Initial Commit

This commit is contained in:
Matthew McKinnon 2024-09-09 22:37:51 +10:00
commit 2d11850d3e
50 changed files with 2408 additions and 0 deletions

View File

@ -0,0 +1,74 @@
name: 'Add Application'
description: 'Track the process of adding a new application'
title: 'Add Application: [Application Name]'
labels:
- addition
assignees: ''
body:
- type: markdown
attributes:
value: |
## Application Details
- type: input
id: application-name
attributes:
label: Application Name
description: Name of the application to be added
placeholder: Name of the application
- type: textarea
id: application-description
attributes:
label: Application Description
description: Provide a brief description of the application and its purpose
placeholder: Description of the application
- type: checkboxes
id: application-reason
attributes:
label: Reason for Addition
description: Please select one or more reasons for adding the application
options:
- label: New functionality
- label: Performance improvement
- label: Security enhancement
- label: Replacing another application
description: Provide the name of the application being replaced, if applicable
- label: Other (please specify)
description: Provide additional details
- type: markdown
attributes:
value: |
## Steps to Add
- type: checkboxes
id: steps-to-add
attributes:
label: Steps to Add
description: Please check off each step as it is completed
options:
- label: Add Configuration Files
description: Create and add configuration files for the new application
- label: Update Wiki
description: Create or update the Wiki page for the new application and update any relevant architecture diagrams or flowcharts
- label: Update README(s)
description: Add the new application to the main table and any other relevant sections
- label: Add to CD Platform Logic
description: Add necessary logic to the CD platform for the new application
- label: Testing and Validation
description: Ensure the application is tested and validated in the environment
- type: markdown
attributes:
value: |
## Commit IDs for Completed Steps
- type: textarea
id: commit-ids
attributes:
label: Commit IDs
description: Enter the commit IDs for the completed steps above
placeholder: Enter commit IDs separated by commas

View File

@ -0,0 +1,50 @@
name: 'Feature Request'
description: 'Suggest a new feature for the project'
title: 'Feature Request: [Summary]'
labels:
- enhancement
assignees: ''
body:
- type: markdown
attributes:
value: |
## Feature Request
**Please fill out this template with the requested information.**
- type: input
id: summary
attributes:
label: Summary
description: A concise description of the feature you'd like to see added.
placeholder: Brief summary of the feature request
- type: textarea
id: motivation
attributes:
label: Motivation
description: Explain why this feature would be beneficial to the project. What problem does it solve or what value does it bring?
placeholder: Describe the motivation behind the feature request
- type: textarea
id: detailed-description
attributes:
label: Detailed Description
description: |
Provide a detailed explanation of the proposed feature. Include:
- How would this feature be used?
- What are the expected benefits of this feature?
- Are there any potential drawbacks or limitations to consider?
placeholder: Provide a detailed description of the feature
- type: textarea
id: additional-context
attributes:
label: Additional Context
description: |
Include any relevant information such as:
- Links to external resources (e.g., documentation, articles)
- Screenshots or mockups to illustrate the feature
- Use cases and examples of how the feature would be used
placeholder: Add any other context or screenshots about the feature request here

View File

@ -0,0 +1,39 @@
name: Deploy
on:
push:
branches:
- master
jobs:
deploy:
name: Prepare Build
runs-on: alpine-latest
container: alpine:latest
steps:
- name: Install dependencies
run: |
apk update
apk add --no-cache nodejs npm git bash openssh python3 py3-pip py3-passlib
python3 -m pip install --user ansible --break-system-packages
export PATH="/root/.local/bin:$PATH"
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Deploy containers
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
eval $(ssh-agent -s)
ssh-add <(echo "${{ secrets.SSH_PRIVATE_KEY }}")
echo "HOST *" > ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config
echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.vault_password.txt
echo "nameserver 10.10.10.1" > /etc/resolv.conf
./.gitea/workflows/deploy.sh "${{ github.event.before }}" "${{ github.sha }}"

14
.gitea/workflows/deploy.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
changed_tasks=($(git diff --name-only $1 $2 | grep '\.yml$'))
if [ ! -z "$changed_tasks" ]; then
for task in "${changed_tasks[@]}"; do
tag=$(echo "$task" | awk -F/ '{print $2}')
if [[ "$tag" != "deploy-homelab.yml" && "$tag" != "main.yml" && "$tag" != "all.yml" && "$tag" != "all.example.yml" && "$tag" != "ISSUE_TEMPLATE" && "$tag" != "workflows" ]] ; then
tag=${tag%.*}_install
/root/.local/bin/ansible-playbook main.yml --tags "$tag" --vault-password-file ~/.vault_password.txt
fi
done
else
echo "No changes detected in task files. Skipping Ansible playbook execution."
fi

175
README.md Normal file
View File

@ -0,0 +1,175 @@
![Header Image](https://miro.medium.com/v2/resize:fit:4000/1*16DgdobhWUUXKzF4fwjOdw.png)
<div align = "center">
# Homelab
Homelab deployed as Infrastructure as Code (IaC) using ansible and terraform. Using Gitea Actions and Renovate bot for CI/CD to keep containers updated.
</div>
<!-- [![deploy-containers](https://gitea.comprofix.com/mmckinnon/homelab/actions/workflows/deploy-containers.yml/badge.svg)](https://gitea.comprofix.com/mmckinnon/homelab/actions) -->
<div align="center">
| Provider | OS | Tools
|---|---|---|
| [![BinaryLane](https://img.shields.io/badge/BinaryLane-8A2BE2)](https://binarylane.com.au) | [![Debian](https://img.shields.io/badge/Debian-%23c9d1d9?&logo=Debian&logoColor=red)](https://www.debian.org/releases/stable/) | [![Gitea](https://img.shields.io/badge/gitea-%23c9d1d9?logo=gitea&logoColor=green)](https://about.gitea.com/) [![Docker](https://img.shields.io/badge/-Docker-%23c9d1d9?logo=docker)](https://www.docker.com/)
</div>
This VPS contains containers and services that need to be always online as part of the HomeLab setup.
<!-- <div align="center">
## Apps in Repo:
<table>
<tr>
<th>Logo</th>
<th>Name</th>
<th>Description</th>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://www.vectorlogo.zone/logos/letsencrypt/letsencrypt-icon.svg"></td>
<td><a href="https://certbot.eff.org/">Certbot</a></td>
<td>Used to generate Let's Encrypt Certificates</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://code.visualstudio.com/assets/images/code-stable.png"></td>
<td><a href="https://github.com/coder/code-server">codeserver</a></td>
<td>Run VS Code on any machine anywhere and access it in the browser</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/amir20/dozzle/master/assets/favicon.svg"></td>
<td><a href="https://dozzle.dev">dozzle</a></td>
<td>Real-time logging and monitoring for Docker in the browser</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/go-gitea/gitea/main/assets/logo.svg"></td>
<td><a href="https://docs.gitea.com/category/installation">Gitea</a></td>
<td>Self-Hosted Git Service</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/go-gitea/gitea/main/assets/logo.svg"></td>
<td><a href="https://docs.gitea.com/usage/actions/act-runner">Act Runner (Gitea Runner)</a></td>
<td>Self-Hosted Runner Service</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/thomiceli/opengist/a9dd531f676d01b93bb6bd70751a69382ca563b0/public/opengist.svg"></td>
<td><a href="https://github.com/thomiceli/opengist">Opengist</a></td>
<td>Opengist is a self-hosted pastebin powered by Git</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/homepage.png"></td>
<td><a href="https://gethomepage.dev/latest/">Homepage</a></td>
<td>A modern, fully static, fast, secure fully proxied, highly customizable application dashboard with integrations for over 100 services and translations into multiple languages. Easily configured via YAML files or through docker label discovery</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/invoiceninja.svg"></td>
<td><a href="https://invoiceninja.com/">Invoice Ninja</a></td>
<td>Free Invoicing Software for Small Businesses</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/jellyfin.svg"></td>
<td><a href="https://jellyfin.org/">Jellyfin</a></td>
<td>Jellyfin is a Free Software Media System that puts you in control of managing and streaming your media.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/jellyseerr.svg"></td>
<td><a href="https://github.com/Fallenbagel/jellyseerr">Jellyseerr</a></td>
<td>Jellyseerr is a free and open source software application for managing requests for your media library.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/lidarr.svg"></td>
<td><a href="https://lidarr.audio/">Lidarr</a></td>
<td>Lidarr is a music collection manager for Usenet and BitTorrent users. </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/mariadb.svg"></td>
<td><a href="https://mariadb.org/">MariaDB</a></td>
<td>MariaDB Server is one of the most popular open source relational databases. Its made by the original developers of MySQL and guaranteed to stay open source.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/mealie.svg"></td>
<td><a href="https://mealie.io">Mealie</a></td>
<td>Mealie is an intuitive and easy to use recipe management app.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/osticket.svg"></td>
<td><a href="https://osticket.com/">osTicket</a></td>
<td>osTicket is a widely used and trusted open source support ticketing system.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/planka.svg"></td>
<td><a href="https://planka.app/">Planka</a></td>
<td>Elegant open source project tracking</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/portainer.svg"></td>
<td><a href="https://portainer.io/">Portainer</a></td>
<td>Portainer is your container management software</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/postgres.svg"></td>
<td><a href="https://portainer.io/">PostgreSQL</a></td>
<td>PostgreSQL, also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/privatebin.svg"></td>
<td><a href="https://privatebin.info/">Privatebin</a></td>
<td>PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/prowlarr.svg"></td>
<td><a href="https://github.com/Prowlarr/Prowlarr">Prowlarr</a></td>
<td>Prowlarr supports management of both Torrent Trackers and Usenet Indexers.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://icons.veryicon.com/png/o/miscellaneous/cookd-pc/kms-management.png"></td>
<td><a href="https://github.com/Py-KMS-Organization/py-kms">py-kms</a></td>
<td>KMS activates Microsoft products on a local network, eliminating the need for individual computers to connect to Microsoft.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/qbittorrent.svg"></td>
<td><a href="https://qbittorrent.org">qBittorrent</a></td>
<td>qBittorrent is a cross-platform free and open-source BitTorrent client </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/radarr.svg"></td>
<td><a href="https://radarr.video">Radarr</a></td>
<td>Radarr is a movie collection manager for Usenet and BitTorrent users.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/readarr.svg"></td>
<td><a href="https://readarr.com">Readarr</a></td>
<td>Readarr is a ebook collection manager for Usenet and BitTorrent users. </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/sabnzbd.svg"></td>
<td><a href="https://sabnzbd.com">Sabnzbd</a></td>
<td>Free and easy binary newsreader</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/sonarr.svg"></td>
<td><a href="https://sonarr.tv">Sonarr</a></td>
<td>Sonarr is a PVR for Usenet and BitTorrent users.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/speedtest-tracker-logo.png"></td>
<td><a href="https://sonarr.tv">Speedtest-Tracker</a></td>
<td>Speedtest-tracker is a self-hosted internet performance tracking application that runs speedtest checks against Ookla's Speedtest service.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/stirling-pdf.svg"></td>
<td><a href="https://github.com/Stirling-Tools/Stirling-PDF">Stirling-PDF</a></td>
<td>This is a robust, locally hosted web-based PDF manipulation tool using Docker. </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/walkxcode/dashboard-icons/dd34fba44b97d3d5753dda032487890cb6fa5879/svg/vaultwarden.svg"></td>
<td><a href="https://github.com/dani-garcia/vaultwarden">Vaultwarden</a></td>
<td>Self-Hosted implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients</td>
</tr>
</div> -->

6
ansible.cfg Normal file
View File

@ -0,0 +1,6 @@
[defaults]
inventory=hosts
deprecation_warnings=False
host_key_checking=False
interpreter_python=auto_silent

View File

@ -0,0 +1,77 @@
---
- hosts: proxmox
become: yes
tasks:
# - name: Delete existing template
# community.general.proxmox_kvm:
# api_host: "{{ api_host }}"
# api_user: "{{ api_user }}"
# api_password: "{{ api_password }}"
# node: "{{ node_target }}"
# name: "debian-12-generic-amd64"
# state: absent
# - name: Download cloud-init image
# register: image
# ansible.builtin.get_url:
# url: "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2"
# dest: /tmp
# mode: '0644'
# force: true
# - name: Install Tools
# ansible.builtin.apt:
# name:
# - libguestfs-tools
# - python3
# - python3-pip
# - python3-proxmoxer
# update_cache: true
# install_recommends: false
# state: present
# - name: Install Tools to cloud-init image
# ansible.builtin.shell: |
# virt-customize -a {{ image.dest }} --install qemu-guest-agent
# virt-customize -a {{ image.dest }} --install vim
# virt-customize -a {{ image.dest }} --install git
- name: Create new VM template from cloud-init image
community.general.proxmox_kvm:
api_host: "{{ api_host }}"
api_user: "{{ api_user }}"
# api_password: "{{ api_password }}"
api_token_id: "{{ api_token_id }}"
api_token_secret: "{{ api_token_secret }}"
api_port: "8006"
node: "{{ node_target }}"
name: "debian-12-generic-amd64"
agent: "enabled=1"
bios: ovmf
boot: 'order=scsi0'
cores: 4
sockets: 1
machine: q35
memory: 4096
ostype: "l26"
vga: std
scsihw: 'virtio-scsi-single'
#scsi:
#scsi0: "{{ storage_target }}:0,iothread=1,discard=on,import-from={{ image.dest }},format=raw"
#scsi0: "{{ storage_target }}:0,import-from=/tmp/debian-12-generic-amd64.qcow2,format=raw"
net:
net0: 'virtio,bridge=vmbr0,firewall=1,tag=10'
ipconfig:
ipconfig0: 'ip=dhcp'
template: true
timeout: 600
vmid: 10000
# - name: Pause for 5 seconds while template imported
# ansible.builtin.pause:
# seconds: 10
- name: Import HDD to Template
command:
cmd: "qm set 10000 --scsi0 {{ storage_target }}:0,iothread=1,discard=on,import-from=/tmp/debian-12-generic-amd64.qcow2,format=raw"

100
group_vars/all.yml Normal file
View File

@ -0,0 +1,100 @@
$ANSIBLE_VAULT;1.1;AES256
32656263363465383531613338653130323635653238383232646265326433616462363464656539
3162306463653134666135376366643861353862663765630a343165613030633661353463316463
30633162376563663166616366643836316363663065333366643338383939636531323538616536
3136383363636131360a326661366265653364323966386634656465376433633035343033653034
38613637613431616637323038363933383037396236386633303366313835333865316563373966
35623038613166356132633264366361313030313765333335343136326165326333656361363462
61383538356434643333653534346264396335653535343362386234316666626431643130346436
34363265613632666431343735376166383466633338353339646337613135613461363366346562
39333135633061376139333030666365366438366434326139313265643034363934306134643630
65356338373564346362633830383337373131366263323166386435313931633139646233623033
36666334613766356463333963653034316636376364303063666237383732396335636231303764
63343963633664393632613263333563643737393466326665633766663764363236333834313737
66353833636661643536633066366666306231643038623632306230656534336666303930303461
62323137353530396135376364316331353138616161303265376334303666633032646631323664
31323336386339326530646237666239333963343732376235306537323336303030613164623765
33383534326532383230616561376136646632643634393563346565336139656339383631333539
66613830313134313239366232323965343063633433653434373564663861323330323663363965
36363132626535663734653739333331616532666635333936306334656264646336366233356562
34383135343335653130636132633631623634333961376262316536633339313033326239356663
38666361636239356665626139643735333461633436373362373034383536326664336663623038
31383237643733613533633535383939313835313363633362343965633336626263623932663862
32376265666438333663373364613861656564326139363731313731343234373934656633613532
35396535306164323237376232633830613432633735663636396137356361303730376239373130
61313630313235373363333862363961313938303332366233656364616536316366326466316439
39376632663062666135623639343136643065363734366430386563613530343061326661653733
63323036633363386636333636633864333334306164306431663662383562396434306336303337
32383137363834633731393564353238636237313361643438306536386432666663383563653834
38613031353265316230363464353638373564636234303266396264306231383634623664626535
64363033373535666135316364303862343732393036396334326136323437646239363361373762
61633761343362653261316434636664353564363330303131333236336230643161623863376634
34613466396330313837643139333565366263363430343536386266323937336466623931383062
62626363383163663637353235343035323233393033623132336664396464343638303839376561
65376537666430666330323430393337666233636165356665323032343563333833383830616165
33636662633961346561373231646664643932386465343537626237663338613836356430393961
39363963633237306561353161643133396366633762336437633138393139653261373539303539
36316464643362336135363631666130653131326435306463366236323830663965363662646361
35643430666365613465666436386332346561326439643863333138363263306331653733343432
63363932303735396234323963363336353133376362306539333131323262336535333733393639
63613064636333303532623935393262373363636161653566373830636131633835366463363533
61333163326262343037313462303930363234316462623963323563303864383163643936643761
61623461326334396539633364643031366231316535643135313935633439643361656136616532
34653635303631623639656165666231363563383336666337323361636137643564373565323238
35353965633230663166353161643033383666373530623739396139366137316438396333666231
34613136363939633565393336336633636665363838323230346262386335386365376262326462
34393539393365346364393432313665356465653866666538323134636630613137333261383364
39313362333832623837313235353331346434303166633137303234303062646337373664373861
32343037613362346134636531356463303739396364646339333138363064376632356534323834
64313864323065303531366435393864303035303331313737316137376361656438353739333830
64333234353837383938393861643236373338323436323863393933643332366363653935646264
37376336616162346161623136393662306137616638383134363964313835333332366430353364
64363730626564393134383534313130313633623137336630386364326365336262373963396239
32393061663964643036323233633232326232656363613339376663633761316639323737383365
33356562643530313434383639393766633733383263366162316332306532366362653737356539
63656366356333396165383330626535626232336137646464323665316464626139373964623163
31626230393661333164303834396331623934356538326166313635656437316236313630313463
65303633616637383436383737366361313736383262663130343932323830383763643235353264
36643966303937336636653037633739303364626638636438396332373862306665623037306336
61626330313364333639353366363131343434663139643361323836353065656137333162333130
65326364396665613763373565323165383638386135366235646437383130333434346635393566
61303263343132663531663237666337326365653737653731626364383665663334643139346338
66613266633263613037646334346661393063373330616431346161376137656139366166616264
64343737643662663134363265653063636665656366656135633932653165343361633835336665
35336139653939656162323366386435623134623062313461613261343264323731613732313435
65313436396464366662366533313162343233323836323336393665646361343438383063623964
63303761316666643237323364336139323536643664363331643565336166316163663731393065
30643638356231303563343433616335306435316161333937363937633131373536346464356539
36663865633336666539363734613131303931363732643665363866643533643763343433616561
66656238653734383131376330616535636138663933393032613166396436623436393563643336
38656164313566356566613331396539656531666462336163373034613232666439346633616166
35316636323064346531656631363265366335336265316362623438336230626332333838626265
61313834393664353133623132303332353633636464343764643334323866303664346563353839
34366534383963383366633765366337363835326133366264323239323266313433636538303537
65306230666335386332613638333738363965623934366338653133623434373831656361386437
37323232346236616236346539613739313237326433363961666535343634643937343331653366
32313864633562346132343538633035303432383033363939306663613939376261653662666161
39383639646338656233376130633966343637353238346435383637376636363631343037336236
36393361646161613736363135343964383364316265343939393333323937376661356331376465
62616333306137643366386561343234663836653833666239383835393031303163393365356661
31356537313530333934653564353039623766326236663635396539616533303831613135653738
31373234346439373230613139636661656636393238363132383732376436646638643131376435
36376435336232353333353563616164643632363565633639623161386436643663656132373135
35646365336365333931653665343461663263333432306131633335333766396165363631663930
66633039383564613739653436666330363661666631353461613333313632333032373939626263
38326164303131386461613962326166666434393031633365306332383663303638666330363632
31343135613065623464646661623865643765613838376434393765663366343961646432306135
62356234323436653166613462373931616236333265616465346564653563323233383962306162
33393030663330336332316332343731666561346539633531653431303934316663363964616236
37336236346563346533643338366433343035653766383663306333633031343462383931343465
38663432383865616432326236376633353935323434333431313739353232343762626439366263
39333762343761613861396431643561653665303831613964363733396663356333373437383766
66343831373463623233646438393537313966613238366334356331356234356232663066316635
66636666333465643132383536643234343135396632393265663465393930346138383761363139
62623966613964373963623362343164623837626638623330383932396638363766383166653462
65346634646264313132623332633536383236376336313339356561663339656430623866306336
66393263656461316433663735353733646638633430663635643064386633666334326437613839
36316333326663663664363436613933636532393630346430313931633533623035346366343934
61303437666334323231343336366330656261646566653938653733633933653562373938633962
30386438343166316366646565333766393930303435663362303432646337323465316261623565
363632346536336638383065656231373538

