nginx, gitea, pi-hole

roles/ansible-role-security/tasks/ssh.yml

@@ -29,5 +29,7 @@
       line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}"
     - regexp: "^X11Forwarding"
       line: "X11Forwarding {{ security_ssh_x11_forwarding }}"
+    - regexp: "^ListenAddress"
+      line: "ListenAddress {{ ip_admin }}"
   notify: restart ssh
 

roles/docker_spin_up/tasks/dashboard_my_public.yml

@@ -0,0 +1,9 @@
+---
+- name: "{{ docker_name }}"
+  community.docker.docker_container:
+    name: "{{ docker_name }}"
+    image: ghcr.io/gethomepage/homepage:latest
+    ports:
+      - 3000:3000
+    volumes:
+      - "{{ docker_homepath }}/config:/app/config" # Make sure your local config directory exists

roles/docker_spin_up/tasks/gitea.yml

@@ -0,0 +1,24 @@
+---
+- name: gitea
+  community.docker.docker_container:
+    image: gitea/gitea:1.19.3
+    name: gitea
+    env:
+      USER_UID: "1000"
+      USER_GID: "1000"
+      GITEA__database__DB_TYPE: "mysql"
+      GITEA__database__HOST: "{{ mysql_host}}:3306"
+      GITEA__database__NAME: "{{ GITEA__database__NAME }}"
+      GITEA__database__USER: "{{ GITEA__database__USER }}"
+      GITEA__database__PASSWD: "{{ GITEA__database__PASSWD }}" 
+      ROOT_URL: "http://pi-vpn:8082/"
+    restart_policy: always
+    networks:
+      - name: http
+    volumes:
+      - "{{ docker_homepath }}/gitea:/data"
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+    #  - "8082:3000"
+      - "222:22"

roles/docker_spin_up/tasks/nextcloud.yml

@@ -0,0 +1,19 @@
+---
+- name: nextcloud
+  community.docker.docker_container:
+    name: nextcloud
+    image: nextcloud:26.0-fpm
+    restart_policy: always
+#    ports:
+#      - 8080:80
+    volumes:
+      - "{{ docker_homepath }}/nextcloud_nextcloud_1/_data:/var/www/html"
+    env:
+      MYSQL_PASSWORD: "{{ NEXTCLOUD_MYSQL_PASSWORD }}"
+      MYSQL_DATABASE: "{{ NEXTCLOUD_MYSQL_DATABASE }}"
+      MYSQL_USER: "{{ NEXTCLOUD_MYSQL_USER }}"
+      MYSQL_HOST: "{{ mysql_host }}"
+      PHP_MEMORY_LIMIT: 2G
+      PHP_UPLOAD_LIMIT: 10G
+    networks:
+      - name: http

roles/docker_spin_up/tasks/nginx.yml

@@ -6,10 +6,11 @@
     restart_policy: unless-stopped
     ports:
       - '80:80'
-      - '81:81'
+      - "{{ ip_admin }}:81:81"
       - '443:443'
     volumes:
       - "{{ docker_homepath }}/data:/data"
       - "{{ docker_homepath }}/letsencrypt:/etc/letsencrypt"
+      - "/bigpool/nextcloud/nextcloud_nextcloud_1/_data/:/var/www/html:ro"
     networks:
       - name: http

roles/docker_spin_up/tasks/pi-hole.yml

@@ -0,0 +1,20 @@
+- name: pi-hole
+  community.docker.docker_container:
+    name: pi-hole
+    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      # - "8092:80/tcp"
+    env:
+      TZ: 'Europe/Prague'
+      WEBPASSWORD: "{{ password }}" 
+    # Volumes store your data between container upgrades
+    volumes:
+      - "{{ docker_homepath }}/etc-pihole:/etc/pihole"
+      - "{{ docker_homepath }}/etc-dnsmasq.d:/etc/dnsmasq.d"
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    restart_policy: unless-stopped
+    networks:
+      - name: http

roles/linux_config_init/tasks/main.yml

@@ -7,7 +7,7 @@
      - hostname_set.yml
      - git.yml
 #     - create_user.yml
-     - set_perma_ip.yml
+#     - set_perma_ip.yml
      - bashrc_copy.yml
      - timezone.yml
 

