--- - hosts: nas gather_facts: true become: true roles: - docker - yt-dlp - cloud-backups - statusservices - linux-system-roles.metrics - linux-system-roles.firewall vars_files: - "{{ inventory_dir }}/vars/vault.yaml" vars: status_services_extra: - grafana-server - smb backups: containers backups_ignore: - /mergerfs - /run/udev container_user: "{{ vaulted_media_user }}" container_uid: "{{ vaulted_media_uid }}" container_group: "{{ vaulted_media_group }}" container_gid: "{{ vaulted_media_gid }}" global_env_vars: - PUID={{ container_uid }} - PGID={{ container_gid }} container_networks: - name: downloaders driver: bridge subnet: 172.21.10.0/24 ip_range: 172.21.10.0/24 gateway: 172.21.10.1 containers: - name: heimdall active: true image: linuxserver/heimdall ports: - 80:80 volumes: - /opt/heimdall:/config include_global_env_vars: true restart: unless-stopped - name: homeassistant active: true image: ghcr.io/home-assistant/home-assistant:stable privileged: true network_mode: host environment: - TZ=America/Los_Angeles devices: - /dev/ttyUSB0:/dev/ttyUSB0 volumes: - /opt/homeassistant:/config - /run/dbus:/run/dbus:ro restart: unless-stopped - name: mqtt active: true image: eclipse-mosquitto ports: - 1883:1883 - 9001:9001 volumes: - /opt/mqtt/config:/mosquitto/config - /opt/mqtt/data:/mosquitto/data - /opt/mqtt/logs:/mosquitto/log restart: unless-stopped networks: - jarvis - name: sickchill active: true image: linuxserver/sickchill ports: - 8081:8081 volumes: - /opt/sickchill:/config - /mergerfs:/mergerfs include_global_env_vars: true restart: unless-stopped networks: - downloaders - name: transmission active: true image: linuxserver/transmission ports: - 9091:9091 volumes: - /opt/transmission:/config - /mergerfs:/mergerfs include_global_env_vars: true environment: - USER={{ vaulted_nas_transmission_username }} - PASS={{ vaulted_nas_transmission_password }} restart: unless-stopped networks: - downloaders - name: qbittorrent active: true image: linuxserver/qbittorrent ports: - 8080:8080 volumes: - /opt/qbittorrent:/config - /mergerfs:/mergerfs include_global_env_vars: true environment: - WEBUI_PORT=8080 restart: unless-stopped networks: - downloaders - name: scrutiny active: true image: ghcr.io/analogj/scrutiny:master-omnibus ports: - 8088:8080 - 8086:8086 volumes: - /opt/scrutiny/config:/opt/scrutiny/config - /opt/scrutiny/influxdb2:/opt/scrutiny/influxdb - /run/udev:/run/udev:ro cap_add: - SYS_RAWIO - SYS_ADMIN # https://github.com/AnalogJ/scrutiny/issues/26#issuecomment-696817130 devices: - /dev/sda - /dev/sdb - /dev/sdc - /dev/sdd - /dev/sde - /dev/sdf - /dev/sdg - /dev/sdh - name: watchyourlan active: true image: aceberg/watchyourlan network_mode: host environment: - IFACE=enp42s0 - TZ=America/Los_Angeles - SHOURTRRR_URL=ntfy://ntfy.warchildstory.com/TestNotifications - GUIIP=0.0.0.0 - GUIPORT=8840 volumes: - /opt/wyl:/data ports: - 8840:8840 metrics_monitored_hosts: - nas.home.arpa - gateway.home.arpa metrics_retention_days: 14 metrics_graph_service: yes metrics_query_service: yes firewall: - {'service': 'grafana', 'state': 'enabled' } - {'service': 'http', 'state': 'enabled' } - {'port': '8080/tcp', 'state': 'enabled'} - {'port': '8081/tcp', 'state': 'enabled'} - {'port': '8086/tcp', 'state': 'enabled'} - {'port': '8088/tcp', 'state': 'enabled'} - {'port': '8840/tcp', 'state': 'enabled'} - {'port': '9091/tcp', 'state': 'enabled'}