Merge remote-tracking branch 'refs/remotes/origin/main'
This commit is contained in:
commit
2981bdb22f
@ -0,0 +1,81 @@
|
||||
---
|
||||
|
||||
docker_users:
|
||||
- ladmin
|
||||
|
||||
docker_networks:
|
||||
- name: torrent
|
||||
driver: bridge
|
||||
driver_options:
|
||||
# com.docker.network.bridge.name: docker-torrent
|
||||
com.docker.network.bridge.enable_ip_masquerade: true
|
||||
com.docker.network.bridge.enable_icc: true
|
||||
# com.docker.network.container_iface_prefix: container-torrent
|
||||
attachable: true
|
||||
enable_ipv6: false
|
||||
internal: false
|
||||
ipam:
|
||||
- subnet: 192.168.99.0/24
|
||||
gateway: 192.168.99.254
|
||||
|
||||
docker_volumes:
|
||||
- name: torrent-data
|
||||
driver: local
|
||||
driver_options:
|
||||
type: none
|
||||
device: /media/nvme/downloads
|
||||
o: bind
|
||||
- name: torrent-config
|
||||
driver: local
|
||||
driver_options:
|
||||
type: none
|
||||
device: /etc/qbittorrent
|
||||
o: bind
|
||||
|
||||
docker_images:
|
||||
- name: hotio/qbittorrent
|
||||
tag: release
|
||||
|
||||
docker_containers:
|
||||
- name: qbittorrent
|
||||
image: hotio/qbittorrent:release
|
||||
auto_remove: false
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
domainname: balsillie.house
|
||||
env:
|
||||
PUID: '968'
|
||||
PGID: '968'
|
||||
UMASK: '002'
|
||||
TZ: Pacific/Auckland
|
||||
WEBUI_PORTS: 8080/tcp
|
||||
VPN_ENABLED: 'true'
|
||||
VPN_CONF: 'wg0'
|
||||
VPN_PROVIDER: 'proton'
|
||||
VPN_LAN_NETWORK: ''
|
||||
VPN_LAN_LEAK_ENABLED: 'false'
|
||||
VPN_EXPOSE_PORTS_ON_LAN: ''
|
||||
VPN_AUTO_PORT_FORWARD: 'true'
|
||||
VPN_AUTO_PORT_FORWARD_TO_PORTS: ''
|
||||
VPN_KEEP_LOCAL_DNS: 'false'
|
||||
VPN_FIREWALL_TYPE: 'nftables'
|
||||
VPN_HEALTHCHECK_ENABLED: 'true'
|
||||
PRIVOXY_ENABLED: 'false'
|
||||
UNBOUND_ENABLED: 'false'
|
||||
etc_hosts:
|
||||
tv.balsillie.house: 192.168.99.254
|
||||
movies.balsillie.house: 192.168.99.254
|
||||
hostname: torrent
|
||||
networks:
|
||||
- name: torrent
|
||||
aliases:
|
||||
- torrent
|
||||
- qbittorrent
|
||||
ipv4_address: 192.168.99.1
|
||||
restart_policy: 'unless-stopped'
|
||||
sysctls:
|
||||
net.ipv4.conf.all.src_valid_mark: 1
|
||||
net.ipv6.conf.all.disable_ipv6: 1
|
||||
volumes:
|
||||
- torrent-config:/config:rw
|
||||
- torrent-data:/data:rw
|
@ -27,8 +27,8 @@ nginx_sites:
|
||||
- name: torrent.balsillie.house
|
||||
type: proxy
|
||||
upstream:
|
||||
host: 127.0.0.1
|
||||
port: 9090
|
||||
host: 192.168.99.1
|
||||
port: 8080
|
||||
- name: jellyfin.balsillie.house
|
||||
type: proxy
|
||||
upstream:
|
||||
|
@ -0,0 +1,7 @@
|
||||
torrent_user: kodi
|
||||
torrent_downloads_dir: /media/nvme/downloads
|
||||
|
||||
torrent_wireguard_address: 10.2.0.2
|
||||
torrent_wireguard_dns: 10.2.0.1
|
||||
torrent_wireguard_peer_endpoint: 103.75.11.18
|
||||
torrent_wireguard_peer_public_key: 8Rm0uoG0H9BcSuA67/5gBv8tJgFZXNLm4sqEtkB9Nmw=
|
@ -8,6 +8,11 @@
|
||||
roles:
|
||||
# - role: sshd
|
||||
# - role: ufw
|
||||
# - role: nginx
|
||||
# - role: aur_repo_client
|
||||
# - role: arr
|
||||
- role: torrent
|
||||
|
||||
# - role: nginx
|
||||
# - role: aur_repo_client
|
||||
# - role: arr
|
||||
|
@ -7,14 +7,18 @@
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Reload systemd
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Start arr services
|
||||
ansible.builtin.systemd:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
loop:
|
||||
- sonarr.service
|
||||
- radarr.service
|
||||
- lidarr.service
|
||||
- prowlarr.service
|
||||
- bazarr.service
|
||||
|
82
ansible/roles/docker/tasks/main.yaml
Normal file
82
ansible/roles/docker/tasks/main.yaml
Normal file
@ -0,0 +1,82 @@
|
||||
---
|
||||
|
||||
- name: Install Docker on Archlinux
|
||||
when: ansible_facts['os_family'] == "Archlinux"
|
||||
community.general.pacman:
|
||||
name: docker
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Add users to docker group
|
||||
ansible.builtin.user:
|
||||
name: "{{ item }}"
|
||||
groups: docker
|
||||
append: true
|
||||
loop: "{{ docker_users }}"
|
||||
|
||||
- name: Start and enable Docker
|
||||
ansible.builtin.systemd:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Create Docker networks
