any.software.nefarious-podman: add role

2026-01-05 22:24:35 +01:00 · 2026-01-05 22:24:35 +01:00 · 00342d5027
parent 13d834a316
commit 00342d5027
10 changed files with 203 additions and 0 deletions
--- a/roles/any.software.nefarious-podman/files/nefarious-redis.container
+++ b/roles/any.software.nefarious-podman/files/nefarious-redis.container
@ -0,0 +1,6 @@
+[Container]
+Image=docker.io/redis:6-alpine
+Pod=nefarious.pod
+
+[Service]
+Restart=always
--- a/roles/any.software.nefarious-podman/files/nefarious.Caddyfile
+++ b/roles/any.software.nefarious-podman/files/nefarious.Caddyfile
@ -0,0 +1,5 @@
+nf.roosens.me {
+    reverse_proxy localhost:8006 {
+        header_down +X-Robots-Tag "none"
+    }
+}
--- a/roles/any.software.nefarious-podman/files/nefarious.pod
+++ b/roles/any.software.nefarious-podman/files/nefarious.pod
@ -0,0 +1,6 @@
+# vim: ft=systemd
+[Pod]
+PublishPort=127.0.0.1:8006:80
+PublishPort=8007:9117
+PublishPort=8008:9091
+PublishPort=51413:51413
--- a/roles/any.software.nefarious-podman/files/transmission-settings.json
+++ b/roles/any.software.nefarious-podman/files/transmission-settings.json
@ -0,0 +1,10 @@
+{
+    "download-dir": "/downloads/complete",
+    "incomplete-dir": "/downloads/incomplete",
+    "rpc-whitelist": "*",
+    "rpc-host-whitelist-enabled": "false",
+    "port-forwarding-enabled": true,
+    "peer-port": 51413,
+    "peer-port-random-on-start": false,
+    "peer-socket-tos": "default"
+}
--- a/roles/any.software.nefarious-podman/tasks/main.yml
+++ b/roles/any.software.nefarious-podman/tasks/main.yml
@ -0,0 +1,59 @@
+---
+- name: Ensure subvolume permissions are correct
+  ansible.builtin.file:
+    path: "/mnt/data1/nefarious/{{ item.dir }}"
+    state: directory
+    mode: '0755'
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+  loop:
+    - dir: 'nefarious'
+      owner: 1000
+      group: 1000
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/nefarious'
+    state: directory
+    mode: '0755'
+
+- name: Ensure Transmission config file is present
+  ansible.builtin.copy:
+    src: 'transmission-settings.json'
+    dest: '/etc/nefarious/transmission-settings.json'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+
+- name: Ensure Quadlet files is present
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'nefarious-app.container'
+    - 'nefarious-celery.container'
+    - 'nefarious-jackett.container'
+    - 'nefarious-transmission.container'
+
+- name: Ensure Quadlet files is present
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'nefarious-redis.container'
+    - 'nefarious.pod'
+
+- name: Ensure Caddyfile is present
+  ansible.builtin.copy:
+    src: 'nefarious.Caddyfile'
+    dest: '/etc/caddy/nefarious.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  # notify: reload caddy
--- a/roles/any.software.nefarious-podman/templates/compose.yml.j2
+++ b/roles/any.software.nefarious-podman/templates/compose.yml.j2
@ -0,0 +1,61 @@
+# vim: set ft=yaml
+name: 'nefarious'
+services:
+  app:
+    image: 'lardbit/nefarious:latest'
+    restart: 'always'
+
+    environment:
+      - 'DATABASE_URL=sqlite:////config/db.sqlite3'
+      - 'REDIS_HOST=redis'
+      - 'HOST_DOWNLOAD_PATH=/mnt/data1/media'
+      - 'NEFARIOUS_USER={{ nefarious_admin_user }}'
+      - 'NEFARIOUS_PASS={{ nefarious_admin_pass }}'
+      - 'CONFIG_PATH=/config'
+    ports:
+      - '8006:80'
+    volumes:
