Add support for fedora workstations in core tooling
This commit is contained in:
parent
72d8e7cdde
commit
8b4fb71160
@ -38,3 +38,10 @@
|
|||||||
roles:
|
roles:
|
||||||
- role: skylab.core.dashboard
|
- role: skylab.core.dashboard
|
||||||
dashboard_hostname: "{{ skylab_dashboard }}"
|
dashboard_hostname: "{{ skylab_dashboard }}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Configure workstations
|
||||||
|
hosts: workstation
|
||||||
|
gather_facts: false
|
||||||
|
roles:
|
||||||
|
- role: skylab.core.workstation
|
||||||
|
@ -5,8 +5,9 @@ function _parse_git_branch() {
|
|||||||
export PS1="\[\e[0;97m\]\[\e[37m\e[1m\]\u\[\e[1;94m\]@\[\e[94m\]\H\[\e[37m\]:\w\[\e[33m\]\[\e[0;33m\]\$(_parse_git_branch) \[\e[37m\]\[\e[0;97m\]$\[\e[0m\] "
|
export PS1="\[\e[0;97m\]\[\e[37m\e[1m\]\u\[\e[1;94m\]@\[\e[94m\]\H\[\e[37m\]:\w\[\e[33m\]\[\e[0;33m\]\$(_parse_git_branch) \[\e[37m\]\[\e[0;97m\]$\[\e[0m\] "
|
||||||
export rc=/home/$USERNAME/.bashrc
|
export rc=/home/$USERNAME/.bashrc
|
||||||
export VIRTUALENV_DIR=/home/$USERNAME/.venvs
|
export VIRTUALENV_DIR=/home/$USERNAME/.venvs
|
||||||
|
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt
|
||||||
|
|
||||||
random() {
|
function random() {
|
||||||
if [[ $# -eq 0 ]]; then
|
if [[ $# -eq 0 ]]; then
|
||||||
num=32
|
num=32
|
||||||
else
|
else
|
||||||
@ -19,9 +20,10 @@ function up() { cd $(eval printf '../'%.0s {1..$1}); }
|
|||||||
|
|
||||||
function pipin() { pip freeze | grep $1; }
|
function pipin() { pip freeze | grep $1; }
|
||||||
|
|
||||||
|
function continuous () { while true; do ${@}; sleep 3; done; }
|
||||||
|
|
||||||
alias bk='cd -'
|
alias bk='cd -'
|
||||||
alias fuck='sudo $(history -p \!\!)'
|
alias fuck='sudo $(history -p \!\!)'
|
||||||
alias ls='ls -lshF --color --group-directories-first --time-style=long-iso'
|
|
||||||
alias version='uname -orp && lsb_release -a | grep Description'
|
alias version='uname -orp && lsb_release -a | grep Description'
|
||||||
alias activate='source ./bin/activate'
|
alias activate='source ./bin/activate'
|
||||||
alias cls='clear'
|
alias cls='clear'
|
||||||
@ -32,3 +34,4 @@ alias whatismyip='curl https://icanhazip.com/'
|
|||||||
alias uuid="python3 -c 'import uuid; print(uuid.uuid4());'"
|
alias uuid="python3 -c 'import uuid; print(uuid.uuid4());'"
|
||||||
alias epoch="python3 -c 'import time; print(time.time());'"
|
alias epoch="python3 -c 'import time; print(time.time());'"
|
||||||
alias uptime="command uptime --pretty"
|
alias uptime="command uptime --pretty"
|
||||||
|
alias unmount="umount"
|
||||||
|
@ -5,6 +5,8 @@
|
|||||||
ansible.builtin.dnf:
|
ansible.builtin.dnf:
|
||||||
state: present
|
state: present
|
||||||
name:
|
name:
|
||||||
|
- libffi-devel
|
||||||
|
- python3-devel
|
||||||
- python3-libselinux
|
- python3-libselinux
|
||||||
- python3-policycoreutils
|
- python3-policycoreutils
|
||||||
- python3-firewall
|
- python3-firewall
|
||||||
|
@ -76,3 +76,24 @@ services:
|
|||||||
restart_policy:
|
restart_policy:
|
||||||
condition: any
|
condition: any
|
||||||
delay: 24h
|
delay: 24h
|
||||||
|
|
||||||
|
