vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance Ansible playbooks and scripts:
Some checks failed
Ansible Lint Check / check-ansible (push) Failing after 26s
Details
Nix Format Check / check-format (push) Failing after 1m27s
Details
Python Lint Check / check-python (push) Failing after 18s
Details

Browse Source 
- Add '--skip-check' option to update.py to skip dotfiles update checks.
- Update playbook.yml and symlinks.yml to use 'inventory_hostname' for host checks.
- Refactor service task inclusions in server.yml for better readability and maintainability.
- Add new Home Assistant service with corresponding docker-compose configuration.
- Update various service YAML files to use dynamic paths based on inventory_hostname.
- Add tags for service tasks to improve organization and execution control.
- Remove obsolete services.yml file.
This commit is contained in:
Menno van Leeuwen
2025-07-11 03:04:50 +00:00
parent a349923d8e
commit 2eb5ab5387
27 changed files with 281 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
bin/actions/update.py
View File

@@ -28,6 +28,7 @@ def help_message():
"green",
" --full-speed, -F Upgrade packages and use all available cores for compilation. (Default: 8 cores)",
)
printfe("green", " --skip-check, -s Skip checking for dotfiles updates.")
printfe("green", " --help, -h Display this help message.")
return 0
@@ -236,6 +237,10 @@ def main():
"--help", "-h", action="store_true", help="Display help message"
)
parser.add_argument(
"--skip-check", "-s", action="store_true", help="Skip checking for dotfiles updates"
)
args = parser.parse_args()
if args.help:
@@ -250,10 +255,13 @@ def main():
if args.ansible_verbose:
args.ansible = True
# Always check git repository first
if not check_git_repository():
printfe("red", "Failed to check or update dotfiles repository.")
return 1
# Always check git repository first unless skip-check is set
if not args.skip_check:
if not check_git_repository():
printfe("red", "Failed to check or update dotfiles repository.")
return 1
else:
printfe("yellow", "Skipping dotfiles repository update check (--skip-check).")
# Set cores and jobs based on full-speed flag
if args.full_speed:

4
config/ansible/playbook.yml
View File

@@ -12,8 +12,8 @@
- name: Include workstation tasks
ansible.builtin.import_tasks: tasks/workstations/workstation.yml
when: hostname in ['mennos-laptop', 'mennos-cosmic-laptop', 'mennos-desktop']
when: inventory_hostname in ['mennos-laptop', 'mennos-cosmic-laptop', 'mennos-desktop']
- name: Include server tasks
ansible.builtin.import_tasks: tasks/servers/server.yml
when: hostname in ['mennos-server', 'mennos-cloud-server', 'mennos-hobbypc', 'mennos-vm', 'dotfiles-test']
when: inventory_hostname in ['mennos-server', 'mennos-cloud-server', 'mennos-hobbypc', 'mennos-vm', 'dotfiles-test']

4
config/ansible/tasks/global/symlinks.yml
View File

@@ -19,7 +19,7 @@
- name: Create gitconfig symlink
ansible.builtin.file:
src: "{{ gitconfig_mapping[hostname] | replace('~', user_home) | replace('$DOTFILES_PATH', lookup('env', 'DOTFILES_PATH')) }}"
src: "{{ gitconfig_mapping[inventory_hostname] | replace('~', user_home) | replace('$DOTFILES_PATH', lookup('env', 'DOTFILES_PATH')) }}"
dest: "{{ user_home }}/.gitconfig"
state: link
force: true
@@ -37,7 +37,7 @@
- name: Create SSH authorized_keys symlink
ansible.builtin.file:
src: "{{ authorized_keys_mapping[hostname] | replace('~', user_home) | replace('$DOTFILES_PATH', lookup('env', 'DOTFILES_PATH')) }}"
src: "{{ authorized_keys_mapping[inventory_hostname] | replace('~', user_home) | replace('$DOTFILES_PATH', lookup('env', 'DOTFILES_PATH')) }}"
dest: "{{ user_home }}/.ssh/authorized_keys"
state: link
force: true

