--- - hosts: chloe-nas gather_facts: true become: true roles: - snapraid - mergerfs - vladgh.samba.server - dnf-automatic - linux-system-roles.firewall - linux-system-roles.selinux - quadlet - statusservices - olivetin - cloud-backups vars_files: - "{{ inventory_dir }}/vars/vault.yaml" vars: dnf_update_time: 'wed 04:30' status_services_extra: - smb - OliveTin backups: containers backups_ignore: - /storage container_user: "{{ vaulted_media_user }}" container_uid: "{{ vaulted_media_uid }}" container_group: "{{ vaulted_media_group }}" container_gid: "{{ vaulted_media_gid }}" containers: - name: homepage image: ghcr.io/gethomepage/homepage ports: - 80:3000 environment: HOMEPAGE_ALLOWED_HOSTS: 10.0.0.135 # TODO Update with new IP PUID: "{{ container_uid }}" PGID: "{{ container_gid }}" volumes: - /srv/containers/homepage:/app/config:Z - /storage:/storage:ro # for utilization info restart: unless-stopped after: - network-online.target - name: sickgear image: lscr.io/linuxserver/sickgear ports: - 8081:8081 volumes: - /srv/containers/sickgear:/config:Z - /storage:/storage:z environment: PUID: "{{ container_uid }}" PGID: "{{ container_gid }}" TZ: America/Los_Angeles restart_policy: always restart_sec: 5 quadlet_options: | [Unit] After=nordvpnd.service After=sys-subsystem-net-devices-nordtun.device BindsTo=sys-subsystem-net-devices-nordtun.device - name: transmission image: lscr.io/linuxserver/transmission ports: - 9091:9091 volumes: - /srv/containers/transmission:/config:Z - /storage:/storage:z environment: PUID: "{{ container_uid }}" PGID: "{{ container_gid }}" USER: "{{ vaulted_nas_transmission_username }}" PASS: "{{ vaulted_nas_transmission_password }}" restart_policy: unless-stopped restart_sec: 5 quadlet_options: | [Unit] After=nordvpnd.service After=sys-subsystem-net-devices-nordtun.device BindsTo=sys-subsystem-net-devices-nordtun.device - name: qbittorrent active: true image: lscr.io/linuxserver/qbittorrent ports: - 8080:8080 volumes: - /srv/containers/qbittorrent:/config:Z - /storage:/storage:z environment: PUID: "{{ container_uid }}" PGID: "{{ container_gid }}" WEBUI_PORT: 8080 restart_policy: unless-stopped restart_sec: 5 quadlet_options: | [Unit] After=nordvpnd.service After=sys-subsystem-net-devices-nordtun.device BindsTo=sys-subsystem-net-devices-nordtun.device samba_guest_account: "{{ vaulted_media_user }}" samba_map_to_guest: bad user samba_netbios_name: "{{ ansible_hostname }}" samba_load_printers: False samba_mitigate_cve_2017_7494: False # enabling this breaks share browsing on Macs samba_shares_root: /storage samba_manage_directories: False # already handled by mergerfs/snapraid roles samba_users: - name: "{{ vaulted_media_user }}" password: "{{ vaulted_media_password }}" samba_shares: - name: storage path: /storage force_create_mode: '0664' force_directory_mode: '0775' guest_ok: "yes" writable: "yes" public: "yes" owner: "{{ vaulted_media_user }}" group: "{{ vaulted_media_group }}" snapraid_parity_disks: - path: /mnt/parity1 parity: parity disk: /dev/disk/by-id/ata-WDC_WD80EFPX-68C4ZN0_WD-RD2V74DH-part1 # bottom slot opts: defaults fs: xfs snapraid_data_disks: - path: /mnt/datadisk1 disk: /dev/disk/by-id/ata-WDC_WD60EFAX-68SHWN0_WD-WX21D39PLU7H-part1 # top slot opts: defaults fs: xfs owner: "{{ vaulted_media_user }}" group: "{{ vaulted_media_group }}" - path: /mnt/datadisk2 disk: /dev/disk/by-id/ata-WDC_WD60EFAX-68SHWN0_WD-WX91D99DVRJH-part1 opts: defaults fs: xfs owner: "{{ vaulted_media_user }}" group: "{{ vaulted_media_group }}" - path: /mnt/datadisk3 disk: /dev/disk/by-id/ata-WDC_WD80EFPX-68C4ZN0_WD-RD2VM3XH-part1 opts: defaults fs: xfs owner: "{{ vaulted_media_user }}" group: "{{ vaulted_media_group }}" mergerfs_disks: "{{ snapraid_data_disks }}" mergerfs_fstab: - path: /storage owner: "{{ vaulted_media_user }}" group: "{{ vaulted_media_group }}" source: /mnt/datadisk* opts: - allow_other - minfreespace=10G - category.create=mfs - use_ino - func.getattr=newest - fsname=mergerfs - nonempty selinux_booleans: - name: samba_share_fusefs state: on persistent: yes firewall: - service: - samba - netbios-ns - http state: enabled - port: - '1337/tcp' - '8080/tcp' - '8081/tcp' - '9091/tcp' state: enabled server_notifications_topic: "{{ vaulted_server_notifications_topic }}" pre_tasks: - name: Create Media Group group: name: "{{ vaulted_media_group }}" gid: "{{ vaulted_media_gid }}" - name: Create Media User user: name: "{{ vaulted_media_user }}" uid: "{{ vaulted_media_uid }}" groups: "{{ vaulted_media_group }}" append: yes shell: /bin/bash - name: Ensure mountpoints exist file: path: "{{ item.path }}" state: directory with_items: - "{{ snapraid_parity_disks }}" - "{{ snapraid_data_disks }}" - name: Ensure VPN device config directory exists file: path: /etc/systemd/system/sys-subsystem-net-devices-nordtun.device.d state: directory owner: root group: root mode: '0755' - name: Auto-Restart services after VPN re-connects copy: dest: /etc/systemd/system/sys-subsystem-net-devices-nordtun.device.d/upholds.conf owner: root group: root mode: '0644' content: | [Unit] Upholds=transmission.service Upholds=qbittorrent.service Upholds=sickgear.service