package
which we install with `sudo apt install zfsutils`.
@ -107,7 +107,7 @@ late.
Pools have properties that apply either to the pool itself or to filesystems
created in the pool. You can use the command `zpool get all tank` to see the
pool properties and `zfs get all tank` to see the filesystem properties. Most
default values are perfecly sensible, some you'll [want to
default values are perfectly sensible, some you'll [want to
change](https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/). Setting
defaults makes life easier when we create our filesystems.

View file

@ -16,69 +16,46 @@
###
# Downloading
transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials
transmission_enabled: false
nzbget_enabled: false
pyload_enabled: false
utorrent_enabled: false
# Media Serving
plex_enabled: false
tautulli_enabled: false
# Media Sourcing
sonarr_enabled: false # tv
sickchill_enabled: false
couchpotato_enabled: false
radarr_enabled: false
get_iplayer_enabled: false
jackett_enabled: false
minidlna_enabled: false
jellyfin_enabled: false
emby_enabled: false
bazarr_enabled: false
ombi_enabled: false
lidarr_enabled: false
youtubedlmaterial_enabled: false
mylar_enabled: false
# Music
airsonic_enabled: false
mymediaforalexa_enabled: false
# News
miniflux_enabled: false
# System Management
heimdall_enabled: false
organizr_enabled: false
portainer_enabled: false
glances_enabled: false
stats_enabled: false
guacamole_enabled: false
netdata_enabled: false
watchtower_enabled: false
cloudflare_ddns_enabled: false
cloudcmd_enabled: false
virtual_desktop_enabled: false
krusader_enabled: false
# Backup & Restore
duplicati_enabled: false
nextcloud_enabled: false
timemachine_enabled: false
# Software build and CI
gitea_enabled: false
gitlab_enabled: false
# IRC
znc_enabled: false
thelounge_enabled: false
# Password Management
bitwarden_enabled: false
# Finance
firefly_enabled: false
@ -86,7 +63,6 @@ firefly_enabled: false
wallabag_enabled: false
# Home Automation
homeassistant_enabled: false
mosquitto_enabled: false
homebridge_enabled: false
openhab_enabled: false
@ -103,30 +79,10 @@ joomla_enabled: false
# PyTivo
pytivo_enabled: false
# SEO
serposcope_enabled: false
# External Access
# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your
# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip.
# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally"
# settings.
traefik_enabled: false
traefik_port_http: "80"
traefik_port_https: "443"
traefik_port_ui: "8083"
###
### General
###
# Sets the hostname of your Ansible NAS
ansible_nas_hostname: ansible-nas
# Sets the timezone for your Ansible NAS
# You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ansible_nas_timezone: Etc/UTC
# Update all apt packages when playbook is run
keep_packages_updated: false
# Will be added to the docker group to give user command line access to docker
ansible_nas_user: david
@ -137,19 +93,6 @@ ansible_nas_email: me@example.com
# Applications will have subdomain SSL certificates created if Traefik is enabled, e.g. ansible-nas.<your-domain>, nextcloud.<your-domain>
ansible_nas_domain: example.com
###
### Docker
###
# Where you want Docker to store images
docker_image_directory: "{{ docker_home }}/data"
# Where you want Docker to store its container data.
docker_home: /mnt/Volume2/docker
# Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems
# You might want to change this to ZFS, depending on your underlying filesystem.
docker_storage_driver: overlay2
###
### Samba
###
@ -197,7 +140,7 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
browseable: yes
path: "{{ downloads_root }}"
- name: movies
@ -205,7 +148,7 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
browseable: yes
path: "{{ movies_root }}"
- name: tv
@ -213,7 +156,7 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
browseable: yes
path: "{{ tv_root }}"
- name: music
@ -221,7 +164,7 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
browseable: yes
path: "{{ music_root }}"
- name: podcasts
@ -229,7 +172,7 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
browseable: yes
path: "{{ podcasts_root }}"
- name: dump
@ -237,7 +180,7 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
browseable: yes
path: "{{ samba_shares_root }}/dump"
- name: games
@ -245,7 +188,7 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
browseable: yes
path: "{{ samba_shares_root }}/games"
- name: photos
@ -253,16 +196,16 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
path: "{{ samba_shares_root }}/photos"
browseable: yes
path: "{{ photos_root }}"
- name: books
comment: 'Books'
guest_ok: yes
public: yes
writable: yes
browsable: yes
path: "{{ samba_shares_root }}/books"
browseable: yes
path: "{{ books_root }}"
- name: audiobooks
comment: 'Audiobooks'
@ -277,8 +220,8 @@ samba_shares:
guest_ok: yes
public: yes
writable: yes
browsable: yes
path: "{{ samba_shares_root }}/comics"
browseable: yes
path: "{{ comics_root }}"
###
### NFS
@ -292,36 +235,11 @@ nfs_shares_root: /mnt/Volume3
nfs_exports:
- "{{ nfs_shares_root }}/public *(rw,sync,no_root_squash)"
###
### Cloudflare
###
# Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to
# set the options below.
# Your domain name
cloudflare_zone: "{{ ansible_nas_domain }}"
# The hostname you want the container to update. You shouldn't need to change this.
cloudflare_host: "*.{{ cloudflare_zone }}"
# Email address used to register for Cloudflare
cloudflare_email: "{{ ansible_nas_email }}"
# Cloudflare 'Global API Key', can be found on the 'My Profile' page
cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
###
### General
###
# Extra packages to install
ansible_nas_extra_packages:
- smartmontools
- htop
- zfsutils-linux
- bonnie++
- unzip
- lm-sensors
- ctop
ansible_python_interpreter: /usr/bin/python3
@ -344,70 +262,6 @@ samba_map_to_guest: Bad Password
# The NetBIOS hostname used by Samba on your network
samba_netbios_name: "{{ ansible_nas_hostname }}"
###
### Traefik
###
traefik_docker_image: traefik:v1.7
traefik_data_directory: "{{ docker_home }}/traefik"
traefik_debug: "false"
###
### Heimdall
###
heimdall_available_externally: "false"
heimdall_docker_image: linuxserver/heimdall:latest
heimdall_data_directory: "{{ docker_home }}/heimdall"
heimdall_port_http: "10080"
heimdall_port_https: "10443"
###
### Organizr
###
organizr_available_externally: "false"
organizr_data_directory: "{{ docker_home }}/organizr"
organizr_port_http: "10081"
organizr_port_https: "10444"
organizr_user_id: "1000"
organizr_group_id: "1000"
###
### Transmission
###
transmission_available_externally: "false"
transmission_with_openvpn_available_externally: "false"
transmission_config_directory: "{{ docker_home }}/transmission/config"
transmission_download_directory: "{{ downloads_root }}"
transmission_watch_directory: "{{ torrents_root }}"
transmission_user_id: "0"
transmission_group_id: "0"
transmission_local_network: "192.168.1.0/24"
transmission_webui_port: "9092"
transmission_external_port: "51414"
transmission_openvpn_webui_port: "9091"
transmission_openvpn_external_port: "51415"
transmission_openvpn_proxy_port: "3128"
transmission_openvpn_ratio_limit_enabled: "true"
transmission_openvpn_ratio_limit: "2"
# Transmission VPN Credentials
# If you're using Transmission with a VPN, you'll need to set these credentials.
# See https://github.com/haugene/docker-transmission-openvpn/ for supported VPN providers.
openvpn_username: leisure-suit-larry
openvpn_password: secretpassword
openvpn_provider: AWESOMEVPNPROVIDER
openvpn_config: United-Kingdom
###
### uTorrent
###
utorrent_available_externally: "false"
