Merge remote-tracking branch 'refs/remotes/origin/main'
This commit is contained in:
commit
2981bdb22f
@ -0,0 +1,81 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
docker_users:
|
||||||
|
- ladmin
|
||||||
|
|
||||||
|
docker_networks:
|
||||||
|
- name: torrent
|
||||||
|
driver: bridge
|
||||||
|
driver_options:
|
||||||
|
# com.docker.network.bridge.name: docker-torrent
|
||||||
|
com.docker.network.bridge.enable_ip_masquerade: true
|
||||||
|
com.docker.network.bridge.enable_icc: true
|
||||||
|
# com.docker.network.container_iface_prefix: container-torrent
|
||||||
|
attachable: true
|
||||||
|
enable_ipv6: false
|
||||||
|
internal: false
|
||||||
|
ipam:
|
||||||
|
- subnet: 192.168.99.0/24
|
||||||
|
gateway: 192.168.99.254
|
||||||
|
|
||||||
|
docker_volumes:
|
||||||
|
- name: torrent-data
|
||||||
|
driver: local
|
||||||
|
driver_options:
|
||||||
|
type: none
|
||||||
|
device: /media/nvme/downloads
|
||||||
|
o: bind
|
||||||
|
- name: torrent-config
|
||||||
|
driver: local
|
||||||
|
driver_options:
|
||||||
|
type: none
|
||||||
|
device: /etc/qbittorrent
|
||||||
|
o: bind
|
||||||
|
|
||||||
|
docker_images:
|
||||||
|
- name: hotio/qbittorrent
|
||||||
|
tag: release
|
||||||
|
|
||||||
|
docker_containers:
|
||||||
|
- name: qbittorrent
|
||||||
|
image: hotio/qbittorrent:release
|
||||||
|
auto_remove: false
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
domainname: balsillie.house
|
||||||
|
env:
|
||||||
|
PUID: '968'
|
||||||
|
PGID: '968'
|
||||||
|
UMASK: '002'
|
||||||
|
TZ: Pacific/Auckland
|
||||||
|
WEBUI_PORTS: 8080/tcp
|
||||||
|
VPN_ENABLED: 'true'
|
||||||
|
VPN_CONF: 'wg0'
|
||||||
|
VPN_PROVIDER: 'proton'
|
||||||
|
VPN_LAN_NETWORK: ''
|
||||||
|
VPN_LAN_LEAK_ENABLED: 'false'
|
||||||
|
VPN_EXPOSE_PORTS_ON_LAN: ''
|
||||||
|
VPN_AUTO_PORT_FORWARD: 'true'
|
||||||
|
VPN_AUTO_PORT_FORWARD_TO_PORTS: ''
|
||||||
|
VPN_KEEP_LOCAL_DNS: 'false'
|
||||||
|
VPN_FIREWALL_TYPE: 'nftables'
|
||||||
|
VPN_HEALTHCHECK_ENABLED: 'true'
|
||||||
|
PRIVOXY_ENABLED: 'false'
|
||||||
|
UNBOUND_ENABLED: 'false'
|
||||||
|
etc_hosts:
|
||||||
|
tv.balsillie.house: 192.168.99.254
|
||||||
|
movies.balsillie.house: 192.168.99.254
|
||||||
|
hostname: torrent
|
||||||
|
networks:
|
||||||
|
- name: torrent
|
||||||
|
aliases:
|
||||||
|
- torrent
|
||||||
|
- qbittorrent
|
||||||
|
ipv4_address: 192.168.99.1
|
||||||
|
restart_policy: 'unless-stopped'
|
||||||
|
sysctls:
|
||||||
|
net.ipv4.conf.all.src_valid_mark: 1
|
||||||
|
net.ipv6.conf.all.disable_ipv6: 1
|
||||||
|
volumes:
|
||||||
|
- torrent-config:/config:rw
|
||||||
|
- torrent-data:/data:rw
|
@ -27,8 +27,8 @@ nginx_sites:
|
|||||||
- name: torrent.balsillie.house
|
- name: torrent.balsillie.house
|
||||||
type: proxy
|
type: proxy
|
||||||
upstream:
|
upstream:
|
||||||
host: 127.0.0.1
|
host: 192.168.99.1
|
||||||
port: 9090
|
port: 8080
|
||||||
- name: jellyfin.balsillie.house
|
- name: jellyfin.balsillie.house
|
||||||
type: proxy
|
type: proxy
|
||||||
upstream:
|
upstream:
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
torrent_user: kodi
|
||||||
|
torrent_downloads_dir: /media/nvme/downloads
|
||||||
|
|
||||||
|
