vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: adds nextcloud and plex

Browse Source 
fix: caddy stuff
This commit is contained in:
Menno van Leeuwen
2025-07-19 03:08:16 +02:00
parent 085d037f77
commit 10374bc2e6
19 changed files with 733 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
config/ansible/caddy-playbook.yml
View File

@@ -1,104 +0,0 @@
---
- name: Configure Caddy service
hosts: all
handlers:
- name: Import handler tasks
ansible.builtin.import_tasks: handlers/main.yml
gather_facts: true
tasks:
- name: Set Caddy directories (basic)
ansible.builtin.set_fact:
caddy_service_dir: "{{ ansible_env.HOME }}/services/caddy"
caddy_data_dir: "/mnt/object_storage/services/caddy"
tags:
- caddy
- setup
- country-blocking
- always
- name: Get Caddy email from 1Password
ansible.builtin.set_fact:
caddy_email: "{{ lookup('community.general.onepassword', 'Caddy (Proxy)', vault='Dotfiles', field='email') }}"
ignore_errors: true
tags:
- caddy
- config
- caddyfile
- country-blocking
- name: Set fallback email if 1Password failed
ansible.builtin.set_fact:
caddy_email: "admin@example.com"
when: caddy_email is not defined
tags:
- caddy
- config
- caddyfile
- country-blocking
- name: Setup country blocking
ansible.builtin.include_tasks: tasks/servers/services/caddy/country-blocking.yml
tags:
- caddy
- country-blocking
- security
- name: Create Caddy directory
ansible.builtin.file:
path: "{{ caddy_service_dir }}"
state: directory
mode: "0755"
tags:
- caddy
- setup
- name: Create Caddy network
ansible.builtin.command: docker network create caddy_default
register: create_caddy_network
failed_when:
- create_caddy_network.rc != 0
- "'already exists' not in create_caddy_network.stderr"
changed_when: create_caddy_network.rc == 0
tags:
- caddy
- docker
- network
- name: Deploy Caddy docker-compose.yml
ansible.builtin.template:
src: tasks/servers/services/caddy/docker-compose.yml.j2
dest: "{{ caddy_service_dir }}/docker-compose.yml"
mode: "0644"
register: caddy_compose
tags:
- caddy
- docker
- config
- name: Deploy Caddy Caddyfile
ansible.builtin.template:
src: tasks/servers/services/caddy/Caddyfile.j2
dest: "{{ caddy_service_dir }}/Caddyfile"
mode: "0644"
register: caddy_file
tags:
- caddy
- config
- caddyfile
- name: Stop Caddy service
ansible.builtin.command: docker compose -f "{{ caddy_service_dir }}/docker-compose.yml" down --remove-orphans
when: caddy_compose.changed or caddy_file.changed
tags:
- caddy
- docker
- service
- name: Start Caddy service
ansible.builtin.command: docker compose -f "{{ caddy_service_dir }}/docker-compose.yml" up -d
when: caddy_compose.changed or caddy_file.changed
tags:
- caddy
- docker
- service

