Add configuration for Home Assistant

Whups

inventory/group_vars/manufacturers_raspi.yml

@@ -1,5 +1,8 @@
 # vim:ft=ansible:
 
+# Docker settings
+docker_apt_arch: arm64
+
 # DB secrets
 secret_gulagbot_local_db_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256

playbooks/home_automation.yml

@@ -0,0 +1,42 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+# Home media storage Pi
+- hosts: pi-homeauto-1.desu.ltd
+  module_defaults:
+    docker_container:
+      state: started
+      restart_policy: unless-stopped
+      pull: yes
+  pre_tasks:
+    - name: ensure docker network
+      docker_network: name=web
+      tags: [ docker ]
+  tasks:
+    - name: include tasks for apps
+      include_tasks: tasks/app/{{ task }}
+      with_items:
+        - homeassistant.yml
+      loop_control:
+        loop_var: task
+      tags: [ always ]
+  roles:
+    - role: backup
+      vars:
+        backup_s3backup_list_extra:
+          - /data
+        backup_time: "Sun *-*-* 02:00:00"
+      tags: [ backup ]
+    - role: ingress
+      vars:
+        ingress_container_image: "nginx:latest"
+        ingress_container_ports:
+          - 80:80
+        ingress_container_config_mount: /etc/nginx/conf.d
+        ingress_container_persist_dir: /data/nginx
+        ingress_listen_args: 80
+        ingress_listen_tls: no
+        ingress_servers:
+          - name: homeauto.local.desu.ltd
+            proxy_pass: http://localhost:8123
+      tags: [ ingress ]

playbooks/home_media.yml

@@ -30,51 +30,6 @@
     - name: ensure docker network
       docker_network: name=web
       tags: [ docker ]
-    - name: ensure docker nginx config
-      copy:
-        dest: /data/nginx/conf.d/vhosts.conf
-        mode: "0644"
-        content: |
-          server {
-            listen 80 default_server;
-            server_name transmission.local.desu.ltd;
-            location / {
-              proxy_set_header Host $host;
-              proxy_set_header X-Real-IP $remote_addr;
-              proxy_pass http://transmission:9091;
-            }
-          }
-          server {
-            listen 80;
-            server_name jackett.local.desu.ltd;
-            location / {
-              proxy_set_header Host $host;
-              proxy_set_header X-Real-IP $remote_addr;
-              proxy_pass http://jackett:9117;
-            }
-          }
-          server {
-            listen 80;
-            server_name sonarr.local.desu.ltd;
-            location / {
-              proxy_set_header Host $host;
-              proxy_set_header X-Real-IP $remote_addr;
-              proxy_pass http://sonarr:8989;
-            }
-          }
-          server {
-            listen 80;
-            server_name radarr.local.desu.ltd;
-            location / {
-              proxy_http_version 1.1;
-              proxy_set_header Upgrade $http_upgrade;
-              proxy_set_header Connection $http_connection;
-              proxy_set_header Host $host;
-              proxy_set_header X-Real-IP $remote_addr;
-              proxy_pass http://radarr:7878;
-            }
-          }
-      tags: [ docker, ingress ]
     - name: include tasks for apps
       include_tasks: tasks/app/{{ task }}
       with_items:
@@ -89,7 +44,6 @@
         - jackett.yml
         - sonarr.yml
         - radarr.yml
-        - ingress-insecure.yml
       loop_control:
         loop_var: task
       tags: [ always ]
@@ -102,6 +56,25 @@
           - /data/sonarr
         backup_time: "Mon *-*-* 02:00:00"
       tags: [ backup ]
+    - role: ingress
+      vars:
+        ingress_container_image: "nginx:latest"
+        ingress_container_ports:
+          - 80:80
+        ingress_container_config_mount: /etc/nginx/conf.d
+        ingress_container_persist_dir: /data/nginx
+        ingress_listen_args: 80
+        ingress_listen_tls: no
+        ingress_servers:
+          - name: transmission.local.desu.ltd
+            proxy_pass: http://transmission:9091
+          - name: jackett.local.desu.ltd
+            proxy_pass: http://jackett:9117
+          - name: sonarr.local.desu.ltd
+            proxy_pass: http://sonarr:8989
+          - name: radarr.local.desu.ltd
+            proxy_pass: http://radarr:7878
+      tags: [ ingress ]
     - role: geerlingguy.postgresql
       vars:
         postgresql_global_config_options:

playbooks/tasks/app/homeassistant.yml

@@ -0,0 +1,12 @@
+# vim:ft=ansible:
+- name: docker deploy homeassistant
+  docker_container:
+    name: homeassistant
+    image: "ghcr.io/home-assistant/raspberrypi4-homeassistant:stable"
+    privileged: yes
+    network_mode: host
+    volumes:
+      - /dev/ttyACM0:/dev/ttyACM0
+      - /etc/localtime:/etc/localtime:ro
+      - /data/homeassistant/config:/config
+  tags: [ docker, homeassistant ]

roles/ingress/defaults/main.yml

@@ -10,6 +10,7 @@ ingress_container_ports:
   - 80:80
   - 443:443
 ingress_container_persist_dir: "/data/nginx-certbot"
+ingress_container_config_mount: "/etc/nginx/user_conf.d"
 ingress_container_timezone: America/Chicago
 
 # Network configuration

roles/ingress/tasks/main.yml

@@ -19,4 +19,4 @@
     ports: "{{ ingress_container_ports }}"
     volumes:
       - "{{ ingress_container_persist_dir }}/letsencrypt:/etc/letsencrypt"
-      - "{{ ingress_container_persist_dir }}/user_conf.d:/etc/nginx/user_conf.d:ro"
+      - "{{ ingress_container_persist_dir }}/user_conf.d:{{ ingress_container_config_mount }}:ro"

site.yml

@@ -15,6 +15,7 @@
 - import_playbook: playbooks/device_roles_workstation.yml
   # Home configuration
 - import_playbook: playbooks/home_media.yml
+- import_playbook: playbooks/home_automation.yml
   # Production configuration
 - import_playbook: playbooks/prod_db.yml
 - import_playbook: playbooks/prod_web.yml