Restructure the repo

.gitignore

@@ -1,6 +1,5 @@
-/ansible/files/docker_persistent_data/*
-!/ansible/files/docker_persistent_data/.gitkeep
-/cloud-init/user-data
-/ansible/group_vars/fragile
-/ansible/hosts
+/files/docker_persistent_data/*
+!/files/docker_persistent_data/.gitkeep
+/group_vars/fragile
+/hosts
 .DS_Store

README.md

@@ -1,13 +1,102 @@
 # notthebee/infra
 
-This repo is a living document of me trying to configure my home server/NAS using the principles of _Infrastracture as Code_.
+An Ansible playbook that sets up an Ubuntu-based home media server/NAS with reasonable security, auto-updates, e-mail notifications for S.M.A.R.T. and Snapraid errors and dynamic DNS. 
 
-You can read more about IaC here: [https://perfectmediaserver.com/concepts/infraascode.html](https://perfectmediaserver.com/concepts/infraascode.html)
+It assumes a fresh Ubuntu Server 20.04 install, access to a non-root user with sudo privileges and a public SSH key. This can be configured during the installation process.
 
-### Special thanks
+The playbook is mostly being developed for personal use, so stuff is going to be constantly changing and breaking. Use at your own risk and don't expect any help in setting it up on your machine.
+
+## Special thanks
 * David Stephens for his [Ansible NAS](https://github.com/davestephens/ansible-nas) project. This is where I got the idea and "borrowed" a lot of concepts and implementations from.
 * Jeff Geerling for his book, [Ansible for DevOps](https://www.ansiblefordevops.com/) and his [Ansible 101 series](https://www.youtube.com/watch?v=goclfp6a2IQ&list=PL2_OBreMn7FqZkvMYt6ATmgC0KAGGJNAN) on YouTube.
 * Jonathan Hanson for his [SSH port juggling](https://gist.github.com/triplepoint/1ad6c6060c0f12112403d98180bcf0b4) implementation.
 * Alex Kretzschmar and Chris Fisher from [Self Hosted Show](https://selfhosted.show/) for introducing me to the idea of Infrastracture as Code
 * TylerAlterio for the [mergerfs](https://github.com/tyalt1/mediaserver/tree/master/roles/mergerfs) role
 * Jake Howard and Alex Kretzschmar for the [snapraid](https://github.com/RealOrangeOne/ansible-role-snapraid/commits?author=IronicBadger) role
+
+## Services included:
+#### Media
+* [Plex](https://hub.docker.com/r/linuxserver/plex) (A media server)
+* [Radarr](https://hub.docker.com/r/linuxserver/radarr) (A movie tracker/downloader)
+* [Jackett](https://hub.docker.com/r/linuxserver/jackett) (A torrent/NZB indexer)
+* [Sonarr](https://hub.docker.com/r/linuxserver/sonarr) (A TV show tracker/downloader)
+* [Arch-DelugeVPN](https://hub.docker.com/r/binhex/arch-delugevpn) (An Arch Linux container running Deluge and an Wireguard/OpenVPN client with a kill switch)
+
+#### Services
+* [Homer](https://hub.docker.com/r/b4bz/homer) (A static home page)
+* [Nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) (A self-hosted cloud platform)
+* [MariaDB](https://hub.docker.com/r/linuxserver/mariadb) (A database server for Nextcloud)
+* [Vaultwarden](https://hub.docker.com/r/vaultwarden/server) (A FOSS Bitwarden fork written in Rust)
+* [Wireguard](https://hub.docker.com/r/linuxserver/wireguard) (A VPN server)
+
+#### Misc
+* [Watchtower](https://hub.docker.com/r/containrrr/watchtower) (An automated updater for Docker images)
+* [DuckDNS](https://hub.docker.com/r/linuxserver/duckdns/) (A dynamic DNS client for DuckDNS)
+* [SWAG](https://hub.docker.com/r/linuxserver/swag) (A reverse proxy with built-in support for dynamic DNS, Certbot and fail2ban)
+
+#### Home Automation
+* [Home Assistant](https://hub.docker.com/r/homeassistant/home-assistant) (A FOSS smart home hub)
+* [Phoscon-GW](https://hub.docker.com/r/marthoc/deconz) (A Zigbee gateway)
+
+## Other features:
+* MergerFS with Snapraid
+* Samba
+* Netatalk (AFP) for Time Machine
+
+## Usage
+Install Ansible (macOS):
+```
+brew install ansible
+```
+
+Clone the repository:
+```
+git clone https://github.com/notthebee/infra
+```
+
+Copy the sample inventory and adjust the variables in `vars.yml`:
+```
+cd infra/ansible
+cp -r group_vars/sample group_vars/YOUR_HOSTNAME
+vi group_vars/YOUR_HOSTNAME/vars.yml
+```
+
+Create a Keychain item for your Ansible Vault password (on macOS):
+```
+security add-generic-password \
+               -a YOUR_USERNAME \
+               -s ansible-vault-password \
+               -w
+```
+
+The `pass.sh` script will extract the Ansible Vault password from your Keychain automatically each time Ansible requests it.
+
+Encrypt the `secret.yml` file and adjust the variables:
+```
+ansible-vault encrypt group_vars/YOUR_HOSTNAME/secret.yml
+ansible-vault edit group_vars/YOUR_HOSTNAME/secret.yml
+```
+
+Add your custom inventory file to `hosts`:
+```
+cp hosts_example hosts
+vi hosts
+```
+
+Install the dependencies:
+```
+ansible-galaxy install -r requirements.yml
+```
+
+Finally, run the playbook:
+```
+ansible-playbook run.yml -l your-host-here -K
+```
+The "-K" parameter is only necessary for the first run, since the playbook configures passwordless sudo for the main login user
+
+For consecutive runs, if you only want to update the Docker containers, you can run the playbook like this:
+```
+ansible-playbook run.yml --tags="port,containers"
+```
+
+

