From 9506f24bcc9cf18e414d7418c3699600e5dd000b Mon Sep 17 00:00:00 2001 From: CPunch Date: Sun, 30 Oct 2022 14:01:10 -0500 Subject: [PATCH] inital commit --- .gitignore | 1 + run.yaml | 57 ++++++++++++++++++++ static/Jackett/ServerConfig.json | 26 +++++++++ static/docker/deluge.yaml | 16 ++++++ static/docker/homer.yaml | 14 +++++ static/docker/jackett.yaml | 16 ++++++ static/docker/jellyfin.yaml | 16 ++++++ static/docker/openbooks.yaml | 13 +++++ static/docker/radarr.yaml | 14 +++++ static/docker/sonarr.yaml | 14 +++++ static/fail2ban/jails.local | 8 +++ static/homer/config.yml | 49 +++++++++++++++++ static/jellyfin/network.xml | 34 ++++++++++++ static/nginx/nginx.conf | 45 ++++++++++++++++ static/nginx/proxy-control.conf | 32 ++++++++++++ static/nginx/sites.conf | 84 ++++++++++++++++++++++++++++++ static/radarr/config.xml | 16 ++++++ static/sonarr/config.xml | 16 ++++++ tasks/deluge.yaml | 15 ++++++ tasks/essential.yaml | 43 +++++++++++++++ tasks/firewall.yaml | 45 ++++++++++++++++ tasks/homer.yaml | 15 ++++++ tasks/jackett.yaml | 22 ++++++++ tasks/jellyfin.yaml | 21 ++++++++ tasks/nginx.yaml | 74 ++++++++++++++++++++++++++ tasks/openbooks.yaml | 21 ++++++++ tasks/radarr.yaml | 16 ++++++ tasks/sonarr.yaml | 16 ++++++ templates/nginx/restrict-auth.conf | 8 +++ templates/updateDuckDNS | 2 + 30 files changed, 769 insertions(+) create mode 100644 .gitignore create mode 100644 run.yaml create mode 100644 static/Jackett/ServerConfig.json create mode 100644 static/docker/deluge.yaml create mode 100644 static/docker/homer.yaml create mode 100644 static/docker/jackett.yaml create mode 100644 static/docker/jellyfin.yaml create mode 100644 static/docker/openbooks.yaml create mode 100644 static/docker/radarr.yaml create mode 100644 static/docker/sonarr.yaml create mode 100644 static/fail2ban/jails.local create mode 100644 static/homer/config.yml create mode 100644 static/jellyfin/network.xml create mode 100644 static/nginx/nginx.conf create mode 100644 static/nginx/proxy-control.conf create mode 100644 static/nginx/sites.conf create mode 100644 static/radarr/config.xml create mode 100644 static/sonarr/config.xml create mode 100644 tasks/deluge.yaml create mode 100644 tasks/essential.yaml create mode 100644 tasks/firewall.yaml create mode 100644 tasks/homer.yaml create mode 100644 tasks/jackett.yaml create mode 100644 tasks/jellyfin.yaml create mode 100644 tasks/nginx.yaml create mode 100644 tasks/openbooks.yaml create mode 100644 tasks/radarr.yaml create mode 100644 tasks/sonarr.yaml create mode 100644 templates/nginx/restrict-auth.conf create mode 100644 templates/updateDuckDNS diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6ff331c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +hosts diff --git a/run.yaml b/run.yaml new file mode 100644 index 0000000..ecd344d --- /dev/null +++ b/run.yaml @@ -0,0 +1,57 @@ +--- +- hosts: all + become: yes + + vars_prompt: + - name: auth_enabled + prompt: enable nginx authentication headers? (y/n) + private: no + + - name: duck_enabled + prompt: use DuckDNS? (y/n) + private: no + + pre_tasks: + - pause: + prompt: "nginx auth username" + when: auth_enabled == "y" + register: prompt + - set_fact: + auth_username: "{{ prompt.user_input }}" + when: auth_enabled == "y" + + - pause: + prompt: "nginx auth password" + when: auth_enabled == "y" + register: prompt + - set_fact: + auth_password: "{{ prompt.user_input }}" + when: auth_enabled == "y" + + - pause: + prompt: "DuckDNS Token" + when: duck_enabled == "y" + register: prompt + - set_fact: + duck_token: "{{ prompt.user_input }}" + when: duck_enabled == "y" + + - pause: + prompt: "DuckDNS Subdomain (including .duckdns.org)" + when: duck_enabled == "y" + register: prompt + - set_fact: + duck_domain: "{{ prompt.user_input }}" + when: duck_enabled == "y" + + tasks: + - import_tasks: tasks/essential.yaml + - import_tasks: tasks/firewall.yaml + - import_tasks: tasks/homer.yaml + - import_tasks: tasks/deluge.yaml + - import_tasks: tasks/jackett.yaml + - import_tasks: tasks/radarr.yaml + - import_tasks: tasks/sonarr.yaml + - import_tasks: tasks/jellyfin.yaml + - import_tasks: tasks/openbooks.yaml + - import_tasks: tasks/nginx.yaml \ No newline at end of file diff --git a/static/Jackett/ServerConfig.json b/static/Jackett/ServerConfig.json new file mode 100644 index 0000000..e6a71a6 --- /dev/null +++ b/static/Jackett/ServerConfig.json @@ -0,0 +1,26 @@ +{ + "Port": 9117, + "AllowExternal": true, + "AllowCORS": false, + "APIKey": null, + "AdminPassword": null, + "InstanceId": null, + "BlackholeDir": null, + "UpdateDisabled": false, + "UpdatePrerelease": false, + "BasePathOverride": "/jackett", + "BaseUrlOverride": null, + "CacheEnabled": true, + "CacheTtl": 2100, + "CacheMaxResultsPerIndexer": 1000, + "FlareSolverrUrl": null, + "FlareSolverrMaxTimeout": 55000, + "OmdbApiKey": null, + "OmdbApiUrl": null, + "ProxyType": 0, + "ProxyUrl": null, + "ProxyPort": null, + "ProxyUsername": null, + "ProxyPassword": null, + "ProxyIsAnonymous": true +} \ No newline at end of file diff --git a/static/docker/deluge.yaml b/static/docker/deluge.yaml new file mode 100644 index 0000000..c82065a --- /dev/null +++ b/static/docker/deluge.yaml @@ -0,0 +1,16 @@ +--- +version: "2.1" +services: + deluge: + image: lscr.io/linuxserver/deluge:latest + container_name: deluge + environment: + - PUID=1000 + - PGID=1000 + - DELUGE_LOGLEVEL=error #optional + volumes: + - /infra/deluge/config:/config + - /infra/downloads:/downloads + ports: + - 8001:8112 + restart: unless-stopped \ No newline at end of file diff --git a/static/docker/homer.yaml b/static/docker/homer.yaml new file mode 100644 index 0000000..7d824d3 --- /dev/null +++ b/static/docker/homer.yaml @@ -0,0 +1,14 @@ +--- +version: "2" +services: + homer: + image: b4bz/homer:latest + container_name: homer + volumes: + - /infra/homer:/www/assets + ports: + - 8000:8080 + user: 1000:1000 # default + environment: + - INIT_ASSETS=1 # default + restart: unless-stopped \ No newline at end of file diff --git a/static/docker/jackett.yaml b/static/docker/jackett.yaml new file mode 100644 index 0000000..803acfb --- /dev/null +++ b/static/docker/jackett.yaml @@ -0,0 +1,16 @@ +--- +version: "2.1" +services: + jackett: + image: lscr.io/linuxserver/jackett:latest + container_name: jackett + environment: + - PUID=1000 + - PGID=1000 + - AUTO_UPDATE=true #optional + volumes: + - /infra/jackett/config:/config + - /infra/downloads:/downloads + ports: + - 8005:9117 + restart: unless-stopped \ No newline at end of file diff --git a/static/docker/jellyfin.yaml b/static/docker/jellyfin.yaml new file mode 100644 index 0000000..5abe896 --- /dev/null +++ b/static/docker/jellyfin.yaml @@ -0,0 +1,16 @@ +--- +version: "2.1" +services: + jellyfin: + image: lscr.io/linuxserver/jellyfin:latest + container_name: jellyfin + environment: + - PUID=1000 + - PGID=1000 + volumes: + - /infra/jellyfin/config:/config + - /infra/downloads/tvshows:/data/tvshows + - /infra/downloads/movies:/data/movies + ports: + - 8006:8096 + restart: unless-stopped \ No newline at end of file diff --git a/static/docker/openbooks.yaml b/static/docker/openbooks.yaml new file mode 100644 index 0000000..e85c8c2 --- /dev/null +++ b/static/docker/openbooks.yaml @@ -0,0 +1,13 @@ +--- +version: "3.3" +services: + openbooks: + image: evanbuss/openbooks:latest + container_name: openbooks + volumes: + - /infra/downloads/books:/books + ports: + - 8004:80 + environment: + - BASE_PATH=/openbooks/ + restart: unless-stopped \ No newline at end of file diff --git a/static/docker/radarr.yaml b/static/docker/radarr.yaml new file mode 100644 index 0000000..0e5f3d3 --- /dev/null +++ b/static/docker/radarr.yaml @@ -0,0 +1,14 @@ +--- +version: "2.1" +services: + radarr: + image: lscr.io/linuxserver/radarr:latest + container_name: radarr + environment: + - PUID=1000 + - PGID=1000 + volumes: + - /infra/radarr:/config + - /infra/downloads:/downloads #optional + network_mode: host + restart: unless-stopped \ No newline at end of file diff --git a/static/docker/sonarr.yaml b/static/docker/sonarr.yaml new file mode 100644 index 0000000..602adaf --- /dev/null +++ b/static/docker/sonarr.yaml @@ -0,0 +1,14 @@ +--- +version: "2.1" +services: + sonarr: + image: lscr.io/linuxserver/sonarr:latest + container_name: sonarr + environment: + - PUID=1000 + - PGID=1000 + volumes: + - /infra/sonarr:/config + - /infra/downloads:/downloads #optional + network_mode: host + restart: unless-stopped \ No newline at end of file diff --git a/static/fail2ban/jails.local b/static/fail2ban/jails.local new file mode 100644 index 0000000..2d03119 --- /dev/null +++ b/static/fail2ban/jails.local @@ -0,0 +1,8 @@ +[sshd] +enabled = true + +[nginx-http-auth] +enabled = true + +[nginx-botsearch] +enabled = true \ No newline at end of file diff --git a/static/homer/config.yml b/static/homer/config.yml new file mode 100644 index 0000000..824a778 --- /dev/null +++ b/static/homer/config.yml @@ -0,0 +1,49 @@ +--- +title: "Yarr'!" +subtitle: "a poor man's pirate box" +icon: "fas fa-skull-crossbones" + +columns: "3" # "auto" or number (must be a factor of 12: 1, 2, 3, 4, 6, 12) + +# Set the default layout and color scheme +defaults: + layout: columns # Either 'columns', or 'list' + colorTheme: dark # One of 'auto', 'light', or 'dark' + +header: true +footer:

Piracy is not the problem, obscurity is.

+ +# Optional theming +theme: default # 'default' or one of the themes available in 'src/assets/themes'. + +services: + - name: "Torrent" + icon: "fas fa-code-branch" + items: + - name: "Deluge" + icon: "fa-solid fa-download" + subtitle: "Torrent client" + url: "/deluge/" + - name: "Jackett" + icon: "fa-solid fa-shirt" + subtitle: "Torrent tracker" + url: "/jackett/UI/Dashboard" + - name: "Radarr" + icon: "fa-solid fa-satellite-dish" + subtitle: "Movie downloader" + url: "/radarr/" + - name: "Sonarr" + icon: "fa-solid fa-satellite-dish" + subtitle: "TV Show downloader" + url: "/sonarr/" + - name: "Media" + icon: "fa-solid fa-compact-disk" + items: + - name: "OpenBooks" + icon: "fa-solid fa-book-skull" + subtitle: "eBook tracker and downloader" + url: "/openbooks/" + - name: "Jellyfin" + icon: "fa-solid fa-photo-film" + subtitle: "Media vault" + url: "/jellyfin/" \ No newline at end of file diff --git a/static/jellyfin/network.xml b/static/jellyfin/network.xml new file mode 100644 index 0000000..7c02c11 --- /dev/null +++ b/static/jellyfin/network.xml @@ -0,0 +1,34 @@ + + + false + /jellyfin/ + 8920 + 8096 + 8920 + false + 8096 + false + + false + true + false + + 2 + 100 + true + vEthernet* + 60 + false + + + false + true + + false + false + true + + + + false + \ No newline at end of file diff --git a/static/nginx/nginx.conf b/static/nginx/nginx.conf new file mode 100644 index 0000000..9341553 --- /dev/null +++ b/static/nginx/nginx.conf @@ -0,0 +1,45 @@ +user www-data; +worker_processes auto; +include /etc/nginx/modules-enabled/*.conf; +pid /run/nginx.pid; + +events { + worker_connections 768; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} \ No newline at end of file diff --git a/static/nginx/proxy-control.conf b/static/nginx/proxy-control.conf new file mode 100644 index 0000000..988b12d --- /dev/null +++ b/static/nginx/proxy-control.conf @@ -0,0 +1,32 @@ +proxy_connect_timeout 59s; +proxy_send_timeout 600; +proxy_read_timeout 36000s; ## Timeout after 10 hours +proxy_buffer_size 64k; +proxy_buffers 16 32k; +proxy_pass_header Set-Cookie; +proxy_hide_header