diff --git a/ansible/group_vars/pve.yml b/ansible/group_vars/pve.yml index 9f82f4d..2703cd7 100644 --- a/ansible/group_vars/pve.yml +++ b/ansible/group_vars/pve.yml @@ -1,2 +1,3 @@ media_storage_mnt: /mnt/storage +media_group: media media_gid: 997 diff --git a/ansible/roles/lidarr/tasks/main.yml b/ansible/roles/lidarr/tasks/main.yml new file mode 100644 index 0000000..b4c4d2d --- /dev/null +++ b/ansible/roles/lidarr/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Create service user + user: + name: "{{ role_name }}" + groups: "{{ media_group }}" + append: yes + register: service_user + become: true + +- name: Create install directory + file: + path: "{{ install_directory }}/{{ role_name }}" + state: directory + owner: "{{ docker_user }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Copy docker-compose file to destination + template: + src: docker-compose.yml + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" + mode: "{{ docker_compose_file_mask }}" + validate: docker-compose -f %s config + become: true + +- name: Start docker container + community.docker.docker_compose: + project_src: "{{ install_directory }}/{{ role_name }}" + pull: true + remove_orphans: yes diff --git a/ansible/roles/lidarr/templates/docker-compose.yml b/ansible/roles/lidarr/templates/docker-compose.yml new file mode 100644 index 0000000..6d0f15a --- /dev/null +++ b/ansible/roles/lidarr/templates/docker-compose.yml @@ -0,0 +1,24 @@ +version: "{{ docker_compose_version }}" + +networks: + traefik: + external: true + +services: + {{ role_name }}: + container_name: "{{ role_name }}" + image: lscr.io/linuxserver/lidarr:latest + restart: unless-stopped + networks: + - traefik + environment: + - "PUID={{ service_user.uid }}" + - "PGID={{ media_gid }}" + - "TZ={{ timezone }}" + volumes: + - "{{ data_dir }}/{{ role_name }}:/config" + - "{{ media_storage_mnt }}/data:/data" + labels: + traefik.enable: true + traefik.http.routers.{{ role_name }}.rule: "Host(`{{ role_name }}.local.{{ personal_domain }}`)" + traefik.http.routers.{{ role_name }}.middlewares: lan-whitelist@file diff --git a/ansible/roles/ntfy/tasks/main.yml b/ansible/roles/ntfy/tasks/main.yml index 9e6d113..edd3091 100644 --- a/ansible/roles/ntfy/tasks/main.yml +++ b/ansible/roles/ntfy/tasks/main.yml @@ -1,6 +1,6 @@ - name: Create install directory file: - path: "{{ install_directory }}/radarr" + path: "{{ install_directory }}/{{ role_name }}" state: directory owner: "{{ docker_user }}" mode: "{{ docker_compose_directory_mask }}" @@ -9,13 +9,13 @@ - name: Copy docker-compose file to destination template: src: docker-compose.yml - dest: "{{ install_directory }}/radarr/docker-compose.yml" + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" mode: "{{ docker_compose_file_mask }}" validate: docker-compose -f %s config become: true - name: Start docker container community.docker.docker_compose: - project_src: "{{ install_directory }}/radarr" + project_src: "{{ install_directory }}/{{ role_name }}" pull: true remove_orphans: yes diff --git a/ansible/roles/overseerr/tasks/main.yml b/ansible/roles/overseerr/tasks/main.yml index 9e6d113..11077f8 100644 --- a/ansible/roles/overseerr/tasks/main.yml +++ b/ansible/roles/overseerr/tasks/main.yml @@ -1,6 +1,12 @@ +- name: Create service user + user: + name: "{{ role_name }}" + register: service_user + become: true + - name: Create install directory file: - path: "{{ install_directory }}/radarr" + path: "{{ install_directory }}/{{ role_name }}" state: directory owner: "{{ docker_user }}" mode: "{{ docker_compose_directory_mask }}" @@ -9,13 +15,13 @@ - name: Copy docker-compose file to destination template: src: docker-compose.yml - dest: "{{ install_directory }}/radarr/docker-compose.yml" + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" mode: "{{ docker_compose_file_mask }}" validate: docker-compose -f %s config become: true - name: Start docker container community.docker.docker_compose: - project_src: "{{ install_directory }}/radarr" + project_src: "{{ install_directory }}/{{ role_name }}" pull: true remove_orphans: yes diff --git a/ansible/roles/overseerr/templates/docker-compose.yml b/ansible/roles/overseerr/templates/docker-compose.yml index b130014..9bb977b 100644 --- a/ansible/roles/overseerr/templates/docker-compose.yml +++ b/ansible/roles/overseerr/templates/docker-compose.yml @@ -5,18 +5,18 @@ networks: external: true services: - overseerr: - container_name: overseerr + {{ role_name }}: + container_name: "{{ role_name }}" image: lscr.io/linuxserver/overseerr:latest restart: unless-stopped networks: - traefik environment: - - PUID={{ primary_uid }} - - PGID={{ primary_gid }} - - TZ={{ timezone }} + - "PUID={{ service_user.uid }}" + - "PGID={{ service_user.uid }}" + - "TZ={{ timezone }}" volumes: - - "{{ data_dir }}/overseerr:/config" + - "{{ data_dir }}/{{ role_name }}:/config" labels: traefik.enable: true - traefik.http.routers.overseerr.rule: "Host(`overseerr.{{ personal_domain }}`)" + traefik.http.routers.{{ role_name }}.rule: "Host(`{{ role_name }}.{{ personal_domain }}`)" diff --git a/ansible/roles/prowlarr/tasks/main.yml b/ansible/roles/prowlarr/tasks/main.yml index caa7fda..b4c4d2d 100644 --- a/ansible/roles/prowlarr/tasks/main.yml +++ b/ansible/roles/prowlarr/tasks/main.yml @@ -1,6 +1,14 @@ +- name: Create service user + user: + name: "{{ role_name }}" + groups: "{{ media_group }}" + append: yes + register: service_user + become: true + - name: Create install directory file: - path: "{{ install_directory }}/prowlarr" + path: "{{ install_directory }}/{{ role_name }}" state: directory owner: "{{ docker_user }}" mode: "{{ docker_compose_directory_mask }}" @@ -9,13 +17,13 @@ - name: Copy docker-compose file to destination template: src: docker-compose.yml - dest: "{{ install_directory }}/prowlarr/docker-compose.yml" + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" mode: "{{ docker_compose_file_mask }}" validate: docker-compose -f %s config become: true - name: Start docker container community.docker.docker_compose: - project_src: "{{ install_directory }}/prowlarr" + project_src: "{{ install_directory }}/{{ role_name }}" pull: true remove_orphans: yes diff --git a/ansible/roles/prowlarr/templates/docker-compose.yml b/ansible/roles/prowlarr/templates/docker-compose.yml index 971fa8e..cfdc5fc 100644 --- a/ansible/roles/prowlarr/templates/docker-compose.yml +++ b/ansible/roles/prowlarr/templates/docker-compose.yml @@ -5,20 +5,20 @@ networks: external: true services: - prowlarr: - container_name: prowlarr + {{ role_name }}: + container_name: "{{ role_name }}" image: lscr.io/linuxserver/prowlarr:latest restart: unless-stopped networks: - traefik environment: - - PUID={{ primary_uid }} - - PGID={{ media_gid }} - - TZ={{ timezone }} + - "PUID={{ service_user.uid }}" + - "PGID={{ media_gid }}" + - "TZ={{ timezone }}" volumes: - - "{{ data_dir }}/prowlarr:/config" + - "{{ data_dir }}/{{ role_name }}:/config" - "{{ media_storage_mnt }}/data:/data" labels: traefik.enable: true - traefik.http.routers.prowlarr.rule: "Host(`prowlarr.local.{{ personal_domain }}`)" - traefik.http.routers.prowlarr.middlewares: lan-whitelist@file + traefik.http.routers.{{ role_name }}.rule: "Host(`{{ role_name }}.local.{{ personal_domain }}`)" + traefik.http.routers.{{ role_name }}.middlewares: lan-whitelist@file diff --git a/ansible/roles/pve-docker/tasks/main.yml b/ansible/roles/pve-docker/tasks/main.yml index 01388da..be8cd55 100644 --- a/ansible/roles/pve-docker/tasks/main.yml +++ b/ansible/roles/pve-docker/tasks/main.yml @@ -1,8 +1,6 @@ -- name: Install basic packages - ansible.builtin.package: - name: "{{ item }}" - loop: - - vim - - doas - - git +- name: Create media group + group: + name: "{{ media_group }}" + gid: "{{ media_gid }}" + state: present become: true diff --git a/ansible/roles/qbittorrent/tasks/main.yml b/ansible/roles/qbittorrent/tasks/main.yml index 9e6d113..b4c4d2d 100644 --- a/ansible/roles/qbittorrent/tasks/main.yml +++ b/ansible/roles/qbittorrent/tasks/main.yml @@ -1,6 +1,14 @@ +- name: Create service user + user: + name: "{{ role_name }}" + groups: "{{ media_group }}" + append: yes + register: service_user + become: true + - name: Create install directory file: - path: "{{ install_directory }}/radarr" + path: "{{ install_directory }}/{{ role_name }}" state: directory owner: "{{ docker_user }}" mode: "{{ docker_compose_directory_mask }}" @@ -9,13 +17,13 @@ - name: Copy docker-compose file to destination template: src: docker-compose.yml - dest: "{{ install_directory }}/radarr/docker-compose.yml" + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" mode: "{{ docker_compose_file_mask }}" validate: docker-compose -f %s config become: true - name: Start docker container community.docker.docker_compose: - project_src: "{{ install_directory }}/radarr" + project_src: "{{ install_directory }}/{{ role_name }}" pull: true remove_orphans: yes diff --git a/ansible/roles/qbittorrent/templates/docker-compose.yml b/ansible/roles/qbittorrent/templates/docker-compose.yml index 1fc83ea..8bc94d0 100644 --- a/ansible/roles/qbittorrent/templates/docker-compose.yml +++ b/ansible/roles/qbittorrent/templates/docker-compose.yml @@ -5,20 +5,20 @@ networks: external: true services: - qbittorrent: - container_name: qbittorrent + {{ role_name }}: + container_name: "{{ role_name }}" image: lscr.io/linuxserver/qbittorrent:libtorrentv1 restart: unless-stopped - network_mode: "container:gluetun" + networks: + - traefik environment: - - PUID={{ primary_uid }} - - PGID={{ media_gid }} - - TZ={{ timezone }} - - DOCKER_MODS=arafatamim/linuxserver-io-mod-vuetorrent + - "PUID={{ service_user.uid }}" + - "PGID={{ media_gid }}" + - "TZ={{ timezone }}" volumes: - - "{{ data_dir }}/qbittorrent:/config" + - "{{ data_dir }}/{{ role_name }}:/config" - "{{ media_storage_mnt }}/data/torrents:/downloads" labels: traefik.enable: true - traefik.http.routers.qbittorrent.rule: "Host(`qbittorrent.local.{{ personal_domain }}`)" - traefik.http.routers.qbittorrent.middlewares: lan-whitelist@file + traefik.http.routers.{{ role_name }}.rule: "Host(`{{ role_name }}.local.{{ personal_domain }}`)" + traefik.http.routers.{{ role_name }}.middlewares: lan-whitelist@file diff --git a/ansible/roles/radarr/tasks/main.yml b/ansible/roles/radarr/tasks/main.yml index 9e6d113..b4c4d2d 100644 --- a/ansible/roles/radarr/tasks/main.yml +++ b/ansible/roles/radarr/tasks/main.yml @@ -1,6 +1,14 @@ +- name: Create service user + user: + name: "{{ role_name }}" + groups: "{{ media_group }}" + append: yes + register: service_user + become: true + - name: Create install directory file: - path: "{{ install_directory }}/radarr" + path: "{{ install_directory }}/{{ role_name }}" state: directory owner: "{{ docker_user }}" mode: "{{ docker_compose_directory_mask }}" @@ -9,13 +17,13 @@ - name: Copy docker-compose file to destination template: src: docker-compose.yml - dest: "{{ install_directory }}/radarr/docker-compose.yml" + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" mode: "{{ docker_compose_file_mask }}" validate: docker-compose -f %s config become: true - name: Start docker container community.docker.docker_compose: - project_src: "{{ install_directory }}/radarr" + project_src: "{{ install_directory }}/{{ role_name }}" pull: true remove_orphans: yes diff --git a/ansible/roles/radarr/templates/docker-compose.yml b/ansible/roles/radarr/templates/docker-compose.yml index 9ba49af..4fb3505 100644 --- a/ansible/roles/radarr/templates/docker-compose.yml +++ b/ansible/roles/radarr/templates/docker-compose.yml @@ -5,20 +5,20 @@ networks: external: true services: - radarr: - container_name: radarr + {{ role_name }}: + container_name: "{{ role_name }}" image: lscr.io/linuxserver/radarr:latest restart: unless-stopped networks: - traefik environment: - - PUID={{ primary_uid }} - - PGID={{ media_gid }} - - TZ={{ timezone }} + - "PUID={{ service_user.uid }}" + - "PGID={{ media_gid }}" + - "TZ={{ timezone }}" volumes: - - "{{ data_dir }}/radarr:/config" + - "{{ data_dir }}/{{ role_name }}:/config" - "{{ media_storage_mnt }}/data:/data" labels: traefik.enable: true - traefik.http.routers.radarr.rule: "Host(`radarr.local.{{ personal_domain }}`)" - traefik.http.routers.radarr.middlewares: lan-whitelist@file + traefik.http.routers.{{ role_name }}.rule: "Host(`{{ role_name }}.local.{{ personal_domain }}`)" + traefik.http.routers.{{ role_name }}.middlewares: lan-whitelist@file diff --git a/ansible/roles/sonarr/tasks/main.yml b/ansible/roles/sonarr/tasks/main.yml index 39212b1..b4c4d2d 100644 --- a/ansible/roles/sonarr/tasks/main.yml +++ b/ansible/roles/sonarr/tasks/main.yml @@ -1,6 +1,14 @@ +- name: Create service user + user: + name: "{{ role_name }}" + groups: "{{ media_group }}" + append: yes + register: service_user + become: true + - name: Create install directory file: - path: "{{ install_directory }}/sonarr" + path: "{{ install_directory }}/{{ role_name }}" state: directory owner: "{{ docker_user }}" mode: "{{ docker_compose_directory_mask }}" @@ -9,13 +17,13 @@ - name: Copy docker-compose file to destination template: src: docker-compose.yml - dest: "{{ install_directory }}/sonarr/docker-compose.yml" + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" mode: "{{ docker_compose_file_mask }}" validate: docker-compose -f %s config become: true - name: Start docker container community.docker.docker_compose: - project_src: "{{ install_directory }}/sonarr" + project_src: "{{ install_directory }}/{{ role_name }}" pull: true remove_orphans: yes diff --git a/ansible/roles/sonarr/templates/docker-compose.yml b/ansible/roles/sonarr/templates/docker-compose.yml index 456073a..1ea0208 100644 --- a/ansible/roles/sonarr/templates/docker-compose.yml +++ b/ansible/roles/sonarr/templates/docker-compose.yml @@ -5,20 +5,20 @@ networks: external: true services: - sonarr: - container_name: sonarr - image: lscr.io/linuxserver/sonarr:develop + "{{ role_name }}": + container_name: "{{ role_name }}" + image: "lscr.io/linuxserver/sonarr:develop" restart: unless-stopped networks: - traefik environment: - - PUID={{ primary_uid }} - - PGID={{ media_gid }} - - TZ={{ timezone }} + - "PUID={{ service_user.uid }}" + - "PGID={{ media_gid }}" + - "TZ={{ timezone }}" volumes: - - "{{ data_dir }}/sonarr:/config" + - "{{ data_dir }}/{{ role_name }}:/config" - "{{ media_storage_mnt }}/data:/data" labels: traefik.enable: true - traefik.http.routers.sonarr.rule: "Host(`sonarr.local.{{ personal_domain }}`)" - traefik.http.routers.sonarr.middlewares: lan-whitelist@file + traefik.http.routers.{{ role_name }}.rule: "Host(`{{ role_name }}.local.{{ personal_domain }}`)" + traefik.http.routers.{{ role_name }}.middlewares: lan-whitelist@file