m/natelandau_ansible-homelab-config
1
0
Fork 0
mirror of https://github.com/natelandau/ansible-homelab-config.git synced 2025-11-18 09:53:41 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: m:846fb2bc31540e27cd337dea430b5b1230cd429f
Branches Tags
m:main m:pre-commit-ci-update-config
m:v0.2.0
..
compare: m:pre-commit-ci-update-config
Branches Tags
m:pre-commit-ci-update-config m:main
m:v0.2.0

15 Commits
846fb2bc31 ... pre-commit

Author SHA1 Message Date
pre-commit-ci[bot]
b0dca5c982 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/commitizen-tools/commitizen: v3.18.4 → v4.1.0](https://github.com/commitizen-tools/commitizen/compare/v3.18.4...v4.1.0)
- [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v5.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.5.0...v5.0.0)
- [github.com/crate-ci/typos: v1.19.0 → dictgen-v0.3.1](https://github.com/crate-ci/typos/compare/v1.19.0...dictgen-v0.3.1)
- [github.com/ansible/ansible-lint: v24.2.1 → v24.12.2](https://github.com/ansible/ansible-lint/compare/v24.2.1...v24.12.2)
 2025-01-06 22:20:51 +00:00
Nathaniel Landau
d9dfbb5152 fix: remove homebrew casks 2024-03-18 16:05:17 -04:00
Nathaniel Landau
6e8b39aef9 fix: favor sudoers.d over lines in /etc/sudoers 2024-03-18 16:03:44 -04:00
Nathaniel Landau
8734731355 fix: nomad handler runs correctly 2024-03-18 16:02:57 -04:00
Nathaniel Landau
9a47eb1f06 build: update dependencies 2024-03-15 21:25:01 -04:00
Nathaniel Landau
b40521919a build: update dependencies 2024-03-14 11:42:38 -04:00
Nathaniel Landau
855ff49ef1 feat: add speedtest-tracker to nomad services 2024-02-11 16:49:19 -05:00
Nathaniel Landau
12d1467369 feat: add hishtory-server to nomad services 2024-02-11 16:48:51 -05:00
Nathaniel Landau
55dea40077 fix(recyclarr): rules for sonarr v4 2024-02-09 16:26:50 -05:00
Nathaniel Landau
feb1fbedf4 fix: update job files 2024-01-09 08:53:40 -05:00
Nathaniel Landau
6b00bf557c feat: purge dangling Docker containers on job sync 2024-01-09 08:51:58 -05:00
Nathaniel Landau
ea9678eba6 build(vscode): use Ansible extension 2023-12-29 10:19:57 -05:00
Nathaniel Landau
1714dff877 feat: add gitea 2023-12-28 15:47:10 -05:00
Nathaniel Landau
7bde47d43a fix: cleanup jobs 2023-12-24 12:35:50 -05:00
Nathaniel Landau
394b34a5d1 fix: update jobs 2023-12-23 14:11:48 -05:00
40 changed files with 2440 additions and 1658 deletions
Expand all files Collapse all files

32
.ansible-lint.yml
View File

@@ -12,21 +12,21 @@ exclude_paths:
- vault.yml
- .venv/
- ansible_collections/
skip_list:
- name[template]
- ignore-errors
- meta-incorrect
- meta-no-info
- package-latest
- role-name
- unnamed-task
- var-naming
- latest[git]
- yaml[indentation]
# - name[template]
# - ignore-errors
# - meta-incorrect
# - meta-no-info
# - package-latest
# - role-name
# - unnamed-task
# - var-naming
# - latest[git]
warn_list:
- experimental
- risky-file-permissions
- command-instead-of-module
- no-changed-when
- command-instead-of-shell
# warn_list:
# - experimental
# - risky-file-permissions
# - command-instead-of-module
# - no-changed-when
# - command-instead-of-shell

25
.pre-commit-config.yaml
View File

@@ -1,12 +1,12 @@
---
repos:
- repo: "https://github.com/commitizen-tools/commitizen"
rev: v3.13.0
rev: v4.1.0
hooks:
- id: "commitizen"
- repo: "https://github.com/pre-commit/pre-commit-hooks"
rev: v4.5.0
rev: v5.0.0
hooks:
- id: check-added-large-files
- id: check-ast
@@ -31,7 +31,7 @@ repos:
args: [--markdown-linebreak-ext=md]
- repo: "https://github.com/adrienverge/yamllint.git"
rev: v1.33.0
rev: v1.35.1
hooks:
- id: yamllint
files: \.(yaml|yml)$
@@ -44,10 +44,20 @@ repos:
entry: yamllint --strict --config-file .yamllint.yml
- repo: "https://github.com/crate-ci/typos"
rev: v1.16.24
rev: dictgen-v0.3.1
hooks:
- id: typos
- repo: "https://github.com/ansible/ansible-lint"
rev: v24.12.2
hooks:
- id: ansible-lint
additional_dependencies:
- ansible
args:
- --config-file
- .ansible-lint.yml
- repo: local
hooks:
- id: vault-pre-commit
@@ -64,13 +74,6 @@ repos:
pass_filenames: true
types: [text]
- id: ansible-lint
name: running ansible-lint
language: system
files: \.(yaml|yml)$
pass_filenames: false
entry: ansible-lint --force-color --config-file .ansible-lint.yml
- id: "lint-shellscript-templates"
name: lint shellscript templates
language: system

3
.typos.toml
View File

@@ -2,7 +2,8 @@
default.locale = "en_us"
[default.extend-words]
Hashi = "Hashi" # Hashicorpt
Hashi = "Hashi" # Hashicorpt
hishtory = "hishtory" # Used for the hishtory package
[files]
extend-exclude = ["galaxy-roles/"]

11
.vscode/settings.json vendored
View File

@@ -1,5 +1,10 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/ansible-community/schemas/main/f/ansible.json#/$defs/playbook": "file:///Users/natelandau/repos/ansible-homelab-config/main.yml"
}
"files.associations": {
"**/tasks/*.yml": "ansible",
"**/handlers/*.yml": "ansible",
"main.yml": "ansible",
"inventory.yml": "ansible",
"default_variables.yml": "ansible",
"vault.yml": "ansible"
}
}

3
README.md
View File

@@ -41,14 +41,13 @@ This playbook adds storage, services, applications, and configurations to a prev
- Custom shell scripts for backups and house keeping
* **Syncs Nomad and Docker Compose job files** to servers:
- [ASN-to-IP](https://hub.docker.com/r/ddimick/asn-to-ip) - Used by Opnsense to build firewall aliases
- [Authelia](https://www.authelia.com/) - Open-source full-featured authentication server
- [Changedetection.io](https://github.com/dgtlmoon/changedetection.io) - Website change detection monitoring and notification service
- [Diun](https://crazymax.dev/diun/) - Docker Image Update Notifier is a CLI application
- [FreshRSS](https://freshrss.org/) - A containerized RSS reader
- [Gitea](https://about.gitea.com/) - Slef-hodted Git service
- [Grafana](https://grafana.com/) - Operational dashboards
- [Grafana Loki](https://grafana.com/oss/loki/) - Log aggregation system
- [Headless Trunk](https://github.com/alpeware/chrome-headless-trunk) - Headless Chromium
- [iCloud Drive Docker](https://github.com/mandarons/icloud-drive-docker) - Backup files and photos from Apple iCloud
- [InfluxDB](https://www.influxdata.com/) - Time series database
- [Lidarr](https://lidarr.audio/) - Music collection manager

2
ansible.cfg
View File

@@ -1,7 +1,7 @@
[defaults]
nocows = True
roles_path = ./galaxy-roles:./roles
collections_paths = ./
collections_path = ./
inventory = ./inventory.yml
stdout_callback = yaml
any_errors_fatal = True

