samsapti/pi-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Remove unneeded quotes

Browse source
This commit is contained in:
Sam A. 2023-01-03 22:30:22 +01:00
parent a5ccee9f10
commit dea8f23d38
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
17 changed files with 55 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
group_vars/all/vars.yml
View file

@ -6,7 +6,7 @@ hostname: pi
timezone: Europe/Copenhagen
hdd_name: storage
hdd_mount_point: "/opt/{{ hdd_name }}"
hdd_mount_point: /opt/{{ hdd_name }}
ssd_name: pi-ssd
ssd_mount_point: "/opt/{{ ssd_name }}"
ssd_mount_point: /opt/{{ ssd_name }}

2
playbook.yml
View file

@ -4,13 +4,13 @@
hosts: all
gather_facts: true
become: true
tasks:
- name: Run OS configuration role
import_role:
name: os_config
tags:
- os
- name: Run Docker role
import_role:
name: docker

10
roles/docker/defaults/main.yml
View file

@ -13,26 +13,26 @@ services:
restic:
repo: /restic
version: 1.6
version: '1.6'
nextcloud:
domain: "cloud.{{ base_domain }}"
domain: cloud.{{ base_domain }}
volume: "{{ base_volume }}/nextcloud"
version: 25-apache
postgres_version: 14-alpine
redis_version: 7-alpine
emby:
domain: "watch.{{ base_domain }}"
domain: watch.{{ base_domain }}
volume: "{{ base_volume }}/emby"
version: latest
monerod:
domain: "xmr.{{ base_domain }}"
domain: xmr.{{ base_domain }}
version: latest
wireguard:
domain: "wg01.vpn.{{ base_domain }}"
domain: wg01.vpn.{{ base_domain }}
volume: "{{ base_volume }}/wireguard"
version: arm64v8-alpine

2
roles/docker/tasks/main.yml
View file

@ -2,7 +2,7 @@
---
- name: Add Docker PGP key
apt_key:
keyserver: keys.openpgp.org
keyserver: keyserver.ubuntu.com
id: '0x8D81803C0EBFCD88'
state: present

6
roles/docker/tasks/services.yml
View file

@ -33,11 +33,11 @@
state: present
- name: Deploy services
include_tasks: "services/{{ item.service }}.yml"
loop: "{{ services | dict2items(key_name='service') }}"
include_tasks: services/{{ item.key }}.yml
loop: "{{ services | dict2items }}"
when: single_service is not defined
- name: Deploy single service
include_tasks: "services/{{ single_service }}.yml"
include_tasks: services/{{ single_service }}.yml
when: single_service is defined and
single_service in services

6
roles/docker/tasks/services/caddy.yml
View file

@ -22,14 +22,14 @@
- name: Deploy Caddy Docker container
docker_container:
name: caddy
image: "caddy:{{ services.caddy.version }}"
image: caddy:{{ services.caddy.version }}
restart_policy: unless-stopped
networks:
- name: services
ipv4_address: 172.16.0.2
published_ports:
- '80:80/tcp'
- '443:443/tcp'
- 80:80/tcp
- 443:443/tcp
volumes:
- "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro"
- "{{ services.caddy.volume }}/config:/config:rw"

4
roles/docker/tasks/services/emby.yml
View file

@ -16,7 +16,7 @@
- name: Deploy Emby Docker container
docker_container:
name: emby_app
image: "emby/embyserver_arm64v8:{{ services.emby.version }}"
image: emby/embyserver_arm64v8:{{ services.emby.version }}
restart_policy: unless-stopped
env:
UID: '1000'
@ -30,6 +30,6 @@
- "{{ services.emby.volume }}/tvshows:/mnt/share1:rw"
- "{{ services.emby.volume }}/movies:/mnt/share2:rw"
published_ports:
- '8096:8096'
- 0.0.0.0:8096:8096/tcp
devices:
- /dev/vchiq:/dev/vchiq # MMAL/OMX on Raspberry Pi

4
roles/docker/tasks/services/monerod.yml
View file

@ -8,7 +8,7 @@
- name: Deploy Monero node Docker container
docker_container:
name: monerod_node
image: "sethsimmons/simple-monerod:{{ services.monerod.version }}"
image: sethsimmons/simple-monerod:{{ services.monerod.version }}
restart_policy: unless-stopped
networks:
- name: services
@ -17,4 +17,4 @@
volumes:
- monerod-node-blockchain:/home/monero/.bitmonero:rw
published_ports:
- '18080:18080'
- 18080:18080/tcp

