testing

dev/host_vars/mediaserver.yml

@@ -4,24 +4,6 @@ base_domain: vm.krislamo.org
 allow_reboot: false
 manage_network: false
 
-users:
-  - name: jellyfin
-
-samba:
-  users:
-    - name: jellyfin
-      password: jellyfin
-  shares:
-    - name: jellyfin
-      path: /srv/jellyfin
-      owner: jellyfin
-      group: jellyfin
-      valid_users: jellyfin
-  firewall:
-    - 10.0.0.0/8
-    - 172.16.0.0/12
-    - 192.168.0.0/16
-
 # proxy
 proxy:
   #production: true
@@ -53,4 +35,3 @@ traefik_http_only: true # if behind reverse-proxy
 # jellyfin
 jellyfin_domain: "jellyfin.{{ base_domain }}"
 jellyfin_version: latest
-jellyfin_media: /srv/jellyfin

docker.yml

@@ -1,7 +1,21 @@
+# Copyright (C) 2020  Kris Lamoureux
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
 - name: Install Docker Server
-  hosts: "{{ PLAYBOOK_HOST | default('none') }}"
+  hosts: dockerhosts
   become: true
   roles:
     - base
-    - jenkins
     - docker
+    - jenkins

mediaserver.yml

@@ -1,9 +1,8 @@
 - name: Install Media Server
-  hosts: "{{ PLAYBOOK_HOST | default('none') }}"
+  hosts: mediaservers
   become: true
   roles:
     - base
-    - jenkins
     - proxy
     - docker
     - traefik

roles/base/handlers/main.yml

@@ -22,9 +22,3 @@
     name: ddclient
     state: restarted
   listen: restart_ddclient
-
-- name: Restart Samba
-  ansible.builtin.service:
-    name: smbd
-    state: restarted
-  listen: restart_samba

roles/base/tasks/main.yml

@@ -29,8 +29,3 @@
   ansible.builtin.import_tasks: wireguard.yml
   tags: wireguard
   when: wireguard is defined
-
-- name: Import Samba tasks
-  ansible.builtin.import_tasks: samba.yml
-  tags: samba
-  when: samba is defined

roles/base/tasks/samba.yml

@@ -3,18 +3,8 @@
     name: samba
     state: present
 
-- name: Create nologin shell accounts for Samba
-  ansible.builtin.user:
-    name: "{{ item.name }}"
-    state: present
-    shell: /usr/sbin/nologin
-    createhome: false
-    system: yes
-  loop: "{{ samba.users }}"
-  when: item.manage_user is defined and item.manage_user is true
-
 - name: Create Samba users
-  ansible.builtin.shell: "smbpasswd -a {{ item.name }}"
+  ansible.builtin.command: "smbpasswd -a -s {{ item.name }}"
   args:
     stdin: "{{ item.password }}\n{{ item.password }}"
   loop: "{{ samba.users }}"
@@ -24,8 +14,6 @@
 - name: Ensure share directories exist
   ansible.builtin.file:
     path: "{{ item.path }}"
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
     state: directory
     mode: 0755
   loop: "{{ samba.shares }}"
@@ -34,19 +22,4 @@
   ansible.builtin.template:
     src: smb.conf.j2
     dest: /etc/samba/smb.conf
-  notify: restart_samba
+  notify: samba_restart
-
-- name: Start smbd and enable on boot
-  ansible.builtin.service:
-    name: smbd
-    state: started
-    enabled: true
-
-- name: Allow SMB connections
-  community.general.ufw:
-    rule: allow
-    port: 445
-    proto: tcp
-    from: "{{ item }}"
-    state: enabled
-  loop: "{{ samba.firewall }}"

roles/base/tasks/system.yml

@@ -11,23 +11,6 @@
     mode: 0400
   when: authorized_keys is defined
 
-- name: Create system users
-  ansible.builtin.user:
-    name: "{{ item.name }}"
-    state: present
-    shell: "{{ item.shell | default('/bin/bash') }}"
-    create_home: "{{ item.home | default(false) }}"
-  loop: "{{ users }}"
-  when: users is defined
-
-- name: Set authorized_keys for system users
-  ansible.posix.authorized_key:
-    user: "{{ item.key }}"
-    key: "{{ item.value.key }}"
-    state: present
-  loop: "{{ users }}"
-  when: users is defined and item.value.key is defined
-
 - name: Manage filesystem mounts
   ansible.posix.mount:
     path: "{{ item.path }}"

roles/base/tasks/wireguard.yml

@@ -11,7 +11,6 @@
   args:
     chdir: /etc/wireguard/
     creates: /etc/wireguard/privatekey
-    executable: /usr/bin/bash
 
 - name: Grab WireGuard private key for configuration
   ansible.builtin.slurp:

roles/jellyfin/defaults/main.yml

@@ -1,4 +1,5 @@
 jellyfin_name: jellyfin
+jellyfin_volume: "{{ jellyfin_name }}"
 jellyfin_router: "{{ jellyfin_name }}"
 jellyfin_rooturl: "https://{{ jellyfin_domain }}"
 jellyfin_root: "{{ docker_compose_root }}/{{ jellyfin_name }}"

roles/jellyfin/tasks/main.yml

@@ -4,6 +4,11 @@
     state: directory
     mode: 0500
 
+- name: Create jellyfin user
+  ansible.builtin.user:
+    name: jellyfin
+    state: present
+
 - name: Get user jellyfin uid
   ansible.builtin.getent:
     database: passwd

roles/jellyfin/templates/docker-compose.yml.j2

@@ -1,8 +1,7 @@
 version: '3.7'
 
 volumes:
-  config:
+  {{ jellyfin_volume }}:
-  cache:
 
 networks:
   traefik:
@@ -25,6 +24,6 @@ services:
       - "traefik.docker.network=traefik"
       - "traefik.enable=true"
     volumes:
-      - config:/config
+      - ./config:/config
-      - cache:/cache
+      - ./cache:/cache
-      - {{ jellyfin_media }}:/media
+      - {{ jellyfin_volume }}:/media

roles/proxy/tasks/main.yml

@@ -19,14 +19,14 @@
   ansible.builtin.template:
     src: nginx.conf.j2
     dest: /etc/nginx/nginx.conf
-    mode: 0644
+    mode: '0644'
   notify: reload_nginx
 
 - name: Install nginx sites configuration
   ansible.builtin.template:
     src: server-nginx.conf.j2
     dest: "/etc/nginx/sites-available/{{ item.domain }}.conf"
-    mode: 0400
+    mode: '0644'
   loop: "{{ proxy.servers }}"
   notify: reload_nginx
   register: nginx_sites