bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added factorio, removed satisfactory, firewall, fulfillr, ipv4 fixes

Browse Source
This commit is contained in:
Bastian de Byl
2023-05-03 12:03:17 -04:00
parent 7fba5179c4
commit ac1d80840e
14 changed files with 153 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/roles/podman/defaults/main.yml
View File

@@ -9,7 +9,8 @@ nginx_path: "{{ podman_volumes }}/nginx"
partkeepr_path: "{{ podman_volumes }}/partkeepr" partkeepr_path: "{{ podman_volumes }}/partkeepr"
photos_path: "{{ podman_volumes }}/photos" photos_path: "{{ podman_volumes }}/photos"
pihole_path: "{{ podman_volumes }}/pihole" pihole_path: "{{ podman_volumes }}/pihole"
satisfactory_path: "{{ podman_volumes }}/satisfactory" factorio_path: "{{ podman_volumes }}/factorio"
fulfillr_path: "{{ podman_volumes }}/fulfillr"
drone_server_proto: "http" drone_server_proto: "http"
drone_runner_capacity: "8" drone_runner_capacity: "8"
@@ -20,6 +21,7 @@ assistant_server_name: assistant.bdebyl.net
bookstack_server_name: wiki.skudakrennsport.com bookstack_server_name: wiki.skudakrennsport.com
ci_server_name: ci.bdebyl.net ci_server_name: ci.bdebyl.net
cloud_server_name: cloud.bdebyl.net cloud_server_name: cloud.bdebyl.net
fulfillr_server_name: fulfillr.debyltech.com
home_server_name: home.bdebyl.net home_server_name: home.bdebyl.net
logs_server_name: logs.bdebyl.net logs_server_name: logs.bdebyl.net
parts_server_name: parts.bdebyl.net parts_server_name: parts.bdebyl.net

6
ansible/roles/podman/tasks/configuration-nginx-http.yml
View File

@@ -61,17 +61,18 @@
group: "{{ podman_user }}" group: "{{ podman_user }}"
mode: 0644 mode: 0644
loop: loop:
- "{{ api_debyltech_server_name }}.conf"
- "{{ assistant_server_name }}.conf" - "{{ assistant_server_name }}.conf"
- "{{ bookstack_server_name }}.conf" - "{{ bookstack_server_name }}.conf"
- "{{ ci_server_name }}.http.conf" - "{{ ci_server_name }}.http.conf"
- "{{ cloud_server_name }}.conf" - "{{ cloud_server_name }}.conf"
- "{{ fulfillr_server_name }}.conf"
- "{{ home_server_name }}.conf" - "{{ home_server_name }}.conf"
- "{{ logs_server_name }}.conf" - "{{ logs_server_name }}.conf"
- "{{ parts_server_name }}.conf" - "{{ parts_server_name }}.conf"
- "{{ photos_server_name }}.conf" - "{{ photos_server_name }}.conf"
- "{{ pi_server_name }}.conf" - "{{ pi_server_name }}.conf"
- "{{ video_server_name }}.conf" - "{{ video_server_name }}.conf"
- "{{ api_debyltech_server_name }}.conf"
notify: notify:
- restorecon podman - restorecon podman
- restart nginx - restart nginx
@@ -86,17 +87,18 @@
group: "{{ podman_user }}" group: "{{ podman_user }}"
state: link state: link
loop: loop:
- "{{ api_debyltech_server_name }}.conf"
- "{{ assistant_server_name }}.conf" - "{{ assistant_server_name }}.conf"
- "{{ bookstack_server_name }}.conf" - "{{ bookstack_server_name }}.conf"
- "{{ ci_server_name }}.http.conf" - "{{ ci_server_name }}.http.conf"
- "{{ cloud_server_name }}.conf" - "{{ cloud_server_name }}.conf"
- "{{ fulfillr_server_name }}.conf"
- "{{ home_server_name }}.conf" - "{{ home_server_name }}.conf"
- "{{ logs_server_name }}.conf" - "{{ logs_server_name }}.conf"
- "{{ parts_server_name }}.conf" - "{{ parts_server_name }}.conf"
- "{{ photos_server_name }}.conf" - "{{ photos_server_name }}.conf"
- "{{ pi_server_name }}.conf" - "{{ pi_server_name }}.conf"
- "{{ video_server_name }}.conf" - "{{ video_server_name }}.conf"
- "{{ api_debyltech_server_name }}.conf"
notify: notify:
- restorecon podman - restorecon podman
- restart nginx - restart nginx

51
ansible/roles/podman/tasks/container-debyltech.yml
View File

@@ -1,51 +0,0 @@
---
- name: create required debyltech volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_subuid.stdout }}"
group: "{{ podman_subuid.stdout }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ debyltech_path }}/api"
- "{{ debyltech_path }}/api/config"
tags: debyltech
- name: template api.debyltech.com files
become: true
ansible.builtin.template:
src: "debyltech/{{ item }}.j2"
dest: "{{ debyltech_path }}/api/config/{{ item }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0644
loop:
- "config.json"
tags: debyltech
- name: create api.debyltech.com container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: apidebyltech
image: docker.io/debyltech/go-snipcart-webhook:0.1.34
command: --config /conf/config.json --release
recreate: true
restart: true
restart_policy: on-failure:3
log_driver: journald
network:
- shared
volumes:
- "{{ debyltech_path }}/api/config:/conf"
ports:
- "8040:8080"
tags: debyltech
- name: create systemd startup job for api.debyltech.com
include_tasks: systemd-generate.yml
vars:
container_name: apidebyltech
tags: debyltech

48
ansible/roles/podman/tasks/container-factorio.yml Normal file
View File

@@ -0,0 +1,48 @@
---
- name: create factorio host directory volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ factorio_path }}"
tags: factorio
- name: unshare chown the elastic volume
become: true
become_user: "{{ podman_user }}"
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 845:845 {{ factorio_path }}
tags: factorio
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: factorio
- name: create factorio server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: factorio
image: docker.io/factoriotools/factorio:1.1.80
recreate: true
restart: true
restart_policy: on-failure:3
log_driver: journald
volumes:
- "{{ factorio_path }}:/factorio"
ports:
- 34197:34197/udp
- 27015:27015/tcp
tags: factorio
- name: create systemd startup job for factorio
include_tasks: systemd-generate.yml
vars:
container_name: factorio
tags: factorio

54
ansible/roles/podman/tasks/container-fulfillr.yml Normal file
View File

@@ -0,0 +1,54 @@
---
- name: create fulfillr host directory volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ fulfillr_path }}"
tags: fulfillr
- name: template fulfillr config
become: true
ansible.builtin.template:
src: "templates/fulfillr/{{ item }}.j2"
dest: "{{ fulfillr_path }}/{{ item }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0644
loop:
- production.json
notify:
- restorecon podman
tags: fulfillr
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: fulfillr
- name: create fulfillr server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: fulfillr
image: "{{ aws_ecr_endpoint }}/fulfillr:20230503.1557"
command: --config /config/production.json
recreate: true
restart: true
restart_policy: on-failure:3
log_driver: journald
volumes:
- "{{ fulfillr_path }}:/config"
ports:
- 9054:8080/tcp
tags: fulfillr
- name: create systemd startup job for fulfillr
include_tasks: systemd-generate.yml
vars:
container_name: fulfillr
tags: fulfillr

46
ansible/roles/podman/tasks/container-satisfactory.yml
View File

@@ -1,46 +0,0 @@
---
- name: create satisfactory host directory volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ satisfactory_path }}/config"
tags: satisfactory
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: satisfactory
- name: create satisfactory server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: satisfactory
image: docker.io/wolveix/satisfactory-server:latest
recreate: true
restart: true
restart_policy: on-failure:3
log_driver: journald
memory: 16g
memory_reservation: 12g
volumes:
- "{{ satisfactory_path }}/config:/config"
env:
MAXPLAYERS: 4
STEAMBETA: "false"
ports:
- "7777:7777/udp"
- "15000:15000/udp"
- "15777:15777/udp"
tags: satisfactory
- name: create systemd startup job for satisfactory
include_tasks: systemd-generate.yml
vars:
container_name: satisfactory
tags: satisfactory