108
default_variables.yml
View File

@@ -1,20 +1,22 @@
# yamllint disable rule:indentation
---
# ---------------------------------- SOFTWARE VERSIONS
authelia_version: 4.37.5
backup_mongodb_version: 1.1.0
consul_version: 1.16.1
gitea_version: 1.21.6
influxdb_version: 1.11.1
nomad_version: 1.7.1
nomad_version: 1.7.6
prometheus_verssion: 2.46.0
recyclarr_version: 5.3.1
recyclarr_version: 6.0.2
speedtest_cli_version: 1.2.0
tdarr_installer_version: 2.00.13
telegraf_version: 1.28.4
traefik_version: "v2.10.7"
valentina_version: 2.1.0
backup_mongodb_version: "v1.0.0"
telegraf_version: 1.29.5
traefik_version: 2.10.7
valentina_version: 2.2.1
sabnzbd_version: 4.2.2
# ---------------------------------- SERVICE STATIC PORT MAPPINGS
authelia_port: "9091"
influxdb_port: "8086"
tdarr_node_port: "8267"
tdarr_server_port: "8266"
@@ -23,6 +25,7 @@ tdarr_webui_port: "8265"
# ---------------------------------- DIRECTORIES FOR SERVICE LOCAL STORAGE
# These folders must be created, even if empty, to allow mounting nomad local storage end-points
service_localfs_dirs:
- gitea
- influxdb
- lidarr
- prowlarr
@@ -35,12 +38,27 @@ rpi_usb_drive_mount_point: /mnt/usbDrive
rpi_localfs_service_storage: "{{ rpi_usb_drive_mount_point }}/docker"
rpi_nfs_mount_point: /mnt
rpi_nfs_mounts_list:
- { local: "{{ rpi_nfs_mount_point }}/pi-cluster", src: "10.0.30.6:/volume1/pi-cluster" }
- { local: "{{ rpi_nfs_mount_point }}/syncthing", src: "10.0.30.6:/volume1/syncthing" }
- { local: "{{ rpi_nfs_mount_point }}/media", src: "10.0.30.6:/volume1/media" }
- { local: "{{ rpi_nfs_mount_point }}/nate", src: "10.0.30.6:/volume1/nate" }
- {
local: "{{ rpi_nfs_mount_point }}/pi-cluster",
src: "10.0.30.6:/volume1/pi-cluster",
}
- {
local: "{{ rpi_nfs_mount_point }}/syncthing",
src: "10.0.30.6:/volume1/syncthing",
}
- {
local: "{{ rpi_nfs_mount_point }}/media",
src: "10.0.30.6:/volume1/media",
}
- {
local: "{{ rpi_nfs_mount_point }}/nate",
src: "10.0.30.6:/volume1/nate",
}
rpi_nfs_mounts_remove:
- { local: "{{ rpi_nfs_mount_point }}/downloads", src: "10.0.30.6:/volume1/downloads" }
- {
local: "{{ rpi_nfs_mount_point }}/downloads",
src: "10.0.30.6:/volume1/downloads",
}
# mac_autofs_type is one of 'smb,nfs,afp'
mac_autofs_type: smb
@@ -48,18 +66,36 @@ mac_localfs_service_storage: "/Users/{{ ansible_user }}/Library/docker"
mac_storage_mount_point: /System/Volumes/Data/mnt
mac_keep_alive_file: "{{ mac_storage_mount_point }}/pi-cluster/keepalive.txt"
mac_nfs_mounts_list:
- { local: "{{ mac_storage_mount_point }}/pi-cluster", src: "10.0.0.6:/volume1/pi-cluster" }
- { local: "{{ mac_storage_mount_point }}/syncthing", src: "10.0.0.6:/volume1/syncthing" }
- { local: "{{ mac_storage_mount_point }}/media", src: "10.0.0.6:/volume1/media" }
- { local: "{{ mac_storage_mount_point }}/nate", src: "10.0.0.6:/volume1/nate" }
- {
local: "{{ mac_storage_mount_point }}/pi-cluster",
src: "10.0.0.6:/volume1/pi-cluster",
}
- {
local: "{{ mac_storage_mount_point }}/syncthing",
src: "10.0.0.6:/volume1/syncthing",
}
- {
local: "{{ mac_storage_mount_point }}/media",
src: "10.0.0.6:/volume1/media",
}
- {
local: "{{ mac_storage_mount_point }}/nate",
src: "10.0.0.6:/volume1/nate",
}
# Add mounts to remove from auto_nfs to the dict below if needed
mac_nfs_mounts_remove:
# - { local: "{{ mac_storage_mount_point }}/pi-cluster", src: "10.0.0.6:/volume1/pi-cluster" }
mac_afp_or_smb_mounts_list:
- { local: "{{ mac_storage_mount_point }}/pi-cluster", src: "10.0.0.6:/pi-cluster" }
- { local: "{{ mac_storage_mount_point }}/syncthing", src: "10.0.0.6:/syncthing" }
- {
local: "{{ mac_storage_mount_point }}/pi-cluster",
src: "10.0.0.6:/pi-cluster",
}
- {
local: "{{ mac_storage_mount_point }}/syncthing",
src: "10.0.0.6:/syncthing",
}
- { local: "{{ mac_storage_mount_point }}/media", src: "10.0.0.6:/media" }
- { local: "{{ mac_storage_mount_point }}/nate", src: "10.0.0.6:/nate" }
@@ -84,48 +120,26 @@ mac_tdarr_file_location: "/Users/{{ ansible_user }}/Library/tdarr"
# ---------------------------------- PACKAGES
apt_packages_list:
- bc
- coreutils
- curl
- dnsutils
- exa
- fzf
- git
- git-extras
- htop
- iftop
- iotop
- iperf
- jq
- less
- lnav
- logrotate
- lsof
- nano
- netcat
- net-tools
- nmap
- openssh-server
- p7zip-full
- python3-pip
- rsync
- shellcheck
- unzip
- wget
- yamllint
- zsh
- tailscale
homebrew_package_list:
- ansible
- ansible-lint
- bash
- bash-completion
- bashdb
- bat
- bats-core
- coreutils
- diff-so-fancy
- exa
- ffmpeg
- findutils
- fping
@@ -139,17 +153,12 @@ homebrew_package_list:
- gnutls
- gpg
- grep
- handbrake
- htop
- httpie
- iperf
- jq
- nano
- ncurses
- nmap
- openssl
- pandoc
- prettier
- readline
- shellcheck
- shfmt
@@ -157,11 +166,4 @@ homebrew_package_list:
- sqlite
- ssh-copy-id
- tealdeer
- tree
- wget
- yamllint
- zsh
homebrew_cask_install_dir: /Applications
homebrew_casks_list:
- lingon-x

10
handlers/main.yml
View File

@@ -53,13 +53,13 @@
- name: Restart nomad (Debian)
become: true
ansible.builtin.systemd:
ansible.builtin.systemd_service:
name: nomad
enabled: true
state: restarted
register: nomad_service
failed_when: nomad_service.rc > 0
changed_when: nomad_service.rc == 0
# failed_when: nomad_service.Result != "success"
# changed_when: nomad_service.Result == "success"
when:
- ansible_os_family == 'Debian'
- "'nostart' not in ansible_run_tags"
@@ -90,9 +90,11 @@
- name: "Ensure nomad is really running"
ansible.builtin.shell:
cmd: "set -o pipefail && sleep 10 && /usr/local/bin/nomad node status -self -short | grep {{ inventory_hostname }}"
args:
executable: /bin/bash
register: node_status_response
failed_when: node_status_response.rc > 0
changed_when: node_status_response.rc == 0
changed_when: false
when: "'nostart' not in ansible_run_tags"
listen: "restart nomad"
# - name: "Ensure sure Nomad service is really running"

2
inventory.yml
View File

@@ -106,7 +106,7 @@ all:
ansible_user: "{{ my_username }}"
ansible_become_pass: "{{ mac_become_pass }}"
ansible_ssh_private_key_file: "{{ ssh_key_location }}/macMini"
ansible_python_interpreter: "/usr/local/bin/python3"
ansible_python_interpreter: "/Users/natelandau/.pyenv/shims/python"
ansible_port: 22
mac_intel: true
is_nomad_client: true

3
main.yml
View File

@@ -76,4 +76,5 @@
when: is_tdarr_server or is_tdarr_node
handlers:
- ansible.builtin.import_tasks: handlers/main.yml
- name: "Run handlers"
ansible.builtin.import_tasks: handlers/main.yml

909
poetry.lock generated
View File

File diff suppressed because it is too large Load Diff

26
pyproject.toml
View File

@@ -7,32 +7,26 @@
version = "0.2.0"
[tool.poetry.dependencies]
ansible = "^8.6.0"
ansible-lint = { version = "^6.18.0", markers = "platform_system != 'Windows'" }
commitizen = "^2.40.0"
poethepoet = "^0.18.1"
pre-commit = "^3.3.3"
python = "^3.9"
yamllint = "^1.32.0"
[tool.poetry.group.dev.dependencies]
black = "^23.11.0"
sh = "^2.0.6"
typos = "^1.16.23"
ansible = "^9.3.0"
ansible-lint = { version = "^24.2.1", markers = "platform_system != 'Windows'" }
commitizen = "^3.18.3"
jmespath = "^1.0.1"
poethepoet = "^0.25.0"
pre-commit = "^3.6.2"
python = "^3.11"
typos = "^1.19.0"
yamllint = "^1.35.1"
[build-system]
build-backend = "poetry.core.masonry.api"
requires = ["poetry-core"]
[tool.black]
line-length = 100
[tool.commitizen]
bump_message = "bump(release): v$current_version → v$new_version"
tag_format = "v$version"
update_changelog_on_bump = true
version = "0.2.0"
version_files = ["pyproject.toml:version"]
version_provider = "poetry"
[tool.poe.tasks]
pb = """

150
scripts/update_dependencies.py
View File

@@ -1,150 +0,0 @@
#!/usr/bin/env python
"""Script to update the pyproject.toml file with the latest versions of the dependencies."""
from pathlib import Path
from textwrap import wrap
try:
import tomllib
except ModuleNotFoundError: # pragma: no cover
import tomli as tomllib # type: ignore [no-redef]
import sh
from rich.console import Console
console = Console()
def dryrun(msg: str) -> None:
"""Print a message if the dry run flag is set.
Args:
msg: Message to print
"""
console.print(f"[cyan]DRYRUN | {msg}[/cyan]")
def success(msg: str) -> None:
"""Print a success message without using logging.
Args:
msg: Message to print
"""
console.print(f"[green]SUCCESS | {msg}[/green]")
def warning(msg: str) -> None:
"""Print a warning message without using logging.
Args:
msg: Message to print
"""
console.print(f"[yellow]WARNING | {msg}[/yellow]")
def error(msg: str) -> None:
"""Print an error message without using logging.
Args:
msg: Message to print
"""
console.print(f"[red]ERROR | {msg}[/red]")
def notice(msg: str) -> None:
"""Print a notice message without using logging.
Args:
msg: Message to print
"""
console.print(f"[bold]NOTICE | {msg}[/bold]")
def info(msg: str) -> None:
"""Print a notice message without using logging.
Args:
msg: Message to print
"""
console.print(f"INFO | {msg}")
def usage(msg: str, width: int = 80) -> None:
"""Print a usage message without using logging.
Args:
msg: Message to print
width (optional): Width of the message
"""
for _n, line in enumerate(wrap(msg, width=width)):
if _n == 0:
console.print(f"[dim]USAGE | {line}")
else:
console.print(f"[dim] | {line}")
def debug(msg: str) -> None:
"""Print a debug message without using logging.
Args:
msg: Message to print
"""
console.print(f"[blue]DEBUG | {msg}[/blue]")
def dim(msg: str) -> None:
"""Print a message in dimmed color.
Args:
msg: Message to print
"""
console.print(f"[dim]{msg}[/dim]")
# Load the pyproject.toml file
pyproject = Path(__file__).parents[1] / "pyproject.toml"
if not pyproject.exists():
console.print("pyproject.toml file not found")
raise SystemExit(1)
with pyproject.open("rb") as f:
try:
data = tomllib.load(f)
except tomllib.TOMLDecodeError as e:
raise SystemExit(1) from e
# Get the latest versions of all dependencies
info("Getting latest versions of dependencies...")
packages: dict = {}
for line in sh.poetry("--no-ansi", "show", "--outdated").splitlines():
package, current, latest = line.split()[:3]
packages[package] = {"current_version": current, "new_version": latest}
if not packages:
success("All dependencies are up to date")
raise SystemExit(0)
dependencies = data["tool"]["poetry"]["dependencies"]
groups = data["tool"]["poetry"]["group"]
for p in dependencies:
if p in packages:
notice(
f"Updating {p} from {packages[p]['current_version']} to {packages[p]['new_version']}"
)
sh.poetry("add", f"{p}@latest", _fg=True)
for group in groups:
for p in groups[group]["dependencies"]:
if p in packages:
notice(
f"Updating {p} from {packages[p]['current_version']} to {packages[p]['new_version']}"
)
sh.poetry("add", f"{p}@latest", "--group", group, _fg=True)
sh.poetry("update", _fg=True)
success("All dependencies are up to date")
raise SystemExit(0)

22
tasks/backups.yml
View File

@@ -24,24 +24,18 @@
when:
- is_nomad_client or is_nomad_server
- name: Ensure nomad user can run sudo with the restore script
- name: "SUDO: Confirm users can run service_backups"
become: true
ansible.builtin.lineinfile:
path: /etc/sudoers
path: "/etc/sudoers.d/010_{{ item }}-backups-nopasswd"
line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
state: present
line: "nomad ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
validate: "/usr/sbin/visudo -cf %s"
when:
- is_nomad_client or is_nomad_server
- "'pis' in group_names"
- name: Ensure my user can run sudo with the restore script
become: true
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
line: "{{ ansible_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
create: true
mode: "0440"
validate: "/usr/sbin/visudo -cf %s"
loop:
- nomad
- "{{ ansible_user }}"
when:
- is_nomad_client or is_nomad_server
- "'pis' in group_names"

28
tasks/consul.yml
View File

@@ -1,3 +1,4 @@
# yamllint disable rule:indentation
---
# TASK DESCRIPTION:
# Downloads, installs, and configures Hashicorp Consul.
@@ -117,7 +118,7 @@
- name: "Create Consul /opt storage and copy certificates"
block:
- name: "Create {{ consul_opt_dir }} directories"
- name: "Create {{ consul_opt_dir }} directories" # noqa: name[template]
become: true
ansible.builtin.file:
path: "{{ item }}"
@@ -130,16 +131,25 @@
- "{{ consul_opt_dir }}/plugins"
- "{{ consul_opt_dir }}/certs"
- name: Copy certs to servers
- name: Copy certs to servers # noqa
become: true
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
loop:
- { src: "certs/consul/consul-agent-ca.pem", dest: "{{ consul_opt_dir }}/certs/consul-agent-ca.pem" }
- { src: "certs/consul/{{ datacenter_name }}-server-consul-0.pem", dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0.pem" }
- { src: "certs/consul/{{ datacenter_name }}-server-consul-0-key.pem", dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0-key.pem" }
- {
src: "certs/consul/consul-agent-ca.pem",
dest: "{{ consul_opt_dir }}/certs/consul-agent-ca.pem",
}
- {
src: "certs/consul/{{ datacenter_name }}-server-consul-0.pem",
dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0.pem",
}
- {
src: "certs/consul/{{ datacenter_name }}-server-consul-0-key.pem",
dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0-key.pem",
}
when:
- is_consul_server
@@ -163,7 +173,7 @@
when:
- ansible_os_family == 'Debian'
- name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}"
- name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}" # noqa: name[template]
become: true
ansible.builtin.file:
path: "{{ consul_opt_dir }}"
@@ -199,7 +209,7 @@
when:
- ansible_os_family == 'Debian'
- name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}"
- name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}" # noqa: name[template]
become: true
ansible.builtin.file:
path: "{{ interpolated_consul_configuration_dir }}"
@@ -209,7 +219,7 @@
when:
- mac_intel or mac_arm or inventory_hostname == 'synology'
- name: "Set owner of root consul dir to {{ ansible_user_uid }}:{{ ansible_user_gid }} (synology)"
- name: "Set owner of root consul dir to {{ ansible_user_uid }}:{{ ansible_user_gid }} (synology)" # noqa: name[template]
become: true
ansible.builtin.file:
path: /volume1/docker/consul/
@@ -328,7 +338,7 @@
- ansible_os_family == 'Debian'
- "'nostart' not in ansible_run_tags"
- name: Make sure Consul service is really running
- name: Make sure Consul service is really running # noqa: command-instead-of-module
ansible.builtin.command:
cmd: systemctl is-active consul
register: is_consul_really_running

2
tasks/logrotate.yml
View File

@@ -4,7 +4,7 @@
#
# NOTE: This task exists due to the arillso.logrotate failing completely on macOS
- name: Add service_backups.log to logrotate
- name: Add service_backups.log to logrotate # noqa: ignore-errors
become: true
vars:
logrotate_applications:

35
tasks/nomad.yml
View File

@@ -1,3 +1,4 @@
# yamllint disable rule:indentation
---
# TASK DESCRIPTION:
# Downloads, installs, and configures Hashicorp Nomad.
@@ -83,7 +84,7 @@
- name: "Create Nomad /opt storage"
block:
- name: "Create {{ nomad_opt_dir_location }} directories"
- name: "Create {{ nomad_opt_dir_location }} directories" # noqa: name[template]
become: true
ansible.builtin.file:
path: "{{ item }}"
@@ -102,9 +103,18 @@
dest: "{{ item.dest }}"
mode: 0755
loop:
- { src: certs/nomad/nomad-ca.pem, dest: "{{ nomad_opt_dir_location }}/certs/nomad-ca.pem" }
- { src: certs/nomad/server.pem, dest: "{{ nomad_opt_dir_location }}/certs/server.pem" }
- { src: certs/nomad/server-key.pem, dest: "{{ nomad_opt_dir_location }}/certs/server-key.pem" }
- {
src: certs/nomad/nomad-ca.pem,
dest: "{{ nomad_opt_dir_location }}/certs/nomad-ca.pem",
}
- {
src: certs/nomad/server.pem,
dest: "{{ nomad_opt_dir_location }}/certs/server.pem",
}
- {
src: certs/nomad/server-key.pem,
dest: "{{ nomad_opt_dir_location }}/certs/server-key.pem",
}
notify: "restart nomad"
when: is_nomad_server
@@ -115,9 +125,18 @@
dest: "{{ item.dest }}"
mode: 0755
loop:
- { src: certs/nomad/nomad-ca.pem, dest: "{{ nomad_opt_dir_location }}/certs/nomad-ca.pem" }
- { src: certs/nomad/client.pem, dest: "{{ nomad_opt_dir_location }}/certs/client.pem" }
- { src: certs/nomad/client-key.pem, dest: "{{ nomad_opt_dir_location }}/certs/client-key.pem" }
- {
src: certs/nomad/nomad-ca.pem,
dest: "{{ nomad_opt_dir_location }}/certs/nomad-ca.pem",
}
- {
src: certs/nomad/client.pem,
dest: "{{ nomad_opt_dir_location }}/certs/client.pem",
}
- {
src: certs/nomad/client-key.pem,
dest: "{{ nomad_opt_dir_location }}/certs/client-key.pem",
}
notify: "restart nomad"
when: is_nomad_client
@@ -130,7 +149,7 @@
recurse: true
when: ansible_os_family == 'Debian'
- name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }} (MacOSX)"
- name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }} (MacOSX)" # noqa: name[template]
become: true
ansible.builtin.file:
path: "{{ nomad_opt_dir_location }}"