backup:
|
||||||
|
image: rockylinux:latest
|
||||||
|
hostname: backup
|
||||||
|
command: bash /datastore/backup/mkbkup.sh /datastore/
|
||||||
|
networks:
|
||||||
|
- meta
|
||||||
|
volumes:
|
||||||
|
- type: volume
|
||||||
|
source: meta-backup
|
||||||
|
target: /datastore/backup
|
||||||
|
read_only: false
|
||||||
|
- type: volume
|
||||||
|
source: meta-appdata
|
||||||
|
target: /datastore/appdata
|
||||||
|
read_only: true
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
restart_policy:
|
||||||
|
condition: any
|
||||||
|
delay: 24h
|
||||||
|
@ -0,0 +1,113 @@
|
|||||||
|
---
|
||||||
|
version: '3.7'
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
photoprism-database:
|
||||||
|
name: datastore/appdata/photoprism/database
|
||||||
|
driver: glusterfs
|
||||||
|
photoprism-metadata:
|
||||||
|
name: datastore/appdata/photoprism/metadata
|
||||||
|
photoprism-originals:
|
||||||
|
name: datastore/media/photoprism
|
||||||
|
driver: glusterfs
|
||||||
|
photoprism-import:
|
||||||
|
name: datastore/media/upload
|
||||||
|
driver: glusterfs
|
||||||
|
|
||||||
|
networks:
|
||||||
|
photoprism:
|
||||||
|
internal: true
|
||||||
|
name: photoprism
|
||||||
|
driver: overlay
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 192.168.109.0/24
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: photoprism/photoprism:latest
|
||||||
|
hostname: app
|
||||||
|
depends_on:
|
||||||
|
- database
|
||||||
|
networks:
|
||||||
|
- photoprism
|
||||||
|
ports:
|
||||||
|
- published: 2342
|
||||||
|
target: 2342
|
||||||
|
protocol: tcp
|
||||||
|
mode: ingress
|
||||||
|
environment:
|
||||||
|
PHOTOPRISM_ADMIN_PASSWORD: "gm2auW34GNawZ8Dqiub8W8vOlvsHCnfj"
|
||||||
|
PHOTOPRISM_SITE_URL: "http://cluster.skylab.enp.one:2342/"
|
||||||
|
PHOTOPRISM_ORIGINALS_LIMIT: 5000
|
||||||
|
PHOTOPRISM_HTTP_COMPRESSION: "gzip"
|
||||||
|
PHOTOPRISM_DEBUG: "false"
|
||||||
|
PHOTOPRISM_PUBLIC: "false"
|
||||||
|
PHOTOPRISM_READONLY: "false"
|
||||||
|
PHOTOPRISM_EXPERIMENTAL: "false"
|
||||||
|
PHOTOPRISM_DISABLE_CHOWN: "false"
|
||||||
|
PHOTOPRISM_DISABLE_WEBDAV: "false"
|
||||||
|
PHOTOPRISM_DISABLE_SETTINGS: "false"
|
||||||
|
PHOTOPRISM_DISABLE_TENSORFLOW: "false"
|
||||||
|
PHOTOPRISM_DISABLE_FACES: "false"
|
||||||
|
PHOTOPRISM_DISABLE_CLASSIFICATION: "false"
|
||||||
|
PHOTOPRISM_DARKTABLE_PRESETS: "false"
|
||||||
|
PHOTOPRISM_DETECT_NSFW: "false"
|
||||||
|
PHOTOPRISM_UPLOAD_NSFW: "true"
|
||||||
|
PHOTOPRISM_DATABASE_DRIVER: "mysql"
|
||||||
|
PHOTOPRISM_DATABASE_SERVER: "database:3306"
|
||||||
|
PHOTOPRISM_DATABASE_NAME: "photoprism"
|
||||||
|
PHOTOPRISM_DATABASE_USER: "photoprism"
|
||||||
|
PHOTOPRISM_DATABASE_PASSWORD: "KcIKhME9OwWKVz4tGyqI4VXzyDBs33Xp" # MariaDB or MySQL database user password
|
||||||
|
PHOTOPRISM_SITE_TITLE: "Skylab Images"
|
||||||
|
PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
|
||||||
|
PHOTOPRISM_SITE_DESCRIPTION: ""
|
||||||
|
PHOTOPRISM_SITE_AUTHOR: "EN Paul"
|
||||||
|
HOME: "/photoprism"
|
||||||
|
PHOTOPRISM_UID: 1408
|
||||||
|
PHOTOPRISM_GID: 1408
|
||||||
|
