From 549f90201845862c7e8ea11a260b6439660cd8ba Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Tue, 3 Oct 2023 20:34:06 +0100 Subject: [PATCH 01/81] Update server-basics.yaml Add tmux - https://www.redhat.com/sysadmin/introduction-tmux-linux --- server-basics.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/server-basics.yaml b/server-basics.yaml index d2e1445..9895f1b 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -64,6 +64,7 @@ - intel-gpu-tools # for intel GPU usage, MIGHT NOT BE FOUND - firefox # browser - testdisk # life saver if your disk is a bit sus, so its a nice util to have handy + - tmux # terminal mulitplexor to mainly allow you to create a re-attachable session on the server. Google for more info on how to use - name: Install kubectx/kubens # https://github.com/ahmetb/kubectx From bd7050f2e8d6bbe7b4975e9deb7a3e805be596f9 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Tue, 10 Oct 2023 17:35:16 +0100 Subject: [PATCH 02/81] Update server-basics.yaml Add smartmontools for smartctl usage --- server-basics.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/server-basics.yaml b/server-basics.yaml index 9895f1b..d9cdb3b 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -65,6 +65,7 @@ - firefox # browser - testdisk # life saver if your disk is a bit sus, so its a nice util to have handy - tmux # terminal mulitplexor to mainly allow you to create a re-attachable session on the server. Google for more info on how to use + - smartmontools # to be able to use smartctl to get SMART data about storage devices - name: Install kubectx/kubens # https://github.com/ahmetb/kubectx From 017656222b836d08ec0d491e9d65d671ec10a5bc Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Wed, 11 Oct 2023 20:51:13 +0100 Subject: [PATCH 03/81] prometheus scrape config to scrape all services in all namespaces --- install-charts.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 8e33378..20e7e99 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -128,13 +128,14 @@ prometheus.prometheusSpec.probeSelectorNilUsesHelmValues=false,\ prometheus.prometheusSpec.probeSelectorNamespaceSelector=null,\ prometheus.prometheusSpec.probeSelector=null,\ + prometheus.prometheusSpec.additionalScrapeConfigs[0].job_name=kubernetes-service-scraper,\ + prometheus.prometheusSpec.additionalScrapeConfigs[0].kubernetes_sd_configs[0].role=service,\ grafana.persistence.enabled=true,\ grafana.adminUser={{ charts.services.kube_prometheus_stack.grafana.admin_username }},\ grafana.adminPassword={{ charts.services.kube_prometheus_stack.grafana.admin_password }},\ grafana.ingress.enabled=true,\ grafana.ingress.ingressClassName=nginx,\ - grafana.ingress.hosts={grafana.{{ domain_name }}},\ - grafana.ingress.enabled=true" + grafana.ingress.hosts={grafana.{{ domain_name }}}" - name: Restart pods to pick up any config updates include_tasks: tasks-kubernetes-delete-kind-instances.yaml From 1240b067e011620e669550164cb2c78f79b76d62 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Wed, 11 Oct 2023 21:45:29 +0100 Subject: [PATCH 04/81] add dashboard info for radarr and sonarr, and add grafana plugin for the same --- README.md | 7 +++++-- install-charts.yaml | 17 +++++++++++++++++ server-basics.yaml | 6 ++++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a4e0904..c7495ce 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ Use your own server sudo apt install software-properties-common sudo add-apt-repository --yes --update ppa:ansible/ansible sudo apt install ansible + ansible-galaxy collection install kubernetes.core ``` - #### Update the `group_vars/all` file to fill out the required information there @@ -96,12 +97,14 @@ Use your own server - #### After the installation - ##### Setup Grafana - - Add the recommended dashboards + - Add the recommended dashboards (Make sure you select the correct job in the variables section, you can default to `kubernetes-service-scraper`) - [Node Exporter Full](https://grafana.com/grafana/dashboards/1860) + - [Loki Kubernetes Logs](https://grafana.com/grafana/dashboards/15141) + - [Sonarr v3](https://grafana.com/grafana/dashboards/12530-sonarr-v3/) + - [Radarr v3](https://grafana.com/grafana/dashboards/12896-radarr-v3/) - [Pods (Aggregated view)](https://grafana.com/grafana/dashboards/8860) - [Monitor Pod CPU and Memory usage](https://grafana.com/grafana/dashboards/15055) - [Node Exporter for Prometheus Dashboard EN v20201010](https://grafana.com/grafana/dashboards/11074) - - [Loki Kubernetes Logs](https://grafana.com/grafana/dashboards/15141) - Would recommend adding a panel with the following query as it is useful to monitor pods as well - For average ``` diff --git a/install-charts.yaml b/install-charts.yaml index 20e7e99..6125d6b 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -137,6 +137,23 @@ grafana.ingress.ingressClassName=nginx,\ grafana.ingress.hosts={grafana.{{ domain_name }}}" + - name: Setup plugins for Grafana + block: + - name: Search for all Pods labelled app.kubernetes.io/name=grafana + kubernetes.core.k8s_info: + kind: Pod + label_selectors: + - app.kubernetes.io/name = grafana + register: output + + - name: Install piechart panel plugin for Grafana + kubernetes.core.k8s_exec: + namespace: "{{ namespace_monitoring }}" + pod: "{{ output.resources[0].metadata.name }}" + container: grafana + command: grafana cli plugins install grafana-piechart-panel + ignore_errors: True + - name: Restart pods to pick up any config updates include_tasks: tasks-kubernetes-delete-kind-instances.yaml vars: diff --git a/server-basics.yaml b/server-basics.yaml index d9cdb3b..45d8abd 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -67,6 +67,12 @@ - tmux # terminal mulitplexor to mainly allow you to create a re-attachable session on the server. Google for more info on how to use - smartmontools # to be able to use smartctl to get SMART data about storage devices + - name: Install pyyaml python package + ansible.builtin.pip: + name: + - pyyaml + - kubernetes + - name: Install kubectx/kubens # https://github.com/ahmetb/kubectx snap: From 4394b74732a1b8497231cf40d28f9b400352b24e Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Thu, 21 Dec 2023 10:47:46 +0000 Subject: [PATCH 05/81] Change ingress settings There is a new requirement to set a primary ingress per ingress CR from truecharts. This means that the old setup where "main" would automatically be selected as primary (without namechange) is no longer done. So to get aroudn that, every service now gets its own key under ingress (this is how the CR name is decided) and then is marked as primary. Its then used by other things (not relevant in my setup) for healthchecks. Either way, this works now. --- install-charts.yaml | 158 ++++++++++++++++++++++++++++---------------- 1 file changed, 102 insertions(+), 56 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 6125d6b..f900168 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -13,22 +13,12 @@ # of manifests for SCALE products I believe either way I dont need it: # - manifestManager.enabled=false helm_common_general: "\ - global.addMetalLBAnnotations=false,\ - global.addTraefikAnnotations=false,\ + global.metallb.addServiceAnnotations=false,\ + global.traefik.addServiceAnnotations=false,\ operator.verify.enabled=false,\ - manifestManager.enabled=false,\ workload.main.type=StatefulSet,\ podOptions.dnsConfig.nameservers={8.8.8.8,8.8.4.4}" - helm_common_ingress: "\ - ingress.main.enabled=true,\ - ingress.main.primary=false,\ - ingress.main.ingressClassName=nginx,\ - ingress.main.fixedMiddlewares={},\ - ingress.main.enableFixedMiddlewares=false,\ - ingress.main.hosts[0].paths[0].path='/',\ - ingress.main.hosts[0].paths[0].pathType='Prefix'" - helm_common_resources: "\ resources.requests.cpu={{ charts.resources.requests.cpu }},\ resources.requests.memory={{ charts.resources.requests.memory }},\ @@ -190,7 +180,6 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ securityContext.container.runAsUser=0,\ securityContext.container.privileged=true,\ securityContext.container.runAsNonRoot=false,\ @@ -202,9 +191,15 @@ persistence.dev.type=hostPath,\ persistence.dev.mountPath=/dev,\ persistence.dev.hostPath=/dev,\ - ingress.main.hosts[0].host='jellyfin.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=jellyfin,\ - ingress.main.hosts[0].paths[0].service.port=8096" + ingress.jellyfin.enabled=true,\ + ingress.jellyfin.primary=true,\ + ingress.jellyfin.ingressClassName=nginx,\ + ingress.jellyfin.integrations.traefik.enabled=false,\ + ingress.jellyfin.hosts[0].paths[0].path='/',\ + ingress.jellyfin.hosts[0].paths[0].pathType='Prefix',\ + ingress.jellyfin.hosts[0].host='jellyfin.{{ domain_name }}',\ + ingress.jellyfin.hosts[0].paths[0].service.name=jellyfin,\ + ingress.jellyfin.hosts[0].paths[0].service.port=8096" - debug: msg: > @@ -231,10 +226,15 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - ingress.main.hosts[0].host='qbittorrent.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=qbittorrent,\ - ingress.main.hosts[0].paths[0].service.port=10095" + ingress.qbittorrent.enabled=true,\ + ingress.qbittorrent.primary=true,\ + ingress.qbittorrent.ingressClassName=nginx,\ + ingress.qbittorrent.integrations.traefik.enabled=false,\ + ingress.qbittorrent.hosts[0].paths[0].path='/',\ + ingress.qbittorrent.hosts[0].paths[0].pathType='Prefix',\ + ingress.qbittorrent.hosts[0].host='qbittorrent.{{ domain_name }}',\ + ingress.qbittorrent.hosts[0].paths[0].service.name=qbittorrent,\ + ingress.qbittorrent.hosts[0].paths[0].service.port=10095" - debug: msg: > @@ -289,12 +289,17 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/prowlarr,\ - ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=prowlarr,\ - ingress.main.hosts[0].paths[0].service.port=9696" + ingress.prowlarr.enabled=true,\ + ingress.prowlarr.primary=true,\ + ingress.prowlarr.ingressClassName=nginx,\ + ingress.prowlarr.integrations.traefik.enabled=false,\ + ingress.prowlarr.hosts[0].paths[0].path='/',\ + ingress.prowlarr.hosts[0].paths[0].pathType='Prefix',\ + ingress.prowlarr.hosts[0].host='prowlarr.{{ domain_name }}',\ + ingress.prowlarr.hosts[0].paths[0].service.name=prowlarr,\ + ingress.prowlarr.hosts[0].paths[0].service.port=9696" - debug: msg: > @@ -328,12 +333,17 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/radarr,\ - ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=radarr,\ - ingress.main.hosts[0].paths[0].service.port=7878" + ingress.radarr.enabled=true,\ + ingress.radarr.primary=true,\ + ingress.radarr.ingressClassName=nginx,\ + ingress.radarr.integrations.traefik.enabled=false,\ + ingress.radarr.hosts[0].paths[0].path='/',\ + ingress.radarr.hosts[0].paths[0].pathType='Prefix',\ + ingress.radarr.hosts[0].host='radarr.{{ domain_name }}',\ + ingress.radarr.hosts[0].paths[0].service.name=radarr,\ + ingress.radarr.hosts[0].paths[0].service.port=7878" - debug: msg: > @@ -366,12 +376,17 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/sonarr,\ - ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=sonarr,\ - ingress.main.hosts[0].paths[0].service.port=8989" + ingress.sonarr.enabled=true,\ + ingress.sonarr.primary=true,\ + ingress.sonarr.ingressClassName=nginx,\ + ingress.sonarr.integrations.traefik.enabled=false,\ + ingress.sonarr.hosts[0].paths[0].path='/',\ + ingress.sonarr.hosts[0].paths[0].pathType='Prefix',\ + ingress.sonarr.hosts[0].host='sonarr.{{ domain_name }}',\ + ingress.sonarr.hosts[0].paths[0].service.name=sonarr,\ + ingress.sonarr.hosts[0].paths[0].service.port=8989" - debug: msg: > @@ -404,12 +419,17 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/bazarr,\ - ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=bazarr,\ - ingress.main.hosts[0].paths[0].service.port=6767" + ingress.bazarr.enabled=true,\ + ingress.bazarr.primary=true,\ + ingress.bazarr.ingressClassName=nginx,\ + ingress.bazarr.integrations.traefik.enabled=false,\ + ingress.bazarr.hosts[0].paths[0].path='/',\ + ingress.bazarr.hosts[0].paths[0].pathType='Prefix',\ + ingress.bazarr.hosts[0].host='bazarr.{{ domain_name }}',\ + ingress.bazarr.hosts[0].paths[0].service.name=bazarr,\ + ingress.bazarr.hosts[0].paths[0].service.port=6767" - debug: msg: > @@ -441,12 +461,17 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/readarr,\ - ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=readarr,\ - ingress.main.hosts[0].paths[0].service.port=8787" + ingress.readarr.enabled=true,\ + ingress.readarr.primary=true,\ + ingress.readarr.ingressClassName=nginx,\ + ingress.readarr.integrations.traefik.enabled=false,\ + ingress.readarr.hosts[0].paths[0].path='/',\ + ingress.readarr.hosts[0].paths[0].pathType='Prefix',\ + ingress.readarr.hosts[0].host='readarr.{{ domain_name }}',\ + ingress.readarr.hosts[0].paths[0].service.name=readarr,\ + ingress.readarr.hosts[0].paths[0].service.port=8787" - debug: msg: > @@ -478,12 +503,17 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/lidarr,\ - ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=lidarr,\ - ingress.main.hosts[0].paths[0].service.port=8686" + ingress.lidarr.enabled=true,\ + ingress.lidarr.primary=true,\ + ingress.lidarr.ingressClassName=nginx,\ + ingress.lidarr.integrations.traefik.enabled=false,\ + ingress.lidarr.hosts[0].paths[0].path='/',\ + ingress.lidarr.hosts[0].paths[0].pathType='Prefix',\ + ingress.lidarr.hosts[0].host='lidarr.{{ domain_name }}',\ + ingress.lidarr.hosts[0].paths[0].service.name=lidarr,\ + ingress.lidarr.hosts[0].paths[0].service.port=8686" - debug: msg: > @@ -508,10 +538,15 @@ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - ingress.main.hosts[0].host='ombi.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=ombi,\ - ingress.main.hosts[0].paths[0].service.port=3579" + ingress.ombi.enabled=true,\ + ingress.ombi.primary=true,\ + ingress.ombi.ingressClassName=nginx,\ + ingress.ombi.integrations.traefik.enabled=false,\ + ingress.ombi.hosts[0].paths[0].path='/',\ + ingress.ombi.hosts[0].paths[0].pathType='Prefix',\ + ingress.ombi.hosts[0].host='ombi.{{ domain_name }}',\ + ingress.ombi.hosts[0].paths[0].service.name=ombi,\ + ingress.ombi.hosts[0].paths[0].service.port=3579" - debug: msg: > @@ -538,12 +573,18 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ - ingress.main.hosts[0].host='librespeed.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=librespeed,\ - ingress.main.hosts[0].paths[0].service.port=10016" + ingress.librespeed.enabled=true,\ + ingress.librespeed.primary=true,\ + ingress.librespeed.ingressClassName=nginx,\ + ingress.librespeed.integrations.traefik.enabled=false,\ + ingress.librespeed.hosts[0].paths[0].path='/',\ + ingress.librespeed.hosts[0].paths[0].pathType='Prefix',\ + ingress.librespeed.primary=true,\ + ingress.librespeed.hosts[0].host='librespeed.{{ domain_name }}',\ + ingress.librespeed.hosts[0].paths[0].service.name=librespeed,\ + ingress.librespeed.hosts[0].paths[0].service.port=10016" - debug: msg: > @@ -568,12 +609,17 @@ {{ helm_common_persistence }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ - ingress.main.hosts[0].host='calibre-web.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=calibre-web,\ - ingress.main.hosts[0].paths[0].service.port=8083" + ingress.calibre-web.enabled=true,\ + ingress.calibre-web.primary=true,\ + ingress.calibre-web.ingressClassName=nginx,\ + ingress.calibre-web.integrations.traefik.enabled=false,\ + ingress.calibre-web.hosts[0].paths[0].path='/',\ + ingress.calibre-web.hosts[0].paths[0].pathType='Prefix',\ + ingress.calibre-web.hosts[0].host='calibre-web.{{ domain_name }}',\ + ingress.calibre-web.hosts[0].paths[0].service.name=calibre-web,\ + ingress.calibre-web.hosts[0].paths[0].service.port=8083" - debug: msg: > From 0aa96ca6d226eddd16065e028a547ec575a66a25 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Thu, 21 Dec 2023 10:50:08 +0000 Subject: [PATCH 06/81] Disabled exportarr for bazarr, there seems to be a bug with api keys not being set --- install-charts.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/install-charts.yaml b/install-charts.yaml index f900168..40f7dc1 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -421,6 +421,7 @@ {{ helm_common_resources }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/bazarr,\ + metrics.main.enabled=false,\ ingress.bazarr.enabled=true,\ ingress.bazarr.primary=true,\ ingress.bazarr.ingressClassName=nginx,\ From 184c385665f8094a43d27c66e571783bef9019e0 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:45:47 +0000 Subject: [PATCH 07/81] Revert "Change ingress settings" This reverts commit 4394b74732a1b8497231cf40d28f9b400352b24e and adds some more flags This has been fixed in upstream: https://github.com/truecharts/library-charts/commit/dd3d37310753865cc9066b9a71ef57e42360d448 add explicit name override, primary to true and disable traefik integration --- install-charts.yaml | 153 +++++++++++++++----------------------------- 1 file changed, 53 insertions(+), 100 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 40f7dc1..e31bff7 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -19,6 +19,15 @@ workload.main.type=StatefulSet,\ podOptions.dnsConfig.nameservers={8.8.8.8,8.8.4.4}" + helm_common_ingress: "\ + ingress.main.enabled=true,\ + ingress.main.primary=true,\ + ingress.main.expandObjectName=true,\ + ingress.main.ingressClassName=nginx,\ + ingress.main.integrations.traefik.enabled=false,\ + ingress.main.hosts[0].paths[0].path='/',\ + ingress.main.hosts[0].paths[0].pathType='Prefix'" + helm_common_resources: "\ resources.requests.cpu={{ charts.resources.requests.cpu }},\ resources.requests.memory={{ charts.resources.requests.memory }},\ @@ -180,6 +189,7 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ securityContext.container.runAsUser=0,\ securityContext.container.privileged=true,\ securityContext.container.runAsNonRoot=false,\ @@ -191,15 +201,9 @@ persistence.dev.type=hostPath,\ persistence.dev.mountPath=/dev,\ persistence.dev.hostPath=/dev,\ - ingress.jellyfin.enabled=true,\ - ingress.jellyfin.primary=true,\ - ingress.jellyfin.ingressClassName=nginx,\ - ingress.jellyfin.integrations.traefik.enabled=false,\ - ingress.jellyfin.hosts[0].paths[0].path='/',\ - ingress.jellyfin.hosts[0].paths[0].pathType='Prefix',\ - ingress.jellyfin.hosts[0].host='jellyfin.{{ domain_name }}',\ - ingress.jellyfin.hosts[0].paths[0].service.name=jellyfin,\ - ingress.jellyfin.hosts[0].paths[0].service.port=8096" + ingress.main.hosts[0].host='jellyfin.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=jellyfin,\ + ingress.main.hosts[0].paths[0].service.port=8096" - debug: msg: > @@ -226,15 +230,10 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ - ingress.qbittorrent.enabled=true,\ - ingress.qbittorrent.primary=true,\ - ingress.qbittorrent.ingressClassName=nginx,\ - ingress.qbittorrent.integrations.traefik.enabled=false,\ - ingress.qbittorrent.hosts[0].paths[0].path='/',\ - ingress.qbittorrent.hosts[0].paths[0].pathType='Prefix',\ - ingress.qbittorrent.hosts[0].host='qbittorrent.{{ domain_name }}',\ - ingress.qbittorrent.hosts[0].paths[0].service.name=qbittorrent,\ - ingress.qbittorrent.hosts[0].paths[0].service.port=10095" + {{ helm_common_ingress }},\ + ingress.main.hosts[0].host='qbittorrent.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=qbittorrent,\ + ingress.main.hosts[0].paths[0].service.port=10095" - debug: msg: > @@ -289,17 +288,12 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/prowlarr,\ - ingress.prowlarr.enabled=true,\ - ingress.prowlarr.primary=true,\ - ingress.prowlarr.ingressClassName=nginx,\ - ingress.prowlarr.integrations.traefik.enabled=false,\ - ingress.prowlarr.hosts[0].paths[0].path='/',\ - ingress.prowlarr.hosts[0].paths[0].pathType='Prefix',\ - ingress.prowlarr.hosts[0].host='prowlarr.{{ domain_name }}',\ - ingress.prowlarr.hosts[0].paths[0].service.name=prowlarr,\ - ingress.prowlarr.hosts[0].paths[0].service.port=9696" + ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=prowlarr,\ + ingress.main.hosts[0].paths[0].service.port=9696" - debug: msg: > @@ -333,17 +327,12 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/radarr,\ - ingress.radarr.enabled=true,\ - ingress.radarr.primary=true,\ - ingress.radarr.ingressClassName=nginx,\ - ingress.radarr.integrations.traefik.enabled=false,\ - ingress.radarr.hosts[0].paths[0].path='/',\ - ingress.radarr.hosts[0].paths[0].pathType='Prefix',\ - ingress.radarr.hosts[0].host='radarr.{{ domain_name }}',\ - ingress.radarr.hosts[0].paths[0].service.name=radarr,\ - ingress.radarr.hosts[0].paths[0].service.port=7878" + ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=radarr,\ + ingress.main.hosts[0].paths[0].service.port=7878" - debug: msg: > @@ -376,17 +365,12 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/sonarr,\ - ingress.sonarr.enabled=true,\ - ingress.sonarr.primary=true,\ - ingress.sonarr.ingressClassName=nginx,\ - ingress.sonarr.integrations.traefik.enabled=false,\ - ingress.sonarr.hosts[0].paths[0].path='/',\ - ingress.sonarr.hosts[0].paths[0].pathType='Prefix',\ - ingress.sonarr.hosts[0].host='sonarr.{{ domain_name }}',\ - ingress.sonarr.hosts[0].paths[0].service.name=sonarr,\ - ingress.sonarr.hosts[0].paths[0].service.port=8989" + ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=sonarr,\ + ingress.main.hosts[0].paths[0].service.port=8989" - debug: msg: > @@ -419,18 +403,13 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/bazarr,\ metrics.main.enabled=false,\ - ingress.bazarr.enabled=true,\ - ingress.bazarr.primary=true,\ - ingress.bazarr.ingressClassName=nginx,\ - ingress.bazarr.integrations.traefik.enabled=false,\ - ingress.bazarr.hosts[0].paths[0].path='/',\ - ingress.bazarr.hosts[0].paths[0].pathType='Prefix',\ - ingress.bazarr.hosts[0].host='bazarr.{{ domain_name }}',\ - ingress.bazarr.hosts[0].paths[0].service.name=bazarr,\ - ingress.bazarr.hosts[0].paths[0].service.port=6767" + ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=bazarr,\ + ingress.main.hosts[0].paths[0].service.port=6767" - debug: msg: > @@ -462,17 +441,12 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/readarr,\ - ingress.readarr.enabled=true,\ - ingress.readarr.primary=true,\ - ingress.readarr.ingressClassName=nginx,\ - ingress.readarr.integrations.traefik.enabled=false,\ - ingress.readarr.hosts[0].paths[0].path='/',\ - ingress.readarr.hosts[0].paths[0].pathType='Prefix',\ - ingress.readarr.hosts[0].host='readarr.{{ domain_name }}',\ - ingress.readarr.hosts[0].paths[0].service.name=readarr,\ - ingress.readarr.hosts[0].paths[0].service.port=8787" + ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=readarr,\ + ingress.main.hosts[0].paths[0].service.port=8787" - debug: msg: > @@ -504,17 +478,12 @@ {{ helm_common_security_contexts }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/lidarr,\ - ingress.lidarr.enabled=true,\ - ingress.lidarr.primary=true,\ - ingress.lidarr.ingressClassName=nginx,\ - ingress.lidarr.integrations.traefik.enabled=false,\ - ingress.lidarr.hosts[0].paths[0].path='/',\ - ingress.lidarr.hosts[0].paths[0].pathType='Prefix',\ - ingress.lidarr.hosts[0].host='lidarr.{{ domain_name }}',\ - ingress.lidarr.hosts[0].paths[0].service.name=lidarr,\ - ingress.lidarr.hosts[0].paths[0].service.port=8686" + ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=lidarr,\ + ingress.main.hosts[0].paths[0].service.port=8686" - debug: msg: > @@ -539,15 +508,10 @@ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ {{ helm_common_resources }},\ - ingress.ombi.enabled=true,\ - ingress.ombi.primary=true,\ - ingress.ombi.ingressClassName=nginx,\ - ingress.ombi.integrations.traefik.enabled=false,\ - ingress.ombi.hosts[0].paths[0].path='/',\ - ingress.ombi.hosts[0].paths[0].pathType='Prefix',\ - ingress.ombi.hosts[0].host='ombi.{{ domain_name }}',\ - ingress.ombi.hosts[0].paths[0].service.name=ombi,\ - ingress.ombi.hosts[0].paths[0].service.port=3579" + {{ helm_common_ingress }},\ + ingress.main.hosts[0].host='ombi.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=ombi,\ + ingress.main.hosts[0].paths[0].service.port=3579" - debug: msg: > @@ -574,18 +538,12 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ - ingress.librespeed.enabled=true,\ - ingress.librespeed.primary=true,\ - ingress.librespeed.ingressClassName=nginx,\ - ingress.librespeed.integrations.traefik.enabled=false,\ - ingress.librespeed.hosts[0].paths[0].path='/',\ - ingress.librespeed.hosts[0].paths[0].pathType='Prefix',\ - ingress.librespeed.primary=true,\ - ingress.librespeed.hosts[0].host='librespeed.{{ domain_name }}',\ - ingress.librespeed.hosts[0].paths[0].service.name=librespeed,\ - ingress.librespeed.hosts[0].paths[0].service.port=10016" + ingress.main.hosts[0].host='librespeed.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=librespeed,\ + ingress.main.hosts[0].paths[0].service.port=10016" - debug: msg: > @@ -610,17 +568,12 @@ {{ helm_common_persistence }},\ {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ - ingress.calibre-web.enabled=true,\ - ingress.calibre-web.primary=true,\ - ingress.calibre-web.ingressClassName=nginx,\ - ingress.calibre-web.integrations.traefik.enabled=false,\ - ingress.calibre-web.hosts[0].paths[0].path='/',\ - ingress.calibre-web.hosts[0].paths[0].pathType='Prefix',\ - ingress.calibre-web.hosts[0].host='calibre-web.{{ domain_name }}',\ - ingress.calibre-web.hosts[0].paths[0].service.name=calibre-web,\ - ingress.calibre-web.hosts[0].paths[0].service.port=8083" + ingress.main.hosts[0].host='calibre-web.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=calibre-web,\ + ingress.main.hosts[0].paths[0].service.port=8083" - debug: msg: > From 072165173f32295972579bf846f70963752c1f27 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 24 Dec 2023 21:12:10 +0000 Subject: [PATCH 08/81] add info about trackt for jellyfin --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index c7495ce..223553c 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,19 @@ Use your own server - Recommend not selecting ```HEVC 10bit``` because for some reason that breaks it - Defaults to CPU/software encoding if hardware acceleration does not work for a file, I think. - More infomarmation on their [Jellyfin's page for Hardware Acceleration](https://jellyfin.org/docs/general/administration/hardware-acceleration.html) + - Add any plugins you may want + - [Trackt](https://trakt.tv/dashboard) + - To track the shows you watch + - Create a Trackt account + - Go to ``Admin > Dashboard > Plugins > Catalogue`` + - Enable Trackt + - Restart Jellyfin (Shutdown server from the `Dashboard` and k8s will restart, or delete the pod) + - Go to ``Admin > Dashboard > Plugins > Trackt`` + - Select the user + - `Authorize Device` + - Follow onscreen instructions + - Go to ``Admin > Dashboard > Scheduled Tasks > Trackt`` + - Create a daily scheduled task for importing data from and exporting data to tract.tv - ##### Setup qBittorrent - Default login credentials are admin/adminadmin From bfb6ce8a1365e0a0f1d8c69c54185c884777555b Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 31 Dec 2023 00:03:05 +0000 Subject: [PATCH 09/81] README update --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 223553c..800a30b 100644 --- a/README.md +++ b/README.md @@ -251,6 +251,7 @@ Use your own server Anidex Add with higher priority, example "1", since it has good english subtitled content Add "flaresolverr" tag + AniRena Nyaa.si Tokyo Toshokan ``` @@ -296,6 +297,7 @@ Use your own server - Go to ``Settings > Provider`` and add providers for subtitles - Decent options are: - Opensubtitles.com + - Opensubtitles.org - TVSubtitles - YIFY Subtitles - Supersubtitles From 80a54d62483637c5e4b685d5a48188c159cc7893 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 31 Dec 2023 16:55:18 +0000 Subject: [PATCH 10/81] add Bangumi Moe --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 800a30b..4c18262 100644 --- a/README.md +++ b/README.md @@ -251,6 +251,7 @@ Use your own server Anidex Add with higher priority, example "1", since it has good english subtitled content Add "flaresolverr" tag + Bangumi Moe AniRena Nyaa.si Tokyo Toshokan From 57b8bc037e06da3901f6c4b7aedbfabf29848656 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 20 Jan 2024 16:57:56 +0000 Subject: [PATCH 11/81] Add logic for using OCI registries --- install-charts.yaml | 26 +++++++++++++------------- tasks-install-chart.yaml | 26 ++++++++++++++++++++------ 2 files changed, 33 insertions(+), 19 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index e31bff7..7c40d35 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -173,7 +173,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: jellyfin @@ -219,7 +219,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: qbittorrent @@ -250,7 +250,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: flaresolverr @@ -277,7 +277,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: prowlarr @@ -316,7 +316,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: radarr @@ -354,7 +354,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: sonarr @@ -392,7 +392,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: bazarr @@ -430,7 +430,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: readarr @@ -467,7 +467,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: lidarr @@ -498,7 +498,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: ombi @@ -527,7 +527,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: librespeed @@ -556,7 +556,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: calibre-web @@ -588,7 +588,7 @@ include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: https://charts.truecharts.org + repo_link: oci://tccr.io/truecharts install_namespace: "{{ namespace_generic_services }}" timeout: "{{ charts.timeout }}" release_name: calibre diff --git a/tasks-install-chart.yaml b/tasks-install-chart.yaml index a800545..00cc62a 100644 --- a/tasks-install-chart.yaml +++ b/tasks-install-chart.yaml @@ -1,11 +1,25 @@ - name: Install {{ release_name }} block: - - name: "Add helm repo {{ repo_name }} {{ repo_link }}" - shell: "helm repo add {{ repo_name }} {{ repo_link }}" - ignore_errors: True + - name: "Non-OCI Registry Workflow" + when: "not 'oci' in repo_link" + block: + - name: "Add helm repo {{ repo_name }} {{ repo_link }}" + shell: "helm repo add {{ repo_name }} {{ repo_link }}" + ignore_errors: True - - name: Update helm repo - shell: helm repo update + - name: Update helm repo + shell: helm repo update + + - name: "Set chart location to {{ repo_name }}/{{ chart_name }}" + set_fact: + chart_location: "{{ repo_name }}/{{ chart_name }}" + + - name: "OCI Registry Workflow" + when: "'oci' in repo_link" + block: + - name: "Set chart location to {{ repo_link }}/{{ chart_name }}" + set_fact: + chart_location: "{{ repo_link }}/{{ chart_name }}" - name: Install chart - shell: "helm upgrade -i -n {{ install_namespace }} {{ release_name }} {{ repo_name }}/{{ chart_name }} {{ set_options }} --timeout {{ timeout }} --create-namespace --wait" + shell: "helm upgrade -i -n {{ install_namespace }} {{ release_name }} {{ chart_location }} {{ set_options }} --timeout {{ timeout }} --create-namespace --wait" From 81555746ec55b1e5971880ff2f5efd6a5b8d5679 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Tue, 23 Jan 2024 21:20:46 +0000 Subject: [PATCH 12/81] Add flaresolverr to 1337x --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4c18262..bc278b6 100644 --- a/README.md +++ b/README.md @@ -242,6 +242,7 @@ Use your own server - Standard ``` 1337x + Add "flaresolverr" tag LimeTorrents The Pirate Bay EZTV From e845f331302787445764856d9002af51b7be7157 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 27 Jan 2024 10:34:27 +0000 Subject: [PATCH 13/81] add comments to packages --- server-basics.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/server-basics.yaml b/server-basics.yaml index 45d8abd..4b876aa 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -40,19 +40,19 @@ state: latest ignore_errors: yes loop: - - git - - curl - - vim - - python3 - - python3-pip + - git # git + - curl # curl webpage + - vim # text editor + - python3 # python + - python3-pip # pip - htop # for top resource usage - iotop # for top io usage - lm-sensors - - stress - - vlc - - jq - - net-tools - - speedtest-cli + - stress # stress tests + - vlc # media player + - jq # json parse + - net-tools # for ifconfig + - speedtest-cli # for speedtests - w3m - ufw #firewall - fio # for disk tests From 28de34cf8c95008e55b33225c8b9059787b9a55d Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 27 Jan 2024 12:01:33 +0000 Subject: [PATCH 14/81] README updates --- README.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index bc278b6..a55db93 100644 --- a/README.md +++ b/README.md @@ -154,6 +154,7 @@ Use your own server - Change the default login details - Go to ``Tools > Options > Web UI > Authentication`` - Set default download location to one the mentioned directories (or make sure to put it in the right directory when downloading for ease) + - Go to ``Tools > Options > Downloads > Default Save Path`` - Recommend using ``/media/data/downloads`` - Set seeding limits - Recommend seeding limits for when seeding ratio hits "0". It is under ``Tools > Options > BitTorrent > Seeding Limits`` @@ -194,7 +195,8 @@ Use your own server - Go to ``Settings`` and click on ``Show Advanced`` - Enable authentication - Go to ``Settings > General`` - - Set Authentication to `Forms (Login Page)` + - Set `Authentication` to `Forms (Login Page)` + - Set `Authentication Required` to `Enabled` - Set username and password for access - Add torrent client - Go to ``Settings > Download Clients > Add > qBittorent > Custom`` @@ -229,7 +231,8 @@ Use your own server - ##### Setup Prowlarr - Enable authentication - Go to ``Settings > General`` - - Set Authentication to `Forms (Login Page)` + - Set `Authentication` to `Forms (Login Page)` + - Set `Authentication Required` to `Enabled` - Set username and password for access - Add `FlareSolverr` service as a proxy, refer to [this](https://trash-guides.info/Prowlarr/prowlarr-setup-flaresolverr/) guide for help - Go to ``Settings > Indexers`` @@ -337,12 +340,12 @@ Use your own server - Setup additional users - Give the following roles to *trusted* users for convinience ``` - AutoApproveMusic - RequestMovie - AutoApproveTv - RequestMusic - AutoApproveMovie - RequestTv + Request Tv + Request Movie + Request Music + Auto Approve Tv + Auto Approve Movie + Auto Approve Music ``` - ##### Setup Minikube for remote access From c1f1e7340676a8d8e014267f4e179f4fb84e6a66 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 27 Jan 2024 12:26:43 +0000 Subject: [PATCH 15/81] qbittorrent doesnt use adminadmin for default password, add logic to output random password to screen on new install --- README.md | 4 +++- install-charts.yaml | 14 +++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a55db93..e922135 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,9 @@ Use your own server - Create a daily scheduled task for importing data from and exporting data to tract.tv - ##### Setup qBittorrent - - Default login credentials are admin/adminadmin + - Default login credentials are randomly generated, you need to look at ansible logs to get the default login credentials. + - Look for the substring `You can log into qBittorrent` in the logs to find the creds in the form `admin/` + - If `` is not seen, that means that a password was found to be set already and that a randomly generated password was not used. Please try to remeber the password or reinstall to override configuration to use default passwords again. - Change the default login details - Go to ``Tools > Options > Web UI > Authentication`` - Set default download location to one the mentioned directories (or make sure to put it in the right directory when downloading for ease) diff --git a/install-charts.yaml b/install-charts.yaml index 7c40d35..8034d7f 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -235,10 +235,22 @@ ingress.main.hosts[0].paths[0].service.name=qbittorrent,\ ingress.main.hosts[0].paths[0].service.port=10095" + - name: Search for qbittorent pod + kubernetes.core.k8s_info: + kind: Pod + label_selectors: + - app.kubernetes.io/instance = qbittorrent + - app.kubernetes.io/name = qbittorrent + register: output + + - name: Get randomly generated password from qbittorrent pod logs + shell: "kubectl logs {{ output.resources[0].metadata.name }} | grep -i 'temporary password' | cut -d ':' -f 2 | tr -d ' '" + register: qbittorrent_random_password + - debug: msg: > You can log into qBittorrent at 'qbittorrent.{{ domain_name }}' using - admin/adminadmin as the default creds. Change this after deployment. + "admin/{{ qbittorrent_random_password.stdout }}" as the default creds. Change this after deployment. '{{ dir_home }}' from the host is available under '/media' and can be used by the application to download things. Downloading in the directories under {{ dir_data }} will be picked up by Jellyfin. From 0f2f62cfa50396ebebbf1078129ab58b608f66f4 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Sun, 4 Feb 2024 11:28:57 +0000 Subject: [PATCH 16/81] Update README.md Remove opensubstitles.org, deprecation notice on bazarr --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index e922135..e569cb6 100644 --- a/README.md +++ b/README.md @@ -304,7 +304,6 @@ Use your own server - Go to ``Settings > Provider`` and add providers for subtitles - Decent options are: - Opensubtitles.com - - Opensubtitles.org - TVSubtitles - YIFY Subtitles - Supersubtitles From 719f5306df45244b7ff6db4ce930b60d213f1d69 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 12 May 2024 16:55:04 +0100 Subject: [PATCH 17/81] Quality adjustment recommendations --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index e569cb6..6fd2f95 100644 --- a/README.md +++ b/README.md @@ -218,6 +218,11 @@ Use your own server | Radarr | ``/media/data/movies/`` | | Lidarr | ``/media/data/music/`` | - Enable renaming + - Adjust quality definitions + - Go to ``Settings > Quality`` + - Set the ``Size Limit`` or ``Megabytes Per Minute`` (or equivalent) to appropriate numbers + - This will ensure your downloads are not "too big" + - For movies and shows, ``2-3GiB/h`` would usually be sufficient as the ``Preferred`` value, and you can leave the ``Max`` value a bit higher to ensure a better chance of download grabs - Readarr specific config - Go to ``Settings > Media Management`` From 5aa754af9fcad070e0c3cfa77abf17cb21c3c26d Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Jun 2024 22:33:29 +0100 Subject: [PATCH 18/81] disable portal.open.enabled as it is not required for this setup --- install-charts.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/install-charts.yaml b/install-charts.yaml index 8034d7f..a816206 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -15,6 +15,7 @@ helm_common_general: "\ global.metallb.addServiceAnnotations=false,\ global.traefik.addServiceAnnotations=false,\ + portal.open.enabled=false,\ operator.verify.enabled=false,\ workload.main.type=StatefulSet,\ podOptions.dnsConfig.nameservers={8.8.8.8,8.8.4.4}" From 529bff04fb64bef4f9d93d572d4908f6548d2fb9 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Jun 2024 23:10:26 +0100 Subject: [PATCH 19/81] add hwinfo --- server-basics.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server-basics.yaml b/server-basics.yaml index 4b876aa..58affb7 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -66,7 +66,7 @@ - testdisk # life saver if your disk is a bit sus, so its a nice util to have handy - tmux # terminal mulitplexor to mainly allow you to create a re-attachable session on the server. Google for more info on how to use - smartmontools # to be able to use smartctl to get SMART data about storage devices - + - hwinfo # hardware info - name: Install pyyaml python package ansible.builtin.pip: name: From 120e9dd2f346869be2b32de89ecdaab8ff11f3c3 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 30 Jun 2024 14:53:02 +0100 Subject: [PATCH 20/81] update kubectl install with upstream instructions --- install-cn-basics.yaml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/install-cn-basics.yaml b/install-cn-basics.yaml index ce7e7e2..3cf9bd5 100644 --- a/install-cn-basics.yaml +++ b/install-cn-basics.yaml @@ -54,14 +54,22 @@ - apt-transport-https - curl - ca-certificates + - gnupg - - name: Download google cloud public signing key + - name: Create keyrings dir if it doesnt exist become: true - shell: curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + + - name: Download the public signing key for the Kubernetes package repositories + become: true + shell: curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --batch --yes --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg && chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg - name: Add the Kubernetes apt repository become: true - shell: echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list + shell: echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list && chmod 644 /etc/apt/sources.list.d/kubernetes.list - name: Install kubectl become: true From ab00765672612f736d3941c0bd0f2c329ec8a707 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Wed, 3 Jul 2024 09:52:59 +0100 Subject: [PATCH 21/81] Update var for info on memory requirements --- group_vars/all | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all b/group_vars/all index 0af1e04..a736f7d 100644 --- a/group_vars/all +++ b/group_vars/all @@ -119,6 +119,7 @@ minikube: # cli param values for minikube # This cant be less than 2, it is the minimum required for kubernetes cpus: "max" # This cant be less than 1800, it is the minimum required for kubernetes + # Leave at least 2000MB as headroom for the OS to run (system_max - 2000MB) memory: "6000" disk_size: "50gb" nodes: "1" From 1511402229cd73e3fc3024a84bf624a27dd3a30a Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Wed, 17 Jul 2024 23:40:34 +0100 Subject: [PATCH 22/81] Update README.md Adds instructions to setup downloads for original language only --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6fd2f95..b1b2596 100644 --- a/README.md +++ b/README.md @@ -223,7 +223,16 @@ Use your own server - Set the ``Size Limit`` or ``Megabytes Per Minute`` (or equivalent) to appropriate numbers - This will ensure your downloads are not "too big" - For movies and shows, ``2-3GiB/h`` would usually be sufficient as the ``Preferred`` value, and you can leave the ``Max`` value a bit higher to ensure a better chance of download grabs - + - Radarr/Sonarr specific config + - Enforce downloads of original language media only + - Go to ``Settings > Custom Formats`` + - Add a new Custom Format with ``Language`` Condition + - Set ``Language: Original`` + - Set ``Required: True`` + - Go to ``Settings > Profiles`` + - Select all [relevant] profiles and set the following + - ``Minimum Custom Format Score`` to ``1`` (sum of the custom formats scores, in this case, 1) + - Your new Custom Format's score to be ``1`` - Readarr specific config - Go to ``Settings > Media Management`` - Add root folder (you cannot edit an existing one) From 2f5fb2644d6b3a448f925a9ceb586241c228c891 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Fri, 26 Jul 2024 11:00:30 +0100 Subject: [PATCH 23/81] Update README.md for language settings in sonarr/radarr --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b1b2596..5b89b65 100644 --- a/README.md +++ b/README.md @@ -224,15 +224,15 @@ Use your own server - This will ensure your downloads are not "too big" - For movies and shows, ``2-3GiB/h`` would usually be sufficient as the ``Preferred`` value, and you can leave the ``Max`` value a bit higher to ensure a better chance of download grabs - Radarr/Sonarr specific config - - Enforce downloads of original language media only + - [EXPERIMENTAL] Enforce downloads of original language media only - Go to ``Settings > Custom Formats`` - Add a new Custom Format with ``Language`` Condition - Set ``Language: Original`` - Set ``Required: True`` - Go to ``Settings > Profiles`` - Select all [relevant] profiles and set the following - - ``Minimum Custom Format Score`` to ``1`` (sum of the custom formats scores, in this case, 1) - - Your new Custom Format's score to be ``1`` + - ``Minimum Custom Format Score`` to ``0`` (sum of the custom formats scores) + - Your new Custom Format's score to be ``-1000`` (something crazy low) - Readarr specific config - Go to ``Settings > Media Management`` - Add root folder (you cannot edit an existing one) From dccf693f128f6905f4d21413a31e109adc8a28d2 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 25 Nov 2024 21:16:27 +0000 Subject: [PATCH 24/81] Add jellyseerr support Ill be using this instead of Ombi for the time being so support for Ombi will be lacking because of this --- README.md | 30 ++++++++++++++++++++++++++++++ group_vars/all | 15 +++++++++------ install-charts.yaml | 29 ++++++++++++++++++++++++++++- 3 files changed, 67 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 5b89b65..b5f064d 100644 --- a/README.md +++ b/README.md @@ -326,6 +326,36 @@ Use your own server - NOTE: - If it doesnt work, manually restart the pod few times. It just works, not sure why. If that doesnt work, try reinstalling. + - ##### Setup Jellyseerr + - One stop shop for Sonarr/Radarr requests + - Run the first time setup for Jellyfin + - `Choose Server Type` + - Select `Jellyfin` + - `Account sign in` + - Jellyfin URL: `http://jellfin:8096` + - Email Address: `` + - Username: `` + - Password: `` + - You can then login using your Jellyfin credentials + - If you do not wish to do so, set a local user password by editing your account under `Users` to login with your email ID instead + - `Configure Media Server` + - Click on `Sync Libraries` + - Enable all Libraries that get listed + - Also run a manual scan + - `Configure Services` + - Setup all the services + - Use the correct API keys, hostnames and ports for the services + | Service Name | Port | + |--------------|------| + | jellyfin | 8096 | + | sonarr | 8989 | + | radarr | 7878 | + - Quality profile can be `HD-1080p` or `HD - 720/1080p` + - Select the applicable root folders + - Check relevant options that suit your needs + - Go to `Users` and either add new users or import from Jellyfin directly + - Give them `Auto approve` and `Request` permissions for ease where applicable + - ##### Setup Ombi - One stop shop for Sonarr/Radarr/Lidarr requests - Get the API keys for Jellyfin, Sonarr and Radarr diff --git a/group_vars/all b/group_vars/all index a736f7d..29d21f3 100644 --- a/group_vars/all +++ b/group_vars/all @@ -88,18 +88,21 @@ charts: # subtitle hunting bazarr: enabled: True + # movie and show interface + overseerr: + enabled: True + # speed test to server + librespeed: + enabled: True + # movie, show and music interface + ombi: + enabled: False # book monitoring readarr: enabled: False # music monitoring lidarr: enabled: False - # movie and show interface - ombi: - enabled: True - # speed test to server - librespeed: - enabled: True # book client calibre_web: enabled: False diff --git a/install-charts.yaml b/install-charts.yaml index a816206..1b19a67 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -525,7 +525,6 @@ ingress.main.hosts[0].host='ombi.