diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a668a9..87ebd5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# 2023-03-29 + +## (Backward Compatibility Break) Firezone database renamed + +If you are running [Firezone](docs/services/firezone.md) with the default [Postgres](docs/services/postgres.md) integration the playbook automatically created the database with the name `mash-firezone`. +To be consistent with how this playbook names databases for all other services, going forward we've changed the database name to be just `firezone`. You will have to rename you database manually by running the following commands on your server: + +1. Stop Firezone: `systemctl stop mash-firezone` +2. Run a Postgres `psql` shell: `/mash/postgres/bin/cli` +3. Execute this query: `ALTER DATABASE "mash-firezone" RENAME TO firezone;` and then quit the shell with `\q` + +Then update the playbook (don't forget to run `just roles`), run `just install-all` and you should be good to go! + # 2023-03-26 ## (Backward Compatibility Break) PeerTube is no longer wired to Redis automatically diff --git a/docs/services/firezone.md b/docs/services/firezone.md index 707313f..d4fbf2a 100644 --- a/docs/services/firezone.md +++ b/docs/services/firezone.md @@ -1,6 +1,6 @@ # Firezone -[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [moan0s/role-firezone](https://github.com/moan0s/role-firezone) Ansible role. +[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [mother-of-all-self-hosting/ansible-role-firezone](https://github.com/mother-of-all-self-hosting/ansible-role-firezone) Ansible role. ## Configuration diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index ae93152..3558709 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -14,8 +14,21 @@ To enable this service, add the following configuration to your `vars.yml` file ######################################################################## gotosocial_enabled: true + + +# Hostname that this server will be reachable at. +# DO NOT change this after your server has already run once, or you will break things! +# Examples: ["gts.example.org","some.server.com"] gotosocial_hostname: 'social.example.org' +# Domain to use when federating profiles. It defaults to `gotosocial_hostname` but you can cange it when you want your server to be at +# eg., `gotosocial_hostname: gts.example.org`, but you want the domain on accounts to be "example.org" because it looks better +# or is just shorter/easier to remember. +# +# Please read the appropriate section of the installation guide before you go messing around with this setting: +# https://docs.gotosocial.org/installation_guide/advanced/#can-i-host-my-instance-at-fediexampleorg-but-have-just-exampleorg-in-my-username +# gotosocial_account_domain: "example.org" + ######################################################################## # # # /gotosocial # @@ -23,12 +36,12 @@ gotosocial_hostname: 'social.example.org' ######################################################################## ``` -After installation, you can use `ansible-playbook -i inventory/hosts setup.yml --tags=gotosocial-add-user --extra-vars "username= email= password="` +After installation, you can use `just run-tags gotosocial-add-user --extra-vars=username= --extra-vars=password= --extra-vars=email="` to create your a user. Change `--tags=gotosocial-add-user` to `--tags=gotosocial-add-admin` to create an admin account. ### Usage -After [installing](../installing.md), you can visti at the URL specified in `firezone_hostname` and should see your instance. +After [installing](../installing.md), you can visit at the URL specified in `gotosocial_hostname` and should see your instance. Start to customize it at `social.example.org/admin`. Use the [GtS CLI Tool](https://docs.gotosocial.org/en/latest/admin/cli/) to do admin & maintenance tasks. E.g. use @@ -65,14 +78,14 @@ serverA$ rsync -av -e "ssh" data/* root@serverB:/mash/gotosocial/data/ Install (but don't start) the service and database on the server. ```bash -yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=install-all +yourPC$ just run-tags install-all yourPC$ just run-tags import-postgres --extra-vars=server_path_postgres_dump=/mash/gotosocial/latest.sql --extra-vars=postgres_default_import_database=mash-gotosocial ``` Start the services on the new server ```bash -yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=start +yourPC$ just run-tags start ``` Done 🥳 diff --git a/docs/services/navidrome.md b/docs/services/navidrome.md new file mode 100644 index 0000000..5703aa5 --- /dev/null +++ b/docs/services/navidrome.md @@ -0,0 +1,141 @@ +# Navidrome + +[Navidrome](https://www.navidrome.org/) is a [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server. + + +## Dependencies + +This service requires the following other services: + +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# navidrome # +# # +######################################################################## + +navidrome_enabled: true + +navidrome_hostname: mash.example.com +navidrome_path_prefix: /navidrome + +# By default, Navidrome will look at the /music directory for music files, +# controlled by the `navidrome_environment_variable_nd_musicfolder` variable. +# +# You'd need to mount some music directory into the Navidrome container, like shown below. +# The "Syncthing integration" section below may be relevant. +# navidrome_container_additional_volumes: +# - type: bind +# src: /on-host/path/to/music +# dst: /music +# options: readonly + +######################################################################## +# # +# /navidrome # +# # +######################################################################## +``` + +### URL + +In the example configuration above, we configure the service to be hosted at `https://mash.example.com/navidrome`. + +You can remove the `navidrome_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. + +### Authentication + +On first use (see [Usage](#usage) below), you'll be asked to create the first administrator user. + +You can create additional users from the web UI after that. + +### Syncthing integration + +If you've got a [Syncthing](syncthing.md) service running, you can use it to synchronize your music directory onto the server and then mount it as read-only into the Navidrome container. + +We recommend that you make use of the [aux](aux.md) role to create some shared directory like this: + +```yaml +######################################################################## +# # +# aux # +# # +######################################################################## + +aux_directory_definitions: + - dest: "{{ mash_playbook_base_path }}/storage" + - dest: "{{ mash_playbook_base_path }}/storage/music" + +######################################################################## +# # +# /aux # +# # +######################################################################## +``` + +You can then mount this `{{ mash_playbook_base_path }}/storage/music` directory into the Syncthing container and synchronize it with some other computer: + +```yaml +######################################################################## +# # +# syncthing # +# # +######################################################################## + +# Other Syncthing configuration.. + +syncthing_container_additional_volumes: + - type: bind + src: "{{ mash_playbook_base_path }}/storage/music" + dst: /music + +######################################################################## +# # +# /syncthing # +# # +######################################################################## +``` + +Finally, mount the `{{ mash_playbook_base_path }}/storage/music` directory into the Navidrome container as read-only: + +```yaml +######################################################################## +# # +# navidrome # +# # +######################################################################## + +# Other Navidrome configuration.. + +navidrome_container_additional_volumes: + - type: bind + src: "{{ mash_playbook_base_path }}/storage/music" + dst: /music + options: readonly + +######################################################################## +# # +# /navidrome # +# # +######################################################################## +``` + +## Usage + +After installation, you can go to the Navidrome URL, as defined in `navidrome_hostname` and `navidrome_path_prefix`. + +As mentioned in [Authentication](#authentication) above, you'll be asked to create the first administrator user the first time you open the web UI. + +You can also connect various Subsonic-API-compatible [apps](https://www.navidrome.org/docs/overview/#apps) (desktop, web, mobile) to your Navidrome instance. + + +## Recommended other services + +- [Syncthing](syncthing.md) - a continuous file synchronization program which synchronizes files between two or more computers in real time. See [Syncthing integration](#syncthing-integration) diff --git a/docs/supported-services.md b/docs/supported-services.md index 187901d..154a1ca 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -17,6 +17,7 @@ | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | | [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | +| [Navidrome](https://www.navidrome.org/) | [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server | [Link](services/navidrome.md) | [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | | [Owncast](https://owncast.online/) | Owncast is a free and open source live video and web chat server for use with existing popular broadcasting software. | [Link](services/owncast.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 9749f08..f219229 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -101,6 +101,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else []) + + ([{'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']}] if navidrome_enabled else []) + + ([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else []) + ([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else []) @@ -791,6 +793,39 @@ miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) +######################################################################## +# # +# navidrome # +# # +######################################################################## + +navidrome_enabled: false + +navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome" + +navidrome_uid: "{{ mash_playbook_uid }}" +navidrome_gid: "{{ mash_playbook_gid }}" + +navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome" + +navidrome_container_additional_networks_auto: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + }} + +navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +######################################################################## +# # +# /navidrome # +# # +######################################################################## + + + ######################################################################## # # # nextcloud # @@ -806,14 +841,12 @@ nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas nextcloud_uid: "{{ mash_playbook_uid }}" nextcloud_gid: "{{ mash_playbook_gid }}" -nextcloud_systemd_required_systemd_services_list: | +nextcloud_systemd_required_services_list_auto: | {{ - (['docker.service']) - + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) }} -nextcloud_container_additional_networks: | +nextcloud_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + @@ -1581,7 +1614,6 @@ firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}" firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" -firezone_database_name: "{{ firezone_identifier }}" firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}" firezone_database_user: "{{ firezone_identifier }}" @@ -1628,7 +1660,6 @@ gotosocial_gid: "{{ mash_playbook_gid }}" gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" -gotosocial_database_name: "{{ gotosocial_identifier }}" gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" gotosocial_database_username: "{{ gotosocial_identifier }}" diff --git a/requirements.yml b/requirements.yml index 17c15e9..af88fda 100644 --- a/requirements.yml +++ b/requirements.yml @@ -78,11 +78,14 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keycloak.git version: v21.0.1-1 name: keycloak +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-navidrome.git + version: v0.49.3-1 + name: navidrome - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git version: v3.4.6-2.5.1-0 name: netbox - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git - version: v26.0.0-0 + version: v26.0.0-1 name: nextcloud - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git version: v5.1.0-2 @@ -97,14 +100,14 @@ version: v1.28.0-0 name: vaultwarden - src: git+https://github.com/moan0s/hubsite.git - version: c5df0485b558c89a6f15966bcdf3f129fd83cfa3 + version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe name: hubsite - src: git+https://github.com/moan0s/role-firezone.git - version: ac8564d5e11a75107ba93aec6427b83be824c30a + version: 3a2a1e4c6b484b643a847941937a80d0efd86d6c name: firezone - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial - version: 148933d390a2a789ee4595a593d825e64d5e6f46 + version: d608eb330af28b75d3e4881b2e8c09af64d078f1 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-owncast.git name: owncast version: ff233df159fbda65b2bb637adbfaf34383ec4229 diff --git a/setup.yml b/setup.yml index 4a59788..c709e9c 100644 --- a/setup.yml +++ b/setup.yml @@ -78,6 +78,8 @@ - role: galaxy/hubsite + - role: galaxy/navidrome + - role: galaxy/netbox - role: galaxy/nextcloud