Decom the K8s cluster, roll all its jobs into one singular machine

.gitlab-ci.yml

@@ -64,10 +64,10 @@ Test:
     - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
     - if [ -n "$error" ]; then echo "Return code $error"; false; fi
 
-Play_Against_PiK8S:
+Play_Against_Pis:
   stage: play
   script:
-    - ansible-playbook -l device_roles_pik8s-master,device_roles_pik8s-node,device_roles_pik8s-storage site.yml --vault-password-file /vaultpw || error="$?"
+    - ansible-playbook -l manufacturers_raspi site.yml --vault-password-file /vaultpw || error="$?"
     - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
     - if [ -n "$error" ]; then echo "Return code $error"; false; fi
 Play_Against_Desktops:

inventory/group_vars/all.yml

@@ -260,6 +260,29 @@ secret_snmp_rouser_privacy_passphrase: !vault |
           3764363538636232630a383730323433343239663461373030383132626532306130363965316661
           64353932376139613765303764313463353366663535653135393637633835353566
 
+# For home media stuff
+secret_transmission_user_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63386231316662313039646435323861343762386135616437613530653932363333353130333232
+          3161383737386631336362313139316433656337396538330a656663336338613533393032663433
+          33346663613731656236666561303530613961363733336261363130646639326361356134386332
+          6335336139346331300a643962653936323135666463343865393162346637616263373636383534
+          39663833613135383761643661373163383138316534333264633835613965616135
+secret_pia_user: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          38343633366234633430356364633634653433633963393332303439613966353438663066633465
+          3333333237306430346633336565613932396564353032660a373462333736343062626135316239
+          65306462643563323565386331373930326231353866626336643533663136353238626663373566
+          3763303637633838660a353362303966633931356538616636363438623165303536663535383764
+          6337
+secret_pia_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31333661636562386633396130383630383332303662613739393339373134326330373137656531
+          3934636662663265303137346163326461306461356138340a323662313130653539633338303035
+          62313265633338356436393033353438666634363536613266346139666364613238396338363731
+          6633666366353538300a613965633766653332613465326137396562313230343161346162343762
+          37643164663466343166346534303932613763643965623066353336363238643266
+
 # For Steam games
 steam_username: !vault |
           $ANSIBLE_VAULT;1.1;AES256

inventory/group_vars/device_roles_pik8s-master.yml

@@ -1,2 +0,0 @@
-# vim:ft=ansible
-kubernetes_role: master

inventory/group_vars/device_roles_pik8s-node.yml

@@ -1,2 +0,0 @@
-# vim:ft=ansible
-kubernetes_role: node

inventory/host_vars/pi-kub-node-1.desu.ltd.yml

@@ -1,3 +0,0 @@
-# vim:ft=ansible
-keepalived_state: MASTER
-keepalived_priority: 50

