Compare commits

..

3 Commits

Author SHA1 Message Date
Jef Roosens c38bda8dfd
restic: role for installing restic client 2024-01-09 22:53:27 +01:00
Jef Roosens 74f9120957
Add restic-rest server role 2024-01-09 21:11:31 +01:00
Jef Roosens 04e9f8438d
add personal samba share; split -web configurations to make services
easier to run on other devices
2024-01-09 20:23:42 +01:00
22 changed files with 242 additions and 64 deletions

View File

@ -1,8 +1,14 @@
raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978' raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
lambroek_password: "{{ vault_lambroek_password }}" lambroek_password: "{{ vault_lambroek_password }}"
s3_access_key_id: "{{ vault_s3_access_key_id }}" s3_access_key_id: "{{ vault_s3_access_key_id }}"
s3_secret_access_key: "{{ vault_s3_secret_access_key }}" s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
rclone_photos_obf_pass: "{{ vault_rclone_photos_obf_pass }}" rclone_obf_pass: "{{ vault_rclone_obf_pass }}"
rclone_photos_obf_pass2: "{{ vault_rclone_photos_obf_pass2 }}" rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}"
lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6' lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6'
lander_api_key: "{{ vault_lander_api_key }}" lander_api_key: "{{ vault_lander_api_key }}"
restic_rest_version: '0.12.1'
restic_version: '0.16.2'

View File

@ -1,33 +1,32 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65316664376330633730613661343336373835663166343536666632633931623431336664346130 37346237633132376331343965346531353137643430376563323237353761313035396634316464
3030623238313032363964623836316166656165623736390a383233313938343662656634326364 6562336662656266636466626531373834653832353331630a653962656431373932363937396438
66333237396532303061646565396132376633386365633665656434363332656637303434646265 65663735326331323333396336653933373633383530386463346435316466393664383630393065
3336666432633037650a373437326532343461666363323763343535386465356436313964306663 6366326463306435340a616263613366333536626239636239393364333363346630666430393163
38383732366666663962666462326463626264313965396664303534313863636263323164653162 65613063383539323339636262353462343439656135333130396134326433356333623366333638
65653762356431636231643263303339346536313665346363336231613464396238313266326662 38653939306564633865303032666337616436666264656432346339386361666161333034376632
66346433643134383661366265613739346239356639613032613339393739343738643864356136 34363035333431343035643635663839326130396465653066323639333833663761313565393537
34353366666538346630356566653065363563383938633462333337363962666133386239333236 31363861646630633032643838636663396235336265316161353036623539356534646530323534
38653133316364643536623831306263363063343237393232623930626239316661643862613363 65313863333233383461383165383534386435633130633864363038353932636631376461663763
37336162353063353437363566356133363139646435316663303966363339623865656231393163 35626364636633303738346161393161356333306630386438626534356336646531336164396537
38323062643666343730333032643735643738393063633336303834393733393065356135633236 63613434366232333738326166303237353831666137386134346562663766656536373431343630
65323938306461326138303837626463646131303139386461653763383065316236396334353762 66363666353432306539383035356636303635636639646537663362656235373236393866383364
63343766626362353865306436343937653964386236613062386466626132323264333136313636 30333261646661393566373833613336316533336632613663383061613431376337376234666636
30336338313731613531316531306433393535396538643065626265363832316264376666356461 34393864313462303937366136333662386465653839356563653236663632376531363663343963
36363866633832646234626336633032656566366231626431366232313536383561656534346231 61333966323661383364363733373062373230363664356661306134393061386464393763633433
37373561376361623133383330333262386331336631383961333439656430623162346330323037 35333330616234656531306431306566663131663932303231613665363030313733326337313635
32336366336264323139653861666563393935366663616239353364656264383134386662323439 32666539306638333763623161303730613663366630326562303731343064376634373264323337
34376239373636663764616237613136663630343365333064396665316537366531333131393364 66353161376537333461613438316662623138393835666539303030656134373664663537373462
37353835353332643538323436333331316435343664346164666463396639313736653961373465 36303833333831626632633337393562336538633465326537653431386162346165356465393837
65366634653563396333636333333565633534396463646133666563303139663338343563363535 66393161383639643638366336356139323533393932646333373631366566626537313536346664
33623033316136343837646265633633636662346161373836396264663761353536386463366139 64343064373432326633393263623365323561386261633161313638656539363434393332353736
38343333356439393438653663316438636431373264623134356134633361306636666463396661 38633537653730333837303766353338383433626331623937313136326561623730346361623336
34353166323963613634393032633262313034353166653530613164613036653537633165396337 65303961626230363634653333396566333735323132336165623734363165366137663765663636
63363563356233316335363534326364633433646134303033343830663537313434313833316565 65316431363666653738623838663831343433333939616162366337346135336631333661643865
65643464313230353138393537376137356561653739633934663539376636356339313836356332 38613536373837393664336133333934303166356365346563643265326136353838316336666664
31363730653362613431616563326465353833343165633962663665346337306564333832336364 35376138326431343661316264626665343366613335383062366331373634626133626163333361
32346532366233343566323339393064376461613033386261653064313333346461363733336636 61366262633965323165336663633963626633656236666239346434396439393461336230663366
32386139363865626232353866633866643133313036363637323035613738383635343432396263 31393135663433313933613862353962333664653962653562303832616334663334356562646133
38653430623137343934316231326630323234323237303162643231613961646538376332326630 64303761363833316464363237366238376230386236636265363339666332613238353865646537
63306637303539376534313237323863376131623462626465373231363630616439346533353566 34333333336631393033353532366333376465643362326438396138383861646463363462396164
61343833613466653063346634366133376561336632356465363831366230386330663231353932 343064393363653934613861366638616461
37343634306466663931

View File

@ -1,2 +1,16 @@
[nas] [nas]
192.168.0.3 static_ip=192.168.0.3 192.168.0.3 static_ip=192.168.0.3
[ruby]
192.168.0.2 static_ip=192.168.0.2
# Caddy reverse proxy host
[web]
192.168.0.3 static_ip=192.168.0.3
[lander]
192.168.0.3 static_ip=192.168.0.3
# Miniflux server host
[miniflux]
192.168.0.2 static_ip=192.168.0.2

14
nas.yml
View File

@ -55,3 +55,17 @@
roles: roles:
- lander - lander
tags: lander tags: lander
- name: Install Restic REST server
hosts: nas
become: yes
roles:
- restic-rest
tags: restic-rest
- name: Install Restic
hosts: nas
become: yes
roles:
- restic
tags: restic

View File

@ -22,6 +22,9 @@
# Periodic tasks # Periodic tasks
- cron - cron
# General compression tools
- bzip2
state: present state: present
- name: Ensure cron service is enabled - name: Ensure cron service is enabled

View File

@ -26,7 +26,6 @@
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- containerd.io - containerd.io
- docker-compose
- cron - cron
state: present state: present

View File

@ -0,0 +1,9 @@
---
- name: Ensure Caddyfile is present
template:
src: 'lander.Caddyfile.j2'
dest: '/etc/caddy/lander.Caddyfile'
owner: root
group: root
mode: '0644'
notify: caddy-reload

View File

@ -0,0 +1,3 @@
s.roosens.me {
reverse_proxy {{ groups['lander'][0] }}:18080
}

View File

@ -1,3 +0,0 @@
s.roosens.me {
reverse_proxy localhost:18080
}

View File

@ -67,12 +67,3 @@
name: 'lander' name: 'lander'
state: started state: started
enabled: true enabled: true
- name: Ensure Caddyfile is present
copy:
src: 'lander.Caddyfile'
dest: '/etc/caddy/lander.Caddyfile'
owner: root
group: root
mode: '0644'
notify: caddy-reload

View File

@ -0,0 +1,3 @@
---
dependencies:
- role: caddy

View File

@ -0,0 +1,9 @@
---
- name: Ensure Caddyfile is present
template:
src: 'miniflux.Caddyfile.j2'
dest: '/etc/caddy/miniflux.Caddyfile'
owner: root
group: root
mode: '0644'
notify: caddy-reload

View File

@ -0,0 +1,3 @@
nws.roosens.me {
reverse_proxy {{ groups['miniflux'][0] }}:8080
}

View File

@ -1,13 +0,0 @@
---
- name: Install NFS client.
apt:
name: nfs-common
state: present
- name: Mount NFS share.
ansible.posix.mount:
src: {{ hostvars['admin']['ansible_host'] }}:/mnt/data
path: /mnt/data
fstype: nfs4
opts: defaults,user,exec
state: mounted

View File

@ -15,6 +15,11 @@ endpoint = https://s3.gra.io.cloud.ovh.net/
[photos-crypt] [photos-crypt]
type = crypt type = crypt
remote = ovh-s3:pi-s3/photos remote = ovh-s3:pi-s3/photos
password = {{ rclone_photos_obf_pass }} password = {{ rclone_obf_pass }}
password2 = {{ rclone_photos_obf_pass2 }} password2 = {{ rclone_obf_pass2 }}
[jef-crypt]
type = crypt
remote = ovh-s3:pi-s3/jef
password = {{ rclone_obf_pass }}
password2 = {{ rclone_obf_pass2 }}

View File

@ -0,0 +1,14 @@
[Unit]
Description=Restic REST server
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=exec
User=restic
Group=restic
ExecStart=/usr/local/bin/restic-rest-server --path /mnt/data1/restic-rest --no-auth
Restart=always
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,69 @@
---
- name: Ensure download directory is present
ansible.builtin.file:
path: "/home/debian/restic-rest-{{ restic_rest_version }}"
state: directory
mode: '0755'
- name: Ensure binary is downloaded
ansible.builtin.unarchive:
src: "https://github.com/restic/rest-server/releases/download/v{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64.tar.gz"
remote_src: true
dest: "/home/debian/restic-rest-{{ restic_rest_version }}"
creates: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
include:
- "rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
register: res
- name: Ensure binary is copied to correct location
ansible.builtin.copy:
src: "/home/debian/restic-rest-{{ restic_rest_version }}/rest-server_{{ restic_rest_version }}_linux_arm64/rest-server"
remote_src: true
dest: '/usr/local/bin/restic-rest-server'
owner: 'root'
group: 'root'
mode: '0755'
when: 'res.changed'
- name: Ensure system group exists
ansible.builtin.group:
name: 'restic'
gid: 202
system: true
state: present
- name: Ensure system user exists
ansible.builtin.user:
name: 'restic'
group: 'restic'
uid: 202
system: true
create_home: false
- name: Ensure data directory is present
ansible.builtin.file:
path: '/mnt/data1/restic-rest'
state: directory
mode: '0755'
owner: 'restic'
group: 'restic'
- name: Ensure service file is present
ansible.builtin.copy:
src: 'restic-rest-server.service'
dest: '/lib/systemd/system/restic-rest-server.service'
owner: 'root'
group: 'root'
mode: '0644'
register: res
- name: systemd-reload
ansible.builtin.systemd_service:
daemon_reload: true
when: 'res.changed'
- name: Ensure service is enabled
ansible.builtin.service:
name: 'restic-rest-server'
state: started
enabled: true

View File

@ -0,0 +1,27 @@
---
- name: Ensure download directory is present
ansible.builtin.file:
path: "/home/debian/restic-{{ restic_version }}"
state: directory
mode: '0755'
- name: Ensure compressed binary is downloaded
ansible.builtin.get_url:
url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_linux_arm64.bz2"
dest: "/home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2"
register: res
- name: Ensure binary is decompressed
ansible.builtin.shell:
cmd: "bunzip2 -k /home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}.bz2"
when: 'res.changed'
- name: Ensure binary is copied to correct location
ansible.builtin.copy:
src: "/home/debian/restic-{{ restic_version }}/restic-{{ restic_version }}"
remote_src: true
dest: '/usr/local/bin/restic'
owner: 'root'
group: 'root'
mode: '0755'
when: 'res.changed'

View File

@ -246,8 +246,14 @@
writeable = yes writeable = yes
guest ok = no guest ok = no
[jellyfin-libraries] [media]
path = /mnt/data1/jellyfin/libraries path = /mnt/data1/media
browseable = no browseable = no
writeable = yes writeable = yes
guest ok = no guest ok = no
[jef]
path = /mnt/data1/jef
browseable = no
writeable = yes
guest ok = no

View File

@ -20,6 +20,14 @@
shell: /sbin/nologin shell: /sbin/nologin
notify: smbpasswd-lambroek notify: smbpasswd-lambroek
- name: Ensure Jef share directory is present
ansible.builtin.file:
path: '/mnt/data1/jef'
state: 'directory'
mode: '0775'
owner: 'debian'
group: 'data'
- name: Copy over smb config file - name: Copy over smb config file
copy: copy:
src: smb.conf src: smb.conf

12
web.yml 100644
View File

@ -0,0 +1,12 @@
---
- hosts: web
become: yes
roles:
- lander-web
tags: lander
- hosts: web
become: yes
roles:
- miniflux-web
tags: miniflux