141
config/ansible/tasks/servers/server.yml
View File

@@ -11,67 +11,80 @@
- name: Include JuiceFS tasks
ansible.builtin.include_tasks: juicefs.yml
- name: Include services tasks
ansible.builtin.include_tasks: services/services.yml
vars:
services:
- name: caddy
enabled: true
hosts:
- mennos-cloud-server
- name: karakeep
enabled: true
hosts:
- mennos-cloud-server
- name: golink
enabled: true
hosts:
- mennos-cloud-server
- name: immich
enabled: true
hosts:
- mennos-cloud-server
- name: gitea
enabled: true
hosts:
- mennos-cloud-server
- name: jellyfin
enabled: true
hosts:
- mennos-cloud-server
- name: seafile
enabled: true
hosts:
- mennos-cloud-server
- name: uptime-kuma
enabled: true
hosts:
- mennos-cloud-server
- name: factorio
enabled: true
hosts:
- mennos-cloud-server
- name: dozzle
enabled: true
hosts:
- mennos-cloud-server
- name: beszel
enabled: true
hosts:
- mennos-cloud-server
- name: downloaders
enabled: true
hosts:
- mennos-cloud-server
- name: wireguard
enabled: true
hosts:
- mennos-cloud-server
- name: echoip
enabled: true
hosts:
- mennos-cloud-server
- name: arr-stack
enabled: false
hosts:
- mennos-cloud-server
- name: Include service tasks
ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml"
loop: "{{ services }}"
when: item.enabled|bool and (inventory_hostname in item.hosts)
loop_control:
label: "{{ item.name }}"
tags:
- services
vars:
services:
- name: caddy
enabled: true
hosts:
- mennos-cloud-server
- mennos-server
- name: karakeep
enabled: true
hosts:
- mennos-cloud-server
- name: golink
enabled: true
hosts:
- mennos-cloud-server
- name: immich
enabled: true
hosts:
- mennos-cloud-server
- name: gitea
enabled: true
hosts:
- mennos-cloud-server
- name: jellyfin
enabled: true
hosts:
- mennos-cloud-server
# - mennos-server
- name: seafile
enabled: true
hosts:
- mennos-cloud-server
- name: uptime-kuma
enabled: true
hosts:
- mennos-cloud-server
- name: factorio
enabled: true
hosts:
- mennos-cloud-server
- name: dozzle
enabled: true
hosts:
- mennos-cloud-server
- name: beszel
enabled: true
hosts:
- mennos-cloud-server
- name: downloaders
enabled: true
hosts:
- mennos-cloud-server
- name: wireguard
enabled: true
hosts:
- mennos-cloud-server
- name: echoip
enabled: true
hosts:
- mennos-cloud-server
- mennos-server
- name: arr-stack
enabled: false
hosts:
- mennos-cloud-server
- name: home-assistant
enabled: true
hosts:
- mennos-server

3
config/ansible/tasks/servers/services/arr-stack/arr-stack.yml
View File

@@ -32,3 +32,6 @@
- name: Start ArrStack service
ansible.builtin.command: docker compose -f "{{ arr_stack_service_dir }}/docker-compose.yml" up -d
when: arr_stack_template_result.changed
tags:
- services
- arr_stack

3
config/ansible/tasks/servers/services/beszel/beszel.yml
View File

@@ -32,3 +32,6 @@
- name: Start Beszel service
ansible.builtin.command: docker compose -f "{{ beszel_service_dir }}/docker-compose.yml" up -d
when: beszel_compose.changed
tags:
- services
- beszel