torrent_wireguard_address: 10.2.0.2
|
||||||
|
torrent_wireguard_dns: 10.2.0.1
|
||||||
|
torrent_wireguard_peer_endpoint: 103.75.11.18
|
||||||
|
torrent_wireguard_peer_public_key: 8Rm0uoG0H9BcSuA67/5gBv8tJgFZXNLm4sqEtkB9Nmw=
|
@ -8,6 +8,11 @@
|
|||||||
roles:
|
roles:
|
||||||
# - role: sshd
|
# - role: sshd
|
||||||
# - role: ufw
|
# - role: ufw
|
||||||
|
# - role: nginx
|
||||||
|
# - role: aur_repo_client
|
||||||
|
# - role: arr
|
||||||
|
- role: torrent
|
||||||
|
|
||||||
# - role: nginx
|
# - role: nginx
|
||||||
# - role: aur_repo_client
|
# - role: aur_repo_client
|
||||||
# - role: arr
|
# - role: arr
|
||||||
|
@ -7,14 +7,18 @@
|
|||||||
state: present
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Reload systemd
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
- name: Start arr services
|
- name: Start arr services
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
daemon_reload: true
|
|
||||||
loop:
|
loop:
|
||||||
- sonarr.service
|
- sonarr.service
|
||||||
- radarr.service
|
- radarr.service
|
||||||
- lidarr.service
|
- lidarr.service
|
||||||
- prowlarr.service
|
- prowlarr.service
|
||||||
|
- bazarr.service
|
||||||
|
82
ansible/roles/docker/tasks/main.yaml
Normal file
82
ansible/roles/docker/tasks/main.yaml
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install Docker on Archlinux
|
||||||
|
when: ansible_facts['os_family'] == "Archlinux"
|
||||||
|
community.general.pacman:
|
||||||
|
name: docker
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Add users to docker group
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ item }}"
|
||||||
|
groups: docker
|
||||||
|
append: true
|
||||||
|
loop: "{{ docker_users }}"
|
||||||
|
|
||||||
|
- name: Start and enable Docker
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Create Docker networks
|
||||||
|
when:
|
||||||
|
- docker_networks is defined
|
||||||
|
- docker_networks | length > 0
|
||||||
|
community.docker.docker_network:
|
||||||
|
attachable: "{{ item.attachable | default(true) }}"
|
||||||
|
driver: "{{ item.driver | default('bridge') }}"
|
||||||
|
driver_options: "{{ item.driver_options | default(omit) }}"
|
||||||
|
enable_ipv6: "{{ item.enable_ipv6 | default(false) }}"
|
||||||
|
internal: "{{ item.internal | default(false) }}"
|
||||||
|
ipam_config: "{{ item.ipam | default(omit) }}"
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
state: "present"
|
||||||
|
loop: "{{ docker_networks }}"
|
||||||
|
|
||||||
|
- name: Create Docker volumes
|
||||||
|
when:
|
||||||
|
- docker_volumes is defined
|
||||||
|
- docker_volumes | length > 0
|
||||||
|
community.general.docker_volume:
|
||||||
|
driver: "{{ item.driver | default('local') }}"
|
||||||
|
# driver_options: "{{ item.driver_options | default({}) }}"
|
||||||
|
recreate: "never"
|
||||||
|
state: "present"
|
||||||
|
volume_name: "{{ item.name }}"
|
||||||
|
loop: "{{ docker_volumes }}"
|
||||||
|
|
||||||
|
- name: Pull Docker images
|
||||||
|
when:
|
||||||
|
- docker_images is defined
|
||||||
|
- docker_images | length > 0
|
||||||
|
community.docker.docker_image_pull:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
pull: "always"
|
||||||
