Compare commits

..

7 Commits

13 changed files with 759 additions and 22 deletions

View File

@ -7,9 +7,6 @@ all:
update: false
clean: false
omni_host_swarm_controller: jupiter
omni_host_webproxy: jupiter
children:
servers:
@ -59,6 +56,7 @@ all:
virtualization:
hosts:
jupiter:
omni_docker_configs: /etc/omni/compose
omni_docker_swarm_iface: eno2
children:
virtualization_worker:
@ -73,6 +71,7 @@ all:
datastore_arbiter:
hosts:
jupiter:
omni_datastore_mount: /mnt/datastore
omni_gluster_brick:
mount: /mnt/brick0
fs: xfs

View File

@ -10,14 +10,6 @@
tasks:
- import_tasks: tasks/nginx/install.yml
- name: Install configuration
become: true
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
notify:
- restart-nginx
- name: Set required SELinux options
become: true
seboolean:
@ -26,3 +18,37 @@
state: true
notify:
- restart-nginx
- name: Configure Nginx
hosts: jupiter
vars_files:
- vars/applications.yml
vars:
_letsencrypt_cert_dir: /etc/letsencrypt/live
handlers:
- name: restart-nginx
import_tasks: tasks/nginx/services.yml
tasks:
- name: Install server configuration
become: true
copy:
src: nginx/nginx.conf
dest: /etc/nginx/nginx.conf
notify:
- restart-nginx
- name: Install application configurations
when: item.value.published.host is defined
become: true
template:
src: nginx/{{ item.key }}.nginx.conf.j2
dest: /etc/nginx/conf.d/{{ item.key }}.conf
owner: nginx
group: "{{ ansible_user }}"
mode: 0755
loop: "{{ omni_compose_apps | dict2items }}"
loop_control:
label: "{{ item.key }} ({{ item.value.published.host | default('none') }})"
notify:
- restart-nginx

View File

@ -0,0 +1,71 @@
---
- name: Prompt for input
hosts: all
tags:
- always
gather_facts: false
vars_prompt:
- name: application
prompt: Enter name of application stack to deploy
private: false
vars_files:
- vars/applications.yml
tasks:
- name: Validate user input
assert:
that: application in omni_compose_apps.keys()
- name: Set facts for usage later
set_fact:
_runtime_application: "{{ application }}"
- import_playbook: initialize.yml
- name: Configure datastore
hosts: jupiter
vars_files:
- vars/applications.yml
- vars/secrets/applications.yml
tasks:
- name: Create application datastore directory
become: true
file:
path: "{{ omni_datastore_mount }}{{ omni_compose_apps[_runtime_application].datastore }}"
state: directory
owner: "{{ omni_compose_apps[_runtime_application].account.name }}"
group: "{{ omni_compose_apps[_runtime_application].account.name }}"
mode: 0750
- name: Configure docker stack
hosts: jupiter
vars_files:
- vars/applications.yml
- vars/secrets/applications.yml
tasks:
- name: Create compose configuration directory
become: true
file:
path: "{{ omni_docker_configs }}/{{ _runtime_application }}"
state: directory
owner: "{{ ansible_user }}"
group: docker
mode: 0750
- name: Install docker-compose file
become: true
template:
src: docker-compose/{{ _runtime_application }}.yaml.j2
dest: "{{ omni_docker_configs }}/{{ _runtime_application }}/docker-compose.yaml"
owner: "{{ ansible_user }}"
group: docker
mode: 0640
- name: Deploy the stack
docker_stack:
name: "{{ _runtime_application }}"
state: present
compose:
- "{{ omni_docker_configs }}/{{ _runtime_application }}/docker-compose.yaml"