+      - '/mnt/data1/nefarious/nefarious:/config'
+
+  celery:
+    image: 'lardbit/nefarious:latest'
+    restart: 'always'
+    entrypoint: '/app/entrypoint-celery.sh'
+
+    environment:
+      - 'DATABASE_URL=sqlite:////config/db.sqlite3'
+      - 'REDIS_HOST=redis'
+      - 'CONFIG_PATH=/config'
+      - 'NUM_CELERY_WORKERS=1'
+    volumes:
+      - '/mnt/data1/nefarious/nefarious:/config'
+
+  redis:
+    image: 'redis:6-alpine'
+    restart: always
+
+  jackett:
+    image: 'linuxserver/jackett:latest'
+    restart: always
+
+    ports:
+      - '8007:9117'
+    volumes:
+      - '/mnt/data1/nefarious/jackett:/config'
+
+  transmission:
+    image: 'linuxserver/transmission:4.0.5'
+    restart: 'always'
+    
+    environment:
+      - 'PUID=1000'
+      - 'PGID=1000'
+      - 'TZ=Europe/Brussels'
+      - 'USER='
+      - 'PASS='
+    ports:
+      - '8008:9091'
+      - '51413:51413'
+    volumes:
+      - '/etc/nefarious/transmission-settings.json:/config/settings.json:ro'
+      - '/mnt/data1/media:/downloads'
--- a/roles/any.software.nefarious-podman/templates/nefarious-app.container.j2
+++ b/roles/any.software.nefarious-podman/templates/nefarious-app.container.j2
@ -0,0 +1,19 @@
+# vim: ft=systemd
+[Unit]
+Requires=nefarious-celery.service nefarious-redis.service nefarious-jackett.service nefarious-transmission.service
+After=nefarious-redis.service
+
+[Container]
+Image=docker.io/lardbit/nefarious:latest
+Pod=nefarious.pod
+
+Environment=DATABASE_URL=sqlite:////config/db.sqlite3 REDIS_HOST=localhost HOST_DOWNLOAD_PATH={{ host_download_dir }} "NEFARIOUS_USER={{ nefarious_admin_user }}" "NEFARIOUS_PASS={{ nefarious_admin_pass }}" CONFIG_PATH=/config HOST_DOWNLOAD_UID=0
+Volume={{ nefarious_config_dir }}:/config
+
+AutoUpdate=registry
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target
--- a/roles/any.software.nefarious-podman/templates/nefarious-celery.container.j2
+++ b/roles/any.software.nefarious-podman/templates/nefarious-celery.container.j2
@ -0,0 +1,16 @@
+# vim: ft=systemd
+[Container]
+Image=docker.io/lardbit/nefarious:latest
+Pod=nefarious.pod
+Entrypoint=/app/entrypoint-celery.sh
+
+Environment=DATABASE_URL=sqlite:////config/db.sqlite3 REDIS_HOST=localhost HOST_DOWNLOAD_PATH={{ host_download_dir }} "NEFARIOUS_USER={{ nefarious_admin_user }}" "NEFARIOUS_PASS={{ nefarious_admin_pass }}" CONFIG_PATH=/config  NUM_CELERY_WORKERS=1 HOST_DOWNLOAD_UID=0
+Volume={{ nefarious_config_dir }}:/config
+
+AutoUpdate=registry
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target
--- a/roles/any.software.nefarious-podman/templates/nefarious-jackett.container.j2
+++ b/roles/any.software.nefarious-podman/templates/nefarious-jackett.container.j2
@ -0,0 +1,10 @@
+# vim: ft=systemd
+[Container]
+Image=docker.io/linuxserver/jackett:latest
+Pod=nefarious.pod
+Volume={{ jackett_data_dir }}:/config
+
+AutoUpdate=registry
+
+[Service]
+Restart=always
--- a/roles/any.software.nefarious-podman/templates/nefarious-transmission.container.j2
+++ b/roles/any.software.nefarious-podman/templates/nefarious-transmission.container.j2
@ -0,0 +1,11 @@
+# vim: ft=systemd
+[Container]
+Image=docker.io/linuxserver/transmission:4.0.5
+Pod=nefarious.pod
+
+Environment=PUID=0 PGID=0 TZ=Europe/Brussels USER= PASS=
+Volume={{ transmission_settings_path }}:/config/settings.json:ro
+Volume={{ host_download_dir }}:/downloads
+
+[Service]
+Restart=always