Add music service

inventory/group_vars/asgard/vars.yml

@@ -86,6 +86,9 @@ services:
     smtp_host: "{{ vault_services.notes.smtp_host }}"
     smtp_name: "{{ vault_services.notes.smtp_name }}"
     smtp_password: "{{ vault_services.notes.smtp_password }}"
+  music:
+    domain: "{{ vault_services.music.domain }}"
+    password_encryption_key: "{{ vault_services.music.password_encryption_key }}"
 
 # --------------------------------------------------------------------------------------------------
 # services:user_setup

inventory/host_vars/baldur/vars.yml

@@ -28,5 +28,7 @@ services_host_services:
     tcp: ["{{ services.git.ssh_port }}"]
   notes:
     address: "{{ vpn_bridge_prefix }}.6"
-  www:
+  music:
     address: "{{ vpn_bridge_prefix }}.7"
+  www:
+    address: "{{ vpn_bridge_prefix }}.8"

inventory/host_vars/yggdrasil/vars.yml

@@ -136,6 +136,9 @@ services_host_services:
     tcp: ["{{ services.git.ssh_port }}"]
   notes:
     address: "{{ vpn_bridge_prefix }}.6"
+  music:
+    address: "{{ vpn_bridge_prefix }}.7"
+    music_path: "{{ music_user_data_directory }}/flac"
 
 # --------------------------------------------------------------------------------------------------
 # services:backups

main.yml

@@ -6,9 +6,11 @@
 
 - ansible.builtin.import_playbook: "playbooks/system.yml"
   tags: "system"
-- ansible.builtin.import_playbook: "playbooks/vpn.yml"
-  tags: "vpn"
 - ansible.builtin.import_playbook: "playbooks/backups.yml"
   tags: "backups"
+- ansible.builtin.import_playbook: "playbooks/music.yml"
+  tags: "music"
+- ansible.builtin.import_playbook: "playbooks/vpn.yml"
+  tags: "vpn"
 - ansible.builtin.import_playbook: "playbooks/services.yml"
   tags: "services"

playbooks/roles/services/deploy/include/vars/versions.yml

@@ -15,3 +15,5 @@ services_deploy_versions:
     gitea: "1"
   notes:
     joplin: "2.10-beta"
+  music:
+    navidrome: "latest"

playbooks/roles/services/deploy/music/meta/argument_specs.yml

@@ -0,0 +1,37 @@
+---
+argument_specs:
+  main:
+    options:
+      ansible_hostname:
+        type: "str"
+        required: true
+      services_root_directory:
+        type: "str"
+        required: true
+      services_home_directory:
+        type: "str"
+        required: true
+      services_data_directory:
+        type: "str"
+        required: true
+      services_containers_directory:
+        type: "str"
+        required: true
+      services_service_name:
+        type: "str"
+        required: true
+      services_all_services:
+        database:
+          address:
+            type: "str"
+            required: true
+      services:
+        music:
+          domain:
+            type: "str"
+            required: true
+      services_host_services:
+        music:
+          music_path:
+            type: "str"
+            required: true

playbooks/roles/services/deploy/music/tasks/main.yml

@@ -0,0 +1,54 @@
+---
+- name: "set the user variables"
+  ansible.builtin.import_role:
+    name: "services/include"
+    vars_from: "user"
+
+- name: "set the version variables"
+  ansible.builtin.import_role:
+    name: "services/deploy/include"
+    vars_from: "versions"
+
+- block:
+
+    - name: "configure systemd service"
+      ansible.builtin.template:
+        src: "./systemd/{{ item }}.j2"
+        dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
+        mode: 0600
+      loop:
+        - "pod-music.service"
+        - "container-music-navidrome.service"
+      register: services_deploy_music_systemd_files
+
+    - name: "systemd user daemon reload"
+      ansible.builtin.systemd:
+        daemon_reload: true
+        scope: "user"
+      when:
+        services_deploy_music_systemd_files.changed
+
+    - name: "get uid"
+      ansible.builtin.getent:
+        database: "passwd"
+        key: "{{ services_service_user_name }}"
+
+    - name: "get service status"
+      ansible.builtin.command: >-
+        systemctl --user show --property ActiveState --value
+        {{ services_service_user_name }}.service
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
+      changed_when: false
+      register: services_deploy_music_service_active_state
+
+    - name: "restart the service"
+      ansible.builtin.systemd:
+        name: "pod-{{ services_service_name }}.service"
+        state: "restarted"
+        scope: "user"
+      when:
+        services_deploy_music_systemd_files.changed and
+        services_deploy_music_service_active_state.stdout == "active"
+
+  become_user: "{{ services_service_user_name }}"