utorrent_config_directory: "{{ docker_home }}/utorrent/config"
utorrent_download_directory: "{{ downloads_root }}"
utorrent_port_http: "8111"
utorrent_port_bt: "6881"
utorrent_user_id: "0"
utorrent_group_id: "0"
###
### Joomla
###
@ -426,28 +280,6 @@ pyload_user_id: "0"
pyload_group_id: "0"
pyload_port: "8000"
###
### Plex
###
# If you're paranoid, set permissions to "ro" so Plex won't ever be able to
# delete your files
plex_available_externally: "false"
plex_config_directory: "{{ docker_home }}/plex/config"
plex_logs: "{{ docker_home }}/plex/logs"
plex_movies_directory: "{{ movies_root }}"
plex_movies_permissions: "rw"
plex_tv_directory: "{{ tv_root }}"
plex_tv_permissions: "rw"
plex_photos_directory: "{{ photos_root }}"
plex_photos_permissions: "rw"
plex_podcasts_directory: "{{ podcasts_root }}"
plex_podcasts_permissions: "rw"
plex_music_directory: "{{ music_root }}"
plex_music_permissions: "rw"
plex_user_id: "0"
plex_group_id: "0"
plex_port: "32400"
###
### PyTivo
###
@ -470,21 +302,6 @@ homebridge_user_id: "0"
homebridge_group_id: "0"
homebridge_port: "8087"
###
### Emby
###
# If you're paranoid, set permissions to "ro" so Emby won't ever be able to
# delete your files
emby_available_externally: "false"
emby_config_directory: "{{ docker_home }}/emby/config"
emby_movies_directory: "{{ movies_root }}"
emby_movies_permissions: "rw"
emby_tv_directory: "{{ tv_root }}"
emby_tv_permissions: "rw"
emby_user_id: "0"
emby_group_id: "0"
emby_port_http: "8096"
emby_port_https: "8920"
###
### Tautulli
@ -495,14 +312,6 @@ tautulli_user_id: "0"
tautulli_group_id: "0"
tautulli_port: "8185"
###
### Duplicati
###
duplicati_available_externally: "false"
duplicati_data_directory: "{{ docker_home }}/duplicati/config"
duplicati_port: "8200"
###
### Mylar
###
@ -514,49 +323,6 @@ mylar_port_http: "8585"
mylar_user_id: "0"
mylar_group_id: "0"
###
### Sonarr
###
sonarr_available_externally: "false"
sonarr_data_directory: "{{ docker_home }}/sonarr/config"
sonarr_tv_directory: "{{ tv_root }}"
sonarr_download_directory: "{{ downloads_root }}"
sonarr_user_id: "0"
sonarr_group_id: "0"
sonarr_port: "8989"
###
### Radarr
###
radarr_available_externally: "false"
radarr_movies_directory: "{{ movies_root }}"
radarr_download_directory: "{{ downloads_root }}"
radarr_data_directory: "{{ docker_home }}/radarr"
radarr_user_id: "0"
radarr_group_id: "0"
radarr_port: "7878"
###
### Bazarr
###
bazarr_available_externally: "false"
bazarr_data_directory: "{{ docker_home }}/bazarr/config"
bazarr_tv_directory: "{{ tv_root }}"
bazarr_movies_directory: "{{ movies_root }}"
bazarr_user_id: "0"
bazarr_group_id: "0"
bazarr_port: "6767"
###
### lidarr
###
lidarr_available_externally: "false"
lidarr_data_directory: "{{ docker_home }}/lidarr/config"
lidarr_music_directory: "{{ music_root }}"
lidarr_downloads_directory: "{{ downloads_root }}"
lidarr_user_id: "0"
lidarr_group_id: "0"
lidarr_port: "8686"
###
### YouTubeDL-Material
@ -568,43 +334,6 @@ youtubedlmaterial_dl_video_directory: "{{ downloads_root }}/youtube/video"
youtubedlmaterial_dl_subscriptions_directory: "{{ downloads_root }}/youtube/subscriptions"
youtubedlmaterial_port_http: "8998"
###
### Couchpotato
###
couchpotato_available_externally: "false"
couchpotato_config_directory: "{{ docker_home }}/couchpotato/config"
couchpotato_movies_directory: "{{ movies_root }}"
couchpotato_downloads_directory: "{{ downloads_root }}"
couchpotato_torrents_directory: "{{ torrents_root }}"
couchpotato_user_id: "0"
couchpotato_group_id: "0"
couchpotato_port: "5050"
###
### Sickchill
###
sickchill_available_externally: "false"
sickchill_config_directory: "{{ docker_home }}/sickchill/config"
sickchill_tv_directory: "{{ tv_root }}"
sickchill_downloads_directory: "{{ downloads_root }}/completed"
sickchill_user_id: "0"
sickchill_group_id: "0"
sickchill_port: "8081"
###
### Ombi
###
ombi_available_externally: "false"
ombi_config_directory: "{{ docker_home }}/ombi/config"
ombi_user_id: "0"
ombi_group_id: "0"
###
### Netdata
###
netdata_available_externally: "false"
netdata_port: "19999"
###
### OpenVPN
@ -612,13 +341,6 @@ netdata_port: "19999"
openvpn_config_directory: "{{ docker_home }}/openvpn"
###
### Portainer
###
portainer_available_externally: "false"
portainer_data_directory: "{{ docker_home }}/portainer/config"
portainer_port: "9000"
###
### ZNC
###
@ -640,13 +362,6 @@ stat_collection_interval: 15s
grafana_influxdb_port: "8086"
grafana_port: "3000"
###
### Gitea
###
gitea_available_externally: "false"
gitea_data_directory: "{{ docker_home }}/gitea"
gitea_port_http: "3001"
gitea_port_ssh: "222"
###
### Gitlab
@ -664,13 +379,6 @@ glances_available_externally: "false"
glances_port_one: "61208"
glances_port_two: "61209"
###
### Nextcloud
###
nextcloud_available_externally: "false"
nextcloud_data_directory: "{{ docker_home }}/nextcloud"
nextcloud_port: "8080"
###
### nginx
###
@ -694,16 +402,6 @@ miniflux_admin_username: admin
miniflux_admin_password: supersecure
miniflux_port: "8070"
###
### Airsonic
###
airsonic_available_externally: "false"
airsonic_data_directory: "{{ docker_home }}/airsonic"
airsonic_music_directory: "{{ music_root }}"
airsonic_podcasts_directory: "{{ podcasts_root }}"
airsonic_port: "4040"
###
### CloudCmd
###
@ -727,24 +425,6 @@ krusader_vnc_password: "topsecret"
krusader_port_http: "5800"
krusader_port_vnc: "5900"
###
### Watchtower
###
# Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily.
watchtower_cron_schedule: 0 0 5 * * *
# Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive
# notifications or not, some examples are provided below. See https://github.com/v2tec/watchtower for more info.
# No notifications
watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug"
# Email notifications
# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'"
# Slack notifications
# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'"
###
### Time Machine
###
@ -792,24 +472,6 @@ thelounge_data_directory: "{{ docker_home }}/thelounge"
thelounge_port_one: "113"
thelounge_port_two: "9002"
###
### Bitwarden
###
bitwarden_available_externally: "false"
bitwarden_data_directory: "{{ docker_home }}/bitwarden"
bitwarden_port_a: "19080"
bitwarden_port_b: "3012"
# Keep this token secret, this is password to access admin area of your server!
# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
# for example running openssl rand -base64 48
bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321
# To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook.
# Once you have created your user, set to "false" and run one more time.
# Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden
bitwarden_allow_signups: false
###
### Firefly
###
@ -843,7 +505,7 @@ mosquitto_port_a: "1883"
mosquitto_port_b: "9001"
###
### Calibre
### Calibre-web
###
calibre_available_externally: "false"
calibre_data_directory: "{{ docker_home }}/calibre"
@ -854,13 +516,6 @@ calibre_port: "8084"
# To disable ebook conversion set calibre_ebook_conversion to "". To enable it set it to "linuxserver/calibre-web:calibre"
calibre_ebook_conversion: "linuxserver/calibre-web:calibre"
###
### Home Assistant
###
homeassistant_available_externally: "false"
homeassistant_data_directory: "{{ docker_home }}/homeassistant"
homeassistant_port: "8123"
###
### openHAB
###
@ -904,13 +559,6 @@ ubooquity_group_id: "0"
ubooquity_port_webui: "2202"
ubooquity_port_admin: "2203"
###
### Serposcope
###
serposcope_data_directory: "{{ docker_home }}/serposcope"
serposcope_port: 7134
serposcope_available_externally: "false"
###
### Virtual Desktop
###

242
nas.yml
View file

@ -6,6 +6,10 @@
tags: users
roles:
###
### Requirements
###
- role: bertvv.samba
tags:
- samba
@ -21,57 +25,163 @@
- docker
- skip_ansible_lint
tasks:
- import_tasks: tasks/general.yml
tags: general
- import_tasks: tasks/docker.yml
tags: docker
###
### Ansible-NAS Roles
###
- role: ansible-nas-general
tags:
- ansible-nas-general
- ansible-nas
- import_tasks: tasks/portainer.yml
when: (portainer_enabled | default(False))
tags: portainer
- role: ansible-nas-docker
tags:
- ansible-nas-docker
- ansible-nas
- import_tasks: tasks/traefik.yml
when: (traefik_enabled | default(False))
tags: traefik
- import_tasks: tasks/heimdall.yml
###
### Applications
###
- role: airsonic
tags:
- airsonic
when: (airsonic_enabled | default(False))
- role: bazarr
tags:
- bazarr
when: (bazarr_enabled | default(False))
- role: bitwarden
tags:
- bitwarden
when: (bitwarden_enabled | default(False))
- role: cloudflare_ddns
tags:
- cloudflare_ddns
when: (cloudflare_ddns_enabled | default(False))
- role: couchpotato
tags:
- couchpotato
when: (couchpotato_enabled | default(False))
- role: duplicati
tags:
- duplicati
when: (duplicati_enabled | default(False))
- role: emby
tags:
- emby
when: (emby_enabled | default(False))
- role: gitea
tags:
- gitea
when: (gitea_enabled | default(False))
- role: heimdall
tags:
- heimdall
when: (heimdall_enabled | default(False))
tags: heimdall
- import_tasks: tasks/organizr.yml
- role: homeassistant
tags:
- homeassistant
when: (homeassistant_enabled | default(False))
- role: lidarr
tags:
- lidarr
when: (lidarr_enabled | default(False))
- role: netdata
tags:
- netdata
when: (netdata_enabled | default(False))
- role: nextcloud
tags:
- nextcloud
when: (nextcloud_enabled | default(False))
- role: organizr
tags:
- organizr
when: (organizr_enabled | default(False))
tags: organizr
- import_tasks: tasks/watchtower.yml
when: (watchtower_enabled | default(False))
tags: watchtower
- role: portainer
tags:
- portainer
when: (portainer_enabled | default(False))
- import_tasks: tasks/plex.yml
- role: ombi
tags:
- ombi
when: (ombi_enabled | default(False))
- role: plex
tags:
- plex
when: (plex_enabled | default(False))
tags: plex
- role: radarr
tags:
- radarr
when: (radarr_enabled | default(False))
- role: radarr
tags:
- radarr
when: (radarr_enabled | default(False))
- role: sickchill
tags:
- sickchill
when: (sickchill_enabled | default(False))
- role: sonarr
tags:
- sonarr
when: (sonarr_enabled | default(False))
- role: transmission
tags:
- transmission
when: (transmission_enabled | default(False))
- role: transmission-with-openvpn
tags:
- transmission_with_openvpn_enabled
when: (transmission_with_openvpn_enabled | default(False))
- role: utorrent
tags:
- utorrent
when: (utorrent_enabled | default(False))
- role: traefik
tags:
- traefik
when: (traefik_enabled | default(False))
- role: watchtower
tags:
- watchtower
when: (watchtower_enabled | default(False))
tasks:
- import_tasks: tasks/firefly.yml
when: (firefly_enabled | default(False))
tags: firefly
- import_tasks: tasks/emby.yml
when: (emby_enabled | default(False))
tags: emby
- import_tasks: tasks/tautulli.yml
when: (tautulli_enabled | default(False))
tags: tautulli
- import_tasks: tasks/transmission.yml
when: (transmission_enabled | default(False))
tags: transmission
- import_tasks: tasks/transmission_with_openvpn.yml
when: (transmission_with_openvpn_enabled | default(False))
tags: transmission
- import_tasks: tasks/pyload.yml
when: (pyload_enabled | default(False))
tags: pyload
@ -84,34 +194,10 @@
when: (mylar_enabled | default(False))
tags: mylar
- import_tasks: tasks/sonarr.yml
when: (sonarr_enabled | default(False))
tags: sonarr
- import_tasks: tasks/radarr.yml
when: (radarr_enabled | default(False))
tags: radarr
- import_tasks: tasks/glances.yml
when: (glances_enabled | default(False))
tags: glances
- import_tasks: tasks/netdata.yml
when: (netdata_enabled | default(False))
tags: netdata
- import_tasks: tasks/duplicati.yml
when: (duplicati_enabled | default(False))
tags: duplicati
- import_tasks: tasks/couchpotato.yml
when: (couchpotato_enabled | default(False))
tags: couchpotato
- import_tasks: tasks/sickchill.yml
when: (sickchill_enabled | default(False))
tags: sickchill
- import_tasks: tasks/znc.yml
when: (znc_enabled | default(False))
tags: znc
@ -120,14 +206,6 @@
when: (miniflux_enabled | default(False))
tags: miniflux
- import_tasks: tasks/nextcloud.yml
when: (nextcloud_enabled | default(False))
tags: nextcloud
- import_tasks: tasks/gitea.yml
when: (gitea_enabled | default(False))
tags: gitea
- import_tasks: tasks/gitlab.yml
when: (gitlab_enabled | default(False))
tags: gitlab
@ -144,14 +222,6 @@
when: (guacamole_enabled | default(False))
tags: guacamole
- import_tasks: tasks/airsonic.yml
when: (airsonic_enabled | default(False))
tags: airsonic
- import_tasks: tasks/cloudflare_ddns.yml
when: (cloudflare_ddns_enabled | default(False))
tags: cloudflare_ddns
- import_tasks: tasks/minidlna.yml
when: (minidlna_enabled | default(False))
tags: minidlna
@ -172,10 +242,6 @@
when: (joomla_enabled | default(False))
tags: joomla
- import_tasks: tasks/bitwarden.yml
when: (bitwarden_enabled | default(False))
tags: bitwarden
- import_tasks: tasks/nzbget.yml
when: (nzbget_enabled | default(False))
tags: nzbget
@ -196,14 +262,6 @@
when: (calibre_enabled | default(False))
tags: calibre
- import_tasks: tasks/homeassistant.yml
when: (homeassistant_enabled | default(False))
tags: homeassistant
- import_tasks: tasks/bazarr.yml
when: (bazarr_enabled | default(False))
tags: bazarr
- import_tasks: tasks/openhab.yml
when: (openhab_enabled | default(False))
tags: openhab
@ -224,26 +282,10 @@
when: (ubooquity_enabled | default(False))
tags: ubooquity
- import_tasks: tasks/utorrent.yml
when: (utorrent_enabled | default(False))
tags: utorrent
- import_tasks: tasks/ombi.yml
when: (ombi_enabled | default(False))
tags: ombi
- import_tasks: tasks/lidarr.yml
when: (lidarr_enabled | default(False))
tags: lidarr
- import_tasks: tasks/youtubedlmaterial.yml
when: (youtubedlmaterial_enabled | default(False))
tags: youtubedlmaterial
- import_tasks: tasks/serposcope.yml
when: (serposcope_enabled | default(False))
tags: serposcope
- import_tasks: tasks/virtual_desktop.yml
when: (virtual_desktop_enabled | default(False))
tags: virtual_desktop

View file

@ -1,9 +1,9 @@
---
- name: geerlingguy.docker
version: 2.7.0
version: 3.0.0
- name: bertvv.samba
version: v2.7.1
- name: geerlingguy.nfs
version: 1.5.0
version: 2.0.0

View file

@ -0,0 +1,12 @@
---
airsonic_enabled: false
airsonic_available_externally: "false"
# directories
airsonic_data_directory: "{{ docker_home }}/airsonic"
airsonic_music_directory: "{{ music_root }}"
airsonic_podcasts_directory: "{{ podcasts_root }}"
# network
airsonic_port: "4040"
airsonic_hostname: "airsonic"

View file

@ -23,8 +23,10 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "airsonic"
traefik.frontend.rule: "Host:airsonic.{{ ansible_nas_domain }}"
traefik.enable: "{{ airsonic_available_externally }}"
traefik.port: "4040"
traefik.http.routers.airsonic.rule: "Host(`{{ airsonic_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.airsonic.tls.certresolver: "letsencrypt"
traefik.http.routers.airsonic.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.airsonic.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.airsonic.loadbalancer.server.port: "4040"

View file

@ -0,0 +1,12 @@
---
ansible_nas_user: david
# Where you want Docker to store its container data.
docker_home: /mnt/Volume2/docker
# Where you want Docker to store images
docker_image_directory: "{{ docker_home }}/data"
# Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems
# You might want to change this to ZFS, depending on your underlying filesystem.
docker_storage_driver: overlay2

View file

@ -1,44 +1,44 @@
---
- name: install python3-pip
- name: Install python3-pip
apt:
name: python3-pip
state: present
register: result
until: result is succeeded
- name: 'Remove docker-py python module'
- name: Remove docker-py python module
pip:
name: docker-py
state: absent
register: result
until: result is succeeded
- name: 'Install docker python module'
- name: Install docker python module
pip:
name: docker
state: present
register: result
until: result is succeeded
- name: create docker home
- name: Create Docker home directory
file:
path: "{{ docker_home }}"
mode: 0755
state: directory
- name: add user account to docker group
- name: Add user account to Docker group
user:
name: "{{ ansible_nas_user }}"
groups: docker
append: yes
- name: update docker home from install default
- name: Update Docker home from install default
template:
src: docker/daemon.json
src: daemon.json
dest: /etc/docker/daemon.json
register: docker_config
- name: restart docker
- name: Restart Docker
service:
name: docker
state: restarted

View file

@ -0,0 +1,20 @@
---
# Sets the hostname of your Ansible NAS
ansible_nas_hostname: ansible-nas
# Update all apt packages when playbook is run
keep_packages_updated: false
# Extra packages to install
ansible_nas_extra_packages:
- smartmontools
- htop
- zfsutils-linux
- bonnie++
- unzip
- lm-sensors
- ctop
# Sets the timezone for your Ansible NAS
# You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ansible_nas_timezone: Etc/UTC

View file

@ -1,7 +1,7 @@
---
- name: Set login banner
template:
src: ansible-nas/motd.txt
copy:
src: motd.txt
dest: /etc/motd
- name: Enable Universe repository
@ -21,7 +21,7 @@
- name: Upgrade all packages
apt:
upgrade: true
upgrade: yes
state: latest
when: keep_packages_updated
tags:

View file

@ -0,0 +1,16 @@
---
bazarr_enabled: false
bazarr_available_externally: "false"
# directories
bazarr_data_directory: "{{ docker_home }}/bazarr/config"
bazarr_tv_directory: "{{ tv_root }}"
bazarr_movies_directory: "{{ movies_root }}"
# uid/gid
bazarr_user_id: "0"
bazarr_group_id: "0"
# network
bazarr_port: "6767"
bazarr_hostname: "bazarr"

View file

@ -24,7 +24,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "bazarr"
traefik.frontend.rule: "Host:bazarr.{{ ansible_nas_domain }}"
traefik.enable: "{{ bazarr_available_externally }}"
traefik.port: "6767"
traefik.http.routers.bazarr.rule: "Host(`{{ bazarr_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.bazarr.tls.certresolver: "letsencrypt"
traefik.http.routers.bazarr.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.bazarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.bazarr.loadbalancer.server.port: "6767"

View file

@ -0,0 +1,16 @@
---
bitwarden_enabled: false
bitwarden_available_externally: "false"
bitwarden_data_directory: "{{ docker_home }}/bitwarden"
bitwarden_port_a: "19080"
bitwarden_port_b: "3012"
# Keep this token secret, this is password to access admin area of your server!
# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
# for example running openssl rand -base64 48
bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321
# To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook.
# Once you have created your user, set to "false" and run one more time.
# Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden
bitwarden_allow_signups: false

View file

@ -0,0 +1,23 @@
---
cloudflare_ddns_enabled: false
# Data directory for config file
cloudflare_data_directory: "{{ docker_home }}/cloudflare_ddns"
# Your domain name
cloudflare_zone: "{{ ansible_nas_domain }}"
# The hostname you want the container to update. You shouldn't need to change this.
cloudflare_host: "*.{{ cloudflare_zone }}"
# Cloudflare scoped token (https://github.com/joshuaavalon/docker-cloudflare#api-token)
# Make sure token permissions include #DNS:Edit and #Zone:Read
cloudflare_token: "abcdabcdabcd123412341234"
# Set to true to make traffic go through the CloudFlare CDN.
# Note that if the cloudflare host is a wildcard (the default), this must be false, as cloudflare
# does not support http proxy of wildcard CNAMEs.
cloudflare_proxy: false
# Set to AAAA to use set IPv6 records instead of IPv4 records.
cloudflare_type: "A"

View file

@ -0,0 +1,28 @@
---
- name: Check for deprecated API key
fail:
msg: "Using a Cloudflare global API key is no longer supported. Please unset cloudflare_api_key and set cloudflare_token"
when: cloudflare_api_key is defined
- name: Create cloudflare Dynamic DNS Directories
file:
path: "{{ cloudflare_data_directory }}"
state: directory
- name: Template Cloudflare Dynamic DNS config.yml with scoped token
template:
src: config.yml
dest: "{{ cloudflare_data_directory }}/config.yml"
register: template_files_result
- name: Cloudflare Dynamic DNS Container
docker_container:
name: cloudflare-ddns
image: joshava/cloudflare-ddns:latest
pull: true
volumes:
- "{{ cloudflare_data_directory }}/config.yml:/app/config.yaml"
restart_policy: unless-stopped
memory: 512MB
recreate: "{{ template_files_result is changed }}"

View file

@ -0,0 +1,8 @@
auth:
scopedToken: "{{ cloudflare_token }}"
domains:
- name: "{{ cloudflare_host }}"
type: "{{ cloudflare_type }}"
proxied: {{ cloudflare_proxy | bool }}
create: true
zoneName: "{{ cloudflare_zone }}"

View file

@ -0,0 +1,16 @@
---
couchpotato_enabled: false
couchpotato_available_externally: "false"
# directories
couchpotato_config_directory: "{{ docker_home }}/couchpotato/config"
couchpotato_movies_directory: "{{ movies_root }}"
couchpotato_downloads_directory: "{{ downloads_root }}"
couchpotato_torrents_directory: "{{ torrents_root }}"
# uid / gid
couchpotato_user_id: "0"
couchpotato_group_id: "0"
# network
couchpotato_port: "5050"

View file

@ -26,7 +26,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "couchpotato"
traefik.frontend.rule: "Host:couchpotato.{{ ansible_nas_domain }}"
traefik.enable: "{{ couchpotato_available_externally }}"
traefik.port: "5050"
traefik.http.routers.couchpotato.rule: "Host(`couchpotato.{{ ansible_nas_domain }}`)"
traefik.http.routers.couchpotato.tls.certresolver: "letsencrypt"
traefik.http.routers.couchpotato.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.couchpotato.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.couchpotato.loadbalancer.server.port: "5050"

View file

@ -0,0 +1,10 @@
---
duplicati_enabled: false
duplicati_available_externally: "false"
# directories
duplicati_data_directory: "{{ docker_home }}/duplicati/config"
# network
duplicati_port: "8200"
duplicati_hostname: "duplicati"

View file

@ -21,7 +21,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "duplicati"
traefik.frontend.rule: "Host:duplicati.{{ ansible_nas_domain }}"
traefik.enable: "{{ duplicati_available_externally }}"
traefik.port: "8200"
traefik.http.routers.duplicati.rule: "Host(`{{ duplicati_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.duplicati.tls.certresolver: "letsencrypt"
traefik.http.routers.duplicati.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.duplicati.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.duplicati.loadbalancer.server.port: "8200"

View file

@ -0,0 +1,23 @@
---
emby_enabled: false
emby_available_externally: "false"
# directories
emby_config_directory: "{{ docker_home }}/emby/config"
emby_movies_directory: "{{ movies_root }}"
emby_tv_directory: "{{ tv_root }}"
# If you're paranoid, set permissions to "ro" so Emby won't ever be able to
# delete your files
emby_movies_permissions: "rw"
emby_tv_permissions: "rw"
# uid / gid
emby_user_id: "0"
emby_group_id: "0"
# network
emby_port_http: "8096"
emby_port_https: "8920"
emby_hostname: "emby"

View file

@ -17,7 +17,6 @@
ports:
- "{{ emby_port_http }}:8096"
- "{{ emby_port_https }}:8920"
network_mode: host
env:
TZ: "{{ ansible_nas_timezone }}"
PUID: "{{ emby_user_id }}"
@ -25,7 +24,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "emby"
traefik.frontend.rule: "Host:emby.{{ ansible_nas_domain }}"
traefik.enable: "{{ emby_available_externally }}"
traefik.port: "8096"
traefik.http.routers.emby.rule: "Host(`{{ emby_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.emby.tls.certresolver: "letsencrypt"
traefik.http.routers.emby.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.emby.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.emby.loadbalancer.server.port: "8096"

