From 76285164d121bab19ff843cacb43011bd62fe39d Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Tue, 21 Feb 2023 00:06:29 +0100 Subject: [PATCH] Add music service --- inventory/group_vars/asgard/vars.yml | 3 ++ inventory/host_vars/baldur/vars.yml | 4 +- inventory/host_vars/yggdrasil/vars.yml | 3 ++ main.yml | 6 ++- .../services/deploy/include/vars/versions.yml | 2 + .../deploy/music/meta/argument_specs.yml | 37 +++++++++++++ .../services/deploy/music/tasks/main.yml | 54 +++++++++++++++++++ .../container-music-navidrome.service.j2 | 38 +++++++++++++ .../templates/systemd/pod-music.service.j2 | 24 +++++++++ .../music.wojciechkozlowski.eu.conf | 35 ++++++++++++ .../services/deploy/rproxy/vars/nginx.yml | 1 + .../roles/services/include/vars/volumes.yml | 2 + 12 files changed, 206 insertions(+), 3 deletions(-) create mode 100644 playbooks/roles/services/deploy/music/meta/argument_specs.yml create mode 100644 playbooks/roles/services/deploy/music/tasks/main.yml create mode 100644 playbooks/roles/services/deploy/music/templates/systemd/container-music-navidrome.service.j2 create mode 100644 playbooks/roles/services/deploy/music/templates/systemd/pod-music.service.j2 create mode 100644 playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/music.wojciechkozlowski.eu.conf diff --git a/inventory/group_vars/asgard/vars.yml b/inventory/group_vars/asgard/vars.yml index 04798af..a7f5074 100644 --- a/inventory/group_vars/asgard/vars.yml +++ b/inventory/group_vars/asgard/vars.yml @@ -86,6 +86,9 @@ services: smtp_host: "{{ vault_services.notes.smtp_host }}" smtp_name: "{{ vault_services.notes.smtp_name }}" smtp_password: "{{ vault_services.notes.smtp_password }}" + music: + domain: "{{ vault_services.music.domain }}" + password_encryption_key: "{{ vault_services.music.password_encryption_key }}" # -------------------------------------------------------------------------------------------------- # services:user_setup diff --git a/inventory/host_vars/baldur/vars.yml b/inventory/host_vars/baldur/vars.yml index f7d4431..eed4986 100644 --- a/inventory/host_vars/baldur/vars.yml +++ b/inventory/host_vars/baldur/vars.yml @@ -28,5 +28,7 @@ services_host_services: tcp: ["{{ services.git.ssh_port }}"] notes: address: "{{ vpn_bridge_prefix }}.6" - www: + music: address: "{{ vpn_bridge_prefix }}.7" + www: + address: "{{ vpn_bridge_prefix }}.8" diff --git a/inventory/host_vars/yggdrasil/vars.yml b/inventory/host_vars/yggdrasil/vars.yml index cd3e41f..59bd4e3 100644 --- a/inventory/host_vars/yggdrasil/vars.yml +++ b/inventory/host_vars/yggdrasil/vars.yml @@ -136,6 +136,9 @@ services_host_services: tcp: ["{{ services.git.ssh_port }}"] notes: address: "{{ vpn_bridge_prefix }}.6" + music: + address: "{{ vpn_bridge_prefix }}.7" + music_path: "{{ music_user_data_directory }}/flac" # -------------------------------------------------------------------------------------------------- # services:backups diff --git a/main.yml b/main.yml index 1feb8f1..b782590 100644 --- a/main.yml +++ b/main.yml @@ -6,9 +6,11 @@ - ansible.builtin.import_playbook: "playbooks/system.yml" tags: "system" -- ansible.builtin.import_playbook: "playbooks/vpn.yml" - tags: "vpn" - ansible.builtin.import_playbook: "playbooks/backups.yml" tags: "backups" +- ansible.builtin.import_playbook: "playbooks/music.yml" + tags: "music" +- ansible.builtin.import_playbook: "playbooks/vpn.yml" + tags: "vpn" - ansible.builtin.import_playbook: "playbooks/services.yml" tags: "services" diff --git a/playbooks/roles/services/deploy/include/vars/versions.yml b/playbooks/roles/services/deploy/include/vars/versions.yml index cf8f450..ad5fcdd 100644 --- a/playbooks/roles/services/deploy/include/vars/versions.yml +++ b/playbooks/roles/services/deploy/include/vars/versions.yml @@ -15,3 +15,5 @@ services_deploy_versions: gitea: "1" notes: joplin: "2.10-beta" + music: + navidrome: "latest" diff --git a/playbooks/roles/services/deploy/music/meta/argument_specs.yml b/playbooks/roles/services/deploy/music/meta/argument_specs.yml new file mode 100644 index 0000000..33c5d6b --- /dev/null +++ b/playbooks/roles/services/deploy/music/meta/argument_specs.yml @@ -0,0 +1,37 @@ +--- +argument_specs: + main: + options: + ansible_hostname: + type: "str" + required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true + services_service_name: + type: "str" + required: true + services_all_services: + database: + address: + type: "str" + required: true + services: + music: + domain: + type: "str" + required: true + services_host_services: + music: + music_path: + type: "str" + required: true diff --git a/playbooks/roles/services/deploy/music/tasks/main.yml b/playbooks/roles/services/deploy/music/tasks/main.yml new file mode 100644 index 0000000..e3bf1f3 --- /dev/null +++ b/playbooks/roles/services/deploy/music/tasks/main.yml @@ -0,0 +1,54 @@ +--- +- name: "set the user variables" + ansible.builtin.import_role: + name: "services/include" + vars_from: "user" + +- name: "set the version variables" + ansible.builtin.import_role: + name: "services/deploy/include" + vars_from: "versions" + +- block: + + - name: "configure systemd service" + ansible.builtin.template: + src: "./systemd/{{ item }}.j2" + dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" + mode: 0600 + loop: + - "pod-music.service" + - "container-music-navidrome.service" + register: services_deploy_music_systemd_files + + - name: "systemd user daemon reload" + ansible.builtin.systemd: + daemon_reload: true + scope: "user" + when: + services_deploy_music_systemd_files.changed + + - name: "get uid" + ansible.builtin.getent: + database: "passwd" + key: "{{ services_service_user_name }}" + + - name: "get service status" + ansible.builtin.command: >- + systemctl --user show --property ActiveState --value + {{ services_service_user_name }}.service + environment: + XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" + changed_when: false + register: services_deploy_music_service_active_state + + - name: "restart the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: "restarted" + scope: "user" + when: + services_deploy_music_systemd_files.changed and + services_deploy_music_service_active_state.stdout == "active" + + become_user: "{{ services_service_user_name }}" diff --git a/playbooks/roles/services/deploy/music/templates/systemd/container-music-navidrome.service.j2 b/playbooks/roles/services/deploy/music/templates/systemd/container-music-navidrome.service.j2 new file mode 100644 index 0000000..e5dbff9 --- /dev/null +++ b/playbooks/roles/services/deploy/music/templates/systemd/container-music-navidrome.service.j2 @@ -0,0 +1,38 @@ +[Unit] +Description=Podman container-music-navidrome.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +BindsTo=pod-music.service +After=pod-music.service +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/container-music-navidrome.pid %t/container-music-navidrome.ctr-id +ExecStart=/usr/bin/podman run \ + --conmon-pidfile %t/container-music-navidrome.pid \ + --cidfile %t/container-music-navidrome.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-music.pod-id \ + --replace \ + --label "io.containers.autoupdate=image" \ + -dt \ + -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_data_directory }}/pod-music/data/_data:/data \ + -v {{ services_host_services[services_service_name].music_path }}:/music:ro \ + -e ND_PORT="80" \ + -e ND_ENABLESTARRATING="false" \ + -e ND_LASTFM_ENABLED="false" \ + -e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }} \ + --name=pod-music-navidrome \ + docker.io/deluan/navidrome:{{ services_deploy_versions.music.navidrome }} +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-music-navidrome.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-music-navidrome.ctr-id +PIDFile=%t/container-music-navidrome.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/music/templates/systemd/pod-music.service.j2 b/playbooks/roles/services/deploy/music/templates/systemd/pod-music.service.j2 new file mode 100644 index 0000000..1134246 --- /dev/null +++ b/playbooks/roles/services/deploy/music/templates/systemd/pod-music.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Podman pod-music.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +Requires=container-music-navidrome.service +Before=container-music-navidrome.service +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/pod-music.pid %t/pod-music.pod-id +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-music.pid --pod-id-file %t/pod-music.pod-id --name=music --network=none --replace +ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-music.pod-id +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" music) > {{ services_containers_directory }}/pod-music/pidfile' +ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-music.pod-id -t 10 +ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-music.pod-id +PIDFile=%t/pod-music.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/music.wojciechkozlowski.eu.conf b/playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/music.wojciechkozlowski.eu.conf new file mode 100644 index 0000000..79cf6f9 --- /dev/null +++ b/playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/music.wojciechkozlowski.eu.conf @@ -0,0 +1,35 @@ +server { + listen 80; + server_name music.wojciechkozlowski.eu; + + location ^~ /.well-known { + allow all; + root /var/www/html; + } + + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name music.wojciechkozlowski.eu; + + ssl_certificate /etc/letsencrypt/live/music.wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/music.wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/music.wojciechkozlowski.eu/chain.pem; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://pod-music; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} diff --git a/playbooks/roles/services/deploy/rproxy/vars/nginx.yml b/playbooks/roles/services/deploy/rproxy/vars/nginx.yml index 50e996f..e7892b8 100644 --- a/playbooks/roles/services/deploy/rproxy/vars/nginx.yml +++ b/playbooks/roles/services/deploy/rproxy/vars/nginx.yml @@ -9,5 +9,6 @@ services_rproxy_nginx_conf_d_files: - "nginx.conf" - "nginx-conf.d/cloud.wojciechkozlowski.eu.conf" - "nginx-conf.d/git.wojciechkozlowski.eu.conf" + - "nginx-conf.d/music.wojciechkozlowski.eu.conf" - "nginx-conf.d/notes.wojciechkozlowski.eu.conf" - "nginx-conf.d/wojciechkozlowski.eu.conf" diff --git a/playbooks/roles/services/include/vars/volumes.yml b/playbooks/roles/services/include/vars/volumes.yml index 66359d2..d8cdf69 100644 --- a/playbooks/roles/services/include/vars/volumes.yml +++ b/playbooks/roles/services/include/vars/volumes.yml @@ -20,3 +20,5 @@ services_volumes: data: notes: data: + music: + data: