javif89/homelab-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added stuff

Browse Source
This commit is contained in:
Javier Feliz 2025-07-11 23:07:32 -04:00
parent 43f7bb16b2
commit dd83d30d14
14 changed files with 237 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored
View File

@ -1,3 +1,4 @@
{
"ansible.python.interpreterPath": "/bin/python3"
"ansible.python.interpreterPath": "/bin/python3",
"ansible.validation.lint.enabled": false
}

33
playbooks/nodes/apps.yml
View File

@ -36,6 +36,29 @@
- role: apps/komga
vars:
port: 7080
- role: apps/outline-wiki
vars:
port: 7083
url: "https://docs.thegrind.dev"
container_name: "the-grind-outline-wiki"
outline_db_name: "the_grind_docs"
data_dir_name: "the-grind-docs"
secret_key: "42f5ab8c01771f40f1e1bae554b82b883f25ab13a79767ffc57e8c31ab172c43"
utils_secret_key: "f8410c6a12da5e92ac4200ef923fe516bed3cef2abacfb1877e32f2f1c63a325"
oidc_client_id: "XfaDJwpZfdHXiK6kulZiAK9nCliUieOdW0Ah1jJ1"
oidc_client_secret: "FtouI96uTg4YJc3ViSfcQ9SdubviXiPULne5tKyIXKbHxDczdlZoWkpwroobEGcgxrJaMFmdX6vBLJACZJVojFW1DJLyqt7gTAo6SmfuL7cJVzAnvDagxWJtamqhkKGR"
oidc_auth_uri: "https://auth.thegrind.dev/application/o/authorize/"
oidc_token_uri: "https://auth.thegrind.dev/application/o/token/"
oidc_userinfo_uri: "https://auth.thegrind.dev/application/o/userinfo/"
oidc_logout_uri: "https://auth.thegrind.dev/application/o/the-grind-docs/end-session/"
odic_button_text: "The Grind Auth"
# - role: apps/postiz
# vars:
# port: 7084
# url: "https://postiz.blinker.club"
# postiz_instance_name: "postiz-main"
# postiz_db_name: "postiz_main"
# jwt_secret: "42cd08e857d0178075a305d7511c778336a501951ae0e4f05bf5ad862f611e72"
tasks:
- name: Personal DW drop
ansible.builtin.include_role:
@ -52,4 +75,12 @@
page_title: "Contribute to the book library"
port: 7081
pin: "1337"
directory: "komga/data/books"
directory: "komga/data/books"
- name: Javier Feliz Blog
ansible.builtin.include_role:
name: apps/ghost
vars:
ghost_instance_name: javierfeliz-blog
database_name: ghostcms_javierfelizblog
blog_url: "https://javierfeliz.com"
port: 7082

8
playbooks/nodes/prod-services.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Set up the prod services node
hosts: prod_services
become: true
roles:
- role: services/valkey
vars:
container_name: "prod-valkey"

13
playbooks/proxy/external.yml
View File

@ -69,6 +69,14 @@
- name: "bookupload"
host: "{{ lookup('hostip', 'apps') }}"
port: 7081
- name: "postiz"
host: "{{ lookup('hostip', 'apps') }}"
port: 7084
- name: "javierfeliz.com"
host: "{{ lookup('hostip', 'apps') }}"
port: 7082
dynamic_dns: true
sites: []
- name: "thegrind.dev"
dynamic_dns: true
sites:
@ -89,4 +97,7 @@
port: 7074
- name: "tasks"
host: "{{ lookup('hostip', 'apps') }}"
port: 7070
port: 7070
- name: "docs"
host: "{{ lookup('hostip', 'apps') }}"
port: 7083

0
roles/apps/ghost/defaults/main.yml Normal file
View File

27
roles/apps/ghost/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
# TODO: Once I set up the mysql role set it up here
- name: Container data
ansible.builtin.include_role:
role: docker/container-data
vars:
dir_name: "{{ ghost_instance_name }}-data"
- name: Deploy Ghost CMS
community.docker.docker_container:
name: "{{ ghost_instance_name }}"
image: ghost:5-alpine
restart_policy: always
ports:
- "{{ port }}:2368"
env:
# see https://ghost.org/docs/config/#configuration-options
database__client: mysql
database__connection__host: 10.89.0.102
database__connection__user: root
database__connection__password: rootpassword
database__connection__database: "{{ database_name }}"
# this url value is just an example, and is likely wrong for your environment!
url: "{{ blog_url }}"
# contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired)
#NODE_ENV: development
volumes:
- "{{ container_data_base_path }}/{{ ghost_instance_name }}-data:/var/lib/ghost/content"

7
roles/apps/outline-wiki/defaults/main.yml Normal file
View File

@ -0,0 +1,7 @@
container_name: "outline-wiki"
storage_mode: "local"
smtp_service: ""
smtp_username: ""
smtp_password: ""
smtp_from_email: ""
pg_ssl_mode: "disable"

80
roles/apps/outline-wiki/tasks/main.yml Normal file
View File

@ -0,0 +1,80 @@
- name: Create database
ansible.builtin.include_role:
role: app/database
vars:
app_name: "{{ outline_db_name }}"
- name: Create data volume
ansible.builtin.include_role:
role: docker/container-data
vars:
dir_name: "{{ data_dir_name }}"
- name: Deploy Outline Wiki Container
community.docker.docker_container:
name: "{{ container_name }}"
image: docker.getoutline.com/outlinewiki/outline:latest
ports:
- "{{ port }}:3000"
volumes:
- "{{ container_data_base_path }}/{{ data_dir_name }}:/var/lib/outline/data"
env:
URL: "{{ url }}"
# Generate a hex-encoded 32-byte random key. Use `openssl rand -hex 32` in your
# terminal to generate a random value.
SECRET_KEY: "{{ secret_key }}"
# Generate a unique random key. The format is not important but you could still use
# `openssl rand -hex 32` in your terminal to generate a random value.
UTILS_SECRET: "{{ utils_secret_key }}"
DEFAULT_LANGUAGE: en_US
DATABASE_URL: "postgres://{{ outline_db_name }}:password@{{ pg_host }}:5432/{{ outline_db_name }}"
# Uncomment this line if you will not use SSL for connecting to Postgres. This is acceptable
# if the database and the application are on the same machine.
PGSSLMODE: "{{ pg_ssl_mode }}"
REDIS_URL: "redis://{{ lookup('hostip', 'prod_services') }}:6379"
FILE_STORAGE: "{{ storage_mode }}"
FILE_STORAGE_UPLOAD_MAX_SIZE: "262144000"
# Auto-redirect to https in production. The default is true but you may set to
# false if you can be sure that SSL is terminated at an external loadbalancer.
FORCE_HTTPS: "true"
# Generic OIDC provider
# DOCS: https://docs.getoutline.com/s/hosting/doc/oidc-8CPBm6uC0I
OIDC_CLIENT_ID: "{{ oidc_client_id }}"
OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}"
OIDC_AUTH_URI: "{{ oidc_auth_uri }}"
OIDC_TOKEN_URI: "{{ oidc_token_uri }}"
OIDC_USERINFO_URI: "{{ oidc_userinfo_uri }}"
OIDC_LOGOUT_URI: "{{ oidc_logout_uri }}"
# Specify which claims to derive user information from
# Supports any valid JSON path with the JWT payload
OIDC_USERNAME_CLAIM: preferred_username
# Display name for OIDC authentication
OIDC_DISPLAY_NAME: "{{ odic_button_text }}"
OIDC_SCOPES: openid profile email
SMTP_SERVICE: "{{ smtp_service }}"
SMTP_USERNAME: "{{ smtp_username }}"
SMTP_PASSWORD: "{{ smtp_password }}"
SMTP_FROM_EMAIL: "{{ smtp_from_email }}"
# Whether the rate limiter is enabled or not
RATE_LIMITER_ENABLED: "true"
# Individual endpoints have hardcoded rate limits that are enabled
# with the above setting, however this is a global rate limiter
# across all requests
RATE_LIMITER_REQUESTS: "1000"
RATE_LIMITER_DURATION_WINDOW: "60"
# Have the installation check for updates by sending anonymized statistics to
# the maintainers
ENABLE_UPDATES: "true"
# Debugging categories to enable you can remove the default "http" value if
# your proxy already logs incoming http requests and this ends up being duplicative
DEBUG: "http"
# Configure lowest severity level for server logs. Should be one of
# error, warn, info, http, verbose, debug, or silly
LOG_LEVEL: "info"

0
roles/apps/postiz/defaults/main.yml Normal file
View File

48
roles/apps/postiz/tasks/main.yml Normal file
View File

@ -0,0 +1,48 @@
- name: Create postiz db
ansible.builtin.include_role:
role: app/database
vars:
app_name: "{{ postiz_db_name }}"
- name: Container data on NAS
ansible.builtin.include_role:
role: docker/container-data
vars:
dir_name: "{{ postiz_instance_name }}"
- name: Create needed subdirectories
ansible.builtin.file:
dest: "{{ container_data_base_path }}/{{postiz_instance_name}}/{{ item }}"
state: directory
mode: '0777'
loop:
- config
- uploads
- name: Deploy postiz container
community.docker.docker_container:
name: "{{ postiz_instance_name }}"
image: ghcr.io/gitroomhq/postiz-app:latest
restart_policy: always
env:
MAIN_URL: "{{ url }}"
FRONTEND_URL: "{{ url }}"
NEXT_PUBLIC_BACKEND_URL: "{{ url }}/api"
JWT_SECRET: "{{ jwt_secret }}"
# These defaults are probably fine, but if you change your user/password, update it in the
# postiz-postgres or postiz-redis services below.
DATABASE_URL: "postgresql://{{ postiz_db_name }}:{{ postiz_db_name }}@password:5432/{{ postiz_db_name }}"
REDIS_URL: "redis://{{ lookup('hostip', 'prod_services') }}:6379"
BACKEND_INTERNAL_URL: "http://localhost:3000"
IS_GENERAL: "true" # Required for self-hosting.
DISABLE_REGISTRATION: "false" # Only allow single registration, then disable signup
# The container images are pre-configured to use /uploads for file storage.
# You probably should not change this unless you have a really good reason!
STORAGE_PROVIDER: "local"
UPLOAD_DIRECTORY: "/uploads"
NEXT_PUBLIC_UPLOAD_DIRECTORY: "/uploads"
volumes:
- "{{ container_data_base_path }}/config:/config/"
- "{{ container_data_base_path }}/uploads:/uploads/"
ports:
- "{{ port }}:5000"

0
roles/services/mysql/defaults/main.yml Normal file
View File

0
roles/services/mysql/tasks/main.yml Normal file
View File

3
roles/services/valkey/defaults/main.yml Normal file
View File

@ -0,0 +1,3 @@
port: "6379"
container_name: "valkey"
volume_path: "/home/docker/valkey"

18
roles/services/valkey/tasks/main.yml Normal file
View File

@ -0,0 +1,18 @@
- name: Create persistence volume
ansible.builtin.file:
dest: "{{ volume_path }}"
state: directory
mode: '0777'
- name: Deploy valkey container
community.docker.docker_container:
name: "{{ container_name }}"
image: bitnami/valkey:latest
pull: true
restart_policy: always
ports:
- "{{ port }}:6379"
env:
ALLOW_EMPTY_PASSWORD: "yes"
volumes:
- "{{ volume_path }}:/bitnami/valkey/data"