From 840268c3fd2e4d36be61a9ba6a02c6d542538963 Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Tue, 27 Dec 2022 12:58:54 -0800 Subject: [PATCH] move on-fire-within config to boxen --- meta/on-fire-within/README.md | 16 -- meta/on-fire-within/hass-io.yml | 33 ---- meta/on-fire-within/main.yml | 292 -------------------------------- 3 files changed, 341 deletions(-) delete mode 100644 meta/on-fire-within/README.md delete mode 100644 meta/on-fire-within/hass-io.yml delete mode 100644 meta/on-fire-within/main.yml diff --git a/meta/on-fire-within/README.md b/meta/on-fire-within/README.md deleted file mode 100644 index 31c91bf..0000000 --- a/meta/on-fire-within/README.md +++ /dev/null @@ -1,16 +0,0 @@ -# On Fire Within - -## Setup - -- [Installing Hass.io](https://www.home-assistant.io/hassio/installation/) - -1. `ansible-playbook playbooks/pi/bootstrap.yml` -1. `ansible-playbook on-fire-within/bootstrap.yml` -1. `curl -fsSL get.docker.com | sh` - - `sudo usermod -aG docker alpha` -1. `curl -sL "https://raw.githubusercontent.com/home-assistant/hassio-installer/master/hassio_install.sh" | bash -s -- -m raspberrypi4` -1. `ansible-playbook on-fire-within/main.yml` - -## Notes - -- `/usr/share/hassio` diff --git a/meta/on-fire-within/hass-io.yml b/meta/on-fire-within/hass-io.yml deleted file mode 100644 index 3e125d3..0000000 --- a/meta/on-fire-within/hass-io.yml +++ /dev/null @@ -1,33 +0,0 @@ -# https://www.home-assistant.io/hassio/installation/ - -- hosts: on_fire_within - become: yes - tasks: - # Forgot what I need this for... - - name: install software-properties-common - apt: name=software-properties-common - - - name: install other dependencies for hass.io - apt: - name: - - apparmor-utils - - apt-transport-https - - avahi-daemon - - ca-certificates - - curl - - dbus - - jq - - network-manager - - socat - - # https://www.home-assistant.io/integrations/bluetooth_tracker/ - - bluetooth - - libbluetooth-dev - update_cache: yes - - service: - name: ModemManager - enabled: false - - # homekit - - name: install dependenies for homekit - apt: name=libavahi-compat-libdnssd-dev diff --git a/meta/on-fire-within/main.yml b/meta/on-fire-within/main.yml deleted file mode 100644 index fbf2a27..0000000 --- a/meta/on-fire-within/main.yml +++ /dev/null @@ -1,292 +0,0 @@ -- import_playbook: ../playbooks/pi/security.yml -- import_playbook: hass-io.yml - -- hosts: on_fire_within - become: yes - tasks: - - - name: Set authorized keys from GitHub - authorized_key: - user: alpha - state: present - key: https://github.com/kejadlen.keys - - - name: Install dependencies - apt: - name: - - git - - vim - - # Needed for Docker stuff - - docker-compose - - python3-pip - - python-backports-shutil-get-terminal-size - - python-backports.ssl-match-hostname - - - name: Install python docker packages - pip: - name: - - docker - - docker-compose - state: latest - - - name: Create necessary dirs - file: - path: "{{ item }}" - state: directory - with_items: - - /etc/ddclient - - /etc/minio - - /etc/mitmproxy - - /etc/traefik - - /mnt/mushu/minio - - /mnt/mushu/syncthing - - - name: Mount USB drive - mount: - path: /mnt/mushu - src: /dev/sda - fstype: ext4 - state: mounted - - - name: Configure ddclient - copy: - content: | - daemon=300 - - use=web - ssl=yes - protocol=googledomains - - {% for host in hosts %} - login={{ host.login }}, password={{ host.password }} {{ host.host }} - {% endfor %} - dest: /etc/ddclient/ddclient.conf - mode: 0600 - vars: - hosts: "{{ ddclient.hosts }}" - notify: Restart ddclient - - - name: Traefik static configuration - copy: - content: | - providers: - docker: - exposedByDefault: false - file: - filename: /etc/traefik/dynamic_conf.toml - watch: true - - entryPoints: - http: - address: ":80" - - https: - address: ":443" - - certificatesResolvers: - le: - acme: - email: {{ email }} - storage: "/etc/traefik/acme.json" - httpChallenge: - entryPoint: http - - api: - insecure: true - - accessLog: {} - dest: /etc/traefik/traefik.yml - mode: 0600 - - # https://docs.syncthing.net/users/faq.html#inotify-limits - - name: Increase inotify limit for syncthing - lineinfile: - path: /etc/sysctl.conf - regexp: '^fs.inotify.max_user_watches=' - line: fs.inotify.max_user_watches=204800 - - # The docker_compose module overwrites our existing variables, so this is a - # workaround to save off ones that we need later on in the playbook. - # - # https://github.com/ansible/ansible/issues/33960 - - name: Save original host facts - set_fact: - "{{ item }}_original": "{{ lookup('vars', item) }}" - with_items: - - minio - - traefik - - # Workaround for https://github.com/pi-hole/docker-pi-hole/issues/1048 - # - https://github.com/pi-hole/docker-pi-hole/issues/1042#issuecomment-1086728157 - # - https://github.com/pi-hole/docker-pi-hole/issues/1043#issuecomment-1086936352 - - name: Work around a Docker libseccomp issue w/Pi-Hole - block: - - apt_key: - keyserver: keyserver.ubuntu.com - id: "{{ item }}" - loop: - - 04EE7237B7D453EC - - 648ACFD622F3D138 - - apt_repository: - repo: deb http://deb.debian.org/debian buster-backports main - filename: buster-backports - state: present - - shell: apt-cache policy libseccomp2 | grep buster-backports -B1 | head -n1 | sed -e 's/^\s*\**\s*\(\S*\).*/\1/' - register: libseccomp2_version - - apt: - update_cache: yes - name: libseccomp2={{ libseccomp2_version.stdout_lines[0] }} - - - name: Docker ALL the things! - docker_compose: - project_name: on-fire-within - pull: yes - definition: - version: '2' - services: - ddclient: - image: kejadlen/ddclient:latest - container_name: ddclient - volumes: - - /etc/ddclient:/etc/ddclient - restart: unless-stopped - minio: - image: kejadlen/minio:latest - container_name: minio - environment: - MINIO_ACCESS_KEY: "{{ minio.access_key }}" - MINIO_SECRET_KEY: "{{ minio.secret_key }}" - volumes: - - /etc/minio:/root/.minio - - /mnt/mushu/minio:/data - user: 0:0 # root - labels: - - traefik.enable=true - - traefik.http.routers.minio.rule=Host(`{{ traefik.host_rules.minio }}`) - - traefik.http.routers.minio.tls=true - - traefik.http.routers.minio.tls.certresolver=le - - traefik.http.services.minio.loadbalancer.server.port=9000 - # mitmproxy: - # image: mitmproxy/mitmproxy:latest-ARMv7 - # container_name: mitmproxy - # command: mitmweb --web-iface "" - # volumes: - # - /etc/mitmproxy:/home/mitmproxy/.mitmproxy - # labels: - # - traefik.enable=true - # - traefik.tcp.routers.mitmproxy.rule=HostSNI(`{{ traefik.host_rules.mitmproxy }}`) - # - traefik.tcp.routers.mitmproxy.tls.passthrough=true - # - traefik.tcp.services.mitmproxy.loadbalancer.server.port=8080 - # - traefik.http.routers.mitmproxy-web.rule=Host(`{{ traefik.host_rules.mitmproxy_web }}`) - # - traefik.http.routers.mitmproxy-web.tls.certresolver=le - # - traefik.http.services.mitmproxy-web.loadbalancer.server.port=8081 - pihole: - image: pihole/pihole:latest - container_name: pihole - ports: - - 53:53/tcp - - 53:53/udp - environment: - TZ: America/Los_Angeles - VIRTUAL_HOST: "{{ pihole.host }}" - WEBPASSWORD: "{{ pihole.password }}" - LOCAL_IPV4: "{{ ansible_default_ipv4.address }}" - volumes: - - /etc/pihole:/etc/pihole - - /etc/dnsmasq.d:/etc/dnsmasq.d - dns: - - 127.0.0.1 - - 1.1.1.1 - labels: - - traefik.enable=true - - traefik.http.routers.pihole.rule=Host(`{{ traefik.host_rules.pihole }}`) - - traefik.http.routers.pihole.tls=true - - traefik.http.routers.pihole.tls.certresolver=le - - traefik.http.services.pihole.loadbalancer.server.port=80 - restart: unless-stopped - syncthing: - image: syncthing/syncthing:latest - container_name: syncthing - ports: - - 22000:22000/tcp # TCP file transfers - - 22000:22000/udp # QUIC file transfers - - 21027:21027/udp # Receive local discovery broadcasts - volumes: - - /etc/syncthing:/var/syncthing - - /mnt/mushu/syncthing:/sync - environment: - PUID: 0 - PGID: 0 - labels: - - traefik.enable=true - - traefik.http.routers.syncthing.rule=Host(`{{ traefik.host_rules.syncthing }}`) - - traefik.http.routers.syncthing.tls=true - - traefik.http.routers.syncthing.tls.certresolver=le - - traefik.http.services.syncthing.loadbalancer.server.port=8384 - restart: unless-stopped - traefik: - image: traefik:v2.5 - container_name: traefik - ports: - - 80:80 - - 8080:8080 - - 443:443 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /etc/traefik:/etc/traefik - labels: - - traefik.enable=true - - traefik.http.middlewares.auth.basicauth.users=alpha:{{ traefik.password | password_hash("md5") | replace("$", "$$") }} - - traefik.http.routers.traefik.rule=Host(`{{ traefik.host_rules.traefik }}`) - - traefik.http.routers.traefik.tls=true - - traefik.http.routers.traefik.tls.certresolver=le - - traefik.http.routers.traefik.middlewares=auth - - traefik.http.routers.traefik.service=api@internal - restart: unless-stopped - - - name: Route Home Assistant through Traefik - block: - # - shell: ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+' | head -n 1 - - shell: docker network inspect on-fire-within_default | jq --raw-output .[0].IPAM.Config[0].Gateway - register: docker_gateway_result - - shell: docker network inspect on-fire-within_default | jq --raw-output .[0].IPAM.Config[0].Gateway - register: docker_subnet_result - - set_fact: - docker_gateway: "{{ docker_gateway_result.stdout | trim }}" - docker_subnet: "{{ docker_subnet_result.stdout | trim }}" - - copy: - content: | - [http.routers] - [http.routers.hassio] - rule = "Host(`{{ traefik_original.host_rules.hassio }}`)" - service = "hassio" - [http.routers.hassio.tls] - certResolver = "le" - - [http.services] - [http.services.hassio.loadBalancer] - [[http.services.hassio.loadBalancer.servers]] - url = "http://{{ docker_gateway }}:8123/" - dest: /etc/traefik/dynamic_conf.toml - mode: 0600 - notify: Restart Traefik - - handlers: - - name: Restart ddclient - docker_container: - name: ddclient - restart: yes - ignore_errors: yes - - - name: Restart Traefik - docker_container: - name: traefik - restart: yes - ignore_errors: yes - - - name: Restart Home Assistant - docker_container: - name: homeassistant - restart: yes - ignore_errors: yes