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=ombi,\ ingress.main.hosts[0].paths[0].service.port=3579" - - debug: msg: > You can log into ombi at 'ombi.{{ domain_name }}'. @@ -533,6 +532,34 @@ ombi. If need be, delete any existing server and go to the URL mention above once again to setup a new server. + - name: Install jellyseerr + when: charts.services.jellyseerr.enabled + block: + - name: Install/Upgrade the jellyseerr chart + include_tasks: tasks-install-chart.yaml + vars: + repo_name: TrueCharts + repo_link: oci://tccr.io/truecharts + install_namespace: "{{ namespace_generic_services }}" + timeout: "{{ charts.timeout }}" + release_name: jellyseerr + chart_name: jellyseerr + set_options: "--set \ + {{ helm_common_general }},\ + {{ helm_common_persistence }},\ + {{ helm_common_security_contexts }},\ + {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ + ingress.main.hosts[0].host='jellyseerr.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=jellyseerr,\ + ingress.main.hosts[0].paths[0].service.port=5055" + - debug: + msg: > + You can log into jellyseerr at 'jellyseerr.{{ domain_name }}'. + '{{ dir_home }}' is available under '/media' and can be used by + jellyseerr. If need be, delete any existing server and go to the + URL mention above once again to setup a new server. + - name: Install librespeed when: charts.services.librespeed.enabled block: From d83a8f46a1f978d4bba53f57d032e4e4a46e8b3a Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 25 Nov 2024 22:41:53 +0000 Subject: [PATCH 25/81] add note about hardlinks instead of copy --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b5f064d..9f08f59 100644 --- a/README.md +++ b/README.md @@ -233,6 +233,8 @@ Use your own server - Select all [relevant] profiles and set the following - ``Minimum Custom Format Score`` to ``0`` (sum of the custom formats scores) - Your new Custom Format's score to be ``-1000`` (something crazy low) + - Go to ``Settings > Media Management`` + - Make sure ``Use Hardlinks instead of Copy`` is enabled - Readarr specific config - Go to ``Settings > Media Management`` - Add root folder (you cannot edit an existing one) From 7913acbc21eed442a713411ba74377215892b447 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 25 Nov 2024 22:48:24 +0000 Subject: [PATCH 26/81] fix typo in vars --- group_vars/all | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/all b/group_vars/all index 29d21f3..100fb8f 100644 --- a/group_vars/all +++ b/group_vars/all @@ -89,7 +89,7 @@ charts: bazarr: enabled: True # movie and show interface - overseerr: + jellyseerr: enabled: True # speed test to server librespeed: From 2362ad24aa0fa4af4f8392c0034bf612f8e3a696 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 16 Mar 2025 18:59:25 +0000 Subject: [PATCH 27/81] fix changes from useful-files repo change --- server-basics.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/server-basics.yaml b/server-basics.yaml index 58affb7..18e7246 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -72,6 +72,7 @@ name: - pyyaml - kubernetes + extra_args: --break-system-packages - name: Install kubectx/kubens # https://github.com/ahmetb/kubectx @@ -102,12 +103,17 @@ include_tasks: tasks-clone-git-repo.yaml vars: repo_dir: "{{ useful_files_repo_dir }}" - repo_link: https://github.com/Kimi450/useful_files.git + repo_link: https://github.com/Kimi450/useful-files.git + + - name: combine bashrc + ansible.builtin.shell: |- + cat {{ useful_files_repo_dir }}/.genericrc >> {{ useful_files_repo_dir }}/bash/.bashrc + register: hosts_contents - name: Transfer bashrc file copy: remote_src: True - src: "{{ useful_files_repo_dir }}/.bashrc" + src: "{{ useful_files_repo_dir }}/bash/.bashrc" dest: "{{ dir_home }}" - name: Transfer vimrc edit script From d0d5dec318e7f42ce37d2f88b4d1cdb9d84f5e0d Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 17 Mar 2025 20:26:48 +0000 Subject: [PATCH 28/81] at least the kubespray install passes and I can install charts --- .gitignore | 1 + after-install-kubernetes-kubespray.yaml | 27 +++++ group_vars/all | 70 ++++++------ hosts.yaml | 1 - install-and-configure-minikube.yaml | 123 --------------------- install-charts.yaml | 28 ++--- install-kubernetes-kubespray.yaml | 83 ++++++++++++++ minikube_config/minikube.service | 17 --- minikube_server.kubeconfig | 32 ++++++ remote-access-minikube.yaml | 50 --------- setup.yaml | 27 ++--- tasks-kubernetes-port-forward-service.yaml | 64 ----------- 12 files changed, 190 insertions(+), 333 deletions(-) create mode 100644 .gitignore create mode 100644 after-install-kubernetes-kubespray.yaml delete mode 100644 install-and-configure-minikube.yaml create mode 100644 install-kubernetes-kubespray.yaml delete mode 100644 minikube_config/minikube.service create mode 100644 minikube_server.kubeconfig delete mode 100644 remote-access-minikube.yaml delete mode 100644 tasks-kubernetes-port-forward-service.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dc52d06 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +***/kubespray/ diff --git a/after-install-kubernetes-kubespray.yaml b/after-install-kubernetes-kubespray.yaml new file mode 100644 index 0000000..f6bb8f3 --- /dev/null +++ b/after-install-kubernetes-kubespray.yaml @@ -0,0 +1,27 @@ +--- +- name: After installing kubernetes setup + hosts: all + gather_facts: true + tasks: + - name: setup kubeconfig for user + shell: | + mkdir -p {{ dir_home }}/.kube + cp -i /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config + chown $(id -u):$(id -g) {{ dir_home }}/.kube/config + become: true + + - name: setup ufw + include_tasks: tasks-allow-ports.yaml + vars: + ports: + - "179" + - "4789" + - "5473" + - "443" + - "6443" + - "2379" + - "4149" + - "10250" + - "10255" + - "10256" + - "9099" diff --git a/group_vars/all b/group_vars/all index 100fb8f..ebbd63d 100644 --- a/group_vars/all +++ b/group_vars/all @@ -6,11 +6,11 @@ domain_name: "" # FILL OUT # for basic server setup (in my opinion) basics: - enabled: True + enabled: true # vnc for remote desktop with GUI vnc: - enabled: True + enabled: true # will be truncated to 8 characters password: "" # FILL OUT # display for what port will be accessed @@ -19,14 +19,14 @@ vnc: # squid credentials, for proxy squid: - enabled: True + enabled: true username: "" # FILL OUT password: "" # FILL OUT port: "3128" # sambashare for network attached storage smb: - enabled: True + enabled: true password: "" # FILL OUT share_name: "sambashare" @@ -34,7 +34,7 @@ smb: # when the server IP changes # NOTE: It doesnt add entries, refer to the README.md file for instructions cloudflare: - enabled: True + enabled: true # Set your Cloudflare Zone ID zone_id: "" # FILL OUT # Set your Cloudflare Bearer token to view the zone and edit DNS records in it @@ -44,7 +44,7 @@ cloudflare: # ==== Select what charts you wish to install ==== charts: - enabled: True + enabled: true resources: # kubernetes resource requests for the pods requests: @@ -60,85 +60,79 @@ charts: services: # log monitoring with Loki (Needs Grafana for a UI) loki_stack: - enabled: True + enabled: true # metrics monitoring with Grafana and Prometheus kube_prometheus_stack: - enabled: True + enabled: true grafana: admin_username: "admin" # FILL OUT admin_password: "admin" # FILL OUT # media client jellyfin: - enabled: True + enabled: true # torrents qbittorrent: - enabled: True + enabled: true # to bypass cloudflare protection flaresolverr: - enabled: True + enabled: true # to manage indexers prowlarr: - enabled: True + enabled: true # movie monitoring radarr: - enabled: True + enabled: true # show monitoring sonarr: - enabled: True + enabled: true # subtitle hunting bazarr: - enabled: True + enabled: true # movie and show interface jellyseerr: - enabled: True + enabled: true # speed test to server librespeed: - enabled: True + enabled: true # movie, show and music interface ombi: - enabled: False + enabled: false # book monitoring readarr: - enabled: False + enabled: false # music monitoring lidarr: - enabled: False + enabled: false # book client calibre_web: - enabled: False + enabled: false # book management calibre: - enabled: False + enabled: false # ==== To install Docker, helm and kubectl ==== cloud_native: - enabled: True + enabled: true -# ==== Minikube settings ==== +# ==== k8s settings ==== -minikube: # cli param values for minikube - enabled: True - # This cant be less than 2, it is the minimum required for kubernetes - cpus: "max" - # This cant be less than 1800, it is the minimum required for kubernetes - # Leave at least 2000MB as headroom for the OS to run (system_max - 2000MB) - memory: "6000" - disk_size: "50gb" - nodes: "1" - cert_expiration: "87660h0m0s" - remote_access: - enabled: True +kubespray: + enabled: true + # Use reset.yml to reset cluster + playbook: "cluster.yml" + # release branch from the repo: https://github.com/kubernetes-sigs/kubespray + release: "release-2.27" # to allow pinless bluetooth connections to the server bluetooth: pinless: - enabled: False + enabled: false # ==== For the Archived playbooks ==== spotify: # spotify settings - enabled: False + enabled: false username: "NO_NEED_TO_FILL" password: "NO_NEED_TO_FILL" init_volume: "69" diff --git a/hosts.yaml b/hosts.yaml index be93dd8..ada9b24 100644 --- a/hosts.yaml +++ b/hosts.yaml @@ -4,7 +4,6 @@ all: ansible_host: ansible_port: ansible_user: - # will ignore password if not required ansible_sudo_pass: # adding multiple hosts wont play well with the group_vars file probably with the current setup # So use the below as just an example diff --git a/install-and-configure-minikube.yaml b/install-and-configure-minikube.yaml deleted file mode 100644 index c6aa7c6..0000000 --- a/install-and-configure-minikube.yaml +++ /dev/null @@ -1,123 +0,0 @@ ---- -- name: Install and configure Minikube - hosts: all - gather_facts: false - vars: - service_file_location: /etc/systemd/system/minikube.service - service_name_minikube: minikube.service - port_expose_file_location: /etc/minikube-apiserver-port-forward.conf - tasks: - - name: Generate minikube file name - command: "echo -n minikube_latest_{{ architecture }}.deb" - register: minikube_file_name - - - name: Install Minikube - # https://minikube.sigs.k8s.io/docs/start/ - block: - - name: Download minikube package - shell: "curl -LO https://storage.googleapis.com/minikube/releases/latest/{{ minikube_file_name.stdout }}" - - - name: Install minikube - become: true - shell: "dpkg -i {{ minikube_file_name.stdout }}" - - - name: Delete minikube package - file: - path: "{{ minikube_file_name.stdout }}" - state: absent - - - name: Setup and enable systemd service - block: - - name: Copy over the service file for systemd - become: true - copy: - src: minikube_config/{{ service_name_minikube }} - dest: "{{ service_file_location }}" - - - name: "Service file edit: Add command to start minikube" - become: true - lineinfile: - path: "{{ service_file_location }}" - regexp: '^ExecStartPre=(.*)$' - line: 'ExecStartPre=/usr/bin/minikube start --embed-certs=true --mount --mount-string "{{ dir_home }}:{{ dir_minikube_mount }}" --cpus="{{ minikube.cpus }}" --memory="{{ minikube.memory }}" --disk-size="{{ minikube.disk_size }}" --nodes="{{ minikube.nodes }}" --cert-expiration="{{ minikube.cert_expiration }}"' - backrefs: yes - - - name: "Service file edit: Add reverse proxy script" - become: true - lineinfile: - path: "{{ service_file_location }}" - regexp: '^ExecStart=(.*)$' - line: "ExecStart=kubectl proxy --address='0.0.0.0' --port={{ api_server_forwarded_port }} --accept-hosts='.*'" - backrefs: yes - - - name: "Service file edit: Change User to be {{ ansible_user }}" - become: True - # https://gist.github.com/drmalex07/c0f9304deea566842490 - lineinfile: - path: "{{ service_file_location }}" - regexp: '^User=(.*)$' - line: "User={{ ansible_user }}" - backrefs: yes - - - name: Reload systemd service - include_tasks: tasks-reload-systemd-service.yaml - vars: - service_name: "{{ service_name_minikube }}" - become: True - - - name: Minikube notes - debug: - msg: > - Directory '{{ dir_home }}' mounted on the minikube container at - '{{ dir_minikube_mount }}' with UID '{{ uid }}''. - More info https://github.com/kubernetes/minikube/pull/8159" - - - name: Setup nginx ingress controller - block: - - name: Enable nginx ingress controller in minikube - shell: minikube addons enable ingress - retries: 100000 - delay: 10 - register: result - until: result.rc == 0 - - - name: Expose nginx ingress controller - include_tasks: tasks-kubernetes-port-forward-service.yaml - vars: - service_name: SKIP - service_file_name: nginx-ingress-controller.service - service_file_location_base: /etc/systemd/system/ - host_port: 8080 - service_port: 80 - - - name: Expose nginx ingress controller for SSL - include_tasks: tasks-kubernetes-port-forward-service.yaml - vars: - service_name: SKIP - service_file_name: nginx-ingress-controller-ssl.service - service_file_location_base: /etc/systemd/system/ - host_port: 8081 - service_port: 443 - - - name: Allow ports '8080' and '8081' for nginx - include_tasks: tasks-allow-ports.yaml - vars: - ports: - - "8080" - - "8081" - - - debug: - msg: You can access the ingress controller at port '8080' and '8081' for HTTP and HTTPS. - - - name: "Allow port '{{ api_server_forwarded_port }}' for api server" - include_tasks: tasks-allow-ports.yaml - vars: - ports: - - "{{ api_server_forwarded_port }}" - - - name: Wait till minikube is running - shell: minikube status - retries: 100000 - delay: 10 - register: result - until: result.rc == 0 \ No newline at end of file diff --git a/install-charts.yaml b/install-charts.yaml index 1b19a67..8a5088d 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -54,7 +54,7 @@ persistence.media.enabled=true,\ persistence.media.type=hostPath,\ persistence.media.mountPath={{ dir_mount_path }},\ - persistence.media.hostPath={{ dir_minikube_mount }}" + persistence.media.hostPath={{ dir_data }}" # readOnlyRootFilesystem=false is needed for the app to be able to take # backups in /config/Backups @@ -303,7 +303,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/prowlarr,\ + persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/prowlarr,\ ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=prowlarr,\ ingress.main.hosts[0].paths[0].service.port=9696" @@ -342,7 +342,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/radarr,\ + persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/radarr,\ ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=radarr,\ ingress.main.hosts[0].paths[0].service.port=7878" @@ -380,7 +380,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/sonarr,\ + persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/sonarr,\ ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=sonarr,\ ingress.main.hosts[0].paths[0].service.port=8989" @@ -418,7 +418,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/bazarr,\ + persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/bazarr,\ metrics.main.enabled=false,\ ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=bazarr,\ @@ -456,7 +456,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/readarr,\ + persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/readarr,\ ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=readarr,\ ingress.main.hosts[0].paths[0].service.port=8787" @@ -493,7 +493,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_minikube_mount }}{{ dir_data_config_suffix }}/lidarr,\ + persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/lidarr,\ ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=lidarr,\ ingress.main.hosts[0].paths[0].service.port=8686" @@ -647,20 +647,6 @@ securityContext.container.seccompProfile.type=Unconfined,\ service.webserver.enabled=true" - - name: Expose calibre service - include_tasks: tasks-kubernetes-port-forward-service.yaml - vars: - service_name: calibre - service_file_name: calibre.service - service_file_location_base: /etc/systemd/system/ - service_namespace: "{{ namespace_generic_services }}" - host_port: 3002 - - - include_tasks: tasks-allow-ports.yaml - vars: - ports: - - "3002" - - debug: msg: > You can log into calibre at '{{ ip }}:3002'. diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml new file mode 100644 index 0000000..994db85 --- /dev/null +++ b/install-kubernetes-kubespray.yaml @@ -0,0 +1,83 @@ +--- +# https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible/ansible.md +# https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting_started/getting-started.md +- name: Install kubernetes using kubespray + hosts: localhost + gather_facts: true + tasks: + - name: setup repo + block: + - name: Clone useful_files from github + include_tasks: tasks-clone-git-repo.yaml + vars: + repo_dir: "{{ kubespray_repo_dir }}" + repo_link: https://github.com/kubernetes-sigs/kubespray.git + - name: "Checkout release branch: {{ kubespray.release }}" + shell: "cd {{ kubespray_repo_dir }} && git checkout {{ kubespray.release }}" + - name: setup config + block: + - name: setup inventory.ini + block: + - name: create inventory file + copy: + dest: "{{ kubespray_inventory_ini }}" + content: | + [all:vars] + ansible_connection=ssh + ansible_become_user=root + ansible_host={{ hostvars['home-main'].ansible_host }} + ansible_port={{ hostvars['home-main'].ansible_port }} + ansible_ssh_user={{ hostvars['home-main'].ansible_user }} + ansible_user={{ hostvars['home-main'].ansible_user }} + ansible_sudo_pass={{ hostvars['home-main'].ansible_sudo_pass }} + + [kube_control_plane] + home-main etcd_member_name=etcd1 + + [kube_node] + home-main etcd_member_name=etcd1 + + [etcd:children] + kube_control_plane + kube_node + + - name: setup addons + block: + - name: "update {{ kubespray_addons_yml }}" + ansible.builtin.lineinfile: + path: "{{ kubespray_addons_yml }}" + regexp: "{{ item }}:.*" + line: "{{ item }}: true" + loop: + - helm_enabled + - ingress_nginx_enabled + - cert_manager_enabled + - metallb_enabled + - local_path_provisioner_enabled + + - name: "update {{ kubespray_k8s_cluster_yml }}" + ansible.builtin.lineinfile: + path: "{{ kubespray_k8s_cluster_yml }}" + regexp: "^{{ item }}:.*" + line: "{{ item }}: true" + with_items: + - kube_proxy_strict_arp + + - name: "run kubespray playbook (can take a long time): {{ kubespray.playbook }}" + shell: | + cd {{ kubespray_repo_dir }}; + python3 -m venv ..{{ kubespray_venv_dir }}; + . ..{{ kubespray_venv_dir }}/bin/activate; + pip install -U -r requirements.txt; + export ANSIBLE_CONFIG=../{{ kubespray_repo_dir }}/ansible.cfg; + ansible-playbook -i ../{{ kubespray_inventory_ini }} ../{{ kubespray_repo_dir }}/{{ kubespray.playbook }} -b -v + + vars: + kubespray_repo_dir: "./kubespray" + kubespray_venv_dir: "{{ kubespray_repo_dir }}/kubespray-venv" + kubespray_sample_dir: "{{ kubespray_repo_dir }}/inventory/sample" + kubespray_inventory_ini: "{{ kubespray_sample_dir }}/inventory.ini" + kubespray_addons_yml: "{{ kubespray_sample_dir }}/group_vars/k8s_cluster/addons.yml" + kubespray_k8s_cluster_yml: "{{ kubespray_sample_dir }}/group_vars/k8s_cluster/k8s-cluster.yml" + + diff --git a/minikube_config/minikube.service b/minikube_config/minikube.service deleted file mode 100644 index 11ff361..0000000 --- a/minikube_config/minikube.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=minikube -StartLimitInterval=0 -After=docker.service - -[Service] -Type=simple -RemainAfterExit=no -ExecStartPre=/usr/bin/minikube start -ExecStart=PLACEHOLDER -Restart=always -RestartSec=5 -User=PLACEHOLDER -TimeoutSec=36000 - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/minikube_server.kubeconfig b/minikube_server.kubeconfig new file mode 100644 index 0000000..b8c726d --- /dev/null +++ b/minikube_server.kubeconfig @@ -0,0 +1,32 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCakNDQWU2Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJMU1ETXhOVEU0TlRBMU5Wb1hEVE0xTURNeE5ERTROVEExTlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUcrCjJ4UkNvOVB0VVFETVZSSTlJT0VaTzVRZFpwQnpMdyt4NTBLaTBkbWpDY2tXSjFwdDdBMURsV0VFTzRzaVdzamwKN21yWlZQdEVnUDVhLzhyeW4valdPNDFZMGJPSlI0THlGNVVzM3RGN2YrcDVsNDRQNlNaZTZ5SzI2b092K0hwLwpXVkNyQWZSMTd5VlpoakZoQy9tbjZQbWV4TWRzRlhVUEJqdVB0VmZuMDJOcWFTOFdZM1FNN25oS0NnRGtJMVNpCjVISU9ncE8wNUJ0bGZRZXhoRU1CM3kybnk5bjltQ0g1VWxESVk5bVl3SnYzSjUreStjRzlld0dwMlc5ZFA3ZXoKaE9FdFFFZzVzYzVsVVF1U3lUSXN2NDBsMWJEV2NZTHRFTDZSazdHeVJ6aDlueEVaOTVRNWRSc3Z6RFBPZGJMRQoxVjBDZnF2UGdxdUs1RlNuS0ZNQ0F3RUFBYU5oTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVcKQkJSZlBjbGJjYjJWc2VmRUhta0F4bDdYbm10U1pUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFBTmZ5OGlmcwpRZklQUlByODV3MjU0YWExU2RPa05uY21Hc0JyZllSN0R0RHRRTytDbm1rcU5pbFJzZkUrcGtJcEptNHZaazJHCjBoQWJnVGlzTTdsL2FKTCt3MlI0UlJxVWYxOWI4RHZIOFZWVVkrMS9iUE9JZnh5cHpLMUErbkoyWFdlV0VlbjEKQlU1aTVTRlY2bU9UMmhQczV2bXF2bDNJVTJQQ1VVaWRKdzVwUWNQbmdQOUxFdGhKYzByOFR3dTdnUHN3Qzd5Tgo2bTlvVVhRWGdOakRKbWJaYmhlbk9QekV6SnNoSEx4Ynp1bHFNcnVmMmFPVFkzSG01Mm82SlZGc0pCc3dvR0ZVCmhpSENUanBzRGJ5SzIwbjRxSE9uR2lyUFB2ZlBFYzFHUHhCQmV0bWNLN056V2w0MHc4a2YxQllYOVRrMlpQQUoKUjdXNDF4UnA3VTJodmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + extensions: + - extension: + last-update: Sun, 16 Mar 2025 19:18:24 GMT + provider: minikube.sigs.k8s.io + version: v1.35.0 + name: cluster_info + server: http://192.168.178.94:3001 + name: minikube +contexts: +- context: + cluster: minikube + extensions: + - extension: + last-update: Sun, 16 Mar 2025 19:18:24 GMT + provider: minikube.sigs.k8s.io + version: v1.35.0 + name: context_info + namespace: default + user: minikube + name: minikube +current-context: minikube +kind: Config +preferences: {} +users: +- name: minikube + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJMU1ETXhOVEU0TlRBMU5Wb1hEVE0xTURNeE56QTJOVEExTlZvd01URVhNQlVHQTFVRQpDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGakFVQmdOVkJBTVREVzFwYm1scmRXSmxMWFZ6WlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNW90eVp6azdXRjFNbGMrYTdvK0NjaHYvNWw0Y08KMVlNRFM2RGx2cE94MzgzUnp1ZlRlaWlaU1A2K2R5cWxOV2NZZmJzSmxjSDZqZlNCNTRhVjhVd0p1aE5mUk53LwpTWkEzamdyeVJIU3ZaZ3lySnFsWmE0OTlqVE95QTR3dVIzL0lZT1RYZ3dnUmZOck5tRDg4bWlwNVpibStkUEFUCmwzbVJ1TGtkNkd0Sis2WmJlV3Y0alNjZ01odWRHTVY5dk1JbTZMUTIrRGlCM3F6bjFYL0UxQytRVDRmY2dCR2gKeDg3U3Vrclk2L1MyeXI2TnAvcFFlNWJMSG93bG9zb2NXTmFnR1lsamdQK3RZdXF0TjJwY1BzVzR2clBheWxZQgo3V2ZYNGhJY1phb1VsQnVxZmtPSmJJcFZ1VHJmSFFqMzZCdVVha05NRm1YY1hmdzB4dk5JcTFteEFnTUJBQUdqCllEQmVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSZlBjbGJjYjJWc2VmRUhta0F4bDdYbm10UwpaVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBRXMvN0c4aGMwOWN1RVVCUU0yN0FSQXY0V0toZ3ZjVkFKUk5XCmZIeE1wTk8wcnU4VlJZcExoalB1bG13ZG5QTVdxY0JQczRiOEVxRC9idnVabGkrNnk5cjhHQ1dTTk9HeVZzblAKNGE0ZU9NQ0JQSDdGNVJUbUpmU3oyRG5KWEpRZjhQY3VGMm1kNU9BckdPd1Q3aFBMeWRiTnVLcEY0SlFCd2NoeApOUXlQTDkvd3JSeWtpdTBmNjlSdnErZlk0ZFFjd1cwbnlSUlBhM2QyVmtFc1Eva25ETUtWb3hIOWUzZ3dXZ0tPCnIvNXRWeHFLdzI5ZG9aVkRxU1BBVjZhZXdVQjErRmNIUjl6TGtKdGN0aXUxK1kzbi9SZExSZ3RDQ2o0WGdYYWgKbzNMLzBZOTRyMEQ0QXEvK2kySnVOQzdrWVJNbTVrM01yK3QwZWFIUmVWQU5MbnRXNGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdWFMY21jNU8xaGRUSlhQbXU2UGduSWIvK1plSER0V0RBMHVnNWI2VHNkL04wYzduCjAzb29tVWordm5jcXBUVm5HSDI3Q1pYQitvMzBnZWVHbGZGTUNib1RYMFRjUDBtUU40NEs4a1IwcjJZTXF5YXAKV1d1UGZZMHpzZ09NTGtkL3lHRGsxNE1JRVh6YXpaZy9QSm9xZVdXNXZuVHdFNWQ1a2JpNUhlaHJTZnVtVzNscgorSTBuSURJYm5SakZmYnpDSnVpME52ZzRnZDZzNTlWL3hOUXZrRStIM0lBUm9jZk8wcnBLMk92MHRzcStqYWY2ClVIdVd5eDZNSmFMS0hGaldvQm1KWTREL3JXTHFyVGRxWEQ3RnVMNnoyc3BXQWUxbjErSVNIR1dxRkpRYnFuNUQKaVd5S1ZiazYzeDBJOStnYmxHcERUQlpsM0YzOE5NYnpTS3Rac1FJREFRQUJBb0lCQUFxa1VIc3N2WTQrWmhEVwpsUnFhcVd5dnZJcmxhZU9xejhqbmxBQzNyU1hjUzZORWRqdkVYQUYxa3N6K2JkNXNzazFRSCtITHlRUUJFVXhGCkpvei8rVGp4aHR6R1NNNEQvSldDdWhQcllya1BZNWlJTGRzbmRHRmhMOTU3bjVTam1xcTFDMGxqaEpua0MzTVAKMEVnOEdrVTlWS21iY0l2ZStpUWxiODlNSEtKd0JwR2U5alA0Tnpmbk81QlljSllBaGNlR0JpTnd0ejJGTmdBZApTSyt0YmxCUnJBNGpHeVllZGI5b3B3RTRoWEI2L1RCNFFRc1BzK0JxSEVKQXJ4RmtUdUw5RGlRNlB1NHh0NnNvCndXaVJBSndCelBSa1Z6MkREVHRneVZWMjh0Nk1hekZVNmtoSEJCYytVM3B5T1V3QXpxMnk2ZzBRNEwvaVJjaU4KUGxndmIwRUNnWUVBd3VOK3F1UzZNamJMTUg4MHgyS3RUWkU4WEpIR05nMnl5M3ZMYk9ucDJiZkdJclhaVURNawpOSC9HalpWUDQ2d2tONXNtbVN2MWk2T2xHRzRnUWZ5d3NHVXVVTWlFZm1vTUF6TExhNW1tdDZEOWhsQ1F1ZEMwCkNCQVJyaTZ1Ny9wM3JzOXE1ZWpEeEJKSjE5cEg1UGVvQXBYNU9ySHBuSzRHRXJXTmxVMzdBUGtDZ1lFQTg5aWkKSGVOWkxidGdqTFJHTDY1ZTJsQlNGS0h2UVRHMFpZVzFZODYxM2xpanpzZTQzSGZkVTNmSnppdmNlMFZiaHpCSApGZE82UGgxU2tROXA2VnFBOHozYVVFeDJtYUNDbDBsVklUZCtTVTRyaTlUME0zalJuWHhRY2F6MlIwRExiTTM4ClN2RzVsRytQb3I2clVndzhYeVNnbkt1eERxR2lSbUlPL2M0a0JIa0NnWUVBcGZYV3l5Nm1STmFXWjRFYjcrTGYKRTl2bkhDbGpNbXF0NUV4U2FqZ3oxUnlEVk5HbzhudnFpKzUzcGVBTnZTSzlZTUQxdUtCUHBJOUJxekUwdFJ5NwpWaXVEcW5WbkpzT2w0UjlqVFFqMmlROUdkaGVyZHlENy9wVzRpS3ptZWlPL3daU09RcVRaK09GZUVydW1WNXh5CmJXbExhS2xTK0FMVjF4N1dKOXZWTVBrQ2dZRUFvb0hSS05JRzhLOWJuT25YakpkTXAzbTMrZ0FoanZVdElDdUgKdzBoVGRDYm1wRHYrT3crMjlKVjBiRzVXdGVCM0t4VkZpb3BjS0dFcVVYcFFQekFObUEyMG5LY1lzekdCVm9tTQpybUpwU3psSlZCdEwwN0hGSUl0a29SMS8wK1NlclpocGR4aTVjTzhZYm9GYmM0YXNCVXhIcmFIT2tjMnVjL0dOCnhCL0phU0VDZ1lFQWh3TlQ5TnQxUVhBcWk0NHhMNytvYm5mNEVtck45R25JaW5xSWZ3bUxsbFJFQ1pqSFhGUVAKd1J6WUNsSXRubkVkOURiOXNFN1JlMitobXp1YkFkdFozUkpmaGlodGNKeENFcGxJbFZXU01PQWIwKzkvdDZ6dAptakpKcmZZcDdCY0FOV2FraGxnQUFRUllONWhFTVl2K04wN3JlQjcvdm1aRk9kRU1kVmRlakhjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/remote-access-minikube.yaml b/remote-access-minikube.yaml deleted file mode 100644 index 03b10f8..0000000 --- a/remote-access-minikube.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Provide information for remote access of Minikube - hosts: all - gather_facts: false - vars: - local_kube_config_name: "minikube_server.kubeconfig" - local_kube_config_location: "minikube_server.kubeconfig" - remote_kube_config_location: "{{ dir_home }}/.kube/config" - remote_temp_file_location: "/tmp/minikube_config" - local_location: "./" - protocol: "http" - - tasks: - - name: "Copy kubeconfig to {{ remote_temp_file_location }}" - copy: - src: "{{ remote_kube_config_location }}" - dest: "{{ remote_temp_file_location }}" - mode: 0644 - remote_src: true - - - name: "Edit kubeconfig file to change IP to '{{ protocol }}://{{ ip }}:{{ api_server_forwarded_port }}'" - become: true - replace: - path: "{{ remote_temp_file_location }}" - regexp: 'https.*' - replace: "{{ protocol }}://{{ ip }}:{{ api_server_forwarded_port }}" - - - name: "Copy {{ remote_temp_file_location }} to current directory" - fetch: - src: "{{ remote_temp_file_location }}" - dest: "{{ local_kube_config_location }}" - flat: true - mode: 0644 - - - name: "Delete {{ remote_temp_file_location }}" - file: - path: "{{ remote_temp_file_location }}" - state: absent - - - include_tasks: tasks-allow-ports.yaml - vars: - ports: - - "{{ api_server_forwarded_port }}" - - - debug: - msg: > - Minikube is accessible at {{ ip }}:{{ api_server_forwarded_port }}, - please use the kubeconfig from '{{ local_kube_config_location }}' to - access it. - \ No newline at end of file diff --git a/setup.yaml b/setup.yaml index a0bd03a..c8fa479 100644 --- a/setup.yaml +++ b/setup.yaml @@ -16,7 +16,6 @@ uid: "{{ uid_output.stdout }}" user: "{{ ansible_user }}" architecture: "{{ architecture_output.stdout }}" - dir_minikube_mount: "/minikube-host" dir_mount_path: "/media" dir_home: "/home/{{ ansible_user }}" dir_data: "/home/{{ ansible_user }}/data" @@ -29,27 +28,26 @@ dir_data_downloads: "/home/{{ ansible_user }}/data/downloads" dir_data_config_suffix: "/data/app-configs" +- import_playbook: install-kubernetes-kubespray.yaml + when: + - kubespray.enabled + +- import_playbook: after-install-kubernetes-kubespray.yaml + when: + - kubespray.enabled + - import_playbook: server-basics.yaml when: - basics.enabled - import_playbook: install-cn-basics.yaml - when: - - minikube.enabled or cloud_native.enabled - -- import_playbook: install-and-configure-minikube.yaml - vars: - api_server_forwarded_port: "3001" when: - cloud_native.enabled - - minikube.enabled - import_playbook: install-charts.yaml vars: ip: "{{ ansible_host }}" when: - - cloud_native.enabled or charts.enabled - - minikube.enabled or charts.enabled - charts.enabled - import_playbook: install-tightvnc-and-ssh.yaml @@ -68,15 +66,6 @@ when: - cloudflare.enabled -- import_playbook: remote-access-minikube.yaml - vars: - api_server_forwarded_port: "3001" - ip: "{{ ansible_host }}" - when: - - cloud_native.enabled - - minikube.enabled - - minikube.remote_access.enabled - - import_playbook: install-and-configure-pinless-bluetooth-pairing.yaml when: - bluetooth.pinless.enabled diff --git a/tasks-kubernetes-port-forward-service.yaml b/tasks-kubernetes-port-forward-service.yaml deleted file mode 100644 index 5af9d9c..0000000 --- a/tasks-kubernetes-port-forward-service.yaml +++ /dev/null @@ -1,64 +0,0 @@ -- name: Get service port for local access - block: - - name: "Convert {{ service_name }} to a NodePort service" - shell: >- - kubectl patch svc -n {{ service_namespace }} {{ service_name }} --type='json' -p '[{"op":"replace","path":"/spec/type","value":"NodePort"}]' - - name: Get all ports of type NodePort - shell: >- - kubectl get svc -n {{ service_namespace }} {{ service_name }} {% raw %} -o go-template='{{if .items}}{{range .items}}{{range.spec.ports}}{{.nodePort}}{{"\n"}}{{end}}{{end}}{{else}}{{range.spec.ports}}{{.nodePort}}{{"\n"}}{{end}}{{end}}' {% endraw %} - register: service_port - when: service_name != "SKIP" - - # TODO what to do if there are multiple nodeports that need to be port forwarded -- name: Setup and enable systemd service for port forwarding - block: - - name: "Copy over the skeleton service file for systemd" - become: True - copy: - src: charts_config/skeleton.service - dest: "{{ service_file_location_base }}{{ service_file_name }}" - - # TODO what if minikube IP changes, the IP is set at deployment time here - # Maybe should be part of the systemd service in a script? - - name: Register minikube ssh-key location - shell: minikube ssh-key - register: dir_minikube_ssh_key - - - name: Register minikube ip - shell: minikube ip - register: minikube_ip - - - name: "Service file edit: Add port forward command for local access" - become: True - # https://gist.github.com/drmalex07/c0f9304deea566842490 - lineinfile: - path: "{{ service_file_location_base }}{{ service_file_name }}" - regexp: '^ExecStart=(.*)$' - line: "ExecStart=ssh -NT -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o GatewayPorts=true -i {{ dir_minikube_ssh_key.stdout }} docker@{{ minikube_ip.stdout }} -L {{ host_port }}:0.0.0.0:{{ service_port.stdout }}" - backrefs: yes - when: service_name != "SKIP" - - - name: "Service file edit: Add port forward command for domain access" - become: True - # https://gist.github.com/drmalex07/c0f9304deea566842490 - lineinfile: - path: "{{ service_file_location_base }}{{ service_file_name }}" - regexp: '^ExecStart=(.*)$' - line: "ExecStart=ssh -NT -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o GatewayPorts=true -i {{ dir_minikube_ssh_key.stdout }} docker@{{ minikube_ip.stdout }} -L {{ host_port }}:0.0.0.0:{{ service_port }}" - backrefs: yes - when: service_name == "SKIP" - - - name: "Service file edit: Change User to be {{ ansible_user }}" - become: True - # https://gist.github.com/drmalex07/c0f9304deea566842490 - lineinfile: - path: "{{ service_file_location_base }}{{ service_file_name }}" - regexp: '^User=(.*)$' - line: "User={{ ansible_user }}" - backrefs: yes - - - name: Reload systemd service - include_tasks: tasks-reload-systemd-service.yaml - vars: - service_name: "{{ service_file_name }}" - become: True From 5dc65ee563362c7d9e3a1a452833b45511044ca2 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 17 Mar 2025 20:55:57 +0000 Subject: [PATCH 29/81] fix cpi hang --- after-install-kubernetes-kubespray.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/after-install-kubernetes-kubespray.yaml b/after-install-kubernetes-kubespray.yaml index f6bb8f3..8fe1d6d 100644 --- a/after-install-kubernetes-kubespray.yaml +++ b/after-install-kubernetes-kubespray.yaml @@ -6,7 +6,7 @@ - name: setup kubeconfig for user shell: | mkdir -p {{ dir_home }}/.kube - cp -i /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config + cp /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config chown $(id -u):$(id -g) {{ dir_home }}/.kube/config become: true From 2e1b325e257823806422010838560c40695fc1a5 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Thu, 20 Mar 2025 10:01:25 +0000 Subject: [PATCH 30/81] fix firewall setup issue and reorg fix task name reoder --- after-install-kubernetes-kubespray.yaml | 27 ------ install-kubernetes-kubespray.yaml | 116 +++++++++++++++--------- run.sh | 0 setup.yaml | 12 +-- 4 files changed, 75 insertions(+), 80 deletions(-) delete mode 100644 after-install-kubernetes-kubespray.yaml mode change 100644 => 100755 run.sh diff --git a/after-install-kubernetes-kubespray.yaml b/after-install-kubernetes-kubespray.yaml deleted file mode 100644 index 8fe1d6d..0000000 --- a/after-install-kubernetes-kubespray.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: After installing kubernetes setup - hosts: all - gather_facts: true - tasks: - - name: setup kubeconfig for user - shell: | - mkdir -p {{ dir_home }}/.kube - cp /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config - chown $(id -u):$(id -g) {{ dir_home }}/.kube/config - become: true - - - name: setup ufw - include_tasks: tasks-allow-ports.yaml - vars: - ports: - - "179" - - "4789" - - "5473" - - "443" - - "6443" - - "2379" - - "4149" - - "10250" - - "10255" - - "10256" - - "9099" diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index 994db85..ca66bde 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -2,66 +2,85 @@ # https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible/ansible.md # https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting_started/getting-started.md - name: Install kubernetes using kubespray - hosts: localhost + hosts: all gather_facts: true tasks: - - name: setup repo + - name: setup ufw + include_tasks: tasks-allow-ports.yaml + vars: + ports: + - "179" + - "4789" + - "5473" + - "443" + - "6443" + - "2379" + - "4149" + - "10250" + - "10255" + - "10256" + - "9099" + + - name: kubespray installation + delegate_to: localhost block: - - name: Clone useful_files from github + - name: Clone kuberspray from github include_tasks: tasks-clone-git-repo.yaml vars: repo_dir: "{{ kubespray_repo_dir }}" repo_link: https://github.com/kubernetes-sigs/kubespray.git + - name: "Checkout release branch: {{ kubespray.release }}" shell: "cd {{ kubespray_repo_dir }} && git checkout {{ kubespray.release }}" - - name: setup config - block: - - name: setup inventory.ini + + - name: setup config block: - - name: create inventory file - copy: - dest: "{{ kubespray_inventory_ini }}" - content: | - [all:vars] - ansible_connection=ssh - ansible_become_user=root - ansible_host={{ hostvars['home-main'].ansible_host }} - ansible_port={{ hostvars['home-main'].ansible_port }} - ansible_ssh_user={{ hostvars['home-main'].ansible_user }} - ansible_user={{ hostvars['home-main'].ansible_user }} - ansible_sudo_pass={{ hostvars['home-main'].ansible_sudo_pass }} + - name: setup inventory.ini + block: + - name: create inventory file + copy: + dest: "{{ kubespray_inventory_ini }}" + content: | + [all:vars] + ansible_connection=ssh + ansible_become_user=root + ansible_host={{ hostvars['home-main'].ansible_host }} + ansible_port={{ hostvars['home-main'].ansible_port }} + ansible_ssh_user={{ hostvars['home-main'].ansible_user }} + ansible_user={{ hostvars['home-main'].ansible_user }} + ansible_sudo_pass={{ hostvars['home-main'].ansible_sudo_pass }} - [kube_control_plane] - home-main etcd_member_name=etcd1 + [kube_control_plane] + home-main etcd_member_name=etcd1 - [kube_node] - home-main etcd_member_name=etcd1 + [kube_node] + home-main etcd_member_name=etcd1 - [etcd:children] - kube_control_plane - kube_node + [etcd:children] + kube_control_plane + kube_node - - name: setup addons - block: - - name: "update {{ kubespray_addons_yml }}" - ansible.builtin.lineinfile: - path: "{{ kubespray_addons_yml }}" - regexp: "{{ item }}:.*" - line: "{{ item }}: true" - loop: - - helm_enabled - - ingress_nginx_enabled - - cert_manager_enabled - - metallb_enabled - - local_path_provisioner_enabled + - name: setup addons + block: + - name: "update {{ kubespray_addons_yml }}" + ansible.builtin.lineinfile: + path: "{{ kubespray_addons_yml }}" + regexp: "{{ item }}:.*" + line: "{{ item }}: true" + loop: + - helm_enabled + - ingress_nginx_enabled + - cert_manager_enabled + - metallb_enabled + - local_path_provisioner_enabled - - name: "update {{ kubespray_k8s_cluster_yml }}" - ansible.builtin.lineinfile: - path: "{{ kubespray_k8s_cluster_yml }}" - regexp: "^{{ item }}:.*" - line: "{{ item }}: true" - with_items: - - kube_proxy_strict_arp + - name: "update {{ kubespray_k8s_cluster_yml }}" + ansible.builtin.lineinfile: + path: "{{ kubespray_k8s_cluster_yml }}" + regexp: "^{{ item }}:.*" + line: "{{ item }}: true" + with_items: + - kube_proxy_strict_arp - name: "run kubespray playbook (can take a long time): {{ kubespray.playbook }}" shell: | @@ -72,6 +91,13 @@ export ANSIBLE_CONFIG=../{{ kubespray_repo_dir }}/ansible.cfg; ansible-playbook -i ../{{ kubespray_inventory_ini }} ../{{ kubespray_repo_dir }}/{{ kubespray.playbook }} -b -v + - name: setup kubeconfig for user + shell: | + mkdir -p {{ dir_home }}/.kube + cp /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config + chown $(id -u):$(id -g) {{ dir_home }}/.kube/config + become: true + vars: kubespray_repo_dir: "./kubespray" kubespray_venv_dir: "{{ kubespray_repo_dir }}/kubespray-venv" diff --git a/run.sh b/run.sh old mode 100644 new mode 100755 diff --git a/setup.yaml b/setup.yaml index c8fa479..01636b3 100644 --- a/setup.yaml +++ b/setup.yaml @@ -28,14 +28,6 @@ dir_data_downloads: "/home/{{ ansible_user }}/data/downloads" dir_data_config_suffix: "/data/app-configs" -- import_playbook: install-kubernetes-kubespray.yaml - when: - - kubespray.enabled - -- import_playbook: after-install-kubernetes-kubespray.yaml - when: - - kubespray.enabled - - import_playbook: server-basics.yaml when: - basics.enabled @@ -44,6 +36,10 @@ when: - cloud_native.enabled +- import_playbook: install-kubernetes-kubespray.yaml + when: + - kubespray.enabled + - import_playbook: install-charts.yaml vars: ip: "{{ ansible_host }}" From f23a13d3123e6b97a5a341806b46366659dcbc9d Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Thu, 20 Mar 2025 11:59:03 +0000 Subject: [PATCH 31/81] remove the changes needed for newer versions of python --- server-basics.