## Hardware video transcoding config (optional)
|
||||||
|
# PHOTOPRISM_FFMPEG_BUFFERS: "64" # FFmpeg capture buffers (default: 32)
|
||||||
|
# PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50)
|
||||||
|
# PHOTOPRISM_FFMPEG_ENCODER: "h264_v4l2m2m" # Use Video4Linux for AVC transcoding (default: libx264)
|
||||||
|
# PHOTOPRISM_FFMPEG_ENCODER: "h264_qsv" # Use Intel Quick Sync Video for AVC transcoding (default: libx264)
|
||||||
|
# PHOTOPRISM_INIT: "intel-graphics tensorflow-amd64-avx2" # Enable TensorFlow AVX2 & Intel Graphics support
|
||||||
|
## Enable TensorFlow AVX2 support for modern Intel CPUs (requires starting the container as root)
|
||||||
|
# PHOTOPRISM_INIT: "tensorflow-amd64-avx2"
|
||||||
|
user: "1408:1408"
|
||||||
|
working_dir: "/photoprism"
|
||||||
|
volumes:
|
||||||
|
- type: volume
|
||||||
|
source: photoprism-originals
|
||||||
|
target: /photoprism/originals
|
||||||
|
read_only: false
|
||||||
|
- type: volume
|
||||||
|
source: photoprism-metadata
|
||||||
|
target: /photoprism/storage
|
||||||
|
read_only: false
|
||||||
|
- type: volume
|
||||||
|
source: photoprism-import
|
||||||
|
target: /photoprism/import
|
||||||
|
read_only: true
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
|
||||||
|
database:
|
||||||
|
image: mariadb:10.6
|
||||||
|
hostname: database
|
||||||
|
command: mysqld --innodb-buffer-pool-size=128M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
|
||||||
|
networks:
|
||||||
|
- photoprism
|
||||||
|
volumes:
|
||||||
|
- type: volume
|
||||||
|
source: photoprism-database
|
||||||
|
target: /var/lib/mysql
|
||||||
|
read_only: false
|
||||||
|
environment:
|
||||||
|
MYSQL_ROOT_PASSWORD: insecure
|
||||||
|
MYSQL_DATABASE: photoprism
|
||||||
|
MYSQL_USER: photoprism
|
||||||
|
MYSQL_PASSWORD: KcIKhME9OwWKVz4tGyqI4VXzyDBs33Xp
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
34
skylab/core/playbooks/templates/stack-nginx.conf.j2
Normal file
34
skylab/core/playbooks/templates/stack-nginx.conf.j2
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# Ansible managed file - do not manually edit
|
||||||
|
#
|
||||||
|
server {
|
||||||
|
server_name {{ app.publish.domain }};
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://dockerloopback:{{ app.publish.http }}/;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
|
||||||
|
listen 443 ssl;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ app.publish.domain }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ app.publish.domain }}/privkey.pem;
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name {{ app.publish.domain }};
|
||||||
|
|
||||||
|
location ^~ /.well-known/acme-challenge/ {
|
||||||
|
proxy_pass http://dockerloopback:8088/.well-known/acme-challenge/;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# EOF
|
@ -24,7 +24,7 @@
|
|||||||
- vars/packages.yaml
|
- vars/packages.yaml
|
||||||
tasks:
|
tasks:
|
||||||
- name: Update system packages via DNF
|
- name: Update system packages via DNF
|
||||||
when: ansible_distribution == "Rocky"
|
when: ansible_distribution == "Rocky" or ansible_distribution == "Fedora"
