div

ansible.cfg

@@ -274,7 +274,7 @@ remote_user=ansible
 
 # (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id
 # If executable, it will be run and the resulting stdout will be used as the password.
-vault_password_file=/home/ansible/.vault
+;vault_password_file=/home/ansible/.vault
 
 # (integer) Sets the default verbosity, equivalent to the number of ``-v`` passed in the command line.
 ;verbosity=0

hosts.yml

@@ -6,6 +6,7 @@ all:
         192.168.178.210: #proxmox
         192.168.178.201: #truenas
         192.168.178.200: #mediaserver
+        192.168.178.205: #podman testhost
     vps:
       hosts:
         eichner.cc:

mediaserver.yml

@@ -1,5 +1,5 @@
 ---
-- hosts: 192.168.178.200
+- hosts: 192.168.178.205
   become: true
   roles:
     - common

roles/common/tasks/docker.yml

@@ -0,0 +1,46 @@
+---
+- name: Install docker prerequisites
+  package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - ca-certificates
+    - curl
+    - gnupg
+    - lsb-release
+
+- name: One way to avoid apt_key once it is removed from your distro
+  block:
+    - name: create keyring folder
+      file:
+        path: /etc/apt/keyrings
+        mode: '0755'
+        recurse: true
+
+    - name: Check if docker key already exists
+      stat:
+        path: /etc/apt/keyrings/docker.gpg
+      register: docker_gpg      
+    
+    - name: docker repo key
+      shell:
+        cmd: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+      when: docker_gpg.stat.exists == false
+
+    - name: add docker repo | apt source
+      ansible.builtin.apt_repository:
+        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+        state: present
+
+- name: Install docker
+  package:
+    name: "{{ item }}"
+    state: present
+    update_cache: true
+  loop:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+...

roles/common/tasks/main.yml

@@ -1,4 +1,8 @@
 ---
+- name: Include docker tasks
+  include_tasks:
+    file: docker.yml
+
 - name: Create default groups
   group:
     name: "{{ item }}"
@@ -50,5 +54,26 @@
     state: present
   loop:
     - "{{ default_pkgs }}"
-      
+
+- name: create docker/watchtower folder
+  file:
+    path: /opt/docker/watchtower
+    owner: 1000
+    group: 1000
+    mode: '0755'
+    state: directory
+
+- name: Place watchtower docker-compose.yaml
+  template:
+    src: docker-compose.yaml.j2
+    dest: /opt/docker/watchtower/docker-compose.yaml
+  notify: restart docker-compose
+  tags: setup,update
+
+- name: Start watchtower
+  community.docker.docker_compose:
+    project_src: /opt/docker/watchtower
+    state: present
+    pull: true
+  tags: test
 ...

roles/common/templates/docker-compose.yaml.j2

@@ -0,0 +1,17 @@
+# ansible managed #
+
+version: '3.3'
+services:
+    watchtower:
+      image: containrrr/watchtower
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /etc/localtime:/etc/localtime:ro
+      environment:
+        - WATCHTOWER_SCHEDULE=0 0 4 * * *
+        - WATCHTOWER_CLEANUP=true
+        - WATCHTOWER_TIMEOUT=30s
+        - WATCHTOWER_INCLUDE_RESTARTING=true
+        - WATCHTOWER_ROLLING_RESTART=true
+        - TZ="Europe/Berlin"
+      restart: unless-stopped

roles/mediaserver/files/dashy_config.yml

@@ -73,13 +73,17 @@ sections:
         icon: favicon
         url: http://192.168.178.200:9696
         target: newtab
-        statusCheckUrl: http://192.168.178.200:9696/favicon.ico
+        id: 3_1143_prowlarr
-        id: 3_1143_jackett
+      - title: sabnzbd
+        icon: favicon
+        url: http://192.168.178.200:8080
+        target: newtab
+        id: 4_1143_sabnzbd
       - title: Jellyfin
-        icon: https://jellyfin.org/favicon.ico
+        icon: favicon
         url: http://192.168.178.200:8096
         target: newtab
-        id: 4_1143_jellyfin
+        id: 5_1143_jellyfin
     displayData:
       sortBy: default
       rows: 1
@@ -104,14 +108,14 @@ sections:
         icon: http://192.168.178.201/ui/assets/images/truenas_core_favicon.png
         url: http://192.168.178.201/ui/
         id: 1_1041_truenas
-      - title: Seafile
+          #      - title: Seafile
-        icon: https://manual.seafile.com/media/seafile-transparent-1024.png
+          #        icon: https://manual.seafile.com/media/seafile-transparent-1024.png
-        url: http://192.168.178.200:8081
+          #        url: http://192.168.178.200:8081
-        id: 2_1041_seafile
+          #        id: 2_1041_seafile
-      - title: Django
+          #      - title: Django
-        icon: favicon
+          #        icon: favicon
-        url: http://192.168.178.200:8000
+          #        url: http://192.168.178.200:8000
-        id: 3_1041_django
+          #        id: 3_1041_django
       - title: check_mk
         icon: >-
           http://192.168.178.200:8095/cmk/check_mk/themes/modern-dark/images/tribe29_icon.svg