View file

@ -0,0 +1,11 @@
---
gitea_enabled: false
gitea_available_externally: "false"
# directories
gitea_data_directory: "{{ docker_home }}/gitea"
# network
gitea_hostname: "gitea"
gitea_port_http: "3001"
gitea_port_ssh: "222"

View file

@ -62,13 +62,15 @@
RUN_MODE: "prod"
SSH_DOMAIN: "{{ ansible_nas_hostname }}"
SSH_PORT: "{{ gitea_port_ssh }}"
ROOT_URL: "http://{{ ansible_nas_hostname }}:{{ gitea_port_http }}/"
ROOT_URL: "http://{{ gitea_hostname }}:{{ gitea_port_http }}/"
USER_UID: "1309"
USER_GID: "1309"
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "gitea"
traefik.frontend.rule: "Host:gitea.{{ ansible_nas_domain }}"
traefik.enable: "{{ gitea_available_externally }}"
traefik.port: "3000"
traefik.http.routers.gitea.rule: "Host(`{{ gitea_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.gitea.tls.certresolver: "letsencrypt"
traefik.http.routers.gitea.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.gitea.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.gitea.loadbalancer.server.port: "3000"

View file

@ -0,0 +1,16 @@
---
heimdall_enabled: true
heimdall_available_externally: "false"
# directories
heimdall_docker_image: linuxserver/heimdall:latest
heimdall_data_directory: "{{ docker_home }}/heimdall"
# network
heimdall_port_http: "10080"
heimdall_port_https: "10443"
heimdall_hostname: heimdall
# uid / gid
heimdall_user_id: "1310"
heimdall_group_id: "1310"

View file

@ -2,13 +2,13 @@
- name: Create Heimdall group
group:
name: heimdall
gid: 1310
gid: "{{ heimdall_group_id }}"
state: present
- name: Create Heimdall user
user:
name: heimdall
uid: 1310
uid: "{{ heimdall_user_id }}"
state: present
system: yes
update_password: on_create
@ -32,8 +32,8 @@
volumes:
- "{{ heimdall_data_directory }}:/config:rw"
env:
PUID: "1310"
PGID: "1310"
PUID: "{{ heimdall_user_id }}"
PGID: "{{ heimdall_group_id }}"
TZ: "{{ ansible_nas_timezone }}"
ports:
- "{{ heimdall_port_http }}:80"
@ -41,7 +41,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "heimdall"
traefik.frontend.rule: "Host:heimdall.{{ ansible_nas_domain }}"
traefik.enable: "{{ heimdall_available_externally }}"
traefik.port: "80"
traefik.http.routers.heimdall.rule: "Host(`{{ heimdall_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.heimdall.tls.certresolver: "letsencrypt"
traefik.http.routers.heimdall.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.heimdall.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.heimdall.loadbalancer.server.port: "80"

View file

@ -0,0 +1,10 @@
---
homeassistant_enabled: false
homeassistant_available_externally: "false"
# directories
homeassistant_data_directory: "{{ docker_home }}/homeassistant"
# network
homeassistant_port: "8123"
homeassistant_hostname: "homeassistant"

View file

@ -17,9 +17,10 @@
env:
TZ: "{{ ansible_nas_timezone }}"
labels:
traefik.backend: "homeassistant"
traefik.frontend.rule: "Host:homeassistant.{{ ansible_nas_domain }}"
traefik.enable: "{{ homeassistant_available_externally }}"
traefik.port: "8123"
traefik.frontend.headers.SSLRedirect: "true"
traefik.http.routers.homeassistant.rule: "Host(`{{ homeassistant_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.homeassistant.tls.certresolver: "letsencrypt"
traefik.http.routers.homeassistant.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.homeassistant.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.homeassistant.loadbalancer.server.port: "8123"
memory: 1g

View file

@ -0,0 +1,16 @@
---
lidarr_enabled: false
lidarr_available_externally: "false"
# directories
lidarr_data_directory: "{{ docker_home }}/lidarr/config"
lidarr_music_directory: "{{ music_root }}"
lidarr_downloads_directory: "{{ downloads_root }}"
# uid/gid
lidarr_user_id: "0"
lidarr_group_id: "0"
# network
lidarr_port: "8686"
lidarr_hostname: "lidarr"

View file

@ -1,10 +1,10 @@
---
- name: Create lidarr Directory
- name: Create Lidarr Directory
file:
path: "{{ lidarr_data_directory }}"
state: directory
- name: lidarr
- name: Lidarr Docker Container
docker_container:
name: lidarr
image: linuxserver/lidarr
@ -22,7 +22,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "lidarr"
traefik.frontend.rule: "Host:lidarr.{{ ansible_nas_domain }}"
traefik.enable: "{{ lidarr_available_externally }}"
traefik.port: "8686"
traefik.http.routers.lidarr.rule: "Host(`{{ lidarr_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.lidarr.tls.certresolver: "letsencrypt"
traefik.http.routers.lidarr.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.lidarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.lidarr.loadbalancer.server.port: "8686"

View file

@ -0,0 +1,6 @@
netdata_enabled: false
netdata_available_externally: "false"
# network
netdata_hostname: "netdata"
netdata_port: "19999"

View file

@ -1,4 +1,4 @@
###### Create
---
- name: Get docker group id
group:
name: docker
@ -26,7 +26,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "netdata"
traefik.frontend.rule: "Host:netdata.{{ ansible_nas_domain }}"
traefik.enable: "{{ netdata_available_externally }}"
traefik.port: "19999"
traefik.http.routers.netdata.rule: "Host(`{{ netdata_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.netdata.tls.certresolver: "letsencrypt"
traefik.http.routers.netdata.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.netdata.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.netdata.loadbalancer.server.port: "19999"

View file

@ -0,0 +1,15 @@
---
nextcloud_enabled: false
nextcloud_available_externally: "false"
# directories
nextcloud_data_directory: "{{ docker_home }}/nextcloud"
# network
nextcloud_port: "8080"
nextcloud_hostname: "nextcloud"
# username / passwords
nextcloud_sql_user: "nextcloud-user"
nextcloud_sql_pass: "nextcloud-pass"
nextcloud_sql_secret: "nextcloud-secret"

View file

@ -16,9 +16,9 @@
- "{{ nextcloud_data_directory }}/mysql:/var/lib/mysql:rw"
env:
MYSQL_DATABASE: "nextcloud"
MYSQL_USER: "nextcloud-user"
MYSQL_PASSWORD: "nextcloud-pass"
MYSQL_ROOT_PASSWORD: "nextcloud-secret"
MYSQL_USER: "{{ nextcloud_sql_user }}"
MYSQL_PASSWORD: "{{ nextcloud_sql_pass }}"
MYSQL_ROOT_PASSWORD: "{{ nextcloud_sql_secret }}"
restart_policy: unless-stopped
memory: 1g
@ -36,13 +36,16 @@
env:
MYSQL_HOST: "mysql"
MYSQL_DATABASE: "nextcloud"
MYSQL_USER: "nextcloud-user"
MYSQL_PASSWORD: "nextcloud-pass"
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.{{ ansible_nas_domain }}"
MYSQL_USER: "{{ nextcloud_sql_user }}"
MYSQL_PASSWORD: "{{ nextcloud_sql_pass }}"
NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_hostname }}.{{ ansible_nas_domain }}"
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "nextcloud"
traefik.frontend.rule: "Host:nextcloud.{{ ansible_nas_domain }}"
traefik.enable: "{{ nextcloud_available_externally }}"
traefik.port: "80"
traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.nextcloud.tls.certresolver: "letsencrypt"
traefik.http.routers.nextcloud.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.nextcloud.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.nextcloud.loadbalancer.server.port: "80"

View file

@ -0,0 +1,14 @@
---
ombi_enabled: false
ombi_available_externally: "false"
# directories
ombi_config_directory: "{{ docker_home }}/ombi/config"
# network
ombi_port: "3579"
ombi_hostname: "ombi"
# uid / gid
ombi_user_id: "0"
ombi_group_id: "0"