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server-basics.yaml b/server-basics.yaml index 18e7246..6d60c36 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -72,7 +72,6 @@ name: - pyyaml - kubernetes - extra_args: --break-system-packages - name: Install kubectx/kubens # https://github.com/ahmetb/kubectx @@ -85,7 +84,7 @@ file: path: "{{ item }}" state: directory - mode: '0755' + mode: '0777' with_items: - "{{ dir_data }}" - "{{ dir_repos }}" From b1a3c98da284c3fdc0ad63e092fc424ecad80256 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Thu, 20 Mar 2025 16:02:06 +0000 Subject: [PATCH 32/81] add venv setup in run script --- .gitignore | 2 ++ run.sh | 18 +++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index dc52d06..72da218 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ ***/kubespray/ + +.server-venv diff --git a/run.sh b/run.sh index 9c958ef..faf0e42 100755 --- a/run.sh +++ b/run.sh @@ -1 +1,17 @@ -ansible-playbook setup.yaml -i hosts.yaml $@ \ No newline at end of file +set -e + +VENV_DIR=".server-venv" + +echo "creating python virtual env" +python3 -m venv ${VENV_DIR} + +echo "activating python virtual env" +source ${VENV_DIR}/bin/activate + +if ! command -v "ansible-playbook --version" 2>&1 >/dev/null; then + echo "installing ansible..." + pip install ansible +fi + +echo "running playbook" +ansible-playbook setup.yaml -i hosts.yaml $@ From 91bff9295297a3e68b1b5523ab165b59c51d37ad Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Thu, 20 Mar 2025 16:42:04 +0000 Subject: [PATCH 33/81] change kubeconfig perms and fix bug with config dir rename dir name give all perms to folders fix comment for resources --- group_vars/all | 2 +- install-charts.yaml | 24 ++++++++++++------------ install-kubernetes-kubespray.yaml | 2 +- setup.yaml | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/group_vars/all b/group_vars/all index ebbd63d..ce79eee 100644 --- a/group_vars/all +++ b/group_vars/all @@ -51,7 +51,7 @@ charts: cpu: 10m memory: 50M # kubernetes resource limits for the pods - # probably should match these with the minikube resources from below + # leave some headroom for the OS to not lose server access in case of an issue limits: cpu: 4 memory: "6000M" diff --git a/install-charts.yaml b/install-charts.yaml index 8a5088d..9fab924 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -284,7 +284,7 @@ file: path: "{{ dir_home }}{{ dir_data_config_suffix }}/prowlarr" state: directory - mode: '0755' + mode: '0777' - name: Install/Upgrade the prowlarr chart include_tasks: tasks-install-chart.yaml @@ -303,7 +303,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/prowlarr,\ + persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/prowlarr,\ ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=prowlarr,\ ingress.main.hosts[0].paths[0].service.port=9696" @@ -323,7 +323,7 @@ file: path: "{{ dir_home }}{{ dir_data_config_suffix }}/radarr" state: directory - mode: '0755' + mode: '0777' - name: Install/Upgrade the radarr chart include_tasks: tasks-install-chart.yaml @@ -342,7 +342,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/radarr,\ + persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/radarr,\ ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=radarr,\ ingress.main.hosts[0].paths[0].service.port=7878" @@ -361,7 +361,7 @@ file: path: "{{ dir_home }}{{ dir_data_config_suffix }}/sonarr" state: directory - mode: '0755' + mode: '0777' - name: Install/Upgrade the sonarr chart include_tasks: tasks-install-chart.yaml @@ -380,7 +380,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/sonarr,\ + persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/sonarr,\ ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=sonarr,\ ingress.main.hosts[0].paths[0].service.port=8989" @@ -399,7 +399,7 @@ file: path: "{{ dir_home }}{{ dir_data_config_suffix }}/bazarr" state: directory - mode: '0755' + mode: '0777' - name: Install/Upgrade the bazarr chart include_tasks: tasks-install-chart.yaml @@ -418,7 +418,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/bazarr,\ + persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/bazarr,\ metrics.main.enabled=false,\ ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=bazarr,\ @@ -437,7 +437,7 @@ file: path: "{{ dir_home }}{{ dir_data_config_suffix }}/readarr" state: directory - mode: '0755' + mode: '0777' - name: Install/Upgrade the readarr chart include_tasks: tasks-install-chart.yaml @@ -456,7 +456,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/readarr,\ + persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/readarr,\ ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=readarr,\ ingress.main.hosts[0].paths[0].service.port=8787" @@ -474,7 +474,7 @@ file: path: "{{ dir_home }}{{ dir_data_config_suffix }}/lidarr" state: directory - mode: '0755' + mode: '0777' - name: Install/Upgrade the lidarr chart include_tasks: tasks-install-chart.yaml @@ -493,7 +493,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data }}{{ dir_data_config_suffix }}/lidarr,\ + persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/lidarr,\ ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=lidarr,\ ingress.main.hosts[0].paths[0].service.port=8686" diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index ca66bde..a9a9061 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -95,7 +95,7 @@ shell: | mkdir -p {{ dir_home }}/.kube cp /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config - chown $(id -u):$(id -g) {{ dir_home }}/.kube/config + chown 777 {{ dir_home }}/.kube/config become: true vars: diff --git a/setup.yaml b/setup.yaml index 01636b3..627df79 100644 --- a/setup.yaml +++ b/setup.yaml @@ -16,7 +16,7 @@ uid: "{{ uid_output.stdout }}" user: "{{ ansible_user }}" architecture: "{{ architecture_output.stdout }}" - dir_mount_path: "/media" + dir_mount_path: "/data" dir_home: "/home/{{ ansible_user }}" dir_data: "/home/{{ ansible_user }}/data" dir_repos: "/home/{{ ansible_user }}/repos" From c8cc72ad2db5d6a9739f3a9c093d6f6c6da9dcfd Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Thu, 20 Mar 2025 23:28:41 +0000 Subject: [PATCH 34/81] working on moving from kubespray addons to raw installs --- group_vars/all | 10 +++ install-charts.yaml | 55 +++++++++++++++ install-cn-basics.yaml | 108 ------------------------------ install-kubernetes-kubespray.yaml | 39 +++++------ setup.yaml | 4 -- 5 files changed, 81 insertions(+), 135 deletions(-) delete mode 100644 install-cn-basics.yaml diff --git a/group_vars/all b/group_vars/all index ce79eee..14ce157 100644 --- a/group_vars/all +++ b/group_vars/all @@ -58,6 +58,16 @@ charts: # timeout as helm expects it in --timeout for the charts timeout: 15m services: + # provision hostPaths using this controller + local_path_provisioner: + enabled: true + version: "v0.0.31" + # metallb to provider routing from k8s to my host + metallb: + enabled: true + # nginx proxies and letsencrypt for tls + nginx_proxy_manager: + enabled: true # log monitoring with Loki (Needs Grafana for a UI) loki_stack: enabled: true diff --git a/install-charts.yaml b/install-charts.yaml index 9fab924..c495b64 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -70,6 +70,61 @@ with_items: - "{{ namespace_user }}" + - name: Install rancher local-path-provisioner + when: charts.services.local_path_provisioner.enabled + block: + - name: apply manifests + shell: "kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/{{ charts.services.local_path_provisioner.version }}/deploy/local-path-storage.yaml" + + - name: set default storage class + shell: "kubectl patch storageclass local-path -p '{\"metadata\": {\"annotations\":{\"storageclass.kubernetes.io/is-default-class\":\"true\"}}}'" + + - name: Install metallb + when: charts.services.metallb.enabled + block: + - name: Install/Upgrade the metallb chart + include_tasks: tasks-install-chart.yaml + vars: + repo_name: TrueCharts + repo_link: oci://tccr.io/truecharts + install_namespace: "{{ namespace_generic_services }}" + timeout: "{{ charts.timeout }}" + release_name: metallb + chart_name: metallb + set_options: "--set \ + {{ helm_common_general }}" + + - name: Install nginx-proxy-manager + when: charts.services.nginx_proxy_manager.enabled + block: + - name: Install/Upgrade the nginx-proxy-manager chart + include_tasks: tasks-install-chart.yaml + vars: + repo_name: TrueCharts + repo_link: oci://tccr.io/truecharts + install_namespace: "{{ namespace_generic_services }}" + timeout: "{{ charts.timeout }}" + release_name: nginx-proxy-manager + chart_name: nginx-proxy-manager + set_options: "--set \ + {{ helm_common_general }},\ + {{ helm_common_persistence }},\ + {{ helm_common_persistence_config }},\ + {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ + persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/nginx-proxy-manager,\ + persistence.data.enabled=true,\ + persistence.data.type=hostPath,\ + persistence.data.mountPath=/data,\ + persistence.data.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/nginx-proxy-manager/data,\ + persistence.letsencrypt.enabled=true,\ + persistence.letsencrypt.type=hostPath,\ + persistence.letsencrypt.mountPath=/etc/letsencrypt,\ + persistence.letsencrypt.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/nginx-proxy-manager/letsencrypt,\ + ingress.main.hosts[0].host='nginx-proxy-manager.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=nginx-proxy-manager,\ + ingress.main.hosts[0].paths[0].service.port=10582" + - name: Install loki-stack when: charts.services.loki_stack.enabled block: diff --git a/install-cn-basics.yaml b/install-cn-basics.yaml deleted file mode 100644 index 3cf9bd5..0000000 --- a/install-cn-basics.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -- name: Install docker, kubectl and helm - hosts: all - gather_facts: false - tasks: - - name: Install docker - # https://docs.docker.com/engine/install/ubuntu/ - block: - - name: Download convinience script - shell: echo $PWD && curl -fsSL https://get.docker.com -o get-docker.sh - - - name: Run convinience script - become: true - shell: sh get-docker.sh - - - name: Delete convinience script - file: - path: get-docker.sh - state: absent - - - name: Adding existing user "{{ ansible_user }}" to group docker - become: true - user: - name: "{{ ansible_user }}" - groups: docker - append: yes - - # maybe not needed - - name: "Edit grub file to allow cgroup to set memory" - become: true - lineinfile: - path: "/etc/default/grub" - regexp: '^GRUB_CMDLINE_LINUX=(.*)$' - line: 'GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"' - backrefs: yes - - # maybe not needed - - name: Update grub - become: true - shell: update-grub - - - name: Reset ssh connection to allow user changes to affect ansible user - meta: - reset_connection - - - name: Install kubectl - # https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ - block: - - name: Install Prerequisits - become: true - apt: - update_cache: yes - pkg: - - apt-transport-https - - curl - - ca-certificates - - gnupg - - - name: Create keyrings dir if it doesnt exist - become: true - ansible.builtin.file: - path: /etc/apt/keyrings - state: directory - mode: '0755' - - - name: Download the public signing key for the Kubernetes package repositories - become: true - shell: curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --batch --yes --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg && chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg - - - name: Add the Kubernetes apt repository - become: true - shell: echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list && chmod 644 /etc/apt/sources.list.d/kubernetes.list - - - name: Install kubectl - become: true - apt: - update_cache: yes - pkg: - - kubectl - - - name: Install helm - # https://helm.sh/docs/intro/install/ - block: - - name: Add repo key - become: true - shell: curl https://baltocdn.com/helm/signing.asc | apt-key add - - - - name: Install Prerequisits - become: true - apt: - update_cache: yes - pkg: - - apt-transport-https - - - name: Add repository - become: true - shell: echo "deb https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list - - - name: Install helm - become: true - apt: - update_cache: yes - pkg: - - helm - - - name: Unconditionally reboot the machine with all defaults - become: true - reboot: \ No newline at end of file diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index a9a9061..9baa6bb 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -60,28 +60,6 @@ kube_control_plane kube_node - - name: setup addons - block: - - name: "update {{ kubespray_addons_yml }}" - ansible.builtin.lineinfile: - path: "{{ kubespray_addons_yml }}" - regexp: "{{ item }}:.*" - line: "{{ item }}: true" - loop: - - helm_enabled - - ingress_nginx_enabled - - cert_manager_enabled - - metallb_enabled - - local_path_provisioner_enabled - - - name: "update {{ kubespray_k8s_cluster_yml }}" - ansible.builtin.lineinfile: - path: "{{ kubespray_k8s_cluster_yml }}" - regexp: "^{{ item }}:.*" - line: "{{ item }}: true" - with_items: - - kube_proxy_strict_arp - - name: "run kubespray playbook (can take a long time): {{ kubespray.playbook }}" shell: | cd {{ kubespray_repo_dir }}; @@ -95,9 +73,24 @@ shell: | mkdir -p {{ dir_home }}/.kube cp /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config - chown 777 {{ dir_home }}/.kube/config + chmod 777 {{ dir_home }}/.kube/config become: true + + - name: Install kubectl + # https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ + block: + - name: download binary + become: true + shell: "curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\"" + + - name: install binary + become: true + shell: "install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl" + - name: Install Helm + # https://helm.sh/docs/intro/install/ + shell: "curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash" + vars: kubespray_repo_dir: "./kubespray" kubespray_venv_dir: "{{ kubespray_repo_dir }}/kubespray-venv" diff --git a/setup.yaml b/setup.yaml index 627df79..8179797 100644 --- a/setup.yaml +++ b/setup.yaml @@ -32,10 +32,6 @@ when: - basics.enabled -- import_playbook: install-cn-basics.yaml - when: - - cloud_native.enabled - - import_playbook: install-kubernetes-kubespray.yaml when: - kubespray.enabled From d1210deefb06ae99a644989bdc6201ee0ca31e34 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 21 Mar 2025 00:17:05 +0000 Subject: [PATCH 35/81] dont use npm as its not recommended in k8s --- group_vars/all | 4 ++-- install-charts.yaml | 33 ++++++++------------------------- 2 files changed, 10 insertions(+), 27 deletions(-) diff --git a/group_vars/all b/group_vars/all index 14ce157..fd8a613 100644 --- a/group_vars/all +++ b/group_vars/all @@ -65,8 +65,8 @@ charts: # metallb to provider routing from k8s to my host metallb: enabled: true - # nginx proxies and letsencrypt for tls - nginx_proxy_manager: + # nginx ingress controller for reverse proxy + ingress_nginx: enabled: true # log monitoring with Loki (Needs Grafana for a UI) loki_stack: diff --git a/install-charts.yaml b/install-charts.yaml index c495b64..8838d70 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -94,36 +94,19 @@ set_options: "--set \ {{ helm_common_general }}" - - name: Install nginx-proxy-manager - when: charts.services.nginx_proxy_manager.enabled + - name: Install ingress-nginx + when: charts.services.ingress_nginx.enabled block: - - name: Install/Upgrade the nginx-proxy-manager chart + - name: Install/Upgrade the ingress-nginx chart include_tasks: tasks-install-chart.yaml vars: repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" + repo_link: https://kubernetes.github.io/ingress-nginx + install_namespace: "ingress-nginx" timeout: "{{ charts.timeout }}" - release_name: nginx-proxy-manager - chart_name: nginx-proxy-manager - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_persistence_config }},\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/nginx-proxy-manager,\ - persistence.data.enabled=true,\ - persistence.data.type=hostPath,\ - persistence.data.mountPath=/data,\ - persistence.data.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/nginx-proxy-manager/data,\ - persistence.letsencrypt.enabled=true,\ - persistence.letsencrypt.type=hostPath,\ - persistence.letsencrypt.mountPath=/etc/letsencrypt,\ - persistence.letsencrypt.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/nginx-proxy-manager/letsencrypt,\ - ingress.main.hosts[0].host='nginx-proxy-manager.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=nginx-proxy-manager,\ - ingress.main.hosts[0].paths[0].service.port=10582" + release_name: ingress-nginx + chart_name: ingress-nginx + set_options: "" - name: Install loki-stack when: charts.services.loki_stack.enabled From 0c590a30103948532ee94b94b347b26cb1139d5a Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 21 Mar 2025 00:20:16 +0000 Subject: [PATCH 36/81] stop using ufw as it collides with calico: https://github.com/projectcalico/calico/issues/7727 chmod fix --- README.md | 13 ------------- install-and-configure-samba.yaml | 9 --------- install-and-configure-squid.yaml | 5 ----- install-kubernetes-kubespray.yaml | 18 +----------------- install-tightvnc-and-ssh.yaml | 6 ------ server-basics.yaml | 1 - tasks-allow-ports.yaml | 22 ---------------------- 7 files changed, 1 insertion(+), 73 deletions(-) delete mode 100644 tasks-allow-ports.yaml diff --git a/README.md b/README.md index 9f08f59..35dda7b 100644 --- a/README.md +++ b/README.md @@ -21,8 +21,6 @@ Use your own server sudo apt install openssh-server sudo systemctl enable ssh sudo systemctl start ssh - sudo ufw enable - sudo ufw allow ssh ``` - #### Disable sleep for the server @@ -411,17 +409,6 @@ Use your own server - ##### Use Sambashare - For external access: - - The following info was retrieved by running `sudo ufw status verbose | grep -i samba` on the server which lists what ports were exposed as part of `sudo ufw allow samba` - - Expose the following ports for TCP - ``` - 139 - 445 - ``` - - Expose the following ports for UDP - ``` - 137 - 138 - ``` - To authenticate - Thee username will be the `` you used in the `hosts.yaml` file - The password will be in the `group_vars/all` file (`smb.password` section). diff --git a/install-and-configure-samba.yaml b/install-and-configure-samba.yaml index 1ad5e55..90fc39d 100644 --- a/install-and-configure-samba.yaml +++ b/install-and-configure-samba.yaml @@ -35,15 +35,6 @@ become: True shell: service smbd restart - - include_tasks: tasks-allow-ports.yaml - # Following ports on respective protocols are exposed because of this - # Run `sudo ufw status verbose | grep Samba` to verify - # UDP: 137,138 - # TCP: 139,445 - vars: - ports: - - "samba" - - name: Set password become: True shell: "(echo \"{{ smb.password }}\"; echo \"{{ smb.password }}\") | smbpasswd -s -a {{ ansible_user }}" diff --git a/install-and-configure-squid.yaml b/install-and-configure-squid.yaml index be8667a..7c9bf6c 100644 --- a/install-and-configure-squid.yaml +++ b/install-and-configure-squid.yaml @@ -80,11 +80,6 @@ service_name: "squid" become: True - - include_tasks: tasks-allow-ports.yaml - vars: - ports: - - "{{ squid.port }}" - - debug: msg: >- You can now use this server as a proxy. The hostname is diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index 9baa6bb..09e4072 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -5,22 +5,6 @@ hosts: all gather_facts: true tasks: - - name: setup ufw - include_tasks: tasks-allow-ports.yaml - vars: - ports: - - "179" - - "4789" - - "5473" - - "443" - - "6443" - - "2379" - - "4149" - - "10250" - - "10255" - - "10256" - - "9099" - - name: kubespray installation delegate_to: localhost block: @@ -73,7 +57,7 @@ shell: | mkdir -p {{ dir_home }}/.kube cp /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config - chmod 777 {{ dir_home }}/.kube/config + chmod 777 -R {{ dir_home }}/.kube become: true - name: Install kubectl diff --git a/install-tightvnc-and-ssh.yaml b/install-tightvnc-and-ssh.yaml index e1dd934..58d8d2e 100644 --- a/install-tightvnc-and-ssh.yaml +++ b/install-tightvnc-and-ssh.yaml @@ -81,9 +81,3 @@ vars: service_name: "vncserver@{{ vnc.display }}.service" become: True - - - include_tasks: tasks-allow-ports.yaml # should already work - vars: - ports: - - "ssh" - - "590{{ vnc.display }}" diff --git a/server-basics.yaml b/server-basics.yaml index 6d60c36..931d652 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -54,7 +54,6 @@ - net-tools # for ifconfig - speedtest-cli # for speedtests - w3m - - ufw #firewall - fio # for disk tests - mesa-utils # for GPU tests - cpustat # for CPU logs diff --git a/tasks-allow-ports.yaml b/tasks-allow-ports.yaml deleted file mode 100644 index 5efec00..0000000 --- a/tasks-allow-ports.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Enable firewall - become: True - ufw: - state: enabled - -- name: Allow port - become: true - ufw: - rule: allow - port: "{{ item }}" - with_items: - - "{{ ports }}" - register: allow_port_ufw_output - ignore_errors: True - -- name: Allow port on ufw module's failure to do so - become: true - shell: "ufw allow {{ item.item }}" - when: item.failed - with_items: - - "{{ allow_port_ufw_output.results }}" From 50030ccbae77fbd21d6475de8d8691d5a2f7449b Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 21 Mar 2025 07:57:41 +0000 Subject: [PATCH 37/81] still have addons if needed add default empty array --- group_vars/all | 13 +++++++++++++ install-kubernetes-kubespray.yaml | 16 ++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/group_vars/all b/group_vars/all index fd8a613..e568a1b 100644 --- a/group_vars/all +++ b/group_vars/all @@ -129,6 +129,19 @@ cloud_native: kubespray: enabled: true + # enable addons config + + addons: [] + # - helm_enabled + # - ingress_nginx_enabled + # - cert_manager_enabled + # - metallb_enabled + # - local_path_provisioner_enabled + + # enable cluster yml config + k8s_cluster: [] + # - kube_proxy_strict_arp + # Use reset.yml to reset cluster playbook: "cluster.yml" # release branch from the repo: https://github.com/kubernetes-sigs/kubespray diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index 09e4072..c1283ca 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -44,6 +44,22 @@ kube_control_plane kube_node + - name: setup addons + block: + - name: "update {{ kubespray_addons_yml }}" + ansible.builtin.lineinfile: + path: "{{ kubespray_addons_yml }}" + regexp: "{{ item }}:.*" + line: "{{ item }}: true" + loop: "{{ kubespray.addons }}" + + - name: "update {{ kubespray_k8s_cluster_yml }}" + ansible.builtin.lineinfile: + path: "{{ kubespray_k8s_cluster_yml }}" + regexp: "^{{ item }}:.*" + line: "{{ item }}: true" + loop: "{{ kubespray.k8s_cluster }}" + - name: "run kubespray playbook (can take a long time): {{ kubespray.playbook }}" shell: | cd {{ kubespray_repo_dir }}; From a8e62f52452e94d6e61600a3c2770ca5004e5faa Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 22 Mar 2025 00:14:47 +0000 Subject: [PATCH 38/81] not necessary to use metallb cause i dont have spare IPs --- group_vars/all | 9 ++++++--- install-charts.yaml | 26 +++++++++----------------- install-kubernetes-kubespray.yaml | 2 +- 3 files changed, 16 insertions(+), 21 deletions(-) diff --git a/group_vars/all b/group_vars/all index e568a1b..51f74d2 100644 --- a/group_vars/all +++ b/group_vars/all @@ -62,12 +62,15 @@ charts: local_path_provisioner: enabled: true version: "v0.0.31" - # metallb to provider routing from k8s to my host - metallb: - enabled: true # nginx ingress controller for reverse proxy ingress_nginx: enabled: true + # manager for tls certs + cert_manager: + enabled: true + # email for the ACME account registration + # Can be anything it seems??? + email: "example@example.com" # FILL OUT # log monitoring with Loki (Needs Grafana for a UI) loki_stack: enabled: true diff --git a/install-charts.yaml b/install-charts.yaml index 8838d70..232feb7 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -79,34 +79,26 @@ - name: set default storage class shell: "kubectl patch storageclass local-path -p '{\"metadata\": {\"annotations\":{\"storageclass.kubernetes.io/is-default-class\":\"true\"}}}'" - - name: Install metallb - when: charts.services.metallb.enabled - block: - - name: Install/Upgrade the metallb chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: metallb - chart_name: metallb - set_options: "--set \ - {{ helm_common_general }}" - - name: Install ingress-nginx + # https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md#quick-start + # https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/baremetal.md#over-a-nodeport-service when: charts.services.ingress_nginx.enabled block: - name: Install/Upgrade the ingress-nginx chart include_tasks: tasks-install-chart.yaml vars: - repo_name: TrueCharts + repo_name: nginx-ingress repo_link: https://kubernetes.github.io/ingress-nginx install_namespace: "ingress-nginx" timeout: "{{ charts.timeout }}" release_name: ingress-nginx chart_name: ingress-nginx - set_options: "" + set_options: "--set \ + controller.service.externalTrafficPolicy=true,\ + controller.service.type=NodePort,\ + controller.service.nodePorts.http=30001,\ + controller.service.nodePorts.https=30002,\ + controller.service.externalTrafficPolicy=Local" - name: Install loki-stack when: charts.services.loki_stack.enabled diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index c1283ca..a743bbd 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -90,7 +90,7 @@ - name: Install Helm # https://helm.sh/docs/intro/install/ shell: "curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash" - + become: true vars: kubespray_repo_dir: "./kubespray" kubespray_venv_dir: "{{ kubespray_repo_dir }}/kubespray-venv" From 64159ba2281757125d7b0c82370b095303f6fb02 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 22 Mar 2025 11:53:15 +0000 Subject: [PATCH 39/81] cert manager and tls support add reboot option --- group_vars/all | 54 ++++++++++++++++++++++----------------------- hosts.yaml | 8 +++---- install-charts.yaml | 52 +++++++++++++++++++++++++++++++++++++++++-- server-basics.yaml | 5 +++++ 4 files changed, 85 insertions(+), 34 deletions(-) diff --git a/group_vars/all b/group_vars/all index 51f74d2..1b392c0 100644 --- a/group_vars/all +++ b/group_vars/all @@ -6,11 +6,13 @@ domain_name: "" # FILL OUT # for basic server setup (in my opinion) basics: - enabled: true + enabled: True + # reboot machine + reboot: True # vnc for remote desktop with GUI vnc: - enabled: true + enabled: True # will be truncated to 8 characters password: "" # FILL OUT # display for what port will be accessed @@ -19,14 +21,14 @@ vnc: # squid credentials, for proxy squid: - enabled: true + enabled: True username: "" # FILL OUT password: "" # FILL OUT port: "3128" # sambashare for network attached storage smb: - enabled: true + enabled: True password: "" # FILL OUT share_name: "sambashare" @@ -34,7 +36,7 @@ smb: # when the server IP changes # NOTE: It doesnt add entries, refer to the README.md file for instructions cloudflare: - enabled: true + enabled: True # Set your Cloudflare Zone ID zone_id: "" # FILL OUT # Set your Cloudflare Bearer token to view the zone and edit DNS records in it @@ -44,7 +46,7 @@ cloudflare: # ==== Select what charts you wish to install ==== charts: - enabled: true + enabled: True resources: # kubernetes resource requests for the pods requests: @@ -60,53 +62,53 @@ charts: services: # provision hostPaths using this controller local_path_provisioner: - enabled: true + enabled: True version: "v0.0.31" # nginx ingress controller for reverse proxy ingress_nginx: - enabled: true + enabled: True # manager for tls certs cert_manager: - enabled: true + enabled: True # email for the ACME account registration - # Can be anything it seems??? - email: "example@example.com" # FILL OUT + # FYI: you dont need to create any account for this + email: "example@example.com" # log monitoring with Loki (Needs Grafana for a UI) loki_stack: - enabled: true + enabled: True # metrics monitoring with Grafana and Prometheus kube_prometheus_stack: - enabled: true + enabled: True grafana: admin_username: "admin" # FILL OUT admin_password: "admin" # FILL OUT # media client jellyfin: - enabled: true + enabled: True # torrents qbittorrent: - enabled: true + enabled: True # to bypass cloudflare protection flaresolverr: - enabled: true + enabled: True # to manage indexers prowlarr: - enabled: true + enabled: True # movie monitoring radarr: - enabled: true + enabled: True # show monitoring sonarr: - enabled: true + enabled: True # subtitle hunting bazarr: - enabled: true + enabled: True # movie and show interface jellyseerr: - enabled: true + enabled: True # speed test to server librespeed: - enabled: true + enabled: True # movie, show and music interface ombi: enabled: false @@ -123,17 +125,13 @@ charts: calibre: enabled: false -# ==== To install Docker, helm and kubectl ==== - -cloud_native: - enabled: true # ==== k8s settings ==== kubespray: - enabled: true - # enable addons config + enabled: True + # enable addons config addons: [] # - helm_enabled # - ingress_nginx_enabled diff --git a/hosts.yaml b/hosts.yaml index ada9b24..bbbbb9e 100644 --- a/hosts.yaml +++ b/hosts.yaml @@ -1,10 +1,10 @@ all: hosts: home-main: - ansible_host: - ansible_port: - ansible_user: - ansible_sudo_pass: + ansible_host: "" # FILL OUT + ansible_port: 22 # FILL OUT + ansible_user: "" # FILL OUT + ansible_sudo_pass: "" # FILL OUT # adding multiple hosts wont play well with the group_vars file probably with the current setup # So use the below as just an example # home-throwaway: diff --git a/install-charts.yaml b/install-charts.yaml index 232feb7..9933fe7 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -25,6 +25,8 @@ ingress.main.primary=true,\ ingress.main.expandObjectName=true,\ ingress.main.ingressClassName=nginx,\ + ingress.main.integrations.certManager.enabled=true,\ + ingress.main.integrations.certManager.certificateIssuer=letsencrypt-prod,\ ingress.main.integrations.traefik.enabled=false,\ ingress.main.hosts[0].paths[0].path='/',\ ingress.main.hosts[0].paths[0].pathType='Prefix'" @@ -94,11 +96,53 @@ release_name: ingress-nginx chart_name: ingress-nginx set_options: "--set \ - controller.service.externalTrafficPolicy=true,\ controller.service.type=NodePort,\ controller.service.nodePorts.http=30001,\ controller.service.nodePorts.https=30002,\ controller.service.externalTrafficPolicy=Local" + + - name: Install cert-manager + # https://cert-manager.io/docs/installation/helm/ + # https://cert-manager.io/docs/tutorials/acme/nginx-ingress/ + when: charts.services.cert_manager.enabled + block: + - name: Install/Upgrade the cert-manager chart + include_tasks: tasks-install-chart.yaml + vars: + repo_name: jetstack + repo_link: https://charts.jetstack.io + install_namespace: "cert-manager" + timeout: "{{ charts.timeout }}" + release_name: cert-manager + chart_name: cert-manager + set_options: "--set \ + ingressShim.defaultIssuerName=letsencrypt-prod,\ + prometheus.enabled=true,\ + crds.enabled=true" + + - name: "install clusterissuer CR with account email: {{ charts.services.cert_manager.email }}" + shell: | + kubectl apply -f - < Date: Sat, 22 Mar 2025 12:50:26 +0000 Subject: [PATCH 40/81] fix the need to provide confirmation when resetting (specifically cause ive only tested that flow) extra args for kubespray playbooks --- group_vars/all | 4 +++- install-kubernetes-kubespray.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/group_vars/all b/group_vars/all index 1b392c0..54e16ff 100644 --- a/group_vars/all +++ b/group_vars/all @@ -130,7 +130,6 @@ charts: kubespray: enabled: True - # enable addons config addons: [] # - helm_enabled @@ -145,6 +144,9 @@ kubespray: # Use reset.yml to reset cluster playbook: "cluster.yml" + # extra args for playbook + playbook_args: "-e reset_confirmation=yes" + # release branch from the repo: https://github.com/kubernetes-sigs/kubespray release: "release-2.27" diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index a743bbd..b52b198 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -67,7 +67,7 @@ . ..{{ kubespray_venv_dir }}/bin/activate; pip install -U -r requirements.txt; export ANSIBLE_CONFIG=../{{ kubespray_repo_dir }}/ansible.cfg; - ansible-playbook -i ../{{ kubespray_inventory_ini }} ../{{ kubespray_repo_dir }}/{{ kubespray.playbook }} -b -v + ansible-playbook -i ../{{ kubespray_inventory_ini }} ../{{ kubespray_repo_dir }}/{{ kubespray.playbook }} -b -v {{ kubespray.playbook_args }} - name: setup kubeconfig for user shell: | From 2bc1aa07d543a6a48f534cfc3a312405d5e796da Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 22 Mar 2025 13:46:40 +0000 Subject: [PATCH 41/81] fix default email --- group_vars/all | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/all b/group_vars/all index 54e16ff..9e4b26f 100644 --- a/group_vars/all +++ b/group_vars/all @@ -72,7 +72,7 @@ charts: enabled: True # email for the ACME account registration # FYI: you dont need to create any account for this - email: "example@example.com" + email: "main@server.com" # log monitoring with Loki (Needs Grafana for a UI) loki_stack: enabled: True From 981c4af6a32fb21468ef593acc76c78f35bdb148 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 22 Mar 2025 15:59:41 +0000 Subject: [PATCH 42/81] final cleanup of artifacts and fixing readme --- README.md | 108 ++++++++++++++++++++++++--------- charts_config/skeleton.service | 18 ------ install-charts.yaml | 8 ++- minikube_server.kubeconfig | 32 ---------- 4 files changed, 84 insertions(+), 82 deletions(-) delete mode 100644 charts_config/skeleton.service delete mode 100644 minikube_server.kubeconfig diff --git a/README.md b/README.md index 35dda7b..82c0405 100644 --- a/README.md +++ b/README.md @@ -43,13 +43,10 @@ Use your own server ssh-copy-id -i ~/.ssh/id_ed25519.pub -o 'IdentityFile ~/.ssh/.key' -p @ ``` -- #### Install ansible +- #### Install python and pip ``` sudo apt update - sudo apt install software-properties-common - sudo add-apt-repository --yes --update ppa:ansible/ansible - sudo apt install ansible - ansible-galaxy collection install kubernetes.core + sudo apt install python3 pip ``` - #### Update the `group_vars/all` file to fill out the required information there @@ -222,7 +219,7 @@ Use your own server - This will ensure your downloads are not "too big" - For movies and shows, ``2-3GiB/h`` would usually be sufficient as the ``Preferred`` value, and you can leave the ``Max`` value a bit higher to ensure a better chance of download grabs - Radarr/Sonarr specific config - - [EXPERIMENTAL] Enforce downloads of original language media only + - **[EXPERIMENTAL]** Enforce downloads of original language media only - Go to ``Settings > Custom Formats`` - Add a new Custom Format with ``Language`` Condition - Set ``Language: Original`` @@ -393,16 +390,6 @@ Use your own server Auto Approve Music ``` - - ##### Setup Minikube for remote access - - Use the kubeconfig file copied over to the current working directory by exporting it - - `export KUBECONFIG=` - - Optionally, edit your local `~/.kube/config` and incorporate the information from the copied over kubeconfig into it - - **NOTE:** - - The port on which kube-apiserver is forwarded to, 3001 by default, should not be exposed to the internet (i.e., should be LAN access only) because anyone will be able to access it. - - The way it is set up at the moment, the certs dont really do anything. The apiserver itself is directly accessible without any authentication. - - See [issue #12](https://github.com/Kimi450/ubuntu_server/issues/12)). - - By default, `ansible_host` from the `hosts.yaml` file is used as the IP in the kubeconfig file. It is **strongly recommended** that you change that to the LAN IP of the server (to not have to port forward this on your router to access it) - - ##### Use Squid - Use the username and password from the `group_vars/all` file to use this as a proxy server - The address would be `:` or `:` or `:` @@ -428,19 +415,82 @@ Use your own server | ssh | ssh | `` or `` | 22 | `` | | samba | proxy | `\\\` or `\\\` | TCP: `139,445`, UDP: `137,138` | `` | | squid | proxy | `:` or `:` | `` | `` | - | grafana | Ingress | `grafana.` | 8080 | 80 | - | jellyfin | Ingress | `jellyin.` | 8080 | 80 | - | ombi | Ingress | `ombi.` | 8080 | 80 | - | prowlarr | Ingress | `prowlarr.` | 8080 | 80 | - | bazarr | Ingress | `bazarr.` | 8080 | 80 | - | radarr | Ingress | `radarr.` | 8080 | 80 | - | sonarr | Ingress | `sonarr.` | 8080 | 80 | - | readarr | Ingress | `readarr.` | 8080 | 80 | - | lidarr | Ingress | `lidarr.` | 8080 | 80 | - | librespeed | Ingress | `librespeed.` | 8080 | 80 | - | calibre-web | Ingress | `calibre-web.` | 8080 | 80 | - | calibre | LAN | `:3002` (No ingress rules defined) | 3002 | `` | - | minikube | LAN api-access | `:3001` | 3001 | `` | + | grafana | Ingress | `grafana.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | jellyfin | Ingress | `jellyin.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | ombi | Ingress | `ombi.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | prowlarr | Ingress | `prowlarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | bazarr | Ingress | `bazarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | radarr | Ingress | `radarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | sonarr | Ingress | `sonarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | readarr | Ingress | `readarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | lidarr | Ingress | `lidarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | librespeed | Ingress | `librespeed.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | calibre-web | Ingress | `calibre-web.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | calibre | LAN | `:30000` (No ingress rules defined) | 30100 | `` | NOTE: Security is an unkown when exposing a service to the internet. +# Appendix + +## [UNTESTED] Prometheus TSDB Backup Restore + +In case of a migration, you may choose to wnat to migrate data from prometheus along with the app backups stored in the server's app-config dir. + +Resources: +- https://devopstales.github.io/home/backup-and-retore-prometheus/ +- https://prometheus.io/docs/prometheus/latest/querying/api/ +- https://gist.github.com/ksingh7/d5e4414d92241e0802e59fa4c585b98b + +### Enable admin API + +```bash +kubectl -n monitoring patch prometheus kube-prometheus-stack-prometheus \ + --type merge --patch '{"spec":{"enableAdminAPI":true}}' +``` + +### Verify admin API is enabled + +```bash +kubectl describe pod -n monitoring prometheus-kube-prometheus-stack-prometheus-0 | grep -i admin +``` + +To see + +```bash + --web.enable-admin-api +``` + +### Create TSDB snapshot + +Start port forwardning in a different terminal and leave it running + +```bash +kubectl -n monitoring port-forward svc/kube-prometheus-stack-prometheus 9090 +``` + +Take snapshot + +```bash +curl -v -X 'POST' -ks 'localhost:9090/api/v1/admin/tsdb/snapshot' +``` + +### Download TSDB snapshot from pod to host + +```bash +kubectl cp -c prometheus prometheus-kube-prometheus-stack-prometheus-0:/prometheus/snapshots ./ +``` + +### Restore Backup + +```bash +export DIR="./20250322T135503Z-3afab86228527d60" + +# clear dir +kubectl -n monitoring -c prometheus exec -it prometheus-kube-prometheus-stack-prometheus-0 -- /bin/sh -c "rm -rf /prometheus/*" + +# copy over old data +kubectl -n monitoring -c prometheus cp ${DIR} prometheus-kube-prometheus-stack-prometheus-0:/prometheus/ + +# move old data into expected dir +kubectl -n monitoring -c prometheus exec prometheus-kube-prometheus-stack-prometheus-0 -- /bin/sh -c "mv /prometheus/${DIR}/* /prometheus" +``` diff --git a/charts_config/skeleton.service b/charts_config/skeleton.service deleted file mode 100644 index c85e657..0000000 --- a/charts_config/skeleton.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Setup a secure tunnel -StartLimitInterval=0 -After=network.target - -[Service] -Type=simple -RemainAfterExit=no -# After= didnt work -# https://unix.stackexchange.com/questions/213185/restarting-systemd-service-on-dependency-failure -ExecStartPre=minikube status -ExecStart=PLACEHOLDER -Restart=always -RestartSec=5 -User=PLACEHOLDER - -[Install] -WantedBy=multi-user.target diff --git a/install-charts.yaml b/install-charts.yaml index 9933fe7..20867ff 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -97,8 +97,8 @@ chart_name: ingress-nginx set_options: "--set \ controller.service.type=NodePort,\ - controller.service.nodePorts.http=30001,\ - controller.service.nodePorts.https=30002,\ + controller.service.nodePorts.http=30080,\ + controller.service.nodePorts.https=30443,\ controller.service.externalTrafficPolicy=Local" - name: Install cert-manager @@ -723,10 +723,12 @@ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ securityContext.container.seccompProfile.type=Unconfined,\ + service.main.type=NodePort,\ + service.main.ports.main.nodePort=30000,\ service.webserver.enabled=true" - debug: msg: > - You can log into calibre at '{{ ip }}:3002'. + You can log into calibre at '{{ ip }}:30000'. '{{ dir_home }}' from the host is available under '/media' and can be used by the application. diff --git a/minikube_server.kubeconfig b/minikube_server.kubeconfig deleted file mode 100644 index b8c726d..0000000 --- a/minikube_server.kubeconfig +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -clusters: -- cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCakNDQWU2Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJMU1ETXhOVEU0TlRBMU5Wb1hEVE0xTURNeE5ERTROVEExTlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUcrCjJ4UkNvOVB0VVFETVZSSTlJT0VaTzVRZFpwQnpMdyt4NTBLaTBkbWpDY2tXSjFwdDdBMURsV0VFTzRzaVdzamwKN21yWlZQdEVnUDVhLzhyeW4valdPNDFZMGJPSlI0THlGNVVzM3RGN2YrcDVsNDRQNlNaZTZ5SzI2b092K0hwLwpXVkNyQWZSMTd5VlpoakZoQy9tbjZQbWV4TWRzRlhVUEJqdVB0VmZuMDJOcWFTOFdZM1FNN25oS0NnRGtJMVNpCjVISU9ncE8wNUJ0bGZRZXhoRU1CM3kybnk5bjltQ0g1VWxESVk5bVl3SnYzSjUreStjRzlld0dwMlc5ZFA3ZXoKaE9FdFFFZzVzYzVsVVF1U3lUSXN2NDBsMWJEV2NZTHRFTDZSazdHeVJ6aDlueEVaOTVRNWRSc3Z6RFBPZGJMRQoxVjBDZnF2UGdxdUs1RlNuS0ZNQ0F3RUFBYU5oTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVcKQkJSZlBjbGJjYjJWc2VmRUhta0F4bDdYbm10U1pUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFBTmZ5OGlmcwpRZklQUlByODV3MjU0YWExU2RPa05uY21Hc0JyZllSN0R0RHRRTytDbm1rcU5pbFJzZkUrcGtJcEptNHZaazJHCjBoQWJnVGlzTTdsL2FKTCt3MlI0UlJxVWYxOWI4RHZIOFZWVVkrMS9iUE9JZnh5cHpLMUErbkoyWFdlV0VlbjEKQlU1aTVTRlY2bU9UMmhQczV2bXF2bDNJVTJQQ1VVaWRKdzVwUWNQbmdQOUxFdGhKYzByOFR3dTdnUHN3Qzd5Tgo2bTlvVVhRWGdOakRKbWJaYmhlbk9QekV6SnNoSEx4Ynp1bHFNcnVmMmFPVFkzSG01Mm82SlZGc0pCc3dvR0ZVCmhpSENUanBzRGJ5SzIwbjRxSE9uR2lyUFB2ZlBFYzFHUHhCQmV0bWNLN056V2w0MHc4a2YxQllYOVRrMlpQQUoKUjdXNDF4UnA3VTJodmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - extensions: - - extension: - last-update: Sun, 16 Mar 2025 19:18:24 GMT - provider: minikube.sigs.k8s.io - version: v1.35.0 - name: cluster_info - server: http://192.168.178.94:3001 - name: minikube -contexts: -- context: - cluster: minikube - extensions: - - extension: - last-update: Sun, 16 Mar 2025 19:18:24 GMT - provider: minikube.sigs.k8s.io - version: v1.35.0 - name: context_info - namespace: default - user: minikube - name: minikube -current-context: minikube -kind: Config -preferences: {} -users: -- name: minikube - user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJMU1ETXhOVEU0TlRBMU5Wb1hEVE0xTURNeE56QTJOVEExTlZvd01URVhNQlVHQTFVRQpDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGakFVQmdOVkJBTVREVzFwYm1scmRXSmxMWFZ6WlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNW90eVp6azdXRjFNbGMrYTdvK0NjaHYvNWw0Y08KMVlNRFM2RGx2cE94MzgzUnp1ZlRlaWlaU1A2K2R5cWxOV2NZZmJzSmxjSDZqZlNCNTRhVjhVd0p1aE5mUk53LwpTWkEzamdyeVJIU3ZaZ3lySnFsWmE0OTlqVE95QTR3dVIzL0lZT1RYZ3dnUmZOck5tRDg4bWlwNVpibStkUEFUCmwzbVJ1TGtkNkd0Sis2WmJlV3Y0alNjZ01odWRHTVY5dk1JbTZMUTIrRGlCM3F6bjFYL0UxQytRVDRmY2dCR2gKeDg3U3Vrclk2L1MyeXI2TnAvcFFlNWJMSG93bG9zb2NXTmFnR1lsamdQK3RZdXF0TjJwY1BzVzR2clBheWxZQgo3V2ZYNGhJY1phb1VsQnVxZmtPSmJJcFZ1VHJmSFFqMzZCdVVha05NRm1YY1hmdzB4dk5JcTFteEFnTUJBQUdqCllEQmVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSZlBjbGJjYjJWc2VmRUhta0F4bDdYbm10UwpaVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBRXMvN0c4aGMwOWN1RVVCUU0yN0FSQXY0V0toZ3ZjVkFKUk5XCmZIeE1wTk8wcnU4VlJZcExoalB1bG13ZG5QTVdxY0JQczRiOEVxRC9idnVabGkrNnk5cjhHQ1dTTk9HeVZzblAKNGE0ZU9NQ0JQSDdGNVJUbUpmU3oyRG5KWEpRZjhQY3VGMm1kNU9BckdPd1Q3aFBMeWRiTnVLcEY0SlFCd2NoeApOUXlQTDkvd3JSeWtpdTBmNjlSdnErZlk0ZFFjd1cwbnlSUlBhM2QyVmtFc1Eva25ETUtWb3hIOWUzZ3dXZ0tPCnIvNXRWeHFLdzI5ZG9aVkRxU1BBVjZhZXdVQjErRmNIUjl6TGtKdGN0aXUxK1kzbi9SZExSZ3RDQ2o0WGdYYWgKbzNMLzBZOTRyMEQ0QXEvK2kySnVOQzdrWVJNbTVrM01yK3QwZWFIUmVWQU5MbnRXNGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdWFMY21jNU8xaGRUSlhQbXU2UGduSWIvK1plSER0V0RBMHVnNWI2VHNkL04wYzduCjAzb29tVWordm5jcXBUVm5HSDI3Q1pYQitvMzBnZWVHbGZGTUNib1RYMFRjUDBtUU40NEs4a1IwcjJZTXF5YXAKV1d1UGZZMHpzZ09NTGtkL3lHRGsxNE1JRVh6YXpaZy9QSm9xZVdXNXZuVHdFNWQ1a2JpNUhlaHJTZnVtVzNscgorSTBuSURJYm5SakZmYnpDSnVpME52ZzRnZDZzNTlWL3hOUXZrRStIM0lBUm9jZk8wcnBLMk92MHRzcStqYWY2ClVIdVd5eDZNSmFMS0hGaldvQm1KWTREL3JXTHFyVGRxWEQ3RnVMNnoyc3BXQWUxbjErSVNIR1dxRkpRYnFuNUQKaVd5S1ZiazYzeDBJOStnYmxHcERUQlpsM0YzOE5NYnpTS3Rac1FJREFRQUJBb0lCQUFxa1VIc3N2WTQrWmhEVwpsUnFhcVd5dnZJcmxhZU9xejhqbmxBQzNyU1hjUzZORWRqdkVYQUYxa3N6K2JkNXNzazFRSCtITHlRUUJFVXhGCkpvei8rVGp4aHR6R1NNNEQvSldDdWhQcllya1BZNWlJTGRzbmRHRmhMOTU3bjVTam1xcTFDMGxqaEpua0MzTVAKMEVnOEdrVTlWS21iY0l2ZStpUWxiODlNSEtKd0JwR2U5alA0Tnpmbk81QlljSllBaGNlR0JpTnd0ejJGTmdBZApTSyt0YmxCUnJBNGpHeVllZGI5b3B3RTRoWEI2L1RCNFFRc1BzK0JxSEVKQXJ4RmtUdUw5RGlRNlB1NHh0NnNvCndXaVJBSndCelBSa1Z6MkREVHRneVZWMjh0Nk1hekZVNmtoSEJCYytVM3B5T1V3QXpxMnk2ZzBRNEwvaVJjaU4KUGxndmIwRUNnWUVBd3VOK3F1UzZNamJMTUg4MHgyS3RUWkU4WEpIR05nMnl5M3ZMYk9ucDJiZkdJclhaVURNawpOSC9HalpWUDQ2d2tONXNtbVN2MWk2T2xHRzRnUWZ5d3NHVXVVTWlFZm1vTUF6TExhNW1tdDZEOWhsQ1F1ZEMwCkNCQVJyaTZ1Ny9wM3JzOXE1ZWpEeEJKSjE5cEg1UGVvQXBYNU9ySHBuSzRHRXJXTmxVMzdBUGtDZ1lFQTg5aWkKSGVOWkxidGdqTFJHTDY1ZTJsQlNGS0h2UVRHMFpZVzFZODYxM2xpanpzZTQzSGZkVTNmSnppdmNlMFZiaHpCSApGZE82UGgxU2tROXA2VnFBOHozYVVFeDJtYUNDbDBsVklUZCtTVTRyaTlUME0zalJuWHhRY2F6MlIwRExiTTM4ClN2RzVsRytQb3I2clVndzhYeVNnbkt1eERxR2lSbUlPL2M0a0JIa0NnWUVBcGZYV3l5Nm1STmFXWjRFYjcrTGYKRTl2bkhDbGpNbXF0NUV4U2FqZ3oxUnlEVk5HbzhudnFpKzUzcGVBTnZTSzlZTUQxdUtCUHBJOUJxekUwdFJ5NwpWaXVEcW5WbkpzT2w0UjlqVFFqMmlROUdkaGVyZHlENy9wVzRpS3ptZWlPL3daU09RcVRaK09GZUVydW1WNXh5CmJXbExhS2xTK0FMVjF4N1dKOXZWTVBrQ2dZRUFvb0hSS05JRzhLOWJuT25YakpkTXAzbTMrZ0FoanZVdElDdUgKdzBoVGRDYm1wRHYrT3crMjlKVjBiRzVXdGVCM0t4VkZpb3BjS0dFcVVYcFFQekFObUEyMG5LY1lzekdCVm9tTQpybUpwU3psSlZCdEwwN0hGSUl0a29SMS8wK1NlclpocGR4aTVjTzhZYm9GYmM0YXNCVXhIcmFIT2tjMnVjL0dOCnhCL0phU0VDZ1lFQWh3TlQ5TnQxUVhBcWk0NHhMNytvYm5mNEVtck45R25JaW5xSWZ3bUxsbFJFQ1pqSFhGUVAKd1J6WUNsSXRubkVkOURiOXNFN1JlMitobXp1YkFkdFozUkpmaGlodGNKeENFcGxJbFZXU01PQWIwKzkvdDZ6dAptakpKcmZZcDdCY0FOV2FraGxnQUFRUllONWhFTVl2K04wN3JlQjcvdm1aRk9kRU1kVmRlakhjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= From f2221f5c94309f8a6f006877215b55ab230d0d9c Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 22 Mar 2025 18:56:58 +0000 Subject: [PATCH 43/81] Add/update prometheus db backup restore docs --- README.md | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 82c0405..f91a61d 100644 --- a/README.md +++ b/README.md @@ -432,7 +432,7 @@ Use your own server # Appendix -## [UNTESTED] Prometheus TSDB Backup Restore +## Prometheus TSDB Backup Restore In case of a migration, you may choose to wnat to migrate data from prometheus along with the app backups stored in the server's app-config dir. @@ -444,8 +444,7 @@ Resources: ### Enable admin API ```bash -kubectl -n monitoring patch prometheus kube-prometheus-stack-prometheus \ - --type merge --patch '{"spec":{"enableAdminAPI":true}}' +kubectl -n monitoring patch prometheus kube-prometheus-stack-prometheus --type merge --patch '{"spec":{"enableAdminAPI":true}}' ``` ### Verify admin API is enabled @@ -474,23 +473,37 @@ Take snapshot curl -v -X 'POST' -ks 'localhost:9090/api/v1/admin/tsdb/snapshot' ``` -### Download TSDB snapshot from pod to host +### Download TSDB snapshot + +#### Option 1: Download from pod to host + +```bash +TMP_DIR=$(mktemp -d) +kubectl cp -c