1
0

Merge remote-tracking branch 'refs/remotes/origin/main'

This commit is contained in:
michael 2024-05-12 21:57:52 +12:00
commit 2981bdb22f
9 changed files with 229 additions and 3 deletions

View File

@ -0,0 +1,81 @@
---
docker_users:
- ladmin
docker_networks:
- name: torrent
driver: bridge
driver_options:
# com.docker.network.bridge.name: docker-torrent
com.docker.network.bridge.enable_ip_masquerade: true
com.docker.network.bridge.enable_icc: true
# com.docker.network.container_iface_prefix: container-torrent
attachable: true
enable_ipv6: false
internal: false
ipam:
- subnet: 192.168.99.0/24
gateway: 192.168.99.254
docker_volumes:
- name: torrent-data
driver: local
driver_options:
type: none
device: /media/nvme/downloads
o: bind
- name: torrent-config
driver: local
driver_options:
type: none
device: /etc/qbittorrent
o: bind
docker_images:
- name: hotio/qbittorrent
tag: release
docker_containers:
- name: qbittorrent
image: hotio/qbittorrent:release
auto_remove: false
capabilities:
- NET_ADMIN
domainname: balsillie.house
env:
PUID: '968'
PGID: '968'
UMASK: '002'
TZ: Pacific/Auckland
WEBUI_PORTS: 8080/tcp
VPN_ENABLED: 'true'
VPN_CONF: 'wg0'
VPN_PROVIDER: 'proton'
VPN_LAN_NETWORK: ''
VPN_LAN_LEAK_ENABLED: 'false'
VPN_EXPOSE_PORTS_ON_LAN: ''
VPN_AUTO_PORT_FORWARD: 'true'
VPN_AUTO_PORT_FORWARD_TO_PORTS: ''
VPN_KEEP_LOCAL_DNS: 'false'
VPN_FIREWALL_TYPE: 'nftables'
VPN_HEALTHCHECK_ENABLED: 'true'
PRIVOXY_ENABLED: 'false'
UNBOUND_ENABLED: 'false'
etc_hosts:
tv.balsillie.house: 192.168.99.254
movies.balsillie.house: 192.168.99.254
hostname: torrent
networks:
- name: torrent
aliases:
- torrent
- qbittorrent
ipv4_address: 192.168.99.1
restart_policy: 'unless-stopped'
sysctls:
net.ipv4.conf.all.src_valid_mark: 1
net.ipv6.conf.all.disable_ipv6: 1
volumes:
- torrent-config:/config:rw
- torrent-data:/data:rw

View File

@ -27,8 +27,8 @@ nginx_sites:
- name: torrent.balsillie.house - name: torrent.balsillie.house
type: proxy type: proxy
upstream: upstream:
host: 127.0.0.1 host: 192.168.99.1
port: 9090 port: 8080
- name: jellyfin.balsillie.house - name: jellyfin.balsillie.house
type: proxy type: proxy
upstream: upstream:

View File

@ -0,0 +1,7 @@
torrent_user: kodi
torrent_downloads_dir: /media/nvme/downloads
torrent_wireguard_address: 10.2.0.2
torrent_wireguard_dns: 10.2.0.1
torrent_wireguard_peer_endpoint: 103.75.11.18
torrent_wireguard_peer_public_key: 8Rm0uoG0H9BcSuA67/5gBv8tJgFZXNLm4sqEtkB9Nmw=

View File

@ -8,6 +8,11 @@
roles: roles:
# - role: sshd # - role: sshd
# - role: ufw # - role: ufw
# - role: nginx
# - role: aur_repo_client
# - role: arr
- role: torrent
# - role: nginx # - role: nginx
# - role: aur_repo_client # - role: aur_repo_client
# - role: arr # - role: arr

View File

@ -7,14 +7,18 @@
state: present state: present
update_cache: true update_cache: true
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: true
- name: Start arr services - name: Start arr services
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
state: started state: started
enabled: true enabled: true
daemon_reload: true
loop: loop:
- sonarr.service - sonarr.service
- radarr.service - radarr.service
- lidarr.service - lidarr.service
- prowlarr.service - prowlarr.service
- bazarr.service

View File

@ -0,0 +1,82 @@
---
- name: Install Docker on Archlinux
when: ansible_facts['os_family'] == "Archlinux"
community.general.pacman:
name: docker
state: present
update_cache: true
- name: Add users to docker group
ansible.builtin.user:
name: "{{ item }}"
groups: docker
append: true
loop: "{{ docker_users }}"
- name: Start and enable Docker
ansible.builtin.systemd:
name: docker
state: started
enabled: true
- name: Create Docker networks
when:
- docker_networks is defined
- docker_networks | length > 0
community.docker.docker_network:
attachable: "{{ item.attachable | default(true) }}"
driver: "{{ item.driver | default('bridge') }}"
driver_options: "{{ item.driver_options | default(omit) }}"
enable_ipv6: "{{ item.enable_ipv6 | default(false) }}"
internal: "{{ item.internal | default(false) }}"
ipam_config: "{{ item.ipam | default(omit) }}"
name: "{{ item.name }}"
state: "present"
loop: "{{ docker_networks }}"
- name: Create Docker volumes
when:
- docker_volumes is defined
- docker_volumes | length > 0
community.general.docker_volume:
driver: "{{ item.driver | default('local') }}"
# driver_options: "{{ item.driver_options | default({}) }}"
recreate: "never"
state: "present"
volume_name: "{{ item.name }}"
loop: "{{ docker_volumes }}"
- name: Pull Docker images
when:
- docker_images is defined
- docker_images | length > 0
community.docker.docker_image_pull:
name: "{{ item.name }}"
pull: "always"
tag: "{{ item.tag | default('latest') }}"
loop: "{{ docker_images }}"
- name: Create Docker containers
when:
- docker_containers is defined
- docker_containers | length > 0
community.general.docker_container:
auto_remove: "{{ item.auto_remove | default(false) }}"
capabilities: "{{ item.capabilities | default(omit) }}"
command: "{{ item.command | default(omit) }}"
detach: true
domainname: "{{ item.domainname | default(omit) }}"
entrypoint: "{{ item.entrypoint | default(omit) }}"
env: "{{ item.env | default({}) }}"
etc_hosts: "{{ item.etc_hosts | default({}) }}"
hostname: "{{ item.hostname | default(item.name) }}"
image: "{{ item.image }}"
name: "{{ item.name }}"
networks: "{{ item.networks | default(omit) }}"
published_ports: "{{ item.ports | default([]) }}"
restart_policy: "{{ item.restart_policy | default('unless_stopped') }}"
state: 'started'
sysctls: "{{ item.sysctls | default({}) }}"
volumes: "{{ item.volumes | default([]) }}"
loop: "{{ docker_containers }}"

View File

@ -0,0 +1,35 @@
---
- name: Create downloads directory
ansible.builtin.file:
path: "{{ torrent_downloads_dir }}"
state: directory
owner: "{{ torrent_user }}"
group: "{{ torrent_user }}"
mode: "0775"
- name: Create qbittorrent config directory
ansible.builtin.file:
path: /etc/qbittorrent
state: directory
owner: "{{ torrent_user }}"
group: "{{ torrent_user }}"
mode: "0775"
- name: Template out the wireguard config
ansible.builtin.template:
dest: /etc/qbittorrent/wg0.conf
src: wireguard.conf.j2
owner: root
group: root
mode: "0600"
- name: Modprobe the wireguard module
community.general.modprobe:
name: wireguard
persistent: present
state: present
- name: Branch to Docker role
ansible.builtin.include_role:
name: docker

View File

@ -0,0 +1,11 @@
[Interface]
PrivateKey = {{ torrent_wireguard_private_key }}
Address = {{ torrent_wireguard_address }}/32
DNS = {{ torrent_wireguard_dns }}
MTU = 1420
[Peer]
PublicKey = {{ torrent_wireguard_peer_public_key }}
AllowedIPs = 0.0.0.0/0
Endpoint = {{ torrent_wireguard_peer_endpoint }}:51820
PersistentKeepalive = 25

1
todo/torrent.todo Normal file
View File

@ -0,0 +1 @@
☐ Fix nginx reverse proxy config