diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml index 0f7aefb..b12b6b1 100644 --- a/ansible/deploy_home.yml +++ b/ansible/deploy_home.yml @@ -1,3 +1,4 @@ +--- - hosts: all vars_files: - vars/vault.yml diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml index 8c68086..523b06a 100644 --- a/ansible/roles/podman/defaults/main.yml +++ b/ansible/roles/podman/defaults/main.yml @@ -1,5 +1,6 @@ --- bookstack_path: "{{ podman_volumes }}/bookstack" +cam2ip_path: "{{ podman_volumes }}/cam2ip" cloud_path: "{{ podman_volumes }}/cloud" cloud_skudak_path: "{{ podman_volumes }}/skudakcloud" debyltech_path: "{{ podman_volumes }}/debyltech" @@ -14,6 +15,7 @@ partkeepr_path: "{{ podman_volumes }}/partkeepr" photos_path: "{{ podman_volumes }}/photos" pihole_path: "{{ podman_volumes }}/pihole" sshpass_cron_path: "{{ podman_volumes }}/sshpass_cron" +palworld_path: "{{ podman_volumes }}/palworld" drone_server_proto: "https" drone_runner_proto: "http" diff --git a/ansible/roles/podman/tasks/container-sshpass-cron.yml b/ansible/roles/podman/tasks/container-sshpass-cron.yml deleted file mode 100644 index 17051c5..0000000 --- a/ansible/roles/podman/tasks/container-sshpass-cron.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -- name: create sshpass_cron host directory volumes - become: true - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ podman_user }}" - group: "{{ podman_user }}" - mode: 0755 - notify: restorecon podman - loop: - - "{{ sshpass_cron_path }}" - -- name: copy sshpass_cron crontab - become: true - ansible.builtin.template: - src: "files/sshpass_cron/{{ item }}" - dest: "{{ sshpass_cron_path }}/{{ item }}" - owner: "{{ podman_user }}" - group: "{{ podman_user }}" - mode: 0644 - loop: - - crontab - notify: - - restorecon podman - -- name: create sshpass_cron password file - become: true - ansible.builtin.copy: - dest: "{{ sshpass_cron_path }}/unifi-pass" - content: "{{ unifi_ssh_password }}" - owner: "{{ podman_user }}" - group: "{{ podman_user }}" - mode: 0400 - notify: - - restorecon podman - -- name: flush handlers - ansible.builtin.meta: flush_handlers - -- import_tasks: podman/podman-check.yml - vars: - container_name: sshpass_cron - container_image: "{{ image }}" - -- name: create sshpass_cron container - become: true - become_user: "{{ podman_user }}" - containers.podman.podman_container: - name: sshpass_cron - image: "{{ image }}" - restart_policy: on-failure:3 - log_driver: journald - volumes: - - "{{ sshpass_cron_path }}:/mnt" - env: - TZ: "America/New_York" - -- name: create systemd startup job for sshpass_cron - include_tasks: podman/systemd-generate.yml - vars: - container_name: sshpass_cron diff --git a/ansible/roles/podman/tasks/container-awsddns.yml b/ansible/roles/podman/tasks/containers/base/awsddns.yml similarity index 95% rename from ansible/roles/podman/tasks/container-awsddns.yml rename to ansible/roles/podman/tasks/containers/base/awsddns.yml index 0377158..792e6ef 100644 --- a/ansible/roles/podman/tasks/container-awsddns.yml +++ b/ansible/roles/podman/tasks/containers/base/awsddns.yml @@ -71,8 +71,8 @@ AWS_ZONE_TTL: 60 AWS_ZONE_ID: "{{ fulfillr_zone_id }}" AWS_ZONE_HOSTNAME: "{{ fulfillr_server_name }}" - AWS_ACCESS_KEY_ID: "{{ fulfillr_access_key }}" - AWS_SECRET_ACCESS_KEY: "{{ fulfillr_secret_key }}" + AWS_ACCESS_KEY_ID: "{{ fulfillr_dns_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ fulfillr_dns_secret_key }}" AWS_DEFAULT_REGION: "{{ fulfillr_region }}" - name: create systemd startup job for awsddns-fulfillr diff --git a/ansible/roles/podman/tasks/configuration-nginx-http.yml b/ansible/roles/podman/tasks/containers/base/conf-nginx-http.yml similarity index 100% rename from ansible/roles/podman/tasks/configuration-nginx-http.yml rename to ansible/roles/podman/tasks/containers/base/conf-nginx-http.yml diff --git a/ansible/roles/podman/tasks/configuration-nginx-https.yml b/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml similarity index 100% rename from ansible/roles/podman/tasks/configuration-nginx-https.yml rename to ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml diff --git a/ansible/roles/podman/tasks/configuration-nginx-modsec.yml b/ansible/roles/podman/tasks/containers/base/conf-nginx-modsec.yml similarity index 100% rename from ansible/roles/podman/tasks/configuration-nginx-modsec.yml rename to ansible/roles/podman/tasks/containers/base/conf-nginx-modsec.yml diff --git a/ansible/roles/podman/tasks/configuration-nginx.yml b/ansible/roles/podman/tasks/containers/base/conf-nginx.yml similarity index 72% rename from ansible/roles/podman/tasks/configuration-nginx.yml rename to ansible/roles/podman/tasks/containers/base/conf-nginx.yml index febecdd..afa0cb8 100644 --- a/ansible/roles/podman/tasks/configuration-nginx.yml +++ b/ansible/roles/podman/tasks/containers/base/conf-nginx.yml @@ -11,9 +11,9 @@ - ssl - https -- import_tasks: configuration-nginx-http.yml -- import_tasks: configuration-nginx-https.yml -- import_tasks: configuration-nginx-modsec.yml +- import_tasks: conf-nginx-http.yml +- import_tasks: conf-nginx-https.yml +- import_tasks: conf-nginx-modsec.yml - name: flush handlers ansible.builtin.meta: flush_handlers diff --git a/ansible/roles/podman/tasks/container-nginx.yml b/ansible/roles/podman/tasks/containers/base/nginx.yml similarity index 100% rename from ansible/roles/podman/tasks/container-nginx.yml rename to ansible/roles/podman/tasks/containers/base/nginx.yml diff --git a/ansible/roles/podman/tasks/container-fulfillr.yml b/ansible/roles/podman/tasks/containers/debyltech/fulfillr.yml similarity index 100% rename from ansible/roles/podman/tasks/container-fulfillr.yml rename to ansible/roles/podman/tasks/containers/debyltech/fulfillr.yml diff --git a/ansible/roles/podman/tasks/container-factorio.yml b/ansible/roles/podman/tasks/containers/games/factorio.yml similarity index 100% rename from ansible/roles/podman/tasks/container-factorio.yml rename to ansible/roles/podman/tasks/containers/games/factorio.yml diff --git a/ansible/roles/podman/tasks/containers/games/palworld.yml b/ansible/roles/podman/tasks/containers/games/palworld.yml new file mode 100644 index 0000000..01796d9 --- /dev/null +++ b/ansible/roles/podman/tasks/containers/games/palworld.yml @@ -0,0 +1,56 @@ +--- +- name: create palworld host directory volumes + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ podman_subuid.stdout }}" + group: "{{ podman_user }}" + mode: 0755 + notify: restorecon podman + loop: + - "{{ palworld_path }}" + +- name: unshare chown the palworld volumes + become: true + become_user: "{{ podman_user }}" + changed_when: false + ansible.builtin.command: | + podman unshare chown -R 1000:10000 {{ palworld_path }} + +- import_tasks: podman/podman-check.yml + vars: + container_name: palworld + container_image: "{{ image }}" + +- name: create palworld server container + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container: + name: palworld + image: "{{ image }}" + image_strict: true + restart_policy: unless-stopped + log_driver: journald + volumes: + - "{{ palworld_path }}:/palworld" + env: + ALWAYS_UPDATE_ON_START: "true" + MAX_PLAYERS: 32 + MULTITHREAD_ENABLED: "true" + COMMUNITY_SERVER: "false" + RCON_ENABLED: "true" + RCON_PORT: 25575 + PUBLIC_PORT: 8211 + SERVER_NAME: Bearbehr and Friends + SERVER_DESCRIPTION: Bearbehr's Dedicated Server for Friends + SERVER_PASSWORD: "" + ADMIN_PASSWORD: "{{ palworld_admin_password }}" + ports: + - 8211:8211/udp + - 25575:25575/udp + +- name: create systemd startup job for palworld + include_tasks: podman/systemd-generate.yml + vars: + container_name: palworld diff --git a/ansible/roles/podman/tasks/container-cloud.yml b/ansible/roles/podman/tasks/containers/home/cloud.yml similarity index 100% rename from ansible/roles/podman/tasks/container-cloud.yml rename to ansible/roles/podman/tasks/containers/home/cloud.yml diff --git a/ansible/roles/podman/tasks/container-drone.yml b/ansible/roles/podman/tasks/containers/home/drone.yml similarity index 100% rename from ansible/roles/podman/tasks/container-drone.yml rename to ansible/roles/podman/tasks/containers/home/drone.yml diff --git a/ansible/roles/podman/tasks/container-graylog.yml b/ansible/roles/podman/tasks/containers/home/graylog.yml similarity index 100% rename from ansible/roles/podman/tasks/container-graylog.yml rename to ansible/roles/podman/tasks/containers/home/graylog.yml diff --git a/ansible/roles/podman/tasks/container-hass.yml b/ansible/roles/podman/tasks/containers/home/hass.yml similarity index 100% rename from ansible/roles/podman/tasks/container-hass.yml rename to ansible/roles/podman/tasks/containers/home/hass.yml diff --git a/ansible/roles/podman/tasks/container-nosql.yml b/ansible/roles/podman/tasks/containers/home/nosql.yml similarity index 100% rename from ansible/roles/podman/tasks/container-nosql.yml rename to ansible/roles/podman/tasks/containers/home/nosql.yml diff --git a/ansible/roles/podman/tasks/container-partkeepr.yml b/ansible/roles/podman/tasks/containers/home/partkeepr.yml similarity index 100% rename from ansible/roles/podman/tasks/container-partkeepr.yml rename to ansible/roles/podman/tasks/containers/home/partkeepr.yml diff --git a/ansible/roles/podman/tasks/container-photos.yml b/ansible/roles/podman/tasks/containers/home/photos.yml similarity index 100% rename from ansible/roles/podman/tasks/container-photos.yml rename to ansible/roles/podman/tasks/containers/home/photos.yml diff --git a/ansible/roles/podman/tasks/container-cloud-skudak.yml b/ansible/roles/podman/tasks/containers/skudak/cloud.yml similarity index 100% rename from ansible/roles/podman/tasks/container-cloud-skudak.yml rename to ansible/roles/podman/tasks/containers/skudak/cloud.yml diff --git a/ansible/roles/podman/tasks/container-bookstack.yml b/ansible/roles/podman/tasks/containers/skudak/wiki.yml similarity index 100% rename from ansible/roles/podman/tasks/container-bookstack.yml rename to ansible/roles/podman/tasks/containers/skudak/wiki.yml diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml index e52ee82..a7cfece 100644 --- a/ansible/roles/podman/tasks/firewall.yml +++ b/ansible/roles/podman/tasks/firewall.yml @@ -27,6 +27,9 @@ # Factorio - 27015/tcp - 34197/udp + # Palworld + - 8211/udp + - 25575/udp notify: restart firewalld tags: firewall @@ -48,5 +51,8 @@ - 9091/tcp - 9091/udp - 9092/udp + # cam2ip + - 56000/tcp + - 56000/udp notify: restart firewalld tags: firewall diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index 0ce13f1..fccad81 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -1,82 +1,83 @@ --- -- import_tasks: podman.yml - import_tasks: firewall.yml +- import_tasks: podman/podman.yml -- import_tasks: container-awsddns.yml +- import_tasks: containers/base/conf-nginx.yml +- import_tasks: containers/base/nginx.yml + vars: + image: docker.io/owasp/modsecurity:nginx + tags: nginx + + +- import_tasks: containers/base/awsddns.yml vars: image: docker.io/bdebyl/awsddns:1.0.34 tags: ddns -- import_tasks: container-drone.yml +- import_tasks: containers/home/drone.yml vars: runner_image: docker.io/drone/drone-runner-docker:1.8.3 image: docker.io/drone/drone:2.18.0 tags: drone -- import_tasks: container-hass.yml +- import_tasks: containers/home/hass.yml vars: image: ghcr.io/home-assistant/home-assistant:2023.11 tags: hass -- import_tasks: container-partkeepr.yml +- import_tasks: containers/home/partkeepr.yml vars: db_image: docker.io/library/mariadb:10.0 image: docker.io/bdebyl/partkeepr:0.1.10 tags: partkeepr -- import_tasks: container-graylog.yml +- import_tasks: containers/home/graylog.yml vars: db_image: docker.io/library/mongo:4.2 es_image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 image: docker.io/graylog/graylog:4.3.11 tags: graylog -- import_tasks: container-bookstack.yml +- import_tasks: containers/skudak/wiki.yml vars: db_image: docker.io/library/mysql:5.7.21 - image: docker.io/solidnerd/bookstack:23.10 - tags: skuwiki + image: docker.io/solidnerd/bookstack:23.12 + tags: skudak, skudak-wiki -- import_tasks: container-photos.yml +- import_tasks: containers/home/photos.yml vars: db_image: docker.io/library/mariadb:10.8 image: docker.io/photoprism/photoprism:231021-ce tags: photos -- import_tasks: container-cloud.yml +- import_tasks: containers/home/cloud.yml vars: db_image: docker.io/library/mariadb:10.6 - image: docker.io/library/nextcloud:27.1.3-apache + image: docker.io/library/nextcloud:28.0.1-apache tags: cloud -- import_tasks: container-cloud-skudak.yml +- import_tasks: containers/skudak/cloud.yml vars: db_image: docker.io/library/mariadb:10.6 - image: docker.io/library/nextcloud:27.1.3-apache - tags: skucloud + image: docker.io/library/nextcloud:28.0.1-apache + tags: skudak, skudak-cloud -- import_tasks: container-fulfillr.yml +- import_tasks: containers/debyltech/fulfillr.yml vars: - image: "{{ aws_ecr_endpoint }}/fulfillr:20231113.1809" - tags: fulfillr + image: "{{ aws_ecr_endpoint }}/fulfillr:20240101.1715" + tags: debyltech, fulfillr -- import_tasks: configuration-nginx.yml -- import_tasks: container-nginx.yml - vars: - image: docker.io/owasp/modsecurity:nginx - tags: nginx - -- import_tasks: container-nosql.yml +- import_tasks: containers/home/nosql.yml vars: image: docker.io/redis:7.2.1-alpine tags: nosql -- import_tasks: container-sshpass-cron.yml - vars: - image: docker.io/bdebyl/sshpass-cron:1.0.11 - tags: sshpass_cron - -- import_tasks: container-factorio.yml +- import_tasks: containers/games/factorio.yml vars: image: docker.io/factoriotools/factorio:1.1.80 tags: factorio + +- import_tasks: containers/games/palworld.yml + vars: + image: docker.io/jammsen/palworld-dedicated-server:d2822bf + tags: palworld diff --git a/ansible/roles/podman/tasks/podman.yml b/ansible/roles/podman/tasks/podman/podman.yml similarity index 100% rename from ansible/roles/podman/tasks/podman.yml rename to ansible/roles/podman/tasks/podman/podman.yml diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 550e241..7d7355c 100644 Binary files a/ansible/vars/vault.yml and b/ansible/vars/vault.yml differ