prometheus prometheus-kube-prometheus-stack-prometheus-0:/prometheus/snapshots ${TMP_DIR} +``` + +#### Option 2: Find the PV on your host and make a backup of the contents [RECOMMENDED] + +This is easier and in the context of this server's setup. ```bash -kubectl cp -c prometheus prometheus-kube-prometheus-stack-prometheus-0:/prometheus/snapshots ./ +export TMP_DIR=$(mktemp -d) + +export PV_DIR=$(kubectl get pv -o yaml $(kubectl get pv | grep monitoring/prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0 | cut -d' ' -f1) | grep "path:" | cut -d " " -f 6) + +cp -r ${PV_DIR}/prometheus-db/snapshots/* ${TMP_DIR} ``` ### Restore Backup +Copy over your backup to any other host if applicable. + ```bash -export DIR="./20250322T135503Z-3afab86228527d60" +export PV_DIR=$(kubectl get pv -o yaml $(kubectl get pv | grep monitoring/prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0 | cut -d' ' -f1) | grep "path:" | cut -d " " -f 6) -# clear dir -kubectl -n monitoring -c prometheus exec -it prometheus-kube-prometheus-stack-prometheus-0 -- /bin/sh -c "rm -rf /prometheus/*" +# clear dir. Might not be needed +rm -rf ${PV_DIR}/prometheus-db/* # copy over old data -kubectl -n monitoring -c prometheus cp ${DIR} prometheus-kube-prometheus-stack-prometheus-0:/prometheus/ - -# move old data into expected dir -kubectl -n monitoring -c prometheus exec prometheus-kube-prometheus-stack-prometheus-0 -- /bin/sh -c "mv /prometheus/${DIR}/* /prometheus" +mv ${TMP_DIR}/* ${PV_DIR}/prometheus-db/ ``` From feebe42b612d07f93c2683af6a42db4ff6c4b7e7 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 22 Mar 2025 21:10:47 +0000 Subject: [PATCH 44/81] final post migration changes --- README.md | 50 +++++++++++++++++++++++++++------------------ install-charts.yaml | 24 +++++++++++----------- 2 files changed, 42 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index f91a61d..a9ec76a 100644 --- a/README.md +++ b/README.md @@ -113,10 +113,10 @@ Use your own server - Point Jellyfin to use the directories mentioned in the playbooks for shows, movies, music and books. - By default, on the Jellyfin pod, the directories it will be: ``` - /media/data/shows - /media/data/movies - /media/data/music - /media/data/books + /data/shows + /data/movies + /data/music + /data/books ``` - Add any other config required. - Recommend setting up the Open Subtitles plugin which requires creating an account on [their website](https://www.opensubtitles.org/en/?). @@ -152,15 +152,15 @@ Use your own server - Go to ``Tools > Options > Web UI > Authentication`` - Set default download location to one the mentioned directories (or make sure to put it in the right directory when downloading for ease) - Go to ``Tools > Options > Downloads > Default Save Path`` - - Recommend using ``/media/data/downloads`` + - Recommend using ``/data/downloads`` - Set seeding limits - Recommend seeding limits for when seeding ratio hits "0". It is under ``Tools > Options > BitTorrent > Seeding Limits`` - Set torrent download/upload limits - - Recommended to keep 6 active torrents/downloads and 0 uploads. It is under ``Tools > Options > BitTorrent > Torrent Queueing`` + - Recommended to keep 12 active torrents/downloads and 0 uploads. It is under ``Tools > Options > BitTorrent > Torrent Queueing`` - ##### Setup Calibre - Do base setup - - Set folder to be ``/media/data/books`` and select ``Yes`` for it to rebuild the library if asked. + - Set folder to be ``/data/books`` and select ``Yes`` for it to rebuild the library if asked. - Go to ``Preferences > Sharing over the net`` - Check the box for ``Require username and password to access the Content server`` - Check the box for ``Run the server automatically when calibre starts`` @@ -172,7 +172,7 @@ Use your own server - ##### Setup Calibre Web - Default login is ``admin/admin123`` - - Set folder to be ``/media/data/books`` + - Set folder to be ``/data/books`` - To enable web reading, click on ``Admin`` (case sensitive) on the top right - Click on the user, default is ``admin`` - Enable ``Allow ebook viewer`` @@ -191,12 +191,11 @@ Use your own server - Go to ``Settings`` and click on ``Show Advanced`` - Enable authentication - - Go to ``Settings > General`` - Set `Authentication` to `Forms (Login Page)` - Set `Authentication Required` to `Enabled` - Set username and password for access - Add torrent client - - Go to ``Settings > Download Clients > Add > qBittorent > Custom`` + - Go to ``Settings > Download Clients > Add > qBittorent`` - Add the host: ``qbittorrent`` - Add the port: ``10095`` - Add the username: ```` @@ -206,18 +205,21 @@ Use your own server - Set the root directories to be the following - Go to ``Settings > Media Management`` - | Service | Root Directory | - |---------|-------------------------| - | Readarr | ``/media/data/books/`` | - | Sonarr | ``/media/data/shows/`` | - | Radarr | ``/media/data/movies/`` | - | Lidarr | ``/media/data/music/`` | + | Service | Root Directory | + |---------|-------------------| + | Readarr | ``/data/books/`` | + | Sonarr | ``/data/shows/`` | + | Radarr | ``/data/movies/`` | + | Lidarr | ``/data/music/`` | - Enable renaming - Adjust quality definitions - Go to ``Settings > Quality`` - Set the ``Size Limit`` or ``Megabytes Per Minute`` (or equivalent) to appropriate numbers - This will ensure your downloads are not "too big" - For movies and shows, ``2-3GiB/h`` would usually be sufficient as the ``Preferred`` value, and you can leave the ``Max`` value a bit higher to ensure a better chance of download grabs + - Min: 0 + - Preferred: 30 + - Max: 2000 - Radarr/Sonarr specific config - **[EXPERIMENTAL]** Enforce downloads of original language media only - Go to ``Settings > Custom Formats`` @@ -233,7 +235,7 @@ Use your own server - Readarr specific config - Go to ``Settings > Media Management`` - Add root folder (you cannot edit an existing one) - - Set the path to be ``/media/data/books/`` + - Set the path to be ``/data/books/`` - Enable ``Use Calibre`` options the the following defaults - Calibre host: ``calibre-webserver`` - Calibre port: ``8081`` @@ -243,7 +245,6 @@ Use your own server - ##### Setup Prowlarr - Enable authentication - - Go to ``Settings > General`` - Set `Authentication` to `Forms (Login Page)` - Set `Authentication Required` to `Enabled` - Set username and password for access @@ -269,7 +270,6 @@ Use your own server Add with higher priority, example "1", since it has good english subtitled content Add "flaresolverr" tag Bangumi Moe - AniRena Nyaa.si Tokyo Toshokan ``` @@ -312,6 +312,8 @@ Use your own server - Fill out the path mappings if the directories in which data is stored is different for both services (by default both services will use the same directory to access data, so you dont need to change anything for a default install) - Go to ``Settings > Languages`` - Add a language profile and set defaults for movies and series' + - You may need to set language filters first before being able to create a profile with the languages in them + - Add both, for hearing impaired and regular ones, to increase your chances - Go to ``Settings > Provider`` and add providers for subtitles - Decent options are: - Opensubtitles.com @@ -350,8 +352,16 @@ Use your own server - Quality profile can be `HD-1080p` or `HD - 720/1080p` - Select the applicable root folders - Check relevant options that suit your needs + - General + - Enable `Tag Requests` + - Enable `Scan` + - Enable `Default Server` + - Sonarr specific + - Enable `Season Folders` - Go to `Users` and either add new users or import from Jellyfin directly - - Give them `Auto approve` and `Request` permissions for ease where applicable + - This is not required by default + - Give them `Manage Requests` and other permissions for ease where applicable + - Go to `Settings -> Users` and give them all `Auto-Approve` and `Auto-Request` Permissions by default for ease. - ##### Setup Ombi - One stop shop for Sonarr/Radarr/Lidarr requests diff --git a/install-charts.yaml b/install-charts.yaml index 20867ff..619cfaf 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -287,7 +287,7 @@ - debug: msg: > You can log into Jellyfin at 'jellyfin.{{ domain_name }}'. - '{{ dir_home }}' is available under '/media' and can be used by + '{{ dir_data }}' is available under '/data' and can be used by Jellyfin. If need be, delete any existing server and go to the URL mention above once again to setup a new server. @@ -330,7 +330,7 @@ msg: > You can log into qBittorrent at 'qbittorrent.{{ domain_name }}' using "admin/{{ qbittorrent_random_password.stdout }}" as the default creds. Change this after deployment. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application to download things. Downloading in the directories under {{ dir_data }} will be picked up by Jellyfin. @@ -390,7 +390,7 @@ msg: > You can log into prowlarr at 'prowlarr.{{ domain_name }}'. Go to this URL and add the indexers you wish to use. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application to download things. Downloading in the directories under {{ dir_data }} will be picked up by Jellyfin. @@ -428,7 +428,7 @@ - debug: msg: > You can log into radarr at 'radarr.{{ domain_name }}'. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application to download things. Downloading in the directories under {{ dir_data }} will be picked up by Jellyfin. @@ -466,7 +466,7 @@ - debug: msg: > You can log into sonarr at 'sonarr.{{ domain_name }}'. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application to download things. Downloading in the directories under {{ dir_data }} will be picked up by Jellyfin. @@ -505,7 +505,7 @@ - debug: msg: > You can log into bazarr at 'bazarr.{{ domain_name }}'. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application. - name: Install readarr @@ -542,7 +542,7 @@ - debug: msg: > You can log into readarr at 'readarr.{{ domain_name }}'. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application. - name: Install lidarr @@ -579,7 +579,7 @@ - debug: msg: > You can log into lidarr at 'lidarr.{{ domain_name }}'. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application. - name: Install ombi @@ -606,7 +606,7 @@ - debug: msg: > You can log into ombi at 'ombi.{{ domain_name }}'. - '{{ dir_home }}' is available under '/media' and can be used by + '{{ dir_data }}' is available under '/data' and can be used by ombi. If need be, delete any existing server and go to the URL mention above once again to setup a new server. @@ -634,7 +634,7 @@ - debug: msg: > You can log into jellyseerr at 'jellyseerr.{{ domain_name }}'. - '{{ dir_home }}' is available under '/media' and can be used by + '{{ dir_data }}' is available under '/data' and can be used by jellyseerr. If need be, delete any existing server and go to the URL mention above once again to setup a new server. @@ -696,7 +696,7 @@ - debug: msg: > You can log into calibre-web at 'calibre-web.{{ domain_name }}'. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application. - name: Install calibre @@ -730,5 +730,5 @@ - debug: msg: > You can log into calibre at '{{ ip }}:30000'. - '{{ dir_home }}' from the host is available under '/media' and + '{{ dir_data }}' from the host is available under '/data' and can be used by the application. From 3d9e7bbc6d964c2187aefe5e4030bd74e331c1e0 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 23 Mar 2025 00:49:30 +0000 Subject: [PATCH 45/81] Add dashboard to list --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a9ec76a..58dea1f 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ Use your own server - Add the recommended dashboards (Make sure you select the correct job in the variables section, you can default to `kubernetes-service-scraper`) - [Node Exporter Full](https://grafana.com/grafana/dashboards/1860) - [Loki Kubernetes Logs](https://grafana.com/grafana/dashboards/15141) + - [Container Log Dashboard](https://grafana.com/grafana/dashboards/16966) - [Sonarr v3](https://grafana.com/grafana/dashboards/12530-sonarr-v3/) - [Radarr v3](https://grafana.com/grafana/dashboards/12896-radarr-v3/) - [Pods (Aggregated view)](https://grafana.com/grafana/dashboards/8860) From aef3c64d0c1c84122f2ffb97830cbea57abbe8b2 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 23 Mar 2025 12:50:18 +0000 Subject: [PATCH 46/81] Troubleshooting info The error with ports not showing up in exportarr logs for sonarr,radarr and prowlarr are due to a bug in exportarr which was notpassing the app port correctly. Fixed in PR: https://github.com/onedr0p/exportarr/pull/334 Image will be promoted soon as well and the truecharts automation will release a new chart in a few days --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 58dea1f..bfbf8a8 100644 --- a/README.md +++ b/README.md @@ -518,3 +518,7 @@ rm -rf ${PV_DIR}/prometheus-db/* # copy over old data mv ${TMP_DIR}/* ${PV_DIR}/prometheus-db/ ``` + +## Network troubleshooting tools + +This repo will be of use: https://github.com/nicolaka/netshoot \ No newline at end of file From c7b8ee068b1bd23d825a1ea5494c5a36460b57b2 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 23 Mar 2025 13:25:19 +0000 Subject: [PATCH 47/81] remove certmanger crds on uninstall, would make sense as you wanna cleanup after itself too --- install-charts.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/install-charts.yaml b/install-charts.yaml index 619cfaf..e6ef408 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -118,6 +118,7 @@ set_options: "--set \ ingressShim.defaultIssuerName=letsencrypt-prod,\ prometheus.enabled=true,\ + crds.keep=false,\ crds.enabled=true" - name: "install clusterissuer CR with account email: {{ charts.services.cert_manager.email }}" From df597edd9ed6111d64069aeb85158412201f3477 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sun, 23 Mar 2025 13:57:18 +0000 Subject: [PATCH 48/81] namespace vars --- install-charts.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index e6ef408..f743d21 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -6,6 +6,8 @@ namespace_user: "{{ ansible_user }}" namespace_monitoring: monitoring namespace_generic_services: generic-services + namespace_cert_manager: cert-manager + namespace_ingress: ingress-nginx helm_kube_prometheus_stack_loki_config: "" # default @@ -91,7 +93,7 @@ vars: repo_name: nginx-ingress repo_link: https://kubernetes.github.io/ingress-nginx - install_namespace: "ingress-nginx" + install_namespace: "{{ namespace_ingress }}" timeout: "{{ charts.timeout }}" release_name: ingress-nginx chart_name: ingress-nginx @@ -111,7 +113,7 @@ vars: repo_name: jetstack repo_link: https://charts.jetstack.io - install_namespace: "cert-manager" + install_namespace: "{{ namespace_cert_manager }}" timeout: "{{ charts.timeout }}" release_name: cert-manager chart_name: cert-manager @@ -128,7 +130,7 @@ kind: ClusterIssuer metadata: name: letsencrypt-prod - namespace: cert-manager + namespace: {{ namespace_cert_manager }} spec: acme: # The ACME server URL From 5dc3734e42bf2a063c6bac4f9271f18fb246790e Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Mon, 24 Mar 2025 12:20:55 +0000 Subject: [PATCH 49/81] remove ingress proxy-body-size limit/checks by setting it to 0 --- install-charts.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install-charts.yaml b/install-charts.yaml index f743d21..de5c968 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -97,7 +97,13 @@ timeout: "{{ charts.timeout }}" release_name: ingress-nginx chart_name: ingress-nginx + # setting proxy-body-size=0 disables size checks for uploads and sets + # it as the default for all ingresses handled by this controller + # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-max-body-size + # https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size + # https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/configmap.md#proxy-body-size set_options: "--set \ + controller.config.proxy-body-size=0,\ controller.service.type=NodePort,\ controller.service.nodePorts.http=30080,\ controller.service.nodePorts.https=30443,\ From 0f52e536e4599182ad75396c674f2a99e1ef52a3 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 24 Mar 2025 17:57:42 +0000 Subject: [PATCH 50/81] support immich and cnpg dependency --- group_vars/all | 93 +++++++++++++++++++++++++++++++-------------- hosts.yaml | 4 +- install-charts.yaml | 72 +++++++++++++++++++++++++++++++++++ server-basics.yaml | 1 + setup.yaml | 1 + 5 files changed, 140 insertions(+), 31 deletions(-) diff --git a/group_vars/all b/group_vars/all index 9e4b26f..d895bf8 100644 --- a/group_vars/all +++ b/group_vars/all @@ -6,13 +6,13 @@ domain_name: "" # FILL OUT # for basic server setup (in my opinion) basics: - enabled: True + enabled: true # reboot machine - reboot: True + reboot: true # vnc for remote desktop with GUI vnc: - enabled: True + enabled: true # will be truncated to 8 characters password: "" # FILL OUT # display for what port will be accessed @@ -21,14 +21,14 @@ vnc: # squid credentials, for proxy squid: - enabled: True + enabled: true username: "" # FILL OUT password: "" # FILL OUT port: "3128" # sambashare for network attached storage smb: - enabled: True + enabled: true password: "" # FILL OUT share_name: "sambashare" @@ -36,79 +36,112 @@ smb: # when the server IP changes # NOTE: It doesnt add entries, refer to the README.md file for instructions cloudflare: - enabled: True + enabled: true + # Set your Cloudflare Zone ID zone_id: "" # FILL OUT + # Set your Cloudflare Bearer token to view the zone and edit DNS records in it auth_key: "" # FILL OUT + # WORK_IN_PROGRESS: Set your Cloudfare API token for editing zone DNS api_token: "WORK_IN_PROGRESS" # ==== Select what charts you wish to install ==== charts: - enabled: True + enabled: true + resources: # kubernetes resource requests for the pods requests: cpu: 10m memory: 50M + # kubernetes resource limits for the pods # leave some headroom for the OS to not lose server access in case of an issue limits: cpu: 4 memory: "6000M" + # timeout as helm expects it in --timeout for the charts timeout: 15m + services: + # provision hostPaths using this controller local_path_provisioner: - enabled: True + enabled: true version: "v0.0.31" + # nginx ingress controller for reverse proxy ingress_nginx: - enabled: True + enabled: true + # manager for tls certs cert_manager: - enabled: True + enabled: true # email for the ACME account registration # FYI: you dont need to create any account for this email: "main@server.com" + # log monitoring with Loki (Needs Grafana for a UI) loki_stack: - enabled: True + enabled: true + # metrics monitoring with Grafana and Prometheus kube_prometheus_stack: - enabled: True + enabled: true grafana: admin_username: "admin" # FILL OUT admin_password: "admin" # FILL OUT + # media client jellyfin: - enabled: True + enabled: true + # torrents qbittorrent: - enabled: True + enabled: true + # to bypass cloudflare protection flaresolverr: - enabled: True + enabled: true + # to manage indexers prowlarr: - enabled: True + enabled: true + # movie monitoring radarr: - enabled: True + enabled: true + # show monitoring sonarr: - enabled: True + enabled: true + # subtitle hunting bazarr: - enabled: True + enabled: true + # movie and show interface jellyseerr: - enabled: True + enabled: true + # speed test to server librespeed: - enabled: True + enabled: true + + # cloud native instance of postgres DB + cnpg: + enabled: true + + # google photos alternative + # NOTE: REQUIRES YOU TO HAVE CNPG INSTALLED BEFORE + # - Either set `cnpg.enabled` to true or + # - make sure you have installed it first (incase of an upgrade) + immich: + enabled: true + # movie, show and music interface ombi: enabled: false @@ -129,7 +162,16 @@ charts: # ==== k8s settings ==== kubespray: - enabled: True + enabled: true + + # Use reset.yml to reset cluster + playbook: "cluster.yml" + # extra args for playbook + playbook_args: "-e reset_confirmation=yes" + + # release branch from the repo: https://github.com/kubernetes-sigs/kubespray + release: "release-2.27" + # enable addons config addons: [] # - helm_enabled @@ -142,13 +184,6 @@ kubespray: k8s_cluster: [] # - kube_proxy_strict_arp - # Use reset.yml to reset cluster - playbook: "cluster.yml" - # extra args for playbook - playbook_args: "-e reset_confirmation=yes" - - # release branch from the repo: https://github.com/kubernetes-sigs/kubespray - release: "release-2.27" # to allow pinless bluetooth connections to the server bluetooth: diff --git a/hosts.yaml b/hosts.yaml index bbbbb9e..6a6aba1 100644 --- a/hosts.yaml +++ b/hosts.yaml @@ -8,7 +8,7 @@ all: # adding multiple hosts wont play well with the group_vars file probably with the current setup # So use the below as just an example # home-throwaway: - # ansible_host: 192.168.178.3 - # ansible_port: 2002 + # ansible_host: 192.168.178.95 + # ansible_port: 22 # ansible_user: kimi450 # ansible_sudo_pass: i_HaVe_A_gOoD_pAsSwOrD+123! diff --git a/install-charts.yaml b/install-charts.yaml index de5c968..b6b8ffe 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -8,6 +8,7 @@ namespace_generic_services: generic-services namespace_cert_manager: cert-manager namespace_ingress: ingress-nginx + namespace_cloudnative_postgres: "cnpg-system" helm_kube_prometheus_stack_loki_config: "" # default @@ -254,6 +255,77 @@ {{ charts.services.kube_prometheus_stack.grafana.admin_username }}/ {{ charts.services.kube_prometheus_stack.grafana.admin_password }} + - name: Install cnpg + when: charts.services.cnpg.enabled + block: + - name: Install/Upgrade the cnpg chart + include_tasks: tasks-install-chart.yaml + vars: + repo_name: cnpg + repo_link: https://cloudnative-pg.github.io/charts + install_namespace: "{{ namespace_cloudnative_postgres }}" + timeout: "{{ charts.timeout }}" + release_name: cnpg + chart_name: cloudnative-pg + set_options: "--set \ + crds.create=true" + + - name: Install immich + when: charts.services.immich.enabled + block: + - name: Install/Upgrade the immich chart + include_tasks: tasks-install-chart.yaml + vars: + repo_name: TrueCharts + repo_link: oci://tccr.io/truecharts + install_namespace: "{{ namespace_generic_services }}" + timeout: "{{ charts.timeout }}" + release_name: immich + chart_name: immich + set_options: "--set \ + {{ helm_common_general }},\ + {{ helm_common_security_contexts }},\ + {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ + persistence.mlcache.enabled=true,\ + persistence.mlcache.type=hostPath,\ + persistence.mlcache.hostPath={{ dir_data_immich }}/mlcache,\ + persistence.microcache.enabled=true,\ + persistence.microcache.type=hostPath,\ + persistence.microcache.hostPath={{ dir_data_immich }}/microcache,\ + persistence.library.enabled=true,\ + persistence.library.type=hostPath,\ + persistence.library.hostPath={{ dir_data_immich }}/library,\ + persistence.uploads.enabled=true,\ + persistence.uploads.type=hostPath,\ + persistence.uploads.hostPath={{ dir_data_immich }}/uploads,\ + persistence.backups.enabled=true,\ + persistence.backups.type=hostPath,\ + persistence.backups.hostPath={{ dir_data_immich }}/backups,\ + persistence.thumbs.enabled=true,\ + persistence.thumbs.type=hostPath,\ + persistence.thumbs.hostPath={{ dir_data_immich }}/thumbs,\ + persistence.profile.enabled=true,\ + persistence.profile.type=hostPath,\ + persistence.profile.hostPath={{ dir_data_immich }}/profile,\ + persistence.video.enabled=true,\ + persistence.video.type=hostPath,\ + persistence.video.hostPath={{ dir_data_immich }}/encoded-video,\ + securityContext.container.runAsUser=0,\ + securityContext.container.privileged=true,\ + securityContext.container.runAsNonRoot=false,\ + securityContext.container.allowPrivilegeEscalation=true,\ + ingress.main.hosts[0].host='immich.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=immich,\ + ingress.main.hosts[0].paths[0].service.port=8096" + + - debug: + msg: > + You can log into Jellyfin at 'jellyfin.{{ domain_name }}'. + '{{ dir_data }}' is available under '/data' and can be used by + Jellyfin. If need be, delete any existing server and go to the + URL mention above once again to setup a new server. + - name: Install jellyfin when: charts.services.jellyfin.enabled block: diff --git a/server-basics.yaml b/server-basics.yaml index dd98c12..e554bdc 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -92,6 +92,7 @@ - "{{ dir_data_games }}" - "{{ dir_data_books }}" - "{{ dir_data_music }}" + - "{{ dir_data_immich }}" - "{{ dir_data_downloads }}" - "{{ dir_home }}{{ dir_data_config_suffix }}" diff --git a/setup.yaml b/setup.yaml index 8179797..ec06ef7 100644 --- a/setup.yaml +++ b/setup.yaml @@ -20,6 +20,7 @@ dir_home: "/home/{{ ansible_user }}" dir_data: "/home/{{ ansible_user }}/data" dir_repos: "/home/{{ ansible_user }}/repos" + dir_data_immich: "/home/{{ ansible_user }}/data/immich" dir_data_movies: "/home/{{ ansible_user }}/data/movies" dir_data_shows: "/home/{{ ansible_user }}/data/shows" dir_data_games: "/home/{{ ansible_user }}/data/games" From a56701a799053a7d1de53e64ff128f37a3cf4a99 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 24 Mar 2025 19:56:42 +0000 Subject: [PATCH 51/81] Shoutout to lichess's fishnet analysis solution --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index bfbf8a8..75effec 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,10 @@ Use your own server - You can add `-vvvv` to get more verbose output - #### After the installation + - ##### [OPTIONAL] Setup Fishet + - Consider setting up [fishnet](https://github.com/lichess-org/fishnet) to help [Lichess](https://lichess.org/) run game analysis! + - Kubernetes installations are also supported and documented [here](https://github.com/lichess-org/fishnet/blob/master/doc/install.md#kubernetes) + - ##### Setup Grafana - Add the recommended dashboards (Make sure you select the correct job in the variables section, you can default to `kubernetes-service-scraper`) - [Node Exporter Full](https://grafana.com/grafana/dashboards/1860) From e914d142532a8073178dffb36aa986f312db0022 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Mon, 24 Mar 2025 21:53:57 +0000 Subject: [PATCH 52/81] cleanup some dir config --- install-charts.yaml | 24 ++++++++++++------------ server-basics.yaml | 2 +- setup.yaml | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index b6b8ffe..9f2838b 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -441,7 +441,7 @@ block: - name: Create config directory on hostpath for prowlarr file: - path: "{{ dir_home }}{{ dir_data_config_suffix }}/prowlarr" + path: "{{ dir_data_configs }}/prowlarr" state: directory mode: '0777' @@ -462,7 +462,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/prowlarr,\ + persistence.config.hostPath={{ dir_data_configs }}/prowlarr,\ ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=prowlarr,\ ingress.main.hosts[0].paths[0].service.port=9696" @@ -480,7 +480,7 @@ block: - name: Create config directory on hostpath for radarr file: - path: "{{ dir_home }}{{ dir_data_config_suffix }}/radarr" + path: "{{ dir_data_configs }}/radarr" state: directory mode: '0777' @@ -501,7 +501,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/radarr,\ + persistence.config.hostPath={{ dir_data_configs }}/radarr,\ ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=radarr,\ ingress.main.hosts[0].paths[0].service.port=7878" @@ -518,7 +518,7 @@ block: - name: Create config directory on hostpath for sonarr file: - path: "{{ dir_home }}{{ dir_data_config_suffix }}/sonarr" + path: "{{ dir_data_configs }}/sonarr" state: directory mode: '0777' @@ -539,7 +539,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/sonarr,\ + persistence.config.hostPath={{ dir_data_configs }}/sonarr,\ ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=sonarr,\ ingress.main.hosts[0].paths[0].service.port=8989" @@ -556,7 +556,7 @@ block: - name: Create config directory on hostpath for bazarr file: - path: "{{ dir_home }}{{ dir_data_config_suffix }}/bazarr" + path: "{{ dir_data_configs }}/bazarr" state: directory mode: '0777' @@ -577,7 +577,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/bazarr,\ + persistence.config.hostPath={{ dir_data_configs }}/bazarr,\ metrics.main.enabled=false,\ ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=bazarr,\ @@ -594,7 +594,7 @@ block: - name: Create config directory on hostpath for readarr file: - path: "{{ dir_home }}{{ dir_data_config_suffix }}/readarr" + path: "{{ dir_data_configs }}/readarr" state: directory mode: '0777' @@ -615,7 +615,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/readarr,\ + persistence.config.hostPath={{ dir_data_configs }}/readarr,\ ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=readarr,\ ingress.main.hosts[0].paths[0].service.port=8787" @@ -631,7 +631,7 @@ block: - name: Create config directory on hostpath for lidarr file: - path: "{{ dir_home }}{{ dir_data_config_suffix }}/lidarr" + path: "{{ dir_data_configs }}/lidarr" state: directory mode: '0777' @@ -652,7 +652,7 @@ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_home }}{{ dir_data_config_suffix }}/lidarr,\ + persistence.config.hostPath={{ dir_data_configs }}/lidarr,\ ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=lidarr,\ ingress.main.hosts[0].paths[0].service.port=8686" diff --git a/server-basics.yaml b/server-basics.yaml index e554bdc..5df4d44 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -94,7 +94,7 @@ - "{{ dir_data_music }}" - "{{ dir_data_immich }}" - "{{ dir_data_downloads }}" - - "{{ dir_home }}{{ dir_data_config_suffix }}" + - "{{ dir_data_configs }}" - name: Setup the bashrc file and the vimrc file block: diff --git a/setup.yaml b/setup.yaml index ec06ef7..c12e8bc 100644 --- a/setup.yaml +++ b/setup.yaml @@ -27,7 +27,7 @@ dir_data_books: "/home/{{ ansible_user }}/data/books" dir_data_music: "/home/{{ ansible_user }}/data/music" dir_data_downloads: "/home/{{ ansible_user }}/data/downloads" - dir_data_config_suffix: "/data/app-configs" + dir_data_configs: "/home/{{ ansible_user }}/data/app-configs" - import_playbook: server-basics.yaml when: From 92ff53b95a1da43d24246cbf7d800cd464f79e78 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Tue, 25 Mar 2025 08:39:27 +0000 Subject: [PATCH 53/81] make directories configurable to allow users to use multiple disks and configure services to use potentially dedicated disks (or the same one) based on their configs passed --- .../install-and-configure-spotifyd.yaml | 2 +- group_vars/all | 71 +++++--- install-and-configure-samba.yaml | 7 +- install-charts.yaml | 160 ++++++++++-------- install-kubernetes-kubespray.yaml | 6 +- install-tightvnc-and-ssh.yaml | 8 +- server-basics.yaml | 28 +-- setup.yaml | 18 -- .../install-and-configure-ssl-cloudfare.yaml | 63 ------- 9 files changed, 167 insertions(+), 196 deletions(-) delete mode 100644 work_in_progress_playbooks/install-and-configure-ssl-cloudfare.yaml diff --git a/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml b/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml index a096161..d1ebe42 100644 --- a/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml +++ b/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml @@ -3,7 +3,7 @@ hosts: home-main gather_facts: false vars: - repo_dir: "{{ dir_repos }}/spotifyd" + repo_dir: "{{ basics.repos_dir }}/spotifyd" systemd_file_location: /etc/systemd/system/ tasks: # https://spotifyd.github.io/spotifyd/installation/Ubuntu.html#building-spotifyd diff --git a/group_vars/all b/group_vars/all index d895bf8..36ced3c 100644 --- a/group_vars/all +++ b/group_vars/all @@ -10,6 +10,12 @@ basics: # reboot machine reboot: true + # user's home dir + home_dir: "/home/{{ ansible_user }}" + + # dir to pull repos into + repos_dir: "/home/{{ ansible_user }}/repos" + # vnc for remote desktop with GUI vnc: enabled: true @@ -19,6 +25,9 @@ vnc: # use 0-9 only for access port to be 590{{display}} display: "4" + # working directory for the VNC session + working_dir: "/home/{{ ansible_user }}" + # squid credentials, for proxy squid: enabled: true @@ -32,6 +41,9 @@ smb: password: "" # FILL OUT share_name: "sambashare" + # the directory to share + share_dir: "/home/{{ ansible_user }}" + # If you are using cloudflare and want to auto update entries # when the server IP changes # NOTE: It doesnt add entries, refer to the README.md file for instructions @@ -44,9 +56,6 @@ cloudflare: # Set your Cloudflare Bearer token to view the zone and edit DNS records in it auth_key: "" # FILL OUT - # WORK_IN_PROGRESS: Set your Cloudfare API token for editing zone DNS - api_token: "WORK_IN_PROGRESS" - # ==== Select what charts you wish to install ==== charts: enabled: true @@ -67,7 +76,10 @@ charts: timeout: 15m services: - + + # directory in which the apps will store their configs + configs_dir: "/home/{{ ansible_user }}/data/app-configs" + # provision hostPaths using this controller local_path_provisioner: enabled: true @@ -81,8 +93,8 @@ charts: cert_manager: enabled: true # email for the ACME account registration - # FYI: you dont need to create any account for this - email: "main@server.com" + # FYI: you dont need to create any account for this, just use an email ID + email: "" # FILL OUT # log monitoring with Loki (Needs Grafana for a UI) loki_stack: @@ -95,6 +107,20 @@ charts: admin_username: "admin" # FILL OUT admin_password: "admin" # FILL OUT + # cloud native instance of postgres DB + cnpg: + enabled: true + + # google photos alternative + # NOTE: REQUIRES YOU TO HAVE CNPG INSTALLED BEFORE + # - Either set `cnpg.enabled` to true or + # - make sure you have installed it first (incase of an upgrade) + immich: + enabled: true + # base dir for all immich info, including backups, cache, etc + # look at `install-charts.yaml` for more information + dir: "/home/{{ ansible_user }}/data/immich" + # media client jellyfin: enabled: true @@ -102,6 +128,8 @@ charts: # torrents qbittorrent: enabled: true + # dir to download files + dir: "/home/{{ ansible_user }}/data/downloads" # to bypass cloudflare protection flaresolverr: @@ -114,10 +142,14 @@ charts: # movie monitoring radarr: enabled: true - + # dir to store and organise movies + dir: "/home/{{ ansible_user }}/data/movies" + # show monitoring sonarr: enabled: true + # dir to store and organise shows + dir: "/home/{{ ansible_user }}/data/shows" # subtitle hunting bazarr: @@ -130,34 +162,31 @@ charts: # speed test to server librespeed: enabled: true - - # cloud native instance of postgres DB - cnpg: - enabled: true - - # google photos alternative - # NOTE: REQUIRES YOU TO HAVE CNPG INSTALLED BEFORE - # - Either set `cnpg.enabled` to true or - # - make sure you have installed it first (incase of an upgrade) - immich: - enabled: true - # movie, show and music interface - ombi: - enabled: false # book monitoring readarr: enabled: false + # dir to store and organise books + dir: "/home/{{ ansible_user }}/data/books" + # music monitoring lidarr: enabled: false + # dir to store and organise music + dir: "/home/{{ ansible_user }}/data/music" + # book client calibre_web: enabled: false + # book management calibre: enabled: false + # movie, show and music interface + ombi: + enabled: false + # ==== k8s settings ==== diff --git a/install-and-configure-samba.yaml b/install-and-configure-samba.yaml index 90fc39d..1c33192 100644 --- a/install-and-configure-samba.yaml +++ b/install-and-configure-samba.yaml @@ -3,7 +3,6 @@ hosts: all gather_facts: True vars: - share_directory: "{{ dir_home }}" config_location: /etc/samba/smb.conf tasks: # https://ubuntu.com/tutorials/install-and-configure-samba#1-overview @@ -14,9 +13,9 @@ pkg: samba state: latest - - name: "Create {{ share_directory }} if it does not exist" + - name: "Create {{ smb.share_dir }} if it does not exist" ansible.builtin.file: - path: "{{ share_directory }}" + path: "{{ smb.share_dir }}" state: directory mode: '0755' @@ -27,7 +26,7 @@ block: | [{{ smb.share_name }}] comment = Samba on Ubuntu - path = {{ share_directory }} + path = {{ smb.share_dir }} read only = no browsable = yes diff --git a/install-charts.yaml b/install-charts.yaml index 9f2838b..3358000 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -3,7 +3,6 @@ hosts: all gather_facts: true vars: - namespace_user: "{{ ansible_user }}" namespace_monitoring: monitoring namespace_generic_services: generic-services namespace_cert_manager: cert-manager @@ -53,13 +52,37 @@ helm_common_persistence_config: "\ persistence.config.enabled=true,\ persistence.config.type=hostPath,\ - persistence.config.mountPath=/config" - - helm_common_persistence_media: "\ - persistence.media.enabled=true,\ - persistence.media.type=hostPath,\ - persistence.media.mountPath={{ dir_mount_path }},\ - persistence.media.hostPath={{ dir_data }}" + persistence.config.mountPath=/data/config" + + helm_common_persistence_movies: "\ + persistence.movies.enabled=true,\ + persistence.movies.type=hostPath,\ + persistence.movies.mountPath=/data/movies,\ + persistence.movies.hostPath={{ charts.services.radarr.dir }}" + + helm_common_persistence_shows: "\ + persistence.shows.enabled=true,\ + persistence.shows.type=hostPath,\ + persistence.shows.mountPath=/data/shows,\ + persistence.shows.hostPath={{ charts.services.sonarr.dir }}" + + helm_common_persistence_books: "\ + persistence.books.enabled=true,\ + persistence.books.type=hostPath,\ + persistence.books.mountPath=/data/books,\ + persistence.books.hostPath={{ charts.services.readarr.dir }}" + + helm_common_persistence_music: "\ + persistence.music.enabled=true,\ + persistence.music.type=hostPath,\ + persistence.music.mountPath=/data/music,\ + persistence.music.hostPath={{ charts.services.lidarr.dir }}" + + helm_common_persistence_downloads: "\ + persistence.downloads.enabled=true,\ + persistence.downloads.type=hostPath,\ + persistence.downloads.mountPath=/data/downloads,\ + persistence.downloads.hostPath={{ charts.services.qbittorrent.dir }}" # readOnlyRootFilesystem=false is needed for the app to be able to take # backups in /config/Backups @@ -70,11 +93,6 @@ securityContext.container.runAsGroup=568" tasks: - - name: Create namespaces namespace - shell: "kubectl create namespace {{ item }} --dry-run=client -o yaml | kubectl apply -f -" - with_items: - - "{{ namespace_user }}" - - name: Install rancher local-path-provisioner when: charts.services.local_path_provisioner.enabled block: @@ -289,42 +307,39 @@ {{ helm_common_ingress }},\ persistence.mlcache.enabled=true,\ persistence.mlcache.type=hostPath,\ - persistence.mlcache.hostPath={{ dir_data_immich }}/mlcache,\ + persistence.mlcache.hostPath={{ charts.services.immich.dir }}/mlcache,\ persistence.microcache.enabled=true,\ persistence.microcache.type=hostPath,\ - persistence.microcache.hostPath={{ dir_data_immich }}/microcache,\ + persistence.microcache.hostPath={{ charts.services.immich.dir }}/microcache,\ persistence.library.enabled=true,\ persistence.library.type=hostPath,\ - persistence.library.hostPath={{ dir_data_immich }}/library,\ + persistence.library.hostPath={{ charts.services.immich.dir }}/library,\ persistence.uploads.enabled=true,\ persistence.uploads.type=hostPath,\ - persistence.uploads.hostPath={{ dir_data_immich }}/uploads,\ + persistence.uploads.hostPath={{ charts.services.immich.dir }}/uploads,\ persistence.backups.enabled=true,\ persistence.backups.type=hostPath,\ - persistence.backups.hostPath={{ dir_data_immich }}/backups,\ + persistence.backups.hostPath={{ charts.services.immich.dir }}/backups,\ persistence.thumbs.enabled=true,\ persistence.thumbs.type=hostPath,\ - persistence.thumbs.hostPath={{ dir_data_immich }}/thumbs,\ + persistence.thumbs.hostPath={{ charts.services.immich.dir }}/thumbs,\ persistence.profile.enabled=true,\ persistence.profile.type=hostPath,\ - persistence.profile.hostPath={{ dir_data_immich }}/profile,\ + persistence.profile.hostPath={{ charts.services.immich.dir }}/profile,\ persistence.video.enabled=true,\ persistence.video.type=hostPath,\ - persistence.video.hostPath={{ dir_data_immich }}/encoded-video,\ + persistence.video.hostPath={{ charts.services.immich.dir }}/encoded-video,\ securityContext.container.runAsUser=0,\ securityContext.container.privileged=true,\ securityContext.container.runAsNonRoot=false,\ securityContext.container.allowPrivilegeEscalation=true,\ ingress.main.hosts[0].host='immich.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=immich,\ - ingress.main.hosts[0].paths[0].service.port=8096" + ingress.main.hosts[0].paths[0].service.port=10323" - debug: msg: > - You can log into Jellyfin at 'jellyfin.{{ domain_name }}'. - '{{ dir_data }}' is available under '/data' and can be used by - Jellyfin. If need be, delete any existing server and go to the - URL mention above once again to setup a new server. + You can log into Immich at 'immich.{{ domain_name }}'. - name: Install jellyfin when: charts.services.jellyfin.enabled @@ -347,7 +362,10 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_shows }},\ + {{ helm_common_persistence_movies }},\ + {{ helm_common_persistence_music }},\ + {{ helm_common_persistence_books }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ securityContext.container.runAsUser=0,\ @@ -368,7 +386,7 @@ - debug: msg: > You can log into Jellyfin at 'jellyfin.{{ domain_name }}'. - '{{ dir_data }}' is available under '/data' and can be used by + Data directories are available under '/data' and can be used by Jellyfin. If need be, delete any existing server and go to the URL mention above once again to setup a new server. @@ -388,7 +406,7 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ ingress.main.hosts[0].host='qbittorrent.{{ domain_name }}',\ @@ -410,10 +428,11 @@ - debug: msg: > You can log into qBittorrent at 'qbittorrent.{{ domain_name }}' using - "admin/{{ qbittorrent_random_password.stdout }}" as the default creds. Change this after deployment. - '{{ dir_data }}' from the host is available under '/data' and - can be used by the application to download things. Downloading in - the directories under {{ dir_data }} will be picked up by Jellyfin. + "admin/{{ qbittorrent_random_password.stdout }}" as the default creds. + Change this after deployment. Downloads directory from the host is + available under '/data' and can be used by the application to + download things. Downloads in that directory will be relevant + processing apps (like Radarr, Sonarr, etc if applicable). - name: Install flaresolverr when: charts.services.flaresolverr.enabled @@ -441,7 +460,7 @@ block: - name: Create config directory on hostpath for prowlarr file: - path: "{{ dir_data_configs }}/prowlarr" + path: "{{ charts.services.configs_dir }}/prowlarr" state: directory mode: '0777' @@ -458,11 +477,10 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data_configs }}/prowlarr,\ + persistence.config.hostPath={{ charts.services.configs_dir }}/prowlarr,\ ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=prowlarr,\ ingress.main.hosts[0].paths[0].service.port=9696" @@ -471,16 +489,13 @@ msg: > You can log into prowlarr at 'prowlarr.{{ domain_name }}'. Go to this URL and add the indexers you wish to use. - '{{ dir_data }}' from the host is available under '/data' and - can be used by the application to download things. Downloading in - the directories under {{ dir_data }} will be picked up by Jellyfin. - name: Install radarr when: charts.services.radarr.enabled block: - name: Create config directory on hostpath for radarr file: - path: "{{ dir_data_configs }}/radarr" + path: "{{ charts.services.configs_dir }}/radarr" state: directory mode: '0777' @@ -497,11 +512,12 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_movies }},\ + {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data_configs }}/radarr,\ + persistence.config.hostPath={{ charts.services.configs_dir }}/radarr,\ ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=radarr,\ ingress.main.hosts[0].paths[0].service.port=7878" @@ -509,16 +525,16 @@ - debug: msg: > You can log into radarr at 'radarr.{{ domain_name }}'. - '{{ dir_data }}' from the host is available under '/data' and - can be used by the application to download things. Downloading in - the directories under {{ dir_data }} will be picked up by Jellyfin. + Data directories from the host are available under '/data' and + can be used by the application to download things. Downloads in + that directory will be picked up by Jellyfin. - name: Install sonarr when: charts.services.sonarr.enabled block: - name: Create config directory on hostpath for sonarr file: - path: "{{ dir_data_configs }}/sonarr" + path: "{{ charts.services.configs_dir }}/sonarr" state: directory mode: '0777' @@ -535,11 +551,12 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_shows }},\ + {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data_configs }}/sonarr,\ + persistence.config.hostPath={{ charts.services.configs_dir }}/sonarr,\ ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=sonarr,\ ingress.main.hosts[0].paths[0].service.port=8989" @@ -547,16 +564,16 @@ - debug: msg: > You can log into sonarr at 'sonarr.