fern/flock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean up hosts, roles

Browse source
This commit is contained in:
Fern Garden 2025-06-09 19:35:21 +08:00
parent 5690a2a2ba
commit 88cd48e3e2
8 changed files with 25 additions and 150 deletions
Download patch file Download diff file Expand all files Collapse all files

80
flock.yml
View file

@ -1,24 +1,29 @@
--- ---
- hosts: all - hosts: all:!technitium.local
roles: roles:
- role: setup_base_system
- role: lifeofguenter.resolvconf - role: lifeofguenter.resolvconf
vars: vars:
resolv_nameservers: resolv_nameservers:
- 10.0.1.111 - 10.0.1.111
- role: hifis.toolkit.unattended_upgrades
become: true
- role: hussainweb.chezmoi
vars:
chezmoi_init_url: https://git.fern.garden/fern/dots
- hosts: all - hosts: technitium.local
roles: roles:
- role: install_standard_packages - role: lifeofguenter.resolvconf
vars:
resolv_nameservers:
- 10.0.1.1
- hosts: all - hosts: all
roles: roles:
- role: setup_user - role: setup_user
- role: setup_sshd
- role: setup_base_system
- role: hifis.toolkit.unattended_upgrades
become: true
- role: install_standard_packages
- role: hussainweb.chezmoi
vars:
chezmoi_init_url: https://git.fern.garden/fern/dots
- hosts: virtual_machines - hosts: virtual_machines
roles: roles:
@ -31,54 +36,15 @@
vars: vars:
docker_users: docker_users:
- fern - fern
docker_daemon_options:
- hosts: nfs_servers metrics-addr: 0.0.0.0:9323
roles: live-restore: true
- role: setup_nfs_server default-address-pools:
- role: geerlingguy.nfs - base: 172.20.0.0/16
vars: size: 24
nfs_exports: [ - base: 172.21.0.0/16
"/export/film 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)", size: 24
"/export/tv 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
"/export/misc 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
]
- hosts: nfs_clients
roles:
- role: setup_nfs_client
- hosts: jellyfin.local
roles:
- role: tomhesse.jellyfin
tasks:
- name: Ensure Jellyfin user is a member of the media group
become: yes
tags:
- media_group
ansible.builtin.user:
name: jellyfin
groups: media
append: yes
- hosts: weebill.local - hosts: weebill.local
tasks:
- name: Install Webone dependencies
ansible.builtin.apt:
deb: https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb
- name: Install Webone
ansible.builtin.apt:
update_cache: yes
deb: https://github.com/atauenis/webone/releases/download/v0.17.4/webone.0.17.4.linux-arm64.deb
- hosts: stash.local
tasks:
- name: Add user to render group
become: yes
ansible.builtin.user:
name: fern
groups: render
append: yes
- hosts: all
roles: roles:
- role: setup_sshd - role: install_software_webone

14
inventory/hosts.yml
View file

@ -4,11 +4,8 @@
ungrouped: ungrouped:
hosts: hosts:
docker.local: docker.local:
immich.local:
minecraft.local: minecraft.local:
ff-syncserver.local: ff-syncserver.local:
jellyfin.local:
media-share.local:
technitium.local: technitium.local:
weebill.local: weebill.local:
@ -18,20 +15,9 @@ virtual_machines:
hosts: hosts:
docker.local: docker.local:
minecraft.local: minecraft.local:
media-share.local:
docker: docker:
hosts: hosts:
docker.local: docker.local:
immich.local:
minecraft.local: minecraft.local:
weebill.local: weebill.local:
nfs_clients:
hosts:
docker.local:
jellyfin.local:
nfs_servers:
hosts:
media-share.local:

1
requirements.yml
View file

@ -3,7 +3,6 @@ roles:
- name: hussainweb.chezmoi - name: hussainweb.chezmoi
- name: geerlingguy.docker - name: geerlingguy.docker
- name: tomhesse.jellyfin - name: tomhesse.jellyfin
- name: geerlingguy.nfs
collections: collections:
- name: hifis.toolkit - name: hifis.toolkit

2
roles/install_standard_packages/tasks/main.yml
View file

@ -16,3 +16,5 @@
- ncdu - ncdu
- nnn - nnn
- neovim - neovim
- aria2
- lynx

41
roles/setup_nfs_client/tasks/main.yml
View file

@ -1,41 +0,0 @@
- name: Ensure media group exists
become: true
tags:
- media_group
ansible.builtin.group:
name: media
state: present
gid: 1800
- name: Install nfs-common
become: true
apt:
pkg:
- nfs-common
- name: Mount /media/tv
become: true
ansible.posix.mount:
src: 10.0.1.101:/export/tv
path: /media/tv
opts: default
state: mounted
fstype: nfs
- name: Mount /media/film
become: true
ansible.posix.mount:
src: 10.0.1.101:/export/film
path: /media/film
opts: default
state: mounted
fstype: nfs
- name: Mount /media/misc
become: true
ansible.posix.mount:
src: 10.0.1.101:/export/misc
path: /media/misc
opts: default
state: mounted
fstype: nfs

32
roles/setup_nfs_server/tasks/main.yml
View file

@ -1,32 +0,0 @@
- name: Ensure media group exists
become: true
tags:
- media_group
ansible.builtin.group:
name: media
state: present
gid: 1800
- name: Mount /export/tv
become: true
ansible.posix.mount:
src: UUID=fcee0188-8ca1-4fda-81b7-f5920c79ab48
path: /export/tv
state: mounted
fstype: ext4
- name: Mount /export/film
become: true
ansible.posix.mount:
src: UUID=5d9dd538-79e4-4168-be91-e0b040155cb3
path: /export/film
state: mounted
fstype: ext4
- name: Mount /export/misc
become: true
ansible.posix.mount:
src: UUID=5a43b7dc-3e28-459e-824a-ad45b5475361
path: /export/misc
state: mounted
fstype: ext4

4
roles/setup_sshd/handlers/main.yml
View file

@ -1,4 +0,0 @@
- name: Restart SSHD
service:
name: sshd
state: restarted

1
roles/setup_sshd/tasks/main.yml
View file

@ -23,4 +23,3 @@
regexp: "^PermitRootLogin" regexp: "^PermitRootLogin"
line: "PermitRootLogin no" line: "PermitRootLogin no"
backup: yes backup: yes
notify: Restart SSHD