Compare commits
3 Commits
3cd1f7c4fc
...
c38bda8dfd
Author | SHA1 | Date |
---|---|---|
Jef Roosens | c38bda8dfd | |
Jef Roosens | 74f9120957 | |
Jef Roosens | 04e9f8438d |
|
@ -1,8 +1,14 @@
|
||||||
raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
|
raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
|
||||||
|
|
||||||
lambroek_password: "{{ vault_lambroek_password }}"
|
lambroek_password: "{{ vault_lambroek_password }}"
|
||||||
|
|
||||||
s3_access_key_id: "{{ vault_s3_access_key_id }}"
|
s3_access_key_id: "{{ vault_s3_access_key_id }}"
|
||||||
s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
|
s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
|
||||||
rclone_photos_obf_pass: "{{ vault_rclone_photos_obf_pass }}"
|
rclone_obf_pass: "{{ vault_rclone_obf_pass }}"
|
||||||
rclone_photos_obf_pass2: "{{ vault_rclone_photos_obf_pass2 }}"
|
rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}"
|
||||||
|
|
||||||
lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6'
|
lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6'
|
||||||
lander_api_key: "{{ vault_lander_api_key }}"
|
lander_api_key: "{{ vault_lander_api_key }}"
|
||||||
|
|
||||||
|
restic_rest_version: '0.12.1'
|
||||||
|
restic_version: '0.16.2'
|
||||||
|
|
|
@ -1,33 +1,32 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
65316664376330633730613661343336373835663166343536666632633931623431336664346130
|
37346237633132376331343965346531353137643430376563323237353761313035396634316464
|
||||||
3030623238313032363964623836316166656165623736390a383233313938343662656634326364
|
6562336662656266636466626531373834653832353331630a653962656431373932363937396438
|
||||||
66333237396532303061646565396132376633386365633665656434363332656637303434646265
|
65663735326331323333396336653933373633383530386463346435316466393664383630393065
|
||||||
3336666432633037650a373437326532343461666363323763343535386465356436313964306663
|
6366326463306435340a616263613366333536626239636239393364333363346630666430393163
|
||||||
38383732366666663962666462326463626264313965396664303534313863636263323164653162
|
65613063383539323339636262353462343439656135333130396134326433356333623366333638
|
||||||
65653762356431636231643263303339346536313665346363336231613464396238313266326662
|
38653939306564633865303032666337616436666264656432346339386361666161333034376632
|
||||||
66346433643134383661366265613739346239356639613032613339393739343738643864356136
|
34363035333431343035643635663839326130396465653066323639333833663761313565393537
|
||||||
34353366666538346630356566653065363563383938633462333337363962666133386239333236
|
31363861646630633032643838636663396235336265316161353036623539356534646530323534
|
||||||
38653133316364643536623831306263363063343237393232623930626239316661643862613363
|
65313863333233383461383165383534386435633130633864363038353932636631376461663763
|
||||||
37336162353063353437363566356133363139646435316663303966363339623865656231393163
|
35626364636633303738346161393161356333306630386438626534356336646531336164396537
|
||||||
38323062643666343730333032643735643738393063633336303834393733393065356135633236
|
63613434366232333738326166303237353831666137386134346562663766656536373431343630
|
||||||
65323938306461326138303837626463646131303139386461653763383065316236396334353762
|
66363666353432306539383035356636303635636639646537663362656235373236393866383364
|
||||||
63343766626362353865306436343937653964386236613062386466626132323264333136313636
|
30333261646661393566373833613336316533336632613663383061613431376337376234666636
|
||||||
30336338313731613531316531306433393535396538643065626265363832316264376666356461
|
34393864313462303937366136333662386465653839356563653236663632376531363663343963
|
||||||
36363866633832646234626336633032656566366231626431366232313536383561656534346231