{{ domain_name }}'. - '{{ dir_data }}' from the host is available under '/data' and - can be used by the application to download things. Downloading in - the directories under {{ dir_data }} will be picked up by Jellyfin. + Data directories from the host are available under '/data' and + can be used by the application to download things. Downloads in + that directory will be picked up by Jellyfin. - name: Install bazarr when: charts.services.bazarr.enabled block: - name: Create config directory on hostpath for bazarr file: - path: "{{ dir_data_configs }}/bazarr" + path: "{{ charts.services.configs_dir }}/bazarr" state: directory mode: '0777' @@ -573,11 +590,12 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_shows }},\ + {{ helm_common_persistence_movies }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data_configs }}/bazarr,\ + persistence.config.hostPath={{ charts.services.configs_dir }}/bazarr,\ metrics.main.enabled=false,\ ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=bazarr,\ @@ -586,7 +604,7 @@ - debug: msg: > You can log into bazarr at 'bazarr.{{ domain_name }}'. - '{{ dir_data }}' from the host is available under '/data' and + Data directories from the host are available under '/data' and can be used by the application. - name: Install readarr @@ -594,7 +612,7 @@ block: - name: Create config directory on hostpath for readarr file: - path: "{{ dir_data_configs }}/readarr" + path: "{{ charts.services.configs_dir }}/readarr" state: directory mode: '0777' @@ -611,11 +629,12 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_books }},\ + {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data_configs }}/readarr,\ + persistence.config.hostPath={{ charts.services.configs_dir }}/readarr,\ ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=readarr,\ ingress.main.hosts[0].paths[0].service.port=8787" @@ -623,7 +642,7 @@ - debug: msg: > You can log into readarr at 'readarr.{{ domain_name }}'. - '{{ dir_data }}' from the host is available under '/data' and + Data directories from the host are available under '/data' and can be used by the application. - name: Install lidarr @@ -631,7 +650,7 @@ block: - name: Create config directory on hostpath for lidarr file: - path: "{{ dir_data_configs }}/lidarr" + path: "{{ charts.services.configs_dir }}/lidarr" state: directory mode: '0777' @@ -648,11 +667,12 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_music }},\ + {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ dir_data_configs }}/lidarr,\ + persistence.config.hostPath={{ charts.services.configs_dir }}/lidarr,\ ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=lidarr,\ ingress.main.hosts[0].paths[0].service.port=8686" @@ -660,7 +680,7 @@ - debug: msg: > You can log into lidarr at 'lidarr.{{ domain_name }}'. - '{{ dir_data }}' from the host is available under '/data' and + Data directories from the host are available under '/data' and can be used by the application. - name: Install ombi @@ -687,7 +707,7 @@ - debug: msg: > You can log into ombi at 'ombi.{{ domain_name }}'. - '{{ dir_data }}' is available under '/data' and can be used by + Data directories are available under '/data' and can be used by ombi. If need be, delete any existing server and go to the URL mention above once again to setup a new server. @@ -715,7 +735,7 @@ - debug: msg: > You can log into jellyseerr at 'jellyseerr.{{ domain_name }}'. - '{{ dir_data }}' is available under '/data' and can be used by + Data directories are available under '/data' and can be used by jellyseerr. If need be, delete any existing server and go to the URL mention above once again to setup a new server. @@ -765,7 +785,8 @@ set_options: "--set \ {{ helm_common_general }},\ {{ helm_common_persistence }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_books }},\ + {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ securityContext.container.PUID=\"{{ uid }}\",\ @@ -777,7 +798,7 @@ - debug: msg: > You can log into calibre-web at 'calibre-web.{{ domain_name }}'. - '{{ dir_data }}' from the host is available under '/data' and + Data directories from the host are available under '/data' and can be used by the application. - name: Install calibre @@ -799,7 +820,8 @@ set_options: "--set \ {{ helm_common_general }},\ {{ helm_common_persistence }},\ - {{ helm_common_persistence_media }},\ + {{ helm_common_persistence_books }},\ + {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ @@ -811,5 +833,5 @@ - debug: msg: > You can log into calibre at '{{ ip }}:30000'. - '{{ dir_data }}' from the host is available under '/data' and + Data directories from the host are available under '/data' and can be used by the application. diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index b52b198..44241f1 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -71,9 +71,9 @@ - name: setup kubeconfig for user shell: | - mkdir -p {{ dir_home }}/.kube - cp /etc/kubernetes/admin.conf {{ dir_home }}/.kube/config - chmod 777 -R {{ dir_home }}/.kube + mkdir -p {{ basics.home_dir }}/.kube + cp /etc/kubernetes/admin.conf {{ basics.home_dir }}/.kube/config + chmod 777 -R {{ basics.home_dir }}/.kube become: true - name: Install kubectl diff --git a/install-tightvnc-and-ssh.yaml b/install-tightvnc-and-ssh.yaml index 58d8d2e..59d935f 100644 --- a/install-tightvnc-and-ssh.yaml +++ b/install-tightvnc-and-ssh.yaml @@ -58,22 +58,22 @@ line: "Group={{ ansible_user }}" backrefs: yes - - name: "Service file edit: Change WorkingDirectory to be {{ dir_home }}" + - name: "Service file edit: Change WorkingDirectory to be {{ vnc.working_dir }}" become: True # https://gist.github.com/drmalex07/c0f9304deea566842490 lineinfile: path: "{{ service_file_location }}" regexp: '^WorkingDirectory=(.*)$' - line: "WorkingDirectory={{ dir_home }}" + line: "WorkingDirectory={{ vnc.working_dir }}" backrefs: yes - - name: "Service file edit: Change WorkingDirectory to be {{ dir_home }}/.vnc/%H:%i.pid" + - name: "Service file edit: Change WorkingDirectory to be {{ vnc.working_dir }}/.vnc/%H:%i.pid" become: True # https://gist.github.com/drmalex07/c0f9304deea566842490 lineinfile: path: "{{ service_file_location }}" regexp: '^PIDFile=(.*)$' - line: "PIDFile={{ dir_home }}/.vnc/%H:%i.pid" + line: "PIDFile={{ vnc.working_dir }}/.vnc/%H:%i.pid" backrefs: yes - name: Reload systemd service diff --git a/server-basics.yaml b/server-basics.yaml index 5df4d44..2bf0fb1 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -85,16 +85,18 @@ state: directory mode: '0777' with_items: - - "{{ dir_data }}" - - "{{ dir_repos }}" - - "{{ dir_data_movies }}" - - "{{ dir_data_shows }}" - - "{{ dir_data_games }}" - - "{{ dir_data_books }}" - - "{{ dir_data_music }}" - - "{{ dir_data_immich }}" - - "{{ dir_data_downloads }}" - - "{{ dir_data_configs }}" + - "{{ basics.home_dir }}" + - "{{ basics.repos_dir }}" + - "{{ vnc.working_dir }}" + - "{{ smb.share_dir }}" + - "{{ charts.services.radarr.dir }}" + - "{{ charts.services.sonarr.dir }}" + - "{{ charts.services.readarr.dir }}" + - "{{ charts.services.lidarr.dir }}" + - "{{ charts.services.immich.dir }}" + - "{{ charts.services.qbittorrent.dir }}" + - "{{ charts.services.configs_dir }}" + become: true # incase the dirs created are at root level - name: Setup the bashrc file and the vimrc file block: @@ -113,13 +115,13 @@ copy: remote_src: True src: "{{ useful_files_repo_dir }}/bash/.bashrc" - dest: "{{ dir_home }}" + dest: "{{ basics.home_dir }}" - name: Transfer vimrc edit script copy: remote_src: True src: "{{ useful_files_repo_dir }}/vimmer.sh" - dest: "{{ dir_home }}" + dest: "{{ basics.home_dir }}" mode: "0755" - name: Run vimrc edit script @@ -129,7 +131,7 @@ become: true command: "{{ useful_files_repo_dir }}/vimmer.sh" vars: - useful_files_repo_dir: "{{ dir_repos }}/useful_files" + useful_files_repo_dir: "{{ basics.repos_dir }}/useful_files" - name: "reboot machine: {{ basics.reboot }}" when: "{{ basics.reboot }}" diff --git a/setup.yaml b/setup.yaml index c12e8bc..cf7f419 100644 --- a/setup.yaml +++ b/setup.yaml @@ -7,27 +7,9 @@ shell: "id -u `whoami`" register: uid_output - - name: Get architecture - command: dpkg --print-architecture - register: architecture_output - - name: Set shared facts set_fact: uid: "{{ uid_output.stdout }}" - user: "{{ ansible_user }}" - architecture: "{{ architecture_output.stdout }}" - dir_mount_path: "/data" - dir_home: "/home/{{ ansible_user }}" - dir_data: "/home/{{ ansible_user }}/data" - dir_repos: "/home/{{ ansible_user }}/repos" - dir_data_immich: "/home/{{ ansible_user }}/data/immich" - dir_data_movies: "/home/{{ ansible_user }}/data/movies" - dir_data_shows: "/home/{{ ansible_user }}/data/shows" - dir_data_games: "/home/{{ ansible_user }}/data/games" - dir_data_books: "/home/{{ ansible_user }}/data/books" - dir_data_music: "/home/{{ ansible_user }}/data/music" - dir_data_downloads: "/home/{{ ansible_user }}/data/downloads" - dir_data_configs: "/home/{{ ansible_user }}/data/app-configs" - import_playbook: server-basics.yaml when: diff --git a/work_in_progress_playbooks/install-and-configure-ssl-cloudfare.yaml b/work_in_progress_playbooks/install-and-configure-ssl-cloudfare.yaml deleted file mode 100644 index 7d301dc..0000000 --- a/work_in_progress_playbooks/install-and-configure-ssl-cloudfare.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -- name: Setup SSL for HTTPS using letsencrypt and certbot - hosts: all - gather_facts: false - vars: - dir_cloudfare_config_ini: "{{ dir_home }}/.secrets/certbot/" - name_cloudfare_config_ini: cloudfare.ini - wildcard_domain_name: "*.{{ domain_name }}" - tasks: - - name: Install snapd - become: true - apt: - update_cache: yes - pkg: - - snapd - state: latest - - - name: Update snapd - snap: - name: core - become: true - - - name: Refresh snapd - shell: snap refresh core - become: true - - - name: Install certbot using snapd - snap: - name: certbot - classic: true - become: true - - - name: Link to certbot binaries - shell: ln -sf /snap/bin/certbot /usr/bin/certbot - become: true - - - name: Confirm plugin containment level - shell: "snap set certbot trust-plugin-with-root=ok" - become: true - - - name: Install correct DNS plugin - snap: - name: "certbot-dns-cloudflare" - classic: true - become: true - - - name: Create a directory for secrets - ansible.builtin.file: - path: "{{ dir_cloudfare_config_ini }}" - state: directory - mode: '0755' - - - name: Create config file for cloudfare - copy: - dest: "{{ dir_cloudfare_config_ini }}{{ name_cloudfare_config_ini }}" - content: | - # Cloudflare API token used by Certbot - dns_cloudflare_api_token = {{ cloudflare.api_token }} - mode: 700 - - - name: Install certs - shell: "certbot certonly -d {{ wildcard_domain_name }} --dns-cloudflare --dns-cloudflare-credentials {{ dir_cloudfare_config_ini }}{{ name_cloudfare_config_ini }}" - become: true From f23c87afc89362a150caccaae20ab0b57174eb83 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Tue, 25 Mar 2025 09:01:47 +0000 Subject: [PATCH 54/81] changing home dir permissions will break ssh capabilities using keys: https://unix.stackexchange.com/questions/4484/ssh-prompts-for-password-despite-ssh-copy-id --- server-basics.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/server-basics.yaml b/server-basics.yaml index 2bf0fb1..7f0156d 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -85,10 +85,7 @@ state: directory mode: '0777' with_items: - - "{{ basics.home_dir }}" - "{{ basics.repos_dir }}" - - "{{ vnc.working_dir }}" - - "{{ smb.share_dir }}" - "{{ charts.services.radarr.dir }}" - "{{ charts.services.sonarr.dir }}" - "{{ charts.services.readarr.dir }}" From 542fb625ab132a9be6f08ac5edcddcb41cffd1f3 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Tue, 25 Mar 2025 20:28:29 +0000 Subject: [PATCH 55/81] make all services other than monitoring have persistent config and disable config where not needed (flaresolverr) --- install-charts.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 3358000..00b53fb 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -45,14 +45,11 @@ persistence.shared.enabled=false,\ persistence.shm.enabled=false,\ persistence.temp.enabled=false,\ - persistence.varlogs.enabled=False,\ - persistence.config.enabled=true,\ - persistence.config.size=1Gi" + persistence.varlogs.enabled=false" helm_common_persistence_config: "\ persistence.config.enabled=true,\ - persistence.config.type=hostPath,\ - persistence.config.mountPath=/data/config" + persistence.config.type=hostPath" helm_common_persistence_movies: "\ persistence.movies.enabled=true,\ @@ -368,6 +365,8 @@ {{ helm_common_persistence_books }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ + {{ helm_common_persistence_config }},\ + persistence.config.hostPath={{ charts.services.configs_dir }}/jellyfin,\ securityContext.container.runAsUser=0,\ securityContext.container.privileged=true,\ securityContext.container.runAsNonRoot=false,\ @@ -409,6 +408,8 @@ {{ helm_common_persistence_downloads }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ + {{ helm_common_persistence_config }},\ + persistence.config.hostPath={{ charts.services.configs_dir }}/qbittorrent,\ ingress.main.hosts[0].host='qbittorrent.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=qbittorrent,\ ingress.main.hosts[0].paths[0].service.port=10095" @@ -449,7 +450,8 @@ set_options: "--set \ {{ helm_common_general }},\ {{ helm_common_persistence }},\ - {{ helm_common_resources }}" + {{ helm_common_resources }},\ + persistence.config.enabled=false" - debug: msg: > @@ -729,6 +731,8 @@ {{ helm_common_security_contexts }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ + {{ helm_common_persistence_config }},\ + persistence.config.hostPath={{ charts.services.configs_dir }}/jellyseerr,\ ingress.main.hosts[0].host='jellyseerr.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=jellyseerr,\ ingress.main.hosts[0].paths[0].service.port=5055" @@ -758,6 +762,8 @@ {{ helm_common_persistence }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ + {{ helm_common_persistence_config }},\ + persistence.config.hostPath={{ charts.services.configs_dir }}/librespeed,\ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ ingress.main.hosts[0].host='librespeed.{{ domain_name }}',\ From c8f8f2d84cf6694f2cbd002644301fe62abba25f Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Tue, 25 Mar 2025 20:32:17 +0000 Subject: [PATCH 56/81] missing immich readme section --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 75effec..cf3bb1e 100644 --- a/README.md +++ b/README.md @@ -368,6 +368,10 @@ Use your own server - Give them `Manage Requests` and other permissions for ease where applicable - Go to `Settings -> Users` and give them all `Auto-Approve` and `Auto-Request` Permissions by default for ease. + - ##### Setup Immich + - Just follow onscreen instructions to create an account + - Setup the config as you please from there! + - ##### Setup Ombi - One stop shop for Sonarr/Radarr/Lidarr requests - Get the API keys for Jellyfin, Sonarr and Radarr @@ -431,7 +435,8 @@ Use your own server | samba | proxy | `\\\` or `\\\` | TCP: `139,445`, UDP: `137,138` | `` | | squid | proxy | `:` or `:` | `` | `` | | grafana | Ingress | `grafana.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | - | jellyfin | Ingress | `jellyin.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | jellyfin | Ingress | `jellyfin.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | jellyseerr | Ingress | `jellyseerr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | ombi | Ingress | `ombi.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | prowlarr | Ingress | `prowlarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | bazarr | Ingress | `bazarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | @@ -439,6 +444,7 @@ Use your own server | sonarr | Ingress | `sonarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | readarr | Ingress | `readarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | lidarr | Ingress | `lidarr.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | + | immich | Ingress | `immich.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | librespeed | Ingress | `librespeed.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | calibre-web | Ingress | `calibre-web.` | 30080 (HTTP) / 30443 (HTTPS) | 80 (HTTP) / 443 (HTTPS) | | calibre | LAN | `:30000` (No ingress rules defined) | 30100 | `` | From ff14bcac66d0c5c15e2197bda03fc12641284495 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Tue, 25 Mar 2025 21:18:01 +0000 Subject: [PATCH 57/81] move dir creation to appropriate playbook --- install-charts.yaml | 15 +++++++++++++++ server-basics.yaml | 7 ------- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 00b53fb..47e45ab 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -90,6 +90,21 @@ securityContext.container.runAsGroup=568" tasks: + - name: Create directories + file: + path: "{{ item }}" + state: directory + mode: '0777' + with_items: + - "{{ charts.services.configs_dir }}" + - "{{ charts.services.radarr.dir }}" + - "{{ charts.services.sonarr.dir }}" + - "{{ charts.services.readarr.dir }}" + - "{{ charts.services.lidarr.dir }}" + - "{{ charts.services.immich.dir }}" + - "{{ charts.services.qbittorrent.dir }}" + become: true # incase the dirs created are at root level + - name: Install rancher local-path-provisioner when: charts.services.local_path_provisioner.enabled block: diff --git a/server-basics.yaml b/server-basics.yaml index 7f0156d..1f19bea 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -86,13 +86,6 @@ mode: '0777' with_items: - "{{ basics.repos_dir }}" - - "{{ charts.services.radarr.dir }}" - - "{{ charts.services.sonarr.dir }}" - - "{{ charts.services.readarr.dir }}" - - "{{ charts.services.lidarr.dir }}" - - "{{ charts.services.immich.dir }}" - - "{{ charts.services.qbittorrent.dir }}" - - "{{ charts.services.configs_dir }}" become: true # incase the dirs created are at root level - name: Setup the bashrc file and the vimrc file From 3e5c024ab818f385656cd2256a67553ee54baef9 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Wed, 26 Mar 2025 09:44:57 +0000 Subject: [PATCH 58/81] Update README.md for custom format score --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cf3bb1e..2927077 100644 --- a/README.md +++ b/README.md @@ -234,7 +234,7 @@ Use your own server - Go to ``Settings > Profiles`` - Select all [relevant] profiles and set the following - ``Minimum Custom Format Score`` to ``0`` (sum of the custom formats scores) - - Your new Custom Format's score to be ``-1000`` (something crazy low) + - Your new Custom Format's score to be ``0`` (if the value is lower than the minimum score then downloads will be blocked) - Go to ``Settings > Media Management`` - Make sure ``Use Hardlinks instead of Copy`` is enabled - Readarr specific config @@ -531,4 +531,4 @@ mv ${TMP_DIR}/* ${PV_DIR}/prometheus-db/ ## Network troubleshooting tools -This repo will be of use: https://github.com/nicolaka/netshoot \ No newline at end of file +This repo will be of use: https://github.com/nicolaka/netshoot From a15f55d58a84cf12c206185a86b2badcdc7bf762 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Wed, 26 Mar 2025 21:22:02 +0000 Subject: [PATCH 59/81] Support multiple hostpath mounts into pods to allow using external disks with ease --- README.md | 34 +++++--- group_vars/all | 73 ++++++++++++---- install-charts.yaml | 198 ++++++++++++++++++++++++++++---------------- 3 files changed, 208 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index 2927077..4972576 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,16 @@ Use your own server - You can add `-vvvv` to get more verbose output - #### After the installation + + **REMEMBER**: You can add additional directories for services via the `group_vars` file as well under the `persistence` section. + + ```yaml + - name: spare-disk + host_path: "/mnt/b/downloads" + ``` + + The above section will mount `/mnt/b/downloads` onto the pod as `/data/spare-disk/downloads` + - ##### [OPTIONAL] Setup Fishet - Consider setting up [fishnet](https://github.com/lichess-org/fishnet) to help [Lichess](https://lichess.org/) run game analysis! - Kubernetes installations are also supported and documented [here](https://github.com/lichess-org/fishnet/blob/master/doc/install.md#kubernetes) @@ -118,10 +128,10 @@ Use your own server - Point Jellyfin to use the directories mentioned in the playbooks for shows, movies, music and books. - By default, on the Jellyfin pod, the directories it will be: ``` - /data/shows - /data/movies - /data/music - /data/books + /data/root-disk/shows + /data/root-disk/movies + /data/root-disk/music + /data/root-disk/books ``` - Add any other config required. - Recommend setting up the Open Subtitles plugin which requires creating an account on [their website](https://www.opensubtitles.org/en/?). @@ -157,7 +167,7 @@ Use your own server - Go to ``Tools > Options > Web UI > Authentication`` - Set default download location to one the mentioned directories (or make sure to put it in the right directory when downloading for ease) - Go to ``Tools > Options > Downloads > Default Save Path`` - - Recommend using ``/data/downloads`` + - Recommend using ``/data/root-disk/downloads`` - Set seeding limits - Recommend seeding limits for when seeding ratio hits "0". It is under ``Tools > Options > BitTorrent > Seeding Limits`` - Set torrent download/upload limits @@ -165,7 +175,7 @@ Use your own server - ##### Setup Calibre - Do base setup - - Set folder to be ``/data/books`` and select ``Yes`` for it to rebuild the library if asked. + - Set folder to be ``/data/root-disk/books`` and select ``Yes`` for it to rebuild the library if asked. - Go to ``Preferences > Sharing over the net`` - Check the box for ``Require username and password to access the Content server`` - Check the box for ``Run the server automatically when calibre starts`` @@ -177,7 +187,7 @@ Use your own server - ##### Setup Calibre Web - Default login is ``admin/admin123`` - - Set folder to be ``/data/books`` + - Set folder to be ``/data/root-disk/books`` - To enable web reading, click on ``Admin`` (case sensitive) on the top right - Click on the user, default is ``admin`` - Enable ``Allow ebook viewer`` @@ -212,10 +222,10 @@ Use your own server | Service | Root Directory | |---------|-------------------| - | Readarr | ``/data/books/`` | - | Sonarr | ``/data/shows/`` | - | Radarr | ``/data/movies/`` | - | Lidarr | ``/data/music/`` | + | Readarr | ``/data/root-disk/books/`` | + | Sonarr | ``/data/root-disk/shows/`` | + | Radarr | ``/data/root-disk/movies/`` | + | Lidarr | ``/data/root-disk/music/`` | - Enable renaming - Adjust quality definitions - Go to ``Settings > Quality`` @@ -240,7 +250,7 @@ Use your own server - Readarr specific config - Go to ``Settings > Media Management`` - Add root folder (you cannot edit an existing one) - - Set the path to be ``/data/books/`` + - Set the path to be ``/data/root-disk/books/`` - Enable ``Use Calibre`` options the the following defaults - Calibre host: ``calibre-webserver`` - Calibre port: ``8081`` diff --git a/group_vars/all b/group_vars/all index 36ced3c..9d2d423 100644 --- a/group_vars/all +++ b/group_vars/all @@ -119,7 +119,7 @@ charts: enabled: true # base dir for all immich info, including backups, cache, etc # look at `install-charts.yaml` for more information - dir: "/home/{{ ansible_user }}/data/immich" + host_path: "/home/{{ ansible_user }}/data/downloads" # media client jellyfin: @@ -128,8 +128,17 @@ charts: # torrents qbittorrent: enabled: true - # dir to download files - dir: "/home/{{ ansible_user }}/data/downloads" + + # dirs to download files + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/downloads" + # - name: spare-disk + # host_path: "/mnt/b/downloads" # to bypass cloudflare protection flaresolverr: @@ -142,14 +151,32 @@ charts: # movie monitoring radarr: enabled: true - # dir to store and organise movies - dir: "/home/{{ ansible_user }}/data/movies" + + # dirs to store and organise movies + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/movies" + # - name: spare-disk + # host_path: "/mnt/b/movies" # show monitoring sonarr: enabled: true - # dir to store and organise shows - dir: "/home/{{ ansible_user }}/data/shows" + + # dirs to store and organise shows + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/shows" + # - name: spare-disk + # host_path: "/mnt/b/shows" # subtitle hunting bazarr: @@ -158,22 +185,40 @@ charts: # movie and show interface jellyseerr: enabled: true - + # speed test to server librespeed: enabled: true # book monitoring readarr: - enabled: false - # dir to store and organise books - dir: "/home/{{ ansible_user }}/data/books" + enabled: true + + # dirs to store and organise books + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/books" + # - name: spare-disk + # host_path: "/mnt/b/books" # music monitoring lidarr: - enabled: false - # dir to store and organise music - dir: "/home/{{ ansible_user }}/data/music" + enabled: true + + # dirs to store and organise music + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/music" + # - name: spare-disk + # host_path: "/mnt/b/music" # book client calibre_web: diff --git a/install-charts.yaml b/install-charts.yaml index 47e45ab..725ca7d 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -51,36 +51,6 @@ persistence.config.enabled=true,\ persistence.config.type=hostPath" - helm_common_persistence_movies: "\ - persistence.movies.enabled=true,\ - persistence.movies.type=hostPath,\ - persistence.movies.mountPath=/data/movies,\ - persistence.movies.hostPath={{ charts.services.radarr.dir }}" - - helm_common_persistence_shows: "\ - persistence.shows.enabled=true,\ - persistence.shows.type=hostPath,\ - persistence.shows.mountPath=/data/shows,\ - persistence.shows.hostPath={{ charts.services.sonarr.dir }}" - - helm_common_persistence_books: "\ - persistence.books.enabled=true,\ - persistence.books.type=hostPath,\ - persistence.books.mountPath=/data/books,\ - persistence.books.hostPath={{ charts.services.readarr.dir }}" - - helm_common_persistence_music: "\ - persistence.music.enabled=true,\ - persistence.music.type=hostPath,\ - persistence.music.mountPath=/data/music,\ - persistence.music.hostPath={{ charts.services.lidarr.dir }}" - - helm_common_persistence_downloads: "\ - persistence.downloads.enabled=true,\ - persistence.downloads.type=hostPath,\ - persistence.downloads.mountPath=/data/downloads,\ - persistence.downloads.hostPath={{ charts.services.qbittorrent.dir }}" - # readOnlyRootFilesystem=false is needed for the app to be able to take # backups in /config/Backups # runAsUser={{ uid }} gives write access on the pod @@ -90,20 +60,106 @@ securityContext.container.runAsGroup=568" tasks: - - name: Create directories - file: - path: "{{ item }}" - state: directory - mode: '0777' - with_items: - - "{{ charts.services.configs_dir }}" - - "{{ charts.services.radarr.dir }}" - - "{{ charts.services.sonarr.dir }}" - - "{{ charts.services.readarr.dir }}" - - "{{ charts.services.lidarr.dir }}" - - "{{ charts.services.immich.dir }}" - - "{{ charts.services.qbittorrent.dir }}" - become: true # incase the dirs created are at root level + + - name: Process variable to add disks + block: + - name: "Create host path dir {{ item.host_path }}" + file: + path: "{{ item.host_path }}" + state: directory + mode: '0777' + become: true # incase the dirs are created at root level + loop: "{{ charts.services.radarr.persistence }}" + - name: Set facts + set_fact: + helm_common_persistence_movies: >- + {{- helm_common_persistence_movies | default('') + + 'persistence.movies-' + item.name + '.enabled=true,' + + 'persistence.movies-' + item.name + '.type=hostPath,' + + 'persistence.movies-' + item.name + '.hostPath=' + item.host_path + ',' + + 'persistence.movies-' + item.name + '.mountPath=/data/' + item.name + '/movies,' + -}} + loop: "{{ charts.services.radarr.persistence }}" + + - name: Process variable to add disks + block: + - name: "Create host path dir {{ item.host_path }}" + file: + path: "{{ item.host_path }}" + state: directory + mode: '0777' + become: true # incase the dirs are created at root level + loop: "{{ charts.services.sonarr.persistence }}" + - name: Set facts + set_fact: + helm_common_persistence_shows: >- + {{- helm_common_persistence_shows | default('') + + 'persistence.shows-' + item.name + '.enabled=true,' + + 'persistence.shows-' + item.name + '.type=hostPath,' + + 'persistence.shows-' + item.name + '.hostPath=' + item.host_path + ',' + + 'persistence.shows-' + item.name + '.mountPath=/data/' + item.name + '/shows,' + -}} + loop: "{{ charts.services.sonarr.persistence }}" + + - name: Process variable to add disks + block: + - name: "Create host path dir {{ item.host_path }}" + file: + path: "{{ item.host_path }}" + state: directory + mode: '0777' + become: true # incase the dirs are created at root level + loop: "{{ charts.services.readarr.persistence }}" + - name: Set facts + set_fact: + helm_common_persistence_books: >- + {{- helm_common_persistence_books | default('') + + 'persistence.books-' + item.name + '.enabled=true,' + + 'persistence.books-' + item.name + '.type=hostPath,' + + 'persistence.books-' + item.name + '.hostPath=' + item.host_path + ',' + + 'persistence.books-' + item.name + '.mountPath=/data/' + item.name + '/books,' + -}} + loop: "{{ charts.services.readarr.persistence }}" + + - name: Process variable to add disks + block: + - name: "Create host path dir {{ item.host_path }}" + file: + path: "{{ item.host_path }}" + state: directory + mode: '0777' + become: true # incase the dirs are created at root level + loop: "{{ charts.services.lidarr.persistence }}" + - name: Set facts + set_fact: + helm_common_persistence_music: >- + {{- helm_common_persistence_music | default('') + + 'persistence.music-' + item.name + '.enabled=true,' + + 'persistence.music-' + item.name + '.type=hostPath,' + + 'persistence.music-' + item.name + '.hostPath=' + item.host_path + ',' + + 'persistence.music-' + item.name + '.mountPath=/data/' + item.name + '/music,' + -}} + loop: "{{ charts.services.lidarr.persistence }}" + + - name: Process variable to add disks + block: + - name: "Create host path dir {{ item.host_path }}" + file: + path: "{{ item.host_path }}" + state: directory + mode: '0777' + become: true # incase the dirs are created at root level + loop: "{{ charts.services.qbittorrent.persistence }}" + - name: Set facts + set_fact: + helm_common_persistence_downloads: >- + {{- helm_common_persistence_downloads | default('') + + 'persistence.downloads-' + item.name + '.enabled=true,' + + 'persistence.downloads-' + item.name + '.type=hostPath,' + + 'persistence.downloads-' + item.name + '.hostPath=' + item.host_path + ',' + + 'persistence.downloads-' + item.name + '.mountPath=/data/' + item.name + '/downloads,' + -}} + loop: "{{ charts.services.qbittorrent.persistence }}" - name: Install rancher local-path-provisioner when: charts.services.local_path_provisioner.enabled @@ -319,28 +375,28 @@ {{ helm_common_ingress }},\ persistence.mlcache.enabled=true,\ persistence.mlcache.type=hostPath,\ - persistence.mlcache.hostPath={{ charts.services.immich.dir }}/mlcache,\ + persistence.mlcache.hostPath={{ charts.services.immich.host_path }}/mlcache,\ persistence.microcache.enabled=true,\ persistence.microcache.type=hostPath,\ - persistence.microcache.hostPath={{ charts.services.immich.dir }}/microcache,\ + persistence.microcache.hostPath={{ charts.services.immich.host_path }}/microcache,\ persistence.library.enabled=true,\ persistence.library.type=hostPath,\ - persistence.library.hostPath={{ charts.services.immich.dir }}/library,\ + persistence.library.hostPath={{ charts.services.immich.host_path }}/library,\ persistence.uploads.enabled=true,\ persistence.uploads.type=hostPath,\ - persistence.uploads.hostPath={{ charts.services.immich.dir }}/uploads,\ + persistence.uploads.hostPath={{ charts.services.immich.host_path }}/uploads,\ persistence.backups.enabled=true,\ persistence.backups.type=hostPath,\ - persistence.backups.hostPath={{ charts.services.immich.dir }}/backups,\ + persistence.backups.hostPath={{ charts.services.immich.host_path }}/backups,\ persistence.thumbs.enabled=true,\ persistence.thumbs.type=hostPath,\ - persistence.thumbs.hostPath={{ charts.services.immich.dir }}/thumbs,\ + persistence.thumbs.hostPath={{ charts.services.immich.host_path }}/thumbs,\ persistence.profile.enabled=true,\ persistence.profile.type=hostPath,\ - persistence.profile.hostPath={{ charts.services.immich.dir }}/profile,\ + persistence.profile.hostPath={{ charts.services.immich.host_path }}/profile,\ persistence.video.enabled=true,\ persistence.video.type=hostPath,\ - persistence.video.hostPath={{ charts.services.immich.dir }}/encoded-video,\ + persistence.video.hostPath={{ charts.services.immich.host_path }}/encoded-video,\ securityContext.container.runAsUser=0,\ securityContext.container.privileged=true,\ securityContext.container.runAsNonRoot=false,\ @@ -374,10 +430,10 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_shows }},\ - {{ helm_common_persistence_movies }},\ - {{ helm_common_persistence_music }},\ - {{ helm_common_persistence_books }},\ + {{ helm_common_persistence_shows }}\ + {{ helm_common_persistence_movies }}\ + {{ helm_common_persistence_music }}\ + {{ helm_common_persistence_books }}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ @@ -420,7 +476,7 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_downloads }},\ + {{ helm_common_persistence_downloads }}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ @@ -529,8 +585,8 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_movies }},\ - {{ helm_common_persistence_downloads }},\ + {{ helm_common_persistence_movies }}\ + {{ helm_common_persistence_downloads }}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ @@ -568,8 +624,8 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_shows }},\ - {{ helm_common_persistence_downloads }},\ + {{ helm_common_persistence_shows }}\ + {{ helm_common_persistence_downloads }}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ @@ -607,8 +663,8 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_shows }},\ - {{ helm_common_persistence_movies }},\ + {{ helm_common_persistence_shows }}\ + {{ helm_common_persistence_movies }}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ @@ -646,8 +702,8 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_books }},\ - {{ helm_common_persistence_downloads }},\ + {{ helm_common_persistence_books }}\ + {{ helm_common_persistence_downloads }}}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ @@ -684,8 +740,8 @@ {{ helm_common_general }},\ {{ helm_common_persistence }},\ {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_music }},\ - {{ helm_common_persistence_downloads }},\ + {{ helm_common_persistence_music }}\ + {{ helm_common_persistence_downloads }}}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ {{ helm_common_persistence_config }},\ @@ -806,8 +862,8 @@ set_options: "--set \ {{ helm_common_general }},\ {{ helm_common_persistence }},\ - {{ helm_common_persistence_books }},\ - {{ helm_common_persistence_downloads }},\ + {{ helm_common_persistence_books }}\ + {{ helm_common_persistence_downloads }}}\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ securityContext.container.PUID=\"{{ uid }}\",\ @@ -841,8 +897,8 @@ set_options: "--set \ {{ helm_common_general }},\ {{ helm_common_persistence }},\ - {{ helm_common_persistence_books }},\ - {{ helm_common_persistence_downloads }},\ + {{ helm_common_persistence_books }}\ + {{ helm_common_persistence_downloads }}}\ {{ helm_common_resources }},\ securityContext.container.PUID=\"{{ uid }}\",\ securityContext.container.PGID=\"568\",\ From fdb31c05bba5a63ee820e9a751ddf945b3896f30 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Wed, 26 Mar 2025 23:31:48 +0000 Subject: [PATCH 60/81] Update README.md quality updates --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4972576..61243d0 100644 --- a/README.md +++ b/README.md @@ -234,7 +234,7 @@ Use your own server - For movies and shows, ``2-3GiB/h`` would usually be sufficient as the ``Preferred`` value, and you can leave the ``Max`` value a bit higher to ensure a better chance of download grabs - Min: 0 - Preferred: 30 - - Max: 2000 + - Max: 70 (you can also use 2000 but you might get bigger files more often) - Radarr/Sonarr specific config - **[EXPERIMENTAL]** Enforce downloads of original language media only - Go to ``Settings > Custom Formats`` From 409dac74a5be859dcaef11538e6bcc5325b75e62 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Thu, 27 Mar 2025 08:16:36 +0000 Subject: [PATCH 61/81] Update README.md for completed downloads handling and seeding update --- README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 61243d0..5f990a4 100644 --- a/README.md +++ b/README.md @@ -169,9 +169,9 @@ Use your own server - Go to ``Tools > Options > Downloads > Default Save Path`` - Recommend using ``/data/root-disk/downloads`` - Set seeding limits - - Recommend seeding limits for when seeding ratio hits "0". It is under ``Tools > Options > BitTorrent > Seeding Limits`` + - Recommend seeding limits for when seeding ratio hits "1" to give back to the community. It is under ``Tools > Options > BitTorrent > Seeding Limits`` - Set torrent download/upload limits - - Recommended to keep 12 active torrents/downloads and 0 uploads. It is under ``Tools > Options > BitTorrent > Torrent Queueing`` + - Recommended to keep 12 active torrents, 6 downloads and 6 uploads. It is under ``Tools > Options > BitTorrent > Torrent Queueing`` - ##### Setup Calibre - Do base setup @@ -215,8 +215,9 @@ Use your own server - Add the port: ``10095`` - Add the username: ```` - Add the password: ```` - - Uncheck the ``Remove Completed`` option. - - When enabled, this seems to delete the downloaded files sometimes. Not sure why. + - Enable the ``Remove Completed`` option. + - This will copy the download from the downloads directory to the destination directory for the service. Once the seeding limits are reached, it will delete the torrent and its files from the downloads directory. + - More information on [sonarrs's wiki page](https://wiki.servarr.com/sonarr/settings#Torrent_Process) and [radarr's wiki page](https://wiki.servarr.com/radarr/settings#Torrent_Process) under `Remove Completed Downloads`. They should all have the same idea though. - Set the root directories to be the following - Go to ``Settings > Media Management`` @@ -235,6 +236,8 @@ Use your own server - Min: 0 - Preferred: 30 - Max: 70 (you can also use 2000 but you might get bigger files more often) + - Go to ``Settings > Media Management`` + - If present, make sure ``Use Hardlinks instead of Copy`` is enabled - Radarr/Sonarr specific config - **[EXPERIMENTAL]** Enforce downloads of original language media only - Go to ``Settings > Custom Formats`` @@ -245,8 +248,6 @@ Use your own server - Select all [relevant] profiles and set the following - ``Minimum Custom Format Score`` to ``0`` (sum of the custom formats scores) - Your new Custom Format's score to be ``0`` (if the value is lower than the minimum score then downloads will be blocked) - - Go to ``Settings > Media Management`` - - Make sure ``Use Hardlinks instead of Copy`` is enabled - Readarr specific config - Go to ``Settings > Media Management`` - Add root folder (you cannot edit an existing one) From 41d04da0bbe142227f2d8b45a9199cfb251ee87b Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Thu, 27 Mar 2025 22:53:36 +0000 Subject: [PATCH 62/81] Update server-basics.yaml to remove pyyaml as kubernetes will already install it --- server-basics.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server-basics.yaml b/server-basics.yaml index 1f19bea..5819230 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -66,10 +66,10 @@ - tmux # terminal mulitplexor to mainly allow you to create a re-attachable session on the server. Google for more info on how to use - smartmontools # to be able to use smartctl to get SMART data about storage devices - hwinfo # hardware info + - name: Install pyyaml python package ansible.builtin.pip: name: - - pyyaml - kubernetes - name: Install kubectx/kubens From 138ad1424312fd10b1243f1a53b36d9838b7d65c Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Thu, 27 Mar 2025 23:18:33 +0000 Subject: [PATCH 63/81] fixes #27 by introducing venvs for the k8s tasks that works off of the kubernetes pip module --- install-charts.yaml | 60 ++++++++++++++++++++++++++++----------------- server-basics.yaml | 6 +---- 2 files changed, 39 insertions(+), 27 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 725ca7d..5c9885c 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -312,29 +312,45 @@ grafana.ingress.hosts[0]=grafana.{{ domain_name }}" - name: Setup plugins for Grafana - block: - - name: Search for all Pods labelled app.kubernetes.io/name=grafana - kubernetes.core.k8s_info: - kind: Pod - label_selectors: - - app.kubernetes.io/name = grafana - register: output - - - name: Install piechart panel plugin for Grafana - kubernetes.core.k8s_exec: - namespace: "{{ namespace_monitoring }}" - pod: "{{ output.resources[0].metadata.name }}" - container: grafana - command: grafana cli plugins install grafana-piechart-panel - ignore_errors: True - - - name: Restart pods to pick up any config updates - include_tasks: tasks-kubernetes-delete-kind-instances.yaml vars: - kind: pod - namespace: "{{ namespace_monitoring }}" - contains: kube-prometheus-stack - + venv_dir: "{{ basics.home_dir }}/.ansible-grafana-venv" + venv_python: "{{ venv_dir }}/bin/python3" + block: + - name: Generate a virtual env with dependencies + pip: + name: + - kubernetes + virtualenv: "{{ venv_dir }}" + # On Debian-based systems the correct python*-venv package must + # be installed to use the `venv` module. + virtualenv_command: "python3 -m venv" + + - name: Search for all Pods labelled app.kubernetes.io/name=grafana + vars: + ansible_python_interpreter: "{{ venv_python }}" + kubernetes.core.k8s_info: + kind: Pod + label_selectors: + - app.kubernetes.io/name = grafana + register: output + + - name: Install piechart panel plugin for Grafana + vars: + ansible_python_interpreter: "{{ venv_python }}" + kubernetes.core.k8s_exec: + namespace: "{{ namespace_monitoring }}" + pod: "{{ output.resources[0].metadata.name }}" + container: grafana + command: grafana cli plugins install grafana-piechart-panel + ignore_errors: True + + - name: Restart pods to pick up any config updates + include_tasks: tasks-kubernetes-delete-kind-instances.yaml + vars: + kind: pod + namespace: "{{ namespace_monitoring }}" + contains: kube-prometheus-stack + - debug: msg: > You can log into Grafana at 'grafana.