Vary; + +proxy_busy_buffers_size 64k; +proxy_temp_file_write_size 64k; + +proxy_set_header Accept-Encoding ''; +proxy_ignore_headers Cache-Control Expires; +proxy_set_header Referer $http_referer; +proxy_set_header Host $host; +proxy_set_header Cookie $http_cookie; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Server $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Port '443'; +proxy_set_header X-Forwarded-Ssl on; +proxy_set_header X-Forwarded-Proto https; +proxy_set_header Authorization ''; + +proxy_buffering off; +proxy_redirect off; + +## Required for Plex WebSockets +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; \ No newline at end of file diff --git a/static/nginx/sites.conf b/static/nginx/sites.conf new file mode 100644 index 0000000..480fceb --- /dev/null +++ b/static/nginx/sites.conf @@ -0,0 +1,84 @@ +server { + listen 0.0.0.0:80 default_server; + + location /deluge { + return 302 $scheme://$host/deluge/; + } + + location /deluge/ { + proxy_pass http://localhost:8001/; + proxy_set_header X-Deluge-Base "/deluge/"; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + location /radarr { + proxy_pass http://localhost:8002/radarr; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + # allow radarr api to be reached + location /radarr/api { + proxy_pass http://localhost:8002/radarr/api; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + location /sonarr { + proxy_pass http://localhost:8003/sonarr; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + # allow sonarr api to be reached + location /sonarr/api { + proxy_pass http://localhost:8003/sonarr/api; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + location /openbooks { + proxy_pass http://localhost:8004/openbooks/; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + # openbooks uses a subdirectory for websocket connections + location /openbooks/ws { + proxy_pass http://localhost:8004/openbooks/ws; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + location /jackett { + proxy_pass http://localhost:8005/jackett; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } + + # jellyfin doesn't require auth headers (it has its own authentication system) + location /jellyfin { + return 302 $scheme://$host/jellyfin/; + } + + location /jellyfin/ { + proxy_pass http://localhost:8006; + include proxy-control.conf; + } + + location / { + proxy_pass http://localhost:8000/; + include restrict-auth.conf; + include proxy-control.conf; + add_header X-Frame-Options SAMEORIGIN; + } +} diff --git a/static/radarr/config.xml b/static/radarr/config.xml new file mode 100644 index 0000000..d816b0e --- /dev/null +++ b/static/radarr/config.xml @@ -0,0 +1,16 @@ + + info + /radarr + Docker + * + 8002 + 1337 + False + False + + None + master + + + Radarr + \ No newline at end of file diff --git a/static/sonarr/config.xml b/static/sonarr/config.xml new file mode 100644 index 0000000..5b1cf55 --- /dev/null +++ b/static/sonarr/config.xml @@ -0,0 +1,16 @@ + + info + /sonarr + Docker + * + 8003 + 1337 + False + False + + None + master + + + Sonarr + \ No newline at end of file diff --git a/tasks/deluge.yaml b/tasks/deluge.yaml new file mode 100644 index 0000000..95bae16 --- /dev/null +++ b/tasks/deluge.yaml @@ -0,0 +1,15 @@ +--- +- name: Make deluge dir + file: + name: /infra/deluge/config + state: directory + owner: 1000 + +- name: Copy deluge docker-compose + copy: + src: static/docker/deluge.yaml + dest: /infra/deluge/docker-compose.yaml + +- name: Build & start deluge + community.docker.docker_compose: + project_src: /infra/deluge \ No newline at end of file diff --git a/tasks/essential.yaml b/tasks/essential.yaml new file mode 100644 index 0000000..f61f5a8 --- /dev/null +++ b/tasks/essential.yaml @@ -0,0 +1,43 @@ +--- +- name: Upgrade Packages + apt: + update_cache: yes + upgrade: full + +- name: Install required software + package: + name: + - apache2-utils + - python3-passlib + - nginx + - fail2ban + - docker + - docker-compose + - ufw + - curl + - python3-certbot-nginx + +- name: Make downloads directory + file: + name: /infra/downloads + state: directory + owner: 1000 + +- name: Make downloads/movies directory + file: + name: /infra/downloads/movies + state: directory + owner: 1000 + +- name: Make downloads/tvshows directory + file: + name: /infra/downloads/tvshows + state: directory + owner: 1000 + +- name: Make infra user + user: + name: infra + comment: infrastructure + uid: 1000 + state: present \ No newline at end of file diff --git a/tasks/firewall.yaml b/tasks/firewall.yaml new file mode 100644 index 0000000..7ab1072 --- /dev/null +++ b/tasks/firewall.yaml @@ -0,0 +1,45 @@ +--- +- name: Allow port 22 + community.general.ufw: + rule: allow + port: '22' + proto: tcp + +- name: Allow port 80 + community.general.ufw: + rule: allow + port: '80' + proto: tcp + +- name: Allow port 443 + community.general.ufw: + rule: allow + port: '443' + proto: tcp + +- name: Allow port 6881 + community.general.ufw: + rule: allow + port: '6881' + proto: tcp + +- name: Allow port 6881/udp + community.general.ufw: + rule: allow + port: '6881' + proto: udp + +- name: Startup UFW + community.general.ufw: + state: enabled + +- name: Copy fail2ban jail config + copy: + src: static/fail2ban/jails.local + dest: /etc/fail2ban/jail.d/jails.local + +- name: Enable fail2ban service + systemd: + name: fail2ban + enabled: yes + state: started \ No newline at end of file diff --git a/tasks/homer.yaml b/tasks/homer.yaml new file mode 100644 index 0000000..a396306 --- /dev/null +++ b/tasks/homer.yaml @@ -0,0 +1,15 @@ +--- +- name: Copy homer dir + copy: + src: static/homer + dest: /infra + owner: 1000 + +- name: Copy homer docker-compose + copy: + src: static/docker/homer.yaml + dest: /infra/homer/docker-compose.yaml + +- name: Build & start homer + community.docker.docker_compose: + project_src: /infra/homer \ No newline at end of file diff --git a/tasks/jackett.yaml b/tasks/jackett.yaml new file mode 100644 index 0000000..37f3587 --- /dev/null +++ b/tasks/jackett.yaml @@ -0,0 +1,22 @@ +--- +- name: Make jackett dir + file: + name: /infra/jackett/config + state: directory + owner: 1000 + +- name: Copy jackett config + copy: + src: static/Jackett + dest: /infra/jackett/config + owner: 1000 + force: no + +- name: Copy jackett docker-compose + copy: + src: static/docker/jackett.yaml + dest: /infra/jackett/docker-compose.yaml + +- name: Build & start jackett + community.docker.docker_compose: + project_src: /infra/jackett \ No newline at end of file diff --git a/tasks/jellyfin.yaml b/tasks/jellyfin.yaml new file mode 100644 index 0000000..d392c5f --- /dev/null +++ b/tasks/jellyfin.yaml @@ -0,0 +1,21 @@ +--- +- name: Make jellyfin dir + file: + name: /infra/jellyfin/config + state: directory + owner: 1000 + +- name: Copy jellyfin base config + copy: + src: static/jellyfin/network.xml + dest: /infra/jellyfin/config/network.xml + owner: 1000 + +- name: Copy jellyfin docker-compose + copy: + src: static/docker/jellyfin.yaml + dest: /infra/jellyfin/docker-compose.yaml + +- name: Build & start jellyfin + community.docker.docker_compose: + project_src: /infra/jellyfin \ No newline at end of file diff --git a/tasks/nginx.yaml b/tasks/nginx.yaml new file mode 100644 index 0000000..30ac9f9 --- /dev/null +++ b/tasks/nginx.yaml @@ -0,0 +1,74 @@ +--- +- name: Remove default nginx config + file: + name: /etc/nginx/sites-enabled + state: absent + +- name: Restore nginx/conf.d + file: + name: /etc/nginx/conf.d + state: directory + +- name: Install system nginx config + copy: + src: static/nginx/nginx.conf + dest: /etc/nginx/nginx.conf + +# helps with proxy-ing services +- name: Install nginx proxy-control.conf + copy: + src: static/nginx/proxy-control.conf + dest: /etc/nginx/proxy-control.conf + +- name: Install nginx restrict-conf.conf + template: + src: templates/nginx/restrict-auth.conf + dest: /etc/nginx/restrict-auth.conf + +- name: Install nginx config for site proxies + copy: + src: static/nginx/sites.conf + dest: /etc/nginx/conf.d/sites.conf + +# locks down services that shouldn't be public (if enabled) +- name: Install nginx passwd file + htpasswd: + path: /etc/nginx/passwdfile + name: "{{ auth_username }}" + password: "{{ auth_password }}" + owner: root + group: www-data + mode: 0640 + when: auth_enabled == "y" # only do it when the username is specified + +- name: Install updateDuckDNS + template: + src: templates/updateDuckDNS + dest: /infra/updateDuckDNS + mode: u+rx + when: duck_enabled == "y" + +# update duckdns daily +- name: Install DuckDNS cronjob + cron: + name: Update DuckDNS + minute: 0 + hour: 1 + job: /infra/updateDuckDNS + when: duck_enabled == "y" + +# go ahead and run the update (before running cerbot) +- name: Setup DuckDNS + shell: "/infra/updateDuckDNS" + when: duck_enabled == "y" + +# certbot is a life saver. thank you certbot devs! +- name: Setup certbot + shell: "certbot --nginx --non-interactive --agree-tos -m do_not_contact@proton.me -d {{ duck_domain }}" + when: duck_enabled == "y" + +- name: Reload Nginx + systemd: + name: nginx + enabled: yes + state: restarted \ No newline at end of file diff --git a/tasks/openbooks.yaml b/tasks/openbooks.yaml new file mode 100644 index 0000000..5c5e175 --- /dev/null +++ b/tasks/openbooks.yaml @@ -0,0 +1,21 @@ +--- +- name: Make downloads/books dir + file: + name: /infra/downloads/books + state: directory + owner: 1000 + +- name: Make openbooks dir + file: + name: /infra/openbooks + state: directory + owner: 1000 + +- name: Copy openbooks docker-compose + copy: + src: static/docker/openbooks.yaml + dest: /infra/openbooks/docker-compose.yaml + +- name: Build & start openbooks + community.docker.docker_compose: + project_src: /infra/openbooks \ No newline at end of file diff --git a/tasks/radarr.yaml b/tasks/radarr.yaml new file mode 100644 index 0000000..468857a --- /dev/null +++ b/tasks/radarr.yaml @@ -0,0 +1,16 @@ +--- +- name: Copy radarr dir + copy: + src: static/radarr + dest: /infra + owner: 1000 + force: no + +- name: Copy radarr docker-compose + copy: + src: static/docker/radarr.yaml + dest: /infra/radarr/docker-compose.yaml + +- name: Build & start radarr + community.docker.docker_compose: + project_src: /infra/radarr \ No newline at end of file diff --git a/tasks/sonarr.yaml b/tasks/sonarr.yaml new file mode 100644 index 0000000..1375367 --- /dev/null +++ b/tasks/sonarr.yaml @@ -0,0 +1,16 @@ +--- +- name: Copy sonarr dir + copy: + src: static/sonarr + dest: /infra + owner: 1000 + force: no + +- name: Copy sonarr docker-compose + copy: + src: static/docker/sonarr.yaml + dest: /infra/sonarr/docker-compose.yaml + +- name: Build & start sonarr + community.docker.docker_compose: + project_src: /infra/sonarr \ No newline at end of file diff --git a/templates/nginx/restrict-auth.conf b/templates/nginx/restrict-auth.conf new file mode 100644 index 0000000..472cf26 --- /dev/null +++ b/templates/nginx/restrict-auth.conf @@ -0,0 +1,8 @@ +{% if "y" == auth_enabled %} + satisfy any; + allow 127.0.0.1; + allow ::1; + deny all; + auth_basic "Restricted Content"; + auth_basic_user_file /etc/nginx/passwdfile; +{% endif %} \ No newline at end of file diff --git a/templates/updateDuckDNS b/templates/updateDuckDNS new file mode 100644 index 0000000..81629ae --- /dev/null +++ b/templates/updateDuckDNS @@ -0,0 +1,2 @@ +#!/bin/sh +curl -I https://duckdns.org/update/{{ duck_domain }}/{{ duck_token }} \ No newline at end of file