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.dnf:
|
ansible.builtin.dnf:
|
||||||
name: "*"
|
name: "*"
|
||||||
@ -39,7 +39,7 @@
|
|||||||
group: "{{ ansible_user }}"
|
group: "{{ ansible_user }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Install universal packages
|
- name: Install universal packages on Rocky
|
||||||
when: ansible_distribution == "Rocky"
|
when: ansible_distribution == "Rocky"
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.dnf:
|
ansible.builtin.dnf:
|
||||||
@ -47,6 +47,14 @@
|
|||||||
state: present
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Install universal packages on Fedora
|
||||||
|
when: ansible_distribution == "Fedora"
|
||||||
|
become: true
|
||||||
|
ansible.builtin.dnf:
|
||||||
|
name: "{{ skylab_packages_global + skylab_packages_fedora }}"
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
|
||||||
- name: Update unix accounts
|
- name: Update unix accounts
|
||||||
hosts: linux
|
hosts: linux
|
||||||
@ -132,7 +140,7 @@
|
|||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
_determined_member_groups: "{{ _determined_member_groups | default({}) | combine({item.name: [
|
_determined_member_groups: "{{ _determined_member_groups | default({}) | combine({item.name: [
|
||||||
skylab_group.name,
|
skylab_group.name,
|
||||||
'wheel' if (item.admin | default(false) and ansible_distribution == 'Rocky') else '',
|
'wheel' if (item.admin | default(false) and ansible_os_family == 'RedHat') else '',
|
||||||
'sudo' if (item.admin | default(false) and ansible_os_family == 'Debian') else '',
|
'sudo' if (item.admin | default(false) and ansible_os_family == 'Debian') else '',
|
||||||
skylab_group_admin.name if item.admin | default(false) else '',
|
skylab_group_admin.name if item.admin | default(false) else '',
|
||||||
skylab_group_automation.name if item.service | default(false) else '',
|
skylab_group_automation.name if item.service | default(false) else '',
|
||||||
@ -151,7 +159,11 @@
|
|||||||
groups: "{{ _determined_member_groups[item.name] }}"
|
groups: "{{ _determined_member_groups[item.name] }}"
|
||||||
comment: "{{ item.fullname | default('') }}"
|
comment: "{{ item.fullname | default('') }}"
|
||||||
system: "{{ item.service | default(false) }}"
|
system: "{{ item.service | default(false) }}"
|
||||||
generate_ssh_key: false
|
generate_ssh_key: true
|
||||||
|
ssh_key_bits: 4096
|
||||||
|
ssh_key_passphrase: "{{ item.password }}"
|
||||||
|
ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}"
|
||||||
|
ssh_key_type: ed25519
|
||||||
password: "{{ item.password }}"
|
password: "{{ item.password }}"
|
||||||
loop: "{{ _active_accounts }}"
|
loop: "{{ _active_accounts }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
|
@ -27,3 +27,9 @@ skylab_packages_rocky:
|
|||||||
- python3-virtualenv
|
- python3-virtualenv
|
||||||
- systemd-networkd
|
- systemd-networkd
|
||||||
- wget
|
- wget
|
||||||
|
|
||||||
|
skylab_packages_fedora:
|
||||||
|
- bind-utils
|
||||||
|
- nc
|
||||||
|
- nfs-utils
|
||||||
|
- wget
|
||||||
|
Reference in New Issue
Block a user