12
roles/docker/tasks/services/nextcloud.yml
View file

@ -17,7 +17,7 @@
- name: Copy Apache2 config files
copy:
src: "nextcloud/apache2/{{ file }}"
src: nextcloud/apache2/{{ file }}
dest: "{{ services.nextcloud.volume }}/apache2/{{ file }}"
owner: root
mode: u=rw,g=r,o=r
@ -36,7 +36,7 @@
services:
postgres:
image: "postgres:{{ services.nextcloud.postgres_version }}"
image: postgres:{{ services.nextcloud.postgres_version }}
restart: unless-stopped
environment:
POSTGRES_DB: nextcloud
@ -46,14 +46,14 @@
- "{{ services.nextcloud.volume }}/postgres:/var/lib/postgresql/data:rw"
redis:
image: "redis:{{ services.nextcloud.redis_version }}"
image: redis:{{ services.nextcloud.redis_version }}
restart: unless-stopped
command: "redis-server --requirepass {{ secrets.nextcloud.redis_pw }}"
command: redis-server --requirepass {{ secrets.nextcloud.redis_pw }}
tmpfs:
- /var/lib/redis
cron:
image: "nextcloud:{{ services.nextcloud.version }}"
image: nextcloud:{{ services.nextcloud.version }}
restart: unless-stopped
entrypoint: /cron.sh
volumes:
@ -63,7 +63,7 @@
- redis
app:
image: "nextcloud:{{ services.nextcloud.version }}"
image: nextcloud:{{ services.nextcloud.version }}
restart: unless-stopped
environment:
POSTGRES_HOST: postgres

18
roles/docker/tasks/services/restic.yml
View file

@ -9,12 +9,12 @@
services:
backup:
image: "mazzolino/restic:{{ services.restic.version }}"
image: mazzolino/restic:{{ services.restic.version }}
restart: unless-stopped
environment:
RUN_ON_STARTUP: 'false'
BACKUP_CRON: '0 0 3 * * *'
RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
BACKUP_CRON: 0 0 3 * * *
RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}
RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
RESTIC_BACKUP_SOURCES: /mnt/volumes
RESTIC_BACKUP_ARGS: >-
@ -35,12 +35,12 @@
- "{{ services.emby.volume }}/programdata:/mnt/volumes/emby/programdata:ro"
prune:
image: "mazzolino/restic:{{ services.restic.version }}"
image: mazzolino/restic:{{ services.restic.version }}
restart: unless-stopped
environment:
RUN_ON_STARTUP: 'false'
PRUNE_CRON: '0 0 4 * * *'
RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
PRUNE_CRON: 0 0 4 * * *
RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}
RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
RESTIC_PRUNE_ARGS: >-
--verbose
@ -49,12 +49,12 @@
TZ: "{{ timezone }}"
check:
image: "mazzolino/restic:{{ services.restic.version }}"
image: mazzolino/restic:{{ services.restic.version }}
restart: unless-stopped
environment:
RUN_ON_STARTUP: 'false'
CHECK_CRON: '0 0 5 * * *'
RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
CHECK_CRON: 0 0 5 * * *
RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}
RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
RESTIC_CHECK_ARGS: >-
--verbose

2
roles/docker/tasks/services/snowflake.yml
View file

@ -3,6 +3,6 @@
- name: Deploy snowflake-proxy Docker container
docker_container:
name: snowflake-proxy
image: "thetorproject/snowflake-proxy:{{ services.snowflake.version }}"
image: thetorproject/snowflake-proxy:{{ services.snowflake.version }}
restart_policy: unless-stopped
network_mode: host

2
roles/docker/tasks/services/watchtower.yml
View file

@ -3,7 +3,7 @@
- name: Deploy Watchtower Docker container
docker_container:
name: watchtower
image: "containrrr/watchtower:{{ services.watchtower.version }}"
image: containrrr/watchtower:{{ services.watchtower.version }}
restart_policy: unless-stopped
env:
WATCHTOWER_POLL_INTERVAL: '3600'

