From b7d3ed7f182ea6d09d9baf953039073d6fbbbe4f Mon Sep 17 00:00:00 2001
From: Chewing_Bever <roosensjef@gmail.com>
Date: Mon, 20 May 2024 14:21:21 +0200
Subject: [PATCH] nefarious: all the stuff

---
 group_vars/nas/vars.yml                       |  3 +
 group_vars/nas/vault.yml                      | 68 ++++++++++---------
 nas.yml                                       |  6 ++
 roles/matrix/tasks/main.yml                   |  4 +-
 roles/miniflux/tasks/main.yml                 |  4 +-
 roles/nefarious-web/meta/main.yml             |  3 +
 roles/nefarious-web/tasks/main.yml            |  9 +++
 .../templates/nefarious.Caddyfile.j2          |  3 +
 .../files/transmission-settings.json          | 10 +++
 roles/nefarious/tasks/main.yml                | 56 +++++++++++++++
 roles/nefarious/templates/compose.yml.j2      | 60 ++++++++++++++++
 web.yml                                       |  6 ++
 12 files changed, 197 insertions(+), 35 deletions(-)
 create mode 100644 roles/nefarious-web/meta/main.yml
 create mode 100644 roles/nefarious-web/tasks/main.yml
 create mode 100644 roles/nefarious-web/templates/nefarious.Caddyfile.j2
 create mode 100644 roles/nefarious/files/transmission-settings.json
 create mode 100644 roles/nefarious/tasks/main.yml
 create mode 100644 roles/nefarious/templates/compose.yml.j2

diff --git a/group_vars/nas/vars.yml b/group_vars/nas/vars.yml
index 9928272..aa8f893 100644
--- a/group_vars/nas/vars.yml
+++ b/group_vars/nas/vars.yml
@@ -13,3 +13,6 @@ lander_api_key: "{{ vault_lander_api_key }}"
 restic_rest_version: '0.12.1'
 
 ntfy_user_pi_pass: "{{ vault_ntfy_user_pi_pass }}"
+
+nefarious_admin_user: "{{ vault_nefarious_admin_user }}"
+nefarious_admin_pass: "{{ vault_nefarious_admin_pass }}"
diff --git a/group_vars/nas/vault.yml b/group_vars/nas/vault.yml
index 201d253..5e2ebbf 100644
--- a/group_vars/nas/vault.yml
+++ b/group_vars/nas/vault.yml
@@ -1,32 +1,38 @@
 $ANSIBLE_VAULT;1.1;AES256
-30653235356365303661373234343761643338633930316436373463633164393230663264616633
-3638313463653234326466653836343437393036323839330a353033346131383734353435393839
-63396133333861623739353136386263323031613862343833623535396135366361643532363861
-3830663635323936330a323663643931643234346636623930353533363166613237366538393734
-64666638383862343763636466353134646632376162643330646362306531336431383533313933
-66346139346138326663396237346661626434643165656664616436366537363361393535323262
-35356339323635343739353931386638373836613032343134366431353164663461636430303363
-35313261316662383661353932646331663063306337663130663933663566343966306338373163
-33386534313231643363373165623065353264393539316339373163626363316562373034636435
-63643961623639366461323133386337643365353634663630666632376366633730616163653338
-37663635623563363932663739373435316335666539393930313066666565646531393730656332
-31653631363261663338336362653830356635376433666537356433323839323030626636653639
-37393237613465313231396264393339653164316432376364373737633731646431386135356438
-31616139633062376262396337396234303065663238326363316130323533343565343366376361
-62353739653735393637353938313261653533336237393333333930656637663662643162616662
-35636437393133616230373437653766393361613535353633373866383431393862623135383738
-33623433396538366362633131353834353164363165356561313238653631343430656163383761
-61336364653230333138363630616130623132333539353534323465663833626563343864626638
-34353064626538383734303436306639666239363536313062343239656136313466343366393964
-37663864346534346131643362646662316234643263306166313334626564356565353966383961
-64343630396637613130643436326564383533323134323066373039303533323261656164303862
-39396530343534383837383664363235613939663765616663383031643839643939313839643437
-35323831633231613364356134633535396333643862343531333965366135323631323764336264
-63393330613532643831623364396234613539353735633539626635393038656437316465616535
-61353730623735356535313438366332633233666631643531323135323864346565613066376238
-39393834633263633566343539663765656266313637303565663465663139343565643962656637
-32303464353031323039346533616433613862336630313139646665323931396335306134633531
-66396262353363383565643434393438633232376431616465623038656463346237373038656164
-61373262626634633335323163636366336134613663643039373530373538383134323631623438
-34636364653463656536336462613962386339616365373533356161633132383532303264383565
-646335383665303262623363613532643738
+39383533373564616531386363393531386339396563323835666338383434623366623336343532
+3265343939376332323938613039623439666465656133330a396635613563376263386234396535
+62363264613634323430353131366634303662616564316632373033336262316636663334333232
+3562613462313337390a636533336265656266303766333661326438306166663837313335373862
+35333761653937393338393430363932336238323239623036346139303336653764316637373966
+32316462616263363336316134393262356336373763663165353132396539653336326632376665
+37666534666331343062353535303965373231643762396535623035313231303761393362653665
+38363761383531663862663166363866333434376439643066353666316365306366656564656531
+65656333313637303561656161383335343331303932373130666537323863323634343839666235
+66353562323636663261356162363736616131646561623262363739356231613365626339383934
+62306137613462656565646439656564396430636530306165613364303534303061346461623964
+64396262396136393266356434356365653663376434643033363032376231643162373433393337
+35663932633161336137336533316430346133363434346661373935326236326330346461306663
+62316632313433333162383234333665653135353061653830313032326437383139386135376136
+64333334366531646164393839663839646634636338373838333739346364363233346533323464
+62646234636566656665353331346236316137323734383136363036303338643535376633353033
+30633839383230613363613433343566333664383036666532393830303433373733343330303165
+37626438316236666463393762353734393637346530343364646137383532666530333862643266
+30376131343037383030393435366431383436366266623733346337623364303761623933396236
+65393937666231656232366439333934333265653834646430313666396630656133613663323034
+30373235303535613262616331343935373862386465616365326166656263326537373030386232
+32323833653066666534393938363363363031313664313264653863333931333438333835653466
+36376263373362306334346635613636656664646437626432353435363563376436616635373364
+38666430613239336130393132646562666335663930653362356363383034383635626361353161
+66626364633762396464353662633161616136323064383037323733306165333961636238363163
+32326538373031336639626666653836366232366537393032386465383735363731386632343536
+39653236636366633166323834366237376536343130376462626561326230393937323033303437
+66623861663964663964643436363038313065633234626463363538323938373336326134303263
+31366163623164326635386564656265306332666135623461663839633966623965383761643033
+64653662343935613666636537366565663262393731336565646138313637323763656633396366
+32613966323964323630366239393139366339613462356566656465323436376137303739343638
+64303437666338666463316439623030323232343437303635666661643430323535653162303465
+62633932336636646462376562653461306135646133386339356538343134353264626165373939
+61383636376438613037636466633263326437373033643033353262613336326361393134316236
+62616431656431323061613562373036353739346361346566353236646565613661303832366464
+30376234303631363434376338343938303534383637366561383437353161383239383836636465
+6231
diff --git a/nas.yml b/nas.yml
index 4de40a8..c8e81c8 100644
--- a/nas.yml
+++ b/nas.yml
@@ -82,3 +82,9 @@
   roles:
     - matrix
   tags: matrix
+
+- hosts: nas
+  become: yes
+  roles:
+    - nefarious
+  tags: nefarious
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 315692a..60bc735 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -18,8 +18,8 @@
     path: "/mnt/data1/matrix/{{ item.dir }}"
     state: directory
     mode: '0755'
-    owner: {{ item.owner }}
-    group: {{ item.group }}
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
   loop:
     - dir: 'conduit'
       owner: 1000
diff --git a/roles/miniflux/tasks/main.yml b/roles/miniflux/tasks/main.yml
index 04ade27..3894a97 100644
--- a/roles/miniflux/tasks/main.yml
+++ b/roles/miniflux/tasks/main.yml
@@ -14,13 +14,13 @@
     - 'postgres'
 
 - name: Ensure configuration directory is present
-  file:
+  ansible.builtin.file:
     path: '/etc/miniflux'
     state: directory
     mode: '0755'
 
