This commit is contained in:
Julian-Samuel Gebühr 2023-03-29 20:38:42 +02:00
commit 817386b3b6
8 changed files with 219 additions and 15 deletions

View file

@ -1,3 +1,16 @@
# 2023-03-29
## (Backward Compatibility Break) Firezone database renamed
If you are running [Firezone](docs/services/firezone.md) with the default [Postgres](docs/services/postgres.md) integration the playbook automatically created the database with the name `mash-firezone`.
To be consistent with how this playbook names databases for all other services, going forward we've changed the database name to be just `firezone`. You will have to rename you database manually by running the following commands on your server:
1. Stop Firezone: `systemctl stop mash-firezone`
2. Run a Postgres `psql` shell: `/mash/postgres/bin/cli`
3. Execute this query: `ALTER DATABASE "mash-firezone" RENAME TO firezone;` and then quit the shell with `\q`
Then update the playbook (don't forget to run `just roles`), run `just install-all` and you should be good to go!
# 2023-03-26 # 2023-03-26
## (Backward Compatibility Break) PeerTube is no longer wired to Redis automatically ## (Backward Compatibility Break) PeerTube is no longer wired to Redis automatically

View file

@ -1,6 +1,6 @@
# Firezone # Firezone
[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [moan0s/role-firezone](https://github.com/moan0s/role-firezone) Ansible role. [Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [mother-of-all-self-hosting/ansible-role-firezone](https://github.com/mother-of-all-self-hosting/ansible-role-firezone) Ansible role.
## Configuration ## Configuration

View file

@ -14,8 +14,21 @@ To enable this service, add the following configuration to your `vars.yml` file
######################################################################## ########################################################################
gotosocial_enabled: true gotosocial_enabled: true
# Hostname that this server will be reachable at.
# DO NOT change this after your server has already run once, or you will break things!
# Examples: ["gts.example.org","some.server.com"]
gotosocial_hostname: 'social.example.org' gotosocial_hostname: 'social.example.org'
# Domain to use when federating profiles. It defaults to `gotosocial_hostname` but you can cange it when you want your server to be at
# eg., `gotosocial_hostname: gts.example.org`, but you want the domain on accounts to be "example.org" because it looks better
# or is just shorter/easier to remember.
#
# Please read the appropriate section of the installation guide before you go messing around with this setting:
# https://docs.gotosocial.org/installation_guide/advanced/#can-i-host-my-instance-at-fediexampleorg-but-have-just-exampleorg-in-my-username
# gotosocial_account_domain: "example.org"
######################################################################## ########################################################################
# # # #
# /gotosocial # # /gotosocial #
@ -23,12 +36,12 @@ gotosocial_hostname: 'social.example.org'
######################################################################## ########################################################################
``` ```
After installation, you can use `ansible-playbook -i inventory/hosts setup.yml --tags=gotosocial-add-user --extra-vars "username=<username> email=<email> password=<password>"` After installation, you can use `just run-tags gotosocial-add-user --extra-vars=username=<username> --extra-vars=password=<password> --extra-vars=email=<email>"`
to create your a user. Change `--tags=gotosocial-add-user` to `--tags=gotosocial-add-admin` to create an admin account. to create your a user. Change `--tags=gotosocial-add-user` to `--tags=gotosocial-add-admin` to create an admin account.
### Usage ### Usage
After [installing](../installing.md), you can visti at the URL specified in `firezone_hostname` and should see your instance. After [installing](../installing.md), you can visit at the URL specified in `gotosocial_hostname` and should see your instance.
Start to customize it at `social.example.org/admin`. Start to customize it at `social.example.org/admin`.
Use the [GtS CLI Tool](https://docs.gotosocial.org/en/latest/admin/cli/) to do admin & maintenance tasks. E.g. use Use the [GtS CLI Tool](https://docs.gotosocial.org/en/latest/admin/cli/) to do admin & maintenance tasks. E.g. use
@ -65,14 +78,14 @@ serverA$ rsync -av -e "ssh" data/* root@serverB:/mash/gotosocial/data/
Install (but don't start) the service and database on the server. Install (but don't start) the service and database on the server.
```bash ```bash
yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=install-all yourPC$ just run-tags install-all
yourPC$ just run-tags import-postgres --extra-vars=server_path_postgres_dump=/mash/gotosocial/latest.sql --extra-vars=postgres_default_import_database=mash-gotosocial yourPC$ just run-tags import-postgres --extra-vars=server_path_postgres_dump=/mash/gotosocial/latest.sql --extra-vars=postgres_default_import_database=mash-gotosocial
``` ```
Start the services on the new server Start the services on the new server
```bash ```bash
yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=start yourPC$ just run-tags start
``` ```
Done 🥳 Done 🥳

141
docs/services/navidrome.md Normal file
View file

@ -0,0 +1,141 @@
# Navidrome
[Navidrome](https://www.navidrome.org/) is a [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server.
## Dependencies
This service requires the following other services:
- a [Traefik](traefik.md) reverse-proxy server
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# navidrome #
# #
########################################################################
navidrome_enabled: true
navidrome_hostname: mash.example.com
navidrome_path_prefix: /navidrome
# By default, Navidrome will look at the /music directory for music files,
# controlled by the `navidrome_environment_variable_nd_musicfolder` variable.
#
# You'd need to mount some music directory into the Navidrome container, like shown below.
# The "Syncthing integration" section below may be relevant.
# navidrome_container_additional_volumes:
# - type: bind
# src: /on-host/path/to/music
# dst: /music
# options: readonly
########################################################################
# #
# /navidrome #
# #
########################################################################
```
### URL
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/navidrome`.
You can remove the `navidrome_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
### Authentication
On first use (see [Usage](#usage) below), you'll be asked to create the first administrator user.
You can create additional users from the web UI after that.
### Syncthing integration
If you've got a [Syncthing](syncthing.md) service running, you can use it to synchronize your music directory onto the server and then mount it as read-only into the Navidrome container.
We recommend that you make use of the [aux](aux.md) role to create some shared directory like this:
```yaml
########################################################################
# #
# aux #
# #
########################################################################
aux_directory_definitions:
- dest: "{{ mash_playbook_base_path }}/storage"
- dest: "{{ mash_playbook_base_path }}/storage/music"
########################################################################
# #
# /aux #
# #
########################################################################
```
You can then mount this `{{ mash_playbook_base_path }}/storage/music` directory into the Syncthing container and synchronize it with some other computer:
```yaml
########################################################################
# #
# syncthing #
# #
########################################################################
# Other Syncthing configuration..
syncthing_container_additional_volumes:
- type: bind
src: "{{ mash_playbook_base_path }}/storage/music"
dst: /music
########################################################################
# #
# /syncthing #
# #
########################################################################
```
Finally, mount the `{{ mash_playbook_base_path }}/storage/music` directory into the Navidrome container as read-only:
```yaml
########################################################################
# #
# navidrome #
# #
########################################################################
# Other Navidrome configuration..
navidrome_container_additional_volumes:
- type: bind
src: "{{ mash_playbook_base_path }}/storage/music"
dst: /music
options: readonly
########################################################################
# #
# /navidrome #
# #
########################################################################
```
## Usage
After installation, you can go to the Navidrome URL, as defined in `navidrome_hostname` and `navidrome_path_prefix`.
As mentioned in [Authentication](#authentication) above, you'll be asked to create the first administrator user the first time you open the web UI.
You can also connect various Subsonic-API-compatible [apps](https://www.navidrome.org/docs/overview/#apps) (desktop, web, mobile) to your Navidrome instance.
## Recommended other services
- [Syncthing](syncthing.md) - a continuous file synchronization program which synchronizes files between two or more computers in real time. See [Syncthing integration](#syncthing-integration)

View file

@ -17,6 +17,7 @@
| [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) |
| [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) | | [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) |
| [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) |
| [Navidrome](https://www.navidrome.org/) | [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server | [Link](services/navidrome.md)
| [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) | | [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) |
| [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) |
| [Owncast](https://owncast.online/) | Owncast is a free and open source live video and web chat server for use with existing popular broadcasting software. | [Link](services/owncast.md) | | [Owncast](https://owncast.online/) | Owncast is a free and open source live video and web chat server for use with existing popular broadcasting software. | [Link](services/owncast.md) |

View file

@ -101,6 +101,8 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else []) ([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else [])
+ +
([{'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']}] if navidrome_enabled else [])
+
([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else []) ([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else [])
+ +
([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else []) ([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else [])
@ -791,6 +793,39 @@ miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key)
########################################################################
# #
# navidrome #
# #
########################################################################
navidrome_enabled: false
navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome"
navidrome_uid: "{{ mash_playbook_uid }}"
navidrome_gid: "{{ mash_playbook_gid }}"
navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome"
navidrome_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /navidrome #
# #
########################################################################
######################################################################## ########################################################################
# # # #
# nextcloud # # nextcloud #
@ -806,14 +841,12 @@ nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas
nextcloud_uid: "{{ mash_playbook_uid }}" nextcloud_uid: "{{ mash_playbook_uid }}"
nextcloud_gid: "{{ mash_playbook_gid }}" nextcloud_gid: "{{ mash_playbook_gid }}"
nextcloud_systemd_required_systemd_services_list: | nextcloud_systemd_required_services_list_auto: |
{{ {{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
}} }}
nextcloud_container_additional_networks: | nextcloud_container_additional_networks_auto: |
{{ {{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+ +
@ -1581,7 +1614,6 @@ firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}"
firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
firezone_database_name: "{{ firezone_identifier }}"
firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}" firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}"
firezone_database_user: "{{ firezone_identifier }}" firezone_database_user: "{{ firezone_identifier }}"
@ -1628,7 +1660,6 @@ gotosocial_gid: "{{ mash_playbook_gid }}"
gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
gotosocial_database_name: "{{ gotosocial_identifier }}"
gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}"
gotosocial_database_username: "{{ gotosocial_identifier }}" gotosocial_database_username: "{{ gotosocial_identifier }}"

View file

@ -78,11 +78,14 @@
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keycloak.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keycloak.git
version: v21.0.1-1 version: v21.0.1-1
name: keycloak name: keycloak
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-navidrome.git
version: v0.49.3-1
name: navidrome
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git
version: v3.4.6-2.5.1-0 version: v3.4.6-2.5.1-0
name: netbox name: netbox
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git
version: v26.0.0-0 version: v26.0.0-1
name: nextcloud name: nextcloud
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git
version: v5.1.0-2 version: v5.1.0-2
@ -97,14 +100,14 @@
version: v1.28.0-0 version: v1.28.0-0
name: vaultwarden name: vaultwarden
- src: git+https://github.com/moan0s/hubsite.git - src: git+https://github.com/moan0s/hubsite.git
version: c5df0485b558c89a6f15966bcdf3f129fd83cfa3 version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe
name: hubsite name: hubsite
- src: git+https://github.com/moan0s/role-firezone.git - src: git+https://github.com/moan0s/role-firezone.git
version: ac8564d5e11a75107ba93aec6427b83be824c30a version: 3a2a1e4c6b484b643a847941937a80d0efd86d6c
name: firezone name: firezone
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git
name: gotosocial name: gotosocial
version: 148933d390a2a789ee4595a593d825e64d5e6f46 version: d608eb330af28b75d3e4881b2e8c09af64d078f1
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-owncast.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-owncast.git
name: owncast name: owncast
version: ff233df159fbda65b2bb637adbfaf34383ec4229 version: ff233df159fbda65b2bb637adbfaf34383ec4229

View file

@ -78,6 +78,8 @@
- role: galaxy/hubsite - role: galaxy/hubsite
- role: galaxy/navidrome
- role: galaxy/netbox - role: galaxy/netbox
- role: galaxy/nextcloud - role: galaxy/nextcloud