refactor: move to Debian on truenas scale

2023-03-25 04:28:41 -07:00
parent a6c370b85a
commit ed426593d4
26 changed files with 251 additions and 158 deletions
--- a/roles/arrstack/tasks/main.yml
+++ b/roles/arrstack/tasks/main.yml
@@ -0,0 +1,2 @@
+- name: "Docker compose steps for {{ current_svc_name }}"
+  import_tasks: "{{ playbook_dir }}/contrib/docker_compose_template_task_list.yml"
--- a/roles/arrstack/templates/custom-init/setup-wg.sh.j2
+++ b/roles/arrstack/templates/custom-init/setup-wg.sh.j2
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+apk add --no-cache wireguard-tools-wg
+
+local_gateway=$(ip route | grep default | awk '{print $3}')
+# This used as the gateway address for NAT-PMP to work properly
+wg_gateway="{{ wg_dns }}"
+wg_peer_address=$(echo "{{ wg_peer_endpoint }}" | cut -d: -f1)
+
+ip route add "$wg_peer_address" via "$local_gateway"
+ip link add wg0 type wireguard
+wg setconf wg0 /etc/wireguard/wg0.conf
+ip address add dev wg0 "{{ wg_address }}"
+ip link set wg0 up
+ip route add "$wg_gateway" dev wg0
+ip route del default
+ip route add default via "$wg_gateway"
+
+# Note that the DNS isn't changed, so there's actually a leak there
+# That's on purpose, just in case I want to access local jackett from qbit
+
+# Finally, optionally allow access to the home network
+# ip route add "\{\{ home_network }}" via "$local_gateway"
--- a/roles/arrstack/templates/docker-compose.yml.j2
+++ b/roles/arrstack/templates/docker-compose.yml.j2
@@ -0,0 +1,82 @@
+version: "3.7"
+
+networks:
+  default:
+  traefik_traefik:
+    external: true
+
+services:
+  qbittorrent:
+    image: linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    cap_add:
+      - NET_ADMIN
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.qbittorrent.rule=Host(`qbit.{{ domain }}`)
+      - traefik.http.services.qbittorrent.loadbalancer.server.port=8080
+    restart: unless-stopped
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - ./wireguard:/etc/wireguard:ro
+      - ./custom-init:/custom-cont-init.d:ro
+      - {{ base_volume_path }}/arrstack/config/qbittorrent:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex
+      - {{ media_volume_path }}/iso-img:/media/iso-img
+
+  jackett:
+    image: linuxserver/jackett:latest
+    container_name: jackett
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.jackett.rule=Host(`jackett.{{ domain }}`)
+      - traefik.http.services.jackett.loadbalancer.server.port=9117
+    restart: unless-stopped
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/arrstack/config/jackett:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex
+
+  sonarr:
+    image: linuxserver/sonarr:latest
+    container_name: sonarr
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.sonarr.rule=Host(`sonarr.{{ domain }}`)
+      - traefik.http.services.sonarr.loadbalancer.server.port=8989
+    restart: unless-stopped
+    depends_on:
+      - qbittorrent
+      - jackett
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/arrstack/config/sonarr:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex
+
+  radarr:
+    image: linuxserver/radarr:latest
+    container_name: radarr
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.radarr.rule=Host(`radarr.{{ domain }}`)
+      - traefik.http.services.radarr.loadbalancer.server.port=7878
+    restart: unless-stopped
+    depends_on:
+      - qbittorrent
+      - jackett
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/arrstack/config/radarr:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex
--- a/roles/arrstack/templates/wireguard/wg0.conf.j2
+++ b/roles/arrstack/templates/wireguard/wg0.conf.j2
@@ -0,0 +1,11 @@
+# Stripped version of the wg config
+
+[Interface]
+PrivateKey = {{ wg_privkey }}
+# Address = {{ wg_address }}
+# DNS = {{ wg_dns }} # This is also used as the gateway address for NAT-PMP to work properly
+
+[Peer]
+PublicKey = {{ wg_peer_pubkey }}
+AllowedIPs = 0.0.0.0/0
+Endpoint = {{ wg_peer_endpoint }}
--- a/roles/arrstack/vars/app_config.yml
+++ b/roles/arrstack/vars/app_config.yml
@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.2;AES256;alpina
+37653839366635373530306432303538626233356164633761316231623732316138643532383735
+3132613432333636383363383162643434626638613234320a343337333435393461323735646338
+34353764366561633738383933626261643734343266333364353162366161313738663064656530
+6666313731343663650a343761646664356238373763383136366431383337313065613663303233
+36613233653666306338373839623130323833393932386161353933613338613836326632653262
+31646131646637646237373964376365336337386639396266393731623761393038396233663663
+32393964313361326463356435343064643964343731386238643263653738356534383536353330
+32376162376235663636626562646436613265656461656133643762396137313238383533653831
+31396632656630626138326335363462383131343431336264656236346665366236353863326237
+66653064653166373838653631653563303834303334633830383064323965393563663563636361
+653139663339346331336435313263343936
--- a/roles/arrstack/vars/main.yml
+++ b/roles/arrstack/vars/main.yml
@@ -0,0 +1,5 @@
+---
+current_svc_name: arrstack
+current_svc_path: "{{ my_svc_path }}/{{ current_svc_name }}"
+
+templates_source: "{{ role_path }}/templates"