12
tasks/orchestration_jobs.yml
View File

@@ -74,3 +74,15 @@
dest: "{{ docker_compose_file_location }}/{{ item | basename | regex_replace('.j2$', '') }}"
mode: 0644
with_fileglob: "../templates/docker_compose_files/*.j2"
- name: "Prune docker caches"
community.docker.docker_prune:
containers: true
images: true
images_filters:
dangling: false
networks: true
volumes: true
builder_cache: true
when:
- is_docker_compose_client or is_nomad_client or is_nomad_server

22
tasks/packages.yml
View File

@@ -54,14 +54,14 @@
ansible.builtin.debug:
msg: "{{ homebrew_output.unchanged_pkgs }}"
- name: Install homebrew casks
community.general.homebrew_cask:
name: "{{ item }}"
state: present
install_options: "appdir=/Applications"
accept_external_apps: true
upgrade_all: false
update_homebrew: false
greedy: false
loop: "{{ homebrew_casks_list }}"
ignore_errors: true
# - name: Install homebrew casks # noqa: ignore-errors
# community.general.homebrew_cask:
# name: "{{ item }}"
# state: present
# install_options: "appdir=/Applications"
# accept_external_apps: true
# upgrade_all: false
# update_homebrew: false
# greedy: false
# loop: "{{ homebrew_casks_list }}"
# ignore_errors: true

38
tasks/telegraf.yml
View File

@@ -1,3 +1,4 @@
# yamllint disable rule:indentation
---
# TASK DESCRIPTION:
# Downloads, installs, and configures Telegraf
@@ -206,7 +207,7 @@
- name: "Configure Telegraf"
block:
- name: "Ensure {{ telegraph_config_location }} exists"
- name: "Ensure {{ telegraph_config_location }} exists" # noqa: name[template]
become: true
ansible.builtin.file:
path: "{{ item }}"
@@ -223,10 +224,22 @@
dest: "{{ item.dest }}"
mode: "644"
loop:
- { src: "telegraf/base_config.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.conf" }
- { src: "telegraf/custom_metrics.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/custom_metrics.conf" }
- { src: "telegraf/nomad.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/nomad.conf" }
- { src: "telegraf/docker.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/docker.conf" }
- {
src: "telegraf/base_config.conf.j2",
dest: "{{ telegraph_config_location }}/telegraf.conf",
}
- {
src: "telegraf/custom_metrics.conf.j2",
dest: "{{ telegraph_config_location }}/telegraf.d/custom_metrics.conf",
}
- {
src: "telegraf/nomad.conf.j2",
dest: "{{ telegraph_config_location }}/telegraf.d/nomad.conf",
}
- {
src: "telegraf/docker.conf.j2",
dest: "{{ telegraph_config_location }}/telegraf.d/docker.conf",
}
notify: restart_telegraf
- name: Template leader configs (ie, configs that should be placed on a single server)
@@ -236,9 +249,18 @@
dest: "{{ item.dest }}"
mode: "644"
loop:
- { src: "telegraf/leader.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/leader.conf" }
- { src: "telegraf/speedtest.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/speedtest.conf" }
- { src: "telegraf/pingHosts.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/pingHosts.conf" }
- {
src: "telegraf/leader.conf.j2",
dest: "{{ telegraph_config_location }}/telegraf.d/leader.conf",
}
- {
src: "telegraf/speedtest.conf.j2",
dest: "{{ telegraph_config_location }}/telegraf.d/speedtest.conf",
}
- {
src: "telegraf/pingHosts.conf.j2",
dest: "{{ telegraph_config_location }}/telegraf.d/pingHosts.conf",
}
when:
- is_cluster_leader
notify: restart_telegraf

24
templates/consul_services/consul_synology_checks.json.j2
View File

@@ -9,8 +9,7 @@
"traefik.http.routers.sabnzbd.entryPoints=web,websecure",
"traefik.http.routers.sabnzbd.service=sabnzbd",
"traefik.http.routers.sabnzbd.tls=true",
"traefik.http.routers.sabnzbd.tls.certresolver=cloudflare",
"traefik.http.routers.sabnzbd.middlewares=authelia@file"
"traefik.http.routers.sabnzbd.tls.certresolver=cloudflare"
],
"checks": [{
"id": "sabnzbd-http-check",
@@ -21,6 +20,27 @@
"failures_before_critical": 3
}]
},
{
"name": "jellyfin",
"id": "jellyfin",
"tags": [
"traefik.enable=true",
"traefik.http.services.jellyfin.loadbalancer.server.port=8096",
"traefik.http.routers.jellyfin.rule=Host(`jellyfin.{{ homelab_domain_name }}`)",
"traefik.http.routers.jellyfin.entryPoints=web,websecure",
"traefik.http.routers.jellyfin.service=jellyfin",
"traefik.http.routers.jellyfin.tls=true",
"traefik.http.routers.jellyfin.tls.certresolver=cloudflare"
],
"checks": [{
"id": "jellyfin-http-check",
"http": "http://{{ synology_second_ip }}:8096",
"interval": "30s",
"timeout": "5s",
"success_before_passing": 3,
"failures_before_critical": 3
}]
},
{
"name": "synology",
"id": "synology",

17
templates/docker_compose_files/synology_jellyfin.yml.j2 Normal file
View File

@@ -0,0 +1,17 @@
version: '3.9'
services:
jellyfin:
image: lscr.io/linuxserver/jellyfin:latest
hostname: jellyfin
container_name: jellyfin
network_mode: "host"
environment:
- "TZ=America/New_York"
- "PGID=101"
- "PUID={{ ansible_user_uid }}"
volumes:
- /volume1/pi-cluster/jellyfin:/config
- /volume1/media/media/movies:/data/movies
- /volume1/media/media/tv:/data/tv
restart: unless-stopped

6
templates/docker_compose_files/synology_sabnzbd.yml.j2
View File

@@ -2,7 +2,7 @@ version: '3.9'
services:
sabnzbd:
image: ghcr.io/linuxserver/sabnzbd
image: ghcr.io/linuxserver/sabnzbd:{{ sabnzbd_version }}
hostname: sabnzbd
container_name: sabnzbd
network_mode: "bridge"
@@ -10,13 +10,15 @@ services:
- "TZ=America/New_York"
- "PGID=101"
- "PUID={{ ansible_user_uid }}"
#- "DOCKER_MODS=linuxserver/mods:universal-cron"
volumes:
- /var/services/homes/{{ my_username }}:/{{ my_username }}
- /volume1/nate:/nate
- /volume1/media/downloads/nzb:/nzbd
- /volume1/media/downloads/temp:/incomplete-downloads
- /volume1/media/downloads/complete:/downloads
- /volume1/docker/sabnzbd:/config
- /volume1/pi-cluster/sabnzbd:/config
- /volume1/pi-cluster/sabnzbd/startup-scripts:/custom-cont-init.d
ports:
- 8080:8080
- 9090:9090

32
templates/nomad_jobs/backup_local_filesystems.hcl
View File

@@ -1,21 +1,21 @@
job "backup_local_filesystems" {
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "sysbatch"
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "sysbatch"
periodic {
cron = "0 */8 * * * *"
prohibit_overlap = true
time_zone = "America/New_York"
}
task "do_backups" {
driver = "raw_exec"
config {
# When running a binary that exists on the host, the path must be absolute
command = "${meta.backupCommand}"
args = ["${meta.backupCommandArg1}", "${meta.backupCommandArg2}", "${meta.backupCommandArg3}"]
periodic {
cron = "0 */8 * * * *"
prohibit_overlap = true
time_zone = "America/New_York"
}
} // /task do_backups
task "do_backups" {
driver = "raw_exec"
config {
# When running a binary that exists on the host, the path must be absolute
command = "${meta.backupCommand}"
args = ["${meta.backupCommandArg1}", "${meta.backupCommandArg2}", "${meta.backupCommandArg3}"]
}
} // /task do_backups
} //job

