mike/infrastructure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleared out some old roles and installed searxng

Browse Source
This commit is contained in:
Mike Wilson
2023-06-14 11:00:39 -04:00
parent cccfb0ed42
commit 4932a8b9be
15 changed files with 1954 additions and 335 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ansible/main.yml
View File

@@ -17,11 +17,12 @@
- ntfy
- nextcloud
- tautulli
- gitea
#- gitea
- unifi-controller
- navidrome
- lidarr
- webtrees
- slskd
- barassistant
- synapse
- name: searxng
tags: test

1
ansible/roles/gitea/files/ssh_shim.sh
View File

@@ -1 +0,0 @@
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"

53
ansible/roles/gitea/tasks/main.yml
View File

@@ -1,53 +0,0 @@
- name: Create service user
user:
name: git
password_lock: yes
generate_ssh_key: yes
ssh_key_type: rsa
ssh_key_comment: Gitea Host Key
register: service_user
become: true
- name: Add user git's ssh key to its own authorized_key file
ansible.posix.authorized_key:
user: git
key: "{{ service_user.ssh_public_key }}"
become: true
- name: Set authorized_key file permissions
file:
path: "/home/{{ service_user.name }}/.ssh/authorized_keys"
mode: 0600
become: true
- name: Install SSH shim script
copy:
src: ssh_shim.sh
dest: /usr/local/bin/gitea
owner: "{{ service_user.uid }}"
group: "{{ service_user.group }}"
mode: 0711
become: true
- name: Create install directory
file:
path: "{{ install_directory }}/{{ role_name }}"
state: directory
owner: "{{ docker_user }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
- name: Copy docker-compose file to destination
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true
- name: Start docker container
community.docker.docker_compose:
project_src: "{{ install_directory }}/{{ role_name }}"
pull: true
remove_orphans: yes

55
ansible/roles/gitea/templates/docker-compose.yml
View File

@@ -1,55 +0,0 @@
version: "{{ docker_compose_version }}"
networks:
traefik:
external: true
default:
external: false
services:
gitea:
container_name: gitea
image: gitea/gitea:latest
restart: unless-stopped
depends_on:
- db
networks:
- traefik
- default
ports:
- "127.0.0.1:2222:22"
environment:
- "USER_UID={{ service_user.uid }}"
- "USER_GID={{ service_user.group }}"
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
- GITEA__server__START_SSH_SERVER=true
- GITEA__server__BUILTIN_SSH_SERVER_USER=git
- GITEA__server__SSH_LISTEN_PORT=2222
- "GITEA__server__DOMAIN=git.{{ personal_domain }}"
- "GITEA__server__ROOT_URL=https://git.{{ personal_domain }}"
- GITEA__server__LANDING_PAGE=explore
volumes:
- "{{ data_dir }}/gitea:/data"
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/git/.ssh:/data/git/.ssh # For SSH passthrough
labels:
traefik.enable: true
traefik.http.routers.gitea.rule: "Host(`git.{{ personal_domain }}`)"
traefik.http.services.gitea.loadbalancer.server.port: 3000
db:
image: postgres:14-alpine
restart: unless-stopped
networks:
- default
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
volumes:
- "{{ data_dir }}/postgres/gitea:/var/lib/postgresql/data"

1
ansible/roles/immich/defaults/main.yml
View File

@@ -1 +0,0 @@
upload_location: "{{ data_dir }}/immich/upload"

86
ansible/roles/immich/templates/docker-compose.yml
View File

@@ -1,86 +0,0 @@
version: "{{ docker_compose_version }}"
networks:
traefik:
external: true
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:release
restart: unless-stopped
entrypoint: ["/bin/sh", "./start-server.sh"]
volumes:
- "{{ upload_location }}:/usr/src/app/upload"
depends_on:
- redis
- database
- typesense
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:release
restart: unless-stopped
entrypoint: ["/bin/sh", "./start-microservices.sh"]
volumes:
- "{{ upload_location }}:/usr/src/app/upload"
environment:
- NODE_ENV=production
depends_on:
- redis
- database
- typesense
immich-machine-learning:
container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:release
restart: unless-stopped
volumes:
- "{{ upload_location }}:/usr/src/app/upload"
- model-cache:/cache
environment:
- NODE_ENV=production
immich-web:
container_name: immich-web
image: ghcr.io/immich-app/immich-web:release
restart: unless-stopped
entrypoint: ["/bin/sh", "./entrypoint.sh"]
typesense:
container_name: immich_typesense
image: typesense/typesense:0.24.0
restart: unless-stopped
environment:
- TYPESENSE_API_KEY={{ typesense_api_key }}
- TYPESENSE_DATA_DIR=/data
logging:
driver: none
volumes:
- tsdata:/data
redis:
container_name: immich_redis
image: redis:6.2
restart: unless-stopped
database:
container_name: immich_postgres
image: postgres:14
restart: unless-stopped
environment:
POSTGRES_PASSWORD: immich
POSTGRES_USER: immich
POSTGRES_DB: immich
PG_DATA: /var/lib/postgresql/data
volumes:
- "{{ data_dir }}/postgres/immich:/var/lib/postgresql/data
immich-proxy:
container_name: immich_proxy
image: ghcr.io/immich-app/immich-proxy:release
environment:
volumes:
model-cache:
tsdata:

29
ansible/roles/minetest/tasks/main.yml
View File

@@ -1,29 +0,0 @@
- name: Create service user
user:
name: "{{ role_name }}"
system: true
register: service_user
become: true
- name: Create install directory
file:
path: "{{ install_directory }}/{{ role_name }}"
state: directory
owner: "{{ docker_user }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
- name: Copy docker-compose file to destination
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true
- name: Start docker container
community.docker.docker_compose:
project_src: "{{ install_directory }}/{{ role_name }}"
pull: true
remove_orphans: yes

