Start moving to roles

.ansible-lint

@@ -0,0 +1,4 @@
+warn_list:
+  - all
+skip_list:
+  - role-name[path]

group_vars/all.yml

@@ -1,8 +1,16 @@
 ansible_become_pass: Cinnamonbun89$
 project_root: "{{ inventory_dir }}"
+
 # Local paths
 docker_stacks: "{{ project_root }}/docker"
 assets: "{{ project_root }}/assets"
+
 # Remote paths
 remote_stacks: "/home/javi/docker"
 remote_app_mounts: "/home/docker"
+
+# Postgres
+pg_host: 10.89.0.102
+pg_port: 5432
+pg_user: postgres
+pg_password: password

playbooks/apps/jellyfin.yml

@@ -0,0 +1,15 @@
+---
+- name: Set up jellyfin and jellyseer
+  hosts: streaming_services
+  become: true
+  roles:
+    - role: util/mount_nfs
+      vars:
+        share: "/mnt/main/media"
+        mount_path: "/home/docker/media"
+    - role: docker/stack
+      vars:
+        stack_name: jellyfin
+        apps:
+          - jellyfin
+          - jellyseer

playbooks/apps/stash.yml

@@ -6,7 +6,7 @@
       vars:
         share: "/mnt/main/xrandr"
         mount_path: "/home/docker/xrandr"
-    - role: deploy_docker_stack
+    - role: docker/stack
       vars:
         stack_name: stash
         apps:

playbooks/databases.yml

@@ -1,30 +0,0 @@
-# Also create users
-# Assign a user all priviledges on it's databases
----
-- name: Ensure databases exist
-  hosts: localhost
-  connection: local
-  vars_files:
-  - ../../vars/pg_main.yml
-  vars:
-    dbs:
-    - arrstack_sonarr_main
-    - arrstack_sonarr_log
-    - arrstack_radarr_main
-    - arrstack_radarr_log
-    - arrstack_readarr_main
-    - arrstack_readarr_log
-    - arrstack_lidarr_main
-    - arrstack_lidarr_log
-    - arrstack_prowlarr_main
-    - arrstack_prowlarr_log
-    - planeso
-    - readeck
-    - spacebin
-    - linkwarden
-    - opengist
-  tasks:
-  - include_tasks: "../tasks/create_db.yml"
-    vars:
-      name: "{{ item }}"
-    loop: "{{ dbs }}"

playbooks/ftp.yml

@@ -1,28 +0,0 @@
----
-- name: Setup FTP server on Ubuntu
-  hosts: all
-  become: true
-
-  tasks:
-    - name: Update apt cache
-      ansible.builtin.apt:
-        update_cache: true
-
-    - name: Install proftpd package
-      ansible.builtin.apt:
-        name: proftpd
-        state: present
-
-    - name: Ensure proftpd is enabled and started
-      ansible.builtin.service:
-        name: proftpd
-        state: started
-        enabled: true
-      become: true
-
-    - name: Allow FTP through UFW firewall (if UFW is enabled)
-      ansible.builtin.ufw:
-        rule: allow
-        port: 21
-        proto: tcp
-      ignore_errors: false

playbooks/initial_server_setup.yml

@@ -1,20 +0,0 @@
----
-- name: Set up a new virtual machine
-  hosts: all
-  become: true
-  tasks:
-    - name: Install Docker
-      ansible.builtin.include_tasks:
-        file: '../tasks/provisioning/install_docker.yml'
-    - name: Pull and run the portainer agent
-      community.docker.docker_container:
-        name: portainer_agent
-        image: portainer/agent:2.27.0
-        state: started
-        restart_policy: always
-        published_ports:
-          - "9001:9001"
-        volumes:
-          - /var/run/docker.sock:/var/run/docker.sock
-          - /var/lib/docker/volumes:/var/lib/docker/volumes
-          - /:/host

playbooks/jellyfin.yml

@@ -1,42 +0,0 @@
----
-- name: Set up jellyfin
-  hosts: streaming_services
-  become: true
-  tasks:
-    - name: Mount the media share to the VM
-      ansible.builtin.include_tasks:
-        file: ../tasks/mount_nfs.yml
-      vars:
-        mount_path: "/home/docker/media"
-        mount_source: "10.89.0.15:/mnt/main/media"
-
-    - name: Create app mount directory
-      ansible.builtin.file:
-        path: /home/docker/jellyfin
-        state: directory
-        mode: '0777'
-
-    - name: Ensure jellyfin docker compose folder exists
-      ansible.builtin.file:
-        path: /home/javi/docker/jellyfin
-        state: directory
-        mode: '0777'
-
-    - name: Ensure jellyseer docker compose folder exists
-      ansible.builtin.file:
-        path: /home/javi/docker/jellyseer
-        state: directory
-        mode: '0777'
-
-    - name: Copy docker-compose.yml to server
-      ansible.builtin.copy:
-        src: '../docker/jellyfin/docker-compose.yml'
-        dest: '/home/javi/docker/jellyfin/docker-compose.yml'
-        owner: javi
-        group: javi
-        mode: '0777'
-
-    - name: Start up the containers
-      ansible.builtin.command: docker compose up -d
-      args:
-        chdir: /home/javi/docker/jellyfin