29
roles/ombi/tasks/main.yml Normal file
View file

@ -0,0 +1,29 @@
---
- name: Create Ombi Directories
file:
path: "{{ ombi_config_directory }}"
state: directory
- name: Ombi Docker Container
docker_container:
name: ombi
image: linuxserver/ombi
pull: true
volumes:
- "{{ ombi_config_directory }}:/config:rw"
ports:
- "{{ ombi_port }}:3579"
env:
TZ: "{{ ansible_nas_timezone }}"
PUID: "{{ ombi_user_id }}"
PGID: "{{ ombi_group_id }}"
restart_policy: unless-stopped
memory: 1g
labels:
traefik.enable: "{{ ombi_available_externally }}"
traefik.http.routers.ombi.rule: "Host(`{{ ombi_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.ombi.tls.certresolver: "letsencrypt"
traefik.http.routers.ombi.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.ombi.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.ombi.loadbalancer.server.port: "3579"

View file

@ -0,0 +1,15 @@
---
organizr_enabled: false
organizr_available_externally: "false"
# directories
organizr_data_directory: "{{ docker_home }}/organizr"
# network
organizr_port_http: "10081"
organizr_port_https: "10444"
organizr_hostname: "organizr"
# uid / gid
organizr_user_id: "1000"
organizr_group_id: "1000"

View file

@ -1,4 +1,3 @@
---
- name: Create Organizr Directories
file:
@ -10,7 +9,7 @@
- name: Create Organizr container
docker_container:
name: organizr
image: organizrtools/organizr-v2:latest
image: organizr/organizr:latest
pull: true
volumes:
- "{{ organizr_data_directory }}:/config:rw"
@ -24,7 +23,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "organizr"
traefik.frontend.rule: "Host:organizr.{{ ansible_nas_domain }}"
traefik.enable: "{{ organizr_available_externally }}"
traefik.port: "80"
traefik.http.routers.organizr.rule: "Host(`{{ organizr_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.organizr.tls.certresolver: "letsencrypt"
traefik.http.routers.organizr.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.organizr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.organizr.loadbalancer.server.port: "80"

View file

@ -0,0 +1,39 @@
---
plex_enabled: false
plex_available_externally: "false"
# directories
plex_config_directory: "{{ docker_home }}/plex/config"
plex_logs: "{{ docker_home }}/plex/logs"
plex_movies_directory: "{{ movies_root }}"
plex_tv_directory: "{{ tv_root }}"
plex_photos_directory: "{{ photos_root }}"
plex_podcasts_directory: "{{ podcasts_root }}"
plex_music_directory: "{{ music_root }}"
# uid / gid
plex_user_id: "0"
plex_group_id: "0"
# If you're paranoid, set permissions to "ro" so Plex won't ever be able to
# delete your files
plex_movies_permissions: "rw"
plex_tv_permissions: "rw"
plex_photos_permissions: "rw"
plex_podcasts_permissions: "rw"
plex_music_permissions: "rw"
# network
plex_hostname: "plex"
# specs
plex_memory: "2g"
# Device mappings for the docker container. E.g. To enable hardware transcoding:
# plex_devices:
# - "/dev/dri:/dev/dri"
# see https://hub.docker.com/r/linuxserver/plex for details on this setting
plex_version: "docker"

View file

@ -1,3 +1,4 @@
---
- name: Create Plex Directories
file:
path: "{{ item }}"
@ -21,14 +22,18 @@
- "{{ plex_podcasts_directory }}:/podcasts:{{ plex_podcasts_permissions }}"
- "{{ plex_music_directory }}:/music:{{ plex_music_permissions }}"
network_mode: "host"
devices: "{{ plex_devices | default(omit) }}"
env:
TZ: "{{ ansible_nas_timezone }}"
PUID: "{{ plex_user_id }}"
PGID: "{{ plex_group_id }}"
VERSION: "{{ plex_version }}"
restart_policy: unless-stopped
memory: 2g
memory: "{{ plex_memory }}"
labels:
traefik.backend: "plex"
traefik.frontend.rule: "Host:plex.{{ ansible_nas_domain }}"
traefik.enable: "{{ plex_available_externally }}"
traefik.port: "32400"
traefik.http.routers.plex.rule: "Host(`{{ plex_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.plex.tls.certresolver: "letsencrypt"
traefik.http.routers.plex.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.plex.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.plex.loadbalancer.server.port: "32400"

View file

@ -0,0 +1,10 @@
---
portainer_enabled: false
portainer_available_externally: "false"
# directories
portainer_data_directory: "{{ docker_home }}/portainer/config"
# network
portainer_port: "9000"
portainer_hostname: "portainer"

View file

@ -9,7 +9,7 @@
- name: Portainer Docker Container
docker_container:
name: portainer
image: portainer/portainer
image: portainer/portainer-ce
pull: true
volumes:
- "{{ portainer_data_directory }}:/data:rw"
@ -20,7 +20,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "portainer"
traefik.frontend.rule: "Host:portainer.{{ ansible_nas_domain }}"
traefik.enable: "{{ portainer_available_externally }}"
traefik.port: "9000"
traefik.http.routers.portainer.rule: "Host(`{{ portainer_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.portainer.tls.certresolver: "letsencrypt"
traefik.http.routers.portainer.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.portainer.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.portainer.loadbalancer.server.port: "9000"

View file

@ -0,0 +1,16 @@
---
radarr_enabled: false
radarr_available_externally: "false"
# directories
radarr_movies_directory: "{{ movies_root }}"
radarr_download_directory: "{{ downloads_root }}"
radarr_data_directory: "{{ docker_home }}/radarr"
# uid / gid
radarr_user_id: "0"
radarr_group_id: "0"
# network
radarr_port: "7878"
radarr_hostname: "radarr"

View file

@ -24,7 +24,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "radarr"
traefik.frontend.rule: "Host:radarr.{{ ansible_nas_domain }}"
traefik.enable: "{{ radarr_available_externally }}"
traefik.port: "7878"
traefik.http.routers.radarr.rule: "Host(`{{ radarr_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.radarr.tls.certresolver: "letsencrypt"
traefik.http.routers.radarr.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.radarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.radarr.loadbalancer.server.port: "7878"

View file

@ -0,0 +1,16 @@
---
sickchill_enabled: false
sickchill_available_externally: "false"
# directories
sickchill_config_directory: "{{ docker_home }}/sickchill/config"
sickchill_tv_directory: "{{ tv_root }}"
sickchill_downloads_directory: "{{ downloads_root }}/completed"
# uid / gid
sickchill_user_id: "0"
sickchill_group_id: "0"
# network
sickchill_port: "8081"
sickchill_hostname: "sickchill"

View file

@ -1,10 +1,4 @@
---
- name: Remove Old Sickrage Docker Container
docker_container:
name: sickrage
state: absent
keep_volumes: true
- name: Create Sickchill Directories
file:
path: "{{ item }}"
@ -31,7 +25,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "sickchill"
traefik.frontend.rule: "Host:sickchill.{{ ansible_nas_domain }}"
traefik.enable: "{{ sickchill_available_externally }}"
traefik.port: "8081"
traefik.http.routers.sickchill.rule: "Host(`{{ sickchill_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.sickchill.tls.certresolver: "letsencrypt"
traefik.http.routers.sickchill.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.sickchill.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.sickchill.loadbalancer.server.port: "8081"

View file

@ -0,0 +1,16 @@
---
sonarr_enabled: false
sonarr_available_externally: "false"
# directories
sonarr_data_directory: "{{ docker_home }}/sonarr/config"
sonarr_tv_directory: "{{ tv_root }}"
sonarr_download_directory: "{{ downloads_root }}"
# uid / gid
sonarr_user_id: "0"
sonarr_group_id: "0"
# network
sonarr_port: "8989"
sonarr_hostname: "sonarr"

View file

@ -24,7 +24,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "sonarr"
traefik.frontend.rule: "Host:sonarr.{{ ansible_nas_domain }}"
traefik.enable: "{{ sonarr_available_externally }}"
traefik.port: "8989"
traefik.http.routers.sonarr.rule: "Host(`{{ sonarr_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.sonarr.tls.certresolver: "letsencrypt"
traefik.http.routers.sonarr.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.sonarr.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.sonarr.loadbalancer.server.port: "8989"

View file

@ -0,0 +1,29 @@
---
# External Access
# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your
# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip.
# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally"
# settings.
traefik_enabled: false
# directories
traefik_data_directory: "{{ docker_home }}/traefik"
# network
traefik_port_http: "80"
traefik_port_https: "443"
traefik_port_ui: "8083"
traefik_docker_image: traefik:v2.4
traefik_log_level: "INFO"
# find the relevant name and environment variables for your DNS provider at https://go-acme.github.io/lego/dns/
traefik_dns_provider: cloudflare
traefik_environment_variables:
CF_DNS_API_TOKEN: "abcdabcd123412341234"
# Ansible-NAS requests a wildcard certificate for your domain, so there should be no reason to have to use the staging
# letsencrypt acme server. If you do want to flip between staging/production, you might need to stop Traefik and clear
# the "{{ docker_home }}/traefik" after changing this setting.
# traefik_acme_server: "https://acme-staging-v02.api.letsencrypt.org/directory" # staging
traefik_acme_server: "https://acme-v02.api.letsencrypt.org/directory" # production

View file

@ -1,25 +1,17 @@
---
- name: Ensure Nginx Docker Container is absent
docker_container:
name: nginx-proxy
state: absent
- name: Nginx Letsencrypt Container is absent
docker_container:
name: letsencrypt-nginx-proxy-companion
state: absent
- name: Create Traefik Directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ traefik_data_directory }}"
- "{{ traefik_data_directory }}/letsencrypt"
- name: Template Traefik config.toml
template:
src: traefik/traefik.toml
src: traefik.toml
dest: "{{ traefik_data_directory }}/traefik.toml"
register: template_config
- name: Traefik Docker Container
docker_container:
@ -29,6 +21,9 @@
network_mode: host
volumes:
- "{{ traefik_data_directory }}/traefik.toml:/etc/traefik/traefik.toml:ro"
- "{{ traefik_data_directory }}/letsencrypt:/letsencrypt:rw"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
env: "{{ traefik_environment_variables }}"
restart_policy: unless-stopped
memory: 1g
recreate: "{{ template_config is changed }}"

View file

@ -0,0 +1,46 @@
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
[entryPoints.websecure]
address = ":{{ traefik_port_https }}"
[entryPoints.websecure.http.tls]
certResolver = "letsencrypt"
[entryPoints.websecure.http.tls.domains]
main = "{{ ansible_nas_domain }}"
sans = [
"*.{{ ansible_nas_domain }}"
]
[entryPoints.traefik]
address = ":{{ traefik_port_ui }}"
[providers]
providersThrottleDuration = "2s"
[providers.docker]
exposedbydefault = false
[api]
insecure = true
dashboard = true
[log]
level = "{{ traefik_log_level }}"
[ping]
terminatingStatusCode = 0
[certificatesResolvers]
[certificatesResolvers.letsencrypt]
[certificatesResolvers.letsencrypt.acme]
email = "{{ ansible_nas_email }}"
storage = "/letsencrypt/acme.json"
caserver = "{{ traefik_acme_server }}"
[certificatesResolvers.letsencrypt.acme.dnsChallenge]
provider = "{{ traefik_dns_provider }}"

View file

@ -0,0 +1,31 @@
---
transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials
transmission_with_openvpn_available_externally: "false"
# directories
transmission_config_directory: "{{ docker_home }}/transmission/config"
transmission_download_directory: "{{ downloads_root }}"
transmission_watch_directory: "{{ torrents_root }}"
# uid / gid
transmission_openvpn_user_id: "0"
transmission_openvpn_group_id: "0"
# transmission config
transmission_openvpn_ratio_limit_enabled: "true"
transmission_openvpn_ratio_limit: "2"
transmission_openvpn_local_network: "192.168.1.0/24"
# network config
transmission_openvpn_webui_port: "9091"
transmission_openvpn_external_port: "51415"
transmission_openvpn_proxy_port: "3128"
transmission_openvpn_hostname: "transmission_openvpn"
# Transmission VPN Credentials
# If you're using Transmission with a VPN, you'll need to set these credentials.
# See https://github.com/haugene/docker-transmission-openvpn/ for supported VPN providers.
openvpn_username: leisure-suit-larry
openvpn_password: secretpassword
openvpn_provider: AWESOMEVPNPROVIDER
openvpn_config: United-Kingdom

View file

@ -38,9 +38,9 @@
OPENVPN_CONFIG: "{{ openvpn_config }}"
WEBPROXY_ENABLED: "true"
WEBPROXY_PORT: "3128"
PUID: "{{ transmission_user_id }}"
PGID: "{{ transmission_group_id }}"
LOCAL_NETWORK: "{{ transmission_local_network }}"
PUID: "{{ transmission_openvpn_user_id }}"
PGID: "{{ transmission_openvpn_group_id }}"
LOCAL_NETWORK: "{{ transmission_openvpn_local_network }}"
ENABLE_UFW: "false"
devices:
- /dev/net/tun
@ -49,7 +49,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "transmission-openvpn"
traefik.frontend.rule: "Host:transmission-openvpn.{{ ansible_nas_domain }}"
traefik.enable: "{{ transmission_with_openvpn_available_externally }}"
traefik.port: "9091"
traefik.enable: "{{ transmission_openvpn_available_externally }}"
traefik.http.routers.transmission_openvpn.rule: "Host(`{{ transmission_openvpn_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.transmission_openvpn.tls.certresolver: "letsencrypt"
traefik.http.routers.transmission_openvpn.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.transmission_openvpn.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.transmission_openvpn.loadbalancer.server.port: "9091"

View file

@ -0,0 +1,19 @@
---
transmission_enabled: false
transmission_available_externally: "false"
# directories
transmission_config_directory: "{{ docker_home }}/transmission/config"
transmission_download_directory: "{{ downloads_root }}"
transmission_watch_directory: "{{ torrents_root }}"
# uid / gid
transmission_user_id: "0"
transmission_group_id: "0"
# network
transmission_webui_port: "9092"
transmission_external_port: "51414"
transmission_hostname: "transmission"
transmission_timezone: "{{ ansible_nas_timezone }}"

View file

@ -23,13 +23,15 @@
- "{{ transmission_external_port }}:51413"
- "{{ transmission_external_port }}:51413/udp"
env:
TZ: "{{ ansible_nas_timezone }}"
TZ: "{{ transmission_timezone }}"
PUID: "{{ transmission_user_id }}"
PGID: "{{ transmission_group_id }}"
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "transmission"
traefik.frontend.rule: "Host:transmission.{{ ansible_nas_domain }}"
traefik.enable: "{{ transmission_available_externally }}"
traefik.port: "9091"
traefik.http.routers.transmission.rule: "Host(`{{ transmission_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.transmission.tls.certresolver: "letsencrypt"
traefik.http.routers.transmission.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.transmission.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.transmission.loadbalancer.server.port: "9091"

View file

@ -0,0 +1,17 @@
---
utorrent_enabled: false
utorrent_available_externally: "false"
# directories
utorrent_config_directory: "{{ docker_home }}/utorrent/config"
utorrent_download_directory: "{{ downloads_root }}"
utorrent_download_directory_active: "{{ downloads_root }}/.incomplete"
# uid / gid
utorrent_user_id: "0"
utorrent_group_id: "0"
# network
utorrent_port_http: "8111"
utorrent_port_bt: "6881"
utorrent_hostname: "utorrent"

View file

@ -6,6 +6,7 @@
with_items:
- "{{ utorrent_config_directory }}"
- "{{ utorrent_download_directory }}"
- "{{ utorrent_download_directory_active }}"
- name: uTorrent Docker Container
docker_container:
@ -30,7 +31,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "utorrent"
traefik.frontend.rule: "Host:utorrent.{{ ansible_nas_domain }}"
traefik.enable: "{{ utorrent_available_externally }}"
traefik.port: "8080"
traefik.http.routers.utorrent.rule: "Host(`{{ utorrent_hostname }}.{{ ansible_nas_domain }}`)"
traefik.http.routers.utorrent.tls.certresolver: "letsencrypt"
traefik.http.routers.utorrent.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.utorrent.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.utorrent.loadbalancer.server.port: "8080"

View file

@ -0,0 +1,17 @@
---
watchtower_enabled: false
# Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily.
watchtower_cron_schedule: 0 0 5 * * *
# Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive
# notifications or not, some examples are provided below. See https://containrrr.dev/watchtower/arguments/ for more options.
# No notifications
watchtower_command: "--schedule '{{ watchtower_cron_schedule }}'"
# Email notifications
# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'"
# Slack notifications
# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'"

