From 6d1f7d1a2eb483e7f0ceea5c792c49720fa9c10a Mon Sep 17 00:00:00 2001
From: Mike Wilson <contact@mjwilson.org>
Date: Mon, 23 Jan 2023 21:37:15 -0500
Subject: [PATCH] Media share permissions and worked on radarr role

---
 ansible/group_vars/pve.yml                      |  1 +
 ansible/host_vars/pve-docker/main.yml           |  3 ++-
 ansible/host_vars/pve/main.yml                  |  0
 ansible/hosts.ini                               |  6 ++++++
 ansible/main.yml                                |  2 +-
 ansible/requirements.yml                        |  1 +
 ansible/roles/pve/tasks/main.yml                |  6 ++++++
 ansible/roles/pve/tasks/media-share.yml         | 17 +++++++++++++++++
 ansible/roles/radarr/defaults/main.yml          |  1 -
 ansible/roles/radarr/tasks/main.yml             | 14 ++++++++++++++
 .../roles/radarr/templates/docker-compose.yml   |  2 +-
 11 files changed, 49 insertions(+), 4 deletions(-)
 create mode 100644 ansible/group_vars/pve.yml
 create mode 100644 ansible/host_vars/pve/main.yml
 create mode 100644 ansible/roles/pve/tasks/main.yml
 create mode 100644 ansible/roles/pve/tasks/media-share.yml
 delete mode 100644 ansible/roles/radarr/defaults/main.yml

diff --git a/ansible/group_vars/pve.yml b/ansible/group_vars/pve.yml
new file mode 100644
index 0000000..fc8af50
--- /dev/null
+++ b/ansible/group_vars/pve.yml
@@ -0,0 +1 @@
+media_storage_mnt: /mnt/storage
diff --git a/ansible/host_vars/pve-docker/main.yml b/ansible/host_vars/pve-docker/main.yml
index f10ffba..0c383a6 100644
--- a/ansible/host_vars/pve-docker/main.yml
+++ b/ansible/host_vars/pve-docker/main.yml
@@ -3,5 +3,6 @@ ansible_become_method: community.general.doas
 # Docker
 docker_compose_version: 3.9
 docker_user: "{{ primary_user }}"
-
+docker_compose_directory_mask: 0775
+docker_compose_file_mask: 0664
 install_directory: /srv
diff --git a/ansible/host_vars/pve/main.yml b/ansible/host_vars/pve/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/hosts.ini b/ansible/hosts.ini
index 56ffb1d..2884dfe 100644
--- a/ansible/hosts.ini
+++ b/ansible/hosts.ini
@@ -1,2 +1,8 @@
 [pve]
+pve
+
+[lxc]
 pve-docker ansible_ssh_user=mike
+
+[pve:children]
+lxc
diff --git a/ansible/main.yml b/ansible/main.yml
index df1999c..a81d0fd 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -1,6 +1,6 @@
 - hosts: pve
   roles:
-    - role: ironicbadger.proxmox_nag_removal
+    - pve
       
 - hosts: pve-docker
   roles:
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index a3dbbb7..d37ad86 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -1,3 +1,4 @@
 roles:
   - src: geerlingguy.docker
   - src: geerlingguy.ntp
+  - src: ironicbadger.proxmox_nag_removal
diff --git a/ansible/roles/pve/tasks/main.yml b/ansible/roles/pve/tasks/main.yml
new file mode 100644
index 0000000..d56b50d
--- /dev/null
+++ b/ansible/roles/pve/tasks/main.yml
@@ -0,0 +1,6 @@
+- name: Remove Proxmox nag banner
+  import_role:
+    name: ironicbadger.proxmox_nag_removal
+
+- name: Configure media share permissions
+  include_tasks: media-share.yml
diff --git a/ansible/roles/pve/tasks/media-share.yml b/ansible/roles/pve/tasks/media-share.yml
new file mode 100644
index 0000000..3c8332d
--- /dev/null
+++ b/ansible/roles/pve/tasks/media-share.yml
@@ -0,0 +1,17 @@
+- name: Create media group
+  ansible.builtin.group:
+    name: media
+    system: true
+    state: present
+    register: media_gid
+  become: true
+
+- name: Set media directory permissions
+  ansible.builtin.file:
+    path: "{{ mergerfs_mountpoint }}/data"
+    state: directory
+    owner: {{ primary_gid }}
+    group: {{ media_gid }}
+    mode: 0775
+    recurse: yes
+  become: true
diff --git a/ansible/roles/radarr/defaults/main.yml b/ansible/roles/radarr/defaults/main.yml
deleted file mode 100644
index 2ffc408..0000000
--- a/ansible/roles/radarr/defaults/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-version_tag: latest
diff --git a/ansible/roles/radarr/tasks/main.yml b/ansible/roles/radarr/tasks/main.yml
index 2d4a855..1e261b1 100644
--- a/ansible/roles/radarr/tasks/main.yml
+++ b/ansible/roles/radarr/tasks/main.yml
@@ -5,3 +5,17 @@
     owner: "{{ docker_user }}"
     mode: "{{ docker_compose_directory_mask }}"
   become: true
+
+- name: Copy docker-compose file to destination
+  template:
+    src: docker-compose.yml
+    dest: "{{ install_directory }}/radarr/docker-compose.yml"
+    mode: {{ docker_compose_file_mask }}
+    validate: docker-compose -f %s config
+  become: true
+
+- name: Start docker container
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/radarr"
+    pull: true
+    remove_orphans: yes
diff --git a/ansible/roles/radarr/templates/docker-compose.yml b/ansible/roles/radarr/templates/docker-compose.yml
index da7aee0..9ba49af 100644
--- a/ansible/roles/radarr/templates/docker-compose.yml
+++ b/ansible/roles/radarr/templates/docker-compose.yml
@@ -13,7 +13,7 @@ services:
       - traefik
     environment:
       - PUID={{ primary_uid }}
-      - PGID={{ primary_gid }}
+      - PGID={{ media_gid }}
       - TZ={{ timezone }}
     volumes:
       - "{{ data_dir }}/radarr:/config"