 - name: Ensure compose file is present
-  template:
+  ansible.builtin.template:
     src: 'compose.yml.j2'
     dest: '/etc/miniflux/compose.yml'
     mode: '0644'
diff --git a/roles/nefarious-web/meta/main.yml b/roles/nefarious-web/meta/main.yml
new file mode 100644
index 0000000..1dbd0f6
--- /dev/null
+++ b/roles/nefarious-web/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: caddy
diff --git a/roles/nefarious-web/tasks/main.yml b/roles/nefarious-web/tasks/main.yml
new file mode 100644
index 0000000..d106f81
--- /dev/null
+++ b/roles/nefarious-web/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Ensure Caddyfile is present
+  template:
+    src: 'nefarious.Caddyfile.j2'
+    dest: '/etc/caddy/nefarious.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload
diff --git a/roles/nefarious-web/templates/nefarious.Caddyfile.j2 b/roles/nefarious-web/templates/nefarious.Caddyfile.j2
new file mode 100644
index 0000000..9fbcb26
--- /dev/null
+++ b/roles/nefarious-web/templates/nefarious.Caddyfile.j2
@@ -0,0 +1,3 @@
+nf.roosens.me {
+    reverse_proxy {{ hostvars[groups['nefarious'][0]].static_ip }}:8006
+}
diff --git a/roles/nefarious/files/transmission-settings.json b/roles/nefarious/files/transmission-settings.json
new file mode 100644
index 0000000..c079c8f
--- /dev/null
+++ b/roles/nefarious/files/transmission-settings.json
@@ -0,0 +1,10 @@
+{
+    "download-dir": "/downloads/complete",
+    "incomplete-dir": "/downloads/incomplete",
+    "rpc-whitelist": "*",
+    "rpc-host-whitelist-enabled": "false",
+    "port-forwarding-enabled": true,
+    "peer-port": 51413,
+    "peer-port-random-on-start": false,
+    "peer-socket-tos": "default"
+}
diff --git a/roles/nefarious/tasks/main.yml b/roles/nefarious/tasks/main.yml
new file mode 100644
index 0000000..da28f5f
--- /dev/null
+++ b/roles/nefarious/tasks/main.yml
@@ -0,0 +1,56 @@
+---
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/nefarious'
+    state: directory
+    mode: '0755'
+    owner: 'root'
+    group: 'root'
+
+- name: Ensure data subvolumes are present
+  community.general.btrfs_subvolume:
+    name: '/nefarious/{{ item }}'
+  with_items:
+    - 'jackett'
+    - 'nefarious'
+
+- name: Ensure subvolume permissions are correct
+  ansible.builtin.file:
+    path: "/mnt/data1/nefarious/{{ item.dir }}"
+    state: directory
+    mode: '0755'
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+  loop:
+    - dir: 'nefarious'
+      owner: 1000
+      group: 1000
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/nefarious'
+    state: directory
+    mode: '0755'
+
+- name: Ensure Transmission config file is present
+  ansible.builtin.copy:
+    src: 'transmission-settings.json'
+    dest: '/etc/nefarious/transmission-settings.json'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+
+- name: Ensure compose file is present
+  ansible.builtin.template:
+    src: 'compose.yml.j2'
+    dest: '/etc/nefarious/compose.yml'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  register: res
+
+- name: Ensure stack is deployed
+  ansible.builtin.shell:
+    chdir: '/etc/nefarious'
+    cmd: 'docker compose up -d --remove-orphans'
+  when: 'res.changed'
diff --git a/roles/nefarious/templates/compose.yml.j2 b/roles/nefarious/templates/compose.yml.j2
new file mode 100644
index 0000000..84ef5b9
--- /dev/null
+++ b/roles/nefarious/templates/compose.yml.j2
@@ -0,0 +1,60 @@
+# vim: set ft=yaml
+services:
+  app:
+    image: 'lardbit/nefarious:latest'
+    restart: 'always'
+
+    environment:
+      - 'DATABASE_URL=sqlite:////config/db.sqlite3'
+      - 'REDIS_HOST=redis'
+      - 'HOST_DOWNLOAD_PATH=/mnt/data1/media'
+      - 'NEFARIOUS_USER={{ nefarious_admin_user }}'
+      - 'NEFARIOUS_PASS={{ nefarious_admin_pass }}'
+      - 'CONFIG_PATH=/config'
+    ports:
+      - '8006:80'
+    volumes:
+      - '/mnt/data1/nefarious/nefarious:/config'
+
+  celery:
+    image: 'lardbit/nefarious:latest'
+    restart: 'always'
+    entrypoint: '/app/entrypoint-celery.sh'
+
+    environment:
+      - 'DATABASE_URL=sqlite:////config/db.sqlite3'
+      - 'REDIS_HOST=redis'
+      - 'CONFIG_PATH=/config'
+      - 'NUM_CELERY_WORKERS=1'
+    volumes:
+      - '/mnt/data1/nefarious/nefarious:/config'
+
+  redis:
+    image: 'redis:6-alpine'
+    restart: always
+
+  jackett:
+    image: 'linuxserver/jackett:latest'
+    restart: always
+
+    ports:
+      - '8007:9117'
+    volumes:
+      - '/mnt/data1/nefarious/jackett:/config'
+
+  transmission:
+    image: 'linuxserver/transmission:4.0.5'
+    restart: 'always'
+    
+    environment:
+      - 'PUID=1000'
+      - 'PGID=1000'
+      - 'TZ=Europe/Brussels'
+      - 'USER='
+      - 'PASS='
+    ports:
+      - '8008:9091'
+      - '51413:51413'
+    volumes:
+      - '/etc/nefarious/transmission-settings.json:/config/settings.json:ro'
+      - '/mnt/data1/media:/downloads'
diff --git a/web.yml b/web.yml
index 5f0d2a0..7cf2c36 100644
--- a/web.yml
+++ b/web.yml
@@ -34,3 +34,9 @@
   roles:
     - baikal-web
   tags: baikal
+
+- hosts: web
+  become: yes
+  roles:
+    - nefarious-web
+  tags: nefarious