homeserver-iac/roles/containers/tasks/main.yml

---

- name: Install Docker packages
  community.general.pacman:
    name:
      - docker
      - docker-compose

- name: Create docker user
  user:
    name: docker
    group: docker

- name: Create Gitea user
  user:
    name: gitea
  register: user_gitea
  when: '"gitea" in group_names'

- name: Create Syncthing group
  group:
    name: vault
    state: present

- name: Create Syncthing user
  user:
    name: syncthing
    group: vault
  register: user_syncthing
  when: '"syncthing" in group_names'

- name: Create Syncthing vault directories
  file:
    path: "{{ item }}"
    state: directory
    owner: syncthing
    group: vault
    mode: "u=rwX,g=rwX,o="
  with_items:
    - "{{ vault_path }}"
    - "{{ archive_path }}"

- name: Create Syncthing config directory
  file:
    path: "{{ syncthing_conf_dir }}"
    state: directory
    owner: syncthing
    group: vault
    mode: "u=rwX,g=,o="

- name: Add unpriviledged user to file management group
  user:
    name: "{{ username }}"
    append: yes
    groups: vault

- name: Create Paperless group
  group:
    name: paperless
    state: present
  register: group_paperless

- name: Create Paperless user
  user:
    name: paperless
    group: paperless
  register: user_paperless

- name: Create Paperless directories
  file:
    path: "{{ dataroot }}/paperless/{{ item }}"
    state: directory
    owner: paperless
    group: paperless
    mode: "u=rwX,g=,o="
  with_items:
    - data
    - media

- name: Create Paperless consume directory
  file:
    path: "{{ dataroot }}/paperless/consume"
    state: directory
    owner: paperless
    group: vault
    mode: "u=rwX,g=rwX,o="

- name: Create Paperless .env file
  template:
    src: "paperless.env.j2"
    dest: "{{ docker_compose_dir }}/paperless.env"
    lstrip_blocks: true

- name: Create Navidrome user
  user:
    name: navidrome
  register: user_navidrome
  when: '"navidrome" in group_names'

- name: Create Navidrome directory
  file:
    path: "{{ dataroot }}/navidrome"
    state: directory
    owner: navidrome
    group: navidrome
    mode: "u=rwX,g=rwX,o="

- name: Create music directory
  file:
    path: "{{ music_path }}"
    state: directory
    owner: navidrome
    group: vault
    mode: "u=rwX,g=rwX,o="

- name: Set ACL to allow navidrome to read synced music
  ansible.posix.acl:
    default: true
    entity: navidrome
    etype: user
    permissions: rx
    recursive: true
    state: present
    path: "{{ music_path }}"

- name: Create docker-compose directory
  ansible.builtin.file:
    path: "{{ docker_compose_dir }}"
    owner: "{{ admin_username }}"
    group: "{{ admin_username }}"
    state: directory

- name: Create Synapse user
  user:
    name: synapse
  register: user_synapse
  when: '"synapse" in group_names'

- name: Generate docker-compose.yml
  template:
    src: "docker-compose.yml.j2"
    dest: "{{ docker_compose_dir }}/docker-compose.yml"
    lstrip_blocks: true
  register: generateComp

- name: Create systemd unit file
  template:
    src: "docker-compose.service.j2"
    dest: "/etc/systemd/system/docker-compose.service"

- name: Compose up (update images if necessary)
  systemd:
    name: docker-compose
    state: reloaded
    enabled: true
  register: compUp
roles/containers: added gitea container 2023-08-23 20:48:34 -04:00			`---`

			`- name: Install Docker packages`
			`community.general.pacman:`
			`name:`
			`- docker`
			`- docker-compose`

roles/containers: got gitea container up 2023-08-27 20:33:18 -04:00			`- name: Create docker user`
			`user:`
			`name: docker`
			`group: docker`

containers: add gitea user 2023-09-02 18:20:46 -04:00			`- name: Create Gitea user`
			`user:`
			`name: gitea`
			`register: user_gitea`
containers, synapse: groups -> group_names 2024-06-19 14:05:35 -04:00			`when: '"gitea" in group_names'`
containers: add gitea user 2023-09-02 18:20:46 -04:00
roles/containers: make gitea bridge network instead of host network 2023-09-03 19:38:29 -04:00			`- name: Create Syncthing group`
			`group:`
			`name: vault`
			`state: present`

			`- name: Create Syncthing user`
			`user:`
			`name: syncthing`
			`group: vault`
			`register: user_syncthing`
containers, synapse: groups -> group_names 2024-06-19 14:05:35 -04:00			`when: '"syncthing" in group_names'`
roles/containers: make gitea bridge network instead of host network 2023-09-03 19:38:29 -04:00
roles/containers: also create archive dir 2023-09-04 20:09:48 -04:00			`- name: Create Syncthing vault directories`
roles/syncthing, roles/containers: added syncthing 2023-09-04 15:28:03 -04:00			`file:`
roles/containers: also create archive dir 2023-09-04 20:09:48 -04:00			`path: "{{ item }}"`
roles/syncthing, roles/containers: added syncthing 2023-09-04 15:28:03 -04:00			`state: directory`
			`owner: syncthing`
			`group: vault`
			`mode: "u=rwX,g=rwX,o="`
roles/containers: also create archive dir 2023-09-04 20:09:48 -04:00			`with_items:`
			`- "{{ vault_path }}"`
			`- "{{ archive_path }}"`
roles/syncthing, roles/containers: added syncthing 2023-09-04 15:28:03 -04:00
			`- name: Create Syncthing config directory`
			`file:`
			`path: "{{ syncthing_conf_dir }}"`
			`state: directory`
			`owner: syncthing`
			`group: vault`
			`mode: "u=rwX,g=,o="`