roles/filesystems/snapraid/README.md

@@ -0,0 +1,44 @@
+# ansible-role-snapraid
+
+An ansible role to install and configure [snapraid](https://www.snapraid.it/) and (optionally) [snapraid-runner](https://github.com/Chronial/snapraid-runner).
+
+## Features
+
+- Installation and configuration of `snapraid-runner` to aid scrubbing (optional)
+- Automated creation of `sync` and `scrub` jobs
+- [Healthchecks.io](https://healthchecks.io/) integration for cron jobs (optional)
+
+## Configuration
+
+This role has [many](./defaults/main.yml) variables which can be configured.
+
+### Example
+
+```yaml
+snapraid_install: false
+snapraid_runner: false
+
+snapraid_data_disks:
+  - path: /mnt/disk1
+    content: true
+  - path: /mnt/disk2
+    content: true
+
+snapraid_parity_disks:
+  - path: /mnt/parity1
+    content: true
+
+snapraid_content_files:
+  - /mnt/other-drive/snapraid.content
+  - /var/snapraid.content
+
+snapraid_config_excludes:
+  - "*.unrecoverable"
+  - /lost+found/
+  - "*.!sync"
+  - /tmp/
+
+snapraid_scrub_schedule:
+  hour: 5
+  weekday: 4
+```

roles/filesystems/snapraid/defaults/main.yml

@@ -0,0 +1,53 @@
+---
+
+snapraid_install: true
+snapraid_runner: true
+
+snapraid_apt_package_name: snapraid
+snapraid_bin_path: /usr/local/bin/snapraid
+snapraid_force_install: false
+
+snapraid_runner_healthcheck_io_uuid: ""
+snapraid_healthcheck_io_host: https://hc-ping.com
+
+snapraid_runner_email_address: ""
+snapraid_runner_gmail_pass: ""
+snapraid_runner_email_address_from: "{{ snapraid_runner_email_address }}"
+snapraid_runner_email_address_to: "{{ snapraid_runner_email_address }}"
+snapraid_runner_email_sendon: "error"
+
+snapraid_runner_smtp_host: smtp.gmail.com
+snapraid_runner_smtp_port: 465
+snapraid_runner_use_ssl: true
+
+snapraid_content_files:
+  - /var/snapraid.content
+
+snapraid_config_excludes: []
+snapraid_config_hidden_files_enabled: false
+snapraid_config_hidden_files: nohidden
+snapraid_config_path: /etc/snapraid.conf
+
+snapraid_runner_path: /opt/snapraid-runner/snapraid-runner
+snapraid_runner_conf: "{{ snapraid_runner_path }}.conf"
+snapraid_runner_bin: "{{ snapraid_runner_path }}.py"
+snapraid_runner_command: "python3 {{ snapraid_runner_bin }} -c {{ snapraid_runner_conf }} {% if snapraid_runner_healthcheck_io_uuid %}| curl -fsS -m 10 --retry 5 -o /dev/null --data-binary '@-' {{ snapraid_healthcheck_io_host }}/{{ snapraid_runner_healthcheck_io_uuid }} > /dev/null{% endif %}"
+snapraid_runner_scrub: true
+snapraid_runner_scrub_percent: 22
+snapraid_runner_scrub_age: 8
+snapraid_runner_touch: true
+snapraid_runner_delete_threshold: 250
+
+snapraid_runner_cron_jobs:
+  - { job: '{{ snapraid_runner_command }}', name: 'snapraid_runner', weekday: '*', hour: '01' }
+
+snapraid_sync_schedule:
+  minute: 0
+  hour: 0
+snapraid_sync_healthcheck_io_uuid: ""
+
+snapraid_scrub_schedule:
+  minute: 0
+  hour: 0
+  weekday: 0
+snapraid_scrub_healthcheck_io_uuid: ""

roles/filesystems/snapraid/meta/main.yml

@@ -0,0 +1,27 @@
+---
+galaxy_info:
+  author: Alex Kretzschmar
+  description: Installs SnapRAID and configures automatic parity runs
+  issue_tracker_url: https://github.com/ironicbadger/ansible-role-snapraid/issues
+  license: GPLv2
+  min_ansible_version: 2.4
+  platforms:
+  - name: EL
+    versions:
+    - 6
+    - 7
+  - name: Fedora
+    versions:
+    - all
+  - name: Debian
+    versions:
+    - jessie
+  - name: Ubuntu
+    versions:
+    - trusty
+    - xenial
+    - bionic
+  categories:
+  - system
+  - web
+dependencies: []

roles/filesystems/snapraid/tasks/configure.yml

@@ -0,0 +1,24 @@
+---
+
+- name: check valid configuration
+  block:
+    - fail:
+        msg: No data disks defined
+      when: disks | length == 0
+    - fail:
+        msg: No parity disks defined
+      when: parity_disks | length == 0
+    - fail:
+        msg: No content files defined
+      when:
+        - snapraid_content_files | length == 0
+        - snapraid_data_disks | selectattr('content') | length == 0
+        - snapraid_parity_disks | selectattr('content') | length == 0
+
+- name: install snapraid config file
+  template:
+    src: snapraid.conf.j2
+    dest: /etc/snapraid.conf
+    owner: root
+    group: root
+    mode: 0775