|
61333966323661383364363733373062373230363664356661306134393061386464393763633433
|
||||||
37373561376361623133383330333262386331336631383961333439656430623162346330323037
|
35333330616234656531306431306566663131663932303231613665363030313733326337313635
|
||||||
32336366336264323139653861666563393935366663616239353364656264383134386662323439
|
32666539306638333763623161303730613663366630326562303731343064376634373264323337
|
||||||
34376239373636663764616237613136663630343365333064396665316537366531333131393364
|
66353161376537333461613438316662623138393835666539303030656134373664663537373462
|
||||||
37353835353332643538323436333331316435343664346164666463396639313736653961373465
|
36303833333831626632633337393562336538633465326537653431386162346165356465393837
|
||||||
65366634653563396333636333333565633534396463646133666563303139663338343563363535
|
66393161383639643638366336356139323533393932646333373631366566626537313536346664
|
||||||
33623033316136343837646265633633636662346161373836396264663761353536386463366139
|
64343064373432326633393263623365323561386261633161313638656539363434393332353736
|
||||||
38343333356439393438653663316438636431373264623134356134633361306636666463396661
|
38633537653730333837303766353338383433626331623937313136326561623730346361623336
|
||||||
34353166323963613634393032633262313034353166653530613164613036653537633165396337
|
65303961626230363634653333396566333735323132336165623734363165366137663765663636
|
||||||
63363563356233316335363534326364633433646134303033343830663537313434313833316565
|
65316431363666653738623838663831343433333939616162366337346135336631333661643865
|
||||||
65643464313230353138393537376137356561653739633934663539376636356339313836356332
|
38613536373837393664336133333934303166356365346563643265326136353838316336666664
|
||||||
31363730653362613431616563326465353833343165633962663665346337306564333832336364
|
35376138326431343661316264626665343366613335383062366331373634626133626163333361
|
||||||
32346532366233343566323339393064376461613033386261653064313333346461363733336636
|
61366262633965323165336663633963626633656236666239346434396439393461336230663366
|
||||||
32386139363865626232353866633866643133313036363637323035613738383635343432396263
|
31393135663433313933613862353962333664653962653562303832616334663334356562646133
|
||||||
38653430623137343934316231326630323234323237303162643231613961646538376332326630
|
64303761363833316464363237366238376230386236636265363339666332613238353865646537
|
||||||
63306637303539376534313237323863376131623462626465373231363630616439346533353566
|
34333333336631393033353532366333376465643362326438396138383861646463363462396164
|
||||||
61343833613466653063346634366133376561336632356465363831366230386330663231353932
|
343064393363653934613861366638616461
|
||||||
37343634306466663931
|
|
||||||
|
|
14
hosts.ini
14
hosts.ini
|
@ -1,2 +1,16 @@
|
||||||
[nas]
|
[nas]
|
||||||
192.168.0.3 static_ip=192.168.0.3
|
192.168.0.3 static_ip=192.168.0.3
|
||||||
|
|
||||||
|
[ruby]
|
||||||
|
192.168.0.2 static_ip=192.168.0.2
|
||||||
|
|
||||||
|
# Caddy reverse proxy host
|
||||||
|
[web]
|
||||||
|
192.168.0.3 static_ip=192.168.0.3
|
||||||
|
|
||||||
|
[lander]
|
||||||
|
192.168.0.3 static_ip=192.168.0.3
|
||||||
|
|
||||||
|
# Miniflux server host
|
||||||
|
[miniflux]
|
||||||
|
192.168.0.2 static_ip=192.168.0.2
|
||||||
|
|
14
nas.yml
14
nas.yml
|
@ -55,3 +55,17 @@
|
||||||
roles:
|
roles:
|
||||||
- lander
|
- lander
|
||||||
tags: lander
|
tags: lander
|
||||||
|
|
||||||
|
- name: Install Restic REST server
|
||||||
|
hosts: nas
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- restic-rest
|
||||||
|
tags: restic-rest
|
||||||
|
|
||||||
|
- name: Install Restic
|
||||||
|
hosts: nas