4
roles/docker/tasks/services/wireguard.yml
View file

@ -10,7 +10,7 @@
- name: Deploy Wireguard Docker container
docker_container:
name: wireguard
image: "linuxserver/wireguard:{{ services.wireguard.version }}"
image: linuxserver/wireguard:{{ services.wireguard.version }}
restart_policy: unless-stopped
env:
SERVERURL: "{{ services.wireguard.domain }}"
@ -22,7 +22,7 @@
- "{{ services.wireguard.volume }}:/config:rw"
- /lib/modules:/lib/modules:rw
published_ports:
- '51820:51820/udp'
- 51820:51820/udp
capabilities:
- net_admin
- sys_module

10
roles/os_config/handlers/main.yml
View file

@ -3,30 +3,30 @@
- name: Create .env for apt-update-push
template:
src: env.j2
dest: "/home/{{ ansible_user }}/apt-update-push/.env"
dest: /home/{{ ansible_user }}/apt-update-push/.env
owner: root
mode: u=rw,go=
listen: apt-update-push
- name: Install apt-update-push
command: "/home/{{ ansible_user }}/apt-update-push/install.sh"
command: /home/{{ ansible_user }}/apt-update-push/install.sh
listen: apt-update-push
- name: Change GPIO_PIN
lineinfile:
regexp: '^GPIO_PIN = '
line: GPIO_PIN = 14
dest: "/home/{{ ansible_user }}/pi-fan-controller/fancontrol.py"
dest: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py
listen: pi-fan-controller
- name: Install requirements for pi-fan-controller
pip:
requirements: "/home/{{ ansible_user }}/pi-fan-controller/requirements.txt"
requirements: /home/{{ ansible_user }}/pi-fan-controller/requirements.txt
executable: pip3
listen: pi-fan-controller
- name: Install pi-fan-controller
command: "/home/{{ ansible_user }}/pi-fan-controller/script/install"
command: /home/{{ ansible_user }}/pi-fan-controller/script/install
listen: pi-fan-controller
- name: Restart sshd

4
roles/os_config/tasks/base.yml
View file

@ -30,7 +30,7 @@
- name: Clone apt-update-push
git:
dest: "/home/{{ ansible_user }}/apt-update-push"
dest: /home/{{ ansible_user }}/apt-update-push
repo: https://github.com/samsapti/apt-update-push.git
clone: true
update: true
@ -41,7 +41,7 @@
- name: Clone pi-fan-controller
git:
dest: "/home/{{ ansible_user }}/pi-fan-controller"
dest: /home/{{ ansible_user }}/pi-fan-controller
repo: https://github.com/Howchoo/pi-fan-controller.git
clone: true
update: false

8
roles/os_config/tasks/disks.yml
View file

@ -19,8 +19,8 @@
fstype: ext4
state: present
loop:
- "/dev/mapper/{{ hdd_name }}"
- "/dev/mapper/{{ ssd_name }}"
- /dev/mapper/{{ hdd_name }}
- /dev/mapper/{{ ssd_name }}
when: ansible_mounts | selectattr('device', 'eq', item) | length == 0
- name: Mount filesystems
@ -31,9 +31,9 @@
fstab: /tmp/fstab.ansible
state: mounted
loop:
- dev: "/dev/mapper/{{ hdd_name }}"
- dev: /dev/mapper/{{ hdd_name }}
path: "{{ hdd_mount_point }}"
- dev: "/dev/mapper/{{ ssd_name }}"
- dev: /dev/mapper/{{ ssd_name }}
path: "{{ ssd_mount_point }}"
when: ansible_mounts | selectattr('device', 'eq', item.dev) | length == 0

12
roles/os_config/tasks/firewall.yml
View file

@ -6,12 +6,12 @@
port: "{{ item.port }}"
proto: "{{ item.proto | default('tcp') }}"
loop:
- port: 22 # SSH
- port: 80 # HTTP
- port: 443 # HTTPS
- port: 18080 # monerod P2P
- port: 18089 # monerod RPC
- port: 51820 # Wireguard
- port: '22' # SSH
- port: '80' # HTTP
- port: '443' # HTTPS
- port: '18080' # monerod P2P
- port: '18089' # monerod RPC
- port: '51820' # Wireguard
proto: udp
- name: Enable UFW