33
config/ansible/tasks/servers/server.yml
View File

@@ -18,6 +18,23 @@
tags:
- juicefs
- name: System performance optimizations
ansible.posix.sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: true
become: true
loop:
- { name: "fs.file-max", value: "2097152" } # Max open files for the entire system
- { name: "vm.max_map_count", value: "16777216" } # Max memory map areas a process can have
- { name: "vm.swappiness", value: "10" } # Controls how aggressively the kernel swaps out memory
- { name: "vm.vfs_cache_pressure", value: "50" } # Controls kernel's tendency to reclaim memory for directory/inode caches
- { name: "net.core.somaxconn", value: "65535" } # Max pending connections for a listening socket
- { name: "net.core.netdev_max_backlog", value: "65535" } # Max packets queued on network interface input
- { name: "net.ipv4.tcp_fin_timeout", value: "30" } # How long sockets stay in FIN-WAIT-2 state
- { name: "net.ipv4.tcp_tw_reuse", value: "1" } # Allows reusing TIME_WAIT sockets for new outgoing connections
- name: Include service tasks
ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml"
loop: "{{ services | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list if specific_service is not defined else services | selectattr('name', 'equalto', specific_service) | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list }}"
@@ -25,6 +42,7 @@
label: "{{ item.name }}"
tags:
- services
- always
vars:
services:
@@ -49,10 +67,17 @@
enabled: true
hosts:
- mennos-cloud-server
- name: jellyfin
- name: plex
enabled: true
hosts:
- mennos-cachyos-desktop
- name: tautulli
enabled: true
hosts:
- mennos-cachyos-desktop
- name: stash
enabled: true
hosts:
- mennos-cloud-server
- mennos-cachyos-desktop
- name: seafile
enabled: true
@@ -82,6 +107,10 @@
enabled: true
hosts:
- mennos-cloud-server
- name: nextcloud
enabled: true
hosts:
- mennos-cachyos-desktop
- name: echoip
enabled: true
hosts:

6
config/ansible/tasks/servers/services/arr-stack/docker-compose.yml.j2
View File

@@ -36,8 +36,8 @@ services:
networks:
- arr_stack_net
lidarr:
image: linuxserver/lidarr:latest
whisparr:
image: ghcr.io/hotio/whisparr:latest
environment:
- PUID=1000
- PGID=100
@@ -47,7 +47,7 @@ services:
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- {{ arr_stack_data_dir }}/lidarr-config:/config
- {{ arr_stack_data_dir }}/whisparr-config:/config
- /mnt/object_storage:/storage
restart: unless-stopped
networks:

85
config/ansible/tasks/servers/services/caddy/Caddyfile.j2
View File

@@ -98,23 +98,6 @@ df.mvl.sh {
tls {{ caddy_email }}
}
overseerr.mvl.sh jellyseerr.mvl.sh overseerr.vleeuwen.me jellyseerr.vleeuwen.me {
import country_block
reverse_proxy mennos-cachyos-desktop:5555
tls {{ caddy_email }}
}
anime.mvl.sh anime.vleeuwen.me {
import country_block
reverse_proxy jellyfin:8096
tls {{ caddy_email }}
}
fladder.mvl.sh {
import country_block
reverse_proxy fladder:80
tls {{ caddy_email }}
}
{% elif inventory_hostname == 'mennos-cachyos-desktop' %}
home.vleeuwen.me {
import country_block
@@ -127,16 +110,12 @@ home.vleeuwen.me {
}
tls {{ caddy_email }}
}
bin.mvl.sh {
import country_block
reverse_proxy privatebin:8080
tls {{ caddy_email }}
}
jellyfin.mvl.sh jellyfin.vleeuwen.me {
import country_block
reverse_proxy jellyfin:8096
tls {{ caddy_email }}
}
ip.mvl.sh ip.vleeuwen.me {
import country_block
@@ -158,4 +137,66 @@ http://ip.mvl.sh http://ip.vleeuwen.me {
header_up X-Forwarded-Host {host}
}
}
overseerr.mvl.sh overseerr.vleeuwen.me {
import country_block
reverse_proxy host.docker.internal:5555
tls {{ caddy_email }}
}
plex.mvl.sh plex.vleeuwen.me {
import country_block
reverse_proxy host.docker.internal:32400 {
header_up Host {upstream_hostport}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
tls {{ caddy_email }}
}
drive.mvl.sh drive.vleeuwen.me {
import country_block
# CalDAV and CardDAV redirects
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
# Handle other .well-known requests
handle /.well-known/* {
reverse_proxy nextcloud:80 {
header_up Host {host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
}
# Main reverse proxy configuration with proper headers
reverse_proxy nextcloud:80 {
header_up Host {host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
# Security headers
header {
# HSTS header for enhanced security (required by Nextcloud)
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Additional security headers recommended for Nextcloud
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "no-referrer"
X-XSS-Protection "1; mode=block"
X-Permitted-Cross-Domain-Policies "none"
X-Robots-Tag "noindex, nofollow"
}
tls {{ caddy_email }}
}
{% endif %}