View file

@ -2,7 +2,7 @@
- name: Watchtower Docker Container
docker_container:
name: watchtower
image: v2tec/watchtower
image: containrrr/watchtower
pull: true
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"

View file

@ -1,11 +1,11 @@
- name: Create Calibre Directories
- name: Create Calibre-web Directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ calibre_data_directory }}/config"
- name: Calibre Docker Container
- name: Calibre-web Docker Container
docker_container:
name: calibre
image: linuxserver/calibre-web:latest
@ -21,9 +21,11 @@
ports:
- "{{ calibre_port }}:8083"
restart_policy: unless-stopped
labels:
traefik.backend: "calibre"
traefik.frontend.rule: "Host:calibre.{{ ansible_nas_domain }}"
traefik.enable: "{{ calibre_available_externally }}"
traefik.port: "8083"
memory: 1g
labels:
traefik.enable: "{{ calibre_available_externally }}"
traefik.http.routers.calibre.rule: "Host(`calibre.{{ ansible_nas_domain }}`)"
traefik.http.routers.calibre.tls.certresolver: "letsencrypt"
traefik.http.routers.calibre.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.calibre.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.calibre.loadbalancer.server.port: "8083"

View file

@ -23,7 +23,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "cloudcmd"
traefik.frontend.rule: "Host:cloudcmd.{{ ansible_nas_domain }}"
traefik.enable: "{{ cloudcmd_available_externally }}"
traefik.port: "8000"
traefik.http.routers.cloudcmd.rule: "Host(`cloudcmd.{{ ansible_nas_domain }}`)"
traefik.http.routers.cloudcmd.tls.certresolver: "letsencrypt"
traefik.http.routers.cloudcmd.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.cloudcmd.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.cloudcmd.loadbalancer.server.port: "8000"

View file

@ -1,14 +0,0 @@
- name: Cloudflare Dynamic DNS Container
docker_container:
name: cloudflare-ddns
image: joshava/cloudflare-ddns:latest
pull: true
env:
ZONE: "{{ cloudflare_zone }}"
HOST: "{{ cloudflare_host }}"
EMAIL: "{{ cloudflare_email }}"
API: "{{ cloudflare_api_key }}"
PROXY: "false"
restart_policy: unless-stopped
memory: 512MB

View file

@ -38,7 +38,7 @@
links:
- firefly-mysql:db
ports:
- "{{ firefly_port }}:80"
- "{{ firefly_port }}:8080"
env:
APP_ENV: "local"
APP_KEY: "S0m3R@nd0mString0f32Ch@rsEx@ct1y"
@ -51,7 +51,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "firefly"
traefik.frontend.rule: "Host:firefly.{{ ansible_nas_domain }}"
traefik.enable: "{{ firefly_available_externally }}"
traefik.port: "80"
traefik.http.routers.firefly.rule: "Host(`firefly.{{ ansible_nas_domain }}`)"
traefik.http.routers.firefly.tls.certresolver: "letsencrypt"
traefik.http.routers.firefly.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.firefly.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.firefly.loadbalancer.server.port: "8080"

View file

@ -44,7 +44,9 @@
restart_policy: unless-stopped
memory: 4g
labels:
traefik.backend: "gitlab"
traefik.frontend.rule: "Host:gitlab.{{ ansible_nas_domain }}"
traefik.enable: "{{ gitlab_available_externally }}"
traefik.port: "80"
traefik.http.routers.gitlab.rule: "Host(`gitlab.{{ ansible_nas_domain }}`)"
traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
traefik.http.routers.gitlab.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.gitlab.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.gitlab.loadbalancer.server.port: "80"

View file

@ -11,13 +11,14 @@
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/timezone:/etc/timezone:ro"
pid_mode: host
network_mode: host
env:
GLANCES_OPT: "-w"
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "glances"
traefik.frontend.rule: "Host:glances.{{ ansible_nas_domain }}"
traefik.enable: "{{ glances_available_externally }}"
traefik.port: "61208"
traefik.http.routers.glances.rule: "Host(`glances.{{ ansible_nas_domain }}`)"
traefik.http.routers.glances.tls.certresolver: "letsencrypt"
traefik.http.routers.glances.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.glances.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.glances.loadbalancer.server.port: "61208"

View file

@ -40,10 +40,12 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "guacamole"
traefik.frontend.rule: "Host:guacamole.{{ ansible_nas_domain }}"
traefik.enable: "{{ guacamole_available_externally }}"
traefik.port: "8080"
traefik.http.routers.guacamole.rule: "Host(`guacamole.{{ ansible_nas_domain }}`)"
traefik.http.routers.guacamole.tls.certresolver: "letsencrypt"
traefik.http.routers.guacamole.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.guacamole.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.guacamole.loadbalancer.server.port: "8080"
- name: Restart Guacamole Container
docker_container:

View file

@ -23,7 +23,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "homebridge"
traefik.frontend.rule: "Host:homebridge.{{ ansible_nas_domain }}"
traefik.enable: "{{ homebridge_available_externally }}"
traefik.port: "8087"
traefik.http.routers.homebridge.rule: "Host(`homebridge.{{ ansible_nas_domain }}`)"
traefik.http.routers.homebridge.tls.certresolver: "letsencrypt"
traefik.http.routers.homebridge.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.homebridge.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.homebridge.loadbalancer.server.port: "8087"

View file

@ -20,7 +20,9 @@
TZ: "{{ ansible_nas_timezone }}"
restart_policy: unless-stopped
labels:
traefik.backend: "jackett"
traefik.frontend.rule: "Host:jackett.{{ ansible_nas_domain }}"
traefik.enable: "{{ jackett_available_externally }}"
traefik.port: "9117"
traefik.http.routers.jackett.rule: "Host(`jackett.{{ ansible_nas_domain }}`)"
traefik.http.routers.jackett.tls.certresolver: "letsencrypt"
traefik.http.routers.jackett.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.jackett.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.jackett.loadbalancer.server.port: "9117"

View file

@ -28,7 +28,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "jellyfin"
traefik.frontend.rule: "Host:jellyfin.{{ ansible_nas_domain }}"
traefik.enable: "{{ jellyfin_available_externally }}"
traefik.port: "8096"
traefik.http.routers.jellyfin.rule: "Host(`jellyfin.{{ ansible_nas_domain }}`)"
traefik.http.routers.jellyfin.tls.certresolver: "letsencrypt"
traefik.http.routers.jellyfin.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.jellyfin.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.jellyfin.loadbalancer.server.port: "8096"

View file

@ -39,7 +39,9 @@
restart_policy: unless-stopped
memory: 1g
labels:
traefik.backend: "joomla"
traefik.frontend.rule: "Host: joomla.{{ ansible_nas_domain }}"
traefik.enable: "{{ joomla_available_externally }}"
traefik.port: "80"
traefik.http.routers.joomla.rule: "Host(`joomla.{{ ansible_nas_domain }}`)"
traefik.http.routers.joomla.tls.certresolver: "letsencrypt"
traefik.http.routers.joomla.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.joomla.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.joomla.loadbalancer.server.port: "80"

View file

@ -25,9 +25,11 @@
TZ: "{{ ansible_nas_timezone }}"
VNC_PASSWORD: "{{ krusader_vnc_password }}"
restart_policy: unless-stopped
labels:
traefik.backend: "krusader"
traefik.frontend.rule: "Host:krusader.{{ ansible_nas_domain }}"
traefik.enable: "{{ krusader_available_externally }}"
traefik.port: "5800"
memory: 1g
labels:
traefik.enable: "{{ krusader_available_externally }}"
traefik.http.routers.krusader.rule: "Host(`krusader.{{ ansible_nas_domain }}`)"
traefik.http.routers.krusader.tls.certresolver: "letsencrypt"
traefik.http.routers.krusader.tls.domains[0].main: "{{ ansible_nas_domain }}"
traefik.http.routers.krusader.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
traefik.http.services.krusader.loadbalancer.server.port: "5800"

View file

@ -6,8 +6,6 @@
volumes:
- "{{ minidlna_media_directory1 }}:/media1:rw"
- "{{ minidlna_media_directory2 }}:/media2:rw"
ports:
- "{{ minidlna_port }}:8201"
env:
MINIDLNA_MEDIA_DIR1: "/media1"
MINIDLNA_MEDIA_DIR2: "/media2"

Some files were not shown because too many files have changed in this diff Show more