Update 2 files
- /group_vars/all.yml - /roles/docker/tasks/main.yml
This commit is contained in:
Administrator
parent
0ea8fbce3b
commit
b24fdfa7ca
@ -50,19 +50,22 @@ cleanup_packages:
|
||||
- gparted
|
||||
|
||||
# =============================================================================
|
||||
# DOCKER PINNING ДЛЯ LXC
|
||||
# DOCKER SETTINGS (LXC-safe versions)
|
||||
# =============================================================================
|
||||
docker_pinned_packages:
|
||||
- "containerd.io=1.7.28-1~ubuntu.24.04~noble"
|
||||
- "runc=1.1.12-0ubuntu3"
|
||||
|
||||
# Безопасные версии пакетов Docker для LXC (чтобы apt upgrade не сломал)
|
||||
# Безопасные версии пакетов Docker для LXC (Ubuntu 24.04 Noble)
|
||||
docker_ce_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
|
||||
docker_ce_cli_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
|
||||
containerd_io_version: "1.7.28-1~ubuntu.{{ ansible_distribution_release }}~noble"
|
||||
runc_safe_version: "1.1.12-0ubuntu3"
|
||||
|
||||
# Включить фиксацию версий Docker в LXC
|
||||
# Список пакетов для фиксации (используется в задачах apt)
|
||||
docker_pinned_packages:
|
||||
- "docker-ce={{ docker_ce_version }}"
|
||||
- "docker-ce-cli={{ docker_ce_cli_version }}"
|
||||
- "containerd.io={{ containerd_io_version }}"
|
||||
- "runc={{ runc_safe_version }}"
|
||||
|
||||
# Включить фиксацию версий в LXC
|
||||
lxc_docker_pin_enabled: true
|
||||
|
||||
# Пакеты для исключения из upgrade в LXC (через APT pinning)
|
||||
@ -76,18 +79,18 @@ docker_exclude_packages_lxc:
|
||||
# СЕТЕВЫЕ НАСТРОЙКИ
|
||||
# =============================================================================
|
||||
server_ips:
|
||||
olimp: "192.168.1.200" # Proxmox
|
||||
gateway: "192.168.1.201" # NPM, Dashy, Heimdall
|
||||
data: "192.168.1.202" # Bitwarden, Mealie, Bookstack
|
||||
media: "192.168.1.203" # Jellyfin, Ampache, Calibre
|
||||
photo: "192.168.1.204" # Immich
|
||||
nextcloud: "192.168.1.205" # Nextcloud
|
||||
talk: "192.168.1.206" # Matrix, Mumble, Snikket, TeamSpeak
|
||||
games: "192.168.1.207" # Minecraft
|
||||
manage: "192.168.1.208" # Grafana, Loki, MeshCentral
|
||||
git: "192.168.1.209" # GitLab
|
||||
ansible: "192.168.1.210" # Ansible
|
||||
torrent: "192.168.1.211" # Qbittorrent, TorrServer
|
||||
olimp: "192.168.1.200"
|
||||
gateway: "192.168.1.201"
|
||||
data: "192.168.1.202"
|
||||
media: "192.168.1.203"
|
||||
photo: "192.168.1.204"
|
||||
nextcloud: "192.168.1.205"
|
||||
talk: "192.168.1.206"
|
||||
games: "192.168.1.207"
|
||||
manage: "192.168.1.208"
|
||||
git: "192.168.1.209"
|
||||
ansible: "192.168.1.210"
|
||||
torrent: "192.168.1.211"
|
||||
|
||||
# =============================================================================
|
||||
# МОНИТОРИНГ (VictoriaMetrics, Grafana, Loki)
|
||||
@ -127,12 +130,10 @@ monitoring_groups:
|
||||
- "{{ server_ips.ansible }}"
|
||||
- "{{ server_ips.torrent }}"
|
||||
|
||||
# Proxmox Exporter
|
||||
pve_exporter_user: "pve_exporter@pve"
|
||||
pve_exporter_token_name: "grafana"
|
||||
pve_exporter_token_value: "{{ vault_pve_exporter_token }}"
|
||||
|
||||
# VictoriaMetrics & Grafana
|
||||
victoriametrics_retention_months: 2
|
||||
victoriametrics_version: v1.101.0
|
||||
grafana_version: 11.2.0
|
||||
@ -140,11 +141,9 @@ grafana_admin_user: admin