{{ domain_name }}' using diff --git a/server-basics.yaml b/server-basics.yaml index 5819230..bfdf3ce 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -66,11 +66,7 @@ - tmux # terminal mulitplexor to mainly allow you to create a re-attachable session on the server. Google for more info on how to use - smartmontools # to be able to use smartctl to get SMART data about storage devices - hwinfo # hardware info - - - name: Install pyyaml python package - ansible.builtin.pip: - name: - - kubernetes + - python3-venv # to create venvs for pip installs - name: Install kubectx/kubens # https://github.com/ahmetb/kubectx From 8c8e1a70049676aa6132dc3db17f77c86b5bcf06 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Mar 2025 22:25:10 +0000 Subject: [PATCH 64/81] bugfix - config dirs were not created for all relevant services in the playbook --- install-charts.yaml | 43 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 5c9885c..9681953 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -60,10 +60,16 @@ securityContext.container.runAsGroup=568" tasks: + - name: "Create host path dir for config" + file: + path: "{{ charts.services.configs_dir }}" + state: directory + mode: '0777' + become: true # incase the dirs are created at root level - name: Process variable to add disks block: - - name: "Create host path dir {{ item.host_path }}" + - name: "Create host path dir" file: path: "{{ item.host_path }}" state: directory @@ -83,7 +89,7 @@ - name: Process variable to add disks block: - - name: "Create host path dir {{ item.host_path }}" + - name: "Create host path dir" file: path: "{{ item.host_path }}" state: directory @@ -103,7 +109,7 @@ - name: Process variable to add disks block: - - name: "Create host path dir {{ item.host_path }}" + - name: "Create host path dir" file: path: "{{ item.host_path }}" state: directory @@ -123,7 +129,7 @@ - name: Process variable to add disks block: - - name: "Create host path dir {{ item.host_path }}" + - name: "Create host path dir" file: path: "{{ item.host_path }}" state: directory @@ -143,7 +149,7 @@ - name: Process variable to add disks block: - - name: "Create host path dir {{ item.host_path }}" + - name: "Create host path dir" file: path: "{{ item.host_path }}" state: directory @@ -389,6 +395,7 @@ {{ helm_common_security_contexts }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ + persistence.config.hostPath={{ charts.services.configs_dir }}/immich,\ persistence.mlcache.enabled=true,\ persistence.mlcache.type=hostPath,\ persistence.mlcache.hostPath={{ charts.services.immich.host_path }}/mlcache,\ @@ -428,6 +435,12 @@ - name: Install jellyfin when: charts.services.jellyfin.enabled block: + - name: Create config directory on hostpath for jellyfin + file: + path: "{{ charts.services.configs_dir }}/jellyfin" + state: directory + mode: '0777' + - name: Install/Upgrade the jellyfin chart include_tasks: tasks-install-chart.yaml vars: @@ -479,6 +492,12 @@ - name: Install qbittorrent when: charts.services.qbittorrent.enabled block: + - name: Create config directory on hostpath for qbittorrent + file: + path: "{{ charts.services.configs_dir }}/qbittorrent" + state: directory + mode: '0777' + - name: Install/Upgrade the qbittorrent chart include_tasks: tasks-install-chart.yaml vars: @@ -775,6 +794,12 @@ - name: Install ombi when: charts.services.ombi.enabled block: + - name: Create config directory on hostpath for ombi + file: + path: "{{ charts.services.configs_dir }}/ombi" + state: directory + mode: '0777' + - name: Install/Upgrade the ombi chart include_tasks: tasks-install-chart.yaml vars: @@ -790,6 +815,8 @@ {{ helm_common_security_contexts }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ + {{ helm_common_persistence_config }},\ + persistence.config.hostPath={{ charts.services.configs_dir }}/ombi,\ ingress.main.hosts[0].host='ombi.{{ domain_name }}',\ ingress.main.hosts[0].paths[0].service.name=ombi,\ ingress.main.hosts[0].paths[0].service.port=3579" @@ -803,6 +830,12 @@ - name: Install jellyseerr when: charts.services.jellyseerr.enabled block: + - name: Create config directory on hostpath for jellyseerr + file: + path: "{{ charts.services.configs_dir }}/jellyseerr" + state: directory + mode: '0777' + - name: Install/Upgrade the jellyseerr chart include_tasks: tasks-install-chart.yaml vars: From ff3e7c481155dce51fd867c8e8bafe56160fd50f Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Mar 2025 22:31:03 +0000 Subject: [PATCH 65/81] bugfix - create venv for the whole install charts playbook --- install-charts.yaml | 76 ++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 9681953..e227947 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -59,7 +59,19 @@ securityContext.container.runAsUser={{ uid }},\ securityContext.container.runAsGroup=568" + venv_dir: "{{ basics.home_dir }}/.venv-install-charts" + venv_python: "{{ venv_dir }}/bin/python3" + tasks: + - name: Generate a virtual env with dependences for playbook + pip: + name: + - kubernetes + virtualenv: "{{ venv_dir }}" + # On Debian-based systems the correct python*-venv package must + # be installed to use the `venv` module. + virtualenv_command: "python3 -m venv" + - name: "Create host path dir for config" file: path: "{{ charts.services.configs_dir }}" @@ -317,45 +329,31 @@ grafana.ingress.ingressClassName=nginx,\ grafana.ingress.hosts[0]=grafana.{{ domain_name }}" - - name: Setup plugins for Grafana + - name: Search for all Pods labelled app.kubernetes.io/name=grafana + vars: + ansible_python_interpreter: "{{ venv_python }}" + kubernetes.core.k8s_info: + kind: Pod + label_selectors: + - app.kubernetes.io/name = grafana + register: output + + - name: Install piechart panel plugin for Grafana vars: - venv_dir: "{{ basics.home_dir }}/.ansible-grafana-venv" - venv_python: "{{ venv_dir }}/bin/python3" - block: - - name: Generate a virtual env with dependencies - pip: - name: - - kubernetes - virtualenv: "{{ venv_dir }}" - # On Debian-based systems the correct python*-venv package must - # be installed to use the `venv` module. - virtualenv_command: "python3 -m venv" - - - name: Search for all Pods labelled app.kubernetes.io/name=grafana - vars: - ansible_python_interpreter: "{{ venv_python }}" - kubernetes.core.k8s_info: - kind: Pod - label_selectors: - - app.kubernetes.io/name = grafana - register: output - - - name: Install piechart panel plugin for Grafana - vars: - ansible_python_interpreter: "{{ venv_python }}" - kubernetes.core.k8s_exec: - namespace: "{{ namespace_monitoring }}" - pod: "{{ output.resources[0].metadata.name }}" - container: grafana - command: grafana cli plugins install grafana-piechart-panel - ignore_errors: True - - - name: Restart pods to pick up any config updates - include_tasks: tasks-kubernetes-delete-kind-instances.yaml - vars: - kind: pod - namespace: "{{ namespace_monitoring }}" - contains: kube-prometheus-stack + ansible_python_interpreter: "{{ venv_python }}" + kubernetes.core.k8s_exec: + namespace: "{{ namespace_monitoring }}" + pod: "{{ output.resources[0].metadata.name }}" + container: grafana + command: grafana cli plugins install grafana-piechart-panel + ignore_errors: True + + - name: Restart pods to pick up any config updates + include_tasks: tasks-kubernetes-delete-kind-instances.yaml + vars: + kind: pod + namespace: "{{ namespace_monitoring }}" + contains: kube-prometheus-stack - debug: msg: > @@ -521,6 +519,8 @@ ingress.main.hosts[0].paths[0].service.port=10095" - name: Search for qbittorent pod + vars: + ansible_python_interpreter: "{{ venv_python }}" kubernetes.core.k8s_info: kind: Pod label_selectors: From 11738acb2ea50f691877a65d6c513baeb6d66018 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Mar 2025 23:01:35 +0000 Subject: [PATCH 66/81] bugfix missing immich config --- install-charts.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/install-charts.yaml b/install-charts.yaml index e227947..2a321ed 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -393,6 +393,7 @@ {{ helm_common_security_contexts }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ + {{ helm_common_persistence_config }},\ persistence.config.hostPath={{ charts.services.configs_dir }}/immich,\ persistence.mlcache.enabled=true,\ persistence.mlcache.type=hostPath,\ From 22fe8541a29f2f96f110faac60efba4f164c8fd4 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Mar 2025 23:04:24 +0000 Subject: [PATCH 67/81] wrap reboot --- server-basics.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/server-basics.yaml b/server-basics.yaml index bfdf3ce..537ba24 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -120,6 +120,9 @@ useful_files_repo_dir: "{{ basics.repos_dir }}/useful_files" - name: "reboot machine: {{ basics.reboot }}" + block: + # nested because conditions dont work in this task + - name: reboot + reboot: + become: true when: "{{ basics.reboot }}" - become: true - reboot: From 10b5728a53324ec8793d0b375f7e2b976dac844c Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Mar 2025 23:10:08 +0000 Subject: [PATCH 68/81] immich doesnt need config --- install-charts.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/install-charts.yaml b/install-charts.yaml index 2a321ed..0e1c2d8 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -393,8 +393,6 @@ {{ helm_common_security_contexts }},\ {{ helm_common_resources }},\ {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/immich,\ persistence.mlcache.enabled=true,\ persistence.mlcache.type=hostPath,\ persistence.mlcache.hostPath={{ charts.services.immich.host_path }}/mlcache,\ From f1b9d2700b865c48dd7eb36fb9d8ed807d9714df Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Mar 2025 23:24:53 +0000 Subject: [PATCH 69/81] sudo config dir creation with 777 --- install-charts.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/install-charts.yaml b/install-charts.yaml index 0e1c2d8..efe136d 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -437,6 +437,7 @@ path: "{{ charts.services.configs_dir }}/jellyfin" state: directory mode: '0777' + become: true - name: Install/Upgrade the jellyfin chart include_tasks: tasks-install-chart.yaml @@ -494,6 +495,7 @@ path: "{{ charts.services.configs_dir }}/qbittorrent" state: directory mode: '0777' + become: true - name: Install/Upgrade the qbittorrent chart include_tasks: tasks-install-chart.yaml @@ -570,6 +572,7 @@ path: "{{ charts.services.configs_dir }}/prowlarr" state: directory mode: '0777' + become: true - name: Install/Upgrade the prowlarr chart include_tasks: tasks-install-chart.yaml @@ -605,6 +608,7 @@ path: "{{ charts.services.configs_dir }}/radarr" state: directory mode: '0777' + become: true - name: Install/Upgrade the radarr chart include_tasks: tasks-install-chart.yaml @@ -644,6 +648,7 @@ path: "{{ charts.services.configs_dir }}/sonarr" state: directory mode: '0777' + become: true - name: Install/Upgrade the sonarr chart include_tasks: tasks-install-chart.yaml @@ -683,6 +688,7 @@ path: "{{ charts.services.configs_dir }}/bazarr" state: directory mode: '0777' + become: true - name: Install/Upgrade the bazarr chart include_tasks: tasks-install-chart.yaml @@ -722,6 +728,7 @@ path: "{{ charts.services.configs_dir }}/readarr" state: directory mode: '0777' + become: true - name: Install/Upgrade the readarr chart include_tasks: tasks-install-chart.yaml @@ -760,6 +767,7 @@ path: "{{ charts.services.configs_dir }}/lidarr" state: directory mode: '0777' + become: true - name: Install/Upgrade the lidarr chart include_tasks: tasks-install-chart.yaml @@ -798,6 +806,7 @@ path: "{{ charts.services.configs_dir }}/ombi" state: directory mode: '0777' + become: true - name: Install/Upgrade the ombi chart include_tasks: tasks-install-chart.yaml @@ -834,6 +843,7 @@ path: "{{ charts.services.configs_dir }}/jellyseerr" state: directory mode: '0777' + become: true - name: Install/Upgrade the jellyseerr chart include_tasks: tasks-install-chart.yaml From a87a243f5c3f8d7174d5565cfe5d9de2089594b3 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Fri, 28 Mar 2025 23:52:51 +0000 Subject: [PATCH 70/81] generate inventory entries for kubespray based on hosts.yaml file - all entries from hosts.yaml become control plane and worker nodes for kubespray --- install-kubernetes-kubespray.yaml | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml index 44241f1..3b2e711 100644 --- a/install-kubernetes-kubespray.yaml +++ b/install-kubernetes-kubespray.yaml @@ -21,24 +21,33 @@ block: - name: setup inventory.ini block: - - name: create inventory file + - name: generate inventories entry + set_fact: + inventory_entries: > + {{- inventory_entries | default('') + + item + ' etcd_member_name=' + '"' + 'etcd' + my_idx|string + '"' + + ' ansible_host=' + '"' + hostvars[item].ansible_host + '"' + + ' ansible_port=' + '"' + hostvars[item].ansible_port|string + '"' + + ' ansible_user=' + '"' + hostvars[item].ansible_user + '"' + + ' ansible_sudo_pass=' + '"' + hostvars[item].ansible_sudo_pass + '"' + -}} + loop: "{{ query('inventory_hostnames', 'all') }}" + loop_control: + index_var: my_idx + + - name: populate inventory file copy: dest: "{{ kubespray_inventory_ini }}" content: | [all:vars] ansible_connection=ssh ansible_become_user=root - ansible_host={{ hostvars['home-main'].ansible_host }} - ansible_port={{ hostvars['home-main'].ansible_port }} - ansible_ssh_user={{ hostvars['home-main'].ansible_user }} - ansible_user={{ hostvars['home-main'].ansible_user }} - ansible_sudo_pass={{ hostvars['home-main'].ansible_sudo_pass }} [kube_control_plane] - home-main etcd_member_name=etcd1 + {{ inventory_entries }} [kube_node] - home-main etcd_member_name=etcd1 + {{ inventory_entries }} [etcd:children] kube_control_plane From 871c74773e34eb48fe3999f75d471240f2bbd08b Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 29 Mar 2025 00:19:00 +0000 Subject: [PATCH 71/81] cleanup reboot --- server-basics.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/server-basics.yaml b/server-basics.yaml index 537ba24..797ad32 100644 --- a/server-basics.yaml +++ b/server-basics.yaml @@ -119,10 +119,7 @@ vars: useful_files_repo_dir: "{{ basics.repos_dir }}/useful_files" - - name: "reboot machine: {{ basics.reboot }}" - block: - # nested because conditions dont work in this task - - name: reboot - reboot: - become: true - when: "{{ basics.reboot }}" + - name: reboot + reboot: + become: true + when: basics.reboot From 6030e13701fa09bd5d54aab91d5a472c735dda62 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 29 Mar 2025 00:59:54 +0000 Subject: [PATCH 72/81] README update for language profile --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5f990a4..2e897d5 100644 --- a/README.md +++ b/README.md @@ -239,6 +239,8 @@ Use your own server - Go to ``Settings > Media Management`` - If present, make sure ``Use Hardlinks instead of Copy`` is enabled - Radarr/Sonarr specific config + - Go to ``Settings > Profiles`` + - If present, for all relevant profiles (or just all of them), set the `Language` for the profile to be `Original` (or whatever language you prefer it to be instead) to download the media in that specific language. - **[EXPERIMENTAL]** Enforce downloads of original language media only - Go to ``Settings > Custom Formats`` - Add a new Custom Format with ``Language`` Condition From 20d002dc8d27960045b1ff402e9f26f8ff60b712 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 29 Mar 2025 01:03:27 +0000 Subject: [PATCH 73/81] fix backticks in README --- README.md | 160 +++++++++++++++++++++++++++--------------------------- 1 file changed, 80 insertions(+), 80 deletions(-) diff --git a/README.md b/README.md index 2e897d5..1da781d 100644 --- a/README.md +++ b/README.md @@ -135,28 +135,28 @@ Use your own server ``` - Add any other config required. - Recommend setting up the Open Subtitles plugin which requires creating an account on [their website](https://www.opensubtitles.org/en/?). - - For Hardware acceleration go to ``Admin > Dashboard > Playback`` - - Enable ``Hardware acceleration`` - - Select ``Video Acceleration API (VAAPI)`` which is setup already to use the **integrated Intel GPU**. Not tested with anything else (like a dedicated AMD/Nvidea GPU) + - For Hardware acceleration go to `Admin > Dashboard > Playback` + - Enable `Hardware acceleration` + - Select `Video Acceleration API (VAAPI)` which is setup already to use the **integrated Intel GPU**. Not tested with anything else (like a dedicated AMD/Nvidea GPU) - You should see CPU usage drop and GPU usage go up, disable it if you dont or troubleshoot. - - You can use the ``intel-gpu-tools`` package to monitor (notice GPU usage when hardware encoding is enabled, and no GPU usage when it is disabled) at least the intel GPU by running the command below on the host: - ``sudo intel_gpu_top`` + - You can use the `intel-gpu-tools` package to monitor (notice GPU usage when hardware encoding is enabled, and no GPU usage when it is disabled) at least the intel GPU by running the command below on the host: + `sudo intel_gpu_top` - Select the formats for which hardware acceleration should be enabled - - Recommend not selecting ```HEVC 10bit``` because for some reason that breaks it + - Recommend not selecting `HEVC 10bit` because for some reason that breaks it - Defaults to CPU/software encoding if hardware acceleration does not work for a file, I think. - More infomarmation on their [Jellyfin's page for Hardware Acceleration](https://jellyfin.org/docs/general/administration/hardware-acceleration.html) - Add any plugins you may want - [Trackt](https://trakt.tv/dashboard) - To track the shows you watch - Create a Trackt account - - Go to ``Admin > Dashboard > Plugins > Catalogue`` + - Go to `Admin > Dashboard > Plugins > Catalogue` - Enable Trackt - Restart Jellyfin (Shutdown server from the `Dashboard` and k8s will restart, or delete the pod) - - Go to ``Admin > Dashboard > Plugins > Trackt`` + - Go to `Admin > Dashboard > Plugins > Trackt` - Select the user - `Authorize Device` - Follow onscreen instructions - - Go to ``Admin > Dashboard > Scheduled Tasks > Trackt`` + - Go to `Admin > Dashboard > Scheduled Tasks > Trackt` - Create a daily scheduled task for importing data from and exporting data to tract.tv - ##### Setup qBittorrent @@ -164,33 +164,33 @@ Use your own server - Look for the substring `You can log into qBittorrent` in the logs to find the creds in the form `admin/` - If `` is not seen, that means that a password was found to be set already and that a randomly generated password was not used. Please try to remeber the password or reinstall to override configuration to use default passwords again. - Change the default login details - - Go to ``Tools > Options > Web UI > Authentication`` + - Go to `Tools > Options > Web UI > Authentication` - Set default download location to one the mentioned directories (or make sure to put it in the right directory when downloading for ease) - - Go to ``Tools > Options > Downloads > Default Save Path`` - - Recommend using ``/data/root-disk/downloads`` + - Go to `Tools > Options > Downloads > Default Save Path` + - Recommend using `/data/root-disk/downloads` - Set seeding limits - - Recommend seeding limits for when seeding ratio hits "1" to give back to the community. It is under ``Tools > Options > BitTorrent > Seeding Limits`` + - Recommend seeding limits for when seeding ratio hits "1" to give back to the community. It is under `Tools > Options > BitTorrent > Seeding Limits` - Set torrent download/upload limits - - Recommended to keep 12 active torrents, 6 downloads and 6 uploads. It is under ``Tools > Options > BitTorrent > Torrent Queueing`` + - Recommended to keep 12 active torrents, 6 downloads and 6 uploads. It is under `Tools > Options > BitTorrent > Torrent Queueing` - ##### Setup Calibre - Do base setup - - Set folder to be ``/data/root-disk/books`` and select ``Yes`` for it to rebuild the library if asked. - - Go to ``Preferences > Sharing over the net`` - - Check the box for ``Require username and password to access the Content server`` - - Check the box for ``Run the server automatically when calibre starts`` - - Click on ``Start server`` - - Go to the ``User accounts tab`` and create a user - - Make a note of the credentials for use in ``Readarr`` setup + - Set folder to be `/data/root-disk/books` and select `Yes` for it to rebuild the library if asked. + - Go to `Preferences > Sharing over the net` + - Check the box for `Require username and password to access the Content server` + - Check the box for `Run the server automatically when calibre starts` + - Click on `Start server` + - Go to the `User accounts tab` and create a user + - Make a note of the credentials for use in `Readarr` setup - Restart the app/pod - You can do so by also pressing `CTRL + R` on the main screen - ##### Setup Calibre Web - - Default login is ``admin/admin123`` - - Set folder to be ``/data/root-disk/books`` - - To enable web reading, click on ``Admin`` (case sensitive) on the top right - - Click on the user, default is ``admin`` - - Enable ``Allow ebook viewer`` + - Default login is `admin/admin123` + - Set folder to be `/data/root-disk/books` + - To enable web reading, click on `Admin` (case sensitive) on the top right + - Click on the user, default is `admin` + - Enable `Allow ebook viewer` - Change password to something more secure - Save settings @@ -204,62 +204,62 @@ Use your own server | Radarr | Movies | | Lidarr | Music | - - Go to ``Settings`` and click on ``Show Advanced`` + - Go to `Settings` and click on `Show Advanced` - Enable authentication - Set `Authentication` to `Forms (Login Page)` - Set `Authentication Required` to `Enabled` - Set username and password for access - Add torrent client - - Go to ``Settings > Download Clients > Add > qBittorent`` - - Add the host: ``qbittorrent`` - - Add the port: ``10095`` - - Add the username: ```` - - Add the password: ```` - - Enable the ``Remove Completed`` option. + - Go to `Settings > Download Clients > Add > qBittorent` + - Add the host: `qbittorrent` + - Add the port: `10095` + - Add the username: `` + - Add the password: `` + - Enable the `Remove Completed` option. - This will copy the download from the downloads directory to the destination directory for the service. Once the seeding limits are reached, it will delete the torrent and its files from the downloads directory. - More information on [sonarrs's wiki page](https://wiki.servarr.com/sonarr/settings#Torrent_Process) and [radarr's wiki page](https://wiki.servarr.com/radarr/settings#Torrent_Process) under `Remove Completed Downloads`. They should all have the same idea though. - Set the root directories to be the following - - Go to ``Settings > Media Management`` + - Go to `Settings > Media Management` | Service | Root Directory | |---------|-------------------| - | Readarr | ``/data/root-disk/books/`` | - | Sonarr | ``/data/root-disk/shows/`` | - | Radarr | ``/data/root-disk/movies/`` | - | Lidarr | ``/data/root-disk/music/`` | + | Readarr | `/data/root-disk/books/` | + | Sonarr | `/data/root-disk/shows/` | + | Radarr | `/data/root-disk/movies/` | + | Lidarr | `/data/root-disk/music/` | - Enable renaming - Adjust quality definitions - - Go to ``Settings > Quality`` - - Set the ``Size Limit`` or ``Megabytes Per Minute`` (or equivalent) to appropriate numbers + - Go to `Settings > Quality` + - Set the `Size Limit` or `Megabytes Per Minute` (or equivalent) to appropriate numbers - This will ensure your downloads are not "too big" - - For movies and shows, ``2-3GiB/h`` would usually be sufficient as the ``Preferred`` value, and you can leave the ``Max`` value a bit higher to ensure a better chance of download grabs + - For movies and shows, `2-3GiB/h` would usually be sufficient as the `Preferred` value, and you can leave the `Max` value a bit higher to ensure a better chance of download grabs - Min: 0 - Preferred: 30 - Max: 70 (you can also use 2000 but you might get bigger files more often) - - Go to ``Settings > Media Management`` - - If present, make sure ``Use Hardlinks instead of Copy`` is enabled + - Go to `Settings > Media Management` + - If present, make sure `Use Hardlinks instead of Copy` is enabled - Radarr/Sonarr specific config - - Go to ``Settings > Profiles`` + - Go to `Settings > Profiles` - If present, for all relevant profiles (or just all of them), set the `Language` for the profile to be `Original` (or whatever language you prefer it to be instead) to download the media in that specific language. - **[EXPERIMENTAL]** Enforce downloads of original language media only - - Go to ``Settings > Custom Formats`` - - Add a new Custom Format with ``Language`` Condition - - Set ``Language: Original`` - - Set ``Required: True`` - - Go to ``Settings > Profiles`` + - Go to `Settings > Custom Formats` + - Add a new Custom Format with `Language` Condition + - Set `Language: Original` + - Set `Required: True` + - Go to `Settings > Profiles` - Select all [relevant] profiles and set the following - - ``Minimum Custom Format Score`` to ``0`` (sum of the custom formats scores) - - Your new Custom Format's score to be ``0`` (if the value is lower than the minimum score then downloads will be blocked) + - `Minimum Custom Format Score` to `0` (sum of the custom formats scores) + - Your new Custom Format's score to be `0` (if the value is lower than the minimum score then downloads will be blocked) - Readarr specific config - - Go to ``Settings > Media Management`` + - Go to `Settings > Media Management` - Add root folder (you cannot edit an existing one) - - Set the path to be ``/data/root-disk/books/`` - - Enable ``Use Calibre`` options the the following defaults - - Calibre host: ``calibre-webserver`` - - Calibre port: ``8081`` - - Calibre Username: ```` - - Calibre Password: ```` - - Enabled ``Rename Books`` and use the defaults + - Set the path to be `/data/root-disk/books/` + - Enable `Use Calibre` options the the following defaults + - Calibre host: `calibre-webserver` + - Calibre port: `8081` + - Calibre Username: `` + - Calibre Password: `` + - Enabled `Rename Books` and use the defaults - ##### Setup Prowlarr - Enable authentication @@ -267,7 +267,7 @@ Use your own server - Set `Authentication Required` to `Enabled` - Set username and password for access - Add `FlareSolverr` service as a proxy, refer to [this](https://trash-guides.info/Prowlarr/prowlarr-setup-flaresolverr/) guide for help - - Go to ``Settings > Indexers`` + - Go to `Settings > Indexers` - Add a new proxy for `FlareSolverr` - Add a tag to it, for example `flaresolverr` - **NOTE:** This tag needs to be used for any indexer that needs to bypass CloudFlare and DDoS-Gaurd protection @@ -292,7 +292,7 @@ Use your own server Tokyo Toshokan ``` - It is recommended to use private indexers for books and music as they are harder to find otherwise - - Add Sonarr, Radarr, Lidarr and Readarr to the ``Settings > Apps > Application`` section using the correct API token and kubernetes service names + - Add Sonarr, Radarr, Lidarr and Readarr to the `Settings > Apps > Application` section using the correct API token and kubernetes service names - By default prowlarr server will be: ``` http://prowlarr:9696 @@ -311,14 +311,14 @@ Use your own server - ##### Setup Bazarr - Enable authentication - - Go to ``Settings > General`` - - Under ``Security`` select ``Form`` as the form of ``Authentication`` + - Go to `Settings > General` + - Under `Security` select `Form` as the form of `Authentication` - Set username and password for access - Follow the official [Setup Guide](https://wiki.bazarr.media/Getting-Started/Setup-Guide/) - - Go to ``Settings > Radarr`` and ``Settings > Sonarr`` + - Go to `Settings > Radarr` and `Settings > Sonarr` - Click on `Enable` - Fill out the details and save - - Use the API tokens from the respective services, found under ``Settings > General > Security > API Key`` + - Use the API tokens from the respective services, found under `Settings > General > Security > API Key` - Use the kubernetes service name and port | Service Name | Port | @@ -328,17 +328,17 @@ Use your own server - Set a suitable minimum score, probabl `70` is fine - Fill out the path mappings if the directories in which data is stored is different for both services (by default both services will use the same directory to access data, so you dont need to change anything for a default install) - - Go to ``Settings > Languages`` + - Go to `Settings > Languages` - Add a language profile and set defaults for movies and series' - You may need to set language filters first before being able to create a profile with the languages in them - Add both, for hearing impaired and regular ones, to increase your chances - - Go to ``Settings > Provider`` and add providers for subtitles + - Go to `Settings > Provider` and add providers for subtitles - Decent options are: - Opensubtitles.com - TVSubtitles - YIFY Subtitles - Supersubtitles - - Go to ``Settings > Subtitles`` and make changes if needed + - Go to `Settings > Subtitles` and make changes if needed - Manually add the language profile to all the scanned media after first installation - NOTE: - If it doesnt work, manually restart the pod few times. It just works, not sure why. If that doesnt work, try reinstalling. @@ -389,12 +389,12 @@ Use your own server - One stop shop for Sonarr/Radarr/Lidarr requests - Get the API keys for Jellyfin, Sonarr and Radarr - Jellyfin - - Go to ``Admin > Dashboard > API Keys`` + - Go to `Admin > Dashboard > API Keys` - Generate a new API key with an appropriate name - Sonarr/Radarr/Lidarr - - Use the API tokens from the respective services, found under ``Settings > General > Security > API Key`` + - Use the API tokens from the respective services, found under `Settings > General > Security > API Key` - Set credentials for login - - Go to ``Settings`` + - Go to `Settings` - Use the correct API keys, hostnames and ports for the services | Service Name | Port | |--------------|------| @@ -402,15 +402,15 @@ Use your own server | sonarr | 8989 | | radarr | 7878 | | lidarr | 8686 | - - Click on the ``Load Profiles`` and ``Load Root Folders`` buttons and use the appropriate defaults as used in the services seen [here](#setup-radarrsonarrreadarrlidarr). - - Setup ``Movies`` using ``Radarr`` - - Setup ``TV`` using ``Sonarr`` - - Enable the ``Enable season folders`` option - - Enable the ``V3`` option - - Setup ``Music`` using ``Lidarr`` - - Setup ``Media Server`` using ``Jellyfin`` - - **Dont forget to click on ``Enable`` for each of those setups as well** - - Go to ``Users`` + - Click on the `Load Profiles` and `Load Root Folders` buttons and use the appropriate defaults as used in the services seen [here](#setup-radarrsonarrreadarrlidarr). + - Setup `Movies` using `Radarr` + - Setup `TV` using `Sonarr` + - Enable the `Enable season folders` option + - Enable the `V3` option + - Setup `Music` using `Lidarr` + - Setup `Media Server` using `Jellyfin` + - **Dont forget to click on `Enable` for each of those setups as well** + - Go to `Users` - Setup additional users - Give the following roles to *trusted* users for convinience ``` From 07b4597dfa40af5b6ec8f73f1b3dff02a7441ee8 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 29 Mar 2025 13:21:52 +0000 Subject: [PATCH 74/81] Add home assistant but no persistant config dir for it because of config related issues, details in playbook --- README.md | 6 ++++++ group_vars/all | 4 ++++ install-charts.yaml | 28 ++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+) diff --git a/README.md b/README.md index 1da781d..877cc2b 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,12 @@ Use your own server ``` - You can find information on how to use [Loki](https://grafana.com/oss/loki/) in Grafana [here](https://grafana.com/docs/loki/latest/operations/grafana/) + - ##### Setup Home Assistant + - Portal for adding and monitoring home automation devices (like zigbee devices) + - To add zigbee support to your home assistant backed server, you can buy the [Home Assistant Connect ZBT-1](https://www.home-assistant.io/connectzbt1/) + - Follow onscreen instruction to create an account + - Getting started information is present on the [home-assistant website](https://www.home-assistant.io/getting-started/) + - ##### Setup Jellyfin - Initial setup is just following on-screen instructions. - If asked to select server, delete it and refresh the page. diff --git a/group_vars/all b/group_vars/all index 9d2d423..9a396d4 100644 --- a/group_vars/all +++ b/group_vars/all @@ -121,6 +121,10 @@ charts: # look at `install-charts.yaml` for more information host_path: "/home/{{ ansible_user }}/data/downloads" + # home automation portal + home_assistant: + enabled: true + # media client jellyfin: enabled: true diff --git a/install-charts.yaml b/install-charts.yaml index efe136d..1834b6b 100644 --- a/install-charts.yaml +++ b/install-charts.yaml @@ -429,6 +429,34 @@ msg: > You can log into Immich at 'immich.{{ domain_name }}'. + - name: Install home-assistant + when: charts.services.home_assistant.enabled + block: + - name: Install/Upgrade the home-assistant chart + include_tasks: tasks-install-chart.yaml + vars: + repo_name: TrueCharts + repo_link: oci://tccr.io/truecharts + install_namespace: "{{ namespace_generic_services }}" + timeout: "{{ charts.timeout }}" + release_name: home-assistant + chart_name: home-assistant + # not incliuding config persistence as it impacts the init setup + # specifically the trusted proxies dont get configured blocking + # ingress access. This is because the configmaps cannot be mounted + # at the expected location (subdir in the hostpath mount) + set_options: "--set \ + {{ helm_common_general }},\ + {{ helm_common_persistence }},\ + {{ helm_common_security_contexts }},\ + {{ helm_common_persistence_downloads }}\ + {{ helm_common_resources }},\ + {{ helm_common_ingress }},\ + homeassistant.trusted_proxies[0]='10.0.0.0/8',\ + ingress.main.hosts[0].host='home-assistant.{{ domain_name }}',\ + ingress.main.hosts[0].paths[0].service.name=home-assistant,\ + ingress.main.hosts[0].paths[0].service.port=8123" + - name: Install jellyfin when: charts.services.jellyfin.enabled block: From 8fec837b320df6d8ac739d665aac013bc6f6c02f Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Sat, 29 Mar 2025 16:42:49 +0000 Subject: [PATCH 75/81] Update all files for default immich path --- group_vars/all | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/all b/group_vars/all index 9a396d4..a67fc72 100644 --- a/group_vars/all +++ b/group_vars/all @@ -119,7 +119,7 @@ charts: enabled: true # base dir for all immich info, including backups, cache, etc # look at `install-charts.yaml` for more information - host_path: "/home/{{ ansible_user }}/data/downloads" + host_path: "/home/{{ ansible_user }}/data/immich" # home automation portal home_assistant: From 7d97337cac32a36b33f88a494997078fa858a524 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Sat, 29 Mar 2025 21:12:36 +0000 Subject: [PATCH 76/81] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 877cc2b..136a001 100644 --- a/README.md +++ b/README.md @@ -444,7 +444,7 @@ Use your own server - You need to create DNS entries to access the Ingress services. The following entries are recommended: - `*.` - `` - - You can port forward the following ports on your router to gain external access. On your router: + - You can port forward (NAT based) the following ports on your router to gain external access. On your router: - Set a static IP for your server (if applicable) so the router doesnt assign a different IP to the machine breaking your port-forwarding setup - Following are some sample rules based on the `all` file defaults for port forwarding, feel free to tweak to your needs. From 9b823a62f6b0550ab189169ad44cb8c83f8a0b83 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Sat, 29 Mar 2025 21:29:03 +0000 Subject: [PATCH 77/81] Update README.md for port forward setup and NAT-ing --- README.md | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 136a001..2d1794d 100644 --- a/README.md +++ b/README.md @@ -444,7 +444,7 @@ Use your own server - You need to create DNS entries to access the Ingress services. The following entries are recommended: - `*.` - `` - - You can port forward (NAT based) the following ports on your router to gain external access. On your router: + - Setup NAT-ing for the the following ports on your router to gain external access. On your router: - Set a static IP for your server (if applicable) so the router doesnt assign a different IP to the machine breaking your port-forwarding setup - Following are some sample rules based on the `all` file defaults for port forwarding, feel free to tweak to your needs. @@ -469,7 +469,31 @@ Use your own server | calibre | LAN | `:30000` (No ingress rules defined) | 30100 | `` | NOTE: Security is an unkown when exposing a service to the internet. - + - If you cannot do NAT setup on your router and need the server to run ingress on 80 and 443, you can use this [post's answer](https://stackoverflow.com/questions/55907537/how-to-expose-kubernetes-service-on-prem-using-443-80) to run the ingress controller on host network + ```yaml + kind: ... + apiVersion: apps/v1 + metadata: + name: nginx-ingress-controller + spec: + ... + template: + spec: + hostNetwork: true <---------- Add this + containers: + - name: nginx-ingress-lb + image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0 + ports: + - name: http + hostPort: 80 <---------- Add this + containerPort: 80 + protocol: TCP + - name: https + hostPort: 443 <---------- Add this + containerPort: 443 + protocol: TCP + ... + ``` # Appendix ## Prometheus TSDB Backup Restore From e887d3df6999b7aaf4179649cb0d0510f148117b Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Tue, 1 Apr 2025 22:44:38 +0100 Subject: [PATCH 78/81] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 2d1794d..7239e24 100644 --- a/README.md +++ b/README.md @@ -496,6 +496,12 @@ Use your own server ``` # Appendix +## Kubernetes metrics server + +For troubleshooting, it might be useful to run the metrics server on your cluster + +Refer to this [guide](https://medium.com/@cloudspinx/fix-error-metrics-api-not-available-in-kubernetes-aa10766e1c2f) for it. + ## Prometheus TSDB Backup Restore In case of a migration, you may choose to wnat to migrate data from prometheus along with the app backups stored in the server's app-config dir. From 4fd4220722b68714ae7a8188ff25736e50aab978 Mon Sep 17 00:00:00 2001 From: Karan Samani Date: Wed, 2 Apr 2025 14:26:03 +0100 Subject: [PATCH 79/81] initial commit for docker migration --- group_vars/all | 22 +----- install-docker.yaml | 16 +++++ install-kubernetes-kubespray.yaml | 111 ------------------------------ run.sh | 3 + setup.yaml | 4 +- 5 files changed, 22 insertions(+), 134 deletions(-) create mode 100644 install-docker.yaml delete mode 100644 install-kubernetes-kubespray.yaml diff --git a/group_vars/all b/group_vars/all index a67fc72..3dff464 100644 --- a/group_vars/all +++ b/group_vars/all @@ -239,29 +239,9 @@ charts: # ==== k8s settings ==== -kubespray: +docker: enabled: true - # Use reset.yml to reset cluster - playbook: "cluster.yml" - # extra args for playbook - playbook_args: "-e reset_confirmation=yes" - - # release branch from the repo: https://github.com/kubernetes-sigs/kubespray - release: "release-2.27" - - # enable addons config - addons: [] - # - helm_enabled - # - ingress_nginx_enabled - # - cert_manager_enabled - # - metallb_enabled - # - local_path_provisioner_enabled - - # enable cluster yml config - k8s_cluster: [] - # - kube_proxy_strict_arp - # to allow pinless bluetooth connections to the server bluetooth: diff --git a/install-docker.yaml b/install-docker.yaml new file mode 100644 index 0000000..499fd3f --- /dev/null +++ b/install-docker.yaml @@ -0,0 +1,16 @@ +--- +# https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible/ansible.md +# https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting_started/getting-started.md +- name: Install docker + hosts: all + gather_facts: true + tasks: + - name: Install Docker + include_role: + name: geerlingguy.docker + apply: + become: True + vars: + docker_edition: "ce" + docker_users: + - "{{ ansible_user }}" diff --git a/install-kubernetes-kubespray.yaml b/install-kubernetes-kubespray.yaml deleted file mode 100644 index 3b2e711..0000000 --- a/install-kubernetes-kubespray.yaml +++ /dev/null @@ -1,111 +0,0 @@ ---- -# https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible/ansible.md -# https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting_started/getting-started.md -- name: Install kubernetes using kubespray - hosts: all - gather_facts: true - tasks: - - name: kubespray installation - delegate_to: localhost - block: - - name: Clone kuberspray from github - include_tasks: tasks-clone-git-repo.yaml - vars: - repo_dir: "{{ kubespray_repo_dir }}" - repo_link: https://github.com/kubernetes-sigs/kubespray.git - - - name: "Checkout release branch: {{ kubespray.release }}" - shell: "cd {{ kubespray_repo_dir }} && git checkout {{ kubespray.release }}" - - - name: setup config - block: - - name: setup inventory.ini - block: - - name: generate inventories entry - set_fact: - inventory_entries: > - {{- inventory_entries | default('') - + item + ' etcd_member_name=' + '"' + 'etcd' + my_idx|string + '"' - + ' ansible_host=' + '"' + hostvars[item].ansible_host + '"' - + ' ansible_port=' + '"' + hostvars[item].ansible_port|string + '"' - + ' ansible_user=' + '"' + hostvars[item].ansible_user + '"' - + ' ansible_sudo_pass=' + '"' + hostvars[item].ansible_sudo_pass + '"' - -}} - loop: "{{ query('inventory_hostnames', 'all') }}" - loop_control: - index_var: my_idx - - - name: populate inventory file - copy: - dest: "{{ kubespray_inventory_ini }}" - content: | - [all:vars] - ansible_connection=ssh - ansible_become_user=root - - [kube_control_plane] - {{ inventory_entries }} - - [kube_node] - {{ inventory_entries }} - - [etcd:children] - kube_control_plane - kube_node - - - name: setup addons - block: - - name: "update {{ kubespray_addons_yml }}" - ansible.builtin.lineinfile: - path: "{{ kubespray_addons_yml }}" - regexp: "{{ item }}:.*" - line: "{{ item }}: true" - loop: "{{ kubespray.addons }}" - - - name: "update {{ kubespray_k8s_cluster_yml }}" - ansible.builtin.lineinfile: - path: "{{ kubespray_k8s_cluster_yml }}" - regexp: "^{{ item }}:.*" - line: "{{ item }}: true" - loop: "{{ kubespray.k8s_cluster }}" - - - name: "run kubespray playbook (can take a long time): {{ kubespray.playbook }}" - shell: | - cd {{ kubespray_repo_dir }}; - python3 -m venv ..{{ kubespray_venv_dir }}; - . ..{{ kubespray_venv_dir }}/bin/activate; - pip install -U -r requirements.txt; - export ANSIBLE_CONFIG=../{{ kubespray_repo_dir }}/ansible.cfg; - ansible-playbook -i ../{{ kubespray_inventory_ini }} ../{{ kubespray_repo_dir }}/{{ kubespray.playbook }} -b -v {{ kubespray.playbook_args }} - - - name: setup kubeconfig for user - shell: | - mkdir -p {{ basics.home_dir }}/.kube - cp /etc/kubernetes/admin.conf {{ basics.home_dir }}/.kube/config - chmod 777 -R {{ basics.home_dir }}/.kube - become: true - - - name: Install kubectl - # https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ - block: - - name: download binary - become: true - shell: "curl -LO \"https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl\"" - - - name: install binary - become: true - shell: "install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl" - - - name: Install Helm - # https://helm.sh/docs/intro/install/ - shell: "curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash" - become: true - vars: - kubespray_repo_dir: "./kubespray" - kubespray_venv_dir: "{{ kubespray_repo_dir }}/kubespray-venv" - kubespray_sample_dir: "{{ kubespray_repo_dir }}/inventory/sample" - kubespray_inventory_ini: "{{ kubespray_sample_dir }}/inventory.ini" - kubespray_addons_yml: "{{ kubespray_sample_dir }}/group_vars/k8s_cluster/addons.yml" - kubespray_k8s_cluster_yml: "{{ kubespray_sample_dir }}/group_vars/k8s_cluster/k8s-cluster.yml" - - diff --git a/run.sh b/run.sh index faf0e42..fbfbd4b 100755 --- a/run.sh +++ b/run.sh @@ -13,5 +13,8 @@ if ! command -v "ansible-playbook --version" 2>&1 >/dev/null; then pip install ansible fi +echo "installing docker role..." +ansible-galaxy role install geerlingguy.docker + echo "running playbook" ansible-playbook setup.yaml -i hosts.yaml $@ diff --git a/setup.yaml b/setup.yaml index cf7f419..3b29636 100644 --- a/setup.yaml +++ b/setup.yaml @@ -15,9 +15,9 @@ when: - basics.enabled -- import_playbook: install-kubernetes-kubespray.yaml +- import_playbook: install-docker.yaml when: - - kubespray.enabled + - docker.enabled - import_playbook: install-charts.yaml vars: From cecec320f10111bef2bef787837c39fc06356f62 Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Thu, 3 Apr 2025 21:57:41 +0100 Subject: [PATCH 80/81] half baked work as I abandon this effort, at least for now cause its too much work for not enough returns --- .../install-and-configure-spotifyd.yaml | 2 +- docker-compose.yaml | 52 + group_vars/all | 339 +++--- install-charts.yaml | 1000 ----------------- install-services.yaml | 941 ++++++++++++++++ services/.env | 9 + services/compose.yaml | 198 ++++ services/grafana.yml | 19 + services/prometheus.yml | 12 + setup.yaml | 4 +- tasks-install-chart.yaml | 25 - tasks-kubernetes-delete-kind-instances.yaml | 6 - 12 files changed, 1390 insertions(+), 1217 deletions(-) create mode 100644 docker-compose.yaml delete mode 100644 install-charts.yaml create mode 100644 install-services.yaml create mode 100644 services/.env create mode 100644 services/compose.yaml create mode 100644 services/grafana.yml create mode 100644 services/prometheus.yml delete mode 100644 tasks-install-chart.yaml delete mode 100644 tasks-kubernetes-delete-kind-instances.yaml diff --git a/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml b/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml index d1ebe42..308c598 100644 --- a/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml +++ b/deprecated_playbooks/spotify/install-and-configure-spotifyd.yaml @@ -1,6 +1,6 @@ --- - name: Install and configure spotifyd - hosts: home-main + hosts: all gather_facts: false vars: repo_dir: "{{ basics.repos_dir }}/spotifyd" diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..c36314c --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,52 @@ +version: "3.3" + +networks: + loki: + +services: + loki: + image: grafana/loki:latest + ports: + - "3100:3100" + command: -config.file=/etc/loki/local-config.yaml + networks: + - loki + + promtail: + image: grafana/promtail:latest + volumes: + - /var/log:/var/log + command: -config.file=/etc/promtail/config.yml + networks: + - loki + + grafana: + environment: + - GF_PATHS_PROVISIONING=/etc/grafana/provisioning + - GF_AUTH_ANONYMOUS_ENABLED=true + - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin + - GF_FEATURE_TOGGLES_ENABLE=alertingSimplifiedRouting,alertingQueryAndExpressionsStepMode + entrypoint: + - sh + - -euc + - | + mkdir -p /etc/grafana/provisioning/datasources + cat < /etc/grafana/provisioning/datasources/ds.yaml + apiVersion: 1 + datasources: + - name: Loki + type: loki + access: proxy + orgId: 1 + url: http://loki:3100 + basicAuth: false + isDefault: true + version: 1 + editable: false + EOF + /run.sh + image: grafana/grafana:latest + ports: + - "3000:3000" + networks: + - loki diff --git a/group_vars/all b/group_vars/all index 3dff464..3aa8589 100644 --- a/group_vars/all +++ b/group_vars/all @@ -6,9 +6,9 @@ domain_name: "" # FILL OUT # for basic server setup (in my opinion) basics: - enabled: true + enabled: false # reboot machine - reboot: true + reboot: false # user's home dir home_dir: "/home/{{ ansible_user }}" @@ -18,7 +18,7 @@ basics: # vnc for remote desktop with GUI vnc: - enabled: true + enabled: false # will be truncated to 8 characters password: "" # FILL OUT # display for what port will be accessed @@ -30,14 +30,14 @@ vnc: # squid credentials, for proxy squid: - enabled: true + enabled: false username: "" # FILL OUT password: "" # FILL OUT port: "3128" # sambashare for network attached storage smb: - enabled: true + enabled: false password: "" # FILL OUT share_name: "sambashare" @@ -48,7 +48,7 @@ smb: # when the server IP changes # NOTE: It doesnt add entries, refer to the README.md file for instructions cloudflare: - enabled: true + enabled: false # Set your Cloudflare Zone ID zone_id: "" # FILL OUT @@ -57,191 +57,166 @@ cloudflare: auth_key: "" # FILL OUT # ==== Select what charts you wish to install ==== -charts: - enabled: true +services: + # directory in which the apps will store their configs + configs_dir: "/home/{{ ansible_user }}/data/app-configs" + + # nginx ingress controller for reverse proxy + traefik: + enabled: false + + # manager for tls certs + cert_manager: + enabled: false + # email for the ACME account registration + # FYI: you dont need to create any account for this, just use an email ID + email: "" # FILL OUT - resources: - # kubernetes resource requests for the pods - requests: - cpu: 10m - memory: 50M + # log monitoring with Loki (Needs Grafana for a UI) + loki_stack: + enabled: false - # kubernetes resource limits for the pods - # leave some headroom for the OS to not lose server access in case of an issue - limits: - cpu: 4 - memory: "6000M" + # metrics monitoring with Grafana and Prometheus + monitoring: + enabled: true + admin_username: "admin" # FILL OUT + admin_password: "admin" # FILL OUT - # timeout as helm expects it in --timeout for the charts - timeout: 15m + # cloud native instance of postgres DB + cnpg: + enabled: false + + # google photos alternative + # NOTE: REQUIRES YOU TO HAVE CNPG INSTALLED BEFORE + # - Either set `cnpg.enabled` to false or + # - make sure you have installed it first (incase of an upgrade) + immich: + enabled: false + # base dir for all immich info, including backups, cache, etc + # look at `install-charts.yaml` for more information + host_path: "/home/{{ ansible_user }}/data/immich" + + # home automation portal + home_assistant: + enabled: false + + # media client + jellyfin: + enabled: false - services: - - # directory in which the apps will store their configs - configs_dir: "/home/{{ ansible_user }}/data/app-configs" - - # provision hostPaths using this controller - local_path_provisioner: - enabled: true - version: "v0.0.31" - - # nginx ingress controller for reverse proxy - ingress_nginx: - enabled: true - - # manager for tls certs - cert_manager: - enabled: true - # email for the ACME account registration - # FYI: you dont need to create any account for this, just use an email ID - email: "" # FILL OUT - - # log monitoring with Loki (Needs Grafana for a UI) - loki_stack: - enabled: true - - # metrics monitoring with Grafana and Prometheus - kube_prometheus_stack: - enabled: true - grafana: - admin_username: "admin" # FILL OUT - admin_password: "admin" # FILL OUT - - # cloud native instance of postgres DB - cnpg: - enabled: true - - # google photos alternative - # NOTE: REQUIRES YOU TO HAVE CNPG INSTALLED BEFORE - # - Either set `cnpg.enabled` to true or - # - make sure you have installed it first (incase of an upgrade) - immich: - enabled: true - # base dir for all immich info, including backups, cache, etc - # look at `install-charts.yaml` for more information - host_path: "/home/{{ ansible_user }}/data/immich" - - # home automation portal - home_assistant: - enabled: true - - # media client - jellyfin: - enabled: true - - # torrents - qbittorrent: - enabled: true - - # dirs to download files - # you can specify different mounts present on your server - # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - # If you dont know what that means, just use lower case characters - # and dashes to separate them or a mix of upper and lowercase characters - persistence: - - name: root-disk - host_path: "/home/{{ ansible_user }}/data/downloads" - # - name: spare-disk - # host_path: "/mnt/b/downloads" - - # to bypass cloudflare protection - flaresolverr: - enabled: true - - # to manage indexers - prowlarr: - enabled: true - - # movie monitoring - radarr: - enabled: true - - # dirs to store and organise movies - # you can specify different mounts present on your server - # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - # If you dont know what that means, just use lower case characters - # and dashes to separate them or a mix of upper and lowercase characters - persistence: - - name: root-disk - host_path: "/home/{{ ansible_user }}/data/movies" - # - name: spare-disk - # host_path: "/mnt/b/movies" - - # show monitoring - sonarr: - enabled: true - - # dirs to store and organise shows - # you can specify different mounts present on your server - # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - # If you dont know what that means, just use lower case characters - # and dashes to separate them or a mix of upper and lowercase characters - persistence: - - name: root-disk - host_path: "/home/{{ ansible_user }}/data/shows" - # - name: spare-disk - # host_path: "/mnt/b/shows" - - # subtitle hunting - bazarr: - enabled: true - - # movie and show interface - jellyseerr: - enabled: true - - # speed test to server - librespeed: - enabled: true - - # book monitoring - readarr: - enabled: true - - # dirs to store and organise books - # you can specify different mounts present on your server - # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - # If you dont know what that means, just use lower case characters - # and dashes to separate them or a mix of upper and lowercase characters - persistence: - - name: root-disk - host_path: "/home/{{ ansible_user }}/data/books" - # - name: spare-disk - # host_path: "/mnt/b/books" - - # music monitoring - lidarr: - enabled: true - - # dirs to store and organise music - # you can specify different mounts present on your server - # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - # If you dont know what that means, just use lower case characters - # and dashes to separate them or a mix of upper and lowercase characters - persistence: - - name: root-disk - host_path: "/home/{{ ansible_user }}/data/music" - # - name: spare-disk - # host_path: "/mnt/b/music" - - # book client - calibre_web: - enabled: false - - # book management - calibre: - enabled: false - - # movie, show and music interface - ombi: - enabled: false + # torrents + qbittorrent: + enabled: false + + # dirs to download files + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/downloads" + # - name: spare-disk + # host_path: "/mnt/b/downloads" + + # to bypass cloudflare protection + flaresolverr: + enabled: false + + # to manage indexers + prowlarr: + enabled: false + + # movie monitoring + radarr: + enabled: false + + # dirs to store and organise movies + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/movies" + # - name: spare-disk + # host_path: "/mnt/b/movies" + + # show monitoring + sonarr: + enabled: false + + # dirs to store and organise shows + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/shows" + # - name: spare-disk + # host_path: "/mnt/b/shows" + + # subtitle hunting + bazarr: + enabled: false + + # movie and show interface + jellyseerr: + enabled: false + + # speed test to server + librespeed: + enabled: false + + # book monitoring + readarr: + enabled: false + + # dirs to store and organise books + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/books" + # - name: spare-disk + # host_path: "/mnt/b/books" + + # music monitoring + lidarr: + enabled: false + + # dirs to store and organise music + # you can specify different mounts present on your server + # NOTE: The 'name' must follow the following regex validation: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + # If you dont know what that means, just use lower case characters + # and dashes to separate them or a mix of upper and lowercase characters + persistence: + - name: root-disk + host_path: "/home/{{ ansible_user }}/data/music" + # - name: spare-disk + # host_path: "/mnt/b/music" + + # book client + calibre_web: + enabled: false + + # book management + calibre: + enabled: false + + # movie, show and music interface + ombi: + enabled: false # ==== k8s settings ==== docker: - enabled: true - + enabled: false + # to allow pinless bluetooth connections to the server bluetooth: diff --git a/install-charts.yaml b/install-charts.yaml deleted file mode 100644 index 1834b6b..0000000 --- a/install-charts.yaml +++ /dev/null @@ -1,1000 +0,0 @@ ---- -- name: Install basic charts - hosts: all - gather_facts: true - vars: - namespace_monitoring: monitoring - namespace_generic_services: generic-services - namespace_cert_manager: cert-manager - namespace_ingress: ingress-nginx - namespace_cloudnative_postgres: "cnpg-system" - - helm_kube_prometheus_stack_loki_config: "" # default - - # The following has been set to disable Truecharts own injection - # of manifests for SCALE products I believe either way I dont need it: - # - manifestManager.enabled=false - helm_common_general: "\ - global.metallb.addServiceAnnotations=false,\ - global.traefik.addServiceAnnotations=false,\ - portal.open.enabled=false,\ - operator.verify.enabled=false,\ - workload.main.type=StatefulSet,\ - podOptions.dnsConfig.nameservers={8.8.8.8,8.8.4.4}" - - helm_common_ingress: "\ - ingress.main.enabled=true,\ - ingress.main.primary=true,\ - ingress.main.expandObjectName=true,\ - ingress.main.ingressClassName=nginx,\ - ingress.main.integrations.certManager.enabled=true,\ - ingress.main.integrations.certManager.certificateIssuer=letsencrypt-prod,\ - ingress.main.integrations.traefik.enabled=false,\ - ingress.main.hosts[0].paths[0].path='/',\ - ingress.main.hosts[0].paths[0].pathType='Prefix'" - - helm_common_resources: "\ - resources.requests.cpu={{ charts.resources.requests.cpu }},\ - resources.requests.memory={{ charts.resources.requests.memory }},\ - resources.limits.cpu={{ charts.resources.limits.cpu }},\ - resources.limits.memory={{ charts.resources.limits.memory }}" - - # persistence.config.hostPathType=DirectoryOrCreate doesnt work - # because it creates the dir with root ownership and no write permissions - helm_common_persistence: "\ - persistence.shared.enabled=false,\ - persistence.shm.enabled=false,\ - persistence.temp.enabled=false,\ - persistence.varlogs.enabled=false" - - helm_common_persistence_config: "\ - persistence.config.enabled=true,\ - persistence.config.type=hostPath" - - # readOnlyRootFilesystem=false is needed for the app to be able to take - # backups in /config/Backups - # runAsUser={{ uid }} gives write access on the pod - helm_common_security_contexts: "\ - securityContext.container.readOnlyRootFilesystem=false,\ - securityContext.container.runAsUser={{ uid }},\ - securityContext.container.runAsGroup=568" - - venv_dir: "{{ basics.home_dir }}/.venv-install-charts" - venv_python: "{{ venv_dir }}/bin/python3" - - tasks: - - name: Generate a virtual env with dependences for playbook - pip: - name: - - kubernetes - virtualenv: "{{ venv_dir }}" - # On Debian-based systems the correct python*-venv package must - # be installed to use the `venv` module. - virtualenv_command: "python3 -m venv" - - - name: "Create host path dir for config" - file: - path: "{{ charts.services.configs_dir }}" - state: directory - mode: '0777' - become: true # incase the dirs are created at root level - - - name: Process variable to add disks - block: - - name: "Create host path dir" - file: - path: "{{ item.host_path }}" - state: directory - mode: '0777' - become: true # incase the dirs are created at root level - loop: "{{ charts.services.radarr.persistence }}" - - name: Set facts - set_fact: - helm_common_persistence_movies: >- - {{- helm_common_persistence_movies | default('') - + 'persistence.movies-' + item.name + '.enabled=true,' - + 'persistence.movies-' + item.name + '.type=hostPath,' - + 'persistence.movies-' + item.name + '.hostPath=' + item.host_path + ',' - + 'persistence.movies-' + item.name + '.mountPath=/data/' + item.name + '/movies,' - -}} - loop: "{{ charts.services.radarr.persistence }}" - - - name: Process variable to add disks - block: - - name: "Create host path dir" - file: - path: "{{ item.host_path }}" - state: directory - mode: '0777' - become: true # incase the dirs are created at root level - loop: "{{ charts.services.sonarr.persistence }}" - - name: Set facts - set_fact: - helm_common_persistence_shows: >- - {{- helm_common_persistence_shows | default('') - + 'persistence.shows-' + item.name + '.enabled=true,' - + 'persistence.shows-' + item.name + '.type=hostPath,' - + 'persistence.shows-' + item.name + '.hostPath=' + item.host_path + ',' - + 'persistence.shows-' + item.name + '.mountPath=/data/' + item.name + '/shows,' - -}} - loop: "{{ charts.services.sonarr.persistence }}" - - - name: Process variable to add disks - block: - - name: "Create host path dir" - file: - path: "{{ item.host_path }}" - state: directory - mode: '0777' - become: true # incase the dirs are created at root level - loop: "{{ charts.services.readarr.persistence }}" - - name: Set facts - set_fact: - helm_common_persistence_books: >- - {{- helm_common_persistence_books | default('') - + 'persistence.books-' + item.name + '.enabled=true,' - + 'persistence.books-' + item.name + '.type=hostPath,' - + 'persistence.books-' + item.name + '.hostPath=' + item.host_path + ',' - + 'persistence.books-' + item.name + '.mountPath=/data/' + item.name + '/books,' - -}} - loop: "{{ charts.services.readarr.persistence }}" - - - name: Process variable to add disks - block: - - name: "Create host path dir" - file: - path: "{{ item.host_path }}" - state: directory - mode: '0777' - become: true # incase the dirs are created at root level - loop: "{{ charts.services.lidarr.persistence }}" - - name: Set facts - set_fact: - helm_common_persistence_music: >- - {{- helm_common_persistence_music | default('') - + 'persistence.music-' + item.name + '.enabled=true,' - + 'persistence.music-' + item.name + '.type=hostPath,' - + 'persistence.music-' + item.name + '.hostPath=' + item.host_path + ',' - + 'persistence.music-' + item.name + '.mountPath=/data/' + item.name + '/music,' - -}} - loop: "{{ charts.services.lidarr.persistence }}" - - - name: Process variable to add disks - block: - - name: "Create host path dir" - file: - path: "{{ item.host_path }}" - state: directory - mode: '0777' - become: true # incase the dirs are created at root level - loop: "{{ charts.services.qbittorrent.persistence }}" - - name: Set facts - set_fact: - helm_common_persistence_downloads: >- - {{- helm_common_persistence_downloads | default('') - + 'persistence.downloads-' + item.name + '.enabled=true,' - + 'persistence.downloads-' + item.name + '.type=hostPath,' - + 'persistence.downloads-' + item.name + '.hostPath=' + item.host_path + ',' - + 'persistence.downloads-' + item.name + '.mountPath=/data/' + item.name + '/downloads,' - -}} - loop: "{{ charts.services.qbittorrent.persistence }}" - - - name: Install rancher local-path-provisioner - when: charts.services.local_path_provisioner.enabled - block: - - name: apply manifests - shell: "kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/{{ charts.services.local_path_provisioner.version }}/deploy/local-path-storage.yaml" - - - name: set default storage class - shell: "kubectl patch storageclass local-path -p '{\"metadata\": {\"annotations\":{\"storageclass.kubernetes.io/is-default-class\":\"true\"}}}'" - - - name: Install ingress-nginx - # https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md#quick-start - # https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/baremetal.md#over-a-nodeport-service - when: charts.services.ingress_nginx.enabled - block: - - name: Install/Upgrade the ingress-nginx chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: nginx-ingress - repo_link: https://kubernetes.github.io/ingress-nginx - install_namespace: "{{ namespace_ingress }}" - timeout: "{{ charts.timeout }}" - release_name: ingress-nginx - chart_name: ingress-nginx - # setting proxy-body-size=0 disables size checks for uploads and sets - # it as the default for all ingresses handled by this controller - # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-max-body-size - # https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size - # https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/configmap.md#proxy-body-size - set_options: "--set \ - controller.config.proxy-body-size=0,\ - controller.service.type=NodePort,\ - controller.service.nodePorts.http=30080,\ - controller.service.nodePorts.https=30443,\ - controller.service.externalTrafficPolicy=Local" - - - name: Install cert-manager - # https://cert-manager.io/docs/installation/helm/ - # https://cert-manager.io/docs/tutorials/acme/nginx-ingress/ - when: charts.services.cert_manager.enabled - block: - - name: Install/Upgrade the cert-manager chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: jetstack - repo_link: https://charts.jetstack.io - install_namespace: "{{ namespace_cert_manager }}" - timeout: "{{ charts.timeout }}" - release_name: cert-manager - chart_name: cert-manager - set_options: "--set \ - ingressShim.defaultIssuerName=letsencrypt-prod,\ - prometheus.enabled=true,\ - crds.keep=false,\ - crds.enabled=true" - - - name: "install clusterissuer CR with account email: {{ charts.services.cert_manager.email }}" - shell: | - kubectl apply -f - < - You can log into Grafana at 'grafana.{{ domain_name }}' using - {{ charts.services.kube_prometheus_stack.grafana.admin_username }}/ - {{ charts.services.kube_prometheus_stack.grafana.admin_password }} - - - name: Install cnpg - when: charts.services.cnpg.enabled - block: - - name: Install/Upgrade the cnpg chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: cnpg - repo_link: https://cloudnative-pg.github.io/charts - install_namespace: "{{ namespace_cloudnative_postgres }}" - timeout: "{{ charts.timeout }}" - release_name: cnpg - chart_name: cloudnative-pg - set_options: "--set \ - crds.create=true" - - - name: Install immich - when: charts.services.immich.enabled - block: - - name: Install/Upgrade the immich chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: immich - chart_name: immich - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - persistence.mlcache.enabled=true,\ - persistence.mlcache.type=hostPath,\ - persistence.mlcache.hostPath={{ charts.services.immich.host_path }}/mlcache,\ - persistence.microcache.enabled=true,\ - persistence.microcache.type=hostPath,\ - persistence.microcache.hostPath={{ charts.services.immich.host_path }}/microcache,\ - persistence.library.enabled=true,\ - persistence.library.type=hostPath,\ - persistence.library.hostPath={{ charts.services.immich.host_path }}/library,\ - persistence.uploads.enabled=true,\ - persistence.uploads.type=hostPath,\ - persistence.uploads.hostPath={{ charts.services.immich.host_path }}/uploads,\ - persistence.backups.enabled=true,\ - persistence.backups.type=hostPath,\ - persistence.backups.hostPath={{ charts.services.immich.host_path }}/backups,\ - persistence.thumbs.enabled=true,\ - persistence.thumbs.type=hostPath,\ - persistence.thumbs.hostPath={{ charts.services.immich.host_path }}/thumbs,\ - persistence.profile.enabled=true,\ - persistence.profile.type=hostPath,\ - persistence.profile.hostPath={{ charts.services.immich.host_path }}/profile,\ - persistence.video.enabled=true,\ - persistence.video.type=hostPath,\ - persistence.video.hostPath={{ charts.services.immich.host_path }}/encoded-video,\ - securityContext.container.runAsUser=0,\ - securityContext.container.privileged=true,\ - securityContext.container.runAsNonRoot=false,\ - securityContext.container.allowPrivilegeEscalation=true,\ - ingress.main.hosts[0].host='immich.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=immich,\ - ingress.main.hosts[0].paths[0].service.port=10323" - - - debug: - msg: > - You can log into Immich at 'immich.{{ domain_name }}'. - - - name: Install home-assistant - when: charts.services.home_assistant.enabled - block: - - name: Install/Upgrade the home-assistant chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: home-assistant - chart_name: home-assistant - # not incliuding config persistence as it impacts the init setup - # specifically the trusted proxies dont get configured blocking - # ingress access. This is because the configmaps cannot be mounted - # at the expected location (subdir in the hostpath mount) - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_downloads }}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - homeassistant.trusted_proxies[0]='10.0.0.0/8',\ - ingress.main.hosts[0].host='home-assistant.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=home-assistant,\ - ingress.main.hosts[0].paths[0].service.port=8123" - - - name: Install jellyfin - when: charts.services.jellyfin.enabled - block: - - name: Create config directory on hostpath for jellyfin - file: - path: "{{ charts.services.configs_dir }}/jellyfin" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the jellyfin chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: jellyfin - chart_name: jellyfin - # to allow the pod to be able to use the /dev mount - # to access /dev/dri/renderD128 for hwa, these options are set to true - # - securityContext.container.runAsUser=0 - # - securityContext.container.privileged=true - # - securityContext.container.allowPrivilegeEscalation=true - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_shows }}\ - {{ helm_common_persistence_movies }}\ - {{ helm_common_persistence_music }}\ - {{ helm_common_persistence_books }}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/jellyfin,\ - securityContext.container.runAsUser=0,\ - securityContext.container.privileged=true,\ - securityContext.container.runAsNonRoot=false,\ - securityContext.container.allowPrivilegeEscalation=true,\ - persistence.cache.enabled=true,\ - persistence.cache.accessMode=ReadWriteOnce,\ - persistence.cache.size=50G,\ - persistence.dev.enabled=true,\ - persistence.dev.type=hostPath,\ - persistence.dev.mountPath=/dev,\ - persistence.dev.hostPath=/dev,\ - ingress.main.hosts[0].host='jellyfin.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=jellyfin,\ - ingress.main.hosts[0].paths[0].service.port=8096" - - - debug: - msg: > - You can log into Jellyfin at 'jellyfin.{{ domain_name }}'. - Data directories are available under '/data' and can be used by - Jellyfin. If need be, delete any existing server and go to the - URL mention above once again to setup a new server. - - - name: Install qbittorrent - when: charts.services.qbittorrent.enabled - block: - - name: Create config directory on hostpath for qbittorrent - file: - path: "{{ charts.services.configs_dir }}/qbittorrent" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the qbittorrent chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: qbittorrent - chart_name: qbittorrent - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_downloads }}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/qbittorrent,\ - ingress.main.hosts[0].host='qbittorrent.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=qbittorrent,\ - ingress.main.hosts[0].paths[0].service.port=10095" - - - name: Search for qbittorent pod - vars: - ansible_python_interpreter: "{{ venv_python }}" - kubernetes.core.k8s_info: - kind: Pod - label_selectors: - - app.kubernetes.io/instance = qbittorrent - - app.kubernetes.io/name = qbittorrent - register: output - - - name: Get randomly generated password from qbittorrent pod logs - shell: "kubectl logs {{ output.resources[0].metadata.name }} | grep -i 'temporary password' | cut -d ':' -f 2 | tr -d ' '" - register: qbittorrent_random_password - - - debug: - msg: > - You can log into qBittorrent at 'qbittorrent.{{ domain_name }}' using - "admin/{{ qbittorrent_random_password.stdout }}" as the default creds. - Change this after deployment. Downloads directory from the host is - available under '/data' and can be used by the application to - download things. Downloads in that directory will be relevant - processing apps (like Radarr, Sonarr, etc if applicable). - - - name: Install flaresolverr - when: charts.services.flaresolverr.enabled - block: - - name: Install/Upgrade the flaresolverr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: flaresolverr - chart_name: flaresolverr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_resources }},\ - persistence.config.enabled=false" - - - debug: - msg: > - You can flaresolverr to bypass Cloudflare's protection - - - name: Install prowlarr - when: charts.services.prowlarr.enabled - block: - - name: Create config directory on hostpath for prowlarr - file: - path: "{{ charts.services.configs_dir }}/prowlarr" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the prowlarr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: prowlarr - chart_name: prowlarr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/prowlarr,\ - ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=prowlarr,\ - ingress.main.hosts[0].paths[0].service.port=9696" - - - debug: - msg: > - You can log into prowlarr at 'prowlarr.{{ domain_name }}'. Go to this - URL and add the indexers you wish to use. - - - name: Install radarr - when: charts.services.radarr.enabled - block: - - name: Create config directory on hostpath for radarr - file: - path: "{{ charts.services.configs_dir }}/radarr" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the radarr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: radarr - chart_name: radarr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_movies }}\ - {{ helm_common_persistence_downloads }}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/radarr,\ - ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=radarr,\ - ingress.main.hosts[0].paths[0].service.port=7878" - - - debug: - msg: > - You can log into radarr at 'radarr.{{ domain_name }}'. - Data directories from the host are available under '/data' and - can be used by the application to download things. Downloads in - that directory will be picked up by Jellyfin. - - - name: Install sonarr - when: charts.services.sonarr.enabled - block: - - name: Create config directory on hostpath for sonarr - file: - path: "{{ charts.services.configs_dir }}/sonarr" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the sonarr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: sonarr - chart_name: sonarr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_shows }}\ - {{ helm_common_persistence_downloads }}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/sonarr,\ - ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=sonarr,\ - ingress.main.hosts[0].paths[0].service.port=8989" - - - debug: - msg: > - You can log into sonarr at 'sonarr.{{ domain_name }}'. - Data directories from the host are available under '/data' and - can be used by the application to download things. Downloads in - that directory will be picked up by Jellyfin. - - - name: Install bazarr - when: charts.services.bazarr.enabled - block: - - name: Create config directory on hostpath for bazarr - file: - path: "{{ charts.services.configs_dir }}/bazarr" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the bazarr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: bazarr - chart_name: bazarr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_shows }}\ - {{ helm_common_persistence_movies }}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/bazarr,\ - metrics.main.enabled=false,\ - ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=bazarr,\ - ingress.main.hosts[0].paths[0].service.port=6767" - - - debug: - msg: > - You can log into bazarr at 'bazarr.{{ domain_name }}'. - Data directories from the host are available under '/data' and - can be used by the application. - - - name: Install readarr - when: charts.services.readarr.enabled - block: - - name: Create config directory on hostpath for readarr - file: - path: "{{ charts.services.configs_dir }}/readarr" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the readarr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: readarr - chart_name: readarr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_books }}\ - {{ helm_common_persistence_downloads }}}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/readarr,\ - ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=readarr,\ - ingress.main.hosts[0].paths[0].service.port=8787" - - - debug: - msg: > - You can log into readarr at 'readarr.{{ domain_name }}'. - Data directories from the host are available under '/data' and - can be used by the application. - - - name: Install lidarr - when: charts.services.lidarr.enabled - block: - - name: Create config directory on hostpath for lidarr - file: - path: "{{ charts.services.configs_dir }}/lidarr" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the lidarr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: lidarr - chart_name: lidarr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_persistence_music }}\ - {{ helm_common_persistence_downloads }}}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/lidarr,\ - ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=lidarr,\ - ingress.main.hosts[0].paths[0].service.port=8686" - - - debug: - msg: > - You can log into lidarr at 'lidarr.{{ domain_name }}'. - Data directories from the host are available under '/data' and - can be used by the application. - - - name: Install ombi - when: charts.services.ombi.enabled - block: - - name: Create config directory on hostpath for ombi - file: - path: "{{ charts.services.configs_dir }}/ombi" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the ombi chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: ombi - chart_name: ombi - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/ombi,\ - ingress.main.hosts[0].host='ombi.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=ombi,\ - ingress.main.hosts[0].paths[0].service.port=3579" - - debug: - msg: > - You can log into ombi at 'ombi.{{ domain_name }}'. - Data directories are available under '/data' and can be used by - ombi. If need be, delete any existing server and go to the - URL mention above once again to setup a new server. - - - name: Install jellyseerr - when: charts.services.jellyseerr.enabled - block: - - name: Create config directory on hostpath for jellyseerr - file: - path: "{{ charts.services.configs_dir }}/jellyseerr" - state: directory - mode: '0777' - become: true - - - name: Install/Upgrade the jellyseerr chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: jellyseerr - chart_name: jellyseerr - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_security_contexts }},\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/jellyseerr,\ - ingress.main.hosts[0].host='jellyseerr.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=jellyseerr,\ - ingress.main.hosts[0].paths[0].service.port=5055" - - debug: - msg: > - You can log into jellyseerr at 'jellyseerr.{{ domain_name }}'. - Data directories are available under '/data' and can be used by - jellyseerr. If need be, delete any existing server and go to the - URL mention above once again to setup a new server. - - - name: Install librespeed - when: charts.services.librespeed.enabled - block: - - name: Install/Upgrade the librespeed chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: librespeed - chart_name: librespeed - # PUID={{ uid }} gives write access on the pod - # 568 is the default user ID, added to the groups cause why not - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - {{ helm_common_persistence_config }},\ - persistence.config.hostPath={{ charts.services.configs_dir }}/librespeed,\ - securityContext.container.PUID=\"{{ uid }}\",\ - securityContext.container.PGID=\"568\",\ - ingress.main.hosts[0].host='librespeed.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=librespeed,\ - ingress.main.hosts[0].paths[0].service.port=10016" - - - debug: - msg: > - You can log into librespeed at 'librespeed.{{ domain_name }}'. - - - name: Install calibre-web - when: charts.services.calibre_web.enabled - block: - - name: Install/Upgrade the calibre-web chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: calibre-web - chart_name: calibre-web - # PUID={{ uid }} gives write access on the pod - # 568 is the default user ID, added to the groups cause why not - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_persistence_books }}\ - {{ helm_common_persistence_downloads }}}\ - {{ helm_common_resources }},\ - {{ helm_common_ingress }},\ - securityContext.container.PUID=\"{{ uid }}\",\ - securityContext.container.PGID=\"568\",\ - ingress.main.hosts[0].host='calibre-web.{{ domain_name }}',\ - ingress.main.hosts[0].paths[0].service.name=calibre-web,\ - ingress.main.hosts[0].paths[0].service.port=8083" - - - debug: - msg: > - You can log into calibre-web at 'calibre-web.{{ domain_name }}'. - Data directories from the host are available under '/data' and - can be used by the application. - - - name: Install calibre - when: charts.services.calibre.enabled - block: - - name: Install/Upgrade the calibre chart - include_tasks: tasks-install-chart.yaml - vars: - repo_name: TrueCharts - repo_link: oci://tccr.io/truecharts - install_namespace: "{{ namespace_generic_services }}" - timeout: "{{ charts.timeout }}" - release_name: calibre - chart_name: calibre - # PUID={{ uid }} gives write access on the pod - # 568 is the default user ID, added to the groups cause why not - # securityContext.container.seccompProfile.type is required for the - # guacamole VNC client to be able to make sys calls (required ) - set_options: "--set \ - {{ helm_common_general }},\ - {{ helm_common_persistence }},\ - {{ helm_common_persistence_books }}\ - {{ helm_common_persistence_downloads }}}\ - {{ helm_common_resources }},\ - securityContext.container.PUID=\"{{ uid }}\",\ - securityContext.container.PGID=\"568\",\ - securityContext.container.seccompProfile.type=Unconfined,\ - service.main.type=NodePort,\ - service.main.ports.main.nodePort=30000,\ - service.webserver.enabled=true" - - - debug: - msg: > - You can log into calibre at '{{ ip }}:30000'. - Data directories from the host are available under '/data' and - can be used by the application. diff --git a/install-services.yaml b/install-services.yaml new file mode 100644 index 0000000..19e00ef --- /dev/null +++ b/install-services.yaml @@ -0,0 +1,941 @@ +--- +- name: Install services + hosts: all + gather_facts: true + vars: + helm_kube_prometheus_stack_loki_config: "" # default + + # The following has been set to disable Truecharts own injection + # of manifests for SCALE products I believe either way I dont need it: + # - manifestManager.enabled=false + helm_common_general: "\ + global.metallb.addServiceAnnotations=false,\ + global.traefik.addServiceAnnotations=false,\ + portal.open.enabled=false,\ + operator.verify.enabled=false,\ + workload.main.type=StatefulSet,\ + podOptions.dnsConfig.nameservers={8.8.8.8,8.8.4.4}" + + helm_common_ingress: "\ + ingress.main.enabled=true,\ + ingress.main.primary=true,\ + ingress.main.expandObjectName=true,\ + ingress.main.ingressClassName=nginx,\ + ingress.main.integrations.certManager.enabled=true,\ + ingress.main.integrations.certManager.certificateIssuer=letsencrypt-prod,\ + ingress.main.integrations.traefik.enabled=false,\ + ingress.main.hosts[0].paths[0].path='/',\ + ingress.main.hosts[0].paths[0].pathType='Prefix'" + + helm_common_resources: "\ + resources.requests.cpu={{ charts.resources.requests.cpu }},\ + resources.requests.memory={{ charts.resources.requests.memory }},\ + resources.limits.cpu={{ charts.resources.limits.cpu }},\ + resources.limits.memory={{ charts.resources.limits.memory }}" + + # persistence.config.hostPathType=DirectoryOrCreate doesnt work + # because it creates the dir with root ownership and no write permissions + helm_common_persistence: "\ + persistence.shared.enabled=false,\ + persistence.shm.enabled=false,\ + persistence.temp.enabled=false,\ + persistence.varlogs.enabled=false" + + helm_common_persistence_config: "\ + persistence.config.enabled=true,\ + persistence.config.type=hostPath" + + # readOnlyRootFilesystem=false is needed for the app to be able to take + # backups in /config/Backups + # runAsUser={{ uid }} gives write access on the pod + helm_common_security_contexts: "\ + securityContext.container.readOnlyRootFilesystem=false,\ + securityContext.container.runAsUser={{ uid }},\ + securityContext.container.runAsGroup=568" + + venv_dir: "{{ basics.home_dir }}/.venv-install-charts" + venv_python: "{{ venv_dir }}/bin/python3" + + tasks: + # - name: "Create host path dir for config" + # file: + # path: "{{ services.configs_dir }}" + # state: directory + # mode: '0777' + # become: true # incase the dirs are created at root level + + # - name: Process variable to add disks + # block: + # - name: "Create host path dir" + # file: + # path: "{{ item.host_path }}" + # state: directory + # mode: '0777' + # become: true # incase the dirs are created at root level + # loop: "{{ services.radarr.persistence }}" + # - name: Set facts + # set_fact: + # helm_common_persistence_movies: >- + # {{- helm_common_persistence_movies | default('') + # + 'persistence.movies-' + item.name + '.enabled=true,' + # + 'persistence.movies-' + item.name + '.type=hostPath,' + # + 'persistence.movies-' + item.name + '.hostPath=' + item.host_path + ',' + # + 'persistence.movies-' + item.name + '.mountPath=/data/' + item.name + '/movies,' + # -}} + # loop: "{{ services.radarr.persistence }}" + + # - name: Process variable to add disks + # block: + # - name: "Create host path dir" + # file: + # path: "{{ item.host_path }}" + # state: directory + # mode: '0777' + # become: true # incase the dirs are created at root level + # loop: "{{ services.sonarr.persistence }}" + # - name: Set facts + # set_fact: + # helm_common_persistence_shows: >- + # {{- helm_common_persistence_shows | default('') + # + 'persistence.shows-' + item.name + '.enabled=true,' + # + 'persistence.shows-' + item.name + '.type=hostPath,' + # + 'persistence.shows-' + item.name + '.hostPath=' + item.host_path + ',' + # + 'persistence.shows-' + item.name + '.mountPath=/data/' + item.name + '/shows,' + # -}} + # loop: "{{ services.sonarr.persistence }}" + + # - name: Process variable to add disks + # block: + # - name: "Create host path dir" + # file: + # path: "{{ item.host_path }}" + # state: directory + # mode: '0777' + # become: true # incase the dirs are created at root level + # loop: "{{ services.readarr.persistence }}" + # - name: Set facts + # set_fact: + # helm_common_persistence_books: >- + # {{- helm_common_persistence_books | default('') + # + 'persistence.books-' + item.name + '.enabled=true,' + # + 'persistence.books-' + item.name + '.type=hostPath,' + # + 'persistence.books-' + item.name + '.hostPath=' + item.host_path + ',' + # + 'persistence.books-' + item.name + '.mountPath=/data/' + item.name + '/books,' + # -}} + # loop: "{{ services.readarr.persistence }}" + + # - name: Process variable to add disks + # block: + # - name: "Create host path dir" + # file: + # path: "{{ item.host_path }}" + # state: directory + # mode: '0777' + # become: true # incase the dirs are created at root level + # loop: "{{ services.lidarr.persistence }}" + # - name: Set facts + # set_fact: + # helm_common_persistence_music: >- + # {{- helm_common_persistence_music | default('') + # + 'persistence.music-' + item.name + '.enabled=true,' + # + 'persistence.music-' + item.name + '.type=hostPath,' + # + 'persistence.music-' + item.name + '.hostPath=' + item.host_path + ',' + # + 'persistence.music-' + item.name + '.mountPath=/data/' + item.name + '/music,' + # -}} + # loop: "{{ services.lidarr.persistence }}" + + # - name: Process variable to add disks + # block: + # - name: "Create host path dir" + # file: + # path: "{{ item.host_path }}" + # state: directory + # mode: '0777' + # become: true # incase the dirs are created at root level + # loop: "{{ services.qbittorrent.persistence }}" + # - name: Set facts + # set_fact: + # helm_common_persistence_downloads: >- + # {{- helm_common_persistence_downloads | default('') + # + 'persistence.downloads-' + item.name + '.enabled=true,' + # + 'persistence.downloads-' + item.name + '.type=hostPath,' + # + 'persistence.downloads-' + item.name + '.hostPath=' + item.host_path + ',' + # + 'persistence.downloads-' + item.name + '.mountPath=/data/' + item.name + '/downloads,' + # -}} + # loop: "{{ services.qbittorrent.persistence }}" + + - name: Copy over compose file + ansible.builtin.copy: + src: ./services/ + dest: "{{ basics.home_dir }}" + mode: '0777' + backup: yes + + - name: Install/Upgrade traefik ingress + when: services.traefik.enabled + block: + - name: docker compose traefik down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down traefik" + - name: docker compose traefik up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d traefik" + + + - name: Install/Upgrade jellyfin + when: services.jellyfin.enabled + block: + - name: Create config directory on hostpath for jellyfin + file: + path: "{{ services.configs_dir }}/jellyfin" + state: directory + mode: '0777' + become: true + - name: docker compose jellyfin down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down jellyfin" + - name: docker compose jellyfin up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d jellyfin" + - debug: + msg: > + You can log into Jellyfin at 'jellyfin.{{ domain_name }}'. + Data directories are available under '/data' and can be used by + Jellyfin. If need be, delete any existing server and go to the + URL mention above once again to setup a new server. + + - name: Install/Upgrade librespeed + when: services.librespeed.enabled + block: + - name: Create config directory on hostpath for librespeed + file: + path: "{{ services.configs_dir }}/librespeed" + state: directory + mode: '0777' + become: true + - name: docker compose librespeed down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down librespeed" + - name: docker compose librespeed up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d librespeed" + - debug: + msg: You can log into librespeed at 'librespeed.