diff --git a/roles/any.software.nefarious-podman/files/nefarious-redis.container b/roles/any.software.nefarious-podman/files/nefarious-redis.container new file mode 100644 index 0000000..e35874d --- /dev/null +++ b/roles/any.software.nefarious-podman/files/nefarious-redis.container @@ -0,0 +1,6 @@ +[Container] +Image=docker.io/redis:6-alpine +Pod=nefarious.pod + +[Service] +Restart=always diff --git a/roles/any.software.nefarious-podman/files/nefarious.Caddyfile b/roles/any.software.nefarious-podman/files/nefarious.Caddyfile new file mode 100644 index 0000000..120bbba --- /dev/null +++ b/roles/any.software.nefarious-podman/files/nefarious.Caddyfile @@ -0,0 +1,5 @@ +nf.roosens.me { + reverse_proxy localhost:8006 { + header_down +X-Robots-Tag "none" + } +} diff --git a/roles/any.software.nefarious-podman/files/nefarious.pod b/roles/any.software.nefarious-podman/files/nefarious.pod new file mode 100644 index 0000000..1d42d29 --- /dev/null +++ b/roles/any.software.nefarious-podman/files/nefarious.pod @@ -0,0 +1,6 @@ +# vim: ft=systemd +[Pod] +PublishPort=127.0.0.1:8006:80 +PublishPort=8007:9117 +PublishPort=8008:9091 +PublishPort=51413:51413 diff --git a/roles/any.software.nefarious-podman/files/transmission-settings.json b/roles/any.software.nefarious-podman/files/transmission-settings.json new file mode 100644 index 0000000..c079c8f --- /dev/null +++ b/roles/any.software.nefarious-podman/files/transmission-settings.json @@ -0,0 +1,10 @@ +{ + "download-dir": "/downloads/complete", + "incomplete-dir": "/downloads/incomplete", + "rpc-whitelist": "*", + "rpc-host-whitelist-enabled": "false", + "port-forwarding-enabled": true, + "peer-port": 51413, + "peer-port-random-on-start": false, + "peer-socket-tos": "default" +} diff --git a/roles/any.software.nefarious-podman/tasks/main.yml b/roles/any.software.nefarious-podman/tasks/main.yml new file mode 100644 index 0000000..6628891 --- /dev/null +++ b/roles/any.software.nefarious-podman/tasks/main.yml @@ -0,0 +1,59 @@ +--- +- name: Ensure subvolume permissions are correct + ansible.builtin.file: + path: "/mnt/data1/nefarious/{{ item.dir }}" + state: directory + mode: '0755' + owner: "{{ item.owner }}" + group: "{{ item.group }}" + loop: + - dir: 'nefarious' + owner: 1000 + group: 1000 + +- name: Ensure configuration directory is present + ansible.builtin.file: + path: '/etc/nefarious' + state: directory + mode: '0755' + +- name: Ensure Transmission config file is present + ansible.builtin.copy: + src: 'transmission-settings.json' + dest: '/etc/nefarious/transmission-settings.json' + owner: 'root' + group: 'root' + mode: '0644' + +- name: Ensure Quadlet files is present + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "/home/debian/.config/containers/systemd/{{ item }}" + mode: '0755' + owner: 'debian' + group: 'debian' + loop: + - 'nefarious-app.container' + - 'nefarious-celery.container' + - 'nefarious-jackett.container' + - 'nefarious-transmission.container' + +- name: Ensure Quadlet files is present + ansible.builtin.copy: + src: "{{ item }}" + dest: "/home/debian/.config/containers/systemd/{{ item }}" + mode: '0755' + owner: 'debian' + group: 'debian' + loop: + - 'nefarious-redis.container' + - 'nefarious.pod' + +- name: Ensure Caddyfile is present + ansible.builtin.copy: + src: 'nefarious.Caddyfile' + dest: '/etc/caddy/nefarious.Caddyfile' + owner: root + group: root + mode: '0644' + # notify: reload caddy diff --git a/roles/any.software.nefarious-podman/templates/compose.yml.j2 b/roles/any.software.nefarious-podman/templates/compose.yml.j2 new file mode 100644 index 0000000..2a866e1 --- /dev/null +++ b/roles/any.software.nefarious-podman/templates/compose.yml.j2 @@ -0,0 +1,61 @@ +# vim: set ft=yaml +name: 'nefarious' +services: + app: + image: 'lardbit/nefarious:latest' + restart: 'always' + + environment: + - 'DATABASE_URL=sqlite:////config/db.sqlite3' + - 'REDIS_HOST=redis' + - 'HOST_DOWNLOAD_PATH=/mnt/data1/media' + - 'NEFARIOUS_USER={{ nefarious_admin_user }}' + - 'NEFARIOUS_PASS={{ nefarious_admin_pass }}' + - 'CONFIG_PATH=/config' + ports: + - '8006:80' + volumes: + - '/mnt/data1/nefarious/nefarious:/config' + + celery: + image: 'lardbit/nefarious:latest' + restart: 'always' + entrypoint: '/app/entrypoint-celery.sh' + + environment: + - 'DATABASE_URL=sqlite:////config/db.sqlite3' + - 'REDIS_HOST=redis' + - 'CONFIG_PATH=/config' + - 'NUM_CELERY_WORKERS=1' + volumes: + - '/mnt/data1/nefarious/nefarious:/config' + + redis: + image: 'redis:6-alpine' + restart: always + + jackett: + image: 'linuxserver/jackett:latest' + restart: always + + ports: + - '8007:9117' + volumes: + - '/mnt/data1/nefarious/jackett:/config' + + transmission: + image: 'linuxserver/transmission:4.0.5' + restart: 'always' + + environment: + - 'PUID=1000' + - 'PGID=1000' + - 'TZ=Europe/Brussels' + - 'USER=' + - 'PASS=' + ports: + - '8008:9091' + - '51413:51413' + volumes: + - '/etc/nefarious/transmission-settings.json:/config/settings.json:ro' + - '/mnt/data1/media:/downloads' diff --git a/roles/any.software.nefarious-podman/templates/nefarious-app.container.j2 b/roles/any.software.nefarious-podman/templates/nefarious-app.container.j2 new file mode 100644 index 0000000..3b6b6c8 --- /dev/null +++ b/roles/any.software.nefarious-podman/templates/nefarious-app.container.j2 @@ -0,0 +1,19 @@ +# vim: ft=systemd +[Unit] +Requires=nefarious-celery.service nefarious-redis.service nefarious-jackett.service nefarious-transmission.service +After=nefarious-redis.service + +[Container] +Image=docker.io/lardbit/nefarious:latest +Pod=nefarious.pod + +Environment=DATABASE_URL=sqlite:////config/db.sqlite3 REDIS_HOST=localhost HOST_DOWNLOAD_PATH={{ host_download_dir }} "NEFARIOUS_USER={{ nefarious_admin_user }}" "NEFARIOUS_PASS={{ nefarious_admin_pass }}" CONFIG_PATH=/config HOST_DOWNLOAD_UID=0 +Volume={{ nefarious_config_dir }}:/config + +AutoUpdate=registry + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/roles/any.software.nefarious-podman/templates/nefarious-celery.container.j2 b/roles/any.software.nefarious-podman/templates/nefarious-celery.container.j2 new file mode 100644 index 0000000..83ccb9e --- /dev/null +++ b/roles/any.software.nefarious-podman/templates/nefarious-celery.container.j2 @@ -0,0 +1,16 @@ +# vim: ft=systemd +[Container] +Image=docker.io/lardbit/nefarious:latest +Pod=nefarious.pod +Entrypoint=/app/entrypoint-celery.sh + +Environment=DATABASE_URL=sqlite:////config/db.sqlite3 REDIS_HOST=localhost HOST_DOWNLOAD_PATH={{ host_download_dir }} "NEFARIOUS_USER={{ nefarious_admin_user }}" "NEFARIOUS_PASS={{ nefarious_admin_pass }}" CONFIG_PATH=/config NUM_CELERY_WORKERS=1 HOST_DOWNLOAD_UID=0 +Volume={{ nefarious_config_dir }}:/config + +AutoUpdate=registry + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/roles/any.software.nefarious-podman/templates/nefarious-jackett.container.j2 b/roles/any.software.nefarious-podman/templates/nefarious-jackett.container.j2 new file mode 100644 index 0000000..a49883e --- /dev/null +++ b/roles/any.software.nefarious-podman/templates/nefarious-jackett.container.j2 @@ -0,0 +1,10 @@ +# vim: ft=systemd +[Container] +Image=docker.io/linuxserver/jackett:latest +Pod=nefarious.pod +Volume={{ jackett_data_dir }}:/config + +AutoUpdate=registry + +[Service] +Restart=always diff --git a/roles/any.software.nefarious-podman/templates/nefarious-transmission.container.j2 b/roles/any.software.nefarious-podman/templates/nefarious-transmission.container.j2 new file mode 100644 index 0000000..cce31e0 --- /dev/null +++ b/roles/any.software.nefarious-podman/templates/nefarious-transmission.container.j2 @@ -0,0 +1,11 @@ +# vim: ft=systemd +[Container] +Image=docker.io/linuxserver/transmission:4.0.5 +Pod=nefarious.pod + +Environment=PUID=0 PGID=0 TZ=Europe/Brussels USER= PASS= +Volume={{ transmission_settings_path }}:/config/settings.json:ro +Volume={{ host_download_dir }}:/downloads + +[Service] +Restart=always