group_vars/all/vars.yml

@@ -15,6 +15,3 @@ ansible_become_pass: !vault |
           36343435646561643662373138613237626461373330346566356132636366623731643838383633
           3765666163656264340a663138623535626161376666323862373131383637356231323737313564
           6430
-
-woodpecker_server: 'ci.rustybever.be:9000'
-woodpecker_secret: "{{ vault_woodpecker_secret }}"

group_vars/all/vault.yml

@@ -1,10 +1,6 @@
 $ANSIBLE_VAULT;1.1;AES256
-65396664323038303134303832613939623230323365613162313835623462663137623231643466
+37303338366435366664333235623930303461666537326463613536303263353233303631653061
-3661303536326134636662636237326337653535613565380a643035326434656334363432633037
+3365613139333035616434376464386436653863366338650a366363336438313364646432626335
-31626233633935616234376334336138353833613962653632313639383932613638316238636436
+32396334643064326531393930666263643163636163316430616434363139316665323262616538
-3066656463396530340a356634316630363866373834393035336663373264613031646231666538
+3665633530616432350a326439636231383765666365386433313432373432373938656638373636
-63366666336236313236653831316433346335356430366364303739666532623835373931376636
+34323166343965616330366265353462626132356565316637313430343462363163
-63386434346265626331306461393330316164396632383462613537343664616266643938646632
-66316362623730313039666161353232313265613463653762666533356532633333616631343235
-66646339643366663365323165383830353562643266353935386334383134623933353162653666
-6432

nas.yml

@@ -41,10 +41,3 @@
   roles:
     - rclone
   tags: rclone
-
-- name: Install Woodpecker agent
-  hosts: nas
-  become: yes
-  roles:
-    - woodpecker
-  tags: woodpecker

roles/caddy/files/Caddyfile

@@ -8,7 +8,9 @@
 # this machine's public IP, then replace ":80" below with your
 # domain name.
 
-import *.Caddyfile
+media.roosens.me {
+	reverse_proxy localhost:8096
+}
 
 # Refer to the Caddy docs for more information:
 # https://caddyserver.com/docs/caddyfile

roles/caddy/handlers/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: caddy-reload
+- name: reload-caddy
   service:
     name: caddy
     state: reloaded

roles/caddy/tasks/main.yml

@@ -25,7 +25,7 @@
     owner: root
     group: root
     mode: '644'
-  notify: caddy-reload
+  notify: reload-caddy
 
 - name: Ensure Caddy service is running & enabled
   service:

roles/common/tasks/main.yml

@@ -1,13 +1,10 @@
-- name: Ensure common packages are installed
+- name: Install packages
   apt:
     name:
       # Needed for handling GPG keys for repositories
       - debian-keyring
       - debian-archive-keyring
       - apt-transport-https
-      - ca-certificates
-      - lsb-release
-      - gnupg
 
       # Easy to edit files
       - vim
@@ -19,24 +16,9 @@
 
       # Disk monitoring
       - smartmontools
-
-      # Periodic tasks
-      - cron
     state: present
 
-- name: Ensure cron service is enabled
+- name: Install Vim config
-  service:
-    name: cron
-    state: started
-    enabled: true
-
-- name: Ensure fail2ban service is enabled
-  service:
-    name: fail2ban
-    state: started
-    enabled: true
-
-- name: Ensure Vim config is present
   get_url:
     url: 'https://r8r.be/vim'
     dest: '{{ item.dest }}'
@@ -48,3 +30,9 @@
       dest: "/home/debian/.vimrc"
     - user: root
       dest: "/root/.vimrc"
+
+- name: Enable fail2ban
+  service:
+    name: fail2ban
+    state: started
+    enabled: true

roles/docker/tasks/main.yml

@@ -9,6 +9,15 @@
       - runc
     state: absent
 
+- name: Install Docker PPA dependencies.
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+      - lsb-release
+    state: present
+
 - name: Add Docker GPG key.
   apt_key:
     url: https://download.docker.com/linux/ubuntu/gpg
@@ -17,7 +26,7 @@
 - name: Add Docker PPA.
   apt_repository:
     # https://gist.github.com/rbq/886587980894e98b23d0eee2a1d84933
-    repo: deb [arch=arm64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+    repo: deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
     state: present
 
 - name: Install Docker, docker-compose & cron.
@@ -41,4 +50,4 @@
     name: Prune the Docker system.
     hour: 4
     minute: 0
-    job: docker system prune -af
+    job: docker system prune -f

roles/jellyfin/files/jellyfin.Caddyfile

@@ -1,3 +0,0 @@
-media.roosens.me {
-	reverse_proxy localhost:8096
-}

roles/jellyfin/meta/main.yml

@@ -1,3 +0,0 @@
----
-dependencies:
-  - role: caddy

roles/jellyfin/tasks/main.yml

@@ -50,11 +50,3 @@
     state: started
     enabled: true
 
-- name: Ensure Jellyfin Caddyfile is present
-  copy:
-    src: 'jellyfin.Caddyfile'
-    dest: '/etc/caddy/jellyfin.Caddyfile'
-    owner: root
-    group: root
-    mode: '0644'
-  notify: caddy-reload

roles/samba/handlers/main.yml

@@ -7,4 +7,4 @@
 - name: smbpasswd-lambroek
   shell:
     cmd: "smbpasswd -sa lambroek"
-    stdin: "{{ lambroek_password }}\n{{ lambroek_password }}\n"
+    stdin: "{{ lambroek_password }}\n{{ lambroek_password }}"

roles/woodpecker/files/woodpecker-agent.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Woodpecker Agent
-Documentation=https://woodpecker-ci.org/
-After=network.target network-online.target
-Requires=network-online.target
-
-[Service]
-Type=exec
-User=woodpecker
-Group=woodpecker
-ExecStart=/usr/local/bin/woodpecker-agent
-Restart=always
-EnvironmentFile=/etc/woodpecker/woodpecker-agent.env
-
-[Install]
-WantedBy=multi-user.target

roles/woodpecker/handlers/main.yml

@@ -1,5 +0,0 @@
----
-- name: woodpecker-agent-restart
-  ansible.builtin.service:
-    name: 'woodpecker-agent'
-    state: 'restarted'

roles/woodpecker/meta/main.yml

@@ -1,3 +0,0 @@
----
-dependencies:
-  - role: docker

roles/woodpecker/tasks/main.yml

@@ -1,78 +0,0 @@
----
-- name: Create download directory
-  ansible.builtin.file:
-    path: '/home/debian/woodpecker-agent-1.0.1'
-    state: directory
-    mode: '0755'
-
-- name: Download agent tarball
-  ansible.builtin.unarchive:
-    src: 'https://github.com/woodpecker-ci/woodpecker/releases/download/v1.0.1/woodpecker-agent_linux_arm64.tar.gz'
-    remote_src: true
-    dest: '/home/debian/woodpecker-agent-1.0.1'
-    creates: '/home/debian/woodpecker-agent-1.0.1/woodpecker-agent'
-    include:
-      - 'woodpecker-agent'
-  register: res
-
-- name: Move binary to correct location
-  ansible.builtin.copy:
-    src: '/home/debian/woodpecker-agent-1.0.1/woodpecker-agent'
-    remote_src: true
-    dest: '/usr/local/bin/woodpecker-agent'
-    owner: 'root'
-    group: 'root'
-    mode: '0755'
-  when: 'res.changed'
-
-- name: Ensure system group exists
-  group:
-    name: 'woodpecker'
-    gid: 200
-    system: true
-    state: present
-
-- name: Ensure system user exists
-  user:
-    name: 'woodpecker'
-    group: 'woodpecker'
-    uid: 200
-    system: true
-    create_home: false
-
-- name: Ensure woodpecker directory is present
-  file:
-    path: '/etc/woodpecker'
-    state: directory
-    mode: '0755'
-    owner: 'woodpecker'
-    group: 'woodpecker'
-
-- name: Ensure agent environment file is present
-  template:
-    src: 'woodpecker-agent.env.j2'
-    dest: '/etc/woodpecker/woodpecker-agent.env'
-    owner: 'woodpecker'
-    group: 'woodpecker'
-    mode: '0644'
-  notify: woodpecker-agent-restart
-
-- name: Ensure service file is present
-  copy:
-    src: 'woodpecker-agent.service'
-    dest: '/lib/systemd/system/woodpecker-agent.service'
-    owner: 'root'
-    group: 'root'
-    mode: '0644'
-  register: res
-
-- name: systemd-reload
-  ansible.builtin.systemd_service:
-    daemon_reload: true
-  when: 'res.changed'
-
-- name: Ensure agent service is enabled
-  ansible.builtin.service:
-    name: 'woodpecker-agent'
-    state: started
-    enabled: true

roles/woodpecker/templates/woodpecker-agent.env.j2

@@ -1,4 +0,0 @@
-WOODPECKER_SERVER={{ woodpecker_server }}
-WOODPECKER_AGENT_SECRET={{ woodpecker_secret }}
-WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/woodpecker-agent.conf
-WOODPECKER_BACKEND=docker