organize

2026-05-20 20:31:24 -04:00
parent 894be8a440
commit c08dc6b088
40 changed files with 32 additions and 223 deletions
@@ -0,0 +1,27 @@
+---
+- name: Deploy AdGuard Home
+  include_role:
+    name: docker
+  vars:
+    name: adguard
+    directories:
+      - "{{ data_dir }}/adguard"
+      - "{{ data_dir }}/adguard/work"
+      - "{{ data_dir }}/adguard/conf"
+    image:
+      name: adguard/adguardhome
+      tag: latest
+    volumes:
+      - "{{ data_dir }}/adguard/work:/opt/adguardhome/work"
+      - "{{ data_dir }}/adguard/conf:/opt/adguardhome/conf"
+    published_ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+    networks:
+      - name: "homelab"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.adguard.rule: Host(`ag.fntz.net`)
+      traefik.http.routers.adguard.entrypoints: webSecure
+      traefik.http.routers.adguard.tls.certresolver: letsencrypt
+      traefik.http.services.adguard.loadbalancer.server.port: "3000"
@@ -0,0 +1,53 @@
+---
+- name: Deploy API Database
+  include_role:
+    name: docker
+  vars:
+    name: api_postgres
+    network_name: api
+    directories:
+      - "{{ data_dir }}/api/db"
+    image:
+      name: postgres
+      tag: "17"
+    networks:
+      - name: api
+    volumes:
+      - "{{ data_dir }}/api/db:/var/lib/postgresql/data"
+    env:
+      POSTGRES_USER: "api"
+      POSTGRES_PASSWORD: "{{ API_POSTGRES_PASSWORD }}"
+      PGDATA: "/var/lib/postgresql/data/pgdata"
+
+- name: Deploy API
+  include_role:
+    name: docker
+  vars:
+    name: api
+    network_name: api
+    networks:
+      - name: api
+      - name: "{{ docker_network_name }}"
+    image:
+      name: git.alexav.gg/alex/api
+      tag: latest
+    env:
+      NODE_ENV: "production"
+      VERSION: "v4"
+      REDIS_URL: "redis://redis:6379"
+      ADMIN_KEY: "{{ API_ADMIN_KEY }}"
+      DATABASE_URL: "{{ API_DATABASE_URL }}"
+      LASTFM_API_KEY: "{{ API_LASTFM_API_KEY }}"
+      STEAM_API_KEY: "{{ API_STEAM_API_KEY }}"
+      JWT_KEY: "{{ API_JWT_KEY }}"
+      DISCORD_PUBLIC_KEY: "{{ API_DISCORD_PUBLIC_KEY }}"
+      DISCORD_APP_ID: "{{ API_DISCORD_APP_ID }}"
+      DISCORD_BOT_TOKEN: "{{ API_DISCORD_BOT_TOKEN }}"
+      TMDB_API_KEY: "{{ API_TMDB_TOKEN }}"
+      STORAGE_KEY: "{{ API_STORAGE_KEY }}"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.aapi.rule: Host(`api.alexav.gg`)
+      traefik.http.routers.aapi.entrypoints: webSecure
+      traefik.http.routers.aapi.tls.certresolver: letsencrypt
+      traefik.http.services.aapi.loadbalancer.server.url: http://api:3000
@@ -0,0 +1,16 @@
+# test
+---
+- name: Deploy Cloudflared
+  include_role:
+    name: docker
+  vars:
+    name: cloudflared
+    image:
+      name: cloudflare/cloudflared
+      tag: latest
+    env:
+      TUNNEL_TOKEN: "{{ CLOUDFLARED_TUNNEL_TOKEN }}"
+    command: tunnel run
+    network_name: "tunnel"
+    networks:
+      - name: "tunnel"
@@ -0,0 +1,29 @@
+---
+- name: Deploy Code Server
+  include_role:
+    name: docker
+  vars:
+    name: "codeserver"
+    directories:
+      - "{{ data_dir }}/code-server"
+    image:
+      name: lscr.io/linuxserver/code-server
+      tag: latest
+    networks:
+      - name: homelab
+    volumes:
+      - "{{ data_dir }}/code-server:/config"
+      - "{{ data_dir }}:/config/workspace/docker"
+    env:
+      PROXY_DOMAIN: "{{ CODE_PROXY_DOMAIN }}"
+      DEFAULT_WORKSPACE: "{{ CODE_DEFAULT_WORKSPACE }}"
+      TZ: "{{ TZ }}"
+      PUID: "{{ PUID }}"
+      PGID: "{{ PGID }}"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.code.rule: Host(`code.fntz.net`)
+      traefik.http.routers.code.entrypoints: webSecure
+      traefik.http.routers.code.tls.certresolver: letsencrypt
+      traefik.http.services.code.loadbalancer.server.port: "8443"
+      traefik.http.routers.code.middlewares: tinyauth
@@ -0,0 +1,33 @@
+---
+- name: Create folder structure
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_dir }}/cup"
+
+- name: Create Cup Config
+  template:
+    src: templates/cup/cup.json.j2
+    dest: "{{ data_dir }}/cup/cup.json"
+
+- name: Deploy Cup
+  include_role:
+    name: docker
+  vars:
+    name: cup