|
||||
when:
|
||||
- docker_networks is defined
|
||||
- docker_networks | length > 0
|
||||
community.docker.docker_network:
|
||||
attachable: "{{ item.attachable | default(true) }}"
|
||||
driver: "{{ item.driver | default('bridge') }}"
|
||||
driver_options: "{{ item.driver_options | default(omit) }}"
|
||||
enable_ipv6: "{{ item.enable_ipv6 | default(false) }}"
|
||||
internal: "{{ item.internal | default(false) }}"
|
||||
ipam_config: "{{ item.ipam | default(omit) }}"
|
||||
name: "{{ item.name }}"
|
||||
state: "present"
|
||||
loop: "{{ docker_networks }}"
|
||||
|
||||
- name: Create Docker volumes
|
||||
when:
|
||||
- docker_volumes is defined
|
||||
- docker_volumes | length > 0
|
||||
community.general.docker_volume:
|
||||
driver: "{{ item.driver | default('local') }}"
|
||||
# driver_options: "{{ item.driver_options | default({}) }}"
|
||||
recreate: "never"
|
||||
state: "present"
|
||||
volume_name: "{{ item.name }}"
|
||||
loop: "{{ docker_volumes }}"
|
||||
|
||||
- name: Pull Docker images
|
||||
when:
|
||||
- docker_images is defined
|
||||
- docker_images | length > 0
|
||||
community.docker.docker_image_pull:
|
||||
name: "{{ item.name }}"
|
||||
pull: "always"
|
||||
tag: "{{ item.tag | default('latest') }}"
|
||||
loop: "{{ docker_images }}"
|
||||
|
||||
- name: Create Docker containers
|
||||
when:
|
||||
- docker_containers is defined
|
||||
- docker_containers | length > 0
|
||||
community.general.docker_container:
|
||||
auto_remove: "{{ item.auto_remove | default(false) }}"
|
||||
capabilities: "{{ item.capabilities | default(omit) }}"
|
||||
command: "{{ item.command | default(omit) }}"
|
||||
detach: true
|
||||
domainname: "{{ item.domainname | default(omit) }}"
|
||||
entrypoint: "{{ item.entrypoint | default(omit) }}"
|
||||
env: "{{ item.env | default({}) }}"
|
||||
etc_hosts: "{{ item.etc_hosts | default({}) }}"
|
||||
hostname: "{{ item.hostname | default(item.name) }}"
|
||||
image: "{{ item.image }}"
|
||||
name: "{{ item.name }}"
|
||||
networks: "{{ item.networks | default(omit) }}"
|
||||
published_ports: "{{ item.ports | default([]) }}"
|
||||
restart_policy: "{{ item.restart_policy | default('unless_stopped') }}"
|
||||
state: 'started'
|
||||
sysctls: "{{ item.sysctls | default({}) }}"
|
||||
volumes: "{{ item.volumes | default([]) }}"
|
||||
loop: "{{ docker_containers }}"
|
35
ansible/roles/torrent/tasks/main.yaml
Normal file
35
ansible/roles/torrent/tasks/main.yaml
Normal file
@ -0,0 +1,35 @@
|
||||
---
|
||||
|
||||
- name: Create downloads directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ torrent_downloads_dir }}"
|
||||
state: directory
|
||||
owner: "{{ torrent_user }}"
|
||||
group: "{{ torrent_user }}"
|
||||
mode: "0775"
|
||||
|
||||
- name: Create qbittorrent config directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/qbittorrent
|
||||
state: directory
|
||||
owner: "{{ torrent_user }}"
|
||||
group: "{{ torrent_user }}"
|
||||
mode: "0775"
|
||||
|
||||
- name: Template out the wireguard config
|
||||
ansible.builtin.template:
|
||||
dest: /etc/qbittorrent/wg0.conf
|
||||
src: wireguard.conf.j2
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
|
||||
- name: Modprobe the wireguard module
|
||||
community.general.modprobe:
|
||||
name: wireguard
|
||||
persistent: present
|
||||
state: present
|
||||
|
||||
- name: Branch to Docker role
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
11
ansible/roles/torrent/templates/wireguard.conf.j2
Normal file
11
ansible/roles/torrent/templates/wireguard.conf.j2
Normal file
@ -0,0 +1,11 @@
|
||||
[Interface]
|
||||
PrivateKey = {{ torrent_wireguard_private_key }}
|
||||
Address = {{ torrent_wireguard_address }}/32
|
||||
DNS = {{ torrent_wireguard_dns }}
|
||||
MTU = 1420
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ torrent_wireguard_peer_public_key }}
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
Endpoint = {{ torrent_wireguard_peer_endpoint }}:51820
|
||||
PersistentKeepalive = 25
|
1
todo/torrent.todo
Normal file
1
todo/torrent.todo
Normal file
@ -0,0 +1 @@
|
||||
☐ Fix nginx reverse proxy config
|
Loading…
Reference in New Issue
Block a user