jelly, caddy, other stuff
parent
5ad30d3343
commit
592992f031
|
@ -1,11 +1,12 @@
|
||||||
---
|
---
|
||||||
- name: Install Python
|
|
||||||
hosts: all
|
|
||||||
gather_facts: no
|
|
||||||
roles:
|
|
||||||
- install-python
|
|
||||||
|
|
||||||
- name: Configure base system.
|
- name: Configure base system.
|
||||||
hosts: all
|
hosts: all
|
||||||
|
gather_facts: no
|
||||||
|
# Debian installs don't have Python by default
|
||||||
|
pre_tasks:
|
||||||
|
- name: Update package database
|
||||||
|
raw: apt update
|
||||||
|
- name: Install Python
|
||||||
|
raw: apt install -y python3
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
|
|
|
@ -15,16 +15,3 @@ ansible_become_pass: !vault |
|
||||||
36343435646561643662373138613237626461373330346566356132636366623731643838383633
|
36343435646561643662373138613237626461373330346566356132636366623731643838383633
|
||||||
3765666163656264340a663138623535626161376666323862373131383637356231323737313564
|
3765666163656264340a663138623535626161376666323862373131383637356231323737313564
|
||||||
6430
|
6430
|
||||||
|
|
||||||
lambroek_password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
33373365393262643630646336323731376232646138613061363933366265393863636536303430
|
|
||||||
3738363338653035623039383463643761343261336366620a353532613132343439333563663664
|
|
||||||
61643135323936323362326365663366333864363735363438636361643734333930616566356563
|
|
||||||
3038373639646338380a393061376135353564373062353139366461383939333161333936613430
|
|
||||||
33383233336531663261373631363733323839353235613131363966643838373033373437613764
|
|
||||||
37306137366666663938616465393464653961643732636236636438396165623165653363623135
|
|
||||||
36386632303939646632393362373838663337663063326338623534326561656561633131376138
|
|
||||||
64376237373133333761313635346266306638383038663333366139303437323562303733373764
|
|
||||||
63316564393763643834643232663462333633373639633938663035633063356530
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
|
||||||
|
lambroek_password: "{{ vault_lambroek_password }}"
|
|
@ -0,0 +1,7 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63336531383736643438396339366463383265373633373666623566616538316666323136626537
|
||||||
|
3462346135616462383838613531343537313165653962370a343965613330636566393363633733
|
||||||
|
35313039626430346264373361306464343532316532353232666166656531346237613033383662
|
||||||
|
3563663536616362620a626563666631336537373961636232386430366139396262666466626633
|
||||||
|
30653138633830636130663139373462663266643332303234303564353162333031383331396562
|
||||||
|
6136386164613435633835336462663834376130383362666561
|
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
- name: Perform common tasks
|
||||||
|
hosts: nas
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- base
|
||||||
|
- common
|
||||||
|
tags: base
|
||||||
|
|
||||||
|
- name: Configure BTRFS RAID
|
||||||
|
hosts: nas
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- raid
|
||||||
|
tags: raid
|
||||||
|
|
||||||
|
- name: Set up Samba
|
||||||
|
hosts: nas
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- samba
|
||||||
|
tags: samba
|
||||||
|
|
||||||
|
- name: Set up Jellyfin
|
||||||
|
hosts: nas
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- jellyfin
|
||||||
|
tags: jellyfin
|
||||||
|
|
||||||
|
- name: Set up Caddy
|
||||||
|
hosts: nas
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- caddy
|
||||||
|
tags: caddy
|
|
@ -4,10 +4,17 @@
|
||||||
name: sudo
|
name: sudo
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Create data group.
|
||||||
|
group:
|
||||||
|
name: data
|
||||||
|
gid: 1002
|
||||||
|
|
||||||
- name: Create debian user.
|
- name: Create debian user.
|
||||||
user:
|
user:
|
||||||
name: debian
|
name: debian
|
||||||
groups: sudo
|
groups:
|
||||||
|
- sudo
|
||||||
|
- data
|
||||||
append: true
|
append: true
|
||||||
create_home: yes
|
create_home: yes
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
# The Caddyfile is an easy way to configure your Caddy web server.
|
||||||
|
#
|
||||||
|
# Unless the file starts with a global options block, the first
|
||||||
|
# uncommented line is always the address of your site.
|
||||||
|
#
|
||||||
|
# To use your own domain name (with automatic HTTPS), first make
|
||||||
|
# sure your domain's A/AAAA DNS records are properly pointed to
|
||||||
|
# this machine's public IP, then replace ":80" below with your
|
||||||
|
# domain name.
|
||||||
|
|
||||||
|
media.roosens.me {
|
||||||
|
reverse_proxy localhost:8096
|
||||||
|
}
|
||||||
|
|
||||||
|
# Refer to the Caddy docs for more information:
|
||||||
|
# https://caddyserver.com/docs/caddyfile
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: reload-caddy
|
||||||
|
service:
|
||||||
|
name: caddy
|
||||||
|
state: reloaded
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Add Caddy GPG key
|
- name: Add Caddy GPG key
|
||||||
apt_key:
|
apt_key:
|
||||||
url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
|
url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
|
||||||
|
@ -16,3 +17,19 @@
|
||||||
apt:
|
apt:
|
||||||
name: caddy
|
name: caddy
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Copy over Caddyfile
|
||||||
|
copy:
|
||||||
|
src: Caddyfile
|
||||||
|
dest: '/etc/caddy/Caddyfile'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '644'
|
||||||
|
notify: reload-caddy
|
||||||
|
|
||||||
|
- name: Ensure Caddy service is running & enabled
|
||||||
|
service:
|
||||||
|
name: caddy
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,12 @@
|
||||||
- vim
|
- vim
|
||||||
- tmux
|
- tmux
|
||||||
- htop
|
- htop
|
||||||
|
|
||||||
|
# Spam prevention
|
||||||
|
- fail2ban
|
||||||
|
|
||||||
|
# Disk monitoring
|
||||||
|
- smartmontools
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install Vim config
|
- name: Install Vim config
|
||||||
|
@ -24,3 +30,9 @@
|
||||||
dest: "/home/debian/.vimrc"
|
dest: "/home/debian/.vimrc"
|
||||||
- user: root
|
- user: root
|
||||||
dest: "/root/.vimrc"
|
dest: "/root/.vimrc"
|
||||||
|
|
||||||
|
- name: Enable fail2ban
|
||||||
|
service:
|
||||||
|
name: fail2ban
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
- name: Update package database
|
|
||||||
raw: apt update
|
|
||||||
|
|
||||||
- name: Install Python
|
|
||||||
raw: apt install -y python3
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
- name: Add Jellyfin repository
|
- name: Add Jellyfin repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb https://repo.jellyfin.org/debian bullseye main"
|
repo: "deb https://repo.jellyfin.org/debian bookworm main"
|
||||||
filename: 'jellyfin'
|
filename: 'jellyfin'
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
@ -14,6 +14,16 @@
|
||||||
name: jellyfin
|
name: jellyfin
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Create Jellyfin user
|
||||||
|
user:
|
||||||
|
name: jellyfin
|
||||||
|
groups:
|
||||||
|
- data
|
||||||
|
append: true
|
||||||
|
create_home: no
|
||||||
|
shell: /bin/nologin
|
||||||
|
update_password: on_create
|
||||||
|
|
||||||
- name: Copy over service file
|
- name: Copy over service file
|
||||||
copy:
|
copy:
|
||||||
src: jellyfin.service.conf
|
src: jellyfin.service.conf
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
- name: Install fail2ban.
|
|
||||||
apt:
|
|
||||||
name: fail2ban
|
|
||||||
state: present
|
|
||||||
|
|
||||||
# TODO add proper fail2ban config
|
|
||||||
|
|
||||||
- name: Ensure fail2ban is started & enabled.
|
|
||||||
service:
|
|
||||||
name: fail2ban
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
# TODO install UFW
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
- name: Install BTRFS tools
|
||||||
|
apt:
|
||||||
|
name: btrfs-progs
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create mountpoint
|
||||||
|
file:
|
||||||
|
path: /mnt/data1
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
owner: debian
|
||||||
|
group: debian
|
||||||
|
|
||||||
|
- name: Mount RAID
|
||||||
|
mount:
|
||||||
|
path: /mnt/data1
|
||||||
|
src: "UUID={{ raid_uuid }}"
|
||||||
|
fstype: btrfs
|
||||||
|
state: mounted
|
|
@ -3,3 +3,8 @@
|
||||||
service:
|
service:
|
||||||
name: smbd
|
name: smbd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: smbpasswd-lambroek
|
||||||
|
shell:
|
||||||
|
cmd: "smbpasswd -sa lambroek"
|
||||||
|
stdin: "{{ lambroek_password }}\n{{ lambroek_password }}"
|
||||||
|
|
|
@ -16,10 +16,9 @@
|
||||||
create_home: false
|
create_home: false
|
||||||
groups:
|
groups:
|
||||||
- data
|
- data
|
||||||
password: "{{ lambroek_password }}"
|
password: "{{ lambroek_password | password_hash('sha512') }}"
|
||||||
shell: /sbin/nologin
|
shell: /sbin/nologin
|
||||||
|
notify: smbpasswd-lambroek
|
||||||
# TODO run "smbpasswd -a lambroek"
|
|
||||||
|
|
||||||
- name: Copy over smb config file
|
- name: Copy over smb config file
|
||||||
copy:
|
copy:
|
||||||
|
|
Loading…
Reference in New Issue