diff --git a/inventory/group_vars/emma/vault.yml b/inventory/group_vars/emma/vault.yml index cfa4428..07fc5df 100644 --- a/inventory/group_vars/emma/vault.yml +++ b/inventory/group_vars/emma/vault.yml @@ -1,52 +1,49 @@ $ANSIBLE_VAULT;1.1;AES256 -33383364343639356334353035346237343135633831643837633539663433313431616130623862 -3638363236326362373564663134383266353634343861370a363239653062656634663139616338 -32653965643465316364633161343264323763363066303833656661303464623866643437303664 -3465663461663361370a353835653064343433356463333231643831643139303562656435653436 -64303735613233386137363765393935396666343362616638306263643732623763613462303535 -30633364656562666534316233306462373139316631613931396430313631623131313365383033 -33356637653038636261326264653866313432363233646636653762386366323838353164313438 -33316664363038346466653566636633303461633433633461353533643633323661353536623937 -33623461623562343831333166306337393538373032353133303935666161613839303766343332 -64353632666265363134386563343237353361333435363539626663363531663835363033353438 -38363332663063393832353866303562643435646637663339653031643563396165613939323164 -33356631666330643861373534343432313636663764636265663939663965376532356230653763 -33306530386234643434613130393838616138306461386539343333643739343165633234316263 -36303566613365653662363434643963656366663730643831346637336461623165343834373938 -32646539346135326536363939353232396239643630326564396463336537613639393961663064 -63376663303364616162393031346662303731336334626634396535323933373864373861326331 -63343235663338363731343936313963636234326639633631323438656363626637363131653932 -34643239646263383130336632343166396636646433363061366639333439343961306134633765 -33643064356331646334316537346566626531653537336530653037333665303439663936356166 -31316130336363386637656330313437316339626365386266356137616435613334306233306236 -33383534663730396530353035626136633762316565336133366663616337323465646338323936 -34656466316462633037626133303237363638323961363134303434646636613063353832356632 -38353866396331383832666565303438323965396565356631353761653839356332363132643438 -31356139633165663033626465623531396234396634393764616536346136323036663133303630 -34653835363436356236303362333635623031663563323634343732646631383133666235623366 -38656334373365363837343933313935663533303263346134316463393530303830663536323739 -61303632613836353965663461623064636562653035323330653034623732303961343665666264 -63373935373361363731626237353066663038346564613066323631376462373630303931306463 -65363866646439393730383562376637386262646665646564386332356539343264333464303735 -39393932653566363463616436313335656534303433656132643333633434313966313739333061 -39643730326536666530333735373766373566663731346531653439346434623133613336383363 -62626165653335643934653463653765636661323562313363333866393361366466343833653536 -66376532306331373861393234356234363834326266353532663736353462333038353531346538 -61626633303838303962336134376230626635616237303438636235393338623563373038376362 -37333061313231643036303833373333336265313233326230373139626364663234313534623537 -64623661366338323638656135613333353361353634643533393030393532363032313961393632 -62356561353064663234396335383737613963386566613064393136313364303338346133353565 -39633737663164636665626534346265633831613835343862316230653530346533346133326435 -38323462666564666435633331353436373434313834613266656638343161623339656464306232 -32616464623537366264363839383034346333323034663665326434343738306562303537363932 -36346333373333316334336131386436633562656136353134656563663137316665656639646463 -39353564366539636531303066623138613931323130306130363433323162313237346238323464 -39633235313335353734323738356231613636643661343165616136343633333065643765633466 -37363161653933646536343131656561313966306436336334313962376630373039373938303535 -65343735613164656639383331623265656466656534663163383937303763626639373233646461 -63393665653132316364363562316136383633343365623630613536653536326138376334396562 -63613432356531386230393363383861323663353832373265303765616435303436356361393365 -65386132333938333939353561303362346235343231383035313761366330363532623337386463 -35623937303533613364383831343764653631333936313361386234323634383664356262313137 -33643130343961396335623033346434373735303663376331346534613338386130633436346462 -303936363639633134386435653639656334 +65626333343266643235663938663438356638613431393864666264636364363431316436636234 +3065623230376661396633643138633766633563393461380a636664373666646435643235653232 +30313935623961366634656134643834636239623836633864643961376237653531336238363135 +3662316535303637640a363863353263633661343635346238616335353232303261326163323233 +32373237303864353037643966656563323331326161623334636238666237383735643532626566 +64363931363932383263666434393139396137613934663134616430396537616566333835333865 +66653239363539363432363735353930393239333063623339623330666432323635356363376337 +39643938653737343633663665343132613236326666336434613966343134613035343562356133 +64613630613037663638633439306433633261373731306564363133633832326632623733313434 +64376538313634333564343263636436323230663935363964396636666532333331313535323962 +34623764666362643031643339356163366132336239366639333939633965383736383839646261 +30343331626434366662613139306335336231643066356465363763383237636466636162393266 +31613432643835306230386536323438366537313137626361326338363539303031326439303065 +66343634653034643964636333383131333530636330346462653336633435356430663234376539 +33633963616630396134366632613139366134313430363764303738636263623362373332336266 +35616461306635343364636634396664316635383164323933396233613539353436373264616137 +38373335333631303133363730626365643765366462373337386132343361303230626661613431 +32363334636563613333646633323261316534386138616133663539393864353863353431396563 +37386166326133653734666266383932633638333930623835333164303366633432303563386661 +63313032643733643738383731623838623939316330613465653165666166356366646537313431 +35613662363331323530323563613438616362353838616463623963616231653730613264383439 +30386164356537326639313636303636386631613363323863653566363730366664633935376236 +36646539653865383633643733383038313032356433623434343666386231633537646638376436 +61636464353565336131396231643433353063303934326533306565623533303466633631363737 +61636464393931636461343038323434346464363438373039346338666536323363366533636535 +31346336393162653232323766323962373039373236353862383266313238386634343333343461 +64393633656361313635343764373564623039396634626332323664326464626631646562623930 +31396566353366393362623432376635366165353064653830333736373630353563323836346430 +33326132366365616265626137383235353838653634393366313233343033626334383339663535 +39333531353734653235323730633363613938303765633637373765663737633536313237626565 +65336335633233626137643339386362313534393336656637326335643137333330656330386362 +30656265356232343638393761303765396363656437316339396637306264623830373761363962 +37663865303833366165623934343963666633616366376435393239373862646562383462393964 +62373636633436643636346666663339313338646534383135316462346366373462346637313662 +64363433666137643734393338326132393865343135663435323566666530363561343766646435 +63653735623564323661333734643236646534663133633331616565353039626364366337333834 +64366161636662616639613464396563623231386230636561666134383139323431383933613937 +62613838383332343438313939333434646632353435643832376363353539333530306530323165 +39303533393762353138623537363461333138383066383838376663636339626632643534303961 +63646163333533623536663565623833303238623235633239613763653930363065666435376437 +31383030313831643965386531396664363035306439626266353030363738376232366138306436 +30336663313335313233313235653133313866353666336463376264393965636633636436643235 +36653363363533343037353632646439366130396638343362626434376637313533383166356231 +61646161303430396264376433363161313032366265666133333566616463636431643035393763 +63653437353839393665643138663562633864633662343935313634386466366535326361633737 +38363963386334376538626365363362663833376139363163636332313231666565393532646533 +64386230313436316138643834373462643330336366323863336463356265376461346261356464 +35643230353939333830 diff --git a/inventory/group_vars/nas/vars.yml b/inventory/group_vars/nas/vars.yml index dbca481..ac66459 100644 --- a/inventory/group_vars/nas/vars.yml +++ b/inventory/group_vars/nas/vars.yml @@ -10,6 +10,8 @@ rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}" lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6' lander_api_key: "{{ vault_lander_api_key }}" +restic_rest_version: '0.12.1' + ntfy_user_pi_pass: "{{ vault_ntfy_user_pi_pass }}" nefarious_admin_user: "{{ vault_nefarious_admin_user }}" diff --git a/plays/emma.yml b/plays/emma.yml index 4bdb143..4344523 100644 --- a/plays/emma.yml +++ b/plays/emma.yml @@ -92,7 +92,7 @@ - role: any.software.webdav vars: # renovate: datasource=github-releases depName=hacdias/webdav - webdav_version: "5.7.4" + webdav_version: "5.11.6" data_dir: "{{ btrfs_raid.path }}/webdav/data" webdav_user: "{{ vault_webdav_user }}" diff --git a/renovate.json b/renovate.json index 4319fba..aff8c03 100644 --- a/renovate.json +++ b/renovate.json @@ -12,7 +12,7 @@ "customType": "regex", "managerFilePatterns": ["/plays/.*\\.yml$/"], "matchStrings": [ - "#\\s*renovate:\\s*(datasource=(?.