diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e90b94f..cafa319 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -64,10 +64,10 @@ Test: - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi -Play_Against_PiK8S: +Play_Against_Pis: stage: play script: - - ansible-playbook -l device_roles_pik8s-master,device_roles_pik8s-node,device_roles_pik8s-storage site.yml --vault-password-file /vaultpw || error="$?" + - ansible-playbook -l manufacturers_raspi site.yml --vault-password-file /vaultpw || error="$?" - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi Play_Against_Desktops: diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index d4666fb..d9a12be 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -260,6 +260,29 @@ secret_snmp_rouser_privacy_passphrase: !vault | 3764363538636232630a383730323433343239663461373030383132626532306130363965316661 64353932376139613765303764313463353366663535653135393637633835353566 +# For home media stuff +secret_transmission_user_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63386231316662313039646435323861343762386135616437613530653932363333353130333232 + 3161383737386631336362313139316433656337396538330a656663336338613533393032663433 + 33346663613731656236666561303530613961363733336261363130646639326361356134386332 + 6335336139346331300a643962653936323135666463343865393162346637616263373636383534 + 39663833613135383761643661373163383138316534333264633835613965616135 +secret_pia_user: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38343633366234633430356364633634653433633963393332303439613966353438663066633465 + 3333333237306430346633336565613932396564353032660a373462333736343062626135316239 + 65306462643563323565386331373930326231353866626336643533663136353238626663373566 + 3763303637633838660a353362303966633931356538616636363438623165303536663535383764 + 6337 +secret_pia_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31333661636562386633396130383630383332303662613739393339373134326330373137656531 + 3934636662663265303137346163326461306461356138340a323662313130653539633338303035 + 62313265633338356436393033353438666634363536613266346139666364613238396338363731 + 6633666366353538300a613965633766653332613465326137396562313230343161346162343762 + 37643164663466343166346534303932613763643965623066353336363238643266 + # For Steam games steam_username: !vault | $ANSIBLE_VAULT;1.1;AES256 diff --git a/inventory/group_vars/device_roles_pik8s-master.yml b/inventory/group_vars/device_roles_pik8s-master.yml deleted file mode 100644 index 6dfdf51..0000000 --- a/inventory/group_vars/device_roles_pik8s-master.yml +++ /dev/null @@ -1,2 +0,0 @@ -# vim:ft=ansible -kubernetes_role: master diff --git a/inventory/group_vars/device_roles_pik8s-node.yml b/inventory/group_vars/device_roles_pik8s-node.yml deleted file mode 100644 index 2b64d85..0000000 --- a/inventory/group_vars/device_roles_pik8s-node.yml +++ /dev/null @@ -1,2 +0,0 @@ -# vim:ft=ansible -kubernetes_role: node diff --git a/inventory/host_vars/pi-kub-node-1.desu.ltd.yml b/inventory/host_vars/pi-kub-node-1.desu.ltd.yml deleted file mode 100644 index 6768e90..0000000 --- a/inventory/host_vars/pi-kub-node-1.desu.ltd.yml +++ /dev/null @@ -1,3 +0,0 @@ -# vim:ft=ansible -keepalived_state: MASTER -keepalived_priority: 50 diff --git a/inventory/host_vars/pi-kub-node-2.desu.ltd.yml b/inventory/host_vars/pi-kub-node-2.desu.ltd.yml deleted file mode 100644 index dae6e85..0000000 --- a/inventory/host_vars/pi-kub-node-2.desu.ltd.yml +++ /dev/null @@ -1,2 +0,0 @@ -# vim:ft=ansible -keepalived_priority: 49 diff --git a/inventory/host_vars/pi-kub-node-3.desu.ltd.yml b/inventory/host_vars/pi-kub-node-3.desu.ltd.yml deleted file mode 100644 index 5a2364a..0000000 --- a/inventory/host_vars/pi-kub-node-3.desu.ltd.yml +++ /dev/null @@ -1,2 +0,0 @@ -# vim:ft=ansible -keepalived_priority: 48 diff --git a/inventory/host_vars/pi-kub-node-4.desu.ltd.yml b/inventory/host_vars/pi-kub-node-4.desu.ltd.yml deleted file mode 100644 index 9ca48e8..0000000 --- a/inventory/host_vars/pi-kub-node-4.desu.ltd.yml +++ /dev/null @@ -1,2 +0,0 @@ -# vim:ft=ansible -keepalived_priority: 47 diff --git a/inventory/host_vars/pi-kub-node-5.desu.ltd.yml b/inventory/host_vars/pi-kub-node-5.desu.ltd.yml deleted file mode 100644 index 4044c65..0000000 --- a/inventory/host_vars/pi-kub-node-5.desu.ltd.yml +++ /dev/null @@ -1,2 +0,0 @@ -# vim:ft=ansible -keepalived_priority: 46 diff --git a/playbooks/device_roles_pik8s.yml b/playbooks/device_roles_pik8s.yml deleted file mode 100755 index 0b5398e..0000000 --- a/playbooks/device_roles_pik8s.yml +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: ---- -# k8s -- hosts: device_roles_pik8s-master,device_roles_pik8s-node - gather_facts: no - roles: - - role: k8s - tags: [ k8s, skip-pull ] - - role: backup - vars: - backup_s3backup_list_extra: - - /etc/kubernetes - tags: [ k8s, backup ] -- hosts: device_roles_pik8s-master - gather_facts: no - tasks: - - name: install openshift - pip: name=openshift state=latest - tags: [ k8s, packages, pip ] -- hosts: device_roles_pik8s-node - gather_facts: no - roles: - - role: keepalived - vars: - keepalived_stanzas: - - name: VI_1 - state: "{{ keepalived_state | default('BACKUP') }}" - interface: eth0 - virtual_router_id: 51 - priority: "{{ keepalived_priority }}" - advert_int: 1 - auth_pass: "{{ secret_keepalived_pass }}" - vip: "192.168.102.200/16" - - name: VI_2 - state: "{{ keepalived_state | default('BACKUP') }}" - interface: eth0 - virtual_router_id: 52 - priority: "{{ keepalived_priority }}" - advert_int: 1 - auth_pass: "{{ secret_keepalived_pass }}" - vip: "192.168.102.201/16" - - name: VI_3 - state: "{{ keepalived_state | default('BACKUP') }}" - interface: eth0 - virtual_router_id: 53 - priority: "{{ keepalived_priority }}" - advert_int: 1 - auth_pass: "{{ secret_keepalived_pass }}" - vip: "192.168.102.202/16" - - name: VI_4 - state: "{{ keepalived_state | default('BACKUP') }}" - interface: eth0 - virtual_router_id: 54 - priority: "{{ keepalived_priority }}" - advert_int: 1 - auth_pass: "{{ secret_keepalived_pass }}" - vip: "192.168.102.240/16" - tags: [ k8s, keepalived ] diff --git a/playbooks/device_roles_pik8s-storage.yml b/playbooks/home_media.yml similarity index 55% rename from playbooks/device_roles_pik8s-storage.yml rename to playbooks/home_media.yml index e8da06b..228a321 100755 --- a/playbooks/device_roles_pik8s-storage.yml +++ b/playbooks/home_media.yml @@ -1,19 +1,20 @@ #!/usr/bin/env ansible-playbook # vim:ft=ansible: --- -# Mass storage Pis -- hosts: device_roles_pik8s-storage +# Home media storage Pi +- hosts: pi-media-1.desu.ltd + module_defaults: + docker_container: + state: started + restart_policy: unless-stopped + pull: yes tasks: - # The specific mount here is because each storage node as an M.2 SSD hooked up to it - # So we mount that and use the SD card for normal OS shenanigans - name: assure mount directory file: path=/data state=directory mode=0755 tags: [ pis, storage ] - name: assure mount mount: path=/data src=LABEL=mass state=mounted fstype=ext4 tags: [ pis, storage ] -- hosts: pi-storage-1.desu.ltd - tasks: - name: assure directories in mount file: path=/data/{{ item }} state=directory mode=0755 with_items: @@ -26,15 +27,79 @@ - { path: /var/lib/postgresql, src: postgresql } - { path: /srv/nfs, src: nfs } tags: [ pis, storage ] + - name: ensure docker network + docker_network: name=web + tags: [ docker ] + - name: ensure docker nginx config + copy: + dest: /data/nginx/conf.d/vhosts.conf + mode: "0644" + content: | + server { + listen 80 default_server; + server_name transmission.local.desu.ltd; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://transmission:9091; + } + } + server { + listen 80; + server_name jackett.local.desu.ltd; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://jackett:9117; + } + } + server { + listen 80; + server_name sonarr.local.desu.ltd; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://sonarr:8989; + } + } + server { + listen 80; + server_name radarr.local.desu.ltd; + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://radarr:7878; + } + } + tags: [ docker, ingress ] + - name: include tasks for apps + include_tasks: tasks/app/{{ task }} + with_items: + - redis.yml + loop_control: + loop_var: task + tags: [ always ] + - name: include tasks for web services + include_tasks: tasks/web/{{ task }} + with_items: + - transmission.yml + - jackett.yml + - sonarr.yml + - radarr.yml + - ingress-insecure.yml + loop_control: + loop_var: task + tags: [ always ] roles: - role: backup vars: backup_s3backup_list_extra: - - /srv/nfs/k8s/default/web-9iron-pvc - - /srv/nfs/k8s/default/web-grafana-pvc - - /srv/nfs/k8s/default/web-jackett-config-pvc - - /srv/nfs/k8s/default/web-netbox-pvc - - /srv/nfs/k8s/default/web-transmission-config-pvc + - /data/transmisson + - /data/jackett + - /data/sonarr backup_time: "Mon *-*-* 02:00:00" tags: [ backup ] - role: postgresql diff --git a/playbooks/tasks/web/ingress-insecure.yml b/playbooks/tasks/web/ingress-insecure.yml new file mode 100644 index 0000000..d2bc8ae --- /dev/null +++ b/playbooks/tasks/web/ingress-insecure.yml @@ -0,0 +1,13 @@ +# vim:ft=ansible: +- name: docker deploy nginx proxy + docker_container: + name: ingress + image: nginx:latest + networks: + - name: web + aliases: [ "ingress" ] + ports: + - "80:80" + volumes: + - /data/nginx/conf.d:/etc/nginx/conf.d + tags: [ docker, ingress ] diff --git a/playbooks/tasks/web/jackett.yml b/playbooks/tasks/web/jackett.yml new file mode 100644 index 0000000..8352ff4 --- /dev/null +++ b/playbooks/tasks/web/jackett.yml @@ -0,0 +1,13 @@ +# vim:ft=ansible: +- name: docker deploy jackett + docker_container: + name: jackett + image: linuxserver/jackett:latest + env: + AUTO_UPDATE: "false" + networks: + - name: web + aliases: [ "jackett" ] + volumes: + - /data/jackett/config:/config + tags: [ docker, jackett ] diff --git a/playbooks/tasks/web/radarr.yml b/playbooks/tasks/web/radarr.yml new file mode 100644 index 0000000..9139bd9 --- /dev/null +++ b/playbooks/tasks/web/radarr.yml @@ -0,0 +1,13 @@ +# vim:ft=ansible: +- name: docker deploy radarr + docker_container: + name: radarr + image: linuxserver/radarr:latest + networks: + - name: web + aliases: [ "radarr" ] + volumes: + - /data/radarr/config:/config + - /data/shared/downloads:/data + - /data/shared/media:/tv + tags: [ docker, radarr ] diff --git a/playbooks/tasks/web/sonarr.yml b/playbooks/tasks/web/sonarr.yml new file mode 100644 index 0000000..207ece3 --- /dev/null +++ b/playbooks/tasks/web/sonarr.yml @@ -0,0 +1,13 @@ +# vim:ft=ansible: +- name: docker deploy sonarr + docker_container: + name: sonarr + image: linuxserver/sonarr:latest + networks: + - name: web + aliases: [ "sonarr" ] + volumes: + - /data/sonarr/config:/config + - /data/shared/downloads:/data + - /data/shared/media:/tv + tags: [ docker, sonarr ] diff --git a/playbooks/tasks/web/transmission.yml b/playbooks/tasks/web/transmission.yml new file mode 100644 index 0000000..4c6eb60 --- /dev/null +++ b/playbooks/tasks/web/transmission.yml @@ -0,0 +1,26 @@ +# vim:ft=ansible: +- name: docker deploy transmission + docker_container: + name: transmission + image: haugene/transmission-openvpn:latest + env: + USER: transmission + PASS: "{{ secret_transmission_user_pass }}" + OPENVPN_PROVIDER: PIA + OPENVPN_CONFIG: france + OPENVPN_USERNAME: "{{ secret_pia_user }}" + OPENVPN_PASSWORD: "{{ secret_pia_pass }}" + LOCAL_NETWORK: 192.168.0.0/16 + capabilities: + - NET_ADMIN + ports: + - 51413:51413/tcp + - 51413:51413/udp + networks: + - name: web + aliases: [ "transmission" ] + volumes: + - /data/transmission/config:/config + - /data/shared/downloads:/data + - /data/transmission/watch:/watch + tags: [ docker, transmission ] diff --git a/site.yml b/site.yml index a6775bc..75f04f4 100755 --- a/site.yml +++ b/site.yml @@ -10,10 +10,8 @@ - import_playbook: playbooks/tags_zerotier.yml - import_playbook: playbooks/tags_snmp.yml - import_playbook: playbooks/tags_nagios.yml - # Device roles -- import_playbook: playbooks/device_roles_pik8s-storage.yml -- import_playbook: playbooks/device_roles_pik8s.yml -- import_playbook: playbooks/device_roles_workstation.yml + # Home configuration +- import_playbook: playbooks/home_media.yml # Production configuration - import_playbook: playbooks/prod_db.yml - import_playbook: playbooks/prod_web.yml