33
poetry.lock generated
View File

@ -84,7 +84,7 @@ cffi = ">=1.1"
six = ">=1.4.1"
[package.extras]
tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)"]
tests = ["pytest (>=3.2.1,!=3.3.0)"]
typecheck = ["mypy"]
[[package]]
@ -209,7 +209,7 @@ optional = false
python-versions = "*"
[package.extras]
test = ["flake8 (3.7.8)", "hypothesis (3.55.3)"]
test = ["flake8 (==3.7.8)", "hypothesis (==3.55.3)"]
[[package]]
name = "crashtest"
@ -232,11 +232,11 @@ cffi = ">=1.8,<1.11.3 || >1.11.3"
six = ">=1.4.1"
[package.extras]
docs = ["sphinx (>=1.6.5,<1.8.0 || >1.8.0,<3.1.0 || >3.1.0,<3.1.1 || >3.1.1)", "sphinx-rtd-theme"]
docs = ["sphinx (>=1.6.5,!=1.8.0,!=3.1.0,!=3.1.1)", "sphinx-rtd-theme"]
docstest = ["doc8", "pyenchant (>=1.6.11)", "twine (>=1.12.0)", "sphinxcontrib-spelling (>=4.0.1)"]
pep8test = ["black", "flake8", "flake8-import-order", "pep8-naming"]
ssh = ["bcrypt (>=3.1.5)"]
test = ["pytest (>=3.6.0,<3.9.0 || >3.9.0,<3.9.1 || >3.9.1,<3.9.2 || >3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,<3.79.2 || >3.79.2)"]
test = ["pytest (>=3.6.0,!=3.9.0,!=3.9.1,!=3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,!=3.79.2)"]
[[package]]
name = "distlib"
@ -296,7 +296,7 @@ texttable = ">=0.9.0,<2"
websocket-client = ">=0.32.0,<1"
[package.extras]
socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2)"]
socks = ["PySocks (>=1.5.6,!=1.5.7,<2)"]
tests = ["ddt (>=1.2.2,<2)", "pytest (<6)"]
[[package]]
@ -419,6 +419,14 @@ MarkupSafe = ">=0.23"
[package.extras]
i18n = ["Babel (>=0.8)"]
[[package]]
name = "jsondiff"
version = "1.2.0"
description = "Diff JSON and JSON-like structures in Python"
category = "main"
optional = false
python-versions = "*"
[[package]]
name = "jsonschema"
version = "3.2.0"
@ -453,7 +461,7 @@ SecretStorage = {version = ">=3.2", markers = "sys_platform == \"linux\""}
[package.extras]
docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "pytest-black (>=0.3.7)", "pytest-mypy"]
testing = ["pytest (>=3.5,!=3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "pytest-black (>=0.3.7)", "pytest-mypy"]
[[package]]
name = "lockfile"
@ -690,7 +698,7 @@ six = "*"
[package.extras]
docs = ["sphinx (>=1.6.5)", "sphinx-rtd-theme"]
tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)", "hypothesis (>=3.27.0)"]
tests = ["pytest (>=3.2.1,!=3.3.0)", "hypothesis (>=3.27.0)"]
[[package]]
name = "pyparsing"
@ -759,7 +767,7 @@ urllib3 = ">=1.21.1,<1.27"
[package.extras]
security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"]
socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7)", "win-inet-pton"]
socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
[[package]]
name = "requests-toolbelt"
@ -933,7 +941,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
[package.extras]
brotli = ["brotlipy (>=0.6.0)"]
secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "certifi", "ipaddress"]
socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2.0)"]
socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
[[package]]
name = "virtualenv"
@ -995,12 +1003,12 @@ python-versions = ">=3.6"
[package.extras]
docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"]
testing = ["pytest (>=3.5,!=3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"]
[metadata]
lock-version = "1.1"
python-versions = "^3.7"
content-hash = "8b7b0693f9b950cdd1b324b3a949fee237711b6db378b291df158baf0c8c83d5"
content-hash = "fab3171105b575ad1762097ee732aba6b81555636d32cb4d3cf6f48326149396"
[metadata.files]
ansible = [
@ -1196,6 +1204,9 @@ jinja2 = [
{file = "Jinja2-2.11.2-py2.py3-none-any.whl", hash = "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"},
{file = "Jinja2-2.11.2.tar.gz", hash = "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0"},
]
jsondiff = [
{file = "jsondiff-1.2.0.tar.gz", hash = "sha256:34941bc431d10aa15828afe1cbb644977a114e75eef6cc74fb58951312326303"},
]
jsonschema = [
{file = "jsonschema-3.2.0-py2.py3-none-any.whl", hash = "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163"},
{file = "jsonschema-3.2.0.tar.gz", hash = "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a"},

View File

@ -11,6 +11,7 @@ ansible = "^2.9.4"
docker = "^4.2.0"
docker-compose = "^1.25.4"
paramiko = "^2.7.1"
jsondiff = "^1.2.0"
[tool.poetry.dev-dependencies]
ansible-lint = "^4.2.0"

View File

@ -0,0 +1,257 @@
---
version: "{{ omni_compose_version | string }}"
x-global-env: &globalenv
LOCAL_UID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
LOCAL_GID: "{{ omni_compose_apps.bitwarden.account.uid | string}}"
ASPNETCORE_ENVIRONMENT: Production
globalSettings__selfHosted: "true"
globalSettings__baseServiceUri__vault: https://{{ omni_compose_apps.bitwarden.published.host }}
globalSettings__baseServiceUri__api: https://{{ omni_compose_apps.bitwarden.published.host }}/api
globalSettings__baseServiceUri__identity: https://{{ omni_compose_apps.bitwarden.published.host }}/identity
globalSettings__baseServiceUri__admin: https://{{ omni_compose_apps.bitwarden.published.host }}/admin
globalSettings__baseServiceUri__notifications: https://{{ omni_compose_apps.bitwarden.published.host }}/notifications
globalSettings__baseServiceUri__internalNotifications: http://bitwarden_notifications:5000
globalSettings__baseServiceUri__internalAdmin: http://bitwarden_admin:5000
globalSettings__baseServiceUri__internalIdentity: http://bitwarden_identity:5000
globalSettings__baseServiceUri__internalApi: http://bitwarden_api:5000
globalSettings__baseServiceUri__internalVault: http://bitwarden_web:5000
globalSettings__pushRelayBaseUri: https://push.bitwarden.com
globalSettings__installation__identityUri: https://identity.bitwarden.com
globalSettings__sqlServer__connectionString: "Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=e934c0bb-3b5a-4e6b-b525-cd6d83004e1a;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
globalSettings__identityServer__certificatePassword: {{ omni_compose_app_secrets.bitwarden.identity_server_certificate_password }}
globalSettings__attachment__baseDirectory: /etc/bitwarden/core/attachments
globalSettings__attachment__baseUrl: https://{{ omni_compose_apps.bitwarden.published.host }}/attachments
globalSettings__dataProtection__directory: /etc/bitwarden/core/aspnet-dataprotection
globalSettings__logDirectory: /etc/bitwarden/logs
globalSettings__licenseDirectory: /etc/bitwarden/core/licenses
globalSettings__internalIdentityKey: {{ omni_compose_app_secrets.bitwarden.internal_identity_key }}
globalSettings__duo__aKey: {{ omni_compose_app_secrets.bitwarden.duo_akey }}
globalSettings__installation__id: {{ omni_compose_app_secrets.bitwarden.installation_id }}
globalSettings__installation__key: {{ omni_compose_app_secrets.bitwarden.installation_key }}
globalSettings__yubico__clientId: REPLACE
globalSettings__yubico__key: REPLACE
globalSettings__mail__replyToEmail: noreply@enp.one
globalSettings__mail__smtp__host: REPLACE
globalSettings__mail__smtp__port: "587"
globalSettings__mail__smtp__ssl: "false"
globalSettings__mail__smtp__username: REPLACE
globalSettings__mail__smtp__password: REPLACE
globalSettings__disableUserRegistration: "false"
globalSettings__hibpApiKey: REPLACE
adminSettings__admins: ""
volumes:
bitwarden-db-data:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/mssql/data
driver: glusterfs
bitwarden-db-backup:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/mssql/backup
bitwarden-nginx-data:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/nginx
driver: glusterfs
bitwarden-web:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/web
driver: glusterfs
bitwarden-ssl:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/ssl
driver: glusterfs
bitwarden-ca-certs:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/ca-certificates
driver: glusterfs
bitwarden-core:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/core
driver: glusterfs
bitwarden-identity:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/identity
driver: glusterfs
bitwarden-logs-api:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/api
driver: glusterfs
bitwarden-logs-db:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/mssql
driver: glusterfs
bitwarden-logs-identity:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/identity
driver: glusterfs
bitwarden-logs-nginx:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/nginx
driver: glusterfs