			`- name: Add unpriviledged user to file management group`
			`user:`
			`name: "{{ username }}"`
			`append: yes`
			`groups: vault`
paperless-ngx: add service 2023-12-09 21:36:36 -05:00
			`- name: Create Paperless group`
			`group:`
			`name: paperless`
			`state: present`
			`register: group_paperless`

			`- name: Create Paperless user`
			`user:`
			`name: paperless`
			`group: paperless`
			`register: user_paperless`

			`- name: Create Paperless directories`
			`file:`
			`path: "{{ dataroot }}/paperless/{{ item }}"`
			`state: directory`
			`owner: paperless`
			`group: paperless`
			`mode: "u=rwX,g=,o="`
			`with_items:`
			`- data`
			`- media`

			`- name: Create Paperless consume directory`
			`file:`
			`path: "{{ dataroot }}/paperless/consume"`
			`state: directory`
			`owner: paperless`
paperless: fix consume dir permissions 2024-03-03 09:58:35 -05:00			`group: vault`
paperless-ngx: add service 2023-12-09 21:36:36 -05:00			`mode: "u=rwX,g=rwX,o="`

			`- name: Create Paperless .env file`
			`template:`
			`src: "paperless.env.j2"`
			`dest: "{{ docker_compose_dir }}/paperless.env"`
			`lstrip_blocks: true`
roles/syncthing, roles/containers: added syncthing 2023-09-04 15:28:03 -04:00
roles/containers: make navidrome dir have the 'vault' group 2023-09-26 18:43:51 -04:00			`- name: Create Navidrome user`
			`user:`
			`name: navidrome`
			`register: user_navidrome`
containers, synapse: groups -> group_names 2024-06-19 14:05:35 -04:00			`when: '"navidrome" in group_names'`
roles/containers: make navidrome dir have the 'vault' group 2023-09-26 18:43:51 -04:00
			`- name: Create Navidrome directory`
			`file:`
			`path: "{{ dataroot }}/navidrome"`
			`state: directory`
			`owner: navidrome`
			`group: navidrome`
			`mode: "u=rwX,g=rwX,o="`

			`- name: Create music directory`
			`file:`
			`path: "{{ music_path }}"`
			`state: directory`
			`owner: navidrome`
			`group: vault`
			`mode: "u=rwX,g=rwX,o="`

navidrome: fix up things 2024-10-12 10:37:49 -04:00			`- name: Set ACL to allow navidrome to read synced music`
			`ansible.posix.acl:`
			`default: true`
			`entity: navidrome`
			`etype: user`
			`permissions: rx`
			`recursive: true`
			`state: present`
			`path: "{{ music_path }}"`

roles/containers: added gitea container 2023-08-23 20:48:34 -04:00			`- name: Create docker-compose directory`
			`ansible.builtin.file:`
			`path: "{{ docker_compose_dir }}"`
			`owner: "{{ admin_username }}"`
			`group: "{{ admin_username }}"`
			`state: directory`

roles/synapse: added 2023-09-07 21:47:16 -04:00			`- name: Create Synapse user`
			`user:`
			`name: synapse`
			`register: user_synapse`
containers, synapse: groups -> group_names 2024-06-19 14:05:35 -04:00			`when: '"synapse" in group_names'`
roles/synapse: added 2023-09-07 21:47:16 -04:00
roles/containers: added gitea container 2023-08-23 20:48:34 -04:00			`- name: Generate docker-compose.yml`
			`template:`
roles/containers: use systemd instead of docker module arch doesn't package python-docker-compose so just docker compose up via systemd instead of ansible 2023-08-27 17:39:08 -04:00			`src: "docker-compose.yml.j2"`
roles/containers: added gitea container 2023-08-23 20:48:34 -04:00			`dest: "{{ docker_compose_dir }}/docker-compose.yml"`
roles/containers: put gitea on its own network 2023-09-03 22:05:22 -04:00			`lstrip_blocks: true`
roles/containers: gitea should work properly now 2023-08-27 21:59:01 -04:00			`register: generateComp`
roles/containers: added gitea container 2023-08-23 20:48:34 -04:00
roles/containers: use systemd instead of docker module arch doesn't package python-docker-compose so just docker compose up via systemd instead of ansible 2023-08-27 17:39:08 -04:00			`- name: Create systemd unit file`
			`template:`
			`src: "docker-compose.service.j2"`
			`dest: "/etc/systemd/system/docker-compose.service"`

roles/containers: gitea should work properly now 2023-08-27 21:59:01 -04:00			`- name: Compose up (update images if necessary)`
roles/containers: use systemd instead of docker module arch doesn't package python-docker-compose so just docker compose up via systemd instead of ansible 2023-08-27 17:39:08 -04:00			`systemd:`
			`name: docker-compose`
roles/containers: gitea should work properly now 2023-08-27 21:59:01 -04:00			`state: reloaded`
roles/containers: use systemd instead of docker module arch doesn't package python-docker-compose so just docker compose up via systemd instead of ansible 2023-08-27 17:39:08 -04:00			`enabled: true`
roles/containers: gitea should work properly now 2023-08-27 21:59:01 -04:00			`register: compUp`