41
config/ansible/tasks/servers/services/jellyfin/docker-compose.yml.j2
View File

@@ -1,41 +0,0 @@
services:
jellyfin:
image: lscr.io/linuxserver/jellyfin:latest
container_name: jellyfin
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Amsterdam
volumes:
- {{ jellyfin_data_dir }}/jellyfin-config:/config
- {{ '/mnt/data/movies' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/movies' }}:/movies
- {{ '/mnt/data/tvshows' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/tvshows' }}:/tvshows
- {{ '/mnt/data/music' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/music' }}:/music
ports:
- 8096:8096
- 8920:8920
- 7359:7359/udp
- 1901:1900/udp
restart: unless-stopped
group_add:
- "992"
- "44"
networks:
- caddy_network
fladder:
image: ghcr.io/donutware/fladder:latest
ports:
- 5423:80
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Amsterdam
- BASE_URL=https://jellyfin.mvl.sh
networks:
- caddy_network
networks:
caddy_network:
external: true
name: caddy_default

36
config/ansible/tasks/servers/services/jellyfin/jellyfin.yml
View File

@@ -1,36 +0,0 @@
---
- name: Deploy Jellyfin service
block:
- name: Set Jellyfin directories
ansible.builtin.set_fact:
jellyfin_data_dir: "{{ '/mnt/services/jellyfin' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/services/jellyfin' }}"
jellyfin_service_dir: "{{ ansible_env.HOME }}/services/jellyfin"
- name: Create Jellyfin directories
ansible.builtin.file:
path: "{{ jellyfin_dir }}"
state: directory
mode: "0755"
loop:
- "{{ jellyfin_data_dir }}"
- "{{ jellyfin_service_dir }}"
loop_control:
loop_var: jellyfin_dir
- name: Deploy Jellyfin docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ jellyfin_service_dir }}/docker-compose.yml"
mode: "0644"
register: jellyfin_compose
- name: Stop Jellyfin service
ansible.builtin.command: docker compose -f "{{ jellyfin_service_dir }}/docker-compose.yml" down --remove-orphans
when: jellyfin_compose.changed
- name: Start Jellyfin service
ansible.builtin.command: docker compose -f "{{ jellyfin_service_dir }}/docker-compose.yml" up -d
when: jellyfin_compose.changed
tags:
- services
- jellyfin

61
config/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,61 @@
services:
nextcloud:
image: nextcloud
container_name: nextcloud
restart: unless-stopped
networks:
- nextcloud
- caddy_network
depends_on:
- nextclouddb
- redis
ports:
- 8081:80
volumes:
- {{ nextcloud_data_dir }}/nextcloud/html:/var/www/html
- {{ nextcloud_data_dir }}/nextcloud/custom_apps:/var/www/html/custom_apps
- {{ nextcloud_data_dir }}/nextcloud/config:/var/www/html/config
- {{ nextcloud_data_dir }}/nextcloud/data:/var/www/html/data
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Amsterdam
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD={{ lookup('community.general.onepassword', 'Nextcloud', vault='Dotfiles', field='MYSQL_NEXTCLOUD_PASSWORD') }}
- MYSQL_HOST=nextclouddb
- REDIS_HOST=redis
nextclouddb:
image: mariadb:11.4.7
container_name: nextcloud-db
restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
networks:
- nextcloud
volumes:
- {{ nextcloud_data_dir }}/database:/var/lib/mysql
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Amsterdam
- MYSQL_RANDOM_ROOT_PASSWORD=true
- MYSQL_PASSWORD={{ lookup('community.general.onepassword', 'Nextcloud', vault='Dotfiles', field='MYSQL_NEXTCLOUD_PASSWORD') }}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
redis:
image: redis:alpine
container_name: redis
volumes:
- {{ nextcloud_data_dir }}/redis:/data
networks:
- nextcloud
networks:
nextcloud:
name: nextcloud
driver: bridge
caddy_network:
name: caddy_default
external: true