404
templates/nomad_jobs/gitea.hcl Normal file
View File

@@ -0,0 +1,404 @@
job "gitea" {
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "service"
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
constraint {
distinct_hosts = true
}
group "gitea" {
// constraint {
// attribute = "${node.unique.name}"
// operator = "regexp"
// value = "rpi"
// }
count = 1
restart {
attempts = 0
delay = "30s"
}
network {
port "webui" {
to = "3000"
}
port "ssh" {
to = "22"
}
}
task "create_filesystem" {
// Copy the most recent backup into place on the local computer. sonarr will not work with
// its database in an NFS share
driver = "raw_exec"
config {
# When running a binary that exists on the host, the path must be absolute
command = "${meta.restoreCommand}"
args = [
"${meta.restoreCommand1}",
"${meta.restoreCommand2}",
"${NOMAD_JOB_NAME}",
"${meta.restoreCommand3}"
]
}
lifecycle {
hook = "prestart"
sidecar = false
}
} // /task create_filesystem
task "gitea" {
env {
GITEA__mailer__ENABLED = true
GITEA__mailer__FROM = "gitea@{{ homelab_domain_name }}"
GITEA__mailer__PASSWD = "{{ gitea_smtp_password }}"
GITEA__mailer__PROTOCOL = "smtp+starttls"
GITEA__mailer__SMTP_ADDR = "{{ email_smtp_host }}"
GITEA__mailer__SMTP_PORT = "{{ email_smtp_port_starttls }}"
GITEA__mailer__SUBJECT_PREFIX = "[Gitea]"
GITEA__mailer__USER = "{{ email_smtp_account }}"
GITEA__repository__DEFAULT_REPO_UNITS = "repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages" # add `repo.actions` to the list if enabling actions
GITEA__server__DOMAIN = "{{ homelab_domain_name }}"
GITEA__server__ROOT_URL = "https://${NOMAD_JOB_NAME}.{{ homelab_domain_name }}"
GITEA__server__SSH_DOMAIN = "${NOMAD_JOB_NAME}.{{ homelab_domain_name }}"
GITEA__server__SSH_PORT = "2222" # Traefik gitea-ssh entrypoint
GITEA__server__START_SSH_SERVER = false
GITEA__service__ENABLE_NOTIFY_MAIL = true
GITEA__time__DEFAULT_UI_LOCATION = "America/New_York"
TZ = "America/New_York"
USER_GID = "${meta.PGID}"
USER_UID = "${meta.PUID}"
}
driver = "docker"
config {
image = "gitea/gitea:{{ gitea_version }}"
image_pull_timeout = "10m"
hostname = "${NOMAD_TASK_NAME}"
volumes = [
"${meta.localStorageRoot}/${NOMAD_JOB_NAME}:/data",
"/etc/timezone:/etc/timezone:ro",
"/etc/localtime:/etc/localtime:ro"
]
ports = ["webui", "ssh"]
} // docker config
service {
port = "webui"
name = "${NOMAD_JOB_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_JOB_NAME}.service=${NOMAD_JOB_NAME}",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=cloudflare"
]
check {
type = "tcp"
port = "webui"
interval = "30s"
timeout = "4s"
}
check_restart {
limit = 0
grace = "1m"
}
} // service
service {
port = "ssh"
name = "gitea-ssh-svc"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)",
"traefik.tcp.routers.gitea-ssh.entrypoints=gitea-ssh",
"traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
]
} // service
// resources {
// cpu = 100 # MHz
// memory = 300 # MB
// } // resources
} // task gitea
task "save_configuration" {
driver = "raw_exec"
config {
# When running a binary that exists on the host, the path must be absolute
command = "${meta.backupCommand}"
args = [
"${meta.backupAllocArg1}",
"${meta.backupAllocArg2}",
"${meta.backupAllocArg3}",
"${meta.backupAllocArg4}",
"${meta.backupAllocArg5}",
"${NOMAD_JOB_NAME}",
"${meta.backupAllocArg6}"
]
}
lifecycle {
hook = "poststop"
sidecar = false
}
} // /task save_configuration
} // group
// group "action-runners" {
// constraint {
// attribute = "${node.unique.name}"
// operator = "regexp"
// value = "macmini"
// }
// constraint {
// distinct_hosts = true
// }
// count = 1
// restart {
// attempts = 0
// delay = "30s"
// }
// network {
// port "cache" {
// to = "8088"
// }
// }
// task "await-gitea" {
// lifecycle {
// hook = "prestart"
// sidecar = false
// }
// driver = "docker"
// config {
// image = "busybox:latest"
// command = "/bin/sh"
// args = [
// "-c",
// "chmod 755 /local/ping.sh && /local/ping.sh"
// ]
// network_mode = "host"
// }
// template {
// destination = "local/ping.sh"
// change_mode = "restart"
// data = <<-EOH
// #!/bin/sh
// {% raw -%}
// {{ range nomadService "gitea" }}
// IP="{{ .Address }}"
// PORT="{{ .Port }}"
// {{ end }}
// {% endraw -%}
// until [ -n "${IP}" ] && [ -n "${PORT}" ]; do
// echo "Waiting for Nomad to populate the service information..."
// sleep 1
// done
// echo "Waiting for Gitea to start..."
// until nc -z "${IP}" "${PORT}"; do
// echo "'nc -z ${IP} ${PORT}' is unavailable..."
// sleep 1
// done
// echo "Gitea is up! Found at ${IP}:${PORT}"
// EOH
// }
// }
// task "gitea-action-runner" {
// env {
// CONFIG_FILE = "/local/config.yml"
// GITEA_INSTANCE_URL = "https://${NOMAD_JOB_NAME}.{{ homelab_domain_name }}"
// GITEA_RUNNER_NAME = "${node.unique.name}-action-runner"
// GITEA_RUNNER_REGISTRATION_TOKEN = "{{ gitea_runner_registration_token }}"
// PGID = "${meta.PGID}"
// PUID = "${meta.PUID}"
// TZ = "America/New_York"
// }
// driver = "docker"
// config {
// image = "gitea/act_runner:latest"
// image_pull_timeout = "10m"
// hostname = "${NOMAD_TASK_NAME}"
// volumes = [
// "${meta.nfsStorageRoot}/pi-cluster/gitea-action-runners:/data",
// "/var/run/docker.sock:/var/run/docker.sock"
// ]
// ports = ["cache"]
// } // docker config
// template {
// destination = "local/config.yml"
// env = false
// change_mode = "noop"
// data = <<-EOH
// log:
// # The level of logging, can be trace, debug, info, warn, error, fatal
// level: info
// runner:
// # Where to store the registration result.
// {% raw %}file: .runner-{{ env "node.unique.name" }}{% endraw +%}
// # Execute how many tasks concurrently at the same time.
// capacity: 1
// # Extra environment variables to run jobs.
// envs:
// A_TEST_ENV_NAME_1: a_test_env_value_1
// A_TEST_ENV_NAME_2: a_test_env_value_2
// # Extra environment variables to run jobs from a file.
// # It will be ignored if it's empty or the file doesn't exist.
// env_file: .env
// # The timeout for a job to be finished.
// # Please note that the Gitea instance also has a timeout (3h by default) for the job.
// # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
// timeout: 3h
// # Whether skip verifying the TLS certificate of the Gitea instance.
// insecure: false
// # The timeout for fetching the job from the Gitea instance.
// fetch_timeout: 5s
// # The interval for fetching the job from the Gitea instance.
// fetch_interval: 2s
// # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
// # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
// # If it's empty when registering, it will ask for inputting labels.
// # If it's empty when execute `daemon`, will use labels in `.runner` file.
// labels: []
// cache:
// # Enable cache server to use actions/cache.
// enabled: false
// # The directory to store the cache data.
// # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
// dir: ""
// # The host of the cache server.
// # It's not for the address to listen, but the address to connect from job containers.
// # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
// {% raw %}host: "{{ env "NOMAD_IP_cache" }}"{% endraw +%}
// # The port of the cache server.
// {% raw %}port: {{ env "NOMAD_HOST_PORT_cache" }}{% endraw +%}
// # The external cache server URL. Valid only when enable is true.
// # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
// # The URL should generally end with "/".
// external_server: ""
// container:
// # Specifies the network to which the container will connect.
// # Could be host, bridge or the name of a custom network.
// # If it's empty, act_runner will create a network automatically.
// network: ""
// # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
// privileged: false
// # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
// options:
// # The parent directory of a job's working directory.
// # If it's empty, /workspace will be used.
// workdir_parent:
// # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
// # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
// # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
// # valid_volumes:
// # - data
// # - /src/*.json
// # If you want to allow any volume, please use the following configuration:
// # valid_volumes:
// # - '**'
// valid_volumes:
// - '**'
// # overrides the docker client host with the specified one.
// # If it's empty, act_runner will find an available docker host automatically.
// # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
// # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
// docker_host: ""
// # Pull docker image(s) even if already present
// force_pull: false
// host:
// # The parent directory of a job's working directory.
// # If it's empty, $HOME/.cache/act/ will be used.
// workdir_parent:
// EOH
// }
// // service {
// // port = "cache"
// // name = "${NOMAD_TASK_NAME}"
// // provider = "nomad"
// // tags = [
// // "traefik.enable=true",
// // "traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.{{ homelab_domain_name }}`)",
// // "traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
// // "traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
// // "traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
// // "traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
// // "traefik.http.routers.${NOMAD_TASK_NAME}.middlewares=authelia@file"
// // ]
// // check {
// // type = "tcp"
// // port = "cache"
// // interval = "30s"
// // timeout = "4s"
// // }
// // check_restart {
// // limit = 0
// // grace = "1m"
// // }
// // } // service
// resources {
// cpu = 400 # MHz
// memory = 600 # MB
// } // resources
// } // task gitea-action-runner
// } // group action-runners
} // job