playbooks/server/base.yml

@@ -0,0 +1,9 @@
+---
+- name: Set up a new virtual machine
+  hosts: all
+  become: true
+  roles:
+    - role: docker/install
+    - role: docker/portainer
+    - role: server/setup/sshkey
+    - role: server/setup/webmin

playbooks/webmin.yml

@@ -1,44 +0,0 @@
----
-- name: Install Webmin on Debian/Ubuntu
-  hosts: all
-  become: true
-  tasks:
-    - name: Install required dependencies
-      ansible.builtin.apt:
-        name:
-          - wget
-          - apt-transport-https
-          - software-properties-common
-        state: present
-        update_cache: true
-
-    - name: Add Webmin repository
-      ansible.builtin.copy:
-        dest: /etc/apt/sources.list.d/webmin.list
-        content: "deb http://download.webmin.com/download/repository sarge contrib"
-        owner: javi
-        group: javi
-        mode: '0777'
-
-    - name: Add Webmin GPG key
-      ansible.builtin.apt_key:
-        url: https://www.webmin.com/jcameron-key.asc
-        state: present
-
-    - name: Update apt cache
-      ansible.builtin.apt:
-        update_cache: true
-
-    - name: Install Webmin with recommended packages
-      ansible.builtin.apt:
-        name:
-          - webmin
-        state: present
-        update_cache: true
-        install_recommends: true
-
-    - name: Ensure Webmin service is enabled and running
-      systemd:
-        name: webmin
-        enabled: true
-        state: started

roles/app/database/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Create app database
+  ansible.builtin.include_role:
+    name: postgres/database
+  vars:
+    database: "{{ app_name }}"
+
+- name: Create app db user 
+  ansible.builtin.include_role:
+    name: postgres/user
+  vars:
+    user: "{{ app_name }}"
+    password: "password"
+
+- name: Give app user full priviledges on DB 
+  ansible.builtin.include_role:
+    name: postgres/priviledges
+  vars:
+    database: "{{ app_name }}"
+    user: "{{ app_name }}"

roles/postgres/database/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Create database
+  delegate_to: localhost
+  community.postgresql.postgresql_db:
+    name: "{{ database }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"

roles/postgres/priviledges/defaults/main.yml

@@ -0,0 +1 @@
+priviledges: ALL

roles/postgres/priviledges/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Give user full priviledges on database
+  delegate_to: localhost
+  community.postgresql.postgresql_privs:
+    db: "{{ database }}"
+    type: schema
+    objs: public
+    privs: "{{ priviledges }}"
+    role: "{{ user }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"

roles/postgres/user/defaults/main.yml

@@ -0,0 +1 @@
+password: "password"

roles/postgres/user/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Create postgres user
+  delegate_to: localhost
+  community.postgresql.postgresql_user:
+    name: "{{ user }}"
+    password: "{{ password }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"

roles/server/setup/ftp/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install proftpd package
+  ansible.builtin.apt:
+    name: proftpd
+    state: present
+
+- name: Ensure proftpd is enabled and started
+  ansible.builtin.service:
+    name: proftpd
+    state: started
+    enabled: true
+  become: true
+
+- name: Allow FTP through UFW firewall (if UFW is enabled)
+  community.general.ufw:
+    rule: allow
+    port: 21
+    proto: tcp
+  ignore_errors: false

roles/server/setup/webmin/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: Install required dependencies
+  ansible.builtin.apt:
+    name:
+      - wget
+      - apt-transport-https
+      - software-properties-common
+    state: present
+    update_cache: true
+
+- name: Add Webmin repository
+  ansible.builtin.copy:
+    dest: /etc/apt/sources.list.d/webmin.list
+    content: "deb http://download.webmin.com/download/repository sarge contrib"
+    owner: javi
+    group: javi
+    mode: '0777'
+
+- name: Add Webmin GPG key
+  ansible.builtin.apt_key:
+    url: https://www.webmin.com/jcameron-key.asc
+    state: present
+
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install Webmin with recommended packages
+  ansible.builtin.apt:
+    name:
+      - webmin
+    state: present
+    update_cache: true
+    install_recommends: true
+
+- name: Ensure Webmin service is enabled and running
+  ansible.builtin.systemd:
+    name: webmin
+    enabled: true
+    state: started