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- restic
|
||||||
|
tags: restic
|
||||||
|
|
|
@ -22,6 +22,9 @@
|
||||||
|
|
||||||
# Periodic tasks
|
# Periodic tasks
|
||||||
- cron
|
- cron
|
||||||
|
|
||||||
|
# General compression tools
|
||||||
|
- bzip2
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Ensure cron service is enabled
|
- name: Ensure cron service is enabled
|
||||||
|
|
|
@ -26,7 +26,6 @@
|
||||||
- docker-ce
|
- docker-ce
|
||||||
- docker-ce-cli
|
- docker-ce-cli
|
||||||
- containerd.io
|
- containerd.io
|
||||||
- docker-compose
|
|
||||||
- cron
|
- cron
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Ensure Caddyfile is present
|
||||||
|
template:
|
||||||
|
src: 'lander.Caddyfile.j2'
|
||||||
|
dest: '/etc/caddy/lander.Caddyfile'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
notify: caddy-reload
|
|
@ -0,0 +1,3 @@
|
||||||
|
s.roosens.me {
|
||||||
|
reverse_proxy {{ groups['lander'][0] }}:18080
|
||||||
|
}
|
|
@ -1,3 +0,0 @@
|
||||||
s.roosens.me {
|
|
||||||
reverse_proxy localhost:18080
|
|
||||||
}
|
|
|
@ -67,12 +67,3 @@
|
||||||
name: 'lander'
|
name: 'lander'
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Ensure Caddyfile is present
|
|
||||||
copy:
|
|
||||||
src: 'lander.Caddyfile'
|
|
||||||
dest: '/etc/caddy/lander.Caddyfile'
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
notify: caddy-reload
|
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: caddy
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Ensure Caddyfile is present
|
||||||
|
template:
|
||||||
|
src: 'miniflux.Caddyfile.j2'
|
||||||
|
dest: '/etc/caddy/miniflux.Caddyfile'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
notify: caddy-reload
|
|
@ -0,0 +1,3 @@
|
||||||
|
nws.roosens.me {
|
||||||
|
reverse_proxy {{ groups['miniflux'][0] }}:8080
|
||||||
|
}
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install NFS client.
|
|
||||||
apt:
|
|
||||||
name: nfs-common
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Mount NFS share.
|
|
||||||
ansible.posix.mount:
|
|
||||||
src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data
|
|
||||||
path: /mnt/data
|
|
||||||
fstype: nfs4
|
|
||||||
opts: defaults,user,exec
|
|
||||||
state: mounted
|
|
|
@ -15,6 +15,11 @@ endpoint = https://s3.gra.io.cloud.ovh.net/
|
||||||
[photos-crypt]
|
[photos-crypt]
|
||||||
type = crypt
|
type = crypt
|
||||||
remote = ovh-s3:pi-s3/photos
|
remote = ovh-s3:pi-s3/photos
|
||||||
password = {{ rclone_photos_obf_pass }}
|
password = {{ rclone_obf_pass }}
|
||||||
password2 = {{ rclone_photos_obf_pass2 }}
|
password2 = {{ rclone_obf_pass2 }}
|
||||||
|
|
||||||
|
[jef-crypt]
|
||||||
|
type = crypt
|
||||||
|
remote = ovh-s3:pi-s3/jef
|
||||||
|
password = {{ rclone_obf_pass }}
|
||||||
|
password2 = {{ rclone_obf_pass2 }}
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Restic REST server
|
||||||
|
After=network.target network-online.target
|
||||||
|
Requires=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=exec
|
||||||
|
User=restic
|
||||||
|
Group=restic
|
||||||
|
ExecStart=/usr/local/bin/restic-rest-server --path /mnt/data1/restic-rest --no-auth
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,69 @@
|
||||||
|
---
|
||||||
|
- name: Ensure download directory is present
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/home/debian/restic-rest-{{ restic_rest_version }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Ensure binary is downloaded
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: "https://github.com/restic/rest-server/releases/download/v{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64.tar.gz"
|
||||||
|
remote_src: true
|
||||||
|
dest: "/home/debian/restic-rest-{{ restic_rest_version }}"
|
||||||
|
creates: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
|
||||||
|
include:
|
||||||
|
- "rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
|
||||||
|
register: res
|
||||||
|
|
||||||
|
- name: Ensure binary is copied to correct location
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
|
||||||
|
remote_src: true
|
||||||
|
dest: '/usr/local/bin/restic-rest-server'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
mode: '0755'
|
||||||
|
when: 'res.changed'
|
||||||
|
|
||||||
|
- name: Ensure system group exists
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: 'restic'
|
||||||
|
gid: 202
|
||||||
|
system: true
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure system user exists
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: 'restic'
|
||||||
|
group: 'restic'
|
||||||
|
uid: 202
|
||||||
|
system: true
|
||||||
|
create_home: false
|
||||||
|
|
||||||
|
- name: Ensure data directory is present
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: '/mnt/data1/restic-rest'
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
owner: 'restic'
|
||||||
|
group: 'restic'
|
||||||
|
|
||||||
|
- name: Ensure service file is present
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: 'restic-rest-server.service'
|
||||||
|
dest: '/lib/systemd/system/restic-rest-server.service'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
mode: '0644'
|
||||||
|
register: res
|
||||||
|
|
||||||
|
- name: systemd-reload
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
daemon_reload: true
|
||||||
|
when: 'res.changed'
|
||||||
|
|
||||||
|
- name: Ensure service is enabled
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: 'restic-rest-server'
|
||||||
|
state: started
|
||||||
|
enabled: true
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: Ensure download directory is present
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/home/debian/restic-{{ restic_version }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Ensure compressed binary is downloaded
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_linux_arm64.bz2"
|
||||||
|
dest: "/home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2"
|
||||||
|
register: res
|
||||||
|
|
||||||
|
- name: Ensure binary is decompressed
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: "bunzip2 -k /home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2"
|
||||||
|
when: 'res.changed'
|
||||||
|
|
||||||
|
- name: Ensure binary is copied to correct location
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "/home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}"
|
||||||
|
remote_src: true
|
||||||
|
dest: '/usr/local/bin/restic'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
mode: '0755'
|
||||||
|
when: 'res.changed'
|
|
@ -246,8 +246,14 @@
|
||||||
writeable = yes
|
writeable = yes
|
||||||
guest ok = no
|
guest ok = no
|
||||||
|
|
||||||
[jellyfin-libraries]
|
[media]
|
||||||
path = /mnt/data1/jellyfin/libraries
|
path = /mnt/data1/media
|
||||||
browseable = no
|
browseable = no
|
||||||
writeable = yes
|
writeable = yes
|
||||||
guest ok = no
|
guest ok = no
|
||||||
|
|
||||||
|
[jef]
|
||||||
|
path = /mnt/data1/jef
|
||||||
|
browseable = no
|
||||||
|
writeable = yes
|
||||||
|
guest ok = no
|
||||||
|
|
|
@ -20,6 +20,14 @@
|
||||||
shell: /sbin/nologin
|
shell: /sbin/nologin
|
||||||
notify: smbpasswd-lambroek
|
notify: smbpasswd-lambroek
|
||||||
|
|
||||||
|
- name: Ensure Jef share directory is present
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: '/mnt/data1/jef'
|
||||||
|
state: 'directory'
|
||||||
|
mode: '0775'
|
||||||
|
owner: 'debian'
|
||||||
|
group: 'data'
|
||||||
|
|
||||||
- name: Copy over smb config file
|
- name: Copy over smb config file
|
||||||
copy:
|
copy:
|
||||||
src: smb.conf
|
src: smb.conf
|
||||||
|
|
Loading…
Reference in New Issue