roles/linux_config_init/templates/etc_network_interface

@@ -4,7 +4,9 @@ iface lo inet loopback
 auto {{ in_face }}
 iface {{ in_face }} inet static
 address {{ ip }}/24
+
+iface {{ in_face }} inet static
+address {{ ip_admin }}/24
+
 gateway 192.168.5.1
-
-
 source /etc/network/interfaces.d/*

vault.yml

@@ -1,19 +1,30 @@
 $ANSIBLE_VAULT;1.1;AES256
-35363534613936356464373637376133343034633638376163633063383335636364373864353935
+35613836323530633636393530383362636264653266353364373563333338626139323063343961
-3366356539376539316237303231373464336563383539330a666236356231323938656531643262
+3664663931393161616231316236313738663461633934350a643535333363376265653464393831
-39613261333032353332653034366537616535613164663333636133613066363833386462343036
+66333763636239323835333630623335643232653932626463616130376661353538306530353739
-6137653433666632380a383132346135633637333831313735366430316263343732633865636262
+3731636635363264350a636533633036623033353234353233306261323736373636616132366339
-33393166353735636635633761386532373261623264376265396533613737313330613230343765
+62646131313463313639333931653131306636633239656235623330633137663031656566333463
-32303133383264613764343933306166646236393463383133633231633866643765313163383436
+32353964376161383864336130346336643838333566383464373961646430643538636537313132
-66356135373332303335636263643839383264343362323933303736383562313435616432653735
+37376634373562633930323930306464613838366231363839356234343830333763643530656665
-35326132646439663932343264623133643737646533396362336662656633323064396332633966
+32643730356565653465326537373564386337663330396139396166396163333865633130643664
-31326164363532633337313730616637336266646239346632363838643431336238616637376630
+61616437353561653564616139346561343939663663316330303636366664383230633539353133
-63336334383139653231396532333530333465616539356532396164376264303534623937383261
+63633637353961383937393438343032303230633531613333353036643031323266336162366663
-31666130633832616436616336353136363765326163336131363735353934323266633232616234
+65383530383639323063333665393334316133623564346164653764613830643263643838353037
-30356136326138393134626135643464656336353362643635303937656161653036613337326134
+38643461613234346131306636353834636634363935633365633661353736633361383666396261
-38633531303339613935336266386632363335613838356539613934626133363364323932343565
+33636263633431623631326266623664633238393338643664343739386530363032366537323532
-32646361623837663832373933336338383737343237343364313134343030323432643034303432
+62396562633465363338663939363836396234656139633136623438613739383839313534356630
-34313366633233373136346565363266336532333434303635353930343164316565626437356561
+66663763313132646362363162396230666633303336343262386333643138356432613161336163
-33653339353563343330626232313331656638366538666535313936343664613165306133356163
+65653861363565633630316161613634386634666564366465353931353361313837373437303531
-33373561633062613564306133336562643235643065323961303666306565366532663033393035
+66613337323464353734346537353737646335383539646161333039653037383963343463366462
-3737656462363930383834613234666131626161343761303435
+64303064623434356138646466373261666564396332396631336532316436363936623137386437
+62326165386438376139346131623832323561303364373034393232306133386633393933366361
+61303630356363636236643731653630323264303939643161633631323034633166373633303133
+31383531646330353661613266396330396266643835363236383638623634356465373734383433
+32623863366539656536346436343232613163353230303763396536653162393264643266663831
+65343562373164316439613961356335373633663931313538326136666463663930346331373536
+39353763383837373761653332643734363764656131356462313361396335613463303630396432
+65366361623265323339323238636537663634373361653639383432363138396433626236393966
+39633333313830333665343930323630333933373731656635643836663234663738343830643434
+63663164393137643861326566383763656166343865393737346539386234333137613333633965
+39636339303263616263646438626437396337306466386162306333363037663736623862343465
+31623263326131643134353166356465323934323965393837656132393630626630

zeus-vars.yml

@@ -1 +1,4 @@
 zfs_pool_name: bigpool
+ip: 192.168.5.7
+ip_admin: 192.168.6.7
+mysql_host: "{{ ip_admin }}"

zeus.yml

@@ -2,6 +2,7 @@
 #  hosts: zeus-public
 #  become: true
 #  vars_files:
+#  - zeus-vars.yml
 #  - vault.yml
 #  vars:
 #   user: warezjoe
@@ -11,7 +12,6 @@
 #   host: zeus
 #   set_ip: true # false
 #   in_face: ens18
-#   ip: 192.168.5.7
 #   samba_ip: "{{ ip }}/32"
 #   docker_users: "{{ user }}"
 #  roles:
@@ -76,21 +76,21 @@
 #    #- role: create_zfs_dataset
 #    - role: mariaDB_install
 