roles/mediaserver/tasks/main.yml

@@ -8,6 +8,18 @@
   loop: "{{ NFS_MOUNTS }}"
   tags: setup, test
 
+- name: Add podman repo + gpg key
+  block:
+    - name: somerepo |no apt key
+      ansible.builtin.get_url:
+        url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${{ ansible_distribution_version }}/Release.key"
+        dest: /etc/apt/trusted.gpg.d/podman.asc
+
+    - name: somerepo | apt source
+      ansible.builtin.apt_repository:
+        repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/podman.asc] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${{ ansible_distribution_version  }}/ /"
+        state: present
+
 - name: Install mediaserver packages
   apt:
     name: "{{ item }}"
@@ -15,6 +27,8 @@
     update_cache: true
   loop:
     - python3-docker
+    - podman
+    - podman-plugins
 
 - name: Install pip docker-compose
   pip:
@@ -45,6 +59,7 @@
   loop:
     - /opt/docker/mediaserver/config/openvpn
     - /opt/docker/mediaserver/sabnzbd_config/openvpn
+  changed_when: false
   tags: setup, delugevpn
 
 - name: Create dashy config folder

roles/mediaserver/templates/docker-compose.yaml.j2

@@ -49,8 +49,8 @@ services:
             - '/etc/localtime:/etc/localtime:ro'
         environment:
             - VPN_ENABLED=yes
-            - VPN_USER=p3754227
+            - VPN_USER={{ VPN_USER }}
-            - VPN_PASS=xsZtFdAofY
+            - VPN_PASS={{ VPN_PASS }}
             - VPN_PROV=pia
             - VPN_CLIENT=openvpn
             - STRICT_PORT_FORWARD=yes
@@ -175,20 +175,6 @@ services:
         - 9696:9696
       restart: unless-stopped
 
-    watchtower:
-      image: containrrr/watchtower
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - /etc/localtime:/etc/localtime:ro
-      environment:
-        - WATCHTOWER_SCHEDULE=0 0 4 * * *
-        - WATCHTOWER_CLEANUP=true
-        - WATCHTOWER_TIMEOUT=30s
-        - WATCHTOWER_INCLUDE_RESTARTING=true
-        - WATCHTOWER_ROLLING_RESTART=true
-        - TZ="Europe/Berlin"
-      restart: unless-stopped
-
       #    readarr:
       #      image: lscr.io/linuxserver/readarr:develop
       #      container_name: readarr

roles/mediaserver/vars/main.yml

@@ -1,26 +1,4 @@
-$ANSIBLE_VAULT;1.1;AES256
+---
-35633363316132666635656236316665663235336530323065396632636536386135616264373863
+VPN_USER: "p3754227"
-3932373362336332396330653661626432346164623537390a656565633461373731366236313234
+VPN_PASS: "xsZtFdAofY"
-62363136363133353737386562396330326662326135363533343864323931326139376230373262
+...
-6462323031343330360a613635306539626136666235656437303036303430366564326437303038
-35363830343362643030346565336264346139306161646332363436306462336362303362623465
-37303339653339323531613230613635353066386432383561633362653638636365303137306136
-37396239626635363830613130376265386339643466623437653734353035646332356464386136
-66666135663233383234333237346164386134303466646661356539376663656133323531643337
-33363563343138366563396362636465616631366635353639666131353030613338336162303261
-61303264616236346165333033383763353030326361666530636636353963663266346633663664
-36656662333363646664316263346538356631366565363662633937393539626535356530303732
-38666430656635393338613334353562326631326663613339653034626233663966333636363438
-65616464646463336666306263636437343231613765646637303264303632303831303434373161
-62326135646532653133393063663434633834346239316261313831333630306661643035666231
-38623239333437363231323465343633303833313438396562663162373764636662356234336638
-62343065393831613739386532386635613430626239653432666434323939393562313462336364
-35323164376662333239333666383134336539396434393263396137346639373630373839613436
-62653933396239653965306432653837326235356365366563393963633133613261386235663363
-31613463393539643536323866633763353436343238646135636634653834366266333235656230
-32373665656235643234306335613338343465363133626233353232653836323137643937636336
-35613339636662363837333135626336396437356230303464373834643865636438356664346235
-39623036653034663833623737326166373938313731336265626637383538616663396231306430
-34356534613833616139386230313336376532353834343162386139363236666266326638623061
-65643536346439666437643065353264643633653664623462616639653630323735383932626137
-3363

test.yml

@@ -0,0 +1,8 @@
+---
+- hosts: all
+  become: true
+  tasks:
+    - name: echo
+      command: "echo 'Hello World'"
+    - name: uptime
+      command: "uptime"