From 8b4fb71160f4f6adf6cb2106e1c7dcbd6b8cb865 Mon Sep 17 00:00:00 2001 From: Ethan Paul Date: Mon, 16 May 2022 21:57:12 -0400 Subject: [PATCH] Add support for fedora workstations in core tooling --- skylab/core/playbooks/configure.yaml | 7 ++ skylab/core/playbooks/files/global.sh | 7 +- .../tasks/meta/bootstrap-remote-env.yaml | 2 + .../templates/docker-compose/meta.yaml.j2 | 21 ++++ .../docker-compose/photoprism.yaml.j2 | 113 ++++++++++++++++++ .../playbooks/templates/stack-nginx.conf.j2 | 34 ++++++ skylab/core/playbooks/update.yaml | 20 +++- skylab/core/playbooks/vars/packages.yaml | 6 + 8 files changed, 204 insertions(+), 6 deletions(-) create mode 100644 skylab/core/playbooks/templates/docker-compose/photoprism.yaml.j2 create mode 100644 skylab/core/playbooks/templates/stack-nginx.conf.j2 diff --git a/skylab/core/playbooks/configure.yaml b/skylab/core/playbooks/configure.yaml index 8a40016..aed953f 100644 --- a/skylab/core/playbooks/configure.yaml +++ b/skylab/core/playbooks/configure.yaml @@ -38,3 +38,10 @@ roles: - role: skylab.core.dashboard dashboard_hostname: "{{ skylab_dashboard }}" + + +- name: Configure workstations + hosts: workstation + gather_facts: false + roles: + - role: skylab.core.workstation diff --git a/skylab/core/playbooks/files/global.sh b/skylab/core/playbooks/files/global.sh index 4450200..276a785 100644 --- a/skylab/core/playbooks/files/global.sh +++ b/skylab/core/playbooks/files/global.sh @@ -5,8 +5,9 @@ function _parse_git_branch() { export PS1="\[\e[0;97m\]\[\e[37m\e[1m\]\u\[\e[1;94m\]@\[\e[94m\]\H\[\e[37m\]:\w\[\e[33m\]\[\e[0;33m\]\$(_parse_git_branch) \[\e[37m\]\[\e[0;97m\]$\[\e[0m\] " export rc=/home/$USERNAME/.bashrc export VIRTUALENV_DIR=/home/$USERNAME/.venvs +export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt -random() { +function random() { if [[ $# -eq 0 ]]; then num=32 else @@ -19,9 +20,10 @@ function up() { cd $(eval printf '../'%.0s {1..$1}); } function pipin() { pip freeze | grep $1; } +function continuous () { while true; do ${@}; sleep 3; done; } + alias bk='cd -' alias fuck='sudo $(history -p \!\!)' -alias ls='ls -lshF --color --group-directories-first --time-style=long-iso' alias version='uname -orp && lsb_release -a | grep Description' alias activate='source ./bin/activate' alias cls='clear' @@ -32,3 +34,4 @@ alias whatismyip='curl https://icanhazip.com/' alias uuid="python3 -c 'import uuid; print(uuid.uuid4());'" alias epoch="python3 -c 'import time; print(time.time());'" alias uptime="command uptime --pretty" +alias unmount="umount" diff --git a/skylab/core/playbooks/tasks/meta/bootstrap-remote-env.yaml b/skylab/core/playbooks/tasks/meta/bootstrap-remote-env.yaml index 1d2277c..f5a56b1 100644 --- a/skylab/core/playbooks/tasks/meta/bootstrap-remote-env.yaml +++ b/skylab/core/playbooks/tasks/meta/bootstrap-remote-env.yaml @@ -5,6 +5,8 @@ ansible.builtin.dnf: state: present name: + - libffi-devel + - python3-devel - python3-libselinux - python3-policycoreutils - python3-firewall diff --git a/skylab/core/playbooks/templates/docker-compose/meta.yaml.j2 b/skylab/core/playbooks/templates/docker-compose/meta.yaml.j2 index 8ec61ca..76b839b 100644 --- a/skylab/core/playbooks/templates/docker-compose/meta.yaml.j2 +++ b/skylab/core/playbooks/templates/docker-compose/meta.yaml.j2 @@ -76,3 +76,24 @@ services: restart_policy: condition: any delay: 24h + + backup: + image: rockylinux:latest + hostname: backup + command: bash /datastore/backup/mkbkup.sh /datastore/ + networks: + - meta + volumes: + - type: volume + source: meta-backup + target: /datastore/backup + read_only: false + - type: volume + source: meta-appdata + target: /datastore/appdata + read_only: true + deploy: + replicas: 1 + restart_policy: + condition: any + delay: 24h diff --git a/skylab/core/playbooks/templates/docker-compose/photoprism.yaml.j2 b/skylab/core/playbooks/templates/docker-compose/photoprism.yaml.j2 new file mode 100644 index 0000000..2f25787 --- /dev/null +++ b/skylab/core/playbooks/templates/docker-compose/photoprism.yaml.j2 @@ -0,0 +1,113 @@ +--- +version: '3.7' + +volumes: + photoprism-database: + name: datastore/appdata/photoprism/database + driver: glusterfs + photoprism-metadata: + name: datastore/appdata/photoprism/metadata + photoprism-originals: + name: datastore/media/photoprism + driver: glusterfs + photoprism-import: + name: datastore/media/upload + driver: glusterfs + +networks: + photoprism: + internal: true + name: photoprism + driver: overlay + ipam: + driver: default + config: + - subnet: 192.168.109.0/24 + +services: + app: + image: photoprism/photoprism:latest + hostname: app + depends_on: + - database + networks: + - photoprism + ports: + - published: 2342 + target: 2342 + protocol: tcp + mode: ingress + environment: + PHOTOPRISM_ADMIN_PASSWORD: "gm2auW34GNawZ8Dqiub8W8vOlvsHCnfj" + PHOTOPRISM_SITE_URL: "http://cluster.skylab.enp.one:2342/" + PHOTOPRISM_ORIGINALS_LIMIT: 5000 + PHOTOPRISM_HTTP_COMPRESSION: "gzip" + PHOTOPRISM_DEBUG: "false" + PHOTOPRISM_PUBLIC: "false" + PHOTOPRISM_READONLY: "false" + PHOTOPRISM_EXPERIMENTAL: "false" + PHOTOPRISM_DISABLE_CHOWN: "false" + PHOTOPRISM_DISABLE_WEBDAV: "false" + PHOTOPRISM_DISABLE_SETTINGS: "false" + PHOTOPRISM_DISABLE_TENSORFLOW: "false" + PHOTOPRISM_DISABLE_FACES: "false" + PHOTOPRISM_DISABLE_CLASSIFICATION: "false" + PHOTOPRISM_DARKTABLE_PRESETS: "false" + PHOTOPRISM_DETECT_NSFW: "false" + PHOTOPRISM_UPLOAD_NSFW: "true" + PHOTOPRISM_DATABASE_DRIVER: "mysql" + PHOTOPRISM_DATABASE_SERVER: "database:3306" + PHOTOPRISM_DATABASE_NAME: "photoprism" + PHOTOPRISM_DATABASE_USER: "photoprism" + PHOTOPRISM_DATABASE_PASSWORD: "KcIKhME9OwWKVz4tGyqI4VXzyDBs33Xp" # MariaDB or MySQL database user password + PHOTOPRISM_SITE_TITLE: "Skylab Images" + PHOTOPRISM_SITE_CAPTION: "Browse Your Life" + PHOTOPRISM_SITE_DESCRIPTION: "" + PHOTOPRISM_SITE_AUTHOR: "EN Paul" + HOME: "/photoprism" + PHOTOPRISM_UID: 1408 + PHOTOPRISM_GID: 1408 + ## Hardware video transcoding config (optional) + # PHOTOPRISM_FFMPEG_BUFFERS: "64" # FFmpeg capture buffers (default: 32) + # PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50) + # PHOTOPRISM_FFMPEG_ENCODER: "h264_v4l2m2m" # Use Video4Linux for AVC transcoding (default: libx264) + # PHOTOPRISM_FFMPEG_ENCODER: "h264_qsv" # Use Intel Quick Sync Video for AVC transcoding (default: libx264) + # PHOTOPRISM_INIT: "intel-graphics tensorflow-amd64-avx2" # Enable TensorFlow AVX2 & Intel Graphics support + ## Enable TensorFlow AVX2 support for modern Intel CPUs (requires starting the container as root) + # PHOTOPRISM_INIT: "tensorflow-amd64-avx2" + user: "1408:1408" + working_dir: "/photoprism" + volumes: + - type: volume + source: photoprism-originals + target: /photoprism/originals + read_only: false + - type: volume + source: photoprism-metadata + target: /photoprism/storage + read_only: false + - type: volume + source: photoprism-import + target: /photoprism/import + read_only: true + deploy: + replicas: 1 + + database: + image: mariadb:10.6 + hostname: database + command: mysqld --innodb-buffer-pool-size=128M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 + networks: + - photoprism + volumes: + - type: volume + source: photoprism-database + target: /var/lib/mysql + read_only: false + environment: + MYSQL_ROOT_PASSWORD: insecure + MYSQL_DATABASE: photoprism + MYSQL_USER: photoprism + MYSQL_PASSWORD: KcIKhME9OwWKVz4tGyqI4VXzyDBs33Xp + deploy: + replicas: 1 diff --git a/skylab/core/playbooks/templates/stack-nginx.conf.j2 b/skylab/core/playbooks/templates/stack-nginx.conf.j2 new file mode 100644 index 0000000..79ce6e7 --- /dev/null +++ b/skylab/core/playbooks/templates/stack-nginx.conf.j2 @@ -0,0 +1,34 @@ +# Ansible managed file - do not manually edit +# +server { + server_name {{ app.publish.domain }}; + root /usr/share/nginx/html; + + location / { + proxy_pass http://dockerloopback:{{ app.publish.http }}/; + proxy_set_header Host $host; + } + + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/{{ app.publish.domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ app.publish.domain }}/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} + +server { + listen 80; + listen [::]:80; + server_name {{ app.publish.domain }}; + + location ^~ /.well-known/acme-challenge/ { + proxy_pass http://dockerloopback:8088/.well-known/acme-challenge/; + proxy_set_header Host $host; + } + + location / { + return 301 https://$host$request_uri; + } +} + +# EOF diff --git a/skylab/core/playbooks/update.yaml b/skylab/core/playbooks/update.yaml index 9d45144..bff2954 100644 --- a/skylab/core/playbooks/update.yaml +++ b/skylab/core/playbooks/update.yaml @@ -24,7 +24,7 @@ - vars/packages.yaml tasks: - name: Update system packages via DNF - when: ansible_distribution == "Rocky" + when: ansible_distribution == "Rocky" or ansible_distribution == "Fedora" become: true ansible.builtin.dnf: name: "*" @@ -39,7 +39,7 @@ group: "{{ ansible_user }}" mode: 0644 - - name: Install universal packages + - name: Install universal packages on Rocky when: ansible_distribution == "Rocky" become: true ansible.builtin.dnf: @@ -47,6 +47,14 @@ state: present update_cache: true + - name: Install universal packages on Fedora + when: ansible_distribution == "Fedora" + become: true + ansible.builtin.dnf: + name: "{{ skylab_packages_global + skylab_packages_fedora }}" + state: present + update_cache: true + - name: Update unix accounts hosts: linux @@ -132,7 +140,7 @@ ansible.builtin.set_fact: _determined_member_groups: "{{ _determined_member_groups | default({}) | combine({item.name: [ skylab_group.name, - 'wheel' if (item.admin | default(false) and ansible_distribution == 'Rocky') else '', + 'wheel' if (item.admin | default(false) and ansible_os_family == 'RedHat') else '', 'sudo' if (item.admin | default(false) and ansible_os_family == 'Debian') else '', skylab_group_admin.name if item.admin | default(false) else '', skylab_group_automation.name if item.service | default(false) else '', @@ -151,7 +159,11 @@ groups: "{{ _determined_member_groups[item.name] }}" comment: "{{ item.fullname | default('') }}" system: "{{ item.service | default(false) }}" - generate_ssh_key: false + generate_ssh_key: true + ssh_key_bits: 4096 + ssh_key_passphrase: "{{ item.password }}" + ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}" + ssh_key_type: ed25519 password: "{{ item.password }}" loop: "{{ _active_accounts }}" loop_control: diff --git a/skylab/core/playbooks/vars/packages.yaml b/skylab/core/playbooks/vars/packages.yaml index 53e3a5f..ee4652d 100644 --- a/skylab/core/playbooks/vars/packages.yaml +++ b/skylab/core/playbooks/vars/packages.yaml @@ -27,3 +27,9 @@ skylab_packages_rocky: - python3-virtualenv - systemd-networkd - wget + +skylab_packages_fedora: + - bind-utils + - nc + - nfs-utils + - wget