-- name: nginx
+#- name: nginx
-  hosts: zeus-public
+#  hosts: zeus-public
-  become: true
+#  become: true
-  vars_files:
+#  vars_files:
-    - zeus-vars.yml
+#    - zeus-vars.yml
-  vars:
+#  vars:
-    docker_name: nginx
+#    docker_name: nginx
-    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_name: "{{ docker_name }}"
-    zfs_dataset_user: root
+#    zfs_dataset_user: root
-    zfs_dataset_group: root
+#    zfs_dataset_group: root
-    zfs_dataset_size: 100M
+#    zfs_dataset_size: 100M
-    docker_compose_file: nginx.yml
+#    docker_compose_file: nginx.yml
-  roles:
+#  roles:
-    - role: create_zfs_dataset
+#    - role: create_zfs_dataset
-    - role: docker_spin_up
+#    - role: docker_spin_up
 
 
 #- name: email
@@ -112,46 +112,111 @@
 
 
 
-- name: Torrent client spawn
+#- name: Torrent client spawn
+#  hosts: zeus-public
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    user: warezjoe
+#    uid: "1000"
+#    password: "{{ warezjoe_password_un }}"
+#    docker_name: transmission
+#    docker_compose_file: transmission.yaml
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: "{{ user }}"
+#    zfs_dataset_group: "{{ user }}"
+#    zfs_dataset_size: 1T
+#
+#  roles:
+#     - role: create_zfs_dataset
+#     - role: docker_spin_up
+
+
+#- name: Pi-hole
+#  hosts: zeus-public
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: pi-hole
+#    password: "{{ warezjoe_password_un }}"
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 1G
+#    docker_compose_file: pi-hole.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: Pi-hole
+#  hosts: zeus-public
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: pi-hole
+#    password: "{{ warezjoe_password_un }}"
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 1G
+#    docker_compose_file: pi-hole.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: nextcloud
+#  hosts: zeus-public
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: nextcloud
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 1T
+#    docker_compose_file: nextcloud.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+#- name: gitea
+#  hosts: zeus-public
+#  become: true
+#  vars_files:
+#    - vault.yml
+#    - zeus-vars.yml
+#  vars:
+#    docker_name: gitea
+#    zfs_dataset_name: "{{ docker_name }}"
+#    zfs_dataset_user: root
+#    zfs_dataset_group: root
+#    zfs_dataset_size: 100M
+#    docker_compose_file: gitea.yml
+#  roles:
+#    - role: create_zfs_dataset
+#    - role: docker_spin_up
+
+- name: dashboard-my-public
   hosts: zeus-public
   become: true
   vars_files:
     - vault.yml
     - zeus-vars.yml
   vars:
-    user: warezjoe
+    docker_name: dashboard_my_public
-    uid: "1000"
-    password: "{{ warezjoe_password_un }}"
-    docker_name: transmission
-    docker_compose_file: transmission.yaml
-    zfs_dataset_name: "{{ docker_name }}"
-    zfs_dataset_user: "{{ user }}"
-    zfs_dataset_group: "{{ user }}"
-    zfs_dataset_size: 1T
-
-  roles:
-     - role: create_zfs_dataset
-     - role: docker_spin_up
-
-
-- name: Pi-hole
-  hosts: zeus-public
-  become: true
-  vars_files:
-    - vault.yml
-    - zeus-vars.yml
-  vars:
-    docker_name: pi-hole
     zfs_dataset_name: "{{ docker_name }}"
     zfs_dataset_user: root
     zfs_dataset_group: root
     zfs_dataset_size: 100M
-    docker_compose_file: pi-hole.yml
+    docker_compose_file: "{{ docker_name }}.yml"
   roles:
     - role: create_zfs_dataset
     - role: docker_spin_up
-
-
-
-
-