jelly, caddy, other stuff

main
Jef Roosens 2023-12-24 20:52:13 +01:00
parent 5ad30d3343
commit 592992f031
Signed by: Jef Roosens
GPG Key ID: B75D4F293C7052DB
17 changed files with 150 additions and 45 deletions

View File

@ -1,11 +1,12 @@
--- ---
- name: Install Python
hosts: all
gather_facts: no
roles:
- install-python
- name: Configure base system. - name: Configure base system.
hosts: all hosts: all
gather_facts: no
# Debian installs don't have Python by default
pre_tasks:
- name: Update package database
raw: apt update
- name: Install Python
raw: apt install -y python3
roles: roles:
- base - base

View File

@ -15,16 +15,3 @@ ansible_become_pass: !vault |
36343435646561643662373138613237626461373330346566356132636366623731643838383633 36343435646561643662373138613237626461373330346566356132636366623731643838383633
3765666163656264340a663138623535626161376666323862373131383637356231323737313564 3765666163656264340a663138623535626161376666323862373131383637356231323737313564
6430 6430
lambroek_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
33373365393262643630646336323731376232646138613061363933366265393863636536303430
3738363338653035623039383463643761343261336366620a353532613132343439333563663664
61643135323936323362326365663366333864363735363438636361643734333930616566356563
3038373639646338380a393061376135353564373062353139366461383939333161333936613430
33383233336531663261373631363733323839353235613131363966643838373033373437613764
37306137366666663938616465393464653961643732636236636438396165623165653363623135
36386632303939646632393362373838663337663063326338623534326561656561633131376138
64376237373133333761313635346266306638383038663333366139303437323562303733373764
63316564393763643834643232663462333633373639633938663035633063356530

View File

@ -0,0 +1,2 @@
raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
lambroek_password: "{{ vault_lambroek_password }}"

View File

@ -0,0 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
63336531383736643438396339366463383265373633373666623566616538316666323136626537
3462346135616462383838613531343537313165653962370a343965613330636566393363633733
35313039626430346264373361306464343532316532353232666166656531346237613033383662
3563663536616362620a626563666631336537373961636232386430366139396262666466626633
30653138633830636130663139373462663266643332303234303564353162333031383331396562
6136386164613435633835336462663834376130383362666561

View File

@ -1 +1,2 @@
192.168.0.3 [nas]
192.168.0.3 static_ip=192.168.0.3

36
nas.yml 100644
View File

@ -0,0 +1,36 @@
---
- name: Perform common tasks
hosts: nas
become: yes
roles:
- base
- common
tags: base
- name: Configure BTRFS RAID
hosts: nas
become: yes
roles:
- raid
tags: raid
- name: Set up Samba
hosts: nas
become: yes
roles:
- samba
tags: samba
- name: Set up Jellyfin
hosts: nas
become: yes
roles:
- jellyfin
tags: jellyfin
- name: Set up Caddy
hosts: nas
become: yes
roles:
- caddy
tags: caddy

View File

@ -4,10 +4,17 @@
name: sudo name: sudo
state: present state: present
- name: Create data group.
group:
name: data
gid: 1002
- name: Create debian user. - name: Create debian user.
user: user:
name: debian name: debian
groups: sudo groups:
- sudo
- data
append: true append: true
create_home: yes create_home: yes
shell: /bin/bash shell: /bin/bash

View File

@ -0,0 +1,16 @@
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
media.roosens.me {
reverse_proxy localhost:8096
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

View File

@ -0,0 +1,5 @@
---
- name: reload-caddy
service:
name: caddy
state: reloaded

View File

@ -1,3 +1,4 @@
---
- name: Add Caddy GPG key - name: Add Caddy GPG key
apt_key: apt_key:
url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key" url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
@ -16,3 +17,19 @@
apt: apt:
name: caddy name: caddy
state: present state: present
- name: Copy over Caddyfile
copy:
src: Caddyfile
dest: '/etc/caddy/Caddyfile'
owner: root
group: root
mode: '644'
notify: reload-caddy
- name: Ensure Caddy service is running & enabled
service:
name: caddy
state: started
enabled: true

View File

@ -10,6 +10,12 @@
- vim - vim
- tmux - tmux
- htop - htop
# Spam prevention
- fail2ban
# Disk monitoring
- smartmontools
state: present state: present
- name: Install Vim config - name: Install Vim config
@ -24,3 +30,9 @@
dest: "/home/debian/.vimrc" dest: "/home/debian/.vimrc"
- user: root - user: root
dest: "/root/.vimrc" dest: "/root/.vimrc"
- name: Enable fail2ban
service:
name: fail2ban
state: started
enabled: true

View File

@ -1,6 +0,0 @@
---
- name: Update package database
raw: apt update
- name: Install Python
raw: apt install -y python3

View File

@ -5,7 +5,7 @@
- name: Add Jellyfin repository - name: Add Jellyfin repository
apt_repository: apt_repository:
repo: "deb https://repo.jellyfin.org/debian bullseye main" repo: "deb https://repo.jellyfin.org/debian bookworm main"
filename: 'jellyfin' filename: 'jellyfin'
state: present state: present
@ -14,6 +14,16 @@
name: jellyfin name: jellyfin
state: present state: present
- name: Create Jellyfin user
user:
name: jellyfin
groups:
- data
append: true
create_home: no
shell: /bin/nologin
update_password: on_create
- name: Copy over service file - name: Copy over service file
copy: copy:
src: jellyfin.service.conf src: jellyfin.service.conf

View File

@ -1,14 +0,0 @@
- name: Install fail2ban.
apt:
name: fail2ban
state: present
# TODO add proper fail2ban config
- name: Ensure fail2ban is started & enabled.
service:
name: fail2ban
state: started
enabled: true
# TODO install UFW

View File

@ -0,0 +1,20 @@
---
- name: Install BTRFS tools
apt:
name: btrfs-progs
state: present
- name: Create mountpoint
file:
path: /mnt/data1
state: directory
mode: '0755'
owner: debian
group: debian
- name: Mount RAID
mount:
path: /mnt/data1
src: "UUID={{ raid_uuid }}"
fstype: btrfs
state: mounted

View File

@ -3,3 +3,8 @@
service: service:
name: smbd name: smbd
state: restarted state: restarted
- name: smbpasswd-lambroek
shell:
cmd: "smbpasswd -sa lambroek"
stdin: "{{ lambroek_password }}\n{{ lambroek_password }}"

View File

@ -16,10 +16,9 @@
create_home: false create_home: false
groups: groups:
- data - data
password: "{{ lambroek_password }}" password: "{{ lambroek_password | password_hash('sha512') }}"
shell: /sbin/nologin shell: /sbin/nologin
notify: smbpasswd-lambroek
# TODO run "smbpasswd -a lambroek"
- name: Copy over smb config file - name: Copy over smb config file
copy: copy: