bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

noticket - reorganized podman

Browse Source
This commit is contained in:
Bastian de Byl
2024-02-01 15:35:11 -05:00
parent 27942f9178
commit 184cd2574d
25 changed files with 102 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/roles/podman/defaults/main.yml
View File

@@ -1,5 +1,6 @@
---
bookstack_path: "{{ podman_volumes }}/bookstack"
cam2ip_path: "{{ podman_volumes }}/cam2ip"
cloud_path: "{{ podman_volumes }}/cloud"
cloud_skudak_path: "{{ podman_volumes }}/skudakcloud"
debyltech_path: "{{ podman_volumes }}/debyltech"
@@ -14,6 +15,7 @@ partkeepr_path: "{{ podman_volumes }}/partkeepr"
photos_path: "{{ podman_volumes }}/photos"
pihole_path: "{{ podman_volumes }}/pihole"
sshpass_cron_path: "{{ podman_volumes }}/sshpass_cron"
palworld_path: "{{ podman_volumes }}/palworld"
drone_server_proto: "https"
drone_runner_proto: "http"

62
ansible/roles/podman/tasks/container-sshpass-cron.yml
View File

@@ -1,62 +0,0 @@
---
- name: create sshpass_cron host directory volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ sshpass_cron_path }}"
- name: copy sshpass_cron crontab
become: true
ansible.builtin.template:
src: "files/sshpass_cron/{{ item }}"
dest: "{{ sshpass_cron_path }}/{{ item }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0644
loop:
- crontab
notify:
- restorecon podman
- name: create sshpass_cron password file
become: true
ansible.builtin.copy:
dest: "{{ sshpass_cron_path }}/unifi-pass"
content: "{{ unifi_ssh_password }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0400
notify:
- restorecon podman
- name: flush handlers
ansible.builtin.meta: flush_handlers
- import_tasks: podman/podman-check.yml
vars:
container_name: sshpass_cron
container_image: "{{ image }}"
- name: create sshpass_cron container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: sshpass_cron
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
volumes:
- "{{ sshpass_cron_path }}:/mnt"
env:
TZ: "America/New_York"
- name: create systemd startup job for sshpass_cron
include_tasks: podman/systemd-generate.yml
vars:
container_name: sshpass_cron

4
ansible/roles/podman/tasks/container-awsddns.yml → ansible/roles/podman/tasks/containers/base/awsddns.yml
View File

@@ -71,8 +71,8 @@
AWS_ZONE_TTL: 60
AWS_ZONE_ID: "{{ fulfillr_zone_id }}"
AWS_ZONE_HOSTNAME: "{{ fulfillr_server_name }}"
AWS_ACCESS_KEY_ID: "{{ fulfillr_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ fulfillr_secret_key }}"
AWS_ACCESS_KEY_ID: "{{ fulfillr_dns_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ fulfillr_dns_secret_key }}"
AWS_DEFAULT_REGION: "{{ fulfillr_region }}"
- name: create systemd startup job for awsddns-fulfillr

0
ansible/roles/podman/tasks/configuration-nginx-http.yml → ansible/roles/podman/tasks/containers/base/conf-nginx-http.yml
View File

0
ansible/roles/podman/tasks/configuration-nginx-https.yml → ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml
View File

0
ansible/roles/podman/tasks/configuration-nginx-modsec.yml → ansible/roles/podman/tasks/containers/base/conf-nginx-modsec.yml
View File

6
ansible/roles/podman/tasks/configuration-nginx.yml → ansible/roles/podman/tasks/containers/base/conf-nginx.yml
View File

@@ -11,9 +11,9 @@
- ssl
- https
- import_tasks: configuration-nginx-http.yml
- import_tasks: configuration-nginx-https.yml
- import_tasks: configuration-nginx-modsec.yml
- import_tasks: conf-nginx-http.yml
- import_tasks: conf-nginx-https.yml
- import_tasks: conf-nginx-modsec.yml
- name: flush handlers
ansible.builtin.meta: flush_handlers

0
ansible/roles/podman/tasks/container-nginx.yml → ansible/roles/podman/tasks/containers/base/nginx.yml
View File

0
ansible/roles/podman/tasks/container-fulfillr.yml → ansible/roles/podman/tasks/containers/debyltech/fulfillr.yml
View File

0
ansible/roles/podman/tasks/container-factorio.yml → ansible/roles/podman/tasks/containers/games/factorio.yml
View File

56
ansible/roles/podman/tasks/containers/games/palworld.yml Normal file
View File

@@ -0,0 +1,56 @@
---
- name: create palworld host directory volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_subuid.stdout }}"
group: "{{ podman_user }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ palworld_path }}"
- name: unshare chown the palworld volumes
become: true
become_user: "{{ podman_user }}"
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 1000:10000 {{ palworld_path }}
- import_tasks: podman/podman-check.yml
vars:
container_name: palworld
container_image: "{{ image }}"
- name: create palworld server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: palworld
image: "{{ image }}"
image_strict: true
restart_policy: unless-stopped
log_driver: journald
volumes:
- "{{ palworld_path }}:/palworld"
env:
ALWAYS_UPDATE_ON_START: "true"
MAX_PLAYERS: 32
MULTITHREAD_ENABLED: "true"
COMMUNITY_SERVER: "false"
RCON_ENABLED: "true"
RCON_PORT: 25575
PUBLIC_PORT: 8211
SERVER_NAME: Bearbehr and Friends
SERVER_DESCRIPTION: Bearbehr's Dedicated Server for Friends
SERVER_PASSWORD: ""
ADMIN_PASSWORD: "{{ palworld_admin_password }}"
ports:
- 8211:8211/udp
- 25575:25575/udp
- name: create systemd startup job for palworld
include_tasks: podman/systemd-generate.yml
vars:
container_name: palworld

0
ansible/roles/podman/tasks/container-cloud.yml → ansible/roles/podman/tasks/containers/home/cloud.yml
View File

0
ansible/roles/podman/tasks/container-drone.yml → ansible/roles/podman/tasks/containers/home/drone.yml
View File

0
ansible/roles/podman/tasks/container-graylog.yml → ansible/roles/podman/tasks/containers/home/graylog.yml
View File

0
ansible/roles/podman/tasks/container-hass.yml → ansible/roles/podman/tasks/containers/home/hass.yml
View File

0
ansible/roles/podman/tasks/container-nosql.yml → ansible/roles/podman/tasks/containers/home/nosql.yml
View File

0
ansible/roles/podman/tasks/container-partkeepr.yml → ansible/roles/podman/tasks/containers/home/partkeepr.yml
View File

0
ansible/roles/podman/tasks/container-photos.yml → ansible/roles/podman/tasks/containers/home/photos.yml
View File

0
ansible/roles/podman/tasks/container-cloud-skudak.yml → ansible/roles/podman/tasks/containers/skudak/cloud.yml
View File

0
ansible/roles/podman/tasks/container-bookstack.yml → ansible/roles/podman/tasks/containers/skudak/wiki.yml
View File

6
ansible/roles/podman/tasks/firewall.yml
View File

@@ -27,6 +27,9 @@
# Factorio
- 27015/tcp
- 34197/udp
# Palworld
- 8211/udp
- 25575/udp
notify: restart firewalld
tags: firewall
@@ -48,5 +51,8 @@
- 9091/tcp
- 9091/udp
- 9092/udp
# cam2ip
- 56000/tcp
- 56000/udp
notify: restart firewalld
tags: firewall

63
ansible/roles/podman/tasks/main.yml
View File

@@ -1,82 +1,83 @@
---
- import_tasks: podman.yml
- import_tasks: firewall.yml
- import_tasks: podman/podman.yml
- import_tasks: container-awsddns.yml
- import_tasks: containers/base/conf-nginx.yml
- import_tasks: containers/base/nginx.yml
vars:
image: docker.io/owasp/modsecurity:nginx
tags: nginx
- import_tasks: containers/base/awsddns.yml
vars:
image: docker.io/bdebyl/awsddns:1.0.34
tags: ddns
- import_tasks: container-drone.yml
- import_tasks: containers/home/drone.yml
vars:
runner_image: docker.io/drone/drone-runner-docker:1.8.3
image: docker.io/drone/drone:2.18.0
tags: drone
- import_tasks: container-hass.yml
- import_tasks: containers/home/hass.yml
vars:
image: ghcr.io/home-assistant/home-assistant:2023.11
tags: hass
- import_tasks: container-partkeepr.yml
- import_tasks: containers/home/partkeepr.yml
vars:
db_image: docker.io/library/mariadb:10.0
image: docker.io/bdebyl/partkeepr:0.1.10
tags: partkeepr
- import_tasks: container-graylog.yml
- import_tasks: containers/home/graylog.yml
vars:
db_image: docker.io/library/mongo:4.2
es_image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
image: docker.io/graylog/graylog:4.3.11
tags: graylog
- import_tasks: container-bookstack.yml
- import_tasks: containers/skudak/wiki.yml
vars:
db_image: docker.io/library/mysql:5.7.21
image: docker.io/solidnerd/bookstack:23.10
tags: skuwiki
image: docker.io/solidnerd/bookstack:23.12
tags: skudak, skudak-wiki
- import_tasks: container-photos.yml
- import_tasks: containers/home/photos.yml
vars:
db_image: docker.io/library/mariadb:10.8
image: docker.io/photoprism/photoprism:231021-ce
tags: photos
- import_tasks: container-cloud.yml
- import_tasks: containers/home/cloud.yml
vars:
db_image: docker.io/library/mariadb:10.6
image: docker.io/library/nextcloud:27.1.3-apache
image: docker.io/library/nextcloud:28.0.1-apache
tags: cloud
- import_tasks: container-cloud-skudak.yml
- import_tasks: containers/skudak/cloud.yml
vars:
db_image: docker.io/library/mariadb:10.6
image: docker.io/library/nextcloud:27.1.3-apache
tags: skucloud
image: docker.io/library/nextcloud:28.0.1-apache
tags: skudak, skudak-cloud
- import_tasks: container-fulfillr.yml
- import_tasks: containers/debyltech/fulfillr.yml
vars:
image: "{{ aws_ecr_endpoint }}/fulfillr:20231113.1809"
tags: fulfillr
image: "{{ aws_ecr_endpoint }}/fulfillr:20240101.1715"
tags: debyltech, fulfillr
- import_tasks: configuration-nginx.yml
- import_tasks: container-nginx.yml
vars:
image: docker.io/owasp/modsecurity:nginx
tags: nginx
- import_tasks: container-nosql.yml
- import_tasks: containers/home/nosql.yml
vars:
image: docker.io/redis:7.2.1-alpine
tags: nosql
- import_tasks: container-sshpass-cron.yml
vars:
image: docker.io/bdebyl/sshpass-cron:1.0.11
tags: sshpass_cron
- import_tasks: container-factorio.yml
- import_tasks: containers/games/factorio.yml
vars:
image: docker.io/factoriotools/factorio:1.1.80
tags: factorio
- import_tasks: containers/games/palworld.yml
vars:
image: docker.io/jammsen/palworld-dedicated-server:d2822bf
tags: palworld

0
ansible/roles/podman/tasks/podman.yml → ansible/roles/podman/tasks/podman/podman.yml
View File