17
ansible/roles/podman/tasks/firewall.yml
View File

@@ -5,23 +5,29 @@
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true
immediate: true immediate: true
zone: "public"
state: enabled state: enabled
loop: loop:
- "{{ syslog_udp_default }}/udp" - "{{ syslog_udp_default }}/udp"
- "{{ syslog_udp_error }}/udp" - "{{ syslog_udp_error }}/udp"
- "{{ syslog_udp_unifi }}/udp" - "{{ syslog_udp_unifi }}/udp"
- 1153/tcp # nginx
- 1153/udp - 80/tcp
- 443/tcp - 443/tcp
# pihole (unused?)
- 53/tcp - 53/tcp
- 53/udp - 53/udp
# pihole (iptables preroute)
- 1153/tcp
- 1153/udp
# ???
- 6875/tcp - 6875/tcp
- 80/tcp # Satisfactory
# satisfactory
- 7777/udp - 7777/udp
- 15000/udp - 15000/udp
- 15777/udp - 15777/udp
# Factorio
- 27015/tcp
- 34197/udp
notify: restart firewalld notify: restart firewalld
tags: firewall tags: firewall
@@ -31,7 +37,6 @@
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true
immediate: true immediate: true
zone: "public"
state: disabled state: disabled
loop: loop:
- 2456/udp - 2456/udp

4
ansible/roles/podman/tasks/main.yml
View File

@@ -11,6 +11,6 @@
- import_tasks: container-bookstack.yml - import_tasks: container-bookstack.yml
- import_tasks: container-photos.yml - import_tasks: container-photos.yml
- import_tasks: container-cloud.yml - import_tasks: container-cloud.yml
- import_tasks: container-debyltech.yml - import_tasks: container-fulfillr.yml
- import_tasks: container-nginx.yml - import_tasks: container-nginx.yml
- import_tasks: container-satisfactory.yml - import_tasks: container-factorio.yml

21
ansible/roles/podman/templates/debyltech/config.json.j2
View File

@@ -1,21 +0,0 @@
{
"snipcart_api_key": "{{ snipcart_api_key }}",
"shippo_api_key": "{{ shippo_api_key }}",
"weight_unit": "g",
"dimension_unit": "cm",
"manufacture_country": "US",
"sender_address": {
"name": "de Byl Technologies LLC",
"address1": "176 Lull Rd",
"city": "Weare",
"state": "NH",
"country": "US",
"zip": "03281",
"email": "sales@debyltech.com"
},
"default_parcel": {
"length": "10",
"width": "19",
"height": "16.5"
}
}

5
ansible/roles/podman/templates/fulfillr/production.json.j2 Normal file
View File

@@ -0,0 +1,5 @@
{
"snipcart_api_key": "{{ snipcart_api_key }}",
"shippo_api_key": "{{ shippo_api_key }}",
"label_file_type": "PNG"
}

2
ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2
View File

@@ -2,7 +2,7 @@ upstream hass {
server 127.0.0.1:8123; server 127.0.0.1:8123;
} }
server { server {
resolver 192.168.2.10 ipv6=off; resolver 192.168.1.10 ipv6=off;
modsecurity on; modsecurity on;
modsecurity_rules_file /etc/nginx/modsec_includes.conf; modsecurity_rules_file /etc/nginx/modsec_includes.conf;

2
ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2
View File

@@ -4,7 +4,7 @@ upstream drone {
geo $local_access { geo $local_access {
default 0; default 0;
192.168.2.1 1; 192.168.1.1 1;
} }
server { server {

24
ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2 Normal file
View File

@@ -0,0 +1,24 @@
upstream fulfillr {
server 127.0.0.1:9054;
}
server {
resolver 192.168.1.10 ipv6=off;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec_includes.conf;
listen 80;
server_name {{ fulfillr_server_name }};
location / {
allow 192.168.0.0/16;
allow 127.0.0.1;
deny all;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
proxy_pass http://fulfillr;
}
}

BIN
ansible/vars/vault.yml
View File

Binary file not shown.