diff --git a/ansible/inventory/host_vars/kodi00.balsillie.house/docker.yaml b/ansible/inventory/host_vars/kodi00.balsillie.house/docker.yaml new file mode 100644 index 0000000..9537871 --- /dev/null +++ b/ansible/inventory/host_vars/kodi00.balsillie.house/docker.yaml @@ -0,0 +1,81 @@ +--- + +docker_users: + - ladmin + +docker_networks: + - name: torrent + driver: bridge + driver_options: + # com.docker.network.bridge.name: docker-torrent + com.docker.network.bridge.enable_ip_masquerade: true + com.docker.network.bridge.enable_icc: true + # com.docker.network.container_iface_prefix: container-torrent + attachable: true + enable_ipv6: false + internal: false + ipam: + - subnet: 192.168.99.0/24 + gateway: 192.168.99.254 + +docker_volumes: + - name: torrent-data + driver: local + driver_options: + type: none + device: /media/nvme/downloads + o: bind + - name: torrent-config + driver: local + driver_options: + type: none + device: /etc/qbittorrent + o: bind + +docker_images: + - name: hotio/qbittorrent + tag: release + +docker_containers: + - name: qbittorrent + image: hotio/qbittorrent:release + auto_remove: false + capabilities: + - NET_ADMIN + domainname: balsillie.house + env: + PUID: '968' + PGID: '968' + UMASK: '002' + TZ: Pacific/Auckland + WEBUI_PORTS: 8080/tcp + VPN_ENABLED: 'true' + VPN_CONF: 'wg0' + VPN_PROVIDER: 'proton' + VPN_LAN_NETWORK: '' + VPN_LAN_LEAK_ENABLED: 'false' + VPN_EXPOSE_PORTS_ON_LAN: '' + VPN_AUTO_PORT_FORWARD: 'true' + VPN_AUTO_PORT_FORWARD_TO_PORTS: '' + VPN_KEEP_LOCAL_DNS: 'false' + VPN_FIREWALL_TYPE: 'nftables' + VPN_HEALTHCHECK_ENABLED: 'true' + PRIVOXY_ENABLED: 'false' + UNBOUND_ENABLED: 'false' + etc_hosts: + tv.balsillie.house: 192.168.99.254 + movies.balsillie.house: 192.168.99.254 + hostname: torrent + networks: + - name: torrent + aliases: + - torrent + - qbittorrent + ipv4_address: 192.168.99.1 + restart_policy: 'unless-stopped' + sysctls: + net.ipv4.conf.all.src_valid_mark: 1 + net.ipv6.conf.all.disable_ipv6: 1 + volumes: + - torrent-config:/config:rw + - torrent-data:/data:rw diff --git a/ansible/inventory/host_vars/kodi00.balsillie.house/nginx.yaml b/ansible/inventory/host_vars/kodi00.balsillie.house/nginx.yaml index 9d62b94..6d52788 100644 --- a/ansible/inventory/host_vars/kodi00.balsillie.house/nginx.yaml +++ b/ansible/inventory/host_vars/kodi00.balsillie.house/nginx.yaml @@ -27,8 +27,8 @@ nginx_sites: - name: torrent.balsillie.house type: proxy upstream: - host: 127.0.0.1 - port: 9090 + host: 192.168.99.1 + port: 8080 - name: jellyfin.balsillie.house type: proxy upstream: diff --git a/ansible/inventory/host_vars/kodi00.balsillie.house/torrent.yaml b/ansible/inventory/host_vars/kodi00.balsillie.house/torrent.yaml new file mode 100644 index 0000000..9f2dbea --- /dev/null +++ b/ansible/inventory/host_vars/kodi00.balsillie.house/torrent.yaml @@ -0,0 +1,7 @@ +torrent_user: kodi +torrent_downloads_dir: /media/nvme/downloads + +torrent_wireguard_address: 10.2.0.2 +torrent_wireguard_dns: 10.2.0.1 +torrent_wireguard_peer_endpoint: 103.75.11.18 +torrent_wireguard_peer_public_key: 8Rm0uoG0H9BcSuA67/5gBv8tJgFZXNLm4sqEtkB9Nmw= diff --git a/ansible/playbooks/infra/kodi.yaml b/ansible/playbooks/infra/kodi.yaml index 6292858..f6f0085 100644 --- a/ansible/playbooks/infra/kodi.yaml +++ b/ansible/playbooks/infra/kodi.yaml @@ -8,6 +8,11 @@ roles: # - role: sshd # - role: ufw + # - role: nginx + # - role: aur_repo_client + # - role: arr + - role: torrent + # - role: nginx # - role: aur_repo_client # - role: arr diff --git a/ansible/roles/arr/tasks/main.yaml b/ansible/roles/arr/tasks/main.yaml index c6f41b8..7cf4880 100644 --- a/ansible/roles/arr/tasks/main.yaml +++ b/ansible/roles/arr/tasks/main.yaml @@ -7,14 +7,18 @@ state: present update_cache: true +- name: Reload systemd + ansible.builtin.systemd: + daemon_reload: true + - name: Start arr services ansible.builtin.systemd: name: "{{ item }}" state: started enabled: true - daemon_reload: true loop: - sonarr.service - radarr.service - lidarr.service - prowlarr.service + - bazarr.service diff --git a/ansible/roles/docker/tasks/main.yaml b/ansible/roles/docker/tasks/main.yaml new file mode 100644 index 0000000..f47fca4 --- /dev/null +++ b/ansible/roles/docker/tasks/main.yaml @@ -0,0 +1,82 @@ +--- + +- name: Install Docker on Archlinux + when: ansible_facts['os_family'] == "Archlinux" + community.general.pacman: + name: docker + state: present + update_cache: true + +- name: Add users to docker group + ansible.builtin.user: + name: "{{ item }}" + groups: docker + append: true + loop: "{{ docker_users }}" + +- name: Start and enable Docker + ansible.builtin.systemd: + name: docker + state: started + enabled: true + +- name: Create Docker networks + when: + - docker_networks is defined + - docker_networks | length > 0 + community.docker.docker_network: + attachable: "{{ item.attachable | default(true) }}" + driver: "{{ item.driver | default('bridge') }}" + driver_options: "{{ item.driver_options | default(omit) }}" + enable_ipv6: "{{ item.enable_ipv6 | default(false) }}" + internal: "{{ item.internal | default(false) }}" + ipam_config: "{{ item.ipam | default(omit) }}" + name: "{{ item.name }}" + state: "present" + loop: "{{ docker_networks }}" + +- name: Create Docker volumes + when: + - docker_volumes is defined + - docker_volumes | length > 0 + community.general.docker_volume: + driver: "{{ item.driver | default('local') }}" + # driver_options: "{{ item.driver_options | default({}) }}" + recreate: "never" + state: "present" + volume_name: "{{ item.name }}" + loop: "{{ docker_volumes }}" + +- name: Pull Docker images + when: + - docker_images is defined + - docker_images | length > 0 + community.docker.docker_image_pull: + name: "{{ item.name }}" + pull: "always" + tag: "{{ item.tag | default('latest') }}" + loop: "{{ docker_images }}" + +- name: Create Docker containers + when: + - docker_containers is defined + - docker_containers | length > 0 + community.general.docker_container: + auto_remove: "{{ item.auto_remove | default(false) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + command: "{{ item.command | default(omit) }}" + detach: true + domainname: "{{ item.domainname | default(omit) }}" + entrypoint: "{{ item.entrypoint | default(omit) }}" + env: "{{ item.env | default({}) }}" + etc_hosts: "{{ item.etc_hosts | default({}) }}" + hostname: "{{ item.hostname | default(item.name) }}" + image: "{{ item.image }}" + name: "{{ item.name }}" + networks: "{{ item.networks | default(omit) }}" + published_ports: "{{ item.ports | default([]) }}" + restart_policy: "{{ item.restart_policy | default('unless_stopped') }}" + state: 'started' + sysctls: "{{ item.sysctls | default({}) }}" + volumes: "{{ item.volumes | default([]) }}" + loop: "{{ docker_containers }}" diff --git a/ansible/roles/torrent/tasks/main.yaml b/ansible/roles/torrent/tasks/main.yaml new file mode 100644 index 0000000..5cbf67c --- /dev/null +++ b/ansible/roles/torrent/tasks/main.yaml @@ -0,0 +1,35 @@ +--- + +- name: Create downloads directory + ansible.builtin.file: + path: "{{ torrent_downloads_dir }}" + state: directory + owner: "{{ torrent_user }}" + group: "{{ torrent_user }}" + mode: "0775" + +- name: Create qbittorrent config directory + ansible.builtin.file: + path: /etc/qbittorrent + state: directory + owner: "{{ torrent_user }}" + group: "{{ torrent_user }}" + mode: "0775" + +- name: Template out the wireguard config + ansible.builtin.template: + dest: /etc/qbittorrent/wg0.conf + src: wireguard.conf.j2 + owner: root + group: root + mode: "0600" + +- name: Modprobe the wireguard module + community.general.modprobe: + name: wireguard + persistent: present + state: present + +- name: Branch to Docker role + ansible.builtin.include_role: + name: docker diff --git a/ansible/roles/torrent/templates/wireguard.conf.j2 b/ansible/roles/torrent/templates/wireguard.conf.j2 new file mode 100644 index 0000000..9689100 --- /dev/null +++ b/ansible/roles/torrent/templates/wireguard.conf.j2 @@ -0,0 +1,11 @@ + [Interface] + PrivateKey = {{ torrent_wireguard_private_key }} + Address = {{ torrent_wireguard_address }}/32 + DNS = {{ torrent_wireguard_dns }} + MTU = 1420 + + [Peer] + PublicKey = {{ torrent_wireguard_peer_public_key }} + AllowedIPs = 0.0.0.0/0 + Endpoint = {{ torrent_wireguard_peer_endpoint }}:51820 + PersistentKeepalive = 25 diff --git a/todo/torrent.todo b/todo/torrent.todo new file mode 100644 index 0000000..03bbe19 --- /dev/null +++ b/todo/torrent.todo @@ -0,0 +1 @@ +☐ Fix nginx reverse proxy config