inventory/host_vars/pi-kub-node-2.desu.ltd.yml

@@ -1,2 +0,0 @@
-# vim:ft=ansible
-keepalived_priority: 49

inventory/host_vars/pi-kub-node-3.desu.ltd.yml

@@ -1,2 +0,0 @@
-# vim:ft=ansible
-keepalived_priority: 48

inventory/host_vars/pi-kub-node-4.desu.ltd.yml

@@ -1,2 +0,0 @@
-# vim:ft=ansible
-keepalived_priority: 47

inventory/host_vars/pi-kub-node-5.desu.ltd.yml

@@ -1,2 +0,0 @@
-# vim:ft=ansible
-keepalived_priority: 46

playbooks/device_roles_pik8s.yml

@@ -1,59 +0,0 @@
-#!/usr/bin/env ansible-playbook
-# vim:ft=ansible:
----
-# k8s
-- hosts: device_roles_pik8s-master,device_roles_pik8s-node
-  gather_facts: no
-  roles:
-    - role: k8s
-      tags: [ k8s, skip-pull ]
-    - role: backup
-      vars:
-        backup_s3backup_list_extra:
-          - /etc/kubernetes
-      tags: [ k8s, backup ]
-- hosts: device_roles_pik8s-master
-  gather_facts: no
-  tasks:
-    - name: install openshift
-      pip: name=openshift state=latest
-      tags: [ k8s, packages, pip ]
-- hosts: device_roles_pik8s-node
-  gather_facts: no
-  roles:
-    - role: keepalived
-      vars:
-        keepalived_stanzas:
-          - name: VI_1
-            state: "{{ keepalived_state | default('BACKUP') }}"
-            interface: eth0
-            virtual_router_id: 51
-            priority: "{{ keepalived_priority }}"
-            advert_int: 1
-            auth_pass: "{{ secret_keepalived_pass }}"
-            vip: "192.168.102.200/16"
-          - name: VI_2
-            state: "{{ keepalived_state | default('BACKUP') }}"
-            interface: eth0
-            virtual_router_id: 52
-            priority: "{{ keepalived_priority }}"
-            advert_int: 1
-            auth_pass: "{{ secret_keepalived_pass }}"
-            vip: "192.168.102.201/16"
-          - name: VI_3
-            state: "{{ keepalived_state | default('BACKUP') }}"
-            interface: eth0
-            virtual_router_id: 53
-            priority: "{{ keepalived_priority }}"
-            advert_int: 1
-            auth_pass: "{{ secret_keepalived_pass }}"
-            vip: "192.168.102.202/16"
-          - name: VI_4
-            state: "{{ keepalived_state | default('BACKUP') }}"
-            interface: eth0
-            virtual_router_id: 54
-            priority: "{{ keepalived_priority }}"
-            advert_int: 1
-            auth_pass: "{{ secret_keepalived_pass }}"
-            vip: "192.168.102.240/16"
-      tags: [ k8s, keepalived ]

playbooks/home_media.yml

@@ -1,19 +1,20 @@
 #!/usr/bin/env ansible-playbook
 # vim:ft=ansible:
 ---
-# Mass storage Pis
-- hosts: device_roles_pik8s-storage
+# Home media storage Pi
+- hosts: pi-media-1.desu.ltd
+  module_defaults:
+    docker_container:
+      state: started
+      restart_policy: unless-stopped
+      pull: yes
   tasks:
-    # The specific mount here is because each storage node as an M.2 SSD hooked up to it
-    # So we mount that and use the SD card for normal OS shenanigans
     - name: assure mount directory
       file: path=/data state=directory mode=0755
       tags: [ pis, storage ]
     - name: assure mount
       mount: path=/data src=LABEL=mass state=mounted fstype=ext4
       tags: [ pis, storage ]
-- hosts: pi-storage-1.desu.ltd
-  tasks:
     - name: assure directories in mount
       file: path=/data/{{ item }} state=directory mode=0755
       with_items:
@@ -26,15 +27,79 @@
         - { path: /var/lib/postgresql, src: postgresql }
         - { path: /srv/nfs, src: nfs }
       tags: [ pis, storage ]
+    - name: ensure docker network
+      docker_network: name=web
+      tags: [ docker ]
+    - name: ensure docker nginx config
+      copy:
+        dest: /data/nginx/conf.d/vhosts.conf
+        mode: "0644"
+        content: |
+          server {
+            listen 80 default_server;
+            server_name transmission.local.desu.ltd;
+            location / {
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_pass http://transmission:9091;
+            }
+          }
+          server {
+            listen 80;
+            server_name jackett.local.desu.ltd;
+            location / {
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_pass http://jackett:9117;
+            }
+          }
+          server {
+            listen 80;
+            server_name sonarr.local.desu.ltd;
+            location / {
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_pass http://sonarr:8989;
+            }
+          }
+          server {
+            listen 80;
+            server_name radarr.local.desu.ltd;
+            location / {
+              proxy_http_version 1.1;
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection $http_connection;
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_pass http://radarr:7878;
+            }
+          }
+      tags: [ docker, ingress ]
+    - name: include tasks for apps
+      include_tasks: tasks/app/{{ task }}
+      with_items:
+        - redis.yml
+      loop_control:
+        loop_var: task
+      tags: [ always ]
+    - name: include tasks for web services
+      include_tasks: tasks/web/{{ task }}
+      with_items:
+        - transmission.yml
+        - jackett.yml
+        - sonarr.yml
+        - radarr.yml
+        - ingress-insecure.yml
+      loop_control:
+        loop_var: task
+      tags: [ always ]
   roles:
     - role: backup
       vars:
         backup_s3backup_list_extra:
-          - /srv/nfs/k8s/default/web-9iron-pvc
-          - /srv/nfs/k8s/default/web-grafana-pvc
-          - /srv/nfs/k8s/default/web-jackett-config-pvc
-          - /srv/nfs/k8s/default/web-netbox-pvc
-          - /srv/nfs/k8s/default/web-transmission-config-pvc
+          - /data/transmisson
+          - /data/jackett
+          - /data/sonarr
         backup_time: "Mon *-*-* 02:00:00"
       tags: [ backup ]
     - role: postgresql