*?) )?depName=(?.*?)( versioning=(?.*?))?\\s*\\w*:\\s*[\"']?(?[^\"']*)[\"']?\\s" + "#\\s*renovate:\\s*(datasource=(?.*?) )?depName=(?.*?)( versioning=(?.*?))?\\s*\\w*:\\s*\"?(?[^\"]*)\"?\\s" ], "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" } diff --git a/roles/any.software.forgejo-podman/templates/app.ini.j2 b/roles/any.software.forgejo-podman/templates/app.ini.j2 index 8fd8c80..3643eb0 100644 --- a/roles/any.software.forgejo-podman/templates/app.ini.j2 +++ b/roles/any.software.forgejo-podman/templates/app.ini.j2 @@ -123,4 +123,4 @@ ENABLED = true SCHEDULE = @weekly [metrics] -ENABLED = true +enabled = true diff --git a/roles/any.software.forgejo-podman/templates/forgejo.Caddyfile.j2 b/roles/any.software.forgejo-podman/templates/forgejo.Caddyfile.j2 index f5468dc..39a4f48 100644 --- a/roles/any.software.forgejo-podman/templates/forgejo.Caddyfile.j2 +++ b/roles/any.software.forgejo-podman/templates/forgejo.Caddyfile.j2 @@ -2,18 +2,4 @@ reverse_proxy localhost:{{ forgejo_http_port }} { header_down +X-Robots-Tag "none" } - - route /metrics { - @local { - remote_ip 127.0.0.1 ::1 - } - - handle @local { - reverse_proxy localhost:{{ forgejo_http_port }} - } - - handle { - respond "Not Found" 404 - } - } } diff --git a/roles/any.software.gitea/templates/app.ini.j2 b/roles/any.software.gitea/templates/app.ini.j2 index 48c5698..4653ec3 100644 --- a/roles/any.software.gitea/templates/app.ini.j2 +++ b/roles/any.software.gitea/templates/app.ini.j2 @@ -110,6 +110,3 @@ JWT_SECRET = {{ gitea_jwt_secret }} [other] SHOW_FOOTER_VERSION = false SHOW_FOOTER_TEMPLATE_LOAD_TIME = false - -[metrics] -enabled = true diff --git a/roles/any.software.greptimedb-podman/README.md b/roles/any.software.greptimedb-podman/README.md deleted file mode 100644 index 677b8e0..0000000 --- a/roles/any.software.greptimedb-podman/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# `any.software.greptimedb-podman` - -## Description - -* Installs GreptimeDB inside a Podman container - -## Configuration - -* `greptimedb_version`: version of GreptimeDB to install -* `greptimedb_data_dir`: directory to mount as the data directory diff --git a/roles/any.software.greptimedb-podman/files/pipelines/journald.yaml b/roles/any.software.greptimedb-podman/files/pipelines/journald.yaml deleted file mode 100644 index 9eed0b1..0000000 --- a/roles/any.software.greptimedb-podman/files/pipelines/journald.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# GreptimeDB Pipeline – OTel journald receiver -# -# Input: NDJSON log records produced by the OpenTelemetry Collector's -# journald receiver. The OTel OTLP exporter wraps the journald -# JSON entry as a string under the top-level "body" key, so the -# pipeline first parses that string into an object before doing -# anything else. -# -# Timestamp: __MONOTONIC_TIMESTAMP (microseconds since boot) is used as the -# time-index column. If you prefer wall-clock time, swap this for -# __REALTIME_TIMESTAMP with the same resolution. -# -# Apply this pipeline by setting the HTTP export header in the OTel config: -# x-greptime-pipeline-name: journald -# -# Upload via the GreptimeDB API: -# curl -X POST 'http://:4000/v1/events/pipelines/journald' \ -# -H 'Content-Type: application/x-yaml' \ -# --data-binary @journald.yaml - -version: 2 - -processors: - # ------------------------------------------------------------------ - # 1. The OTel OTLP exporter encodes the journald entry as a JSON string - # in the "body" field. Parse it in-place so subsequent steps can - # address individual keys as .body.. - # ------------------------------------------------------------------ - - json_parse: - fields: - - Body, body - ignore_missing: false - - # ------------------------------------------------------------------ - # 2. Flatten every journald / systemd field from .body.* to the top - # level with clean snake_case names, cast numeric fields to integers, - # strip the trailing newline journald appends to _SELINUX_CONTEXT, - # lift __MONOTONIC_TIMESTAMP as a plain string for the epoch processor - # in step 3, and finally drop the now-empty .body object. - # - # del(.body.) returns the value AND removes the key in one step. - # ------------------------------------------------------------------ - - vrl: - source: | - .transport = del(.body._TRANSPORT) - .hostname = del(.body._HOSTNAME) - .exe = del(.body._EXE) - .cmdline = del(.body._CMDLINE) - .runtime_scope = del(.body._RUNTIME_SCOPE) - .systemd_cgroup = del(.body._SYSTEMD_CGROUP) - .comm = del(.body._COMM) - .message = del(.body.MESSAGE) - .systemd_invocation_id = del(.body._SYSTEMD_INVOCATION_ID) - .gid = to_int!(del(.body._GID)) - .uid = to_int!(del(.body._UID)) - .priority = to_int!