diff --git a/group_vars/all.yml b/group_vars/all.yml index 867fb5c..e492499 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -51,4 +51,32 @@ mealie_base_dir: "/mnt/mealie" mealie_data_dir: "/mnt/mealie/data" mealie_port: "45132" mealie_db_type: "sqlite" # sqlite или postgres -mealie_db_password: "secure_password_123" \ No newline at end of file +mealie_db_password: "secure_password_123" + +# Media services base directories +service_config_base: "/mnt/service" + +# Jellyfin +jellyfin_base_dir: "{{ service_config_base }}/jellyfin" +jellyfin_config_dir: "{{ jellyfin_base_dir }}/config" +jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache" +jellyfin_port: "45131" + +# Audiobookshelf +audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf" +audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config" +audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db" +audiobookshelf_port: "45132" + +# Calibre-Web +calibre_web_base_dir: "{{ service_config_base }}/calibre-web" +calibre_web_config_dir: "{{ calibre_web_base_dir }}/config" +calibre_web_db_dir: "{{ calibre_web_base_dir }}/db" +calibre_web_port: "45133" + +# Ampache +ampache_base_dir: "{{ service_config_base }}/ampache" +ampache_config_dir: "{{ ampache_base_dir }}/config" +ampache_logs_dir: "{{ ampache_base_dir }}/logs" +ampache_mysql_dir: "{{ ampache_base_dir }}/mysql" +ampache_port: "45134" \ No newline at end of file diff --git a/inventories/hosts b/inventories/hosts index 1f9b9f1..9c678b0 100644 --- a/inventories/hosts +++ b/inventories/hosts @@ -1,3 +1,13 @@ [infra] gateway ansible_host=192.168.1.221 int_ip=192.168.1.221 -data ansible_host=192.168.1.222 int_ip=192.168.1.222 \ No newline at end of file +data ansible_host=192.168.1.222 int_ip=192.168.1.222 +media ansible_host=192.168.1.223 int_ip=192.168.1.223 + +[gateway] +gateway + +[data] +data + +[media] +media \ No newline at end of file diff --git a/olimp-deploy.yml b/olimp-deploy.yml index 3f9f58f..bdff2ff 100644 --- a/olimp-deploy.yml +++ b/olimp-deploy.yml @@ -2,6 +2,7 @@ - hosts: all roles: - {role: base_setup, tags: deploy_base } + - hosts: all roles: - { role: base_setup, tags: deploy_base } @@ -16,4 +17,8 @@ roles: - { role: docker, tags: deploy_docker } - { role: mealie, tags: deploy_mealie } - - { role: bookstack, tags: deploy_bookstack } \ No newline at end of file + - { role: bookstack, tags: deploy_bookstack } + +- hosts: media + roles: + - { role: ampache, tags: deploy_ampache } diff --git a/roles/ampache/handlers/main.yml b/roles/ampache/handlers/main.yml new file mode 100644 index 0000000..f8b4b51 --- /dev/null +++ b/roles/ampache/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart ampache + docker_compose: + project_src: "{{ ampache_base_dir }}" + state: restarted \ No newline at end of file diff --git a/roles/ampache/tasks/main.yml b/roles/ampache/tasks/main.yml new file mode 100644 index 0000000..ce4f7de --- /dev/null +++ b/roles/ampache/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: Create service base directory + file: + path: "{{ service_config_base }}" + state: directory + mode: 0755 + +- name: Create Ampache directories + file: + path: "{{ item }}" + state: directory + mode: 0755 + loop: + - "{{ ampache_config_dir }}" + - "{{ ampache_logs_dir }}" + - "{{ ampache_mysql_dir }}" + - /mnt/audio/music + +- name: Deploy Ampache docker-compose + template: + src: docker-compose.yml.j2 + dest: "{{ ampache_base_dir }}/docker-compose.yml" + mode: 0644 + notify: restart ampache + +- name: Ensure Ampache is running + docker_compose: + project_src: "{{ ampache_base_dir }}" + state: present \ No newline at end of file diff --git a/roles/ampache/templates/docker-compose.yml.j2 b/roles/ampache/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..8978fd3 --- /dev/null +++ b/roles/ampache/templates/docker-compose.yml.j2 @@ -0,0 +1,31 @@ +version: '3.8' + +services: + ampache: + image: ampache/ampache:latest + container_name: ampache + restart: unless-stopped + ports: + - "{{ ampache_port }}:80" + volumes: + - /mnt/audio/music/:/media:ro + - "{{ ampache_config_dir }}:/var/www/config" + - "{{ ampache_logs_dir }}:/var/log/apache2" + environment: + - PUID=0 + - PGID=0 + - TZ={{ timezone }} + depends_on: + - db + + db: + image: mariadb:10.6 + container_name: ampache_db + restart: unless-stopped + volumes: + - "{{ ampache_mysql_dir }}:/var/lib/mysql" + environment: + MYSQL_ROOT_PASSWORD: ampache_root_pass + MYSQL_DATABASE: ampache + MYSQL_USER: ampache + MYSQL_PASSWORD: ampache_pass \ No newline at end of file diff --git a/roles/base_setup/handlers/main.yml b/roles/base_setup/handlers/main.yml index e694ce5..de17e1b 100644 --- a/roles/base_setup/handlers/main.yml +++ b/roles/base_setup/handlers/main.yml @@ -1,4 +1,9 @@ --- +- name: restart ssh + service: + name: ssh + state: restarted + - name: Reboot system reboot: msg: "Reboot triggered by base setup" diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml index 187a074..3c43703 100644 --- a/roles/base_setup/tasks/main.yml +++ b/roles/base_setup/tasks/main.yml @@ -40,4 +40,28 @@ apt: name: python3-requests state: present - when: ansible_connection != "local" \ No newline at end of file + when: ansible_connection != "local" + +- name: Ensure SSH directory exists + file: + path: /root/.ssh + state: directory + mode: '0700' + +- name: Add authorized key for root + authorized_key: + user: root + state: present + key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYMfX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp" + +- name: Configure SSH security + lineinfile: + path: /etc/ssh/sshd_config + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + loop: + - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' } + - { regexp: '^PermitRootLogin', line: 'PermitRootLogin prohibit-password' } + - { regexp: '^PubkeyAuthentication', line: 'PubkeyAuthentication yes' } + notify: restart ssh \ No newline at end of file