diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml index 57b2fb5..109832e 100644 --- a/ansible/deploy_home.yml +++ b/ansible/deploy_home.yml @@ -13,3 +13,5 @@ tags: nfs - role: motion tags: motion + - role: partkeepr + tags: partkeepr \ No newline at end of file diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml index d9a1cda..42e8843 100644 --- a/ansible/roles/common/defaults/main.yml +++ b/ansible/roles/common/defaults/main.yml @@ -20,3 +20,4 @@ services: - fail2ban - iptables - nginx + - systemd-timesyncd diff --git a/ansible/roles/http/defaults/main.yml b/ansible/roles/http/defaults/main.yml index eba3a34..41ab50e 100644 --- a/ansible/roles/http/defaults/main.yml +++ b/ansible/roles/http/defaults/main.yml @@ -7,6 +7,7 @@ deps: [ ci_server_name: ci.bdebyl.net home_server_name: home.bdebyl.net +parts_server_name: parts.bdebyl.net install_path: /usr/share nginx_path: /etc/nginx diff --git a/ansible/roles/http/tasks/http.yml b/ansible/roles/http/tasks/http.yml index a357025..73a6f9f 100644 --- a/ansible/roles/http/tasks/http.yml +++ b/ansible/roles/http/tasks/http.yml @@ -37,6 +37,7 @@ loop: - "{{ ci_server_name }}.http.conf" - "{{ home_server_name }}.conf" + - "{{ parts_server_name }}.conf" notify: restart_nginx tags: http @@ -48,5 +49,6 @@ state: link loop: - "{{ ci_server_name }}.http.conf" + - "{{ parts_server_name }}.conf" notify: restart_nginx tags: http diff --git a/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 index f7fd258..5c61136 100644 --- a/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 +++ b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 @@ -1,6 +1,6 @@ geo $whitelisted { default 0; - 192.168.1.1/24 1; + 192.168.1.0/24 1; } server { diff --git a/ansible/roles/http/templates/nginx/sites/parts.bdebyl.net.conf.j2 b/ansible/roles/http/templates/nginx/sites/parts.bdebyl.net.conf.j2 new file mode 100644 index 0000000..dfd4b67 --- /dev/null +++ b/ansible/roles/http/templates/nginx/sites/parts.bdebyl.net.conf.j2 @@ -0,0 +1,22 @@ +geo $whitelisted { + default 0; + 192.168.1.0/24 1; +} + +upstream partkeepr { + server localhost:8081; +} + +server { + listen 80; + server_name {{ parts_server_name }}; + + if ($whitelisted = 0) { + return 302 $scheme://bdebyl.net$request_uri; + } + + location / { + proxy_pass http://partkeepr; + proxy_connect_timeout 1s; + } +} diff --git a/ansible/roles/motion/tasks/motion.yml b/ansible/roles/motion/tasks/motion.yml index ad81238..4be23e5 100644 --- a/ansible/roles/motion/tasks/motion.yml +++ b/ansible/roles/motion/tasks/motion.yml @@ -1,4 +1,13 @@ --- +- name: give motion user nfs permissions + become: true + user: + name: motion + groups: "{{ nfs_group }}" + append: true + notify: + - restart_motion + - name: create motion directory become: true file: @@ -6,7 +15,7 @@ state: directory owner: "{{ nfs_user }}" group: "{{ nfs_group }}" - mode: 0755 + mode: 0777 - name: template motion config become: true @@ -18,9 +27,25 @@ notify: - restart_motion +- name: create motion systemd override directory + become: true + file: + path: /etc/systemd/system/motion.service.d/ + state: directory + mode: 0644 + +- name: template motion systemd override + become: true + template: + src: templates/motion.service.override.j2 + dest: /etc/systemd/system/motion.service.d/override.conf + mode: 0644 + notify: + - restart_motion + - name: enable (now) motion.service become: true service: name: motion.service - state: started - enabled: true + state: stopped + enabled: false diff --git a/ansible/roles/motion/templates/motion.conf.j2 b/ansible/roles/motion/templates/motion.conf.j2 index 993d09b..1249a58 100644 --- a/ansible/roles/motion/templates/motion.conf.j2 +++ b/ansible/roles/motion/templates/motion.conf.j2 @@ -37,7 +37,7 @@ target_dir {{ motion_target_dir }} ; vid_control_params value # The full URL of the network camera stream. -netcam_url rtsp://{{ motion_user }}:{{ motion_pass }}@{{ motion_hostname }}:{{ motion_port }}/mpeg4/media.amp +netcam_url rtsp://{{ motion_hostname }}:{{ motion_port }}/h264?username={{ motion_user }}&password={{ motion_pass }} # Name of mmal camera (e.g. vc.ril.camera for pi camera). ; mmalcam_name value @@ -87,10 +87,10 @@ minimum_motion_frames 1 event_gap 60 # The number of pre-captured (buffered) pictures from before motion. -pre_capture 3 +pre_capture 80 # Number of frames to capture after motion is no longer detected. -post_capture 0 +post_capture 300 ############################################################ # Script execution configuration parameters @@ -123,16 +123,16 @@ picture_filename %Y%m%d%H%M%S-%q movie_output on # Maximum length of movie in seconds. -movie_max_time 60 +movie_max_time 30 # The encoding quality of the movie. (0=use bitrate. 1=worst quality, 100=best) movie_quality 45 # Container/Codec to used for the movie. See motion_guide.html -movie_codec mkv +movie_codec mp4 # File name(without extension) for movies relative to target directory -movie_filename %t-%v-%Y%m%d%H%M%S +movie_filename %Y%m%d-%H_%M_%S ############################################################ # Webcontrol configuration parameters diff --git a/ansible/roles/motion/templates/motion.service.override.j2 b/ansible/roles/motion/templates/motion.service.override.j2 new file mode 100644 index 0000000..78422bb --- /dev/null +++ b/ansible/roles/motion/templates/motion.service.override.j2 @@ -0,0 +1,2 @@ +[Service] +User={{ nfs_user }} diff --git a/ansible/roles/partkeepr/meta/main.yml b/ansible/roles/partkeepr/meta/main.yml new file mode 100644 index 0000000..3f81c4b --- /dev/null +++ b/ansible/roles/partkeepr/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: http diff --git a/ansible/roles/partkeepr/tasks/main.yml b/ansible/roles/partkeepr/tasks/main.yml new file mode 100644 index 0000000..d019e82 --- /dev/null +++ b/ansible/roles/partkeepr/tasks/main.yml @@ -0,0 +1,77 @@ +--- +- name: create required partkeepr volumes + docker_volume: + name: "{{ item }}" + with_items: + - parkeepr-web-vol + - partkeepr-conf-vol + - partkeepr-data-vol + - partkeepr-db-vol + +- name: create partkeepr-db container + diff: false + docker_container: + name: partkeepr-db + image: mariadb:10.0 + recreate: false + restart: true + restart_policy: on-failure + restart_retries: 3 + env: + MYSQL_RANDOM_ROOT_PASSWORD: 'yes' + MYSQL_DATABASE: partkeepr + MYSQL_USER: partkeepr + MYSQL_PASSWORD: partkeepr + volumes: + - partkeepr-db-vol:/var/lib/mysql + + + # 'PARTKEEPR_AUTHENTICATION_PROVIDER': 'PartKeepr.Auth.WSSEAuthenticationProvider' + # 'PARTKEEPR_CACHE_DOCTRINE': 'array' + # 'PARTKEEPR_CACHE_DUNGLAS': False + # 'PARTKEEPR_DATABASE_DRIVER': 'pdo_mysql' + # 'PARTKEEPR_DATABASE_HOST': 'database' + # 'PARTKEEPR_DATABASE_NAME': 'partkeepr' + # 'PARTKEEPR_DATABASE_PORT': 3306 + # 'PARTKEEPR_DATABASE_USER': 'partkeepr' + # 'PARTKEEPR_DATABASE_PASS': 'partkeepr' + # 'PARTKEEPR_FR3D_LDAP_DRIVER_ACCOUNTCANONICALFORM': NULL + # 'PARTKEEPR_FR3D_LDAP_DRIVER_ACCOUNTDOMAINNAME': NULL + # 'PARTKEEPR_FR3D_LDAP_DRIVER_ACCOUNTDOMAINNAMESHORT': NULL + # 'PARTKEEPR_FR3D_LDAP_DRIVER_ACCOUNTFILTERFORMAT': NULL + # 'PARTKEEPR_FR3D_LDAP_DRIVER_BASEDN': NULL + # 'PARTKEEPR_FR3D_LDAP_DRIVER_BINDREQUIRESDN': False + # 'PARTKEEPR_FR3D_LDAP_DRIVER_HOST': '127.0.0.1' + # 'PARTKEEPR_FR3D_LDAP_DRIVER_OPTREFERRALS': NULL + # 'PARTKEEPR_FR3D_LDAP_DRIVER_PASSWORD': NULL + # 'PARTKEEPR_FR3D_LDAP_DRIVER_PORT': 389 + # 'PARTKEEPR_FR3D_LDAP_DRIVER_USESSL': False + # 'PARTKEEPR_FR3D_LDAP_DRIVER_USESTARTTLS': False + # 'PARTKEEPR_FR3D_LDAP_DRIVER_USERNAME': NULL + # 'PARTKEEPR_FR3D_LDAP_USER_ATTRIBUTE_EMAIL': 'email' + # 'PARTKEEPR_FR3D_LDAP_USER_ATTRIBUTE_USERNAME': 'samaccountname' + # 'PARTKEEPR_FR3D_LDAP_USER_BASEDN': 'dc=example,dc=com' + # 'PARTKEEPR_FR3D_LDAP_USER_ENABLED': False + # 'PARTKEEPR_FR3D_LDAP_USER_FILTER': NULL + # 'PARTKEEPR_LOCALE': 'en' + # 'PARTKEEPR_MAILER_AUTH_MODE': NULL + # 'PARTKEEPR_MAILER_ENCRYPTION': NULL + # 'PARTKEEPR_MAILER_HOST': NULL + # 'PARTKEEPR_MAILER_PASSWORD': NULL + # 'PARTKEEPR_MAILER_PORT': 25 + # 'PARTKEEPR_MAILER_TRANSPORT': NULL + # 'PARTKEEPR_MAILER_USER': NULL + # 'PARTKEEPR_AUTH_MAX_USERS': 'unlimited' + # 'PARTKEEPR_CATEGORY_PATH_SEPARATOR': ' ➤ ' + # 'PARTKEEPR_CRONJOB_CHECK': True + # 'PARTKEEPR_FILESYSTEM_DATA_DIRECTORY': '%kernel.root_dir%/../data/' + # 'PARTKEEPR_FILESYSTEM_QUOTA': False + # 'PARTKEEPR_MAINTENANCE': false + # 'PARTKEEPR_MAINTENANCE_MESSAGE': NULL + # 'PARTKEEPR_MAINTENANCE_TITLE': NULL + # 'PARTKEEPR_OCTOPART_APIKEY': NULL + # 'PARTKEEPR_PARTS_INTERNALPARTNUMBERUNIQUE': False + # 'PARTKEEPR_PARTS_LIMIT': False + # 'PARTKEEPR_USERS_LIMIT': False + # 'PARTKEEPR_SECRET': 'OJBKOJIKNONAJENLBJJNLFIDPDGKDIED' + # volumes: \ No newline at end of file diff --git a/ansible/roles/pihole/defaults/main.yml b/ansible/roles/pihole/defaults/main.yml new file mode 100644 index 0000000..26a6ab1 --- /dev/null +++ b/ansible/roles/pihole/defaults/main.yml @@ -0,0 +1,5 @@ +--- +deps: [ + php-sqlite, + php-fpm +] diff --git a/ansible/roles/pihole/meta/main.yml b/ansible/roles/pihole/meta/main.yml new file mode 100644 index 0000000..3f81c4b --- /dev/null +++ b/ansible/roles/pihole/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: http diff --git a/ansible/roles/pihole/tasks/deps.yml b/ansible/roles/pihole/tasks/deps.yml new file mode 100644 index 0000000..323b55c --- /dev/null +++ b/ansible/roles/pihole/tasks/deps.yml @@ -0,0 +1,11 @@ +--- +- name: install pi-hole-server + command: yay -S --noconfirm pi-hole-server + args: + creates: /bin/pihole + +- name: install pi-hole-server dependencies + become: true + pacman: + name: "{{ deps }}" + state: present diff --git a/ansible/roles/pihole/tasks/main.yml b/ansible/roles/pihole/tasks/main.yml new file mode 100644 index 0000000..736d254 --- /dev/null +++ b/ansible/roles/pihole/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- import_tasks: deps.yml +- import_tasks: php.yml diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 3c3bca9..511ae70 100644 Binary files a/ansible/vars/vault.yml and b/ansible/vars/vault.yml differ