## ._____. .__ ## _____ ____ _____|__\_ |__ | | ____ ____ _____ ______ ## \__ \ / \ / ___/ || __ \| | _/ __ \ ______ / \\__ \ / ___/ ## / __ \| | \\___ \| || \_\ \ |_\ ___/ /_____/ | | \/ __ \_\___ \ ## (____ /___| /____ >__||___ /____/\___ > |___| (____ /____ > ## \/ \/ \/ \/ \/ \/ \/ \/ ## a n s i b l e - n a s https://github.com/davestephens/ansible-nas ### ### DO NOT EDIT THIS FILE! ### Add your customisations to inventories//group_vars/nas.yml ### ### ### Ansible-NAS Applications ### # Downloading transmission_with_openvpn_enabled: false # Please see docs about how to set VPN credentials transmission_enabled: false nzbget_enabled: false pyload_enabled: false utorrent_enabled: false # Media Serving plex_enabled: false tautulli_enabled: false # Media Sourcing sonarr_enabled: false # tv sickchill_enabled: false couchpotato_enabled: false radarr_enabled: false get_iplayer_enabled: false jackett_enabled: false minidlna_enabled: false jellyfin_enabled: false emby_enabled: false bazarr_enabled: false ombi_enabled: false lidarr_enabled: false # Music airsonic_enabled: false mymediaforalexa_enabled: false # News miniflux_enabled: false # System Management heimdall_enabled: false portainer_enabled: false glances_enabled: false stats_enabled: false guacamole_enabled: false netdata_enabled: false watchtower_enabled: false cloudflare_ddns_enabled: false cloudcmd_enabled: false virtual_desktop_enabled: false # Backup & Restore duplicati_enabled: false nextcloud_enabled: false timemachine_enabled: false # Software build and CI gitea_enabled: false gitlab_enabled: false # IRC znc_enabled: false thelounge_enabled: false # Password Management bitwarden_enabled: false # Finance firefly_enabled: false # Wallabag wallabag_enabled: false # Home Automation homeassistant_enabled: false mosquitto_enabled: false homebridge_enabled: false openhab_enabled: false # Books calibre_enabled: false # Ubooquity ubooquity_enabled: false # Joomla joomla_enabled: false # SEO serposcope_enabled: false # External Access # Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your # home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. # You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally" # settings. traefik_enabled: false traefik_port_http: "80" traefik_port_https: "443" traefik_port_ui: "8083" ### ### General ### # Sets the hostname of your Ansible NAS ansible_nas_hostname: ansible-nas # Sets the timezone for your Ansible NAS # You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones ansible_nas_timezone: Etc/UTC # Update all apt packages when playbook is run keep_packages_updated: false # Will be added to the docker group to give user command line access to docker ansible_nas_user: david # Your email and domain, used for Let's Encrypt SSL certs ansible_nas_email: me@example.com # Applications will have subdomain SSL certificates created if Traefik is enabled, e.g. ansible-nas., nextcloud. ansible_nas_domain: example.com ### ### Docker ### # Where you want Docker to store images docker_image_directory: "{{ docker_home }}/data" # Where you want Docker to store its container data. docker_home: /mnt/Volume2/docker # Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems # You might want to change this to ZFS, depending on your underlying filesystem. docker_storage_driver: overlay2 ### ### Samba ### # The location where all shares will be created by default. Can be overridden on a per-share basis. # This path will be mounted to backup containers, Duplicati samba_shares_root: /mnt/Volume3 # Where stuff downloaded will be stored downloads_root: "{{ samba_shares_root }}/downloads" # Where your movies are stored movies_root: "{{ samba_shares_root }}/movies" # Where your TV episodes are stored tv_root: "{{ samba_shares_root }}/tv" # Where torrent files are stored (picked up by Transmission for downloading) torrents_root: "{{ samba_shares_root }}/torrents" # Where music is stored music_root: "{{ samba_shares_root }}/music" # Where podcasts are stored podcasts_root: "{{ samba_shares_root }}/podcasts" # Where your books are stored books_root: "{{ samba_shares_root }}/books" # Where your books are stored comics_root: "{{ samba_shares_root }}/comics" # Where photos are stored photos_root: "{{ samba_shares_root }}/photos" # The description that'll appear next to your Ansible-NAS box when browsing your network samba_server_string: Ansible NAS # Shares you want published over Samba. samba_shares: - name: downloads comment: 'Stuff downloaded' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ downloads_root }}" - name: movies comment: 'Movies' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ movies_root }}" - name: tv comment: 'TV Episodes' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ tv_root }}" - name: music comment: 'Music' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ music_root }}" - name: podcasts comment: 'Podcasts' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ podcasts_root }}" - name: dump comment: 'File dump' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ samba_shares_root }}/dump" - name: games comment: 'Games' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ samba_shares_root }}/games" - name: photos comment: 'Pictures' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ samba_shares_root }}/photos" - name: books comment: 'Books' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ samba_shares_root }}/books" - name: comics comment: 'Comics' guest_ok: yes public: yes writable: yes browsable: yes path: "{{ samba_shares_root }}/comics" ### ### NFS ### # Data you want published over NFS. More info on the NFS config format can be found at # https://help.ubuntu.com/community/SettingUpNFSHowTo#Shares # WARNING: Weird things might happen if you share the same data over Samba and NFS and allow writes on both! nfs_shares_root: /mnt/Volume3 nfs_exports: - "{{ nfs_shares_root }}/public *(rw,sync,no_root_squash)" ### ### Cloudflare ### # Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to # set the options below. # Your domain name cloudflare_zone: "{{ ansible_nas_domain }}" # The hostname you want the container to update. You shouldn't need to change this. cloudflare_host: "*.{{ cloudflare_zone }}" # Email address used to register for Cloudflare cloudflare_email: "{{ ansible_nas_email }}" # Cloudflare 'Global API Key', can be found on the 'My Profile' page cloudflare_api_key: abcdeabcdeabcdeabcde1234512345 ### ### General ### # Extra packages to install ansible_nas_extra_packages: - smartmontools - htop - zfsutils-linux - bonnie++ - unzip - lm-sensors - ctop ansible_python_interpreter: /usr/bin/python3 ### ### Samba ### # Seems to break browsing of the \\server-name shares root when enabled samba_mitigate_cve_2017_7494: false # Enable apple exentensions for compatibility with apple clients samba_apple_extensions: yes # The account used when Samba shares are accessed. Shouldn't need to change this unless you want to # mess with Samba user permissions. samba_guest_account: ansible-nas # How Samba behaves when an unknown user connects, see Samba docs for more info samba_map_to_guest: Bad Password # The NetBIOS hostname used by Samba on your network samba_netbios_name: "{{ ansible_nas_hostname }}" ### ### Traefik ### traefik_docker_image: traefik:v1.7 traefik_data_directory: "{{ docker_home }}/traefik" traefik_debug: "false" ### ### Heimdall ### heimdall_available_externally: "false" heimdall_docker_image: linuxserver/heimdall:latest heimdall_data_directory: "{{ docker_home }}/heimdall" heimdall_port_http: "10080" heimdall_port_https: "10443" ### ### Transmission ### transmission_available_externally: "false" transmission_with_openvpn_available_externally: "false" transmission_config_directory: "{{ docker_home }}/transmission/config" transmission_download_directory: "{{ downloads_root }}" transmission_watch_directory: "{{ torrents_root }}" transmission_user_id: "0" transmission_group_id: "0" transmission_local_network: "192.168.1.0/24" transmission_webui_port: "9092" transmission_external_port: "51414" transmission_openvpn_webui_port: "9091" transmission_openvpn_external_port: "51415" transmission_openvpn_proxy_port: "3128" transmission_openvpn_ratio_limit_enabled: "true" transmission_openvpn_ratio_limit: "2" # Transmission VPN Credentials # If you're using Transmission with a VPN, you'll need to set these credentials. # See https://github.com/haugene/docker-transmission-openvpn/ for supported VPN providers. openvpn_username: leisure-suit-larry openvpn_password: secretpassword openvpn_provider: AWESOMEVPNPROVIDER openvpn_config: United-Kingdom ### ### uTorrent ### utorrent_available_externally: "false" utorrent_config_directory: "{{ docker_home }}/utorrent/config" utorrent_download_directory: "{{ downloads_root }}" utorrent_port_http: "8111" utorrent_port_bt: "6881" utorrent_user_id: "0" utorrent_group_id: "0" ### ### Joomla ### joomla_data_directory: "{{ docker_home }}/joomla" joomla_available_externally: "false" joomla_database_password: top_secret joomla_port: "8181" ### ### pyLoad ### pyload_available_externally: "false" pyload_config_directory: "{{ docker_home }}/pyload" pyload_download_directory: "{{ downloads_root }}" pyload_user_id: "0" pyload_group_id: "0" pyload_port: "8000" ### ### Plex ### # If you're paranoid, set permissions to "ro" so Plex won't ever be able to # delete your files plex_available_externally: "false" plex_config_directory: "{{ docker_home }}/plex/config" plex_logs: "{{ docker_home }}/plex/logs" plex_movies_directory: "{{ movies_root }}" plex_movies_permissions: "rw" plex_tv_directory: "{{ tv_root }}" plex_tv_permissions: "rw" plex_photos_directory: "{{ photos_root }}" plex_photos_permissions: "rw" plex_music_directory: "{{ music_root }}" plex_music_permissions: "rw" plex_user_id: "0" plex_group_id: "0" plex_port: "32400" ### ### Homebridge ### homebridge_available_externally: "false" homebridge_config_directory: "{{ docker_home }}/homebridge/config" homebridge_user_id: "0" homebridge_group_id: "0" homebridge_port: "8087" ### ### Emby ### # If you're paranoid, set permissions to "ro" so Emby won't ever be able to # delete your files emby_available_externally: "false" emby_config_directory: "{{ docker_home }}/emby/config" emby_movies_directory: "{{ movies_root }}" emby_movies_permissions: "rw" emby_tv_directory: "{{ tv_root }}" emby_tv_permissions: "rw" emby_user_id: "0" emby_group_id: "0" emby_port_http: "8096" emby_port_https: "8920" ### ### Tautulli ### tautulli_available_externally: "false" tautulli_config_directory: "{{ docker_home }}/tautulli/config" tautulli_user_id: "0" tautulli_group_id: "0" tautulli_port: "8185" ### ### Duplicati ### duplicati_available_externally: "false" duplicati_data_directory: "{{ docker_home }}/duplicati/config" duplicati_port: "8200" ### ### Sonarr ### sonarr_available_externally: "false" sonarr_data_directory: "{{ docker_home }}/sonarr/config" sonarr_tv_directory: "{{ tv_root }}" sonarr_download_directory: "{{ downloads_root }}" sonarr_user_id: "0" sonarr_group_id: "0" sonarr_port: "8989" ### ### Radarr ### radarr_available_externally: "false" radarr_movies_directory: "{{ movies_root }}" radarr_download_directory: "{{ downloads_root }}" radarr_data_directory: "{{ docker_home }}/radarr" radarr_user_id: "0" radarr_group_id: "0" radarr_port: "7878" ### ### Bazarr ### bazarr_available_externally: "false" bazarr_data_directory: "{{ docker_home }}/bazarr/config" bazarr_tv_directory: "{{ tv_root }}" bazarr_movies_directory: "{{ movies_root }}" bazarr_user_id: "0" bazarr_group_id: "0" bazarr_port: "6767" ### ### lidarr ### lidarr_available_externally: "false" lidarr_data_directory: "{{ docker_home }}/lidarr/config" lidarr_music_directory: "{{ music_root }}" lidarr_downloads_directory: "{{ downloads_root }}" lidarr_user_id: "0" lidarr_group_id: "0" lidarr_port: "8686" ### ### Couchpotato ### couchpotato_available_externally: "false" couchpotato_config_directory: "{{ docker_home }}/couchpotato/config" couchpotato_movies_directory: "{{ movies_root }}" couchpotato_downloads_directory: "{{ downloads_root }}" couchpotato_torrents_directory: "{{ torrents_root }}" couchpotato_user_id: "0" couchpotato_group_id: "0" couchpotato_port: "5050" ### ### Sickchill ### sickchill_available_externally: "false" sickchill_config_directory: "{{ docker_home }}/sickchill/config" sickchill_tv_directory: "{{ tv_root }}" sickchill_downloads_directory: "{{ downloads_root }}/completed" sickchill_user_id: "0" sickchill_group_id: "0" sickchill_port: "8081" ### ### Ombi ### ombi_available_externally: "false" ombi_config_directory: "{{ docker_home }}/ombi/config" ombi_user_id: "0" ombi_group_id: "0" ### ### Netdata ### netdata_available_externally: "false" netdata_port: "19999" ### ### OpenVPN ### openvpn_config_directory: "{{ docker_home }}/openvpn" ### ### Portainer ### portainer_available_externally: "false" portainer_data_directory: "{{ docker_home }}/portainer/config" portainer_port: "9000" ### ### ZNC ### znc_available_externally: "false" znc_data_directory: "{{ docker_home }}/znc" znc_user_id: "0" znc_group_id: "0" znc_port: "6677" ### ### Stats ### grafana_available_externally: "false" telegraf_data_directory: "{{ docker_home }}/telegraf" influxdb_data_directory: "{{ docker_home }}/influxdb" grafana_data_directory: "{{ docker_home }}/grafana" stat_collection_interval: 15s grafana_influxdb_port: "8086" grafana_port: "3000" ### ### Gitea ### gitea_available_externally: "false" gitea_data_directory: "{{ docker_home }}/gitea" gitea_port_http: "3001" gitea_port_ssh: "222" ### ### Gitlab ### gitlab_available_externally: "false" gitlab_data_directory: "{{ docker_home }}/gitlab" gitlab_port_http: "4080" gitlab_port_https: "4443" gitlab_port_ssh: "422" ### ### Glances ### glances_available_externally: "false" glances_port_one: "61208" glances_port_two: "61209" ### ### Nextcloud ### nextcloud_available_externally: "false" nextcloud_data_directory: "{{ docker_home }}/nextcloud" nextcloud_port: "8080" ### ### nginx ### nginx_data_directory: "{{ docker_home }}/nginx" nginx_port_http: "80" nginx_port_https: "443" ### ### Guacamole ### guacamole_available_externally: "false" guacamole_data_directory: "{{ docker_home }}/guacamole" guacamole_port: "8090" ### ### Miniflux ### miniflux_available_externally: "false" miniflux_data_directory: "{{ docker_home }}/miniflux" miniflux_admin_username: admin miniflux_admin_password: supersecure miniflux_port: "8070" ### ### Airsonic ### airsonic_available_externally: "false" airsonic_data_directory: "{{ docker_home }}/airsonic" airsonic_music_directory: "{{ music_root }}" airsonic_podcasts_directory: "{{ podcasts_root }}" airsonic_port: "4040" ### ### CloudCmd ### cloudcmd_available_externally: "false" cloudcmd_data_directory: "{{ docker_home }}/cloudcmd/config" cloudcmd_browse_directory: "/" cloudcmd_user_id: "0" cloudcmd_group_id: "0" cloudcmd_port: "7373" ### ### Watchtower ### # Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily. watchtower_cron_schedule: 0 0 5 * * * # Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive # notifications or not, some examples are provided below. See https://github.com/v2tec/watchtower for more info. # No notifications watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug" # Email notifications # watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'" # Slack notifications # watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'" ### ### Time Machine ### timemachine_data_directory: "{{ docker_home }}/timemachine" timemachine_volume_size_limit: "0" timemachine_password: timemachine timemachine_share_name: Data timemachine_log_level: error timemachine_port: "10445" ### ### minidlna ### minidlna_media_directory1: "{{ movies_root }}" minidlna_media_directory2: "{{ tv_root }}" minidlna_friendly_name: "{{ ansible_nas_hostname }}" minidlna_port: "8201" ### ### get_iplayer ### get_iplayer_config_directory: "{{ docker_home }}/get_iplayer" get_iplayer_download_directory: "{{ tv_root }}/iplayer_downloads" get_iplayer_port: "8182" ### ### mymediaforalexa ### mymediaforalexa_media_directory: "{{ music_root }}" mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa" ### ### Jackett ### jackett_available_externally: "false" jackett_data_directory: "{{ docker_home }}/jackett" jackett_torrents_root: "{{ torrents_root }}" jackett_port: "9117" ### ### The Lounge ### thelounge_available_externally: "false" thelounge_data_directory: "{{ docker_home }}/thelounge" thelounge_port_one: "113" thelounge_port_two: "9002" ### ### Bitwarden ### bitwarden_available_externally: "false" bitwarden_data_directory: "{{ docker_home }}/bitwarden" bitwarden_port_a: "19080" bitwarden_port_b: "3012" # Keep this token secret, this is password to access admin area of your server! # This token can be anything, but it's recommended to use a long, randomly generated string of characters, # for example running openssl rand -base64 48 bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321 # To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook. # Once you have created your user, set to "false" and run one more time. # Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden bitwarden_allow_signups: false ### ### Firefly ### firefly_available_externally: "false" firefly_data_directory: "{{ docker_home }}/firefly" firefly_port: "8066" ### ### Nzbget ### nzbget_available_externally: "false" nzbget_data_directory: "{{ docker_home }}/nzbget" nzbget_download_directory: "{{ downloads_root }}" nzbget_user_id: "0" nzbget_group_id: "0" nzbget_port: "6789" ### ### Wallabag ### wallabag_available_externally: "false" wallabag_data_directory: "{{ docker_home }}/wallabag" wallabag_port: "7780" ### ### Mosquitto ### mosquitto_available_externally: "false" mosquitto_data_directory: "{{ docker_home }}/mosquitto" mosquitto_port_a: "1883" mosquitto_port_b: "9001" ### ### Calibre ### calibre_available_externally: "false" calibre_data_directory: "{{ docker_home }}/calibre" calibre_user_id: "0" calibre_group_id: "0" calibre_books_root: "{{ books_root }}" calibre_port: "8084" # To disable ebook conversion set calibre_ebook_conversion to "". To enable it set it to "linuxserver/calibre-web:calibre" calibre_ebook_conversion: "linuxserver/calibre-web:calibre" ### ### Home Assistant ### homeassistant_available_externally: "false" homeassistant_data_directory: "{{ docker_home }}/homeassistant" homeassistant_port: "8123" ### ### openHAB ### openhab_available_externally: "false" openhab_docker_image: openhab/openhab:latest openhab_data_directory: "{{ docker_home }}/openhab" openhab_port_http: "7777" openhab_port_https: "7778" ### ### Jellyfin ### # If you're paranoid, set permissions to "ro" so jellyfin won't ever be able to # delete your files jellyfin_available_externally: "false" jellyfin_config_directory: "{{ docker_home }}/jellyfin/config" jellyfin_movies_directory: "{{ movies_root }}" jellyfin_movies_permissions: "rw" jellyfin_tv_directory: "{{ tv_root }}" jellyfin_tv_permissions: "rw" jellyfin_user_id: "0" jellyfin_group_id: "0" jellyfin_port_http: "8896" jellyfin_port_https: "8928" ### ### Ubooquity ### ubooquity_available_externally: "false" ubooquity_data_directory: "{{ docker_home }}/ubooquity" ubooquity_user_id: "0" ubooquity_group_id: "0" ubooquity_port_webui: "2202" ubooquity_port_admin: "2203" ### ### Serposcope ### serposcope_data_directory: "{{ docker_home }}/serposcope" serposcope_port: 7134 serposcope_available_externally: "false" ### ### Virtual Desktop ### vd_data_directory: "{{ docker_home }}/virtual_desktop" vd_docker_image: "rattydave/docker-ubuntu-xrdp-mate-custom:19.10-tools" vd_users: - username: "{{ ansible_nas_user }}" password: "topsecret" sudo: "Y" vd_rdp_port: 3389