diff --git a/ansible/tasks/servers/server.yml b/ansible/tasks/servers/server.yml index fc0338a..bf6a6a1 100644 --- a/ansible/tasks/servers/server.yml +++ b/ansible/tasks/servers/server.yml @@ -1,148 +1,152 @@ --- - name: Server setup block: - - name: Ensure openssh-server is installed on Arch-based systems - ansible.builtin.package: - name: openssh - state: present - when: ansible_pkg_mgr == 'pacman' + - name: Ensure openssh-server is installed on Arch-based systems + ansible.builtin.package: + name: openssh + state: present + when: ansible_pkg_mgr == 'pacman' - - name: Ensure openssh-server is installed on non-Arch systems - ansible.builtin.package: - name: openssh-server - state: present - when: ansible_pkg_mgr != 'pacman' + - name: Ensure openssh-server is installed on non-Arch systems + ansible.builtin.package: + name: openssh-server + state: present + when: ansible_pkg_mgr != 'pacman' - - name: Ensure Borg is installed on Arch-based systems - ansible.builtin.package: - name: borg - state: present - become: true - when: ansible_pkg_mgr == 'pacman' + - name: Ensure Borg is installed on Arch-based systems + ansible.builtin.package: + name: borg + state: present + become: true + when: ansible_pkg_mgr == 'pacman' - - name: Ensure Borg is installed on Debian/Ubuntu systems - ansible.builtin.package: - name: borgbackup - state: present - become: true - when: ansible_pkg_mgr != 'pacman' + - name: Ensure Borg is installed on Debian/Ubuntu systems + ansible.builtin.package: + name: borgbackup + state: present + become: true + when: ansible_pkg_mgr != 'pacman' - - name: Include Dynamic DNS tasks - ansible.builtin.include_tasks: dynamic-dns.yml - tags: - - dynamic-dns + - name: Include Dynamic DNS tasks + ansible.builtin.include_tasks: dynamic-dns.yml + tags: + - dynamic-dns - - name: Include Borg Backup tasks - ansible.builtin.include_tasks: borg-backup.yml - tags: - - borg-backup + - name: Include Borg Backup tasks + ansible.builtin.include_tasks: borg-backup.yml + tags: + - borg-backup - - name: System performance optimizations - ansible.posix.sysctl: - name: "{{ item.name }}" - value: "{{ item.value }}" - state: present - reload: true - become: true - loop: - - { name: "fs.file-max", value: "2097152" } # Max open files for the entire system - - { name: "vm.max_map_count", value: "16777216" } # Max memory map areas a process can have - - { name: "vm.swappiness", value: "10" } # Controls how aggressively the kernel swaps out memory - - { name: "vm.vfs_cache_pressure", value: "50" } # Controls kernel's tendency to reclaim memory for directory/inode caches - - { name: "net.core.somaxconn", value: "65535" } # Max pending connections for a listening socket - - { name: "net.core.netdev_max_backlog", value: "65535" } # Max packets queued on network interface input - - { name: "net.ipv4.tcp_fin_timeout", value: "30" } # How long sockets stay in FIN-WAIT-2 state - - { name: "net.ipv4.tcp_tw_reuse", value: "1" } # Allows reusing TIME_WAIT sockets for new outgoing connections + - name: System performance optimizations + ansible.posix.sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + state: present + reload: true + become: true + loop: + - { name: "fs.file-max", value: "2097152" } # Max open files for the entire system + - { name: "vm.max_map_count", value: "16777216" } # Max memory map areas a process can have + - { name: "vm.swappiness", value: "10" } # Controls how aggressively the kernel swaps out memory + - { name: "vm.vfs_cache_pressure", value: "50" } # Controls kernel's tendency to reclaim memory for directory/inode caches + - { name: "net.core.somaxconn", value: "65535" } # Max pending connections for a listening socket + - { name: "net.core.netdev_max_backlog", value: "65535" } # Max packets queued on network interface input + - { name: "net.ipv4.tcp_fin_timeout", value: "30" } # How long sockets stay in FIN-WAIT-2 state + - { name: "net.ipv4.tcp_tw_reuse", value: "1" } # Allows reusing TIME_WAIT sockets for new outgoing connections - - name: Include service tasks - ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml" - loop: "{{ services | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list if specific_service is not defined else services | selectattr('name', 'equalto', specific_service) | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list }}" - loop_control: - label: "{{ item.name }}" - tags: - - services - - always + - name: Include service tasks + ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml" + loop: "{{ services | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list if specific_service is not defined else services | selectattr('name', 'equalto', specific_service) | selectattr('enabled', 'equalto', true) | selectattr('hosts', 'contains', inventory_hostname) | list }}" + loop_control: + label: "{{ item.name }}" + tags: + - services + - always vars: - services: - - name: dashy - enabled: true - hosts: - - mennos-server - - name: gitea - enabled: true - hosts: - - mennos-server - - name: factorio - enabled: true - hosts: - - mennos-server - - name: dozzle - enabled: true - hosts: - - mennos-server - - name: beszel - enabled: true - hosts: - - mennos-server - - name: caddy - enabled: true - hosts: - - mennos-server - - name: golink - enabled: true - hosts: - - mennos-server - - name: immich - enabled: true - hosts: - - mennos-server - - name: plex - enabled: true - hosts: - - mennos-server - - name: tautulli - enabled: true - hosts: - - mennos-server - - name: downloaders - enabled: true - hosts: - - mennos-server - - name: wireguard - enabled: true - hosts: - - mennos-server - - name: echoip - enabled: true - hosts: - - mennos-server - - name: arr-stack - enabled: true - hosts: - - mennos-server - - name: home-assistant - enabled: true - hosts: - - mennos-server - - name: privatebin - enabled: true - hosts: - - mennos-server - - name: unifi-network-application - enabled: true - hosts: - - mennos-server - - name: sathub - enabled: true - hosts: - - mennos-server - # Game Servers - - name: avorion - enabled: false - hosts: - - mennos-server - - name: necesse - enabled: true - hosts: - - mennos-server + services: + - name: dashy + enabled: true + hosts: + - mennos-server + - name: gitea + enabled: true + hosts: + - mennos-server + - name: factorio + enabled: true + hosts: + - mennos-server + - name: nextcloud + enabled: true + hosts: + - mennos-server + - name: dozzle + enabled: true + hosts: + - mennos-server + - name: beszel + enabled: true + hosts: + - mennos-server + - name: caddy + enabled: true + hosts: + - mennos-server + - name: golink + enabled: true + hosts: + - mennos-server + - name: immich + enabled: true + hosts: + - mennos-server + - name: plex + enabled: true + hosts: + - mennos-server + - name: tautulli + enabled: true + hosts: + - mennos-server + - name: downloaders + enabled: true + hosts: + - mennos-server + - name: wireguard + enabled: true + hosts: + - mennos-server + - name: echoip + enabled: true + hosts: + - mennos-server + - name: arr-stack + enabled: true + hosts: + - mennos-server + - name: home-assistant + enabled: true + hosts: + - mennos-server + - name: privatebin + enabled: true + hosts: + - mennos-server + - name: unifi-network-application + enabled: true + hosts: + - mennos-server + - name: sathub + enabled: true + hosts: + - mennos-server + # Game Servers + - name: avorion + enabled: false + hosts: + - mennos-server + - name: necesse + enabled: true + hosts: + - mennos-server diff --git a/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 b/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 new file mode 100644 index 0000000..6371808 --- /dev/null +++ b/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 @@ -0,0 +1,73 @@ +services: + nextcloud: + image: nextcloud + container_name: nextcloud + restart: unless-stopped + networks: + - nextcloud + - caddy_network + depends_on: + - nextclouddb + - redis + ports: + - 8081:80 + volumes: + - {{ nextcloud_data_dir }}/nextcloud/html:/var/www/html + - {{ nextcloud_data_dir }}/nextcloud/custom_apps:/var/www/html/custom_apps + - {{ nextcloud_data_dir }}/nextcloud/config:/var/www/html/config + - {{ nextcloud_data_dir }}/nextcloud/data:/var/www/html/data + environment: + - PUID=1000 + - PGID=100 + - TZ=Europe/Amsterdam + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_PASSWORD={{ lookup('community.general.onepassword', 'Nextcloud', vault='Dotfiles', field='MYSQL_NEXTCLOUD_PASSWORD') }} + - MYSQL_HOST=nextclouddb + - REDIS_HOST=redis + deploy: + resources: + limits: + memory: 2G + + nextclouddb: + image: mariadb:11.4.7 + container_name: nextcloud-db + restart: unless-stopped + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + networks: + - nextcloud + volumes: + - {{ nextcloud_data_dir }}/database:/var/lib/mysql + environment: + - PUID=1000 + - PGID=100 + - TZ=Europe/Amsterdam + - MYSQL_RANDOM_ROOT_PASSWORD=true + - MYSQL_PASSWORD={{ lookup('community.general.onepassword', 'Nextcloud', vault='Dotfiles', field='MYSQL_NEXTCLOUD_PASSWORD') }} + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + deploy: + resources: + limits: + memory: 1G + + redis: + image: redis:alpine + container_name: redis + volumes: + - {{ nextcloud_data_dir }}/redis:/data + networks: + - nextcloud + deploy: + resources: + limits: + memory: 512M + +networks: + nextcloud: + name: nextcloud + driver: bridge + caddy_network: + name: caddy_default + external: true diff --git a/ansible/tasks/servers/services/nextcloud/nextcloud.yml b/ansible/tasks/servers/services/nextcloud/nextcloud.yml new file mode 100644 index 0000000..8b1c464 --- /dev/null +++ b/ansible/tasks/servers/services/nextcloud/nextcloud.yml @@ -0,0 +1,31 @@ +--- +- name: Deploy Nextcloud service + block: + - name: Set Nextcloud directories + ansible.builtin.set_fact: + nextcloud_service_dir: "{{ ansible_env.HOME }}/.services/nextcloud" + nextcloud_data_dir: "/mnt/services/nextcloud" + + - name: Create Nextcloud directory + ansible.builtin.file: + path: "{{ nextcloud_service_dir }}" + state: directory + mode: "0755" + + - name: Deploy Nextcloud docker-compose.yml + ansible.builtin.template: + src: docker-compose.yml.j2 + dest: "{{ nextcloud_service_dir }}/docker-compose.yml" + mode: "0644" + register: nextcloud_compose + + - name: Stop Nextcloud service + ansible.builtin.command: docker compose -f "{{ nextcloud_service_dir }}/docker-compose.yml" down --remove-orphans + when: nextcloud_compose.changed + + - name: Start Nextcloud service + ansible.builtin.command: docker compose -f "{{ nextcloud_service_dir }}/docker-compose.yml" up -d + when: nextcloud_compose.changed + tags: + - services + - nextcloud