9
hosts Normal file
View File

@ -0,0 +1,9 @@
[cloud]
vps02.comprofix.com
# [docker]
# docker.comprofix.xyz

132
main.yml Normal file
View File

@ -0,0 +1,132 @@
---
- hosts: all
name: Configure all servers
tasks:
- name: Gather facts if run with tags
ansible.builtin.setup:
when: ansible_run_tags | length
tags: always
- hosts: all
become: yes
tasks:
- include_tasks: tasks/base.yml
tags: base_install
- hosts: cloud
become: yes
roles:
- role: docker
tags: docker_install
- name: traefik
vars:
traefik_host: traefik01.comprofix.com
tags: traefik_install
tasks:
# - name: Deploy Homepage
# import_tasks: tasks/homepage.yml
# tags: homepage_install
- name: Deploy Vaultwarden
import_tasks: tasks/vaultwarden.yml
tags: vaultwarden_install
- name: Deploy gitea
import_tasks: tasks/gitea.yml
tags: gitea_install
tags: cloud_install
# - hosts: docker
# become: yes
# roles:
# - role: docker
# tags: docker_install
# - role: nfs
# mounts:
# - name: Docker share
# path: /mnt/nfs/docker
# src: truenas.comprofix.xyz:/mnt/datapool/docker
# - name: Data share
# path: /mnt/nfs/data
# src: truenas.comprofix.xyz:/mnt/datapool/data
# tags: nfs_install
# - role: traefik
# vars:
# traefik_host: traefik02.comprofix.xyz
# data_folder: "/mnt/nfs/docker"
# tags: traefik_install
# tasks:
# - name: Deploy iDrac Fan Controller
# import_tasks: tasks/idrac.yml
# tags: idrac_install
# - name: Deploy MariaDB
# import_tasks: tasks/mariadb.yml
# tags: mariadb_install
# - name: Deploy InvoiceNinja
# import_tasks: tasks/invoiceninja.yml
# tags: invoiceninja_install
# - name: Deploy osTicket
# import_tasks: tasks/osticket.yml
# tags: osticket_install
# - name: Deploy speedtest-tracker
# import_tasks: tasks/speedtest.yml
# tags: speedtest_install
# - name: Deploy dozzle
# import_tasks: tasks/dozzle.yml
# tags: dozzle_install
# - name: Deploy jellyseerr
# import_tasks: tasks/jellyseerr.yml
# tags: jellyseerr_install
# - name: Deploy lidarr
# import_tasks: tasks/lidarr.yml
# tags: lidarr_install
# - name: Deploy prowlarr
# import_tasks: tasks/prowlarr.yml
# tags: prowlarr_install
# - name: Deploy radarr
# import_tasks: tasks/radarr.yml
# tags: radarr_install
# - name: Deploy readarr
# import_tasks: tasks/readarr.yml
# tags: readarr_install
# - name: Deploy sonarr
# import_tasks: tasks/sonarr.yml
# tags: sonarr_install
# - name: Deploy sabnzbd
# import_tasks: tasks/sabnzbd.yml
# tags: sabnzbd_install
# - name: Deploy mealie
# import_tasks: tasks/mealie.yml
# tags: mealie_install
# - name: Deploy pyKMS
# import_tasks: tasks/pykms.yml
# tags: pykms_install
# tags: dockerserver_install

22
renovate.json Normal file
View File

@ -0,0 +1,22 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base",
"renovatebot/renovate-config",
":semanticCommitTypeAll(chore)"
],
// "automerge": true,
// "automergeType": "branch",
// "automergeStrategy": "rebase",
// "commitBodyTable": true,
// "ignoreTests": true,
// "major": {
// "automerge": false,
// "dependencyDashboardApproval": true,
// "commitMessagePrefix": "chore(deps-major): ",
// "labels": ["dependencies", "breaking"]
// },
// "ignorePaths": [
// "terraform/"
// ]
}

View File

@ -0,0 +1,2 @@
---
# defaults file for docker

View File

@ -0,0 +1,52 @@
galaxy_info:
author: Matthew McKinnon
description: Mounting NFS filesystem
company: support@comprofix.com
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View File

@ -0,0 +1,48 @@
---
- name: Add Docker apt key.
ansible.builtin.get_url:
url: "{{ docker_apt_gpg_key }}"
dest: /etc/apt/trusted.gpg.d/docker.asc
mode: '0644'
force: false
checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
ignore_errors: true
- name: Add Docker repository.
apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
filename: "{{ docker_apt_filename }}"
update_cache: true
- name: Install Docker packages.
package:
name: "{{ docker_packages }}"
state: "present"
- name: Install Docker Module for Python
pip:
name:
- PyYAML==5.3.1
- docker
- docker-compose
- pymysql
- passlib
state: "present"
- name: Ensure docker users are added to the docker group.
user:
name: "{{ item }}"
groups: docker
append: true
with_items: "{{ docker_users }}"
- name: Reset ssh connection to apply user changes.
meta: reset_connection
- name: Setup cron job for backup
cron:
name: Docker Prune
minute: 0
hour: 5
job: "docker system prune -af && docker image prune -af && docker system prune -af --volumes"

View File

@ -0,0 +1,51 @@
$ANSIBLE_VAULT;1.1;AES256
36326633353666613166393030633363373435666230663138303735323132663930663663383138
3131616265626633663430353835663866356436373533390a623564333539306162613532393661
61326437363033383862343034356639316162363364356135616132396136383962333062653566
3966323033663162640a323461656637633062373134656237323339346638663338353266386164
30653839343165663937653534313335316336356262303331643839643733663264643265633337
62633265656330353536663762643130636466353165336535393033663937396364373064363133
66323931663164313235316638393838326532643233636663333635656162343333643233646131
33336239393035613839646434643633313239393764613836343039383361613437626334643534
33373461336363636162646631323266353235326361393338366563653663343537633765653261
30393863323134376466346663376432623938376638393135356439326562656534376233646364
31353336396362323363323964383635303264646661626662333161303961383333636437393264
61623638303066343832303034633736343031333732633437356134393837663637653738303837
65643264663564643432363830373861323062393561386261323638353339663835663830653633
35373865383832656665333263323463303631343239346632336565393032333865353364386431
34633064356233626337646439623665613039666632366162346534656438393965623836366230
38323765633333663266656161376233343131646165343538653335653061363435316536313339
65366539313338623030663233633766373865653938616437323664633537306162353438373564
30383831353563663834373731356330393535613162313461303265353461643434613833376330
39653063363666353261373161636434366464306539306538623533373764666466383766646166
63313263626539316163656431393534393266666632366430323439373931636235663137393363
66323338643835356338646565653235333762343162636434653561626630333233343232633365
64353139376236363039343432636563316562383263336434376236613734396564393137366531
35613232646638313435326234366335356538393331363862353232353961373734646332646635
37323930623932326164323831393462653331373562336264613635396339653161303863623739
34303532376335623533373466366464666662653533363963326536633938333833376432616330
62326261366463323934663939316338306535323935623935323337333866353539336132326564
64623739623064333932386363353235356431656339663039643631353264376234316430356235
33326233356638646163633333613736343732626263333631336333343434353164333436653331
64376539336562393538613134633933373339363737363364623066383130653033633966316665
36323361656131623435346565323638313030343762313765646264396461616165393762366436
65363563313439376437626533386262323036346436663030303736363061396639633338386337
65623534393561643662653538633630363663326430383030393062323934326465313533303662
30323861613333353465396536653632373934363162393465373466636132383064663063383834
66653938346463663335333737386339666430643034386335353938633232323333633238643035
37643239383936393233353735333164663566663833383763306635646666666365336161316437
64343032376139373036366433376263376565656435336662656661336530323130356266353265
32316361623238386530303533343763646533653631613965386639386237303965636634353366
31363137376633376532383361376631663734653262616237373933363330323337386434623261
63656364653162323463626361633533353132666563393538383332306263316639396530323131
63646566623064393930343137623564323234383430363365313834336464333432623466646139
33343833353339633236613439623735316538373962663365623963663639663264396238363465
61313338343435313035643163316631303433383738393162633032613830663264386538343763
30363434653461396239306334333366333232373732353362666538323063313934346433666334
35363236333038333363653737656362653362376338653364636566346637376566306632326438
32663930613066343361616665396334393863643963316239313735363539333263656133356665
62663236366665373637373436656630336630393333393164343265306533666366333964333338
36376337376366333835326565323735613961323264663466356635653763343331373561666632
61343466643661636335373663386466333232393064623538666636653439363639386462373238
38613862656363373434353037613135363464313864386361323136613762306632653838616463
3438636539363664613934313333336535623165306438353130