{{ domain_name }}'. + + - name: Install/Upgrade monitoring + when: services.monitoring.enabled + block: + - name: Install/Upgrade node exporter + block: + - name: Create config directory on hostpath for node-exporter + file: + path: "{{ services.configs_dir }}/node-exporter" + state: directory + mode: '0777' + become: true + - name: docker compose node-exporter down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down node-exporter" + - name: docker compose node-exporter up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d node-exporter" + - name: Install/Upgrade prometheus + block: + - name: Create config directory on hostpath for prometheus + file: + path: "{{ services.configs_dir }}/prometheus" + state: directory + mode: '0777' + become: true + - name: docker compose prometheus down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down prometheus" + - name: docker compose prometheus up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d prometheus" + - name: Install/Upgrade grafana + block: + - name: Create config directory on hostpath for grafana + file: + path: "{{ services.configs_dir }}/grafana" + state: directory + mode: '0777' + become: true + - name: docker compose grafana down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down grafana" + - name: docker compose grafana up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d grafana" + - name: Install/Upgrade loki + block: + - name: docker compose loki down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down loki" + - name: docker compose loki up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d loki" + - name: Install/Upgrade promtail + block: + - name: docker compose promtail down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down promtail" + - name: docker compose promtail up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d promtail" + + - debug: + msg: You can login into grafana at 'grafana.{{ domain_name }}'. + + # - name: Install loki-stack + # when: services.loki_stack.enabled + # block: + # - name: Install/Upgrade the loki-stack chart + # include_tasks: tasks-install-chart.yaml + # # https://artifacthub.io/packages/helm/grafana/loki-stack + # vars: + # repo_name: grafana + # repo_link: https://grafana.github.io/helm-charts + # install_namespace: "{{ namespace_monitoring }}" + # timeout: "{{ charts.timeout }}" + # release_name: loki-stack + # chart_name: loki-stack + # set_options: "--set \ + # loki.isDefault=False,\ + # test_pod.enable=False,\ + # fluent-bit.enabled=True,\ + # promtail.enabled=False" + + # - name: Set config for Grafana to add Loki as a data source + # set_fact: + # helm_kube_prometheus_stack_loki_config: "\ + # grafana.additionalDataSources[0].name=Loki,\ + # grafana.additionalDataSources[0].type=loki,\ + # grafana.additionalDataSources[0].access=proxy,\ + # grafana.additionalDataSources[0].isDefault=False,\ + # grafana.additionalDataSources[0].url='http://loki-stack.{{ namespace_monitoring }}:3100'," + + # - name: Install kube-prometheus-stack + # when: services.kube_prometheus_stack.enabled + # block: + # - name: Install/Upgrade the kube-prometheus-stack chart + # include_tasks: tasks-install-chart.yaml + # # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack + # vars: + # repo_name: prometheus-community + # repo_link: https://prometheus-community.github.io/helm-charts + # install_namespace: "{{ namespace_monitoring }}" + # timeout: "{{ charts.timeout }}" + # release_name: kube-prometheus-stack + # chart_name: kube-prometheus-stack + # set_options: "--set \ + # {{ helm_kube_prometheus_stack_loki_config }}\ + # prometheus.prometheusSpec.retention=730d,\ + # prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.accessModes={'ReadWriteOnce'},\ + # prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage='50Gi',\ + # prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false,\ + # prometheus.prometheusSpec.serviceMonitorNamespaceSelector=null,\ + # prometheus.prometheusSpec.serviceMonitorSelector=null,\ + # prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues=false,\ + # prometheus.prometheusSpec.ruleNamespaceSelector=null,\ + # prometheus.prometheusSpec.ruleSelector=null,\ + # prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,\ + # prometheus.prometheusSpec.podMonitorNamespaceSelector=null,\ + # prometheus.prometheusSpec.podMonitorSelector=null,\ + # prometheus.prometheusSpec.probeSelectorNilUsesHelmValues=false,\ + # prometheus.prometheusSpec.probeSelectorNamespaceSelector=null,\ + # prometheus.prometheusSpec.probeSelector=null,\ + + + # - name: Search for all Pods labelled app.kubernetes.io/name=grafana + # vars: + # ansible_python_interpreter: "{{ venv_python }}" + # kubernetes.core.k8s_info: + # kind: Pod + # label_selectors: + # - app.kubernetes.io/name = grafana + # register: output + + # - name: Install piechart panel plugin for Grafana + # vars: + # ansible_python_interpreter: "{{ venv_python }}" + # kubernetes.core.k8s_exec: + # namespace: "{{ namespace_monitoring }}" + # pod: "{{ output.resources[0].metadata.name }}" + # container: grafana + # command: grafana cli plugins install grafana-piechart-panel + # ignore_errors: True + + # - name: Restart pods to pick up any config updates + # include_tasks: tasks-kubernetes-delete-kind-instances.yaml + # vars: + # kind: pod + # namespace: "{{ namespace_monitoring }}" + # contains: kube-prometheus-stack + + # - debug: + # msg: > + # You can log into Grafana at 'grafana.{{ domain_name }}' using + # {{ services.kube_prometheus_stack.grafana.admin_username }}/ + # {{ services.kube_prometheus_stack.grafana.admin_password }} + + # - name: Install cnpg + # when: services.cnpg.enabled + # block: + # - name: Install/Upgrade the cnpg chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: cnpg + # repo_link: https://cloudnative-pg.github.io/charts + # install_namespace: "{{ namespace_cloudnative_postgres }}" + # timeout: "{{ charts.timeout }}" + # release_name: cnpg + # chart_name: cloudnative-pg + # set_options: "--set \ + # crds.create=true" + + # - name: Install immich + # when: services.immich.enabled + # block: + # - name: Install/Upgrade the immich chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: immich + # chart_name: immich + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # persistence.mlcache.enabled=true,\ + # persistence.mlcache.type=hostPath,\ + # persistence.mlcache.hostPath={{ services.immich.host_path }}/mlcache,\ + # persistence.microcache.enabled=true,\ + # persistence.microcache.type=hostPath,\ + # persistence.microcache.hostPath={{ services.immich.host_path }}/microcache,\ + # persistence.library.enabled=true,\ + # persistence.library.type=hostPath,\ + # persistence.library.hostPath={{ services.immich.host_path }}/library,\ + # persistence.uploads.enabled=true,\ + # persistence.uploads.type=hostPath,\ + # persistence.uploads.hostPath={{ services.immich.host_path }}/uploads,\ + # persistence.backups.enabled=true,\ + # persistence.backups.type=hostPath,\ + # persistence.backups.hostPath={{ services.immich.host_path }}/backups,\ + # persistence.thumbs.enabled=true,\ + # persistence.thumbs.type=hostPath,\ + # persistence.thumbs.hostPath={{ services.immich.host_path }}/thumbs,\ + # persistence.profile.enabled=true,\ + # persistence.profile.type=hostPath,\ + # persistence.profile.hostPath={{ services.immich.host_path }}/profile,\ + # persistence.video.enabled=true,\ + # persistence.video.type=hostPath,\ + # persistence.video.hostPath={{ services.immich.host_path }}/encoded-video,\ + # securityContext.container.runAsUser=0,\ + # securityContext.container.privileged=true,\ + # securityContext.container.runAsNonRoot=false,\ + # securityContext.container.allowPrivilegeEscalation=true,\ + # ingress.main.hosts[0].host='immich.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=immich,\ + # ingress.main.hosts[0].paths[0].service.port=10323" + + # - debug: + # msg: > + # You can log into Immich at 'immich.{{ domain_name }}'. + + # - name: Install home-assistant + # when: services.home_assistant.enabled + # block: + # - name: Install/Upgrade the home-assistant chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: home-assistant + # chart_name: home-assistant + # # not incliuding config persistence as it impacts the init setup + # # specifically the trusted proxies dont get configured blocking + # # ingress access. This is because the configmaps cannot be mounted + # # at the expected location (subdir in the hostpath mount) + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_persistence_downloads }}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # homeassistant.trusted_proxies[0]='10.0.0.0/8',\ + # ingress.main.hosts[0].host='home-assistant.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=home-assistant,\ + # ingress.main.hosts[0].paths[0].service.port=8123" + + # - name: Install qbittorrent + # when: services.qbittorrent.enabled + # block: + # - name: Create config directory on hostpath for qbittorrent + # file: + # path: "{{ services.configs_dir }}/qbittorrent" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the qbittorrent chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: qbittorrent + # chart_name: qbittorrent + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_persistence_downloads }}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/qbittorrent,\ + # ingress.main.hosts[0].host='qbittorrent.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=qbittorrent,\ + # ingress.main.hosts[0].paths[0].service.port=10095" + + # - name: Search for qbittorent pod + # vars: + # ansible_python_interpreter: "{{ venv_python }}" + # kubernetes.core.k8s_info: + # kind: Pod + # label_selectors: + # - app.kubernetes.io/instance = qbittorrent + # - app.kubernetes.io/name = qbittorrent + # register: output + + # - name: Get randomly generated password from qbittorrent pod logs + # shell: "kubectl logs {{ output.resources[0].metadata.name }} | grep -i 'temporary password' | cut -d ':' -f 2 | tr -d ' '" + # register: qbittorrent_random_password + + # - debug: + # msg: > + # You can log into qBittorrent at 'qbittorrent.{{ domain_name }}' using + # "admin/{{ qbittorrent_random_password.stdout }}" as the default creds. + # Change this after deployment. Downloads directory from the host is + # available under '/data' and can be used by the application to + # download things. Downloads in that directory will be relevant + # processing apps (like Radarr, Sonarr, etc if applicable). + + # - name: Install flaresolverr + # when: services.flaresolverr.enabled + # block: + # - name: Install/Upgrade the flaresolverr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: flaresolverr + # chart_name: flaresolverr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_resources }},\ + # persistence.config.enabled=false" + + # - debug: + # msg: > + # You can flaresolverr to bypass Cloudflare's protection + + # - name: Install prowlarr + # when: services.prowlarr.enabled + # block: + # - name: Create config directory on hostpath for prowlarr + # file: + # path: "{{ services.configs_dir }}/prowlarr" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the prowlarr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: prowlarr + # chart_name: prowlarr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/prowlarr,\ + # ingress.main.hosts[0].host='prowlarr.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=prowlarr,\ + # ingress.main.hosts[0].paths[0].service.port=9696" + + # - debug: + # msg: > + # You can log into prowlarr at 'prowlarr.{{ domain_name }}'. Go to this + # URL and add the indexers you wish to use. + + # - name: Install radarr + # when: services.radarr.enabled + # block: + # - name: Create config directory on hostpath for radarr + # file: + # path: "{{ services.configs_dir }}/radarr" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the radarr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: radarr + # chart_name: radarr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_persistence_movies }}\ + # {{ helm_common_persistence_downloads }}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/radarr,\ + # ingress.main.hosts[0].host='radarr.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=radarr,\ + # ingress.main.hosts[0].paths[0].service.port=7878" + + # - debug: + # msg: > + # You can log into radarr at 'radarr.{{ domain_name }}'. + # Data directories from the host are available under '/data' and + # can be used by the application to download things. Downloads in + # that directory will be picked up by Jellyfin. + + # - name: Install sonarr + # when: services.sonarr.enabled + # block: + # - name: Create config directory on hostpath for sonarr + # file: + # path: "{{ services.configs_dir }}/sonarr" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the sonarr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: sonarr + # chart_name: sonarr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_persistence_shows }}\ + # {{ helm_common_persistence_downloads }}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/sonarr,\ + # ingress.main.hosts[0].host='sonarr.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=sonarr,\ + # ingress.main.hosts[0].paths[0].service.port=8989" + + # - debug: + # msg: > + # You can log into sonarr at 'sonarr.{{ domain_name }}'. + # Data directories from the host are available under '/data' and + # can be used by the application to download things. Downloads in + # that directory will be picked up by Jellyfin. + + # - name: Install bazarr + # when: services.bazarr.enabled + # block: + # - name: Create config directory on hostpath for bazarr + # file: + # path: "{{ services.configs_dir }}/bazarr" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the bazarr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: bazarr + # chart_name: bazarr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_persistence_shows }}\ + # {{ helm_common_persistence_movies }}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/bazarr,\ + # metrics.main.enabled=false,\ + # ingress.main.hosts[0].host='bazarr.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=bazarr,\ + # ingress.main.hosts[0].paths[0].service.port=6767" + + # - debug: + # msg: > + # You can log into bazarr at 'bazarr.{{ domain_name }}'. + # Data directories from the host are available under '/data' and + # can be used by the application. + + # - name: Install readarr + # when: services.readarr.enabled + # block: + # - name: Create config directory on hostpath for readarr + # file: + # path: "{{ services.configs_dir }}/readarr" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the readarr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: readarr + # chart_name: readarr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_persistence_books }}\ + # {{ helm_common_persistence_downloads }}}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/readarr,\ + # ingress.main.hosts[0].host='readarr.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=readarr,\ + # ingress.main.hosts[0].paths[0].service.port=8787" + + # - debug: + # msg: > + # You can log into readarr at 'readarr.{{ domain_name }}'. + # Data directories from the host are available under '/data' and + # can be used by the application. + + # - name: Install lidarr + # when: services.lidarr.enabled + # block: + # - name: Create config directory on hostpath for lidarr + # file: + # path: "{{ services.configs_dir }}/lidarr" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the lidarr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: lidarr + # chart_name: lidarr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_persistence_music }}\ + # {{ helm_common_persistence_downloads }}}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/lidarr,\ + # ingress.main.hosts[0].host='lidarr.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=lidarr,\ + # ingress.main.hosts[0].paths[0].service.port=8686" + + # - debug: + # msg: > + # You can log into lidarr at 'lidarr.{{ domain_name }}'. + # Data directories from the host are available under '/data' and + # can be used by the application. + + # - name: Install ombi + # when: services.ombi.enabled + # block: + # - name: Create config directory on hostpath for ombi + # file: + # path: "{{ services.configs_dir }}/ombi" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the ombi chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: ombi + # chart_name: ombi + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/ombi,\ + # ingress.main.hosts[0].host='ombi.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=ombi,\ + # ingress.main.hosts[0].paths[0].service.port=3579" + # - debug: + # msg: > + # You can log into ombi at 'ombi.{{ domain_name }}'. + # Data directories are available under '/data' and can be used by + # ombi. If need be, delete any existing server and go to the + # URL mention above once again to setup a new server. + + # - name: Install jellyseerr + # when: services.jellyseerr.enabled + # block: + # - name: Create config directory on hostpath for jellyseerr + # file: + # path: "{{ services.configs_dir }}/jellyseerr" + # state: directory + # mode: '0777' + # become: true + + # - name: Install/Upgrade the jellyseerr chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: jellyseerr + # chart_name: jellyseerr + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_security_contexts }},\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/jellyseerr,\ + # ingress.main.hosts[0].host='jellyseerr.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=jellyseerr,\ + # ingress.main.hosts[0].paths[0].service.port=5055" + # - debug: + # msg: > + # You can log into jellyseerr at 'jellyseerr.{{ domain_name }}'. + # Data directories are available under '/data' and can be used by + # jellyseerr. If need be, delete any existing server and go to the + # URL mention above once again to setup a new server. + + # - name: Install librespeed + # when: services.librespeed.enabled + # block: + # - name: Install/Upgrade the librespeed chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: librespeed + # chart_name: librespeed + # # PUID={{ uid }} gives write access on the pod + # # 568 is the default user ID, added to the groups cause why not + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # {{ helm_common_persistence_config }},\ + # persistence.config.hostPath={{ services.configs_dir }}/librespeed,\ + # securityContext.container.PUID=\"{{ uid }}\",\ + # securityContext.container.PGID=\"568\",\ + # ingress.main.hosts[0].host='librespeed.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=librespeed,\ + # ingress.main.hosts[0].paths[0].service.port=10016" + + + # - name: Install calibre-web + # when: services.calibre_web.enabled + # block: + # - name: Install/Upgrade the calibre-web chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: calibre-web + # chart_name: calibre-web + # # PUID={{ uid }} gives write access on the pod + # # 568 is the default user ID, added to the groups cause why not + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_persistence_books }}\ + # {{ helm_common_persistence_downloads }}}\ + # {{ helm_common_resources }},\ + # {{ helm_common_ingress }},\ + # securityContext.container.PUID=\"{{ uid }}\",\ + # securityContext.container.PGID=\"568\",\ + # ingress.main.hosts[0].host='calibre-web.{{ domain_name }}',\ + # ingress.main.hosts[0].paths[0].service.name=calibre-web,\ + # ingress.main.hosts[0].paths[0].service.port=8083" + + # - debug: + # msg: > + # You can log into calibre-web at 'calibre-web.{{ domain_name }}'. + # Data directories from the host are available under '/data' and + # can be used by the application. + + # - name: Install calibre + # when: services.calibre.enabled + # block: + # - name: Install/Upgrade the calibre chart + # include_tasks: tasks-install-chart.yaml + # vars: + # repo_name: TrueCharts + # repo_link: oci://tccr.io/truecharts + # install_namespace: "{{ namespace_generic_services }}" + # timeout: "{{ charts.timeout }}" + # release_name: calibre + # chart_name: calibre + # # PUID={{ uid }} gives write access on the pod + # # 568 is the default user ID, added to the groups cause why not + # # securityContext.container.seccompProfile.type is required for the + # # guacamole VNC client to be able to make sys calls (required ) + # set_options: "--set \ + # {{ helm_common_general }},\ + # {{ helm_common_persistence }},\ + # {{ helm_common_persistence_books }}\ + # {{ helm_common_persistence_downloads }}}\ + # {{ helm_common_resources }},\ + # securityContext.container.PUID=\"{{ uid }}\",\ + # securityContext.container.PGID=\"568\",\ + # securityContext.container.seccompProfile.type=Unconfined,\ + # service.main.type=NodePort,\ + # service.main.ports.main.nodePort=30000,\ + # service.webserver.enabled=true" + + # - debug: + # msg: > + # You can log into calibre at '{{ ip }}:30000'. + # Data directories from the host are available under '/data' and + # can be used by the application. diff --git a/services/.env b/services/.env new file mode 100644 index 0000000..e6b5c95 --- /dev/null +++ b/services/.env @@ -0,0 +1,9 @@ +GID=3000 +UID=3000 + +DOMAIN_NAME=test + +CONFIG_DIR=/home/kimi450/data/app-configs +CACHE_DIR=/home/kimi450/data/app-cache + +MEDIA_DIR=/home/kimi450/data \ No newline at end of file diff --git a/services/compose.yaml b/services/compose.yaml new file mode 100644 index 0000000..84a6891 --- /dev/null +++ b/services/compose.yaml @@ -0,0 +1,198 @@ +services: + loki: + image: grafana/loki:latest + command: -config.file=/etc/loki/local-config.yaml + + promtail: + image: grafana/promtail:latest + volumes: + - /var/log:/var/log + command: -config.file=/etc/promtail/config.yml + + + + + + # https://github.com/bluepuma77/traefik-best-practice/blob/main/docker-traefik-dashboard-letsencrypt/docker-compose.yml + # https://doc.traefik.io/traefik/user-guides/docker-compose/acme-tls/ + traefik: + image: "traefik:v3.3" + container_name: "traefik" + command: + #- --log.filepath=/var/log/traefik.log + - --log.level=DEBUG + - --accesslog=true + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--api.insecure=false" + - --api.dashboard=true + #- --accesslog.filepath=/var/log/traefik-access.log + - --entrypoints.web.address=:80 + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entryPoints.web.http.redirections.entrypoint.scheme=https + - --entrypoints.websecure.address=:443 + # remove next line when using Traefik v2 + - --entrypoints.websecure.asDefault=true + - --entrypoints.websecure.http.tls.certresolver=myresolver + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email=test@yahoo.com" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - "443:443" + - "80:80" + volumes: + - "${CONFIG_DIR}/letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + # networks: + # - monitoring + + + + # https://grafana.com/docs/grafana-cloud/send-data/metrics/metrics-prometheus/prometheus-config-examples/docker-compose-linux/ + grafana: + image: grafana/grafana-enterprise:latest + container_name: grafana + restart: unless-stopped + # if you are running as root then set it to 0 + # else find the right id with the id -u command + user: '0' # TODO change + # adding the mount volume point which we create earlier + volumes: # TODO change + - ./grafana.yml:/etc/grafana/provisioning/datasources/grafana.yml + - '${CONFIG_DIR}/grafana/data:/var/lib/grafana' + labels: + - "traefik.enable=true" + - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN_NAME}`)" + depends_on: + - prometheus + environment: + - GF_AUTH_ANONYMOUS_ENABLED=true + - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin + - GF_PATHS_PROVISIONING=/etc/grafana/provisioning + - GF_SECURITY_ADMIN_USER=admin # TODO change + - GF_SECURITY_ADMIN_PASSWORD=admin # TODO change + - GF_FEATURE_TOGGLES_ENABLE=alertingSimplifiedRouting,alertingQueryAndExpressionsStepMode + + # networks: + # - monitoring + + node-exporter: + image: prom/node-exporter:latest + container_name: node-exporter + privileged: true + restart: unless-stopped + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + # TODO mounted dirs + command: + - '--path.procfs=/host/proc' + - '--path.rootfs=/rootfs' + # TODO mounteddirs + - '--path.sysfs=/host/sys' + - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' + # networks: + # - monitoring + + prometheus: + image: prom/prometheus:latest + container_name: prometheus + restart: unless-stopped + volumes: + - ./prometheus.yml:/etc/prometheus/prometheus.yml + - prometheus_data:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + - '--web.enable-lifecycle' + # networks: + # - monitoring + + + + + # https://hub.docker.com/r/linuxserver/librespeed + librespeed: + image: lscr.io/linuxserver/librespeed:latest + container_name: librespeed + environment: + - PUID=1000 + - PGID=1000 + - TZ=UTC + # - PASSWORD=PASSWORD + # - CUSTOM_RESULTS=false #optional + # - DB_TYPE=sqlite #optional + # - DB_NAME=DB_NAME #optional + # - DB_HOSTNAME=DB_HOSTNAME #optional + # - DB_USERNAME=DB_USERNAME #optional + # - DB_PASSWORD=DB_PASSWORD #optional + # - DB_PORT=DB_PORT #optional + # - IPINFO_APIKEY=ACCESS_TOKEN #optional + volumes: + - ${CONFIG_DIR}/librespeed/:/config + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.librespeed.rule=Host(`librespeed.${DOMAIN_NAME}`)" + + # https://jellyfin.org/docs/general/installation/container/#using-docker-compose + jellyfin: + image: jellyfin/jellyfin + container_name: jellyfin + user: ${UID}:${GID} + volumes: + - ${CONFIG_DIR}/jellyfin:/config + - ${CACHE_DIR}/cache:/cache + - type: bind + source: ${MEDIA_DIR} + target: /data + - type: bind + source: /dev/dri + target: /dev/dri + restart: 'unless-stopped' + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN_NAME}`)" + + # sonarr: + # image: lscr.io/linuxserver/sonarr:latest + # container_name: sonarr + # environment: + # - PUID=1000 + # - PGID=1000 + # - TZ=Etc/UTC + # volumes: + # - ${CONFIG_DIR}/jellyfin:/config + # - /home/kimi450/data:/data + # ports: + # - 8989:8989 + # restart: unless-stopped + # env_file: + # - path: .env + # required: true # default + # labels: + # - homepage.group=Media Automation + # - homepage.name=Sonarr + # - homepage.icon=sonarr.svg + # - homepage.href=https://sonarr.local.haak.pw + # - homepage.description=TV show tracker + # - homepage.widget.type=sonarr + # - homepage.widget.key=${SONARR_API_KEY} + # - homepage.widget.url=http://192.168.177.25:8989 + # # - "traefik.enable=true" + # # - "traefik.http.routers.sonarr.rule=Host(`sonarr.local.haak.pw`)" + # # - "traefik.http.routers.sonarr.entrypoints=https" + # # - "traefik.http.routers.sonarr.tls.certresolver=cloudflare" + # # - "traefik.http.services.sonarr.loadbalancer.server.port=8989" + +networks: + # monitoring: + proxy: + external: true + +volumes: + prometheus_data: {} \ No newline at end of file diff --git a/services/grafana.yml b/services/grafana.yml new file mode 100644 index 0000000..3928b01 --- /dev/null +++ b/services/grafana.yml @@ -0,0 +1,19 @@ +apiVersion: 1 + +datasources: +- name: Prometheus + type: prometheus + url: http://prometheus:9090 + isDefault: true + access: proxy + editable: true + scrape_interval: 1s +- name: Loki + type: loki + access: proxy + orgId: 1 + url: http://loki:3100 + basicAuth: false + isDefault: false + version: 1 + editable: false diff --git a/services/prometheus.yml b/services/prometheus.yml new file mode 100644 index 0000000..ae113c8 --- /dev/null +++ b/services/prometheus.yml @@ -0,0 +1,12 @@ +global: + scrape_interval: 1s + +scrape_configs: + - job_name: 'prometheus' + scrape_interval: 1s + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'node' + static_configs: + - targets: ['node-exporter:9100'] diff --git a/setup.yaml b/setup.yaml index 3b29636..d88c1e2 100644 --- a/setup.yaml +++ b/setup.yaml @@ -19,11 +19,9 @@ when: - docker.enabled -- import_playbook: install-charts.yaml +- import_playbook: install-services.yaml vars: ip: "{{ ansible_host }}" - when: - - charts.enabled - import_playbook: install-tightvnc-and-ssh.yaml when: diff --git a/tasks-install-chart.yaml b/tasks-install-chart.yaml deleted file mode 100644 index 00cc62a..0000000 --- a/tasks-install-chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Install {{ release_name }} - block: - - name: "Non-OCI Registry Workflow" - when: "not 'oci' in repo_link" - block: - - name: "Add helm repo {{ repo_name }} {{ repo_link }}" - shell: "helm repo add {{ repo_name }} {{ repo_link }}" - ignore_errors: True - - - name: Update helm repo - shell: helm repo update - - - name: "Set chart location to {{ repo_name }}/{{ chart_name }}" - set_fact: - chart_location: "{{ repo_name }}/{{ chart_name }}" - - - name: "OCI Registry Workflow" - when: "'oci' in repo_link" - block: - - name: "Set chart location to {{ repo_link }}/{{ chart_name }}" - set_fact: - chart_location: "{{ repo_link }}/{{ chart_name }}" - - - name: Install chart - shell: "helm upgrade -i -n {{ install_namespace }} {{ release_name }} {{ chart_location }} {{ set_options }} --timeout {{ timeout }} --create-namespace --wait" diff --git a/tasks-kubernetes-delete-kind-instances.yaml b/tasks-kubernetes-delete-kind-instances.yaml deleted file mode 100644 index 8a066f1..0000000 --- a/tasks-kubernetes-delete-kind-instances.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: "Get all '{{ kind }}' from namespace '{{ namespace }}'s that contain '{{ contains }}'" - shell: "kubectl get -n {{ namespace }} {{ kind }} --no-headers -o custom-columns=':metadata.name' | grep {{ contains }} | sed -z 's/\\n/ /g;s/ $/\\n/'" - register: output - -- name: "Delete all '{{ kind }}' from namespace '{{ namespace }}' that contain '{{ contains }}'" - shell: "kubectl delete -n {{ namespace }} {{ kind }} {{ output.stdout }}" From 02bdd585a2fb2e4a37e1cf4a684b29a7294d684a Mon Sep 17 00:00:00 2001 From: Karan Samani <24758074+Kimi450@users.noreply.github.com> Date: Sat, 12 Apr 2025 10:15:45 +0100 Subject: [PATCH 81/81] remainig changes --- README.md | 2 +- docker-compose.yaml | 4 +- group_vars/all | 4 -- install-services.yaml | 131 ++++++++-------------------------- services/.env | 2 +- services/compose.yaml | 108 ++++++++++++++++------------ services/grafana.yml | 20 +++--- services/prometheus.yml | 7 +- services/promtail-config.yaml | 51 +++++++++++++ 9 files changed, 160 insertions(+), 169 deletions(-) create mode 100644 services/promtail-config.yaml diff --git a/README.md b/README.md index 7239e24..0f0de18 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,7 @@ Use your own server - Would recommend adding a panel with the following query as it is useful to monitor pods as well - For average ``` - avg(irate(container_cpu_usage_seconds_total[2m])) by (pod,container) + avg(irate(container_cpu_usage_seconds_total[2m])) by (name) ``` - You can find information on how to use [Loki](https://grafana.com/oss/loki/) in Grafana [here](https://grafana.com/docs/loki/latest/operations/grafana/) diff --git a/docker-compose.yaml b/docker-compose.yaml index c36314c..8518dc9 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -22,9 +22,7 @@ services: grafana: environment: - - GF_PATHS_PROVISIONING=/etc/grafana/provisioning - - GF_AUTH_ANONYMOUS_ENABLED=true - - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin + - GF_FEATURE_TOGGLES_ENABLE=alertingSimplifiedRouting,alertingQueryAndExpressionsStepMode entrypoint: - sh diff --git a/group_vars/all b/group_vars/all index 3aa8589..72d12b0 100644 --- a/group_vars/all +++ b/group_vars/all @@ -72,10 +72,6 @@ services: # FYI: you dont need to create any account for this, just use an email ID email: "" # FILL OUT - # log monitoring with Loki (Needs Grafana for a UI) - loki_stack: - enabled: false - # metrics monitoring with Grafana and Prometheus monitoring: enabled: true diff --git a/install-services.yaml b/install-services.yaml index 19e00ef..fe422ef 100644 --- a/install-services.yaml +++ b/install-services.yaml @@ -219,6 +219,7 @@ - name: Install/Upgrade monitoring when: services.monitoring.enabled block: + - name: Install/Upgrade node exporter block: - name: Create config directory on hostpath for node-exporter @@ -227,10 +228,13 @@ state: directory mode: '0777' become: true + - name: docker compose node-exporter down shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down node-exporter" + - name: docker compose node-exporter up shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d node-exporter" + - name: Install/Upgrade prometheus block: - name: Create config directory on hostpath for prometheus @@ -239,12 +243,16 @@ state: directory mode: '0777' become: true + - name: docker compose prometheus down shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down prometheus" + - name: docker compose prometheus up shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d prometheus" + - name: Install/Upgrade grafana block: + - name: Create config directory on hostpath for grafana file: path: "{{ services.configs_dir }}/grafana" @@ -255,114 +263,31 @@ shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down grafana" - name: docker compose grafana up shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d grafana" - - name: Install/Upgrade loki - block: - - name: docker compose loki down - shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down loki" - - name: docker compose loki up - shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d loki" - - name: Install/Upgrade promtail + + # - name: Install/Upgrade loki + # block: + # - name: docker compose loki down + # shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down loki" + # - name: docker compose loki up + # shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d loki" + + # - name: Install/Upgrade promtail + # block: + # - name: docker compose promtail down + # shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down promtail" + # - name: docker compose promtail up + # shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d promtail" + + - name: Install/Upgrade cadvisor block: - - name: docker compose promtail down - shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down promtail" - - name: docker compose promtail up - shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d promtail" + - name: docker compose cadvisor down + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml down cadvisor" + - name: docker compose cadvisor up + shell: "docker compose -f {{ basics.home_dir }}/compose.yaml up -d cadvisor" - debug: msg: You can login into grafana at 'grafana.{{ domain_name }}'. - # - name: Install loki-stack - # when: services.loki_stack.enabled - # block: - # - name: Install/Upgrade the loki-stack chart - # include_tasks: tasks-install-chart.yaml - # # https://artifacthub.io/packages/helm/grafana/loki-stack - # vars: - # repo_name: grafana - # repo_link: https://grafana.github.io/helm-charts - # install_namespace: "{{ namespace_monitoring }}" - # timeout: "{{ charts.timeout }}" - # release_name: loki-stack - # chart_name: loki-stack - # set_options: "--set \ - # loki.isDefault=False,\ - # test_pod.enable=False,\ - # fluent-bit.enabled=True,\ - # promtail.enabled=False" - - # - name: Set config for Grafana to add Loki as a data source - # set_fact: - # helm_kube_prometheus_stack_loki_config: "\ - # grafana.additionalDataSources[0].name=Loki,\ - # grafana.additionalDataSources[0].type=loki,\ - # grafana.additionalDataSources[0].access=proxy,\ - # grafana.additionalDataSources[0].isDefault=False,\ - # grafana.additionalDataSources[0].url='http://loki-stack.{{ namespace_monitoring }}:3100'," - - # - name: Install kube-prometheus-stack - # when: services.kube_prometheus_stack.enabled - # block: - # - name: Install/Upgrade the kube-prometheus-stack chart - # include_tasks: tasks-install-chart.yaml - # # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - # vars: - # repo_name: prometheus-community - # repo_link: https://prometheus-community.github.io/helm-charts - # install_namespace: "{{ namespace_monitoring }}" - # timeout: "{{ charts.timeout }}" - # release_name: kube-prometheus-stack - # chart_name: kube-prometheus-stack - # set_options: "--set \ - # {{ helm_kube_prometheus_stack_loki_config }}\ - # prometheus.prometheusSpec.retention=730d,\ - # prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.accessModes={'ReadWriteOnce'},\ - # prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage='50Gi',\ - # prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false,\ - # prometheus.prometheusSpec.serviceMonitorNamespaceSelector=null,\ - # prometheus.prometheusSpec.serviceMonitorSelector=null,\ - # prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues=false,\ - # prometheus.prometheusSpec.ruleNamespaceSelector=null,\ - # prometheus.prometheusSpec.ruleSelector=null,\ - # prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,\ - # prometheus.prometheusSpec.podMonitorNamespaceSelector=null,\ - # prometheus.prometheusSpec.podMonitorSelector=null,\ - # prometheus.prometheusSpec.probeSelectorNilUsesHelmValues=false,\ - # prometheus.prometheusSpec.probeSelectorNamespaceSelector=null,\ - # prometheus.prometheusSpec.probeSelector=null,\ - - - # - name: Search for all Pods labelled app.kubernetes.io/name=grafana - # vars: - # ansible_python_interpreter: "{{ venv_python }}" - # kubernetes.core.k8s_info: - # kind: Pod - # label_selectors: - # - app.kubernetes.io/name = grafana - # register: output - - # - name: Install piechart panel plugin for Grafana - # vars: - # ansible_python_interpreter: "{{ venv_python }}" - # kubernetes.core.k8s_exec: - # namespace: "{{ namespace_monitoring }}" - # pod: "{{ output.resources[0].metadata.name }}" - # container: grafana - # command: grafana cli plugins install grafana-piechart-panel - # ignore_errors: True - - # - name: Restart pods to pick up any config updates - # include_tasks: tasks-kubernetes-delete-kind-instances.yaml - # vars: - # kind: pod - # namespace: "{{ namespace_monitoring }}" - # contains: kube-prometheus-stack - - # - debug: - # msg: > - # You can log into Grafana at 'grafana.{{ domain_name }}' using - # {{ services.kube_prometheus_stack.grafana.admin_username }}/ - # {{ services.kube_prometheus_stack.grafana.admin_password }} - # - name: Install cnpg # when: services.cnpg.enabled # block: diff --git a/services/.env b/services/.env index e6b5c95..c25ed8b 100644 --- a/services/.env +++ b/services/.env @@ -1,7 +1,7 @@ GID=3000 UID=3000 -DOMAIN_NAME=test +DOMAIN_NAME= CONFIG_DIR=/home/kimi450/data/app-configs CACHE_DIR=/home/kimi450/data/app-cache diff --git a/services/compose.yaml b/services/compose.yaml index 84a6891..bbccebd 100644 --- a/services/compose.yaml +++ b/services/compose.yaml @@ -1,17 +1,38 @@ services: - loki: - image: grafana/loki:latest - command: -config.file=/etc/loki/local-config.yaml - - promtail: - image: grafana/promtail:latest - volumes: - - /var/log:/var/log - command: -config.file=/etc/promtail/config.yml - - - - +# loki: +# image: grafana/loki:latest +# command: -config.file=/etc/loki/local-config.yaml + +# # https://github.com/grafana/loki/issues/333 +# promtail: +# image: grafana/promtail:latest +# volumes: +# - /var/log:/var/log +# - /var/lib/docker:/var/lib/docker:ro +# - ./promtail-config.yaml:/etc/promtail/promtail-config.yml +# command: -config.file=/etc/promtail/promtail-config.yml + + + + # https://github.com/google/cadvisor/issues/2523 + # https://medium.com/@sohammohite/docker-container-monitoring-with-cadvisor-prometheus-and-grafana-using-docker-compose-b47ec78efbc + cadvisor: + container_name: cadvisor + image: gcr.io/cadvisor/cadvisor:latest + command: + - '--housekeeping_interval=15s' # TODO configure + - "--docker_only=true" + # - "--store_container_labels=false" + # - "--disable_metrics=percpu,sched,tcp,udp,disk,diskIO,hugetlb,referenced_memory,cpu_topology,resctrl" + volumes: + - "/:/rootfs" + - "/var/run:/var/run" + - "/sys:/sys" + - "/var/lib/docker/:/var/lib/docker" + - "/dev/disk/:/dev/disk" + privileged: true + devices: + - "/dev/kmsg" # https://github.com/bluepuma77/traefik-best-practice/blob/main/docker-traefik-dashboard-letsencrypt/docker-compose.yml # https://doc.traefik.io/traefik/user-guides/docker-compose/acme-tls/ @@ -36,7 +57,7 @@ services: - --entrypoints.websecure.http.tls.certresolver=myresolver - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.email=test@yahoo.com" + - "--certificatesresolvers.myresolver.acme.email=kimi450@yahoo.com" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" ports: - "443:443" @@ -47,36 +68,6 @@ services: # networks: # - monitoring - - - # https://grafana.com/docs/grafana-cloud/send-data/metrics/metrics-prometheus/prometheus-config-examples/docker-compose-linux/ - grafana: - image: grafana/grafana-enterprise:latest - container_name: grafana - restart: unless-stopped - # if you are running as root then set it to 0 - # else find the right id with the id -u command - user: '0' # TODO change - # adding the mount volume point which we create earlier - volumes: # TODO change - - ./grafana.yml:/etc/grafana/provisioning/datasources/grafana.yml - - '${CONFIG_DIR}/grafana/data:/var/lib/grafana' - labels: - - "traefik.enable=true" - - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN_NAME}`)" - depends_on: - - prometheus - environment: - - GF_AUTH_ANONYMOUS_ENABLED=true - - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin - - GF_PATHS_PROVISIONING=/etc/grafana/provisioning - - GF_SECURITY_ADMIN_USER=admin # TODO change - - GF_SECURITY_ADMIN_PASSWORD=admin # TODO change - - GF_FEATURE_TOGGLES_ENABLE=alertingSimplifiedRouting,alertingQueryAndExpressionsStepMode - - # networks: - # - monitoring - node-exporter: image: prom/node-exporter:latest container_name: node-exporter @@ -96,6 +87,7 @@ services: # networks: # - monitoring + prometheus: image: prom/prometheus:latest container_name: prometheus @@ -114,6 +106,34 @@ services: + # https://grafana.com/docs/grafana-cloud/send-data/metrics/metrics-prometheus/prometheus-config-examples/docker-compose-linux/ + grafana: + image: grafana/grafana-enterprise:latest + container_name: grafana + restart: unless-stopped + # if you are running as root then set it to 0 + # else find the right id with the id -u command + user: '0' # TODO change + # adding the mount volume point which we create earlier + volumes: # TODO change + - ./grafana.yml:/etc/grafana/provisioning/datasources/grafana.yml + - '${CONFIG_DIR}/grafana/data:/var/lib/grafana' + labels: + - "traefik.enable=true" + - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN_NAME}`)" + environment: + - GF_AUTH_ANONYMOUS_ENABLED=true + - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin + - GF_PATHS_PROVISIONING=/etc/grafana/provisioning + - GF_SECURITY_ADMIN_USER=admin # TODO change + - GF_SECURITY_ADMIN_PASSWORD=admin # TODO change + - GF_FEATURE_TOGGLES_ENABLE=alertingSimplifiedRouting,alertingQueryAndExpressionsStepMode + + # networks: + # - monitoring + + + # https://hub.docker.com/r/linuxserver/librespeed librespeed: diff --git a/services/grafana.yml b/services/grafana.yml index 3928b01..391a247 100644 --- a/services/grafana.yml +++ b/services/grafana.yml @@ -7,13 +7,13 @@ datasources: isDefault: true access: proxy editable: true - scrape_interval: 1s -- name: Loki - type: loki - access: proxy - orgId: 1 - url: http://loki:3100 - basicAuth: false - isDefault: false - version: 1 - editable: false + scrape_interval: 1s # TODO configure +# - name: Loki +# type: loki +# access: proxy +# orgId: 1 +# url: http://loki:3100 +# basicAuth: false +# isDefault: false +# version: 1 +# editable: false diff --git a/services/prometheus.yml b/services/prometheus.yml index ae113c8..f367f14 100644 --- a/services/prometheus.yml +++ b/services/prometheus.yml @@ -1,12 +1,13 @@ global: - scrape_interval: 1s + scrape_interval: 1s # TODO configure scrape_configs: - job_name: 'prometheus' - scrape_interval: 1s static_configs: - targets: ['localhost:9090'] - + - job_name: "cadvisor" + static_configs: + - targets: ["cadvisor:8080"] - job_name: 'node' static_configs: - targets: ['node-exporter:9100'] diff --git a/services/promtail-config.yaml b/services/promtail-config.yaml new file mode 100644 index 0000000..a3df81c --- /dev/null +++ b/services/promtail-config.yaml @@ -0,0 +1,51 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://loki:3100/loki/api/v1/push + +scrape_configs: + +- job_name: system + static_configs: + - targets: + - localhost + labels: + job: varlogs + __path__: /var/log/*log + +- job_name: containers + static_configs: + - targets: + - localhost + labels: + job: containerlogs + __path__: /var/lib/docker/containers/*/*log + + pipeline_stages: + - json: + expressions: + log: log + stream: stream + time: time + compose_project: attrs."com.docker.compose.project" + compose_service: attrs."com.docker.compose.service" + stack_name: attrs."com.docker.stack.namespace" + tag: attrs.tag + - regex: + expression: "^/var/lib/docker/containers/(?P.{12}).+/.+-json.log$" + source: filename + - timestamp: + format: RFC3339Nano + source: time + - labels: + stream: + container_id: + tag: + compose_project: + compose_service: + stack_name: