Update 8 files

- /roles/base_setup/tasks/main.yml - /roles/base_setup/handlers/main.yml - /roles/ampache/tasks/main.yml - /roles/ampache/templates/docker-compose.yml.j2 - /roles/ampache/handlers/main.yml - /inventories/hosts - /group_vars/all.yml - /olimp-deploy.yml
2025-10-16 08:19:28 +00:00 · 2025-10-16 08:19:28 +00:00 · f33b536d08
commit f33b536d08
parent 765dfc1d88
8 changed files with 141 additions and 4 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -52,3 +52,31 @@ mealie_data_dir: "/mnt/mealie/data"
 mealie_port: "45132"
 mealie_db_type: "sqlite"  # sqlite или postgres
 mealie_db_password: "secure_password_123"
+
+# Media services base directories
+service_config_base: "/mnt/service"
+
+# Jellyfin
+jellyfin_base_dir: "{{ service_config_base }}/jellyfin"
+jellyfin_config_dir: "{{ jellyfin_base_dir }}/config"
+jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache"
+jellyfin_port: "45131"
+
+# Audiobookshelf
+audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf"
+audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config"
+audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db"
+audiobookshelf_port: "45132"
+
+# Calibre-Web
+calibre_web_base_dir: "{{ service_config_base }}/calibre-web"
+calibre_web_config_dir: "{{ calibre_web_base_dir }}/config"
+calibre_web_db_dir: "{{ calibre_web_base_dir }}/db"
+calibre_web_port: "45133"
+
+# Ampache
+ampache_base_dir: "{{ service_config_base }}/ampache"
+ampache_config_dir: "{{ ampache_base_dir }}/config"
+ampache_logs_dir: "{{ ampache_base_dir }}/logs"
+ampache_mysql_dir: "{{ ampache_base_dir }}/mysql"
+ampache_port: "45134"
--- a/inventories/hosts
+++ b/inventories/hosts
@ -1,3 +1,13 @@
 [infra]
 gateway         ansible_host=192.168.1.221 int_ip=192.168.1.221
-data         ansible_host=192.168.1.222 int_ip=192.168.1.222
+data            ansible_host=192.168.1.222 int_ip=192.168.1.222
+media           ansible_host=192.168.1.223 int_ip=192.168.1.223
+
+[gateway]
+gateway
+
+[data]
+data
+
+[media]
+media
--- a/olimp-deploy.yml
+++ b/olimp-deploy.yml
@ -2,6 +2,7 @@
 - hosts: all
  roles:
    - {role: base_setup,              tags: deploy_base       }
+
 - hosts: all
  roles:
    - { role: base_setup,             tags: deploy_base }
@ -17,3 +18,7 @@
    - { role: docker,                 tags: deploy_docker }
    - { role: mealie,                 tags: deploy_mealie }
    - { role: bookstack,              tags: deploy_bookstack }
+
+- hosts: media
+  roles:
+    - { role: ampache,                tags: deploy_ampache }  
--- a/roles/ampache/handlers/main.yml
+++ b/roles/ampache/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart ampache
+  docker_compose:
+    project_src: "{{ ampache_base_dir }}"
+    state: restarted
--- a/roles/ampache/tasks/main.yml
+++ b/roles/ampache/tasks/main.yml
@ -0,0 +1,29 @@
+---
+- name: Create service base directory
+  file:
+    path: "{{ service_config_base }}"
+    state: directory
+    mode: 0755
+
+- name: Create Ampache directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0755
+  loop:
+    - "{{ ampache_config_dir }}"
+    - "{{ ampache_logs_dir }}"
+    - "{{ ampache_mysql_dir }}"
+    - /mnt/audio/music
+
+- name: Deploy Ampache docker-compose
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ ampache_base_dir }}/docker-compose.yml"
+    mode: 0644
+  notify: restart ampache
+
+- name: Ensure Ampache is running
+  docker_compose:
+    project_src: "{{ ampache_base_dir }}"
+    state: present
--- a/roles/ampache/templates/docker-compose.yml.j2
+++ b/roles/ampache/templates/docker-compose.yml.j2
@ -0,0 +1,31 @@
+version: '3.8'
+
+services:
+  ampache:
+    image: ampache/ampache:latest
+    container_name: ampache
+    restart: unless-stopped
+    ports:
+      - "{{ ampache_port }}:80"
+    volumes:
+      - /mnt/audio/music/:/media:ro
+      - "{{ ampache_config_dir }}:/var/www/config"
+      - "{{ ampache_logs_dir }}:/var/log/apache2"
+    environment:
+      - PUID=0
+      - PGID=0
+      - TZ={{ timezone }}
+    depends_on:
+      - db
+
+  db:
+    image: mariadb:10.6
+    container_name: ampache_db
+    restart: unless-stopped
+    volumes:
+      - "{{ ampache_mysql_dir }}:/var/lib/mysql"
+    environment:
+      MYSQL_ROOT_PASSWORD: ampache_root_pass
+      MYSQL_DATABASE: ampache
+      MYSQL_USER: ampache
+      MYSQL_PASSWORD: ampache_pass
--- a/roles/base_setup/handlers/main.yml
+++ b/roles/base_setup/handlers/main.yml
@ -1,4 +1,9 @@
 ---
+- name: restart ssh
+  service:
+    name: ssh
+    state: restarted
+
 - name: Reboot system
  reboot:
    msg: "Reboot triggered by base setup"
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@ -41,3 +41,27 @@
    name: python3-requests
    state: present
  when: ansible_connection != "local"
+
+- name: Ensure SSH directory exists
+  file:
+    path: /root/.ssh
+    state: directory
+    mode: '0700'
+
+- name: Add authorized key for root
+  authorized_key:
+    user: root
+    state: present
+    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYMfX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp"
+
+- name: Configure SSH security
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    state: present
+  loop:
+    - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' }
+    - { regexp: '^PermitRootLogin', line: 'PermitRootLogin prohibit-password' }
+    - { regexp: '^PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
+  notify: restart ssh