+    command: -c /config/cup.json serve
+    networks:
+      - name: homelab
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "{{ data_dir }}/cup/cup.json:/config/cup.json"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.cup.rule: Host(`cup.fntz.net`)
+      traefik.http.routers.cup.entrypoints: webSecure
+      traefik.http.routers.cup.tls.certresolver: letsencrypt
+      traefik.http.services.cup.loadbalancer.server.port: "8000"
+    image:
+      name: ghcr.io/sergi0g/cup
+      tag: latest
@@ -0,0 +1,25 @@
+---
+- name: Deploy Wiki.js
+  include_role:
+    name: docker
+  vars:
+    name: docs
+    image:
+      name: ghcr.io/requarks/wiki
+      tag: 2
+    env:
+      DB_TYPE: "postgres"
+      DB_HOST: "{{ DOCS_DB_HOST }}"
+      DB_PORT: "5432"
+      DB_USER: "wikijs"
+      DB_PASS: "wikijs"
+      DB_NAME: "wikijs"
+    networks:
+      - name: homelab
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.docs.rule: Host(`docs.fntz.net`)
+      traefik.http.routers.docs.entrypoints: webSecure
+      traefik.http.routers.docs.tls.certresolver: letsencrypt
+      traefik.http.services.docs.loadbalancer.server.port: "3000"
+      traefik.http.routers.docs.middlewares: tinyauth
@@ -0,0 +1,23 @@
+---
+- name: Deploy Dozzle
+  include_role:
+    name: docker
+  vars:
+    name: dozzle
+    networks:
+      - name: "{{ docker_network_name }}"
+    image:
+      name: amir20/dozzle
+      tag: latest
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    env:
+      DOZZLE_ENABLE_ACTIONS: "{{ DOZZLE_ACTIONS }}"
+      DOZZLE_ENABLE_SHELL: "{{ DOZZLE_SHELL }}"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.dz.rule: Host(`{{ DOZZLE_URL }}`)
+      traefik.http.routers.dz.entrypoints: webSecure
+      traefik.http.routers.dz.tls.certresolver: letsencrypt
+      traefik.http.services.dz.loadbalancer.server.port: "8080"
+      traefik.http.routers.dz.middlewares: tinyauth
@@ -0,0 +1,14 @@
+---
+- name: Deploy Homebridge
+  include_role:
+    name: docker
+  vars:
+    name: homebridge
+    directories:
+      - "{{ data_dir }}/homebridge/homebridge"
+    image:
+      name: homebridge/homebridge
+      tag: latest
+    network_mode: host
+    volumes:
+      - "{{ data_dir }}/homebridge:/homebridge"
@@ -0,0 +1,89 @@
+---
+- name: Create folder structure
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_dir }}/plausible"
+    - "{{ data_dir }}/plausible/app"
+    - "{{ data_dir }}/plausible/db"
+    - "{{ data_dir }}/plausible/clickhouse"
+    - "{{ data_dir }}/plausible/clickhouse/logs"
+    - "{{ data_dir }}/plausible/clickhouse/data"
+
+- name: Create Metrics Docker Network
+  docker_network:
+    name: metrics
+
+- name: Pull latest Plausible Docker Image
+  docker_image:
+    name: ghcr.io/plausible/community-edition
+    tag: v3.0.1
+    source: pull
+
+- name: Deploy Plausible Database Docker Container
+  docker_container:
+    name: metrics_postgres
+    image: postgres:17-alpine
+    restart_policy: unless-stopped
+    recreate: true
+    volumes:
+      - "{{ data_dir }}/plausible/db:/var/lib/postgresql/data"
+    networks:
+      - name: metrics
+    env:
+      POSTGRES_PASSWORD: "postgres"
+    healthcheck:
+      test: ["CMD_SHELL", "pg_isready -U postgres"]
+      start_period: 1m
+
+- name: Deploy Plausible Clickhouse Docker Container
+  docker_container:
+    name: metrics_clickhouse
+    image: clickhouse/clickhouse-server:24.12-alpine
+    restart_policy: unless-stopped
+    recreate: true
+    networks:
+      - name: metrics
+    volumes:
+      - "{{ data_dir }}/plausible/clickhouse/data:/var/lib/clickhouse"
+      - "{{ data_dir }}/plausible/clickhouse/logs:/var/log/clickhouse"
+      - "{{ data_dir }}/plausible/clickhouse/ipv4-only.xml:/etc/clickhouse-server/config.d/ipv4-only.xml:ro"
+      - "{{ data_dir }}/plausible/clickhouse/low-resources.xml:/etc/clickhouse-server/config.d/low-resources.xml:ro"
+    env:
+      CLICKHOUSE_SKIP_USER_SETUP: "1"
+    ulimits: nofile:262144:262144
+    healthcheck:
+      test:
+        [
+          "CMD_SHELL",
+          "wget --no-verbose --tries=1 -O - http://127.0.0.1:8123/ping || exit 1",
+        ]
+      start_period: 1m
+
+- name: Deploy Plausible Docker Container
+  docker_container:
+    name: plausible
+    user: "999:nogroup"
+    image: ghcr.io/plausible/community-edition:v3.0.1
+    recreate: true
+    restart_policy: unless-stopped
+    command: sh -c "/entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
+    volumes:
+      - "{{ data_dir }}/plausible/app:/var/lib/plausible"
+    networks:
+      - name: metrics
+      - name: "{{ docker_network_name }}"
+    env:
+      TMPDIR: "/var/lib/plausible/tmp"
+      DISABLE_REGISTRATION: "true"
+      DATABASE_URL: "postgres://postgres:postgres@metrics_postgres:5432/plausible_db"
+      CLICKHOUSE_DATABASE_URL: "http://metrics_clickhouse:8123/plausible_events_db"
+      BASE_URL: "{{ PLAUSIBLE_BASE_URL }}"
+      SECRET_KEY_BASE: "{{ PLAUSIBLE_SECRET_KEY_BASE }}"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.metrics.rule: Host(`metrics.alexav.gg`)
+      traefik.http.routers.metrics.entrypoints: webSecure
+      traefik.http.routers.metrics.tls.certresolver: letsencrypt
+      traefik.http.services.metrics.loadbalancer.server.port: "8000"
@@ -0,0 +1,26 @@
+---
+- name: Create Gitea Runner Configuration
+  template:
+    src: templates/runner/gitea-runner.yaml.j2
+    dest: "{{ data_dir }}/gitea/config.yaml"
+
+- name: Deploy Gitea Runner
+  include_role:
+    name: docker
+  vars:
+    name: gitea-runner
+    directories:
+      - "{{ data_dir }}/gitea"
+    image:
+      name: docker.io/gitea/act_runner
+      tag: nightly
+    network_mode: host
+    volumes:
+      - "{{ data_dir }}/gitea/config.yaml:/config.yaml"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    env:
+      CONFIG_FILE: "/config.yaml"
+      GITEA_INSTANCE_URL: "{{ GITEA_INSTANCE_URL }}"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "{{ GITEA_RUNNER_REGISTRATION_TOKEN }}"
+      GITEA_RUNNER_NAME: "runner"
+      GITEA_RUNNER_LABELS: "runner:host"
@@ -0,0 +1,30 @@
+---
+- name: Deploy Storage API
+  include_role:
+    name: docker
+  vars:
+    name: storage-api
+    directories:
+      - "{{ data_dir }}/storage-api"
+      - "{{ data_dir }}/storage-api/app"
+      - "{{ data_dir }}/storage-api/files"
+    image:
+      name: storage-api
+      tag: latest
+    build:
+      git:
+        repo: git@git.alexav.gg:alex/storage-api.git
+        dest: "{{ data_dir }}/storage-api/app"
+    networks:
+      - name: "{{ docker_network_name }}"
+    volumes:
+      - "{{ data_dir }}/storage-api/files:/app/files"
+    env:
+      TZ: "{{ TZ }}"
+      TOKEN: "{{ API_ADMIN_KEY }}"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.storage.rule: Host(`storage.alexav.gg`)
+      traefik.http.routers.storage.entrypoints: webSecure
+      traefik.http.routers.storage.tls.certresolver: letsencrypt
+      traefik.http.services.storage.loadbalancer.server.port: "3001"
@@ -0,0 +1,22 @@
+---
+- name: Deploy Uptime Kuma
+  include_role:
+    name: docker
+  vars:
+    name: uptime-kuma
+    directories:
+      - "{{ data_dir }}/uptime-kuma"
+    image:
+      name: louislam/uptime-kuma
+      tag: latest
+    networks:
+      - name: homelab
+    volumes:
+      - "{{ data_dir }}/uptime-kuma:/app/data"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.status.rule: Host(`status.fntz.net`)
+      traefik.http.routers.status.entrypoints: webSecure
+      traefik.http.routers.status.tls.certresolver: letsencrypt
+      traefik.http.services.status.loadbalancer.server.port: "3001"
@@ -0,0 +1,23 @@
+---
+- name: Deploy Vaultwarden
+  include_role:
+    name: docker
+  vars:
+    name: vaultwarden
+    directories:
+      - "{{ data_dir }}/vaultwarden"
+    image:
+      name: vaultwarden/server
+      tag: latest
+    networks:
+      - name: homelab
+    volumes:
+      - "{{ data_dir }}/vaultwarden:/data"
+    env:
+      DOMAIN: "{{ VAULTWARDEN_DOMAIN }}"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.vw.rule: Host(`vw.fntz.net`)
+      traefik.http.routers.vw.entrypoints: webSecure
+      traefik.http.routers.vw.tls.certresolver: letsencrypt
+      traefik.http.services.vw.loadbalancer.server.port: "80"