136
config/ansible/tasks/servers/services/caddy/Caddyfile.j2
View File

@@ -28,110 +28,124 @@
}
{% endif %}
{% if inventory_hostname == 'mennos-cloud-server' %}
photos.mvl.sh {
import country_block
reverse_proxy immich:2283
tls {{ caddy_email }}
import country_block
reverse_proxy immich:2283
tls {{ caddy_email }}
}
photos.vleeuwen.me {
import country_block
redir https://photos.mvl.sh{uri}
tls {{ caddy_email }}
import country_block
redir https://photos.mvl.sh{uri}
tls {{ caddy_email }}
}
karakeep.mvl.sh {
import country_block
reverse_proxy karakeep:3000
tls {{ caddy_email }}
import country_block
reverse_proxy karakeep:3000
tls {{ caddy_email }}
}
hoarder.mvl.sh {
import country_block
redir https://karakeep.mvl.sh{uri}
import country_block
redir https://karakeep.mvl.sh{uri}
}
git.vleeuwen.me git.mvl.sh {
import country_block
reverse_proxy gitea:3000
tls {{ caddy_email }}
import country_block
reverse_proxy gitea:3000
tls {{ caddy_email }}
}
status.vleeuwen.me status.mvl.sh {
import country_block
reverse_proxy uptime-kuma:3001
tls {{ caddy_email }}
import country_block
reverse_proxy uptime-kuma:3001
tls {{ caddy_email }}
}
sf.mvl.sh {
import country_block
reverse_proxy seafile:80
import country_block
reverse_proxy seafile:80
handle /seafdav* {
reverse_proxy seafile:8080
}
handle /seafdav* {
reverse_proxy seafile:8080
}
tls {{ caddy_email }}
tls {{ caddy_email }}
}
of.mvl.sh {
import country_block
reverse_proxy onlyoffice:80 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
}
tls {{ caddy_email }}
import country_block
reverse_proxy onlyoffice:80 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
}
tls {{ caddy_email }}
}
fsm.mvl.sh {
import country_block
reverse_proxy factorio-server-manager:80
tls {{ caddy_email }}
import country_block
reverse_proxy factorio-server-manager:80
tls {{ caddy_email }}
}
df.mvl.sh {
import country_block
redir / https://git.mvl.sh/vleeuwenmenno/dotfiles/raw/branch/master/setup.sh
tls {{ caddy_email }}
import country_block
redir / https://git.mvl.sh/vleeuwenmenno/dotfiles/raw/branch/master/setup.sh
tls {{ caddy_email }}
}
overseerr.mvl.sh jellyseerr.mvl.sh overseerr.vleeuwen.me jellyseerr.vleeuwen.me {
import country_block
reverse_proxy mennos-server:5555
tls {{ caddy_email }}
import country_block
reverse_proxy mennos-server:5555
tls {{ caddy_email }}
}
jellyfin.mvl.sh jellyfin.vleeuwen.me {
import country_block
reverse_proxy jellyfin:8096
tls {{ caddy_email }}
import country_block
reverse_proxy jellyfin:8096
tls {{ caddy_email }}
}
fladder.mvl.sh {
import country_block
reverse_proxy fladder:80
tls {{ caddy_email }}
import country_block
reverse_proxy fladder:80
tls {{ caddy_email }}
}
ip.mvl.sh {
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
tls {{ caddy_email }}
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
tls {{ caddy_email }}
}
http://ip.mvl.sh {
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
import country_block
reverse_proxy echoip:8080 {
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
}
{% elif inventory_hostname == 'mennos-server' %}
home.vleeuwen.me {
import country_block
reverse_proxy host.docker.internal:8123 {
header_up Host {upstream_hostport}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
tls {{ caddy_email }}
}
{% endif %}

9
config/ansible/tasks/servers/services/caddy/caddy.yml
View File

@@ -4,18 +4,19 @@
- name: Set Caddy directories
ansible.builtin.set_fact:
caddy_service_dir: "{{ ansible_env.HOME }}/services/caddy"
caddy_data_dir: "/mnt/object_storage/services/caddy"
caddy_data_dir: "{{ '/mnt/services/caddy' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/caddy' }}"
geoip_db_path: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/echoip' }}"
caddy_email: "{{ lookup('community.general.onepassword', 'qwvcr4cuumhqh3mschv57xdqka', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='email') }}"
- name: Setup country blocking
ansible.builtin.include_tasks: country-blocking.yml
- name: Create Caddy directory
ansible.builtin.file:
path: "{{ caddy_service_dir }}"
state: directory
mode: "0755"
- name: Setup country blocking
ansible.builtin.include_tasks: country-blocking.yml
- name: Copy Dockerfile for custom Caddy build
ansible.builtin.copy:
src: Dockerfile

4
config/ansible/tasks/servers/services/caddy/country-blocking.yml
View File

@@ -10,7 +10,7 @@
- name: Check if MaxMind Country database is available
ansible.builtin.stat:
path: "/mnt/object_storage/services/echoip/GeoLite2-Country.mmdb"
path: "{{ geoip_db_path }}/GeoLite2-Country.mmdb"
register: maxmind_country_db
when: enable_country_blocking | default(false)
@@ -36,7 +36,7 @@
ansible.builtin.debug:
msg:
- "⚠️ WARNING: MaxMind Country database not found!"
- "Expected location: /mnt/object_storage/services/echoip/GeoLite2-Country.mmdb"
- "Expected location: {{ geoip_db_path }}/GeoLite2-Country.mmdb"
- "Country blocking will not work until EchoIP service is deployed"
- "Run: dotf update --ansible --tags echoip"
when:

2
config/ansible/tasks/servers/services/caddy/docker-compose.yml.j2
View File

@@ -11,7 +11,7 @@ services:
- {{ caddy_data_dir }}/data:/data
- {{ caddy_data_dir }}/config:/config
- {{ caddy_service_dir }}/Caddyfile:/etc/caddy/Caddyfile
- /mnt/object_storage/services/echoip:/etc/caddy/geoip:ro
- {{ geoip_db_path }}:/etc/caddy/geoip:ro
- {{ caddy_data_dir }}/logs:/var/log/caddy
environment:
- TZ=Europe/Amsterdam

3
config/ansible/tasks/servers/services/downloaders/downloaders.yml
View File

@@ -27,3 +27,6 @@
- name: Start Downloaders service
ansible.builtin.command: docker compose -f "{{ downloaders_service_dir }}/docker-compose.yml" up -d
when: downloaders_compose.changed
tags:
- services
- downloaders

3
config/ansible/tasks/servers/services/dozzle/dozzle.yml
View File

@@ -32,3 +32,6 @@
- name: Start Dozzle service
ansible.builtin.command: docker compose -f "{{ dozzle_service_dir }}/docker-compose.yml" up -d
when: dozzle_compose.changed
tags:
- services
- dozzle

5
config/ansible/tasks/servers/services/echoip/echoip.yml
View File

@@ -4,7 +4,7 @@
- name: Set EchoIP directories
ansible.builtin.set_fact:
echoip_service_dir: "{{ ansible_env.HOME }}/services/echoip"
echoip_data_dir: "/mnt/object_storage/services/echoip"
echoip_data_dir: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/echoip' }}"
maxmind_account_id: "{{ lookup('community.general.onepassword', 'finpwvqp6evflzjcsnwge74n34',
vault='j7nmhqlsjmp2r6umly5t75hzb4', field='account_id') | regex_replace('\\s+', '') }}"
maxmind_license_key: "{{ lookup('community.general.onepassword', 'finpwvqp6evflzjcsnwge74n34',
@@ -141,3 +141,6 @@
- name: Start EchoIP service
ansible.builtin.command: docker compose -f "{{ echoip_service_dir }}/docker-compose.yml" up -d
when: echoip_compose.changed
tags:
- services
- echoip

3
config/ansible/tasks/servers/services/factorio/factorio.yml
View File

@@ -26,3 +26,6 @@
- name: Start Factorio service
ansible.builtin.command: docker compose -f "{{ factorio_service_dir }}/docker-compose.yml" up -d
when: factorio_compose.changed
tags:
- services
- factorio

4
config/ansible/tasks/servers/services/gitea/gitea.yml
View File

@@ -38,3 +38,7 @@
- name: Start Gitea service
ansible.builtin.command: docker compose -f "{{ gitea_service_dir }}/docker-compose.yml" up -d
when: gitea_compose.changed or gitea_act_runner_config.changed
tags:
- services
- gitea

3
config/ansible/tasks/servers/services/golink/golink.yml
View File

@@ -31,3 +31,6 @@
- name: Start GoLink service
ansible.builtin.command: docker compose -f "{{ golink_service_dir }}/docker-compose.yml" up -d
when: golink_compose.changed
tags:
- services
- golink

17
config/ansible/tasks/servers/services/home-assistant/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,17 @@
services:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- "/var/run/dbus:/run/dbus:ro"
- {{ homeassistant_data_dir }}:/config
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TZ=Europe/Amsterdam
- PUID=1000
- PGID=1000
restart: unless-stopped
privileged: true
network_mode: host
devices:
- /dev/ttyUSB0:/dev/ttyUSB0

36
config/ansible/tasks/servers/services/home-assistant/home-assistant.yml Normal file
View File

@@ -0,0 +1,36 @@
---
- name: Deploy Home Assistant service
block:
- name: Set Home Assistant directories
ansible.builtin.set_fact:
homeassistant_data_dir: "/mnt/services/homeassistant"
homeassistant_service_dir: "{{ ansible_env.HOME }}/services/homeassistant"
- name: Create Home Assistant directories
ansible.builtin.file:
path: "{{ homeassistant_dir }}"
state: directory
mode: "0755"
loop:
- "{{ homeassistant_data_dir }}"
- "{{ homeassistant_service_dir }}"
loop_control:
loop_var: homeassistant_dir
- name: Deploy Home Assistant docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ homeassistant_service_dir }}/docker-compose.yml"
mode: "0644"
register: homeassistant_compose
- name: Stop Home Assistant service
ansible.builtin.command: docker compose -f "{{ homeassistant_service_dir }}/docker-compose.yml" down --remove-orphans
when: homeassistant_compose.changed
- name: Start Home Assistant service
ansible.builtin.command: docker compose -f "{{ homeassistant_service_dir }}/docker-compose.yml" up -d
when: homeassistant_compose.changed
tags:
- services
- homeassistant

3
config/ansible/tasks/servers/services/immich/immich.yml
View File

@@ -39,3 +39,6 @@
- name: Start Immich service
ansible.builtin.command: docker compose -f "{{ immich_service_dir }}/docker-compose.yml" up -d
when: immich_compose.changed
tags:
- services
- immich

8
config/ansible/tasks/servers/services/jellyfin/docker-compose.yml.j2
View File

@@ -8,10 +8,10 @@ services:
- TZ=Europe/Amsterdam
- JELLYFIN_PublishedServerUrl=https://jellyfin.mvl.sh
volumes:
- {{jellyfin_data_dir}}/jellyfin-config:/config
- /mnt/object_storage/movies:/movies
- /mnt/object_storage/tvshows:/tvshows
- /mnt/object_storage/music:/music
- {{ jellyfin_data_dir }}/jellyfin-config:/config
- {{ '/mnt/movies' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/movies' }}:/movies
- {{ '/mnt/tv_shows' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/tvshows' }}:/tvshows
- {{ '/mnt/music' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/music' }}:/music
ports:
- 8096:8096
- 8920:8920

5
config/ansible/tasks/servers/services/jellyfin/jellyfin.yml
View File

@@ -3,7 +3,7 @@
block:
- name: Set Jellyfin directories
ansible.builtin.set_fact:
jellyfin_data_dir: "/mnt/object_storage/services/jellyfin"
jellyfin_data_dir: "{{ '/mnt/services/jellyfin' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/jellyfin' }}"
jellyfin_service_dir: "{{ ansible_env.HOME }}/services/jellyfin"
- name: Create Jellyfin directories
@@ -31,3 +31,6 @@
- name: Start Jellyfin service
ansible.builtin.command: docker compose -f "{{ jellyfin_service_dir }}/docker-compose.yml" up -d
when: jellyfin_compose.changed
tags:
- services
- jellyfin

3
config/ansible/tasks/servers/services/karakeep/karakeep.yml
View File

@@ -38,3 +38,6 @@
- name: Start Karakeep service
ansible.builtin.command: docker compose -f "{{ karakeep_service_dir }}/docker-compose.yml" up -d
when: karakeep_compose.changed
tags:
- services
- redis

3
config/ansible/tasks/servers/services/redis/redis.yml
View File

@@ -75,3 +75,6 @@
register: docker_restart
changed_when: docker_restart.rc == 0
when: redis_compose.changed
tags:
- services
- redis

3
config/ansible/tasks/servers/services/seafile/seafile.yml
View File

@@ -70,3 +70,6 @@
- name: Start Seafile service
ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" up -d
when: seafile_configs.changed
tags:
- services
- seafile

13
config/ansible/tasks/servers/services/services.yml
View File

@@ -1,13 +0,0 @@
---
- name: Include service cleanup tasks
ansible.builtin.include_tasks: service_cleanup.yml
- name: Include service tasks
ansible.builtin.include_tasks: "{{ item.name }}/{{ item.name }}.yml"
loop: "{{ services }}"
when: item.enabled|bool and (inventory_hostname in item.hosts)
loop_control:
label: "{{ item.name }}"
tags:
- "{{ item.name }}"
- services

3
config/ansible/tasks/servers/services/uptime-kuma/uptime-kuma.yml
View File

@@ -26,3 +26,6 @@
- name: Start Uptime Kuma service
ansible.builtin.command: docker compose -f "{{ uptime_kuma_service_dir }}/docker-compose.yml" up -d
when: uptime_kuma_compose.changed or uptime_kuma_start | default(false) | bool
tags:
- services
- uptime_kuma

3
config/ansible/tasks/servers/services/wireguard/wireguard.yml
View File

@@ -26,3 +26,6 @@
- name: Start WireGuard service
ansible.builtin.command: docker compose -f "{{ wireguard_service_dir }}/docker-compose.yml" up -d
when: wireguard_compose.changed
tags:
- services
- wireguard