31
config/ansible/tasks/servers/services/nextcloud/nextcloud.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- name: Deploy Nextcloud service
block:
- name: Set Nextcloud directories
ansible.builtin.set_fact:
nextcloud_service_dir: "{{ ansible_env.HOME }}/services/nextcloud"
nextcloud_data_dir: "/mnt/services/nextcloud"
- name: Create Nextcloud directory
ansible.builtin.file:
path: "{{ nextcloud_service_dir }}"
state: directory
mode: "0755"
- name: Deploy Nextcloud docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ nextcloud_service_dir }}/docker-compose.yml"
mode: "0644"
register: nextcloud_compose
- name: Stop Nextcloud service
ansible.builtin.command: docker compose -f "{{ nextcloud_service_dir }}/docker-compose.yml" down --remove-orphans
when: nextcloud_compose.changed
- name: Start Nextcloud service
ansible.builtin.command: docker compose -f "{{ nextcloud_service_dir }}/docker-compose.yml" up -d
when: nextcloud_compose.changed
tags:
- services
- nextcloud

26
config/ansible/tasks/servers/services/plex/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,26 @@
services:
plex:
image: lscr.io/linuxserver/plex:latest
network_mode: host
restart: unless-stopped
runtime: nvidia
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Amsterdam
- VERSION=docker
- NVIDIA_VISIBLE_DEVICES=all
- NVIDIA_DRIVER_CAPABILITIES=all
volumes:
- {{ plex_data_dir }}/config:/config
- {{ plex_data_dir }}/transcode:/transcode
- {{ '/mnt/data/movies' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/movies' }}:/movies
- {{ '/mnt/data/tvshows' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/tvshows' }}:/tvshows
- {{ '/mnt/data/music' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/music' }}:/music
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: all
capabilities: [gpu]

36
config/ansible/tasks/servers/services/plex/plex.yml Normal file
View File

@@ -0,0 +1,36 @@
---
- name: Deploy Plex service
block:
- name: Set Plex directories
ansible.builtin.set_fact:
plex_data_dir: "{{ '/mnt/services/plex' if inventory_hostname == 'mennos-cachyos-desktop' else '/mnt/object_storage/services/plex' }}"
plex_service_dir: "{{ ansible_env.HOME }}/services/plex"
- name: Create Plex directories
ansible.builtin.file:
path: "{{ plex_dir }}"
state: directory
mode: "0755"
loop:
- "{{ plex_data_dir }}"
- "{{ plex_service_dir }}"
loop_control:
loop_var: plex_dir
- name: Deploy Plex docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ plex_service_dir }}/docker-compose.yml"
mode: "0644"
register: plex_compose
- name: Stop Plex service
ansible.builtin.command: docker compose -f "{{ plex_service_dir }}/docker-compose.yml" down --remove-orphans
when: plex_compose.changed
- name: Start Plex service
ansible.builtin.command: docker compose -f "{{ plex_service_dir }}/docker-compose.yml" up -d
when: plex_compose.changed
tags:
- services
- plex

37
config/ansible/tasks/servers/services/stash/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,37 @@
services:
stash:
image: stashapp/stash:latest
container_name: stash
restart: unless-stopped
ports:
- "9999:9999"
environment:
- PUID=1000
- PGID=1000
- STASH_STASH=/data/
- STASH_GENERATED=/generated/
- STASH_METADATA=/metadata/
- STASH_CACHE=/cache/
- STASH_PORT=9999
volumes:
- /etc/localtime:/etc/localtime:ro
## Point this at your collection.
- {{ stash_data_dir }}:/data
## Keep configs, scrapers, and plugins here.
- {{ stash_config_dir }}/config:/root/.stash
## This is where your stash's metadata lives
- {{ stash_config_dir }}/metadata:/metadata
## Any other cache content.
- {{ stash_config_dir }}/cache:/cache
## Where to store binary blob data (scene covers, images)
- {{ stash_config_dir }}/blobs:/blobs
## Where to store generated content (screenshots,previews,transcodes,sprites)
- {{ stash_config_dir }}/generated:/generated
networks:
- caddy_network
networks:
caddy_network:
external: true
name: caddy_default