|
tag: "{{ item.tag | default('latest') }}"
|
||||||
|
loop: "{{ docker_images }}"
|
||||||
|
|
||||||
|
- name: Create Docker containers
|
||||||
|
when:
|
||||||
|
- docker_containers is defined
|
||||||
|
- docker_containers | length > 0
|
||||||
|
community.general.docker_container:
|
||||||
|
auto_remove: "{{ item.auto_remove | default(false) }}"
|
||||||
|
capabilities: "{{ item.capabilities | default(omit) }}"
|
||||||
|
command: "{{ item.command | default(omit) }}"
|
||||||
|
detach: true
|
||||||
|
domainname: "{{ item.domainname | default(omit) }}"
|
||||||
|
entrypoint: "{{ item.entrypoint | default(omit) }}"
|
||||||
|
env: "{{ item.env | default({}) }}"
|
||||||
|
etc_hosts: "{{ item.etc_hosts | default({}) }}"
|
||||||
|
hostname: "{{ item.hostname | default(item.name) }}"
|
||||||
|
image: "{{ item.image }}"
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
networks: "{{ item.networks | default(omit) }}"
|
||||||
|
published_ports: "{{ item.ports | default([]) }}"
|
||||||
|
restart_policy: "{{ item.restart_policy | default('unless_stopped') }}"
|
||||||
|
state: 'started'
|
||||||
|
sysctls: "{{ item.sysctls | default({}) }}"
|
||||||
|
volumes: "{{ item.volumes | default([]) }}"
|
||||||
|
loop: "{{ docker_containers }}"
|
35
ansible/roles/torrent/tasks/main.yaml
Normal file
35
ansible/roles/torrent/tasks/main.yaml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Create downloads directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ torrent_downloads_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ torrent_user }}"
|
||||||
|
group: "{{ torrent_user }}"
|
||||||
|
mode: "0775"
|
||||||
|
|
||||||
|
- name: Create qbittorrent config directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/qbittorrent
|
||||||
|
state: directory
|
||||||
|
owner: "{{ torrent_user }}"
|
||||||
|
group: "{{ torrent_user }}"
|
||||||
|
mode: "0775"
|
||||||
|
|
||||||
|
- name: Template out the wireguard config
|
||||||
|
ansible.builtin.template:
|
||||||
|
dest: /etc/qbittorrent/wg0.conf
|
||||||
|
src: wireguard.conf.j2
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
|
||||||
|
- name: Modprobe the wireguard module
|
||||||
|
community.general.modprobe:
|
||||||
|
name: wireguard
|
||||||
|
persistent: present
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Branch to Docker role
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: docker
|
11
ansible/roles/torrent/templates/wireguard.conf.j2
Normal file
11
ansible/roles/torrent/templates/wireguard.conf.j2
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[Interface]
|
||||||
|
PrivateKey = {{ torrent_wireguard_private_key }}
|
||||||
|
Address = {{ torrent_wireguard_address }}/32
|
||||||
|
DNS = {{ torrent_wireguard_dns }}
|
||||||
|
MTU = 1420
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = {{ torrent_wireguard_peer_public_key }}
|
||||||
|
AllowedIPs = 0.0.0.0/0
|
||||||
|
Endpoint = {{ torrent_wireguard_peer_endpoint }}:51820
|
||||||
|
PersistentKeepalive = 25
|
1
todo/torrent.todo
Normal file
1
todo/torrent.todo
Normal file
@ -0,0 +1 @@
|
|||||||
|
☐ Fix nginx reverse proxy config
|
Loading…
Reference in New Issue
Block a user