22
ansible/roles/minetest/templates/docker-compose.yml
View File

@@ -1,22 +0,0 @@
version: "{{ docker_compose_version }}"
networks:
traefik:
external: true
services:
minetest:
container_name: minetest
image: lscr.io/linuxserver/minetest:latest
restart: unless-stopped
networks:
- traefik
environment:
- "PUID={{ service_user.uid }}"
- "PGID={{ service_user.uid }}"
- "TZ={{ timezone }}"
volumes:
- "{{ data_dir }}/{{ role_name }}:/config/.minetest"
labels:
traefik.enable: true
traefik.http.routers.minetest.rule: "Host(`minetest.{{ personal_domain }}`)"

5
ansible/roles/searxng/handlers/main.yml Normal file
View File

@@ -0,0 +1,5 @@
- name: restart searxng
community.docker.docker_compose:
project_src: "{{ install_directory }}/{{ role_name }}"
restarted: true

15
ansible/roles/immich/tasks/main.yml → ansible/roles/searxng/tasks/main.yml
View File

@@ -1,10 +1,3 @@
- name: Create service user
user:
name: "{{ role_name }}"
system: true
register: service_user
become: true
- name: Create install directory
file:
path: "{{ install_directory }}/{{ role_name }}"
@@ -22,6 +15,14 @@
validate: docker-compose -f %s config
become: true
- name: Copy settings file to destionation
template:
src: settings.yml
dest: "{{ data_dir }}/{{ role_name }}/settings.yml"
owner: "{{ docker_user }}"
become: true
notify: restart searxng
- name: Start docker container
community.docker.docker_compose:
project_src: "{{ install_directory }}/{{ role_name }}"

38
ansible/roles/searxng/templates/docker-compose.yml Normal file
View File

@@ -0,0 +1,38 @@
version: "{{ docker_compose_version }}"
networks:
traefik:
external: true
services:
searxng:
container_name: searxng
image: searxng/searxng
restart: unless-stopped
networks:
- traefik
volumes:
- "{{ data_dir }}/{{ role_name }}:/etc/searxng"
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
labels:
traefik.enable: true
traefik.http.routers.searxng.rule: "Host(`search.{{ personal_domain }}`)"
traefik.http.routers.searxng.middlewares: lan-whitelist@file
redis:
image: redis:alpine
restart: unless-stopped
command: redis-server --save "" --appendonly "no"
tmpfs:
- /var/lib/redis
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE

1890
ansible/roles/searxng/templates/settings.yml Normal file
View File

File diff suppressed because it is too large Load Diff

10
ansible/roles/searxng/vars/main.yml Normal file
View File

@@ -0,0 +1,10 @@
searxng_secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
33656138666464373665663339363665346566613637626131363335336535313131333265646539
3037373439643964343139383764386364623961383737610a313063613736316437366239663238
65333735633661316463336665353138623264396534383865363134613165636164303765356265
3865626366613966660a313738353339313133393765643136306361373061366132373130656531
61396230346333346636356562353733623332333662653164373630626339376433353663313862
61303230613135336662313531313836363466623162666233646231616333643536303233616231
62353866333465646162633738383866363338383932623335353038393130323932343363653233
62663465386661663262

29
ansible/roles/webtrees/tasks/main.yml
View File

@@ -1,29 +0,0 @@
- name: Create service user
user:
name: "{{ role_name }}"
system: true
register: service_user
become: true
- name: Create install directory
file:
path: "{{ install_directory }}/{{ role_name }}"
state: directory
owner: "{{ docker_user }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
- name: Copy docker-compose file to destination
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true
- name: Start docker container
community.docker.docker_compose:
project_src: "{{ install_directory }}/{{ role_name }}"
pull: true
remove_orphans: yes

50
ansible/roles/webtrees/templates/docker-compose.yml
View File

@@ -1,50 +0,0 @@
version: "{{ docker_compose_version }}"
networks:
traefik:
external: true
db:
external: false
services:
{{ role_name }}:
container_name: "{{ role_name }}"
image: ghcr.io/nathanvaughn/webtrees:latest
restart: unless-stopped
networks:
- traefik
- db
environment:
PRETTY_URLS: "1"
BASE_URL: "https://ancestry.{{ personal_domain }}"
DB_TYPE: "pgsql"
DB_PORT: 5432
DB_HOST: "db"
DB_NAME: "webtrees"
DB_USER: "webtrees"
DB_PASSWORD: "webtrees"
WT_USER: "mike"
WT_PASS: "mike"
WT_EMAIL: email@email.com
volumes:
- "{{ data_dir }}/{{ role_name }}/data:/var/www/webtrees/data"
- "{{ data_dir }}/{{ role_name }}/media:/var/www/webtrees/media"
labels:
traefik.enable: true
traefik.http.routers.{{ role_name }}.rule: "Host(`ancestry.{{ personal_domain }}`)"
traefik.http.routers.{{ role_name }}.middlewares: lan-whitelist@file
db:
image: lscr.io/linuxserver/mariadb:latest
restart: unless-stopped
networks:
- db
environment:
TZ: {{ timezone }}
MYSQL_DATABASE: webtrees
MYSQL_USER: webtrees
MYSQL_PASSWORD: webtrees
MYSQL_ROOT_PASSWORD: webtrees
volumes:
- "{{ data_dir }}/mariadb/webtrees:/config"