playbooks/roles/services/deploy/music/templates/systemd/container-music-navidrome.service.j2

@@ -0,0 +1,38 @@
+[Unit]
+Description=Podman container-music-navidrome.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+BindsTo=pod-music.service
+After=pod-music.service
+OnFailure=status-mail@%n.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/container-music-navidrome.pid %t/container-music-navidrome.ctr-id
+ExecStart=/usr/bin/podman run \
+                          --conmon-pidfile %t/container-music-navidrome.pid \
+                          --cidfile %t/container-music-navidrome.ctr-id \
+                          --cgroups=no-conmon \
+                          --pod-id-file %t/pod-music.pod-id \
+                          --replace \
+                          --label "io.containers.autoupdate=image" \
+                          -dt \
+                          -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
+                          -v {{ services_data_directory }}/pod-music/data/_data:/data \
+                          -v {{ services_host_services[services_service_name].music_path }}:/music:ro \
+                          -e ND_PORT="80" \
+                          -e ND_ENABLESTARRATING="false" \
+                          -e ND_LASTFM_ENABLED="false" \
+                          -e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }} \
+                          --name=pod-music-navidrome \
+                          docker.io/deluan/navidrome:{{ services_deploy_versions.music.navidrome }}
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-music-navidrome.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-music-navidrome.ctr-id
+PIDFile=%t/container-music-navidrome.pid
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target

playbooks/roles/services/deploy/music/templates/systemd/pod-music.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Podman pod-music.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+Requires=container-music-navidrome.service
+Before=container-music-navidrome.service
+OnFailure=status-mail@%n.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-music.pid %t/pod-music.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-music.pid --pod-id-file %t/pod-music.pod-id --name=music --network=none --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-music.pod-id
+ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" music) > {{ services_containers_directory }}/pod-music/pidfile'
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-music.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-music.pod-id
+PIDFile=%t/pod-music.pid
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target

playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/music.wojciechkozlowski.eu.conf

@@ -0,0 +1,35 @@
+server {
+    listen 80;
+    server_name music.wojciechkozlowski.eu;
+
+    location ^~ /.well-known {
+        allow all;
+        root /var/www/html;
+    }
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name music.wojciechkozlowski.eu;
+
+    ssl_certificate         /etc/letsencrypt/live/music.wojciechkozlowski.eu/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/music.wojciechkozlowski.eu/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/music.wojciechkozlowski.eu/chain.pem;
+
+    location / {
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        proxy_pass http://pod-music;
+    }
+
+    error_page 500 502 503 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+
+}

playbooks/roles/services/deploy/rproxy/vars/nginx.yml

@@ -9,5 +9,6 @@ services_rproxy_nginx_conf_d_files:
   - "nginx.conf"
   - "nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
   - "nginx-conf.d/git.wojciechkozlowski.eu.conf"
+  - "nginx-conf.d/music.wojciechkozlowski.eu.conf"
   - "nginx-conf.d/notes.wojciechkozlowski.eu.conf"
   - "nginx-conf.d/wojciechkozlowski.eu.conf"

playbooks/roles/services/include/vars/volumes.yml

@@ -20,3 +20,5 @@ services_volumes:
     data:
   notes:
     data:
+  music:
+    data: