nick/noofac-snackpot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8ad6e1c81c25d051c8eaf762a571d47159689bff
noofac-snackpot/snackpot.yml

167 lines
4.8 KiB
YAML
Raw Blame History

---
- name: snackpot | server
hosts: all
vars:
nextcloud_db_password: "{{lookup('passwordstore', 'servers/snackpot/nextcloud_db.password')}}"
postgres_password: "{{lookup('passwordstore', 'servers/snackpot/postgres_db.password')}}"
postgres_db_user: postgres
nextcloud_hostname: nc.noodlefactory.co.uk
nextcloud_db_user: nextcloud
nextcloud_db: nextcloud
jellyfin_hostname: jf.noodlefactory.co.uk
navidrome_hostname: nd.noodlefactory.co.uk
letsencrypt_email: webmaster@noodlefactory.co.uk
docker_compose_base_dir: /opt/docker-compose
docker_compose_cmd: docker-compose
borg_passphrase: "{{lookup('passwordstore', 'servers/snackpot/borg.passphrase')}}"
smtp_password: "{{lookup('passwordstore', 'servers/snackpot/smtp.password')}}"
borg_ssh_key: "{{lookup('passwordstore', 'servers/snackpot/borg.id_rsa')}}"
borg_ssh_key_pub: "{{lookup('passwordstore', 'servers/snackpot/borg.id_rsa.pub')}}"
borg_repo_key: "{{lookup('passwordstore', 'servers/snackpot/borg_repo.key')}}"
firewall_ports:
- "22"
- "80"
- "443"
# jellyfin
- "8096"
#- "8920" https
- "7359"
# minidlna
- "8200"
# upmpdcli
- port: "49152"
# upnp (jellyfin, minidlna and upmpdcli)
- proto: udp
port: "1900"
tasks:
- hostname:
name: "{{ nextcloud_hostname }}"
tags: network
- name: install packages
apt:
update_cache: true
name:
- emacs
- strace
- nmap
- git
- include_role:
name: root_sudoers
apply: { tags: root_sudoers }
tags: root_sudoers
- include_role:
name: ufw
apply: { tags: ufw }
tags: ufw
vars:
ufw_allow: "{{ firewall_ports }}"
- include_role:
name: mrlesmithjr.netplan
apply: { become: true, tags: [netplan, network] }
tags: netplan, network
vars:
netplan_enabled: true
netplan_configuration:
network:
version: 2
ethernets:
enp3s0:
addresses: [192.168.0.55/24]
gateway4: 192.168.0.1
nameservers:
addresses: [192.168.0.1]
- include_role:
name: docker_compose
apply: { tags: docker_compose }
tags: docker_compose
vars:
docker_compose_version: 1.27.4
- name: ensure directory exists
file:
path: "{{ docker_compose_base_dir }}/{{ item.path }}"
state: directory
with_community.general.filetree: templates/docker-compose
when: item.state == "directory" and item.path.count("/.") == 0
tags: docker-config
- name: deploy docker compose templates
template:
dest: "{{ docker_compose_base_dir }}/{{ item.path | splitext | first }}"
src: "docker-compose/{{ item.path }}"
owner: root
group: root
mode: 0660
backup: yes
notify: restart docker compose services
with_community.general.filetree: templates/docker-compose
when: item.state == "file" and item.path.endswith(".j2")
tags: docker-config
- name: deploy docker compose files
copy:
dest: "{{ docker_compose_base_dir }}/{{ item.path }}"
src: "templates/docker-compose/{{ item.path }}"
owner: root
group: root
mode: 0660
backup: yes
notify: restart docker compose services
with_community.general.filetree: templates/docker-compose
when: |-
item.state == "file" and not (
item.path.endswith("~") or item.path.endswith(".j2")
or item.path.count("/.") > 0
)
tags: docker-config
- name: ensure directory exists
file:
path: "{{ docker_compose_base_dir }}/bin"
state: directory
tags: docker-config
- name: install executables
template:
dest: "{{ docker_compose_base_dir }}/bin/{{ item.path }}"
src: "bin/{{ item.path }}"
owner: root
group: root
mode: 0550
with_community.general.filetree: templates/bin
when: item.state == "file" and not item.path.endswith("~")
tags: docker-config
- name: install appserver and borg backup services
template:
dest: "/etc/systemd/system/{{ item }}"
src: "{{ item }}.j2"
owner: root
group: root
mode: 0550
with_items:
- appserver.service
- borg.service
- borg.timer
tags: docker-configz
- name: enable backup service
service:
name: borg
state: started
enabled: yes
with_items:
- borg.service
- borg.timer
- appserver.service
# config nextcloud
# hide pg password
Reference in New Issue View Git Blame Copy Permalink