View File

@ -0,0 +1,8 @@
---
# defaults file for roles/nfs-mount
# List of NFS shares
nfs_share_mounts: []
# Default NFS4 mount options
nfs_mount_opts: "rw,sync,hard"

52
roles/nfs/meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: Matthew McKinnon
description: Mounting NFS filesystem
company: support@comprofix.com
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

20
roles/nfs/tasks/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Install NFS mount utility
ansible.builtin.apt:
update_cache: true
pkg: nfs-common
state: present
when: ansible_os_family == "Debian"
- name: Mount an NFS volume
ansible.posix.mount:
src: "{{ item.src }}"
path: "{{ item.path }}"
opts: "{{ item.opts | default(nfs_mount_opts) }}"
state: "{{ item.state | default( 'mounted' ) }}"
fstype: nfs
with_items: "{{ mounts }}"

View File

@ -0,0 +1,2 @@
---
# defaults file for common

View File

@ -0,0 +1,52 @@
galaxy_info:
author: Matthew McKinnon
description: Portainer CE
company: support@comprofix.com
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View File

@ -0,0 +1,29 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_folder }}/portainer"
- name: Create Portainer Container
docker_container:
name: portainer
image: portainer/portainer-ce:2.21.0
command: --admin-password "{{PORTAINER_ADMIN_PASSWORD}}"
restart_policy: unless-stopped
volumes:
- "{{ data_folder }}/portainer/data:/data"
- '/var/run/docker.sock:/var/run/docker.sock'
networks:
- name: proxy
labels:
traefik.enable: "true"
traefik.http.routers.portainer-secure.rule: "Host(`{{portainer_host}}`)"
traefik.http.routers.portainer-secure.entrypoints: "https"
traefik.http.routers.portainer-secure.tls: "true"
traefik.http.routers.portainer-secure.service: "portainer"
traefik.http.services.portainer.loadbalancer.server.port: "9443"
traefik.http.services.portainer.loadbalancer.server.scheme: "https"
register: container_portainer

View File

@ -0,0 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256
66663364383263343838636561393437373730633165306539633566356166313664656166633537
6333663336336463613565666465663430303665323766300a393063366230643139363061633636
65303631383230396461303836386335306261613664393762393266636437333634663464353137
6563366664663331380a346534323264633738663063356565643137323964663964656137633363
33333264383830666637376337633432353732353630333134353638653234333730636166356164
33363433343432623762393834336637626562613633393963323963623661643862636362313930
37346233373231663762346633323634666436323364653136656630636462333638316632626435
30336433353961333334386134383032356633643261656639623237386439653739363133633836
65333065336464386164363037363766353066396163386561323338326439376138316131306636
65376230383666393762393938313535386131313134613033393936633139363366373065623033
33353733613439383366393864623130396231323433393732653966653132313262346538646334
63303831333465613962653661656237326364396465366234383663333431366233363133623936
62663632356361323930326230326565366366663733633137633938643564373766

View File

@ -0,0 +1,2 @@
---
# defaults file for common

View File

@ -0,0 +1,52 @@
galaxy_info:
author: Matthew McKinnon
description: Traefik Proxy
company: support@comprofix.com
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View File

@ -0,0 +1,86 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_folder }}/traefik"
- "{{ data_folder }}/traefik/data"
- name: Create a network
docker_network:
name: proxy
register: network
- name: Copy Traefik config
template:
src: templates/traefik.yml.j2
dest: "{{ data_folder }}/traefik/data/traefik.yml"
mode: '0600'
- name: Check if {{ data_folder }}/traefik/data/acme.json exists
ansible.builtin.stat:
path: "{{ data_folder }}/traefik/data/acme.json"
register: file_status
- name: Creates {{ data_folder }}/traefik/data/acme.json if it doesn't exists
ansible.builtin.file:
path: "{{ data_folder }}/traefik/data/acme.json"
state: touch
owner: root
group: root
mode: '0600'
when: not file_status.stat.exists
- name: Check if {{ data_folder }}/traefik/data/traefik.json.log exists
ansible.builtin.stat:
path: "{{ data_folder }}/traefik/data/traefik.json.log"
register: file_status
- name: Creates {{ data_folder }}/traefik/data/traefik.json.log if it doesn't exists
ansible.builtin.file:
path: "{{ data_folder }}/traefik/data/traefik.json.log"
state: touch
owner: root
group: root
mode: '0600'
when: not file_status.stat.exists
- name: Create traefik Container
docker_container:
name: traefik
image: traefik:v3.1
restart_policy: unless-stopped
networks:
- name: "proxy"
ports:
- 80:80
- 443:443
env:
CF_API_EMAIL: "{{ CF_API_EMAIL }}"
CF_DNS_API_TOKEN: "{{CF_DNS_API_TOKEN}}"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- "{{ data_folder }}/traefik/data/traefik.yml:/traefik.yml:ro"
- "{{ data_folder }}/traefik/data/acme.json:/acme.json"
- "{{ data_folder }}/traefik/data/traefik.json.log:/traefik.json.log"
# - ./data/config.yml:/config.yml:ro
labels:
traefik.enable: "true"
traefik.http.routers.traefik.entrypoints: "http"
traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)"
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_user }}:{{ traefik_api_password | password_hash('blowfish','1234567890123456789012') }}"
traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https"
traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https"
traefik.http.routers.traefik.middlewares: "traefik-https-redirect"
traefik.http.routers.traefik-secure.entrypoints: "https"
traefik.http.routers.traefik-secure.rule: "Host(`{{traefik_host}}`)"
traefik.http.routers.traefik-secure.middlewares: "traefik-auth"
traefik.http.routers.traefik-secure.tls: "true"
traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare"
traefik.http.routers.traefik-secure.tls.domains[0].main: "comprofix.com"
traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.comprofix.com"
traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz"
traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz"
traefik.http.routers.traefik-secure.service: "api@internal"

View File

@ -0,0 +1,42 @@
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
log:
level: DEBUG
filePath: /traefik.json.log
format: json
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: {{ CF_API_EMAIL }}
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"

View File

@ -0,0 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256
65353236643865303034613264613133353338613962646164333936353761336231643332303164
3834613038663965376661373336646433353437373132300a353663633034643265653937396238
66326632323432646239663762626230326338666138653330323566633864623734396639323062
3735326666306239370a383439646335343965316464386265613437646163636335393139316232
61396631356263333933626334313438633132663764326539393663636631303538636131303830
31633037376231326436306463376134633031666431303133383237316530646261383733313132
62343261303266613764633861393939343937343038383231353137333337383936623338313561
64633330356639643863336437653137393364653833653934633762333461393035393963313432
39633563636164363461326231306237343265626533366562626136643561636464663866303434
64363663396334623738316238316135616162393566613631396163666134663765343230656135
35646364666531303361623833643136663832363737623161386562393234393533306636363265
37343438386439303931633434303939393062363138353732373163663761366337326437316537
6137

30
scripts/backupvpsdocker Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
#
#
# Backup vps02 docker data
#Stop all containers
docker stop $(docker ps -a -q)
date=$(date +%F)
cd /data
for dir in */; do
dir=${dir%*/}
backupfile="$dir-$date.tar.gz"
#echo "backup $dir"
tar -zcf /tmp/$backupfile $dir
if [ $dir == "vaultwarden" ]; then
#echo "rclone vaultwarden"
rclone copy /tmp/$backupfile BitwardenBackup:BitwardenBackup
else
#echo "scp $backupfile"
#scp /tmp/$backupfile mmckinnon@truenas.comprofix.xyz:/mnt/datapool/data/backup/docker/
fi
rm /tmp/$backupfile
done
#Start all containers
docker start $(docker ps -a -q)

