Added emma play and updated roles for multi-server setup

inventory/group_vars/emma/vars.yaml

@@ -0,0 +1,11 @@
+raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
+
+btrfs_raid:
+  uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
+  path: '/mnt/data1'
+btrfs_nvme:
+  uuid: '5d072d75-7ffc-4780-9a6a-3021b183f9db'
+  path: '/'
+
+miniflux_admin_username: "{{ vault_miniflux_admin }}"
+miniflux_admin_password: "{{ vault_miniflux_admin_pass }}"

inventory/group_vars/emma/vault.yml

@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+38613635363435396562373461643133326636633430393530643166666334366132396335316130
+3662663565653432656365653265393636643233363564370a323866373639376438323135343239
+35623865373737396636353766636333626566666439343737396537343838333361363366303334
+6632343033386337330a333665643361373564636636666461393637356332333466656430383731
+65626537623733356134383464333162656438323964313630383930313739313465316331653034
+36376665663331363466613330343665313333323339306365323365646166623537303434303730
+32363037343761633466636531383864303335363938623932346232366261636262643034346138
+31346132636334636637353030313339376262316433396334333532363138353365313838373231
+35636335626664663637326437323733366331623435336666383434376430613564356636376432
+62393064323336663064346266373934343736653666383362636434333962323466313631333165
+66323431323966373263326464316432313636386238393339333161386162333337353631303466
+64653034653965303039343464366463613564343634616230366665363861336633366530303562
+38303065346237653233386566353766356637383965363636386566656139643638613461613037
+61333737343964383034393839633462323466303030323433383163623862313433333932613831
+63306665626465386230326665303430643637653836383237393531373739646666383237356338
+30663462336366356636366662383864353764356264643237396561316633353261626236306165
+65623366356665623334303835366361656365333835663032656338373937306130353839333366
+62386130646164656538653031386561666230653635636661643264396430656234623634333037
+63373939346461613964363335663833376564363234616564346261363362626135323537643864
+38353936653434323735393966623664343761653934366638626239643135333139653461306435
+38393232373834366234663762633062393633333234363938646562386334663633626434653763
+32643831303037323738393962666136333138343937313966623264613633373134316135666563
+36366165343031376266353461326465393538363039333135613736643931306333353031313635
+66646266346566303231346638346436323766633233633833376166663235326337363136376561
+63363633613639656437363738636236636365343232393731356638333335356331

plays/emma.yml

@@ -0,0 +1,42 @@
+- name: Set up static IP
+  hosts: emma
+  become: yes
+  roles:
+    - role: any.common.static-ip
+      vars:
+        interface: 'enp1s0'
+        static_ip: '192.168.0.2'
+        broadcast_ip: '192.168.0.255'
+        router_ip: '192.168.0.1'
+    - any.common.ssh
+    - any.tools.ufw
+  tags: networking
+
+- name: Configure BTRFS RAID
+  hosts: emma
+  become: yes
+  roles:
+    - any.common.raid
+  tags: raid
+
+- name: Set up Jellyfin
+  hosts: emma
+  become: yes
+  roles:
+    - any.software.jellyfin
+  tags: jellyfin
+
+- name: Set up Miniflux
+  hosts: emma
+  become: yes
+  tags: miniflux
+  roles:
+    - role: any.common.btrfs-subvolumes
+      vars:
+        subvolumes:
+          - filesystem_uuid: "{{ btrfs_nvme.uuid }}"
+            filesystem_path: "{{ btrfs_nvme.path }}"
+            name: "/@rootfs/data/miniflux/postgres"
+    - role: any.software.miniflux-podman
+      vars:
+        postgres_data_dir: '/data/miniflux/postgres'

roles/any.common.btrfs-subvolumes/tasks/main.yml

@@ -0,0 +1,33 @@
+# ---
+# - name: Create subvolumes on {{ fs.path }}
+#   block:
+#     - name: Create subvolume {{ fs.path }}{{ subvol.name }}
+#       block:
+#         - name: "Ensure parent directory exists"
+#           ansible.builtin.file:
+#             path: "{{ (fs.path + subvol.name) | dirname }}"
+#             state: directory
+
+#         - name: "Ensure subvolume exists"
+#           community.general.btrfs_subvolume:
+#             filesystem_device: "{{ fs.device | default(omit) }}"
+#             filesystem_label: "{{ fs.label | default(omit) }}"
+#             filesystem_uuid: "{{ fs.uuid | default(omit) }}"
+
+#             name: "{{ subvol.name }}"
+#             state: "present"
+      
+#       loop: "{{ fs.subvolumes }}"
+#       loop_var: "subvol"
+#   loop: "{{ filesystems }}"
+#   loop_var: "fs"
+
+- name: Ensure all BTRFS subvolumes are created
+  community.general.btrfs_subvolume:
+    filesystem_device: "{{ item.filesystem_device | default(omit) }}"
+    filesystem_label: "{{ item.filesystem_label | default(omit) }}"
+    filesystem_uuid: "{{ item.filesystem_uuid | default(omit) }}"
+    name: "{{ item.name }}"
+    recursive: true
+  loop: "{{ subvolumes }}"
+