playbooks/tasks/web/ingress-insecure.yml

@@ -0,0 +1,13 @@
+# vim:ft=ansible:
+- name: docker deploy nginx proxy
+  docker_container:
+    name: ingress
+    image: nginx:latest
+    networks:
+      - name: web
+        aliases: [ "ingress" ]
+    ports:
+      - "80:80"
+    volumes:
+      - /data/nginx/conf.d:/etc/nginx/conf.d
+  tags: [ docker, ingress ]

playbooks/tasks/web/jackett.yml

@@ -0,0 +1,13 @@
+# vim:ft=ansible:
+- name: docker deploy jackett
+  docker_container:
+    name: jackett
+    image: linuxserver/jackett:latest
+    env:
+      AUTO_UPDATE: "false"
+    networks:
+      - name: web
+        aliases: [ "jackett" ]
+    volumes:
+      - /data/jackett/config:/config
+  tags: [ docker, jackett ]

playbooks/tasks/web/radarr.yml

@@ -0,0 +1,13 @@
+# vim:ft=ansible:
+- name: docker deploy radarr
+  docker_container:
+    name: radarr
+    image: linuxserver/radarr:latest
+    networks:
+      - name: web
+        aliases: [ "radarr" ]
+    volumes:
+      - /data/radarr/config:/config
+      - /data/shared/downloads:/data
+      - /data/shared/media:/tv
+  tags: [ docker, radarr ]

playbooks/tasks/web/sonarr.yml

@@ -0,0 +1,13 @@
+# vim:ft=ansible:
+- name: docker deploy sonarr
+  docker_container:
+    name: sonarr
+    image: linuxserver/sonarr:latest
+    networks:
+      - name: web
+        aliases: [ "sonarr" ]
+    volumes:
+      - /data/sonarr/config:/config
+      - /data/shared/downloads:/data
+      - /data/shared/media:/tv
+  tags: [ docker, sonarr ]

playbooks/tasks/web/transmission.yml

@@ -0,0 +1,26 @@
+# vim:ft=ansible:
+- name: docker deploy transmission
+  docker_container:
+    name: transmission
+    image: haugene/transmission-openvpn:latest
+    env:
+      USER: transmission
+      PASS: "{{ secret_transmission_user_pass }}"
+      OPENVPN_PROVIDER: PIA
+      OPENVPN_CONFIG: france
+      OPENVPN_USERNAME: "{{ secret_pia_user }}"
+      OPENVPN_PASSWORD: "{{ secret_pia_pass }}"
+      LOCAL_NETWORK: 192.168.0.0/16
+    capabilities:
+      - NET_ADMIN
+    ports:
+      - 51413:51413/tcp
+      - 51413:51413/udp
+    networks:
+      - name: web
+        aliases: [ "transmission" ]
+    volumes:
+      - /data/transmission/config:/config
+      - /data/shared/downloads:/data
+      - /data/transmission/watch:/watch
+  tags: [ docker, transmission ]

site.yml

@@ -10,10 +10,8 @@
 - import_playbook: playbooks/tags_zerotier.yml
 - import_playbook: playbooks/tags_snmp.yml
 - import_playbook: playbooks/tags_nagios.yml
-  # Device roles
-- import_playbook: playbooks/device_roles_pik8s-storage.yml
-- import_playbook: playbooks/device_roles_pik8s.yml
-- import_playbook: playbooks/device_roles_workstation.yml
+  # Home configuration
+- import_playbook: playbooks/home_media.yml
   # Production configuration
 - import_playbook: playbooks/prod_db.yml
 - import_playbook: playbooks/prod_web.yml