| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 |
- ---
- - hosts: chloe-nas
- gather_facts: true
- become: true
- roles:
- - snapraid
- - mergerfs
- - vladgh.samba.server
- - dnf-automatic
- - linux-system-roles.firewall
- - linux-system-roles.selinux
- - quadlet
- - statusservices
- - olivetin
- - cloud-backups
- vars_files:
- - "{{ inventory_dir }}/vars/vault.yaml"
- vars:
- dnf_update_time: 'wed 04:30'
- status_services_extra:
- - smb
- - OliveTin
- backups: containers
- backups_ignore:
- - /storage
- container_user: "{{ vaulted_media_user }}"
- container_uid: "{{ vaulted_media_uid }}"
- container_group: "{{ vaulted_media_group }}"
- container_gid: "{{ vaulted_media_gid }}"
- containers:
- - name: homepage
- image: ghcr.io/gethomepage/homepage
- ports:
- - 80:3000
- environment:
- HOMEPAGE_ALLOWED_HOSTS: 10.0.0.135 # TODO Update with new IP
- PUID: "{{ container_uid }}"
- PGID: "{{ container_gid }}"
- volumes:
- - /srv/containers/homepage:/app/config:Z
- - /storage:/storage:ro # for utilization info
- restart: unless-stopped
- after:
- - network-online.target
- - name: sickgear
- image: lscr.io/linuxserver/sickgear
- ports:
- - 8081:8081
- volumes:
- - /srv/containers/sickgear:/config:Z
- - /storage:/storage:z
- environment:
- PUID: "{{ container_uid }}"
- PGID: "{{ container_gid }}"
- TZ: America/Los_Angeles
- restart_policy: always
- restart_sec: 5
- quadlet_options: |
- [Unit]
- After=nordvpnd.service
- After=sys-subsystem-net-devices-nordtun.device
- BindsTo=sys-subsystem-net-devices-nordtun.device
-
- - name: transmission
- image: lscr.io/linuxserver/transmission
- ports:
- - 9091:9091
- volumes:
- - /srv/containers/transmission:/config:Z
- - /storage:/storage:z
- environment:
- PUID: "{{ container_uid }}"
- PGID: "{{ container_gid }}"
- USER: "{{ vaulted_nas_transmission_username }}"
- PASS: "{{ vaulted_nas_transmission_password }}"
- restart_policy: unless-stopped
- restart_sec: 5
- quadlet_options: |
- [Unit]
- After=nordvpnd.service
- After=sys-subsystem-net-devices-nordtun.device
- BindsTo=sys-subsystem-net-devices-nordtun.device
- - name: qbittorrent
- active: true
- image: lscr.io/linuxserver/qbittorrent
- ports:
- - 8080:8080
- volumes:
- - /srv/containers/qbittorrent:/config:Z
- - /storage:/storage:z
- environment:
- PUID: "{{ container_uid }}"
- PGID: "{{ container_gid }}"
- WEBUI_PORT: 8080
- restart_policy: unless-stopped
- restart_sec: 5
- quadlet_options: |
- [Unit]
- After=nordvpnd.service
- After=sys-subsystem-net-devices-nordtun.device
- BindsTo=sys-subsystem-net-devices-nordtun.device
- samba_guest_account: "{{ vaulted_media_user }}"
- samba_map_to_guest: bad user
- samba_netbios_name: "{{ ansible_hostname }}"
- samba_load_printers: False
- samba_mitigate_cve_2017_7494: False # enabling this breaks share browsing on Macs
- samba_shares_root: /storage
- samba_manage_directories: False # already handled by mergerfs/snapraid roles
- samba_users:
- - name: "{{ vaulted_media_user }}"
- password: "{{ vaulted_media_password }}"
- samba_shares:
- - name: storage
- path: /storage
- force_create_mode: '0664'
- force_directory_mode: '0775'
- guest_ok: "yes"
- writable: "yes"
- public: "yes"
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- snapraid_data_disks:
- - path: /mnt/datadisk1
- disk: /dev/disk/by-id/ata-WDC_WD60EFAX-68SHWN0_WD-WX21D39PLU7H-part1 # top slot
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - path: /mnt/datadisk2
- disk: /dev/disk/by-id/ata-WDC_WD60EFAX-68SHWN0_WD-WX91D99DVRJH-part1
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- - path: /mnt/datadisk3
- disk: /dev/disk/by-id/ata-WDC_WD80EFPX-68C4ZN0_WD-RD2VM3XH-part1
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- snapraid_parity_disks:
- - path: /mnt/parity1
- parity: parity
- disk: /dev/disk/by-id/ata-WDC_WD80EFPX-68C4ZN0_WD-RD2V74DH-part1 # bottom slot
- mergerfs_disks: "{{ snapraid_data_disks }}"
- mergerfs_fstab:
- - path: /storage
- owner: "{{ vaulted_media_user }}"
- group: "{{ vaulted_media_group }}"
- source: /mnt/datadisk*
- opts:
- - allow_other
- - minfreespace=10G
- - category.create=mfs
- - use_ino
- - func.getattr=newest
- - fsname=mergerfs
- - nonempty
- selinux_booleans:
- - name: samba_share_fusefs
- state: on
- persistent: yes
- firewall:
- - service:
- - samba
- - netbios-ns
- - http
- state: enabled
- - port:
- - '1337/tcp'
- - '8080/tcp'
- - '8081/tcp'
- - '9091/tcp'
- state: enabled
-
- server_notifications_topic: "{{ vaulted_server_notifications_topic }}"
- pre_tasks:
- - name: Create Media Group
- group:
- name: "{{ vaulted_media_group }}"
- gid: "{{ vaulted_media_gid }}"
- - name: Create Media User
- user:
- name: "{{ vaulted_media_user }}"
- uid: "{{ vaulted_media_uid }}"
- groups: "{{ vaulted_media_group }}"
- append: yes
- shell: /bin/bash
- - name: Ensure mountpoints exist
- file:
- path: "{{ item.path }}"
- state: directory
- with_items:
- - "{{ snapraid_parity_disks }}"
- - "{{ snapraid_data_disks }}"
- - name: Ensure VPN device config directory exists
- file:
- path: /etc/systemd/system/sys-subsystem-net-devices-nordtun.device.d
- state: directory
- owner: root
- group: root
- mode: '0755'
- - name: Auto-Restart services after VPN re-connects
- copy:
- dest: /etc/systemd/system/sys-subsystem-net-devices-nordtun.device.d/upholds.conf
- owner: root
- group: root
- mode: '0644'
- content: |
- [Unit]
- Upholds=transmission.service
- Upholds=qbittorrent.service
- Upholds=sickgear.service
|