roles/any.common.ssh/files/authorized_keys

@@ -0,0 +1,5 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkDjXuZn+blanbJAhte8KttrpeCPeT5CGcZ5mlAZv724wTa4qebpwCnf4SK4aFuDQEuCusnia3+X7YWAyCDReNURznAWCtq+b8LGxyIm2hTBbLA1m8sj0xidR/djlUtOwDp9VpSNamUWyiPWJ+WNsPd9xLJ6BK3qRsoFiMN87sO12L7DHHDaMze628Oc+IxFd+VZnH0dPVgitis31f+lXCr8w5qSiEepDJ8Nde8M+Ev1RrPQbR5Q5C+wYxlbY0oPNlGqSrs5i1jJl0BVMI4DlibxatTfuteU5IwcDMQObJr3xJGKNTPswSdzpfJFrLfUBZvsDs94BXEHR2CtxZ4aLQPeLfosWe4zuGvX22p7TzSPx1LkuqIF85Tw1PvK3f7u3l9sozHORAoEA8sFHG+DolqldgjuUgCGpfF/QOY1jkGpbEhq57kKFH+VlFI2XePGQ6299R9RN/Y4S88v14ChLwoLSNWgxK+CgYgB4lbquAIKTKsRla3gkEeziz+qoHPQkD5RcajrWOfSKU4alORpgQerSFZ9zMoz9N2rfTVEzCsVUj0Jiwtd5O7pCX9PWBhz1Nl1ItrRPuFiTSKB05dqsQ1CDZAZMDPJNqotd6QRS5+cKzFLgvU6k/gk08/qV00VM+BxlXkh8PwAhaxNPjMxjzqHx0+xC38FtacuhJiOV91Q== roosensjef@gmail.com
+
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgHqW7mLuaW8XEFJrg031ES7v7y6Uk5QUp++axTd0wzvt5qfqTox9Hg1Xk5C9hdEfYzS5NCU+uoiInR0aHZ3Cl+yxqi3VqDfO20j6Irrt2SOBB86Gsyu9Brj62xtS0rY/e9rmyULJGUtJEz3UmFvn8fE5hUpGjDg7NByFs8f054pzifWw8F/wOvF5rKo9GqkWeXEUZ456FmowXCQLl5SypQliOsHJDs89NiTVvOxiKQXULBhj8o4c0MyCeFfPWqOutSSAetmbnegEjOTy7f/0IiqB+5713KOh1Bm1/u+3J2IVbRgeG1iTJdDVeIxBGmA1wMLvrBtBRIS0MaKa1Xabo3QTgYPHNGrf2w+GMnuoQ6/tdD6omPWGTHXqtHKEeIW1JrlDyhOo86oCl+l2aveMwhFFGW4nQmW7sfrowyLHdU3BpGl4m7pGa+5sTsHiOGEqEN/a7xikztXkuKacQ8E/y1C8gDXgaX8zFl6VOwR5EfMEMX390tz+R+ErDU81h47tSkwbY3KhunSKwPT8jSMldBttnCIexd+QuQgOlSwXkYVPPmXtPUkfp+4VzWSWeGKAa9k3HtVMIvKdVk9eXDVNnVdaAL+EkHyXOyFVVGa9gJ3ZOWhHMNi2/kHAwWMI9CwRxj7AVk30KGBhPN0wdS9Dt8/0Aa33hWuY2p9DxtNaiNw== roosensjef@gmail.com
+
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkcCTP0IE/ANIXJJIMWEg4f5riS8uv3KuypkzQC47XN roosensjef@gmail.com

roles/any.common.ssh/tasks/main.yml

@@ -1,4 +1,20 @@
 ---
+- name: Ensure ssh directory is present
+  file:
+    path: /home/debian/.ssh/
+    state: directory
+    owner: debian
+    group: debian
+    mode: '700'
+
+- name: Ensure authorized keys are present
+  copy:
+    src: authorized_keys
+    dest: /home/debian/.ssh/authorized_keys
+    owner: debian
+    group: debian
+    mode: '600'
+
 - name: Ensure sshd config is present
   ansible.builtin.copy:
     src: 'sshd_config'

roles/any.common.static-ip/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart networking
+  service:
+    name: networking
+    state: restarted

roles/any.common.static-ip/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Install networking config file.
+  template:
+    src: interfaces.j2
+    dest: /etc/network/interfaces.d/{{ interface }}
+  notify: restart networking

roles/any.common.static-ip/templates/interfaces.j2

@@ -0,0 +1,7 @@
+auto {{ interface }}
+iface {{ interface }} inet static
+	address {{ static_ip }}
+	broadcast {{ broadcast_ip }}
+	netmask 255.255.255.0
+	gateway {{ router_ip }}
+	dns-nameservers {{ router_ip }} 8.8.8.8