176
scripts/rclone.conf Normal file
View File

@ -0,0 +1,176 @@
$ANSIBLE_VAULT;1.1;AES256
31393237373262646664663739633130643562326538336561353265633064383466363532366332
3966346334336430633238376438353961393936393037340a666263623538653061646366653831
65363535646434393035626435353630626133643634373961393063343361646561643233633733
3263323166336638380a626231353030393766376534333438643930313432383266323763633130
33633333616561316465666133626261363361333433343733653266633337663863383137376533
62363038363631626463303563643638623231306363386261646639316332613134383334383737
63356561303735656638306566323432626531393332643634626531336230666338363433363435
32313539326265643637656435613965626232333631343264343038393564663831343063646533
61333835306632666136313637306165316434376234316632626632653133326633363734663033
35396235646335653065313664383861323033306636636336376264326534353635396530313462
30386237636438663363653032623030666438336438346434656637336662633930316536613832
64323966656337666239616636333533366636383833356561643734613664303236333939663262
63643736626163363362343161613532343564323661366261313331303466343639343437386439
32616133316236363339333338336566366236333337623232366139353461353335383466316639
64626661613530626639323233383065353033316238346635393633336431656666336436356638
32336637356336666630323036326562353737316231386636666136616465353764313236643761
65373836313037363065346339333031626230306366353632653936326463366665363664643161
31623962383363663964326439396362643932633130313332633363666537363564333830613730
31633766613639356161386132313863633830363963393663663564343732633366386235393464
66643831643735353066626566356363643131376265346665623666366663343939636638383631
66616562323164646235616137646632373631343834353832333632366636646332393537643439
64326138343462343064303234646362633862383336306237643636623734363165616362313035
37346437353566646133316631363735346561326565623965373833376438646439376630363634
35333133643135333761646261646566626562623962636161616163316433613261386466613937
35613531356265636339366139663865643863383035303365373034633239386261306539343539
31633039363134363731616136343031363264323734623462383233613437656265666165616330
39383661653561366365383462363538386439646436313761666163646334623737326563653034
61636538643263366264343265353436346433643837623838666638343130663466656365663839
33376332626537623865316136363938396161643466356131643736646138383462373961616531
38376665386133373939396261336531333738646135326165363864663463356638633337363232
62303736316263613431646263306436393932353062393531383965353137393163663664396461
33636631623234383835343436313764663538306164386465356265396130343364343665376665
38316533333338613439356465366663616231396234663633623264373366313432396134653663
35353038626337346434326465343230653861323432653438623337653333393266613566326231
35653465333062383863376365353832633731323066646366386262396431656330663666333038
37663035613136393063373765373034376631613363643035666533323230303065333065656565
38613633353862376436393838326664303330306538313363623862316131393064316530383432
36653664613834336165653364643436643333316333306438643638643634363430633466373564
30633032356430383239623466393339616639623661333339313337613734363237643539303862
38323963383361623333336437333066366332643030623162653162303065313761666564366131
32393431383731393233333138363138396139633831306137613534326535656265353736636364
33643834353633343962386361303564393032303432626138626535623132333732623937366230
30666530636130643737363039376463643161373437303235616564363132393836306430396366
30363064316666626532323832343132313264653338653130643439656662633566363237303837
64663661646462303761636130666561333636393962333232666134386439303166396637666265
65313330373862363534373666393536333666643032306466626263646530353534316134363662
63383965393731313138643035633064366130326562663763383963303339383233336331626361
31366431336663356463306639613366396534626235326437383666643165333832333338386533
35643763643938346437353365393333336263623533623936366337333730653632373037636434
38323730336539303664386339356463616531376230383762666361663030653639343135326165
33323234353766303839323736646463313733636133656561373038656431356338626632643534
66616333646233656365346261633034383536393635613161373338343431383931353930343166
61316332663065366365306632353963393766333036663137303462613262396561613664633434
32376265306636323439333335316261626262636161646437316463333833343565663335383436
34366531383361383532343630613965386465316463396535396132356635346635643465613065
32333838303263323839633061373135303136343336323565326334343331333163393766643133
32393439636632356330643662376365333238316230633430653133323965393330643065363866
30643839373936316639373331363739356531333065303937646131663162343430346133633931
36386464376238643461373133646638373439313431643831313064653666613537393264306665
32653662303465303639323639636238633231306665396239376530326437383764386563633562
66616238616336633265656463653036363932323964623135643936663961386164303365363661
62303866643463613365333363613463623336306336306566383639363030343761316330353833
32303066643464616639313666386330663433633831366338326665613538336539373439656532
32356463363662666266663263333562363861626462666461343834383335333731336137303464
38376633643439666538636439326266646239343664666266356665653565656339353261623462
30336261653432376537356162613361636139366265343439353330653836336337646433316361
63363638653435373635633834353161326230626138666439643531333031663335663638653361
61633335396166336465623263343863373961643735623631383762613763656261383966323838
30623264366138343839363636663733613836313166646137656165323662356139363564663837
39656333346435633536383130383730313732653363666266303230363939653331653936356565
31366663653332303630346438646431633161636230326330363862336466383161353732636431
30666339383766626433633435643564323939366435363435636232343935373063316637316434
39383461376466373165613639343362393732316532336535633465616434326464306162303066
34666637356563393930326665616330643262633639663635626635313330336334633361393566
37646263323731353764366563393866373435343361653539376533363332393736326261326338
64303439356633343164633137373433363237663034383365653630393364383038313062316665
38653038316339303035396234626438383863656332316535633231393232633332323331626661
66666435653433623031393332613834613566643338646430393361636131333466356466663465
61376461363238366566373635623464366139356430336162636232343061643634643230343332
62363461393266666563326237326133616431393461353538366233386266303432663531373662
63303866333865656663623565653664643934623566396565326264663237393566643135316130
65386666343262373832663637346531663066363565396437373330373665376635653661616637
39383233623262393361313264316230626565326466306563613930616465623531373636343439
30643030616637313639306234643035326639643533613564303731373731646464323737356166
39393839653431343431373034653536633531643934353432653636393937346230303162646537
61623463343833613636316165633430613134663537333665303632613637326563373266383063
33366439303538613134633130343439373666363566333663346536623464653334323533343939
35316437653537396135326330653834613863356562323765346432343234636263376238356633
36393334303635626535636134333863363333656632373430343264373832636138663338643565
31323434346337653934666537303563306562666532376630643637626532613730643837303634
39393565613034336339386366636661313330396232303832316666353965336563373466613563
61633565653137386633343631653232373162346633366362373632623534616562343637653062
35396265323930323938656663633030623766366239306435633438663136333865643263303261
37313564383935653565633066313862633364323462373638613331386438383830656635316661
35386236356331376565616633356631626661366339393163343739373735633062323930326430
39643137383761623132323931303461366232323132323064386538373133613531393665353832
66303338626639353539323063666235353532333437373433376337363035623639316431616264
64343665306139666661623635396130373464646663393438366163613634336465396535373935
33376530633266386664316532623863366131623766643364663061333964373331363366383631
33313361646134363964366330356437386662323536306164663661346630376238333966346135
33653134643564623263626432356562653833363935613863343834306436323137356239376437
35626134646661633736666330663861396536326137376337346136366433323338373332623566
65373966326232656337653139333762643961313162356461623536366230363034613066336133
31613565383064306431333664396237373537646236636634373932326632346266373065356339
31353466626530623431653366636663353263336332663164636366643134346239653239626434
34373535316133366265333337663334646630383035653637663864663264306131343039663739
32343037383537356331306539313130303961656164373533663839646530356562303964313135
36626164333963313566633033393266363161353065343530303064646465616661313238663839
39346134343735323561396631333838626434376663393661373436363962373564633634346339
64356230623936356632313665633163343233366339626631396162343866636361373437336164
36353666623930666565363932386232643062333836636638633035353061383932613332386636
61396135623430323438633537346132363063326337653032353737356261616338363634663134
32306638643835333331613432353766313530643034396632353762316436623336363662386137
34353061666238613065323739656332313330323165373231383638306436383166393961633337
36643235376532306137653237386563653337356331326435346431316564353462623038383838
63636361383634313530666463653962303938356238393134326332623164663239316433313161
62383866383466343936373137306331666261303636316136346264303563653966356136383065
61636337353336326662643634323732646233613136643034336232333064306162346333666166
36633766313733653435386432353937393137306665633766306236633162326534303061323963
64386566626136336261363864663662373635346239366230616437633031633830633336313634
61613636663738623338656165646561353638626265623739373630393336616366613636396330
30643666326135343037303830613732643561313237393766353863666164656432666261626466
36663934653432386662383134636631643466323132356266383065316265303164353330623633
66623536383563323431613038613037306130343738393965616635613930636638306138393839
65653030656264323837383238303231346434646363363134633730663562313366623038393133
31303736376263656462643961666537303163666637613465626534623730323764353536306339
63316132613634316133386636373836636237383830616236326663323365323834376365383066
39356661366334393233303164666666656463373166393739636332616137393439656432663433
36356136653231363763336364303339613038653438386233383364623630656236333661643362
66333464306462353262373636323935653931663334643662303066383737323464376332326566
37336336623765356536326239316561343666316562376635623734633832626632323563346235
61393961343766663964326436663037613134643130666239303832313161326136326265643434
38326631623836663464663734656538653636333061383633386261386236633832303830663233
33623862663230666265316339633464626534363465643336646462326431393863656536613234
39626135623637343865303965303035356635336439353463323937623465303934393631363238
39333534306539303831393039623433336331636135356537353233333062666664623238326233
64386534666562306561376432343032313966343532646533386137623664333336346131626361
37363834643635343831646630346263653438623262333666316131636666366261303665636634
30343634346137323830333637613434343639623338383432303063316639636462626366643535
61643739386663643132313137633139373536313132356465373738613462363264663739356632
34663131353034626361633863613933336465633131386530336663666361393335633437666333
30303130623961376637326664393561363462303564633463333734336635653335336538303431
37373331353039613436616130316633393261346331396337343565323565356238303431653237
64366165383831376632366364616536326236626166633465616534613036633463663439303039
66313138346338353765633964346137333639613862613638626136306233343536643737343662
64323165333262623434643261646531396436333965383064313131303136663865316631316565
66626466616661383564653435356261646337366435353335383234623034653633623364373062
64313966323339663563373566363132656334636631623630623437326265393365656639386136
35383539623565346263393966323232633030366439646639613763313932313038616362643562
33663331336637383238313766336562613330363264666633376263383337333865363665326331
35363866636431313235373535396230393831383738353232346265316432653666383236303161
30643038616538343534323061353736653537346534643963313630636365333835356430643434
33633031623137326530663835356462316161656364326633383761323337353934306536643333
66346361363962366336613138633561636665653337373230613032383264306532373937383637
66306331306639613065353332336234616136616461663631346532363835353065666463333864
63366231323165623863633361386162373432303338366162356338306361326361393530646465
34356364323365376462346661313530306434343837373064323431663130343838396363333538
62373462396264363565616466633663373465626635613464626265386464396530303262306236
64373736656361376266383432376432333632663736376134393466636539383264373462643961
34343433633865656164636434363139316466376361306433663838613036653366613730396537
30323631366664623834633761643662626438303132633063646536666162383162643737323538
38623432366264626439383830646438336133656432613733656466333065616338303466386538
37333135346633383736373932383263356638393966356537326632323631393462356366653938
65363666353032626336666137653963653137643230313838653037393739356363326535373762
35316461633763663263626133383162396164393436363665313633663531393164663061313236
32306535383731326139343566356665376238356532313063303962393639366164373530396535
33316336363562316266353534393466653739373266313533323133313464626236336137636264
34393730373662316137633564663864626137303438333262366466396539356137383835346361
30616533626338333532383434633463653062326437353831376166383365393330646432636266
62656238663761316532313366346661376237666436346335656439396564363464323063353664
39303261346631356536643961666638353334303932303938383830616263633738653837643861
65336437326638353365323232666332333162663935306665636463623538346166653764626139
63653736363736623139366164623437623734343766666239316338663136623232383832623632
66306536363836663939386261383266303664616363346662643835356239666338386665613066
323839643933313039656433313432396532

119
tasks/base.yml Normal file
View File

@ -0,0 +1,119 @@
---
- name: Update cache
apt:
force_apt_get: yes
update_cache: yes
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Update all packages to their latest version
apt:
name: "*"
force_apt_get: yes
state: latest
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Upgrade all packages on servers
apt:
upgrade: dist
force_apt_get: yes
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Install required packages
package:
name: "{{ install_packages }}"
state: present
become: yes
tags:
- install_packages
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Remove /usr/lib/python3.11/EXTERNALLY-MANAGED
file:
path: /usr/lib/python3.11/EXTERNALLY-MANAGED
state: absent
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
# - name: Download Oh My Zsh installation script
# get_url:
# url: https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
# dest: /tmp/install_ohmyzsh.sh
# - name: Run Oh My Zsh installation script
# become: no
# command: sh /tmp/install_ohmyzsh.sh --unattended
# register: ohmyzsh_result
# failed_when: "'FAILED' in ohmyzsh_result.stderr"
# - name: Download zsh Dracula Theme
# become: no
# unarchive:
# src: https://github.com/dracula/zsh/archive/refs/heads/master.zip
# dest: "/tmp"
# remote_src: yes
# - name: Download moe theme for zsh
# become: no
# get_url:
# url: https://git.comprofix.com/mmckinnon/dotfiles/raw/branch/master/oh-my-zsh/moe.zsh-theme
# dest: "/home/{{ ansible_user }}/.oh-my-zsh/themes"
# force: true
# - name: Move zsh theme to correct folder
# become: no
# copy:
# src: /tmp/zsh-master/
# dest: /home/{{ ansible_user }}/.oh-my-zsh/themes
# remote_src: yes
# - name: Create vim config paths
# become: no
# file:
# path: "/home/{{ ansible_user }}/.vim/pack/themes/start/dracula"
# state: directory
# - name: Download vim Dracula Theme
# become: no
# unarchive:
# src: https://github.com/dracula/vim/archive/refs/heads/master.zip
# dest: "/tmp"
# remote_src: yes
# - name: Move vim theme to correct folder
# become: no
# copy:
# src: /tmp/vim-master/
# dest: /home/{{ ansible_user }}/.vim/pack/themes/start/dracula
# remote_src: yes
# - name: Get zsh config
# become: no
# get_url:
# url: https://git.comprofix.com/mmckinnon/dotfiles/raw/branch/master/zsh/zshrc
# dest: "/home/{{ ansible_user }}/.zshrc"
# force: true
# - name: Get vim config
# become: no
# get_url:
# url: https://git.comprofix.com/mmckinnon/dotfiles/raw/branch/master/vim/vimrc
# dest: "/home/{{ ansible_user }}/.vimrc"
# force: true
# - name: Set shell zsh
# user:
# name: "{{ ansible_user }}"
# shell: /bin/zsh
# - name: Set moe theme for zsh
# become: no
# ansible.builtin.lineinfile:
# path: "/home/{{ansible_user}}/.zshrc"
# regexp: '^ZSH_THEME="dracula"'
# line: 'ZSH_THEME="moe"'

29
tasks/dozzle.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/dozzle"
- "/mnt/nfs/docker/dozzle/config"
- name: Create the dozzle container
docker_container:
name: dozzle
image: amir20/dozzle:v8.4.1
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env:
DOZZLE_LEVEL: "trace"
DOZZLE_REMOTE_HOST: "tcp://omada.comprofix.xyz:2375,tcp://vps02.comprofix.com:2375"
labels:
traefik.enable: "true"
traefik.http.routers.dozzle.rule: "Host(`dozzle.comprofix.xyz`)"
traefik.http.routers.dozzle.entrypoints: "https"
traefik.http.routers.dozzle.tls: "true"
traefik.http.services.dozzle.loadbalancer.server.port: "8080"
traefik.http.services.dozzle.loadbalancer.server.scheme: "http"

137
tasks/gitea.yml Normal file
View File

@ -0,0 +1,137 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_folder }}/gitea"
- "{{ data_folder }}/gitea/data"
- "{{ data_folder }}/gitea/db"
- name: Create MySQL DB for Gitea
docker_container:
name: gitea_db
image: mysql:9
restart_policy: unless-stopped
networks:
- name: proxy
env:
MYSQL_ROOT_PASSWORD: "{{ gitea_db_root_password }}"
MYSQL_USER: "{{ gitea_db_user }}"
MYSQL_PASSWORD: "{{ gitea_db_password }}"
MYSQL_DATABASE: gitea
volumes:
- "{{ data_folder }}/gitea/db:/var/lib/mysql"
- name: Create the Gitea container
docker_container:
name: gitea
image: gitea/gitea:1.22
restart_policy: unless-stopped
recreate: true
# dns_servers:
# - 10.10.10.1
# - 127.0.0.11
networks:
- name: proxy
ports:
- "2222:22"
env:
PUID: "1001"
PGID: "1001"
TZ: "Australia/Brisbane"
volumes:
- "{{ data_folder }}/gitea/data:/data"
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
labels:
traefik.enable: "true"
traefik.http.routers.gitea.rule: "Host(`git.comprofix.com`)"
traefik.http.routers.gitea.entrypoints: "https"
traefik.http.routers.gitea.tls: "true"
traefik.http.routers.gitea.service: "gitea"
traefik.http.services.gitea.loadbalancer.server.port: "3000"
register: container_gitea
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_folder }}/gitea-runner"
- "{{ data_folder }}/gitea-runner/config"
- name: Check that config.yaml exists
stat:
path: "{{ data_folder }}/gitea-runner/config/config.yaml"
register: configyaml
- name: Create config.yaml file
file:
path: "{{ data_folder }}/gitea-runner/config/config.yaml"
state: touch
mode: '0600'
access_time: preserve
modification_time: preserve
when: configyaml.stat.exists == False
- name: Create the gitea-runner container
docker_container:
name: gitea-runner
image: gitea/act_runner:0.2.10
restart_policy: unless-stopped
recreate: true
# dns_servers:
# - 10.10.10.1
# - 127.0.0.11
volumes:
- "/etc/resolv.conf:/etc/resolv.conf:ro"
- /var/run/docker.sock:/var/run/docker.sock
- "{{ data_folder }}/gitea-runner/config/config.yaml:/config.yaml"
- "/etc/hosts:/etc/hosts:ro"
env:
CONFIG_FILE: "/config.yaml"
GITEA_INSTANCE_URL: "https://git.comprofix.com"
GITEA_RUNNER_REGISTRATION_TOKEN: "A01dvleL55F0o5OMJpa4UsE0gJ38ANKrAw5vKei3" #"{{ GITEA_RUNNER_TOKEN }}"
GITEA_RUNNER_NAME: "gitea-runner"
GITEA_RUNNER_LABELS: "alpine-latest:docker://alpine:latest,ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster"
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_folder }}/opengist"
- name: Create the opengist container
docker_container:
name: opengist
image: ghcr.io/thomiceli/opengist:1.7
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
# dns_servers:
# - 10.10.10.1
# - 127.0.0.11
volumes:
- "{{ data_folder }}/opengist:/opengist"
env:
OG_GITEA_CLIENT_KEY: "{{ OG_GITEA_KEY }}"
OG_GITEA_SECRET: "{{ OG_GITEA_SECRET }}"
# URL of the Gitea instance. Default: https://gitea.com/
OG_GITEA_URL: "https://git.comprofix.com"
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
labels:
traefik.enable: "true"
traefik.http.routers.opengist.rule: "Host(`gist.comprofix.com`)"
traefik.http.routers.opengist.entrypoints: "https"
traefik.http.routers.opengist.tls: "true"
traefik.http.routers.opengist.service: "opengist"
traefik.http.services.opengist.loadbalancer.server.port: "6157"
register: container

40
tasks/homepage.yml Normal file
View File

@ -0,0 +1,40 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_folder }}/homepage"
- "{{ data_folder }}/homepage/config"
- name: Get dashboard-icons
git:
repo: https://github.com/walkxcode/dashboard-icons.git
dest: /data/dashboard-icons
update: yes
- name: Create the homepage container
docker_container:
name: homepage
image: ghcr.io/gethomepage/homepage:v0.9.6
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
dns_servers:
- 10.10.10.1
env:
LOG_LEVEL: debug
volumes:
- "{{ data_folder }}/homepage/config:/app/config"
- "{{ data_folder }}/dashboard-icons:/app/public/icons"
- /var/run/docker.sock:/var/run/docker.sock
labels:
traefik.enable: "true"
traefik.http.routers.homepage.rule: "Host(`homepage.comprofix.xyz`)"
traefik.http.routers.homepage.entrypoints: "https"
traefik.http.routers.homepage.tls: "true"
traefik.http.routers.homepage.service: "homepage"
traefik.http.services.homepage.loadbalancer.server.port: "3000"
register: container_homepage

15
tasks/idrac.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: Create the Dell_R730xd Fan Contoller container
docker_container:
name: Dell_R730xd
image: tigerblue77/dell_idrac_fan_controller:latest@sha256:5184af88c6c03204611d40d4b1c6bc36202762592d16a97236bb4254951d23b0
restart_policy: unless-stopped
recreate: true
env:
IDRAC_HOST: "10.10.10.138"
IDRAC_USERNAME: "root"
IDRAC_PASSWORD: "calvin"
FAN_SPEED: "35"
CPU_TEMPERATURE_THRESHOLD: "80"
CHECK_INTERVAL: "60"
DISABLE_THIRD_PARTY_PCIE_CARD_DELL_DEFAULT_COOLING_RESPONSE: "true"

95
tasks/invoiceninja.yml Normal file
View File

@ -0,0 +1,95 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/invoiceninja/"
- "/mnt/nfs/docker/invoiceninja/config"
- "/mnt/nfs/docker/invoiceninja/db"
- name: "create stack.env"
copy:
dest: "/mnt/nfs/docker/invoiceninja/stack.env"
content: |
APP_NAME="Invoice Ninja"
APP_ENV=production
APP_KEY="{{ IN_APP_KEY }}"
APP_DEBUG=false
APP_URL="{{ IN_APP_URL }}"
REQUIRE_HTTPS=true
TRUSTED_PROXIES='*'
SESSION_ENCRYPT=false
SESSION_SECURE=false
DB_CONNECTION="mysql"
MULTI_DB_ENABLED=false
DB_HOST="{{MYSQL_HOST}}"
DB_DATABASE="{{IN_DB_DATABASE}}"
DB_USERNAME="{{IN_DB_USERNAME}}"
DB_PASSWORD="{{IN_DB_PASSWORD}}"
DB_PORT="3306"
DEMO_MODE=false
BROADCAST_DRIVER=log
LOG_CHANNEL=stack
CACHE_DRIVER=file
#QUEUE_CONNECTION=sync
QUEUE_CONNECTION=database
SESSION_DRIVER=file
SESSION_LIFETIME=120
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_MAILER="smtp"
MAIL_HOST="{{MAIL_HOST}}"
MAIL_PORT="{{MAIL_PORT}}"
MAIL_ENCRYPTION="tls"
MAIL_FROM_ADDRESS="{{MAIL_FROM}}"
MAIL_FROM_NAME="{{MAIL_FROM_NAME}}"
POSTMARK_API_TOKEN=
GOOGLE_MAPS_API_KEY=
ERROR_EMAIL=
NINJA_ENVIRONMENT="selfhost"
#options - snappdf / phantom / hosted_ninja
PDF_GENERATOR=hosted_ninja
PHANTOMJS_KEY='a-demo-key-with-low-quota-per-ip-address'
PHANTOMJS_SECRET=secret
UPDATE_SECRET=secret
SENTRY_LARAVEL_DSN=https://32f01ea994744fa08a0f688769cef78a@sentry.invoicing.co/
- name: Create the invoiceninja-app container
docker_container:
name: invoiceninja-app
image: invoiceninja/invoiceninja:5
env_file: /mnt/nfs/docker/invoiceninja/stack.env
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
volumes:
- /mnt/nfs/docker/invoiceninja/config/hosts:/etc/hosts
- /mnt/nfs/docker/invoiceninja/docker/app/public:/var/www/app/public
- /mnt/nfs/docker/invoiceninja/docker/app/storage:/var/www/app/storage
- name: Create the invoiceninja-nginx container
docker_container:
name: invoiceninja-nginx
image: nginx:1.27.1
env_file: /mnt/nfs/docker/invoiceninja/stack.env
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
volumes:
- /mnt/nfs/docker/invoiceninja/config/nginx/in-vhost.conf:/etc/nginx/conf.d/in-vhost.conf
- /mnt/nfs/docker/invoiceninja/docker/app/public:/var/www/app/public
- /mnt/nfs/docker/invoiceninja/docker/app/storage:/var/www/app/storage
labels:
traefik.enable: "true"
traefik.http.routers.invoiceninja.rule: "Host(`invoice.comprofix.com`)"
traefik.http.routers.invoiceninja.entrypoints: "https"
traefik.http.routers.invoiceninja.tls: "true"
traefik.http.services.invoiceninja.loadbalancer.server.port: "80"
traefik.http.services.invoiceninja.loadbalancer.server.scheme: "http"

29
tasks/jellyseerr.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/jellyseerr"
- "/mnt/nfs/docker/jellyseerr/config"
- name: Create the jellyseerr container
docker_container:
name: jellyseerr
image: fallenbagel/jellyseerr:1.9.2
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
volumes:
- /mnt/nfs/docker/jellyseerr/config:/app/config
labels:
traefik.enable: "true"
traefik.http.routers.jellyseerr.rule: "Host(`jellyseerr.comprofix.xyz`)"
traefik.http.routers.jellyseerr.entrypoints: "https"
traefik.http.routers.jellyseerr.tls: "true"
traefik.http.services.jellyseerr.loadbalancer.server.port: "5055"

36
tasks/lidarr.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Set Facts
set_fact:
container_name: 'lidarr'
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/lidarr"
- "/mnt/nfs/docker/lidarr/config"
- name: Create the lidarr container
docker_container:
name: lidarr
image: ghcr.io/linuxserver/lidarr:latest@sha256:a77af413426b8509fad2d02f5b89104a5766ee6ebb13497d73993e74f6cfa0a8
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
AUTO_UPDATE: "true" #optional
DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:lidarr"
volumes:
- /mnt/nfs/docker/lidarr/config:/config
- /mnt/nfs/data:/data
labels:
traefik.enable: "true"
traefik.http.routers.lidarr.rule: "Host(`lidarr.comprofix.xyz`)"
traefik.http.routers.lidarr.entrypoints: "https"
traefik.http.routers.lidarr.tls: "true"
traefik.http.services.lidarr.loadbalancer.server.port: "8686"

29
tasks/mariadb.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: Set Facts
set_fact:
container_name: 'mariadb'
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/mariadb"
- "/mnt/nfs/docker/mariadb/config"
- name: Create the mariadb container
docker_container:
name: "mariadb"
image: ghcr.io/linuxserver/mariadb:10.11.8
restart_policy: unless-stopped
recreate: true
ports:
- 3306:3306
env:
PUID: "0"
PGID: "0"
MYSQL_ROOT_PASSWORD: "{{MYSQL_ROOT_PASSWORD}}"
TZ: "Australia/Brisbane"
volumes:
- "/mnt/nfs/docker/mariadb/config:/config"

36
tasks/mealie.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/mealie"
- "/mnt/nfs/docker/mealie/config"
- name: Create the mealie container
docker_container:
name: mealie
image: ghcr.io/mealie-recipes/mealie:v1.12.0
restart_policy: unless-stopped
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
RECIPE_PUBLIC: "true"
RECIPE_SHOW_NUTRITION: "false"
RECIPE_SHOW_ASSETS: "true"
RECIPE_LANDSCAPE_VIEW: "true"
RECIPE_DISABLE_COMMENTS: "true"
RECIPE_DISABLE_AMOUNT: "true"
BASE_URL: "mealie.comprofix.xyz"
SMTP_HOST: "{{MAIL_HOST}}"
volumes:
- /mnt/nfs/docker/mealie/data/:/app/data
labels:
traefik.enable: "true"
traefik.http.routers.mealie.rule: "Host(`mealie.comprofix.xyz`)"
traefik.http.routers.mealie.entrypoints: "https"
traefik.http.routers.mealie.tls: "true"
traefik.http.services.mealie.loadbalancer.server.port: "9000"

61
tasks/osticket.yml Normal file
View File

@ -0,0 +1,61 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/osticket"
- "/mnt/nfs/docker/osticket/config"
- name: Create the osticket container
docker_container:
name: osticket
image: devinsolutions/osticket:1.17.5
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
SMTP_HOST: "{{MAIL_HOST}}"
MYSQL_HOST: "{{MYSQL_HOST}}"
MYSQL_DATABASE: "{{OST_DATABASE}}"
MYSQL_USER: "{{OST_DB_USER}}"
MYSQL_PASSWORD: "{{OST_DB_PASSWORD}}"
INSTALL_SECRET: "{{OST_SIRI}}"
labels:
traefik.enable: "true"
traefik.http.routers.osticket.rule: "Host(`helpdesk.comprofix.com`)"
traefik.http.routers.osticket.entrypoints: "https"
traefik.http.routers.osticket.tls: "true"
traefik.http.services.osticket.loadbalancer.server.port: "80"
traefik.http.services.osticket.loadbalancer.server.scheme: "http"
- name: Add tzdata to osTicket container
community.docker.docker_container_exec:
container: osticket
command: apk add tzdata
- name: Set container Timezone
community.docker.docker_container_exec:
container: osticket
command: "ln -s /usr/share/zoneinfo/Australia/Brisbane /etc/localtime"
- name: Set PHP Timezone
community.docker.docker_container_exec:
container: osticket
command: "sed -i 's|UTC|Australia/Brisbane|g' /usr/local/etc/php/conf.d/php-osticket.ini"
- name: Patch mysqli.php for timezone
community.docker.docker_container_exec:
container: osticket
command: "sed -i 's|system_time_zone|time_zone|g' /var/www/html/include/mysqli.php"
- name: Clear ost_sessions table
mysql_query:
login_host: "{{MYSQL_HOST}}"
login_user: "{{OST_DB_USER}}"
login_password: "{{OST_DB_PASSWORD}}"
login_db: "{{OST_DATABASE}}"
query:
- USE comprofix_ost;
- TRUNCATE TABLE ost_session;

22
tasks/postgres.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/postgres"
- "/mnt/nfs/docker/postgres/config"
- name: Create the postgres container
docker_container:
name: postgres
image: postgres:16-alpine
restart_policy: unless-stopped
recreate: true
ports:
- 5432:5432
env:
POSTGRES_PASSWORD: "{{POSTGRES_PASSWORD}}"
volumes:
- /mnt/nfs/docker/postgres/db-data:/var/lib/postgresql/data

31
tasks/prowlarr.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/prowlarr"
- "/mnt/nfs/docker/prowlarr/config"
- name: Create the prowlarr container
docker_container:
name: prowlarr
image: linuxserver/prowlarr:1.23.1
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
AUTO_UPDATE: "true" #optional
DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:prowlarr"
volumes:
- /mnt/nfs/docker/prowlarr/config:/config
labels:
traefik.enable: "true"
traefik.http.routers.prowlarr.rule: "Host(`prowlarr.comprofix.xyz`)"
traefik.http.routers.prowlarr.entrypoints: "https"
traefik.http.routers.prowlarr.tls: "true"
traefik.http.services.prowlarr.loadbalancer.server.port: "9696"

28
tasks/pykms.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/pykms"
- "/mnt/nfs/docker/pykms/config"
- name: Create the pykms container
docker_container:
name: pykms
image: ghcr.io/py-kms-organization/py-kms:latest
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy_network
ports:
- "1688:1688"
env:
IP: "0.0.0.0"
SQLITE: "true"
HWID: "RANDOM"
LOGLEVEL: "INFO"
volumes:
- /mnt/nfs/docker/pykms/db:/home/py-kms/db
- /etc/localtime:/etc/localtime:ro

31
tasks/radarr.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/radarr"
- "/mnt/nfs/docker/radarr/config"
- name: Create the radarr container
docker_container:
name: radarr
image: linuxserver/radarr:5.9.1
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:radarr"
volumes:
- /mnt/nfs/docker/radarr/config:/config
- /mnt/nfs/data:/data
labels:
traefik.enable: "true"
traefik.http.routers.radarr.rule: "Host(`radarr.comprofix.xyz`)"
traefik.http.routers.radarr.entrypoints: "https"
traefik.http.routers.radarr.tls: "true"
traefik.http.services.radarr.loadbalancer.server.port: "7878"

31
tasks/readarr.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/readarr"
- "/mnt/nfs/docker/readarr/config"
- name: Create the readarr container
docker_container:
name: readarr
image: ghcr.io/linuxserver/readarr:develop@sha256:dbca70a2dedff17b12698f55c02a49e3ec37e8ce884c5352b54264f9a3979aae
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:readarr"
volumes:
- /mnt/nfs/docker/readarr/config/:/config
- /mnt/nfs/data/:/data
labels:
traefik.enable: "true"
traefik.http.routers.readarr.rule: "Host(`readarr.comprofix.xyz`)"
traefik.http.routers.readarr.entrypoints: "https"
traefik.http.routers.readarr.tls: "true"
traefik.http.services.readarr.loadbalancer.server.port: "8787"

32
tasks/sabnzbd.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/sabnzbd"
- "/mnt/nfs/docker/sabnzbd/config"
- name: Create the sabnzbd container
docker_container:
name: sabnzbd
image: linuxserver/sabnzbd:4.3.3
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
HOSTNAME: "sabnzbd.comprofix.xyz"
DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:sabnzbd"
volumes:
- /mnt/nfs/docker/sabnzbd/config:/config
- /mnt/nfs/data:/data
labels:
traefik.enable: "true"
traefik.http.routers.sabnzbd.rule: "Host(`sabnzbd.comprofix.xyz`)"
traefik.http.routers.sabnzbd.entrypoints: "https"
traefik.http.routers.sabnzbd.tls: "true"
traefik.http.services.sabnzbd.loadbalancer.server.port: "8080"

31
tasks/sonarr.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/sonarr"
- "/mnt/nfs/docker/sonarr/config"
- name: Create the sonarr container
docker_container:
name: sonarr
image: linuxserver/sonarr:4.0.9
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:sonarr"
volumes:
- /mnt/nfs/docker/sonarr/config/:/config
- /mnt/nfs/data:/data
labels:
traefik.enable: "true"
traefik.http.routers.sonarr.rule: "Host(`sonarr.comprofix.xyz`)"
traefik.http.routers.sonarr.entrypoints: "https"
traefik.http.routers.sonarr.tls: "true"
traefik.http.services.sonarr.loadbalancer.server.port: "8989"

41
tasks/speedtest.yml Normal file
View File

@ -0,0 +1,41 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/mnt/nfs/docker/speedtest"
- "/mnt/nfs/docker/speedtest/config"
- name: Create the speedtest container
docker_container:
name: speedtest
image: lscr.io/linuxserver/speedtest-tracker:0.21.2
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
APP_KEY: "base64:ViJcK7rSIwGC+TAW7pRWnczB43zPPVHH2Hx80t7eVm0="
PUID: "1000"
PGID: "1000"
DB_CONNECTION: "mysql"
DB_HOST: "{{ MYSQL_HOST }}"
DB_PORT: "3306"
DB_DATABASE: "{{ST_DATABASE}}"
DB_USERNAME: "{{ST_DB_USERNAME}}"
DB_PASSWORD: "{{ST_DB_PASSWORD}}"
TZ: "Australia/Brisbane"
SPEEDTEST_SCHEDULE: "0 * * * *"
DISPLAY_TIMEZONE: "Australia/Brisbane"
volumes:
- /mnt/nfs/docker/speedtest/config:/config
- /mnt/nfs/docker/speedtest/web:/etc/ssl/web
labels:
traefik.enable: "true"
traefik.http.routers.speedtest.rule: "Host(`speedtest.comprofix.xyz`)"
traefik.http.routers.speedtest.entrypoints: "https"
traefik.http.routers.speedtest.tls: "true"
traefik.http.services.speedtest.loadbalancer.server.port: "80"
traefik.http.services.speedtest.loadbalancer.server.scheme: "http"

64
tasks/vaultwarden.yml Normal file
View File

@ -0,0 +1,64 @@
---
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_folder }}/vaultwarden"
- "{{ data_folder }}/vaultwarden/config"
- name: Create the vaultwarden container
docker_container:
name: vaultwarden
image: vaultwarden/server:1.32.0
restart_policy: unless-stopped
recreate: true
networks:
- name: proxy
env:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Brisbane"
volumes:
- "{{ data_folder }}/vaultwarden/data:/data"
labels:
traefik.enable: "true"
traefik.http.routers.vaultwarden.rule: "Host(`vault.comprofix.com`)"
traefik.http.routers.vaultwarden.entrypoints: "https"
traefik.http.routers.vaultwarden.tls: "true"
traefik.http.routers.vaultwarden.service: "vaultwarden"
traefik.http.services.vaultwarden.loadbalancer.server.port: "80"
register: container
- name: Create rclone config folder
file:
path: "/root/.config/rclone"
state: directory
- name: Copy rclone config
copy:
src: scripts/rclone.conf
dest: /root/.config/rclone/rclone.conf
decrypt: yes
mode: "0600"
- name: copy backup script
copy:
src: scripts/backupvpsdocker
dest: /usr/local/sbin/backupvpsdocker
mode: 0755
- name: Setup cron job for backup
cron:
name: backup backupvpsdocker
minute: 0
hour: 4
job: "/usr/local/sbin/backupvpsdocker >/dev/null 2>&1"

41
vault.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/bash
# If number of arguments is 0
if [ $# -eq 0 ]
then
echo "This script will encrypt of decrypt all files containing secrets."
echo "There are all files in vars as well as all secrets.yaml files under each service."
echo "Specify 'decrypt' or 'encrypt' as argument"
echo "If you put the vault password in a password file named .vault_password, the script will not ask for a password."
exit 1
fi
files=`find . \( -type d -name 'group_vars' -o -name 'vars' \) -exec find {} -type f \;`
# password_type=--ask-vault-password
# if [ -f "~/.vault_password.txt" ]
# then
# if [ `stat -c %a ~/.vault_password.txt` != "600" ]
# then
# echo "~/.vault_password.txt file has bad permissions; fixing this to 600"
# chmod 600 ~/.vault_password.txt
# fi
# password_type="--vault-password-file=~/.vault_password.txt"
# fi
if [ $1 == "encrypt" ]
then
ansible-vault encrypt --vault-password-file=~/.vault_password.txt $files
for value in $files; do
echo $value;
done
elif [ $1 == "decrypt" ]
then
ansible-vault decrypt --vault-password-file=~/.vault_password.txt $files
for value in $files; do
echo $value;
done
else
echo "Wrong argument supplied. Run without arguments to see allowed ones."
fi