Merge branch 'main' of https://github.com/mother-of-all-self-hosting/mash-playbook into owncast
This commit is contained in:
commit
817386b3b6
8 changed files with 219 additions and 15 deletions
13
CHANGELOG.md
13
CHANGELOG.md
|
@ -1,3 +1,16 @@
|
|||
# 2023-03-29
|
||||
|
||||
## (Backward Compatibility Break) Firezone database renamed
|
||||
|
||||
If you are running [Firezone](docs/services/firezone.md) with the default [Postgres](docs/services/postgres.md) integration the playbook automatically created the database with the name `mash-firezone`.
|
||||
To be consistent with how this playbook names databases for all other services, going forward we've changed the database name to be just `firezone`. You will have to rename you database manually by running the following commands on your server:
|
||||
|
||||
1. Stop Firezone: `systemctl stop mash-firezone`
|
||||
2. Run a Postgres `psql` shell: `/mash/postgres/bin/cli`
|
||||
3. Execute this query: `ALTER DATABASE "mash-firezone" RENAME TO firezone;` and then quit the shell with `\q`
|
||||
|
||||
Then update the playbook (don't forget to run `just roles`), run `just install-all` and you should be good to go!
|
||||
|
||||
# 2023-03-26
|
||||
|
||||
## (Backward Compatibility Break) PeerTube is no longer wired to Redis automatically
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Firezone
|
||||
|
||||
[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [moan0s/role-firezone](https://github.com/moan0s/role-firezone) Ansible role.
|
||||
[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [mother-of-all-self-hosting/ansible-role-firezone](https://github.com/mother-of-all-self-hosting/ansible-role-firezone) Ansible role.
|
||||
|
||||
## Configuration
|
||||
|
||||
|
|
|
@ -14,8 +14,21 @@ To enable this service, add the following configuration to your `vars.yml` file
|
|||
########################################################################
|
||||
|
||||
gotosocial_enabled: true
|
||||
|
||||
|
||||
# Hostname that this server will be reachable at.
|
||||
# DO NOT change this after your server has already run once, or you will break things!
|
||||
# Examples: ["gts.example.org","some.server.com"]
|
||||
gotosocial_hostname: 'social.example.org'
|
||||
|
||||
# Domain to use when federating profiles. It defaults to `gotosocial_hostname` but you can cange it when you want your server to be at
|
||||
# eg., `gotosocial_hostname: gts.example.org`, but you want the domain on accounts to be "example.org" because it looks better
|
||||
# or is just shorter/easier to remember.
|
||||
#
|
||||
# Please read the appropriate section of the installation guide before you go messing around with this setting:
|
||||
# https://docs.gotosocial.org/installation_guide/advanced/#can-i-host-my-instance-at-fediexampleorg-but-have-just-exampleorg-in-my-username
|
||||
# gotosocial_account_domain: "example.org"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /gotosocial #
|
||||
|
@ -23,12 +36,12 @@ gotosocial_hostname: 'social.example.org'
|
|||
########################################################################
|
||||
```
|
||||
|
||||
After installation, you can use `ansible-playbook -i inventory/hosts setup.yml --tags=gotosocial-add-user --extra-vars "username=<username> email=<email> password=<password>"`
|
||||
After installation, you can use `just run-tags gotosocial-add-user --extra-vars=username=<username> --extra-vars=password=<password> --extra-vars=email=<email>"`
|
||||
to create your a user. Change `--tags=gotosocial-add-user` to `--tags=gotosocial-add-admin` to create an admin account.
|
||||
|
||||
### Usage
|
||||
|
||||
After [installing](../installing.md), you can visti at the URL specified in `firezone_hostname` and should see your instance.
|
||||
After [installing](../installing.md), you can visit at the URL specified in `gotosocial_hostname` and should see your instance.
|
||||
Start to customize it at `social.example.org/admin`.
|
||||
|
||||
Use the [GtS CLI Tool](https://docs.gotosocial.org/en/latest/admin/cli/) to do admin & maintenance tasks. E.g. use
|
||||
|
@ -65,14 +78,14 @@ serverA$ rsync -av -e "ssh" data/* root@serverB:/mash/gotosocial/data/
|
|||
Install (but don't start) the service and database on the server.
|
||||
|
||||
```bash
|
||||
yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=install-all
|
||||
yourPC$ just run-tags install-all
|
||||
yourPC$ just run-tags import-postgres --extra-vars=server_path_postgres_dump=/mash/gotosocial/latest.sql --extra-vars=postgres_default_import_database=mash-gotosocial
|
||||
```
|
||||
|
||||
Start the services on the new server
|
||||
|
||||
```bash
|
||||
yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=start
|
||||
yourPC$ just run-tags start
|
||||
```
|
||||
|
||||
Done 🥳
|
||||
|
|
141
docs/services/navidrome.md
Normal file
141
docs/services/navidrome.md
Normal file
|
@ -0,0 +1,141 @@
|
|||
# Navidrome
|
||||
|
||||
[Navidrome](https://www.navidrome.org/) is a [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server.
|
||||
|
||||
|
||||
## Dependencies
|
||||
|
||||
This service requires the following other services:
|
||||
|
||||
- a [Traefik](traefik.md) reverse-proxy server
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# navidrome #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
navidrome_enabled: true
|
||||
|
||||
navidrome_hostname: mash.example.com
|
||||
navidrome_path_prefix: /navidrome
|
||||
|
||||
# By default, Navidrome will look at the /music directory for music files,
|
||||
# controlled by the `navidrome_environment_variable_nd_musicfolder` variable.
|
||||
#
|
||||
# You'd need to mount some music directory into the Navidrome container, like shown below.
|
||||
# The "Syncthing integration" section below may be relevant.
|
||||
# navidrome_container_additional_volumes:
|
||||
# - type: bind
|
||||
# src: /on-host/path/to/music
|
||||
# dst: /music
|
||||
# options: readonly
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /navidrome #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
### URL
|
||||
|
||||
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/navidrome`.
|
||||
|
||||
You can remove the `navidrome_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
|
||||
|
||||
### Authentication
|
||||
|
||||
On first use (see [Usage](#usage) below), you'll be asked to create the first administrator user.
|
||||
|
||||
You can create additional users from the web UI after that.
|
||||
|
||||
### Syncthing integration
|
||||
|
||||
If you've got a [Syncthing](syncthing.md) service running, you can use it to synchronize your music directory onto the server and then mount it as read-only into the Navidrome container.
|
||||
|
||||
We recommend that you make use of the [aux](aux.md) role to create some shared directory like this:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# aux #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
aux_directory_definitions:
|
||||
- dest: "{{ mash_playbook_base_path }}/storage"
|
||||
- dest: "{{ mash_playbook_base_path }}/storage/music"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /aux #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
You can then mount this `{{ mash_playbook_base_path }}/storage/music` directory into the Syncthing container and synchronize it with some other computer:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# syncthing #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# Other Syncthing configuration..
|
||||
|
||||
syncthing_container_additional_volumes:
|
||||
- type: bind
|
||||
src: "{{ mash_playbook_base_path }}/storage/music"
|
||||
dst: /music
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /syncthing #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
Finally, mount the `{{ mash_playbook_base_path }}/storage/music` directory into the Navidrome container as read-only:
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# navidrome #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# Other Navidrome configuration..
|
||||
|
||||
navidrome_container_additional_volumes:
|
||||
- type: bind
|
||||
src: "{{ mash_playbook_base_path }}/storage/music"
|
||||
dst: /music
|
||||
options: readonly
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /navidrome #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
After installation, you can go to the Navidrome URL, as defined in `navidrome_hostname` and `navidrome_path_prefix`.
|
||||
|
||||
As mentioned in [Authentication](#authentication) above, you'll be asked to create the first administrator user the first time you open the web UI.
|
||||
|
||||
You can also connect various Subsonic-API-compatible [apps](https://www.navidrome.org/docs/overview/#apps) (desktop, web, mobile) to your Navidrome instance.
|
||||
|
||||
|
||||
## Recommended other services
|
||||
|
||||
- [Syncthing](syncthing.md) - a continuous file synchronization program which synchronizes files between two or more computers in real time. See [Syncthing integration](#syncthing-integration)
|
|
@ -17,6 +17,7 @@
|
|||
| [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) |
|
||||
| [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) |
|
||||
| [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) |
|
||||
| [Navidrome](https://www.navidrome.org/) | [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server | [Link](services/navidrome.md)
|
||||
| [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) |
|
||||
| [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) |
|
||||
| [Owncast](https://owncast.online/) | Owncast is a free and open source live video and web chat server for use with existing popular broadcasting software. | [Link](services/owncast.md) |
|
||||
|
|
|
@ -101,6 +101,8 @@ devture_systemd_service_manager_services_list_auto: |
|
|||
+
|
||||
([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else [])
|
||||
+
|
||||
([{'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']}] if navidrome_enabled else [])
|
||||
+
|
||||
([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else [])
|
||||
+
|
||||
([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else [])
|
||||
|
@ -791,6 +793,39 @@ miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key)
|
|||
|
||||
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# navidrome #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
navidrome_enabled: false
|
||||
|
||||
navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome"
|
||||
|
||||
navidrome_uid: "{{ mash_playbook_uid }}"
|
||||
navidrome_gid: "{{ mash_playbook_gid }}"
|
||||
|
||||
navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome"
|
||||
|
||||
navidrome_container_additional_networks_auto: |
|
||||
{{
|
||||
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
||||
}}
|
||||
|
||||
navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
||||
navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
||||
navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||
navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /navidrome #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# nextcloud #
|
||||
|
@ -806,14 +841,12 @@ nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas
|
|||
nextcloud_uid: "{{ mash_playbook_uid }}"
|
||||
nextcloud_gid: "{{ mash_playbook_gid }}"
|
||||
|
||||
nextcloud_systemd_required_systemd_services_list: |
|
||||
nextcloud_systemd_required_services_list_auto: |
|
||||
{{
|
||||
(['docker.service'])
|
||||
+
|
||||
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
|
||||
}}
|
||||
|
||||
nextcloud_container_additional_networks: |
|
||||
nextcloud_container_additional_networks_auto: |
|
||||
{{
|
||||
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
||||
+
|
||||
|
@ -1581,7 +1614,6 @@ firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}"
|
|||
|
||||
firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
||||
firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
||||
firezone_database_name: "{{ firezone_identifier }}"
|
||||
firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}"
|
||||
firezone_database_user: "{{ firezone_identifier }}"
|
||||
|
||||
|
@ -1628,7 +1660,6 @@ gotosocial_gid: "{{ mash_playbook_gid }}"
|
|||
|
||||
gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
||||
gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
||||
gotosocial_database_name: "{{ gotosocial_identifier }}"
|
||||
gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}"
|
||||
gotosocial_database_username: "{{ gotosocial_identifier }}"
|
||||
|
||||
|
|
|
@ -78,11 +78,14 @@
|
|||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keycloak.git
|
||||
version: v21.0.1-1
|
||||
name: keycloak
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-navidrome.git
|
||||
version: v0.49.3-1
|
||||
name: navidrome
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git
|
||||
version: v3.4.6-2.5.1-0
|
||||
name: netbox
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git
|
||||
version: v26.0.0-0
|
||||
version: v26.0.0-1
|
||||
name: nextcloud
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git
|
||||
version: v5.1.0-2
|
||||
|
@ -97,14 +100,14 @@
|
|||
version: v1.28.0-0
|
||||
name: vaultwarden
|
||||
- src: git+https://github.com/moan0s/hubsite.git
|
||||
version: c5df0485b558c89a6f15966bcdf3f129fd83cfa3
|
||||
version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe
|
||||
name: hubsite
|
||||
- src: git+https://github.com/moan0s/role-firezone.git
|
||||
version: ac8564d5e11a75107ba93aec6427b83be824c30a
|
||||
version: 3a2a1e4c6b484b643a847941937a80d0efd86d6c
|
||||
name: firezone
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git
|
||||
name: gotosocial
|
||||
version: 148933d390a2a789ee4595a593d825e64d5e6f46
|
||||
version: d608eb330af28b75d3e4881b2e8c09af64d078f1
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-owncast.git
|
||||
name: owncast
|
||||
version: ff233df159fbda65b2bb637adbfaf34383ec4229
|
||||
|
|
|
@ -78,6 +78,8 @@
|
|||
|
||||
- role: galaxy/hubsite
|
||||
|
||||
- role: galaxy/navidrome
|
||||
|
||||
- role: galaxy/netbox
|
||||
|
||||
- role: galaxy/nextcloud
|
||||
|
|
Loading…
Reference in a new issue