From b24fdfa7ca7981fa9577a96a383338fe076ab64e Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 24 Mar 2026 17:03:15 +0500 Subject: [PATCH] Update 2 files - /group_vars/all.yml - /roles/docker/tasks/main.yml --- group_vars/all.yml | 76 +++++++++++-------------------------- roles/docker/tasks/main.yml | 12 +++--- 2 files changed, 28 insertions(+), 60 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index b101ee6..8a08bb3 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -50,19 +50,22 @@ cleanup_packages: - gparted # ============================================================================= -# DOCKER PINNING ДЛЯ LXC +# DOCKER SETTINGS (LXC-safe versions) # ============================================================================= -docker_pinned_packages: - - "containerd.io=1.7.28-1~ubuntu.24.04~noble" - - "runc=1.1.12-0ubuntu3" - -# Безопасные версии пакетов Docker для LXC (чтобы apt upgrade не сломал) +# Безопасные версии пакетов Docker для LXC (Ubuntu 24.04 Noble) docker_ce_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble" docker_ce_cli_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble" containerd_io_version: "1.7.28-1~ubuntu.{{ ansible_distribution_release }}~noble" runc_safe_version: "1.1.12-0ubuntu3" -# Включить фиксацию версий Docker в LXC +# Список пакетов для фиксации (используется в задачах apt) +docker_pinned_packages: + - "docker-ce={{ docker_ce_version }}" + - "docker-ce-cli={{ docker_ce_cli_version }}" + - "containerd.io={{ containerd_io_version }}" + - "runc={{ runc_safe_version }}" + +# Включить фиксацию версий в LXC lxc_docker_pin_enabled: true # Пакеты для исключения из upgrade в LXC (через APT pinning) @@ -76,18 +79,18 @@ docker_exclude_packages_lxc: # СЕТЕВЫЕ НАСТРОЙКИ # ============================================================================= server_ips: - olimp: "192.168.1.200" # Proxmox - gateway: "192.168.1.201" # NPM, Dashy, Heimdall - data: "192.168.1.202" # Bitwarden, Mealie, Bookstack - media: "192.168.1.203" # Jellyfin, Ampache, Calibre - photo: "192.168.1.204" # Immich - nextcloud: "192.168.1.205" # Nextcloud - talk: "192.168.1.206" # Matrix, Mumble, Snikket, TeamSpeak - games: "192.168.1.207" # Minecraft - manage: "192.168.1.208" # Grafana, Loki, MeshCentral - git: "192.168.1.209" # GitLab - ansible: "192.168.1.210" # Ansible - torrent: "192.168.1.211" # Qbittorrent, TorrServer + olimp: "192.168.1.200" + gateway: "192.168.1.201" + data: "192.168.1.202" + media: "192.168.1.203" + photo: "192.168.1.204" + nextcloud: "192.168.1.205" + talk: "192.168.1.206" + games: "192.168.1.207" + manage: "192.168.1.208" + git: "192.168.1.209" + ansible: "192.168.1.210" + torrent: "192.168.1.211" # ============================================================================= # МОНИТОРИНГ (VictoriaMetrics, Grafana, Loki) @@ -127,12 +130,10 @@ monitoring_groups: - "{{ server_ips.ansible }}" - "{{ server_ips.torrent }}" -# Proxmox Exporter pve_exporter_user: "pve_exporter@pve" pve_exporter_token_name: "grafana" pve_exporter_token_value: "{{ vault_pve_exporter_token }}" -# VictoriaMetrics & Grafana victoriametrics_retention_months: 2 victoriametrics_version: v1.101.0 grafana_version: 11.2.0 @@ -140,11 +141,9 @@ grafana_admin_user: admin grafana_admin_password: "{{ vault_grafana_admin_password }}" grafana_root_url: https://mon.zailon.ru -# Loki loki_version: "2.9.2" loki_retention_days: 30 -# cAdvisor cadvisor_enabled: true cadvisor_base_dir: "/opt/cadvisor" cadvisor_port: 8080 @@ -155,11 +154,9 @@ cadvisor_port: 8080 npm_base_dir: "/opt/npm" npm_data_dir: "/opt/npm/data" npm_letsencrypt_dir: "/opt/npm/letsencrypt" - heimdall_base_dir: "/opt/heimdall" heimdall_config_dir: "/opt/heimdall/config" heimdall_port: "45131" - dashy_base_dir: "/opt/dashy" dashy_config_dir: "{{ dashy_base_dir }}/config" dashy_port: "45132" @@ -168,7 +165,6 @@ dashy_domain: "start.zailon.ru" # ============================================================================= # СЕРВИСЫ: DATA (192.168.1.202) # ============================================================================= -# Bitwarden bitwarden_base_dir: "/mnt/bitwarden" bitwarden_data_dir: "{{ bitwarden_base_dir }}/vw-data" bitwarden_port: "45131" @@ -183,14 +179,12 @@ bitwarden_smtp_password: "{{ vault_bitwarden_smtp_password }}" bitwarden_smtp_from: "zailon@bk.ru" bitwarden_domain: "https://bw.zailon.ru" -# Mealie mealie_base_dir: "/mnt/mealie" mealie_data_dir: "/mnt/mealie/data" mealie_port: "45132" mealie_db_type: "sqlite" mealie_db_password: "{{ vault_mealie_db_password }}" -# Bookstack bookstack_base_dir: "/mnt/bookstack" bookstack_config_dir: "/mnt/bookstack/config" bookstack_uploads_dir: "/mnt/bookstack/uploads" @@ -202,7 +196,6 @@ bookstack_port: "45133" # ============================================================================= service_config_base: "/mnt/service" -# Jellyfin jellyfin_base_dir: "{{ service_config_base }}/jellyfin" jellyfin_config_dir: "{{ jellyfin_base_dir }}/config" jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache" @@ -211,13 +204,11 @@ jellyfin_media_path: "/mnt/video" jellyfin_port: "45131" jellyfin_hw_acceleration: true -# Audiobookshelf audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf" audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config" audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db" audiobookshelf_port: "45132" -# Calibre Web calibre_base_dir: "{{ service_config_base }}/calibre" calibre_library_dir: "/mnt/books/calibre" calibre_config_dir: "{{ calibre_base_dir }}/config" @@ -229,14 +220,12 @@ calibre_web_enable_registration: false calibre_web_enable_webdav: true calibre_web_enable_opds: true -# Ampache ampache_base_dir: "{{ service_config_base }}/ampache" ampache_config_dir: "{{ ampache_base_dir }}/config" ampache_logs_dir: "{{ ampache_base_dir }}/logs" ampache_mysql_dir: "{{ ampache_base_dir }}/mysql" ampache_port: "45134" -# Flibusta flibusta_base_dir: "/mnt/service/flibusta" flibusta_source_archives_dir: "/mnt/books/flibusta" flibusta_web_port: "45137" @@ -258,7 +247,6 @@ immich_version: "release" # ============================================================================= # СЕРВИСЫ: TALK (192.168.1.206) # ============================================================================= -# Mumble mumble_base_dir: "/mnt/mumble" mumble_data_dir: "{{ mumble_base_dir }}/data" mumble_port: "45131" @@ -267,7 +255,6 @@ mumble_max_users: "100" mumble_server_password: "{{ vault_mumble_server_password }}" mumble_superuser_password: "{{ vault_mumble_superuser_password }}" -# Matrix (Synapse) matrix_base_dir: "/mnt/matrix" matrix_data_dir: "{{ matrix_base_dir }}/data" matrix_config_dir: "{{ matrix_base_dir }}/config" @@ -285,7 +272,6 @@ matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}" matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}" matrix_form_secret: "{{ vault_matrix_form_secret }}" -# Snikket (XMPP) snikket_base_dir: "/mnt/snikket" snikket_data_dir: "{{ snikket_base_dir }}/snikket_data" snikket_nginx_custom_dir: "{{ snikket_base_dir }}/nginx-custom" @@ -312,7 +298,6 @@ snikket_backup_retention_days: 30 snikket_admin_password: "{{ vault_snikket_admin_password }}" snikket_invite_token: "{{ vault_snikket_invite_token }}" -# TeamSpeak teamspeak_base_dir: "/mnt/teamspeak" teamspeak_data_dir: "{{ teamspeak_base_dir }}/data" teamspeak_logs_dir: "{{ teamspeak_base_dir }}/logs" @@ -345,7 +330,6 @@ meshcentral_files_dir: "/mnt/mesh/meshcentral-files" meshcentral_backup_dir: "/mnt/mesh/meshcentral-backup" meshcentral_port: "45131" -# Grafana grafana_base_dir: /mnt/grafana grafana_data_dir: "{{ grafana_base_dir }}/data" grafana_config_dir: "{{ grafana_base_dir }}/config" @@ -354,14 +338,12 @@ grafana_vmagent_tmp_dir: "{{ grafana_base_dir }}/vmagent/tmp" grafana_vmagent_config: "{{ grafana_base_dir }}/vmagent/vmagent.yaml" grafana_port: 45132 -# Loki loki_base_dir: "/mnt/loki" loki_config_dir: "{{ loki_base_dir }}/config" loki_data_dir: "{{ loki_base_dir }}/data" loki_server_host: "{{ server_ips.manage }}" loki_server_port: "{{ monitoring_ports.loki }}" -# Promtail promtail_config_dir: "/etc/promtail" promtail_data_dir: "/var/lib/promtail" @@ -392,7 +374,6 @@ qbittorrent_port_webui: 8080 qbittorrent_port_torrent: 6881 qbittorrent_smb_credentials_dir: "/etc/smb-creds" -# Учётные данные для SMB-шар qbittorrent_smb_creds: olimp: username: "Olimp" @@ -403,69 +384,56 @@ qbittorrent_smb_creds: password: "{{ vault_samba_password_qb }}" file: "qb" -# Маунты SMB-шар qbittorrent_shares: - name: downloads src: "//192.168.1.101/Downloads" dest: "/mnt/downloads" credential: "olimp" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.olimp.file }}" - - name: abook src: "//192.168.1.203/Abook" dest: "/mnt/abook" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: music src: "//192.168.1.203/Music" dest: "/mnt/audio" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: books src: "//192.168.1.203/Books" dest: "/mnt/books" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: films src: "//192.168.1.203/Films" dest: "/mnt/video/films" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: mult src: "//192.168.1.203/Mult" dest: "/mnt/video/mult" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: anime src: "//192.168.1.203/Anime" dest: "/mnt/video/anime" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: serial src: "//192.168.1.203/Serial" dest: "/mnt/video/serial" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: mserials src: "//192.168.1.203/Mserials" dest: "/mnt/video/mserials" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: doc src: "//192.168.1.203/Doc" dest: "/mnt/video/doc" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: ztube src: "//192.168.1.203/Ztube" dest: "/mnt/video/ztube" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: show src: "//192.168.1.203/Show" dest: "/mnt/video/show" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: games src: "//192.168.1.207/Games" dest: "/mnt/games" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 766d812..1f31605 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,6 +1,6 @@ --- # ============================================================================= -# DOCKER +# DOCKER ROLE - roles/docker/tasks/main.yml # ============================================================================= # ========== 1. Cleanup conflicting Docker configs ========== @@ -23,7 +23,6 @@ - /etc/apt/keyrings/docker.gpg - /etc/apt/keyrings/docker.asc - /usr/share/keyrings/docker-archive-keyring.gpg - - /usr/share/keyrings/docker.gpg become: yes tags: [docker, deploy_docker] @@ -33,12 +32,13 @@ become: yes tags: [docker, deploy_docker] -- name: Clean apt lists cache +- name: Clear apt lists cache (contents only, not directory) shell: rm -rf /var/lib/apt/lists/* args: warn: false become: yes tags: [docker, deploy_docker] + ignore_errors: yes # ========== 2. Install Docker dependencies ========== - name: Install Docker dependencies @@ -107,8 +107,8 @@ - name: Install docker-ce and docker-ce-cli first apt: name: - - "docker-ce=5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble" - - "docker-ce-cli=5:28.2.2-1~ubuntu.{{ ansible_distribution_release }}~noble" + - "docker-ce={{ docker_ce_version }}" + - "docker-ce-cli={{ docker_ce_cli_version }}" state: present allow_downgrade: yes allow_change_held_packages: yes @@ -117,7 +117,7 @@ - name: Install containerd.io (after docker-ce to preserve runc) apt: - name: "containerd.io=1.7.28-1~ubuntu.{{ ansible_distribution_release }}~noble" + name: "containerd.io={{ containerd_io_version }}" state: present allow_downgrade: yes allow_change_held_packages: yes