#!/usr/bin/env ansible-playbook # vim:ft=ansible: # Webservers --- - hosts: pi-octoprint-1.home.mgmt.desu.ltd gather_facts: no module_defaults: docker_container: state: started restart_policy: unless-stopped pull: yes tasks: - name: include tasks for applications include_tasks: tasks/{{ item }} with_items: - app/octoprint.yml tags: [ always ] roles: - role: backup vars: backup_s3backup_list_extra: - /data tags: [ backup ] - hosts: vm-bot-1.home.mgmt.desu.ltd gather_facts: no module_defaults: docker_container: state: started restart_policy: unless-stopped pull: yes tasks: - name: include tasks for applications include_tasks: tasks/{{ item }} with_items: - app/gulagbot.yml - app/ddclient.yml - app/ddns-route53.yml tags: [ always ] roles: - role: backup vars: backup_s3backup_list_extra: - /data tags: [ backup ] - hosts: vm-scan-1.home.mgmt.desu.ltd gather_facts: no module_defaults: docker_container: state: started restart_policy: unless-stopped pull: yes pre_tasks: - name: ensure docker network docker_network: name=web tags: [ docker ] tasks: - name: include tasks for applications include_tasks: tasks/{{ item }} with_items: - app/gvm.yml tags: [ always ] roles: - role: backup vars: backup_s3backup_list_extra: - /data tags: [ backup ] - hosts: vm-syncthing-1.home.mgmt.desu.ltd gather_facts: no module_defaults: docker_container: state: started restart_policy: unless-stopped pull: yes pre_tasks: - name: ensure docker network docker_network: name=web tags: [ docker ] tasks: - name: assure nfs mount directory ansible.builtin.file: path=/data/syncthing/data state=directory mode=0755 tags: [ storage ] - name: assure nfs mount mount: path=/data/syncthing/data src=192.168.190.1:/nfs/syncthing fstype=nfs4 opts="rsize=10248576,wsize=1048576,soft,timeo=600,retrans=2,_netdev" state=mounted tags: [ storage ] - name: include tasks for applications include_tasks: tasks/{{ item }} with_items: - app/syncthing.yml tags: [ always ] - name: assure movement cronjobs ansible.builtin.cron: name: "{{ item.name }}" minute: 0 hour: 5 job: "rsync -avHS --remove-source-files '/data/syncthing/data/{{ item.src }}/' '/data/syncthing/data/{{ item.dest }}/' && rmdir '/data/syncthing/data/{{ item.src }}' " with_items: # This works around a bug in my Android app lol - name: husky workaround src: Pictures/Husky dest: Pictures/Unsorted/Husky - name: husky test workaround src: Pictures/Husky Test dest: Pictures/Unsorted/Husky - name: move messaging to unsorted src: Pictures/Messaging dest: Pictures/Unsorted/Messaging - name: move discord to unsorted src: Pictures/Discord dest: Pictures/Unsorted/Discord - name: move camera roll to unsorted src: Pictures/Camera Roll dest: Pictures/Unsorted/Camera Roll - name: move cp2077 to screenshots src: Pictures/Cyberpunk 2077 dest: Pictures/Screenshots/Vidya/Cyberpunk 2077 tags: [ cron ] - name: assure zone identifier cleanup cronjob ansible.builtin.cron: name: cleanup zone.identtifier minute: 0 hour: 3 job: 'find /data/syncthing/data/ -type f -iname "*:Zone.Identifier" -delete' tags: [ cron ] - name: assure filename sanitize cronjobs ansible.builtin.cron: name: "sanitize {{ item }}" minute: 0 hour: 4 job: 'find /data/syncthing/data/ -type f -iname "*{{ item }}" | while read line; do mv "$line" "${line%{{ item }}}"; done' with_items: - ?name=orig.png - ?name=orig.jpeg tags: [ cron ] roles: - role: backup vars: backup_s3backup_list_extra: - /data/syncthing/config tags: [ backup ] - role: ingress vars: ingress_container_image: "nginx:latest" ingress_container_ports: - 80:80 ingress_container_config_mount: /etc/nginx/conf.d ingress_container_persist_dir: /data/nginx ingress_listen_args: 80 ingress_listen_tls: no ingress_servers: - name: syncthing.local.desu.ltd proxy_pass: http://syncthing:8384 tags: [ ingress ]