37
config/ansible/tasks/servers/services/stash/stash.yml Normal file
View File

@@ -0,0 +1,37 @@
---
- name: Deploy Stash service
block:
- name: Set Stash directories
ansible.builtin.set_fact:
stash_data_dir: '/mnt/data/stash'
stash_config_dir: '/mnt/services/stash'
stash_service_dir: "{{ ansible_env.HOME }}/services/stash"
- name: Create Stash directories
ansible.builtin.file:
path: "{{ stash_dir }}"
state: directory
mode: "0755"
loop:
- "{{ stash_data_dir }}"
- "{{ stash_service_dir }}"
loop_control:
loop_var: stash_dir
- name: Deploy Stash docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ stash_service_dir }}/docker-compose.yml"
mode: "0644"
register: stash_compose
- name: Stop Stash service
ansible.builtin.command: docker compose -f "{{ stash_service_dir }}/docker-compose.yml" down --remove-orphans
when: stash_compose.changed
- name: Start Stash service
ansible.builtin.command: docker compose -f "{{ stash_service_dir }}/docker-compose.yml" up -d
when: stash_compose.changed
tags:
- services
- stash

21
config/ansible/tasks/servers/services/tautulli/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,21 @@
---
services:
tautulli:
image: lscr.io/linuxserver/tautulli:latest
container_name: tautulli
environment:
- PUID=1000
- PGID=100
- TZ=Etc/Amsterdam
volumes:
- {{ tautulli_data_dir }}:/config
ports:
- 8181:8181
restart: unless-stopped
networks:
- caddy_network
networks:
caddy_network:
external: true
name: caddy_default

36
config/ansible/tasks/servers/services/tautulli/tautulli.yml Normal file
View File

@@ -0,0 +1,36 @@
---
- name: Deploy Tautulli service
block:
- name: Set Tautulli directories
ansible.builtin.set_fact:
tautulli_data_dir: "{{ '/mnt/services/tautulli' }}"
tautulli_service_dir: "{{ ansible_env.HOME }}/services/tautulli"
- name: Create Tautulli directories
ansible.builtin.file:
path: "{{ tautulli_dir }}"
state: directory
mode: "0755"
loop:
- "{{ tautulli_data_dir }}"
- "{{ tautulli_service_dir }}"
loop_control:
loop_var: tautulli_dir
- name: Deploy Tautulli docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ tautulli_service_dir }}/docker-compose.yml"
mode: "0644"
register: tautulli_compose
- name: Stop Tautulli service
ansible.builtin.command: docker compose -f "{{ tautulli_service_dir }}/docker-compose.yml" down --remove-orphans
when: tautulli_compose.changed
- name: Start Tautulli service
ansible.builtin.command: docker compose -f "{{ tautulli_service_dir }}/docker-compose.yml" up -d
when: tautulli_compose.changed
tags:
- services
- tautulli

11
config/autostart/Nextcloud.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Name=Nextcloud
GenericName=File Synchronizer
Exec="/usr/bin/nextcloud" --background
Terminal=false
Icon=Nextcloud
Categories=Network
Type=Application
StartupNotify=false
X-GNOME-Autostart-enabled=true
X-GNOME-Autostart-Delay=10

2
config/ssh/config
View File

@@ -1,5 +1,5 @@
Host *
IdentityAgent ~/.1password/agent.sock
IdentityAgent SSH_AUTH_SOCK
AddKeysToAgent yes
ForwardAgent yes