(del(.body.PRIORITY)) - .boot_id = del(.body._BOOT_ID) - .pid = to_int!(del(.body._PID)) - .seqnum_id = del(.body.__SEQNUM_ID) - .seqnum = to_int!(del(.body.__SEQNUM)) - .syslog_identifier = del(.body.SYSLOG_IDENTIFIER) - .stream_id = del(.body._STREAM_ID) - .selinux_context = strip_whitespace(string!(del(.body._SELINUX_CONTEXT))) - .systemd_slice = del(.body._SYSTEMD_SLICE) - .syslog_facility = to_int!(del(.body.SYSLOG_FACILITY)) - .cursor = del(.body.__CURSOR) - .systemd_unit = del(.body._SYSTEMD_UNIT) - .cap_effective = del(.body._CAP_EFFECTIVE) - .machine_id = del(.body._MACHINE_ID) - # Lift the raw timestamp string so the epoch processor (step 3) - # can consume it from the top level. - .monotonic_timestamp = to_int!(del(.body.__MONOTONIC_TIMESTAMP)) - del(.body) - . - - # ------------------------------------------------------------------ - # 3. Parse the monotonic timestamp (µs since boot) into a typed value - # and rename it to `timestamp` so it becomes the time-index column. - # ------------------------------------------------------------------ - # - epoch: - # fields: - # - __MONOTONIC_TIMESTAMP, timestamp - # resolution: microsecond - # ignore_missing: false - -# ------------------------------------------------------------------ -# Transform -# -# In version 2, only fields that require a specific type, index, or -# tag annotation need to be listed here. All remaining fields from the -# pipeline context are auto-detected and persisted by the engine. -# -# Resulting schema (auto-detected fields shown as comments): -# timestamp TimestampMicrosecond PRIMARY KEY (time index) -# message String fulltext index -# systemd_unit String inverted index -# hostname String inverted index -# comm String inverted index -# syslog_identifier String inverted index -# transport String inverted index -# systemd_slice String inverted index -# priority Int64 (auto) -# syslog_facility Int64 (auto) -# uid Int64 (auto) -# gid Int64 (auto) -# pid Int64 (auto) -# seqnum Int64 (auto) -# exe String (auto) -# cmdline String (auto) -# runtime_scope String (auto) -# systemd_cgroup String (auto) -# systemd_invocation_id String (auto) -# boot_id String (auto) -# seqnum_id String (auto) -# stream_id String (auto) -# selinux_context String (auto) -# cursor String (auto) -# cap_effective String (auto) -# machine_id String (auto) -# ------------------------------------------------------------------ -transform: - # Time index — microsecond precision monotonic clock - - fields: - - Timestamp - type: epoch, us - index: timestamp - - # Full-text search on the human-readable log body - - fields: - - message - type: string - index: fulltext - - # Inverted indexes on the fields most commonly used in WHERE / GROUP BY - - fields: - - systemd_unit - - hostname - - comm - - syslog_identifier - - transport - - systemd_slice - type: string - index: inverted diff --git a/roles/any.software.greptimedb-podman/tasks/main.yml b/roles/any.software.greptimedb-podman/tasks/main.yml index eb2cdae..0274bd5 100644 --- a/roles/any.software.greptimedb-podman/tasks/main.yml +++ b/roles/any.software.greptimedb-podman/tasks/main.yml @@ -23,3 +23,17 @@ owner: 'debian' group: 'debian' notify: 'restart greptimedb' + +# - name: Ensure stack is deployed +# ansible.builtin.shell: +# chdir: '/etc/miniflux' +# cmd: 'docker compose up -d --remove-orphans' +# when: 'res.changed' + +# - name: Ensure backup script is present +# ansible.builtin.copy: +# src: 'miniflux.backup.sh' +# dest: '/etc/backups/miniflux.backup.sh' +# owner: 'root' +# group: 'root' +# mode: '0644' diff --git a/roles/any.software.greptimedb-podman/templates/greptimedb.container.j2 b/roles/any.software.greptimedb-podman/templates/greptimedb.container.j2 index 3d8b468..bcf553c 100644 --- a/roles/any.software.greptimedb-podman/templates/greptimedb.container.j2 +++ b/roles/any.software.greptimedb-podman/templates/greptimedb.container.j2 @@ -1,6 +1,6 @@ # vim: ft=systemd [Container] -Image=docker.io/greptime/greptimedb:{{ greptimedb_version }} +Image=docker.io/greptime/greptimedb:v1.0.0-rc.1 Exec=standalone start --http-addr 0.0.0.0:4000 --rpc-bind-addr 0.0.0.0:4001 --mysql-addr 0.0.0.0:4002 --postgres-addr 0.0.0.0:4003 diff --git a/roles/any.software.immich-podman/defaults/main.yml b/roles/any.software.immich-podman/defaults/main.yml deleted file mode 100644 index a849ca4..0000000 --- a/roles/any.software.immich-podman/defaults/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Immich version to deploy, used across all container images -immich_version: "v2.5.6" - -# Hardware acceleration backend for the machine learning container. -# Supported values: intel, nvidia -immich_hw_accel: "intel" - -# Port the machine learning container listens on, published to host loopback. -immich_ml_port: 3003 - -# URL the immich server uses to reach the machine learning container. -# Since the ML container runs as a system (root) container with Network=host, -# it binds directly to the host network. From within the rootless pod, this -# address may need to be the host's LAN IP or bridge IP rather than 127.0.0.1 -# depending on the rootless network backend in use (pasta/slirp4netns). -immich_ml_url: "http://127.0.0.1:3003" diff --git a/roles/any.software.immich-podman/handlers/main.yml b/roles/any.software.immich-podman/handlers/main.yml index ef52207..c9814e0 100644 --- a/roles/any.software.immich-podman/handlers/main.yml +++ b/roles/any.software.immich-podman/handlers/main.yml @@ -1,19 +1,8 @@ --- -- name: restart immich +- name: 'restart immich' ansible.builtin.systemd_service: - name: immich-app - state: restarted - scope: user - daemon_reload: true + name: 'immich-server' + state: 'restarted' -- name: restart immich-ml - ansible.builtin.systemd_service: - name: immich-ml - state: restarted + scope: 'user' daemon_reload: true - become: true - -- name: reload caddy - ansible.builtin.systemd_service: - name: caddy - state: reloaded diff --git a/roles/any.software.immich-podman/tasks/main.yml b/roles/any.software.immich-podman/tasks/main.yml index 28ad95c..1a4c6e0 100644 --- a/roles/any.software.immich-podman/tasks/main.yml +++ b/roles/any.software.immich-podman/tasks/main.yml @@ -1,66 +1,33 @@ -- name: Ensure immich directories have correct permissions - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: "0755" - owner: "debian" - group: "debian" - become: true - loop: - - "{{ immich_upload_dir }}" - - "{{ immich_postgres_dir }}" - -- name: Ensure system Quadlet directory is present - ansible.builtin.file: - path: /etc/containers/systemd - state: directory - owner: root - group: root - mode: "0755" - become: true - -- name: Ensure ML container system Quadlet is present +- name: Ensure Quadlet files are present ansible.builtin.template: - src: immich-ml.container.j2 - dest: /etc/containers/systemd/immich-ml.container + src: "{{ item }}.j2" + dest: "/home/debian/.config/containers/systemd/{{ item }}" + mode: '0755' + owner: 'debian' + group: 'debian' + loop: + - 'immich-app.container' + - 'immich-postgres.container' + # notify: 'restart immich' + +- name: Ensure Quadlet files are present + ansible.builtin.copy: + src: "{{ item }}" + dest: "/home/debian/.config/containers/systemd/{{ item }}" + mode: '0755' + owner: 'debian' + group: 'debian' + loop: + - 'immich-redis.container' + - 'immich.pod' + # notify: 'restart immich' + +- name: Ensure Caddyfile is present + ansible.builtin.copy: + src: 'immich.Caddyfile' + dest: '/etc/caddy/immich.Caddyfile' owner: root group: root - mode: "0644" + mode: '0644' become: true - notify: restart immich-ml - -# - name: Ensure user Quadlet files are present (templates) -# ansible.builtin.template: -# src: "{{ item }}.j2" -# dest: "/home/debian/.config/containers/systemd/{{ item }}" -# mode: "0644" -# owner: "debian" -# group: "debian" -# become: true -# loop: -# - immich-app.container -# - immich-postgres.container -# notify: restart immich - -# - name: Ensure user Quadlet files are present (static) -# ansible.builtin.copy: -# src: "{{ item }}" -# dest: "/home/debian/.config/containers/systemd/{{ item }}" -# mode: "0644" -# owner: "debian" -# group: "debian" -# become: true -# loop: -# - immich-redis.container -# - immich.pod -# notify: restart immich - -# - name: Ensure Caddyfile is present -# ansible.builtin.copy: -# src: immich.Caddyfile -# dest: /etc/caddy/immich.Caddyfile -# owner: root -# group: root -# mode: "0644" -# become: true -# notify: reload caddy + # notify: 'reload caddy' diff --git a/roles/any.software.immich-podman/templates/immich-app.container.j2 b/roles/any.software.immich-podman/templates/immich-app.container.j2 index 68020c6..f182e56 100644 --- a/roles/any.software.immich-podman/templates/immich-app.container.j2 +++ b/roles/any.software.immich-podman/templates/immich-app.container.j2 @@ -4,7 +4,7 @@ Requires=immich-redis.service immich-postgres.service After=immich-redis.service immich-postgres.service [Container] -Environment=IMMICH_VERSION=v2.5.6 DB_HOSTNAME=localhost DB_DATABASE_NAME=immich DB_USERNAME=immich DB_PASSWORD=immich REDIS_HOSTNAME=localhost MACHINE_LEARNING_URL={{ immich_ml_url }} +Environment=IMMICH_VERSION=v2.5.6 DB_HOSTNAME=localhost DB_DATABASE_NAME=immich DB_USERNAME=immich DB_PASSWORD=immich REDIS_HOSTNAME=localhost Image=ghcr.io/immich-app/immich-server:v2.5.6 Pod=immich.pod diff --git a/roles/any.software.immich-podman/templates/immich-ml.container.j2 b/roles/any.software.immich-podman/templates/immich-ml.container.j2 deleted file mode 100644 index 3d79f11..0000000 --- a/roles/any.software.immich-podman/templates/immich-ml.container.j2 +++ /dev/null @@ -1,36 +0,0 @@ -# vim: ft=systemd -[Unit] -Description=Immich machine learning container -After=network.target - -[Container] -Environment=IMMICH_VERSION={{ immich_version }} -{% if immich_hw_accel == 'nvidia' %} -Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}-cuda -{% elif immich_hw_accel == 'intel' %} -Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}-openvino -{% else %} -Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }} -{% endif %} - -Volume={{ immich_model_cache_dir }}:/cache - -{% if immich_hw_accel == 'nvidia' %} -# Nvidia GPU access via CDI - requires nvidia-container-toolkit with CDI configured: -# nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml -AddDevice=nvidia.com/gpu=all -{% elif immich_hw_accel == 'intel' %} -# Intel GPU and OpenVINO device access -AddDevice=/dev/dri -Volume=/dev/bus/usb:/dev/bus/usb -{% endif %} - -PublishPort=0.0.0.0:8028:3003 - -User=0 - -[Service] -Restart=always - -[Install] -WantedBy=default.target diff --git a/roles/any.software.miniflux-podman/files/miniflux.Caddyfile b/roles/any.software.miniflux-podman/files/miniflux.Caddyfile index bee225d..1a26eea 100644 --- a/roles/any.software.miniflux-podman/files/miniflux.Caddyfile +++ b/roles/any.software.miniflux-podman/files/miniflux.Caddyfile @@ -2,17 +2,4 @@ nws.roosens.me { reverse_proxy localhost:8002 { header_down +X-Robots-Tag "none" } - - route /metrics { - @local { - remote_ip 127.0.0.1 ::1 - } - handle @local { - reverse_proxy localhost:8002 - } - - handle { - respond "Not Found" 404 - } - } } diff --git a/roles/any.software.miniflux-podman/handlers/main.yml b/roles/any.software.miniflux-podman/handlers/main.yml deleted file mode 100644 index 4ecb32d..0000000 --- a/roles/any.software.miniflux-podman/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: 'restart miniflux-app' - ansible.builtin.service: - name: 'miniflux-app' - state: 'restarted' - - scope: 'user' - daemon_reload: true diff --git a/roles/any.software.miniflux-podman/meta/main.yml b/roles/any.software.miniflux-podman/meta/main.yml index 32c83bc..d620a12 100644 --- a/roles/any.software.miniflux-podman/meta/main.yml +++ b/roles/any.software.miniflux-podman/meta/main.yml @@ -1,4 +1,3 @@ --- dependencies: - role: any.tools.caddy - become: true diff --git a/roles/any.software.miniflux-podman/tasks/main.yml b/roles/any.software.miniflux-podman/tasks/main.yml index 7e62836..2263f37 100644 --- a/roles/any.software.miniflux-podman/tasks/main.yml +++ b/roles/any.software.miniflux-podman/tasks/main.yml @@ -27,14 +27,12 @@ loop: - 'miniflux-app.container' - 'miniflux.pod' - notify: 'restart miniflux-app' - name: Ensure configuration directory is present ansible.builtin.file: path: '/etc/miniflux' state: directory mode: '0755' - become: true - name: Ensure environment file is present ansible.builtin.template: @@ -43,8 +41,7 @@ mode: '0644' owner: 'root' group: 'root' - become: true - notify: 'restart miniflux-app' + register: res - name: Ensure Caddyfile is present copy: @@ -53,8 +50,7 @@ owner: root group: root mode: '0644' - become: true - notify: 'reload caddy' + notify: reload caddy # - name: Ensure stack is deployed # ansible.builtin.shell: diff --git a/roles/any.software.miniflux-podman/templates/miniflux.env.j2 b/roles/any.software.miniflux-podman/templates/miniflux.env.j2 index a200faa..68d8b11 100644 --- a/roles/any.software.miniflux-podman/templates/miniflux.env.j2 +++ b/roles/any.software.miniflux-podman/templates/miniflux.env.j2 @@ -9,7 +9,3 @@ BASE_URL=https://nws.roosens.me CLEANUP_ARCHIVE_UNREAD_DAYS=-1 CLEANUP_ARCHIVE_READ_DAYS=-1 - -METRICS_ALLOWED_NETWORKS=0.0.0.0/0 -METRICS_COLLECTOR=1 -METRICS_REFRESH_INTERVAL=30s diff --git a/roles/any.software.otel-collector/templates/config.yaml.j2 b/roles/any.software.otel-collector/templates/config.yaml.j2 index 39e763d..9ef27f1 100644 --- a/roles/any.software.otel-collector/templates/config.yaml.j2 +++ b/roles/any.software.otel-collector/templates/config.yaml.j2 @@ -14,12 +14,6 @@ receivers: filesystem: network: load: - - # Record backup script outputs - journald: - matches: - - _SYSTEMD_SLICE: backup.slice - prometheus: config: scrape_configs: @@ -28,17 +22,13 @@ receivers: static_configs: - targets: ['localhost:2019'] - job_name: 'miniflux' - scrape_interval: 1m + scrape_interval: 30s static_configs: - targets: ['localhost:8002'] - job_name: 'restic-rest' - scrape_interval: 1m + scrape_interval: 30s static_configs: - targets: ['localhost:8000'] - - job_name: 'forgejo' - scrape_interval: 1m - static_configs: - - targets: ['localhost:8027'] # Processors specify what happens with the received data processors: @@ -69,15 +59,6 @@ exporters: # x-greptime-pipeline-name: '' tls: insecure: true - otlphttp/logs_journald: - endpoint: '{{ otel_logs_endpoint }}' - headers: - # x-greptime-db-name: '' - x-greptime-log-table-name: 'journald_logs' - x-greptime-pipeline-name: 'journald_logs' - # x-greptime-pipeline-name: 'greptime_identity' - tls: - insecure: true otlphttp/metrics: endpoint: '{{ otel_metrics_endpoint }}' @@ -88,8 +69,6 @@ exporters: # x-greptime-db-name: '' tls: insecure: true - debug: - verbosity: normal # Service pipelines pull the configured receivers, processors, and exporters together # into pipelines that process data @@ -109,7 +88,3 @@ service: receivers: [otlp] processors: [batch, resourcedetection] exporters: [otlphttp/logs] - logs/journald: - receivers: [journald] - processors: [batch, resourcedetection] - exporters: [debug, otlphttp/logs_journald] diff --git a/roles/any.software.restic-rest/handlers/main.yml b/roles/any.software.restic-rest/handlers/main.yml deleted file mode 100644 index ed845f1..0000000 --- a/roles/any.software.restic-rest/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: 'restart restic-rest-server' - ansible.builtin.service: - name: 'restic-rest-server' - state: 'restarted' - - daemon_reload: true diff --git a/roles/any.software.restic-rest/tasks/main.yml b/roles/any.software.restic-rest/tasks/main.yml deleted file mode 100644 index 111dff6..0000000 --- a/roles/any.software.restic-rest/tasks/main.yml +++ /dev/null @@ -1,58 +0,0 @@ -- name: Ensure download directory is present - ansible.builtin.file: - path: "/opt/restic-rest-{{ restic_rest_version }}" - state: directory - mode: '0755' - -- name: Ensure binary is downloaded - ansible.builtin.unarchive: - src: "https://github.com/restic/rest-server/releases/download/v{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_amd64.tar.gz" - remote_src: true - dest: "opt/restic-rest-{{ restic_rest_version }}" - creates: "opt/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_amd64/rest-server" - include: - - "rest-server_{{ restic_rest_version }}_linux_amd64/rest-server" - register: res - -- name: Ensure binary is copied to correct location - ansible.builtin.copy: - src: "/opt/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_amd64/rest-server" - remote_src: true - dest: '/usr/local/bin/restic-rest-server' - owner: 'root' - group: 'root' - mode: '0755' - when: 'res.changed' - notify: 'restart restic-rest-server' - -- name: Ensure system group exists - ansible.builtin.group: - name: 'restic' - gid: 202 - system: true - state: present - -- name: Ensure system user exists - ansible.builtin.user: - name: 'restic' - group: 'restic' - uid: 202 - system: true - create_home: false - -- name: Ensure data subvolume permissions are correct - ansible.builtin.file: - path: '{{ restic_rest_data_dir }}' - state: directory - mode: '0755' - owner: 'restic' - group: 'restic' - -- name: Ensure service file is present - ansible.builtin.template: - src: 'restic-rest-server.service.j2' - dest: '/lib/systemd/system/restic-rest-server.service' - owner: 'root' - group: 'root' - mode: '0644' - notify: 'restart restic-rest-server' diff --git a/roles/any.software.restic-rest/templates/restic-rest-server.service.j2 b/roles/any.software.restic-rest/templates/restic-rest-server.service.j2 deleted file mode 100644 index 11f88ee..0000000 --- a/roles/any.software.restic-rest/templates/restic-rest-server.service.j2 +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Restic REST server -After=network.target network-online.target -Requires=network-online.target - -[Service] -Type=exec -User=restic -Group=restic -ExecStart=/usr/local/bin/restic-rest-server --path {{ restic_rest_data_dir }} --no-auth --prometheus -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/any.tools.backup-scripts/defaults/main.yml b/roles/any.tools.backup-scripts/defaults/main.yml index 6061026..ed04746 100644 --- a/roles/any.tools.backup-scripts/defaults/main.yml +++ b/roles/any.tools.backup-scripts/defaults/main.yml @@ -3,7 +3,7 @@ # # All types: # name: (required) unique identifier, used in unit and script filenames -# type: (required) backup template to use: btrfs-subvolume, podman-mysql, podman-postgres, postgres, echo-test +# type: (required) backup template to use: btrfs-subvolume, podman-postgres, postgres # user: (optional) user to run the backup as; defaults to root # group: (optional) group to run the backup as; defaults to backups # timer_delay_sec: (optional) RandomizedDelaySec for the timer; defaults to 30 minutes @@ -11,12 +11,6 @@ # btrfs-subvolume: # path: (required) path to the btrfs subvolume to back up # -# podman-mysql: -# container: (required) name of the podman container running mysql/mariadb -# mysql_user: (required) mysql user to connect as -# mysql_password: (required) mysql password for the user -# database: (required) mysql database to dump -# # podman-postgres: # container: (required) name of the podman container running postgres # pg_user: (required) postgres user to connect as @@ -26,10 +20,6 @@ # pwd: (required) working directory for podman compose # user: (required) postgres user to connect as # database: (required) postgres database to dump -# -# echo-test: -# lines: (optional) number of log lines to emit; defaults to 10 -# interval_sec: (optional) seconds to sleep between lines; defaults to 1 backups: [] # Restic REST server URL to publish backups to diff --git a/roles/any.tools.backup-scripts/files/backup.slice b/roles/any.tools.backup-scripts/files/backup.slice deleted file mode 100644 index 3fa5df3..0000000 --- a/roles/any.tools.backup-scripts/files/backup.slice +++ /dev/null @@ -1,5 +0,0 @@ -[Unit] -Description=Backup services slice - -[Slice] -CPUQuota=25% diff --git a/roles/any.tools.backup-scripts/tasks/main.yml b/roles/any.tools.backup-scripts/tasks/main.yml index 768ace1..137bcee 100644 --- a/roles/any.tools.backup-scripts/tasks/main.yml +++ b/roles/any.tools.backup-scripts/tasks/main.yml @@ -35,15 +35,6 @@ loop: "{{ backups }}" when: item.user is defined -- name: Ensure backup slice unit is present - ansible.builtin.copy: - src: "backup.slice" - dest: "/etc/systemd/system/backup.slice" - owner: root - group: root - mode: "0644" - notify: Reload systemd - - name: Ensure systemd service unit is present for each backup ansible.builtin.template: src: "backup.service.j2" diff --git a/roles/any.tools.backup-scripts/templates/backup.service.j2 b/roles/any.tools.backup-scripts/templates/backup.service.j2 index fa48f97..15c4df0 100644 --- a/roles/any.tools.backup-scripts/templates/backup.service.j2 +++ b/roles/any.tools.backup-scripts/templates/backup.service.j2 @@ -4,7 +4,6 @@ After=network.target [Service] Type=oneshot -Slice=backup.slice User={{ item.user | default('root') }} Group={{ item.group | default('backups') }} diff --git a/roles/any.tools.backup-scripts/templates/echo-test.backup.sh.j2 b/roles/any.tools.backup-scripts/templates/echo-test.backup.sh.j2 deleted file mode 100644 index e4573f5..0000000 --- a/roles/any.tools.backup-scripts/templates/echo-test.backup.sh.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -echo "log line 1" -echo "log line 2" -echo "log line 3" -echo "log line 4" -echo "log line 5" -echo "log line 6" diff --git a/roles/any.tools.restic/tasks/main.yml b/roles/any.tools.restic/tasks/main.yml index c66b949..f2c90d5 100644 --- a/roles/any.tools.restic/tasks/main.yml +++ b/roles/any.tools.restic/tasks/main.yml @@ -7,14 +7,13 @@ - name: Ensure compressed binary is downloaded ansible.builtin.get_url: - url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_linux_amd64.bz2" + url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_linux_arm64.bz2" dest: "/opt/restic/{{ restic_version }}/restic-{{ restic_version }}.bz2" register: res - name: Ensure binary is decompressed ansible.builtin.shell: cmd: "bunzip2 -k /opt/restic/{{ restic_version }}/restic-{{ restic_version }}.bz2" - creates: "/opt/restic/{{ restic_version }}/restic-{{ restic_version }}" when: 'res.changed' - name: Ensure binary is copied to correct location diff --git a/roles/restic/tasks/main.yml b/roles/restic/tasks/main.yml index 2e3b2fa..4c0ae1d 100644 --- a/roles/restic/tasks/main.yml +++ b/roles/restic/tasks/main.yml @@ -1,24 +1,24 @@ --- - name: Ensure download directory is present ansible.builtin.file: - path: "/opt/restic-{{ restic_version }}" + path: "/home/debian/restic-{{ restic_version }}" state: directory mode: '0755' - name: Ensure compressed binary is downloaded ansible.builtin.get_url: url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_linux_arm64.bz2" - dest: "/opt/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2" + dest: "/home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2" register: res - name: Ensure binary is decompressed ansible.builtin.shell: - cmd: "bunzip2 -k /opt/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2" + cmd: "bunzip2 -k /home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2" when: 'res.changed' - name: Ensure binary is copied to correct location ansible.builtin.copy: - src: "/opt/restic-{{ restic_version }}/restic-{{ restic_version }}" + src: "/home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}" remote_src: true dest: '/usr/local/bin/restic' owner: 'root'