|
||||
grafana_admin_password: "{{ vault_grafana_admin_password }}"
|
||||
grafana_root_url: https://mon.zailon.ru
|
||||
|
||||
# Loki
|
||||
loki_version: "2.9.2"
|
||||
loki_retention_days: 30
|
||||
|
||||
# cAdvisor
|
||||
cadvisor_enabled: true
|
||||
cadvisor_base_dir: "/opt/cadvisor"
|
||||
cadvisor_port: 8080
|
||||
@ -155,11 +154,9 @@ cadvisor_port: 8080
|
||||
npm_base_dir: "/opt/npm"
|
||||
npm_data_dir: "/opt/npm/data"
|
||||
npm_letsencrypt_dir: "/opt/npm/letsencrypt"
|
||||
|
||||
heimdall_base_dir: "/opt/heimdall"
|
||||
heimdall_config_dir: "/opt/heimdall/config"
|
||||
heimdall_port: "45131"
|
||||
|
||||
dashy_base_dir: "/opt/dashy"
|
||||
dashy_config_dir: "{{ dashy_base_dir }}/config"
|
||||
dashy_port: "45132"
|
||||
@ -168,7 +165,6 @@ dashy_domain: "start.zailon.ru"
|
||||
# =============================================================================
|
||||
# СЕРВИСЫ: DATA (192.168.1.202)
|
||||
# =============================================================================
|
||||
# Bitwarden
|
||||
bitwarden_base_dir: "/mnt/bitwarden"
|
||||
bitwarden_data_dir: "{{ bitwarden_base_dir }}/vw-data"
|
||||
bitwarden_port: "45131"
|
||||
@ -183,14 +179,12 @@ bitwarden_smtp_password: "{{ vault_bitwarden_smtp_password }}"
|
||||
bitwarden_smtp_from: "zailon@bk.ru"
|
||||
bitwarden_domain: "https://bw.zailon.ru"
|
||||
|
||||
# Mealie
|
||||
mealie_base_dir: "/mnt/mealie"
|
||||
mealie_data_dir: "/mnt/mealie/data"
|
||||
mealie_port: "45132"
|
||||
mealie_db_type: "sqlite"
|
||||
mealie_db_password: "{{ vault_mealie_db_password }}"
|
||||
|
||||
# Bookstack
|
||||
bookstack_base_dir: "/mnt/bookstack"
|
||||
bookstack_config_dir: "/mnt/bookstack/config"
|
||||
bookstack_uploads_dir: "/mnt/bookstack/uploads"
|
||||
@ -202,7 +196,6 @@ bookstack_port: "45133"
|
||||
# =============================================================================
|
||||
service_config_base: "/mnt/service"
|
||||
|
||||
# Jellyfin
|
||||
jellyfin_base_dir: "{{ service_config_base }}/jellyfin"
|
||||
jellyfin_config_dir: "{{ jellyfin_base_dir }}/config"
|
||||
jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache"
|
||||
@ -211,13 +204,11 @@ jellyfin_media_path: "/mnt/video"
|
||||
jellyfin_port: "45131"
|
||||
jellyfin_hw_acceleration: true
|
||||
|
||||
# Audiobookshelf
|
||||
audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf"
|
||||
audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config"
|
||||
audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db"
|
||||
audiobookshelf_port: "45132"
|
||||
|
||||
# Calibre Web
|
||||
calibre_base_dir: "{{ service_config_base }}/calibre"
|
||||
calibre_library_dir: "/mnt/books/calibre"
|
||||
calibre_config_dir: "{{ calibre_base_dir }}/config"
|
||||
@ -229,14 +220,12 @@ calibre_web_enable_registration: false
|
||||
calibre_web_enable_webdav: true
|
||||
calibre_web_enable_opds: true
|
||||
|
||||
# Ampache
|
||||
ampache_base_dir: "{{ service_config_base }}/ampache"
|
||||
ampache_config_dir: "{{ ampache_base_dir }}/config"
|
||||
ampache_logs_dir: "{{ ampache_base_dir }}/logs"
|
||||
ampache_mysql_dir: "{{ ampache_base_dir }}/mysql"
|
||||
ampache_port: "45134"
|
||||
|
||||
# Flibusta
|
||||
flibusta_base_dir: "/mnt/service/flibusta"
|
||||
flibusta_source_archives_dir: "/mnt/books/flibusta"
|
||||
flibusta_web_port: "45137"
|
||||
@ -258,7 +247,6 @@ immich_version: "release"
|
||||
# =============================================================================
|
||||
# СЕРВИСЫ: TALK (192.168.1.206)
|
||||
# =============================================================================
|
||||
# Mumble
|
||||
mumble_base_dir: "/mnt/mumble"
|
||||
mumble_data_dir: "{{ mumble_base_dir }}/data"
|
||||
mumble_port: "45131"
|
||||
@ -267,7 +255,6 @@ mumble_max_users: "100"
|
||||
mumble_server_password: "{{ vault_mumble_server_password }}"
|
||||
mumble_superuser_password: "{{ vault_mumble_superuser_password }}"
|
||||
|
||||
# Matrix (Synapse)
|
||||
matrix_base_dir: "/mnt/matrix"
|
||||
matrix_data_dir: "{{ matrix_base_dir }}/data"
|
||||
matrix_config_dir: "{{ matrix_base_dir }}/config"
|
||||
@ -285,7 +272,6 @@ matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}"
|
||||
matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}"
|
||||
matrix_form_secret: "{{ vault_matrix_form_secret }}"
|
||||
|
||||
# Snikket (XMPP)
|
||||
snikket_base_dir: "/mnt/snikket"
|
||||
snikket_data_dir: "{{ snikket_base_dir }}/snikket_data"
|
||||
snikket_nginx_custom_dir: "{{ snikket_base_dir }}/nginx-custom"
|
||||
@ -312,7 +298,6 @@ snikket_backup_retention_days: 30
|
||||
snikket_admin_password: "{{ vault_snikket_admin_password }}"
|
||||
snikket_invite_token: "{{ vault_snikket_invite_token }}"
|
||||
|
||||
# TeamSpeak
|
||||
teamspeak_base_dir: "/mnt/teamspeak"
|
||||
teamspeak_data_dir: "{{ teamspeak_base_dir }}/data"
|
||||
teamspeak_logs_dir: "{{ teamspeak_base_dir }}/logs"
|
||||
@ -345,7 +330,6 @@ meshcentral_files_dir: "/mnt/mesh/meshcentral-files"
|
||||
meshcentral_backup_dir: "/mnt/mesh/meshcentral-backup"
|
||||
meshcentral_port: "45131"
|
||||
|
||||
# Grafana
|
||||
grafana_base_dir: /mnt/grafana
|
||||
grafana_data_dir: "{{ grafana_base_dir }}/data"
|
||||
grafana_config_dir: "{{ grafana_base_dir }}/config"
|
||||
@ -354,14 +338,12 @@ grafana_vmagent_tmp_dir: "{{ grafana_base_dir }}/vmagent/tmp"
|
||||
grafana_vmagent_config: "{{ grafana_base_dir }}/vmagent/vmagent.yaml"
|
||||
grafana_port: 45132
|
||||
|
||||
# Loki
|
||||
loki_base_dir: "/mnt/loki"
|
||||
loki_config_dir: "{{ loki_base_dir }}/config"
|
||||
loki_data_dir: "{{ loki_base_dir }}/data"
|
||||
loki_server_host: "{{ server_ips.manage }}"
|
||||
loki_server_port: "{{ monitoring_ports.loki }}"
|
||||
|
||||
# Promtail
|
||||
promtail_config_dir: "/etc/promtail"
|
||||
promtail_data_dir: "/var/lib/promtail"
|
||||
|
||||
@ -392,7 +374,6 @@ qbittorrent_port_webui: 8080
|
||||
qbittorrent_port_torrent: 6881
|
||||
qbittorrent_smb_credentials_dir: "/etc/smb-creds"
|
||||
|
||||
# Учётные данные для SMB-шар
|
||||
qbittorrent_smb_creds:
|
||||
olimp:
|
||||
username: "Olimp"
|
||||
@ -403,69 +384,56 @@ qbittorrent_smb_creds:
|
||||
password: "{{ vault_samba_password_qb }}"
|
||||
file: "qb"
|
||||
|
||||
# Маунты SMB-шар
|
||||
qbittorrent_shares:
|
||||
- name: downloads
|
||||
src: "//192.168.1.101/Downloads"
|
||||
dest: "/mnt/downloads"
|
||||
credential: "olimp"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.olimp.file }}"
|
||||
|
||||
- name: abook
|
||||
src: "//192.168.1.203/Abook"
|
||||
dest: "/mnt/abook"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: music
|
||||
src: "//192.168.1.203/Music"
|
||||
dest: "/mnt/audio"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: books
|
||||
src: "//192.168.1.203/Books"
|
||||
dest: "/mnt/books"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: films
|
||||
src: "//192.168.1.203/Films"
|
||||
dest: "/mnt/video/films"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: mult
|
||||
src: "//192.168.1.203/Mult"
|
||||
dest: "/mnt/video/mult"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: anime
|
||||
src: "//192.168.1.203/Anime"
|
||||
dest: "/mnt/video/anime"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: serial
|
||||
src: "//192.168.1.203/Serial"
|
||||
dest: "/mnt/video/serial"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: mserials
|
||||
src: "//192.168.1.203/Mserials"
|
||||
dest: "/mnt/video/mserials"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: doc
|
||||
src: "//192.168.1.203/Doc"
|
||||
dest: "/mnt/video/doc"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: ztube
|
||||
src: "//192.168.1.203/Ztube"
|
||||
dest: "/mnt/video/ztube"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: show
|
||||
src: "//192.168.1.203/Show"
|
||||
dest: "/mnt/video/show"
|
||||
opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}"
|
||||
|
||||
- name: games
|
||||
src: "//192.168.1.207/Games"
|
||||
dest: "/mnt/games"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
# =============================================================================
|
||||
# DOCKER
|
||||
# DOCKER ROLE - roles/docker/tasks/main.yml
|
||||
# =============================================================================
|
||||
|
||||
# ========== 1. Cleanup conflicting Docker configs ==========
|
||||
@ -23,7 +23,6 @@
|
||||
- /etc/apt/keyrings/docker.gpg
|
||||
- /etc/apt/keyrings/docker.asc
|
||||
- /usr/share/keyrings/docker-archive-keyring.gpg
|
||||
- /usr/share/keyrings/docker.gpg
|
||||
become: yes
|
||||
tags: [docker, deploy_docker]
|
||||
|
||||
@ -33,12 +32,13 @@
|
||||
become: yes
|
||||
tags: [docker, deploy_docker]
|
||||
|
||||
- name: Clean apt lists cache
|
||||
- name: Clear apt lists cache (contents only, not directory)
|
||||
shell: rm -rf /var/lib/apt/lists/*
|
||||
args:
|
||||
warn: false
|
||||
become: yes
|
||||
tags: [docker, deploy_docker]
|
||||
ignore_errors: yes
|
||||
|
||||
# ========== 2. Install Docker dependencies ==========
|
||||
- name: Install Docker dependencies
|
||||
@ -107,8 +107,8 @@
|
||||
- name: Install docker-ce and docker-ce-cli first
|
||||
apt:
|
||||
name:
|
||||
- "docker-ce=5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
|
||||
- "docker-ce-cli=5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble"
|
||||
- "docker-ce={{ docker_ce_version }}"
|
||||
- "docker-ce-cli={{ docker_ce_cli_version }}"
|
||||
state: present
|
||||
allow_downgrade: yes
|
||||
allow_change_held_packages: yes
|
||||
@ -117,7 +117,7 @@
|
||||
|
||||
- name: Install containerd.io (after docker-ce to preserve runc)
|
||||
apt:
|
||||
name: "containerd.io=1.7.28-1~ubuntu.{{ ansible_distribution_release }}~noble"
|
||||
name: "containerd.io={{ containerd_io_version }}"
|
||||
state: present
|
||||
allow_downgrade: yes
|
||||
allow_change_held_packages: yes
|
||||
|
||||
Loading…
Reference in New Issue
Block a user