bitwarden-logs-admin:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/admin
driver: glusterfs
bitwarden-logs-icons:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/icons
driver: glusterfs
bitwarden-logs-notifications:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/notifications
driver: glusterfs
bitwarden-logs-events:
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/events
driver: glusterfs
networks:
bitwarden_internal:
internal: true
name: bitwarden_internal
driver: overlay
ipam:
driver: default
config:
- subnet: {{ omni_compose_apps.bitwarden.networks.internal }}
bitwarden_external:
internal: false
name: bitwarden_external
driver: overlay
ipam:
driver: default
config:
- subnet: {{ omni_compose_apps.bitwarden.networks.external }}
services:
mssql:
image: bitwarden/mssql:{{ omni_compose_apps.bitwarden.versions.mssql | default(omni_compose_apps.bitwarden.versions.default) }}
stop_grace_period: 60s
networks:
- bitwarden_internal
volumes:
- bitwarden-db-data:/var/opt/mssql/data
- bitwarden-db-backup:/etc/bitwarden/mssql/backups
- bitwarden-logs-db:/var/opt/mssql/log
environment:
LOCAL_UID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
LOCAL_GID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
ACCEPT_EULA: "Y"
MSSQL_PID: Express
SA_PASSWORD: {{ omni_compose_app_secrets.bitwarden.mssql_sa_password }}
deploy:
replicas: 1
web:
image: bitwarden/web:{{ omni_compose_apps.bitwarden.versions.web | default(omni_compose_apps.bitwarden.versions.default) }}
networks:
- bitwarden_internal
volumes:
- bitwarden-web:/etc/bitwarden/web
environment: *globalenv
deploy:
replicas: 1
attachments:
image: bitwarden/attachments:{{ omni_compose_apps.bitwarden.versions.attachments | default(omni_compose_apps.bitwarden.versions.default) }}
networks:
- bitwarden_internal
volumes:
- bitwarden-core:/etc/bitwarden/core
environment: *globalenv
deploy:
replicas: 1
api:
image: bitwarden/api:{{ omni_compose_apps.bitwarden.versions.api | default(omni_compose_apps.bitwarden.versions.default) }}
volumes:
- bitwarden-core:/etc/bitwarden/core
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-api:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
identity:
image: bitwarden/identity:{{ omni_compose_apps.bitwarden.versions.identity | default(omni_compose_apps.bitwarden.versions.default) }}
volumes:
- bitwarden-identity:/etc/bitwarden/identity
- bitwarden-core:/etc/bitwarden/core
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-identity:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
admin:
image: bitwarden/admin:{{ omni_compose_apps.bitwarden.versions.admin | default(omni_compose_apps.bitwarden.versions.default) }}
depends_on:
- mssql
volumes:
- bitwarden-core:/etc/bitwarden/core
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-admin:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
icons:
image: bitwarden/icons:{{ omni_compose_apps.bitwarden.versions.icons | default(omni_compose_apps.bitwarden.versions.default) }}
volumes:
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-icons:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
notifications:
image: bitwarden/notifications:{{ omni_compose_apps.bitwarden.versions.notifications | default(omni_compose_apps.bitwarden.versions.default) }}
volumes:
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-notifications:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
events:
image: bitwarden/events:{{ omni_compose_apps.bitwarden.versions.events | default(omni_compose_apps.bitwarden.versions.default) }}
volumes:
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
- bitwarden-logs-events:/etc/bitwarden/logs
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1
nginx:
image: bitwarden/nginx:{{ omni_compose_apps.bitwarden.versions.nginx | default(omni_compose_apps.bitwarden.versions.default) }}
depends_on:
- web
- admin
- api
- identity
ports:
- published: {{ omni_compose_apps.bitwarden.published.ports.8080 }}
target: 8080
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.bitwarden.published.ports.8443 }}
target: 8443
protocol: tcp
mode: ingress
volumes:
- bitwarden-nginx-data:/etc/bitwarden/nginx
- bitwarden-ssl:/etc/ssl
- bitwarden-logs-nginx:/var/log/nginx
environment: *globalenv
networks:
- bitwarden_external
- bitwarden_internal
deploy:
replicas: 1

View File

@ -0,0 +1,51 @@
---
version: "{{ omni_compose_version | string }}"
networks:
gitea:
name: gitea
driver: overlay
ipam:
driver: default
config:
- subnet: {{ omni_compose_apps.gitea.networks.main }}
volumes:
gitea-data:
name: datastore{{ omni_compose_apps.gitea.datastore }}
driver: glusterfs
services:
server:
image: gitea/gitea:{{ omni_compose_apps.gitea.versions.gitea | default(omni_compose_apps.gitea.versions.default) }}
hostname: gitea
networks:
- gitea
ports:
- published: {{ omni_compose_apps.gitea.published.ports.3000 }}
target: 3000
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.gitea.published.ports.22 }}
target: 22
protocol: tcp
mode: ingress
volumes:
- type: volume
source: gitea-data
target: /data
read_only: false
environment:
USER_UID: "{{ omni_compose_apps.gitea.account.uid | string }}"
USER_GID: "{{ omni_compose_apps.gitea.account.uid | string }}"
APP_NAME: ENP VCS
RUN_MODE: prod
DOMAIN: jupiter.net.enp.one
ROOT_URL: https://{{ omni_compose_apps.gitea.published.host }}/
DB_TYPE: sqlite3
DISABLE_REGISTRATION: "true"
deploy:
replicas: 1

View File

@ -0,0 +1,53 @@
---
version: "{{ omni_compose_version | string }}"
networks:
minecraft:
name: minecraft
driver: overlay
ipam:
driver: default
config:
- subnet: {{ omni_compose_apps.minecraft.networks.main }}
volumes:
minecraft-data:
name: datastore{{ omni_compose_apps.minecraft.datastore }}
driver: glusterfs
services:
server:
image: itzg/minecraft-server:{{ omni_compose_apps.minecraft.versions.main }}
hostname: minecraft
networks:
- minecraft
ports:
- published: {{ omni_compose_apps.minecraft.published.ports.25565 }}
target: 25565
protocol: tcp
mode: ingress
volumes:
- type: volume
source: minecraft-data
target: /data
read_only: false
environment:
EULA: "TRUE"
TZ: Americas/New_York
VERSION: {{ omni_compose_apps.minecraft.versions.server }}
MAX_MEMORY: "8G"
MOTD: "A home for buttery companions"
MODE: survival
OPS: ScifiGeek42
WHITELIST: "ScifiGeek42,fantasycat256,CoffeePug,Snowdude21325,KaiserSJR,glutenfreebean"
MAX_BUILD_HEIGHT: "512"
SNOOPER_ENABLED: "false"
ICON: https://cdn.enp.one/img/logos/e-w-sm.png
ENABLE_RCON: "false"
UID: "{{ omni_compose_apps.minecraft.account.uid | string }}"
GID: "{{ omni_compose_apps.minecraft.account.uid | string }}"
deploy:
replicas: 1

View File

@ -0,0 +1,83 @@
---
version: "{{ omni_compose_version | string }}"
networks:
plex:
name: plex
driver: overlay
ipam:
driver: default
config:
- subnet: {{ omni_compose_apps.plex.networks.main }}
volumes:
plex-config:
name: datastore{{ omni_compose_apps.plex.datastore }}
driver: glusterfs
plex-data:
name: plex-data
driver: local
driver_opts:
type: nfs
o: "addr=plexistore.tre2.local,ro"
device: ":/nfs/plex"
services:
server:
image: plexinc/pms-docker:{{ omni_compose_apps.plex.versions.default }}
hostname: plex-media-server
networks:
- plex
ports:
- published: {{ omni_compose_apps.plex.published.ports.32400 }}
target: 32400
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.plex.published.ports.3005 }}
target: 3005
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.plex.published.ports.8324 }}
target: 8324
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.plex.published.ports.32469 }}
target: 32469
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.plex.published.ports.1900 }}
target: 1900
protocol: udp
mode: ingress
- published: {{ omni_compose_apps.plex.published.ports.32410 }}
target: 32410
protocol: udp
mode: ingress
- published: {{ omni_compose_apps.plex.published.ports.32413 }}
target: 32413
protocol: udp
mode: ingress
- published: {{ omni_compose_apps.plex.published.ports.32414 }}
target: 32414
protocol: udp
mode: ingress
volumes:
- type: volume
source: plex-config
target: /config
read_only: false
- type: volume
source: plex-data
target: /data
read_only: true
environment:
TZ: "Americas/New_York"
ALLOWED_NETWORKS: 10.42.100.0/24,10.42.101.0/24
PLEX_UID: "{{ omni_compose_apps.plex.account.uid }}"
PLEX_GID: "{{ omni_compose_apps.plex.account.uid }}"
ADVERTISE_IP: "http://10.42.101.10:32400/"
deploy:
replicas: 1

View File

@ -0,0 +1,68 @@
---
version: "3.7"
networks:
unifi:
name: unifi
driver: overlay
ipam:
driver: default
config:
- subnet: {{ omni_compose_apps.unifi.networks.main }}
volumes:
unifi-data:
name: datastore{{ omni_compose_apps.unifi.datastore }}
driver: glusterfs
services:
wlc:
image: jacobalberty/unifi:{{ omni_compose_apps.unifi.versions.default }}
hostname: en1-unifi-wlc
init: true
networks:
- unifi
ports:
- published: {{ omni_compose_apps.unifi.published.ports.8080 }}
target: 8080
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.unifi.published.ports.8443 }}
target: 8443
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.unifi.published.ports.8843 }}
target: 8843
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.unifi.published.ports.8880 }}
target: 8880
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.unifi.published.ports.3478 }}
target: 3478
protocol: udp
mode: ingress
- published: {{ omni_compose_apps.unifi.published.ports.6789 }}
target: 6789
protocol: tcp
mode: ingress
- published: {{ omni_compose_apps.unifi.published.ports.10001 }}
target: 10001
protocol: udp
mode: ingress
volumes:
- type: volume
source: unifi-data
target: /unifi
read_only: false
environment:
RUNAS_UID0: "false"
UNIFI_UID: "{{ omni_compose_apps.unifi.account.uid }}"
UNIFI_GID: "{{ omni_compose_apps.unifi.account.uid }}"
TZ: "Americas/New_York"
deploy:
replicas: 1

View File

@ -0,0 +1,31 @@
# Ansible managed file
# DO NOT MANUALLY EDIT
#
server {
server_name {{ omni_compose_apps.bitwarden.published.host }};
listen 443 ssl;
root /usr/share/nginx/html;
location / {
proxy_pass http://localhost:{{ omni_compose_apps.bitwarden.published.8080 }}/;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/{{ omni_compose_apps.bitwarden.published.host }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ omni_compose_apps.bitwarden.published.host }}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
server_name {{ omni_compose_apps.bitwarden.published.host }};
listen 80;
root /usr/share/nginx/html;
if ($host = {{ omni_compose_apps.bitwarden.published.host }}) {
return 301 https://$host$request_uri;
}
return 404;
}
#
# EOF

86
vars/applications.yml Normal file
View File

@ -0,0 +1,86 @@
---
omni_compose_version: 3.7
omni_compose_apps:
bitwarden:
datastore: /appdata/bitwarden
account:
name: mech_bitwarden
uid: 1294
published:
host: ssv.enp.one
ports:
8080: 8090
8443: 8943
networks:
internal: 192.168.104.0/24
external: 192.168.105.0/24
versions:
default: 1.36.1
web: 2.15.1
attachments: 1.34.0
gitea:
datastore: /appdata/gitea
account:
name: mech_gitea
uid: 1295
published:
host: vcs.enp.one
ports:
3000: 3000
22: 2222
networks:
main: 192.168.103.0/24
versions:
default: 1.11.5
minecraft:
datastore: /appdata/minecraft
account:
name: mech_minecraft
uid: 1297
published:
ports:
25565: 25565
networks:
main: 192.168.102.0/24
versions:
main: latest
server: 1.15.2
plex:
datastore: /appdata/plex
account:
name: mech_plex
uid: 1298
published:
host: pms.enp.one
ports:
32400: 32400
3005: 3005
8324: 8324
32469: 32469
1900: 1900
32410: 32410
32413: 32413
32414: 32414
networks:
main: 192.168.101.0/24
versions:
default: latest
unifi:
datastore: /appdata/unifi
account:
name: mech_ubnt
uid: 1296
published:
ports:
8080: 8080
8443: 8443
8843: 8843
8880: 8880
3478: 3478
6789: 6789
10001: 10001
networks:
main: 192.168.100.0/24
versions:
default: "5.12"