diff --git a/config/ansible/tasks/servers/server.yml b/config/ansible/tasks/servers/server.yml index 03178a9..873effb 100644 --- a/config/ansible/tasks/servers/server.yml +++ b/config/ansible/tasks/servers/server.yml @@ -26,14 +26,14 @@ reload: true become: true loop: - - { name: "fs.file-max", value: "2097152" } # Max open files for the entire system - - { name: "vm.max_map_count", value: "16777216" } # Max memory map areas a process can have - - { name: "vm.swappiness", value: "10" } # Controls how aggressively the kernel swaps out memory - - { name: "vm.vfs_cache_pressure", value: "50" } # Controls kernel's tendency to reclaim memory for directory/inode caches - - { name: "net.core.somaxconn", value: "65535" } # Max pending connections for a listening socket + - { name: "fs.file-max", value: "2097152" } # Max open files for the entire system + - { name: "vm.max_map_count", value: "16777216" } # Max memory map areas a process can have + - { name: "vm.swappiness", value: "10" } # Controls how aggressively the kernel swaps out memory + - { name: "vm.vfs_cache_pressure", value: "50" } # Controls kernel's tendency to reclaim memory for directory/inode caches + - { name: "net.core.somaxconn", value: "65535" } # Max pending connections for a listening socket - { name: "net.core.netdev_max_backlog", value: "65535" } # Max packets queued on network interface input - - { name: "net.ipv4.tcp_fin_timeout", value: "30" } # How long sockets stay in FIN-WAIT-2 state - - { name: "net.ipv4.tcp_tw_reuse", value: "1" } # Allows reusing TIME_WAIT sockets for new outgoing connections + - { name: "net.ipv4.tcp_fin_timeout", value: "30" } # How long sockets stay in FIN-WAIT-2 state + - { name: "net.ipv4.tcp_tw_reuse", value: "1" } # Allows reusing TIME_WAIT sockets for new outgoing connections - name: Include service tasks ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml" @@ -107,7 +107,7 @@ hosts: - mennos-cachyos-desktop - name: arr-stack - enabled: false + enabled: true hosts: - mennos-cachyos-desktop - name: home-assistant diff --git a/config/ansible/tasks/servers/services/arr-stack/arr-stack.yml b/config/ansible/tasks/servers/services/arr-stack/arr-stack.yml index e4b27dd..57b6e97 100644 --- a/config/ansible/tasks/servers/services/arr-stack/arr-stack.yml +++ b/config/ansible/tasks/servers/services/arr-stack/arr-stack.yml @@ -4,7 +4,7 @@ - name: Set ArrStack directories ansible.builtin.set_fact: arr_stack_service_dir: "{{ ansible_env.HOME }}/services/arr-stack" - arr_stack_data_dir: "/mnt/object_storage/services/arr-stack" + arr_stack_data_dir: "/mnt/services/arr-stack" - name: Create ArrStack directory ansible.builtin.file: diff --git a/config/ansible/tasks/servers/services/arr-stack/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/arr-stack/docker-compose.yml.j2 index 97ce74f..6adf644 100644 --- a/config/ansible/tasks/servers/services/arr-stack/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/arr-stack/docker-compose.yml.j2 @@ -13,7 +13,7 @@ services: - host.docker.internal:host-gateway volumes: - {{ arr_stack_data_dir }}/radarr-config:/config - - /mnt/object_storage:/storage + - /mnt/data:/mnt/data restart: "unless-stopped" networks: - arr_stack_net @@ -27,7 +27,7 @@ services: - TZ=Europe/Amsterdam volumes: - {{ arr_stack_data_dir }}/sonarr-config:/config - - /mnt/object_storage:/storage + - /mnt/data:/mnt/data ports: - 8989:8989 extra_hosts: @@ -43,12 +43,12 @@ services: - PGID=100 - TZ=Europe/Amsterdam ports: - - 8686:8686 + - 6969:6969 extra_hosts: - host.docker.internal:host-gateway volumes: - {{ arr_stack_data_dir }}/whisparr-config:/config - - /mnt/object_storage:/storage + - /mnt/data:/mnt/data restart: unless-stopped networks: - arr_stack_net @@ -86,15 +86,14 @@ services: networks: - arr_stack_net - jellyseerr: - image: fallenbagel/jellyseerr - container_name: jellyseerr + overseerr: + image: sctx/overseerr:latest environment: - PUID=1000 - PGID=100 - TZ=Europe/Amsterdam volumes: - - {{ arr_stack_data_dir }}/jellyseerr-config:/app/config + - {{ arr_stack_data_dir }}/overseerr-config:/app/config ports: - 5055:5055 extra_hosts: @@ -106,7 +105,6 @@ services: networks: arr_stack_net: - name: arr_stack_net caddy_network: external: true name: caddy_default diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index 72a79b2..eca880a 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -155,9 +155,15 @@ http://ip.mvl.sh http://ip.vleeuwen.me { } } -overseerr.mvl.sh overseerr.vleeuwen.me { +overseerr.mvl.sh { import country_block - reverse_proxy host.docker.internal:5555 + reverse_proxy overseerr:5055 + tls {{ caddy_email }} +} + +overseerr.vleeuwen.me { + import country_block + redir https://overseerr.mvl.sh tls {{ caddy_email }} } @@ -175,11 +181,11 @@ plex.mvl.sh plex.vleeuwen.me { drive.mvl.sh drive.vleeuwen.me { import country_block - + # CalDAV and CardDAV redirects redir /.well-known/carddav /remote.php/dav/ 301 redir /.well-known/caldav /remote.php/dav/ 301 - + # Handle other .well-known requests handle /.well-known/* { reverse_proxy nextcloud:80 { @@ -199,7 +205,7 @@ drive.mvl.sh drive.vleeuwen.me { header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} } - + # Security headers header { # HSTS header for enhanced security (required by Nextcloud) @@ -212,7 +218,7 @@ drive.mvl.sh drive.vleeuwen.me { X-Permitted-Cross-Domain-Policies "none" X-Robots-Tag "noindex, nofollow" } - + tls {{ caddy_email }} } diff --git a/config/ansible/tasks/servers/services/downloaders/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/downloaders/docker-compose.yml.j2 index d84fb66..492d026 100644 --- a/config/ansible/tasks/servers/services/downloaders/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/downloaders/docker-compose.yml.j2 @@ -33,8 +33,7 @@ services: - TZ=Europe/Amsterdam volumes: - {{ downloaders_data_dir }}/sabnzbd-config:/config - - {{ object_storage_dir }}:/storage - - {{ local_data_dir }}:/local + - {{ local_data_dir }}:{{ local_data_dir }} restart: unless-stopped network_mode: "service:gluetun" depends_on: @@ -51,8 +50,7 @@ services: - TZ=Europe/Amsterdam volumes: - {{ downloaders_data_dir }}/qbit-config:/config - - {{ object_storage_dir }}:/storage - - {{ local_data_dir }}:/local + - {{ local_data_dir }}:{{ local_data_dir }} depends_on: gluetun: condition: service_healthy diff --git a/config/ansible/tasks/servers/services/downloaders/downloaders.yml b/config/ansible/tasks/servers/services/downloaders/downloaders.yml index 86b4205..d09cc4f 100644 --- a/config/ansible/tasks/servers/services/downloaders/downloaders.yml +++ b/config/ansible/tasks/servers/services/downloaders/downloaders.yml @@ -3,7 +3,6 @@ block: - name: Set Downloaders directories ansible.builtin.set_fact: - object_storage_dir: "/mnt/object_storage" local_data_dir: "/mnt/data" downloaders_service_dir: "{{ ansible_env.HOME }}/services/downloaders" downloaders_data_dir: "/mnt/services/downloaders" diff --git a/config/ansible/tasks/servers/services/dozzle/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/dozzle/docker-compose.yml.j2 index ec3cc61..16ded45 100644 --- a/config/ansible/tasks/servers/services/dozzle/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/dozzle/docker-compose.yml.j2 @@ -4,7 +4,7 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - - 8686:8080 + - 8800:8080 environment: - DOZZLE_NO_ANALYTICS=true restart: unless-stopped