101
templates/nomad_jobs/hishtory-server.hcl Normal file
View File

@@ -0,0 +1,101 @@
job "hishtory" {
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "service"
# README
# https://github.com/linuxserver/docker-hishtory-server
# https://github.com/ddworken/hishtory/blob/master/README.md
// constraint {
// attribute = "${node.unique.name}"
// operator = "regexp"
// value = "rpi(1|2|3)"
// }
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
group "hishtory" {
count = 1
restart {
attempts = 0
delay = "30s"
}
network {
port "port1" {
to = "8080"
}
}
task "hishtory" {
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
HISHTORY_SQLITE_DB = "/config/hishtory.db"
}
driver = "docker"
config {
image = "lscr.io/linuxserver/hishtory-server:latest"
image_pull_timeout = "10m"
hostname = "${NOMAD_TASK_NAME}"
volumes = [
"${meta.nfsStorageRoot}/pi-cluster/${NOMAD_TASK_NAME}:/config"
]
ports = ["port1"]
} // docker config
service {
port = "port1"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare"
]
check {
type = "tcp"
port = "port1"
interval = "30s"
timeout = "4s"
}
check_restart {
limit = 0
grace = "1m"
}
} // service
resources {
cpu = 1800 # MHz
memory = 800 # MB
} // resources
} // task
} // group
} // job

250
templates/nomad_jobs/icloud_backup.hcl
View File

@@ -3,143 +3,149 @@ job "icloud_backup" {
datacenters = ["{{ datacenter_name }}"]
type = "service"
// Need to authenticate within the container by running
// icloud --username=<icloud-username> --session-directory=/app/session_data
// and then entering the 2FA code that is sent to the user associated with the iCloud account.
// constraint {
// attribute = "${node.unique.name}"
// operator = "regexp"
// value = "rpi(1|2|3)"
// }
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
group "icloud_backup" {
count = 1
restart {
attempts = 0
delay = "30s"
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
task "icloud_backup" {
group "icloud_backup" {
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
// ENV_ICLOUD_PASSWORD = "[icloud password]" # 2FA renders this env var useless at the moment.
}
count = 1
driver = "docker"
config {
image = "mandarons/icloud-drive"
hostname = "${NOMAD_TASK_NAME}"
volumes = [
"${meta.nfsStorageRoot}/nate/icloud_backup:/app/icloud",
"${meta.nfsStorageRoot}/pi-cluster/icloud_backup/session_data:/app/session_data",
"local/icloud_backup.yaml:/app/config.yaml",
"/etc/timezone:/etc/timezone:ro",
"/etc/localtime:/etc/localtime:ro"
]
} // docker config
restart {
attempts = 0
delay = "30s"
}
template {
destination = "local/icloud_backup.yaml"
env = false
change_mode = "restart"
perms = "644"
data = <<-EOH
app:
logger:
# level - debug, info (default), warning, or error
level: "info"
# log filename icloud.log (default)
filename: "icloud.log"
credentials:
# iCloud drive username
username: "{{ icloud_backup_username }}"
# Retry login interval
retry_login_interval: 3600 # 1 hour
# Drive destination
root: "icloud"
smtp:
# If you want to receive email notifications about expired/missing 2FA credentials then uncomment
email: "{{ email_smtp_account }}"
# optional, to email address. Default is sender email.
#to: "receiver@test.com"
password: "{{ icloud_backup_smtp_password }}"
host: "{{ email_smtp_host }}"
port: {{ email_smtp_port_starttls }}
# If your email provider doesn't handle TLS
no_tls: false
drive:
destination: "drive"
remove_obsolete: true
sync_interval: 172800 # 2 days
filters:
# File filters to be included in syncing iCloud drive content
folders:
- "Scanner By Readdle"
- "Documents by Readdle"
# - "folder3"
file_extensions:
# File extensions to be included
- "pdf"
- "png"
- "jpg"
- "jpeg"
- "xls"
- "xlsx"
- "docx"
- "pptx"
- "txt"
- "md"
- "html"
- "htm"
- "css"
- "js"
- "json"
- "xml"
- "yaml"
- "yml"
- "csv"
- "mp3"
- "mp4"
- "mov"
- "wav"
- "mkv"
- "m4a"
photos:
destination: "photos"
remove_obsolete: true
sync_interval: 172800 # 2 days
filters:
albums:
# - "album1"
file_sizes: # valid values are original, medium and/or thumb
- "original"
# - "medium"
# - "thumb"
EOH
} // template data
task "icloud_backup" {
resources {
cpu = 900 # MHz
memory = 100 # MB
} // resources
env {
ENV_CONFIG_FILE_PATH = "/local/icloud_backup.yaml"
PGID = "${meta.PGID}"
PUID = "${meta.PUID}"
TZ = "America/New_York"
// ENV_ICLOUD_PASSWORD = "[icloud password]" # 2FA renders this env var useless at the moment.
}
} // task
driver = "docker"
config {
image = "mandarons/icloud-drive"
hostname = "${NOMAD_TASK_NAME}"
volumes = [
"${meta.nfsStorageRoot}/nate/icloud_backup:/app/icloud",
"${meta.nfsStorageRoot}/pi-cluster/icloud_backup/session_data:/app/session_data",
"/etc/timezone:/etc/timezone:ro",
"/etc/localtime:/etc/localtime:ro"
]
} // docker config
template {
destination = "local/icloud_backup.yaml"
env = false
change_mode = "restart"
perms = "644"
data = <<-EOH
---
app:
logger:
# level - debug, info (default), warning, or error
level: "info"
# log filename icloud.log (default)
filename: "icloud.log"
credentials:
# iCloud drive username
username: "{{ icloud_backup_username }}"
# Retry login interval
retry_login_interval: 3600 # 1 hour
root: "icloud"
smtp:
# If you want to receive email notifications about expired/missing 2FA credentials then uncomment
email: "{{ email_smtp_account }}"
# optional, to email address. Default is sender email.
#to: "receiver@test.com"
password: "{{ icloud_backup_smtp_password }}"
host: "{{ email_smtp_host }}"
port: {{ email_smtp_port_starttls }}
# If your email provider doesn't handle TLS
no_tls: false
drive:
destination: "drive"
remove_obsolete: true
sync_interval: 172800 # 2 days
filters:
# File filters to be included in syncing iCloud drive content
folders:
- "Scanner By Readdle"
- "Documents by Readdle"
# - "folder3"
file_extensions:
# File extensions to be included
- "pdf"
- "png"
- "jpg"
- "jpeg"
- "xls"
- "xlsx"
- "docx"
- "pptx"
- "txt"
- "md"
- "html"
- "htm"
- "css"
- "js"
- "json"
- "xml"
- "yaml"
- "yml"
- "csv"
- "mp3"
- "mp4"
- "mov"
- "wav"
- "mkv"
- "m4a"
photos:
destination: "photos"
remove_obsolete: true
sync_interval: 172800 # 2 days
all_albums: false # Optional, default false. If true preserve album structure. If same photo is in multiple albums creates duplicates on filesystem
folder_format: "%Y-%m" # optional, if set put photos in subfolders according to format. Cheatsheet - https://strftime.org
filters:
albums:
# - "album1"
file_sizes: # valid values are original, medium and/or thumb
- "original"
# - "medium"
# - "thumb"
EOH
} // template data
resources {
cpu = 900 # MHz
memory = 100 # MB
} // resources
} // task
} // group
} // group
} // job

6
templates/nomad_jobs/jellyfin.hcl
View File

@@ -71,7 +71,7 @@ job "jellyfin" {
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare"
]
check {
@@ -89,8 +89,8 @@ job "jellyfin" {
} // service
resources {
cpu = 5000 # MHz
memory = 1000 # MB
cpu = 2500 # MHz
memory = 750 # MB
} // resources
} // task

150
templates/nomad_jobs/overseerr.hcl
View File

@@ -1,92 +1,92 @@
job "overseerr" {
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "service"
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "service"
// constraint {
// attribute = "${node.unique.name}"
// operator = "regexp"
// value = "rpi"
// }
// constraint {
// attribute = "${node.unique.name}"
// operator = "regexp"
// value = "rpi"
// }
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
group "overseerr" {
count = 1
restart {
attempts = 0
delay = "30s"
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
network {
port "overseerr" {
to = "5055"
}
}
group "overseerr" {
task "overseerr" {
count = 1
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
}
driver = "docker"
config {
image = "ghcr.io/linuxserver/overseerr"
hostname = "${NOMAD_JOB_NAME}"
ports = ["overseerr"]
volumes = [ "${meta.nfsStorageRoot}/pi-cluster/overseerr:/config" ]
} // docker config
service {
port = "overseerr"
name = "${NOMAD_JOB_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_JOB_NAME}.service=overseerr",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=cloudflare",
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=authelia@file"
]
check {
type = "tcp"
port = "overseerr"
interval = "30s"
timeout = "4s"
restart {
attempts = 0
delay = "30s"
}
check_restart {
limit = 0
grace = "1m"
network {
port "overseerr" {
to = "5055"
}
}
} // service
resources {
cpu = 1600 # MHz
memory = 300 # MB
} // resources
task "overseerr" {
} // task
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
}
driver = "docker"
config {
image = "lscr.io/linuxserver/overseerr:latest"
hostname = "${NOMAD_JOB_NAME}"
ports = ["overseerr"]
image_pull_timeout = "10m"
volumes = [ "${meta.nfsStorageRoot}/pi-cluster/overseerr:/config" ]
} // docker config
service {
port = "overseerr"
name = "${NOMAD_JOB_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_JOB_NAME}.service=overseerr",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=cloudflare"
]
check {
type = "tcp"
port = "overseerr"
interval = "30s"
timeout = "4s"
}
check_restart {
limit = 0
grace = "1m"
}
} // service
resources {
cpu = 1600 # MHz
memory = 300 # MB
} // resources
} // task
} // group
} // group
} // job

1
templates/nomad_jobs/pihole.hcl
View File

@@ -137,6 +137,7 @@ job "pihole" {
service {
name = "piholeDNStcp"
port = "dns"
provider = "nomad"
check {
type = "tcp"
port = "dns"

2
templates/nomad_jobs/promtail-syslogs.hcl
View File

@@ -51,7 +51,7 @@ job "promtail-syslogs" {
{% raw -%}
clients:
- url: http://{{ range service "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push
- url: http://{{ range nomadService "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push
{% endraw %}
scrape_configs:

155
templates/nomad_jobs/recyclarr.hcl
View File

@@ -70,46 +70,136 @@ job "recyclarr" {
sonarr:
series:
base_url: https://sonarr.{{ homelab_domain_name }}/
api_key: {{ sonarr_api_key }}
api_key: "{{ sonarr_api_key }}"
delete_old_custom_formats: true
replace_existing_custom_formats: true
# Quality definitions from the guide to sync to Sonarr. Choices: series, anime
quality_definition:
type: series
# Release profiles from the guide to sync to Sonarr v3 (Sonarr v4 does not use this!)
# Use `recyclarr list release-profiles` for values you can put here.
# https://trash-guides.info/Sonarr/Sonarr-Release-Profile-RegEx/
release_profiles:
quality_profiles:
- name: "HD - 720p/1080p"
reset_unmatched_scores:
enabled: true
upgrade:
allowed: true
until_quality: WEB-1080p
qualities:
- name: Bluray-2160p Remux
enabled: false
- name: Bluray-2160p
enabled: false
- name: WEB-2160p
enabled: false
qualities:
- WEBRip-2160p
- WEBDL-2160p
- name: HDTV-2160p
enabled: false
- name: Bluray-1080p Remux
enabled: false
- name: Bluray-1080p
- name: WEB-1080p
qualities:
- WEBRip-1080p
- WEBDL-1080p
- name: HDTV-1080p
- name: Bluray-720p
enabled: false
- name: WEB-720
qualities:
- WEBRip-720p
- WEBDL-720p
- name: HDTV-720p
custom_formats:
- trash_ids:
- EBC725268D687D588A20CBC5F97E538B # Low Quality Groups
- 1B018E0C53EC825085DD911102E2CA36 # Release Sources (Streaming Service)
- 71899E6C303A07AF0E4746EFF9873532 # P2P Groups + Repack/Proper
strict_negative_scores: false
- 85c61753df5da1fb2aab6f2a47426b09 # BR-DISK
- 9c11cd3f07101cdba90a2d81cf0e56b4 # LQ
- e2315f990da2e2cbfc9fa5b7a6fcfe48 # LQ Release Title
# - 47435ece6b99a0b477caf360e79ba0bb # X265
- fbcb31d8dabd2a319072b84fc0b7249c # Extras
- 32b367365729d530ca1c124a0b180c64 # Bad dual lingual groups
- 82d40da2bc6923f41e14394075dd4b03 # No-RlsGroup
quality_profiles:
- name: "HD - 720p/1080p"
score: -1000
- trash_ids:
- 76e060895c5b8a765c310933da0a5357 # Optionals
filter:
include:
- cec8880b847dd5d31d29167ee0112b57 # Golden rule
- 436f5a7d08fbf02ba25cb5e5dfe98e55 # Ignore Dolby Vision without HDR10 fallback.
# - f3f0f3691c6a1988d4a02963e69d11f2 # Ignore The Group -SCENE
# - 5bc23c3a055a1a5d8bbe4fb49d80e0cb # Ignore so called scene releases
- 538bad00ee6f8aced8e0db5218b8484c # Ignore Bad Dual Audio Groups
- 4861d8238f9234606df6721df6e27deb # Ignore AV1
- bc7a6383cbe88c3ee2d6396e1aacc0b3 # Prefer HDR
- 6f2aefa61342a63387f2a90489e90790 # Dislike retags: rartv, rarbg, eztv, TGx
- 19cd5ecc0a24bf493a75e80a51974cdd # Dislike retagged groups
- 6a7b462c6caee4a991a9d8aa38ce2405 # Dislike release ending: en
- 236a3626a07cacf5692c73cc947bc280 # Dislike release containing: 1-
# - fa47da3377076d82d07c4e95b3f13d07 # Prefer Dolby Vision
- ec8fa7296b64e8cd390a1600981f3923 # Repack
quality_profiles:
- name: "HD - 720p/1080p"
score: 5
- trash_ids:
- eb3d5cc0a2be0db205fb823640db6a3c # Repack2
quality_profiles:
- name: "HD - 720p/1080p"
score: 6
- trash_ids:
- 44e7c4de10ae50265753082e5dc76047 # Repack3
quality_profiles:
- name: "HD - 720p/1080p"
score: 7
- trash_ids: # Streaming services, Low Tier
- bbcaf03147de0f73be2be4a9078dfa03 # 40D
- fcc09418f67ccaddcf3b641a22c5cfd7 # ALL4
- 77a7b25585c18af08f60b1547bb9b4fb # CC
- f27d46a831e6b16fa3fee2c4e5d10984 # CANALPlus
- 4e9a630db98d5391aec1368a0256e2fe # CRAV
- 36b72f59f4ea20aad9316f475f2d9fbb # DCU
- 7be9c0572d8cd4f81785dacf7e85985e # FOD
- 7a235133c87f7da4c8cccceca7e3c7a6 # HBO
- f6cce30f1733d5c8194222a7507909bb # HULU
- dc503e2425126fa1d0a9ad6168c83b3f # IP
- 0ac24a2a68a9700bcb7eeca8e5cd644c # iT
- b2b980877494b560443631eb1f473867 # NLZ
- fb1a91cdc0f26f7ca0696e0e95274645 # OViD
- c30d2958827d1867c73318a5a2957eb1 # Red
- ae58039e1319178e6be73caab5c42166 # Sho
- d100ea972d1af2150b65b1cffb80f6b5 # TVer
- 0e99e7cc719a8a73b2668c3a0c3fe10c # U-next
- 5d2317d99af813b6529c7ebf01c83533 # VDL
quality_profiles:
- name: "HD - 720p/1080p"
score: 50
- trash_ids: # Streaming services, second tier
- d660701077794679fd59e8bdf4ce3a29 # AMZN
- a880d6abc21e7c16884f3ae393f84179 # HMAX
- d34870697c9db575f17700212167be23 # NF
- 1656adc6d7bb2c8cca6acfb6592db421 # PCOK
- c67a75ae4a1715f2bb4d492755ba4195 # PMTP
- 3ac5d84fce98bab1b531393e9c82f467 # QIBI
- 1efe8da11bfd74fbbcd4d8117ddb9213 # STAN
quality_profiles:
- name: "HD - 720p/1080p"
score: 80
- trash_ids: # Streaming services, Top tier
- f67c9ca88f463a48346062e8ad07713f # ATVP
- 89358767a60cc28783cdc3d0be9388a4 # DSNP
- 81d1fbf600e2540cee87f3a23f9d3c1c # MAX
quality_profiles:
- name: "HD - 720p/1080p"
score: 100
- trash_ids: # HQ Source Groups: Tier 1
- e6258996055b9fbab7e9cb2f75819294
quality_profiles:
- name: "HD - 720p/1080p"
score: 1700
- trash_ids: # HQ Source Groups: Tier 2
- 58790d4e2fdcd9733aa7ae68ba2bb503
quality_profiles:
- name: "HD - 720p/1080p"
score: 1650
- trash_ids: # HQ Source Groups: Tier 3
- d84935abd3f8556dcd51d4f27e22d0a6
quality_profiles:
- name: "HD - 720p/1080p"
score: 1600
# Configuration specific to Radarr.
radarr:
movies:
# Set the URL/API Key to your actual instance
base_url: https://radarr.{{ homelab_domain_name }}/
api_key: {{ radarr_api_key }}
api_key: "{{ radarr_api_key }}"
delete_old_custom_formats: true
replace_existing_custom_formats: true
@@ -120,9 +210,11 @@ radarr:
quality_profiles:
- name: "720p/1080p"
reset_unmatched_scores: true
reset_unmatched_scores:
enabled: true
- name: "720p/1080p Remux"
reset_unmatched_scores: true
reset_unmatched_scores:
enabled: true
custom_formats:
# Use `recyclarr list custom-formats radarr` for values you can put here.
@@ -183,9 +275,9 @@ radarr:
- f2aacebe2c932337fe352fa6e42c1611 # 9.1 Surround
quality_profiles:
- name: "720p/1080p"
score: -50
score: -100
- name: "720p/1080p Remux"
score: -50
score: -100
- trash_ids:
- 89dac1be53d5268a7e10a19d3c896826 # 2.0 Stereo
@@ -200,6 +292,7 @@ radarr:
score: 80
- name: "720p/1080p Remux"
score: 80
EOH
}

27
templates/nomad_jobs/remove_nzbs.hcl Normal file
View File

@@ -0,0 +1,27 @@
job "remove_nzbs" {
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "batch"
constraint {
attribute = "${node.unique.name}"
operator = "regexp"
value = "rpi"
}
periodic {
cron = "*/15 * * * * *"
prohibit_overlap = true
time_zone = "America/New_York"
}
task "remove_nzbs" {
driver = "raw_exec"
config {
command = "/home/pi/.pyenv/shims/python"
args = ["/home/pi/repos/bin/bin-sabnzbd/removeNZBs.py"]
}
} // /task do_backups
} //job

947
templates/nomad_jobs/reverse-proxy.hcl
View File

@@ -1,500 +1,529 @@
job "reverse-proxy" {
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "service"
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "service"
constraint {
attribute = "${node.unique.name}"
value = "rpi1"
}
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
group "authelia-group" {
group "reverse-proxy-group" {
restart {
attempts = 0
delay = "30s"
}
constraint {
attribute = "${node.unique.name}"
operator = "regexp"
value = "rpi"
}
network {
port "authelia-port" {
static = {{ authelia_port }}
to = 9091
}
port "whoami" {
to = 80
}
port "dashboard" {
static = 8080
to = 8080
}
port "web" {
static = 80
to = 80
}
port "websecure" {
static = 443
to = 443
}
port "externalwebsecure" {
static = 4430
to = 4430
}
}
restart {
attempts = 0
delay = "30s"
}
task "authelia" {
network {
port "authelia-port" {
to = 9091
}
}
env {
TZ = "America/New_York"
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
}
task "authelia" {
driver = "docker"
config {
image = "authelia/authelia:{{ authelia_version }}"
hostname = "authelia"
ports = ["authelia-port"]
volumes = [ "${meta.nfsStorageRoot}/pi-cluster/authelia:/config" ]
args = [
"--config",
"/local/authelia/config.yml"
]
} // docker config
env {
TZ = "America/New_York"
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
}
template {
destination = "local/authelia/users.yml"
env = false
change_mode = "restart"
perms = "644"
data = <<-EOH
---
###############################################################
# Users Database #
###############################################################
driver = "docker"
config {
image = "authelia/authelia:{{ authelia_version }}"
hostname = "authelia"
ports = ["authelia-port"]
image_pull_timeout = "10m"
volumes = [ "${meta.nfsStorageRoot}/pi-cluster/authelia:/config" ]
args = [
"--config",
"/local/authelia/config.yml"
]
} // docker config
# This file can be used if you do not have an LDAP set up.
users:
{{ authelia_user1_name }}:
displayname: "{{ authelia_user1_name }}"
password: "$argon2id$v=19$m=65536,t=1,p={{ authelia_user1_password }}"
email: {{ authelia_user1_email }}
groups:
- admins
- dev
EOH
}
template {
destination = "local/authelia/users.yml"
env = false
change_mode = "restart"
perms = "644"
data = <<-EOH
---
###############################################################
# Users Database #
###############################################################
template {
destination = "local/authelia/config.yml"
env = false
change_mode = "restart"
perms = "644"
data = <<-EOH
---
## The theme to display: light, dark, grey, auto.
theme: auto
# This file can be used if you do not have an LDAP set up.
users:
{{ authelia_user1_name }}:
displayname: "{{ authelia_user1_name }}"
password: "$argon2id$v=19$m=65536,t=1,p={{ authelia_user1_password }}"
email: {{ authelia_user1_email }}
groups:
- admins
- dev
EOH
}
jwt_secret: {{ authelia_jwt_secret}}
default_redirection_url: https://authelia.{{ homelab_domain_name}}
template {
destination = "local/authelia/config.yml"
env = false
change_mode = "restart"
perms = "644"
data = <<-EOH
---
## The theme to display: light, dark, grey, auto.
theme: auto
server:
host: 0.0.0.0
port: 9091
path: ""
read_buffer_size: 4096
write_buffer_size: 4096
enable_pprof: false
enable_expvars: false
disable_healthcheck: false
jwt_secret: {{ authelia_jwt_secret}}
default_redirection_url: https://authelia.{{ homelab_domain_name}}
log:
level: info
format: text
# file_path: "/config/log.txt"
keep_stdout: false
server:
host: 0.0.0.0
port: 9091
path: ""
buffers:
read: 4096
write: 4096
timeouts:
read: 15s
write: 15s
idle: 30s
enable_pprof: false
enable_expvars: false
disable_healthcheck: false
totp:
issuer: authelia.com
log:
level: info
format: text
# file_path: "/config/log.txt"
keep_stdout: false
authentication_backend:
disable_reset_password: false
file:
path: /local/authelia/users.yml
password:
algorithm: argon2id
iterations: 1
salt_length: 16
parallelism: 8
memory: 64
totp:
issuer: authelia.com
access_control:
default_policy: deny
networks:
- name: internal
networks:
- 10.0.0.0/8
#- 172.16.0.0/12
#- 192.168.0.0/18
rules:
# Rules applied to everyone
- domain: "*.{{ homelab_domain_name }}"
policy: two_factor
authentication_backend:
password_reset:
disable: false
file:
path: /local/authelia/users.yml
password:
algorithm: argon2id
iterations: 1
salt_length: 16
parallelism: 8
memory: 64
access_control:
default_policy: deny
networks:
- internal
- name: internal
networks:
- 10.0.0.0/8
#- 172.16.0.0/12
#- 192.168.0.0/18
rules:
# Rules applied to everyone
- domain: "*.{{ homelab_domain_name }}"
policy: two_factor
networks:
- internal
session:
name: authelia_session
domain: {{ homelab_domain_name }}
same_site: lax
secret: {{ authelia_session_secret }}
expiration: 1h
inactivity: 15m
remember_me_duration: 1w
session:
name: authelia_session
domain: {{ homelab_domain_name }}
same_site: lax
secret: {{ authelia_session_secret }}
expiration: 1h
inactivity: 15m
remember_me_duration: 1w
regulation:
max_retries: 5
find_time: 10m
ban_time: 15m
regulation:
max_retries: 5
find_time: 10m
ban_time: 15m
storage:
encryption_key: {{ authelia_sqlite_encryption_key}}
local:
path: /config/db.sqlite3
storage:
encryption_key: {{ authelia_sqlite_encryption_key}}
local:
path: /config/db.sqlite3
notifier:
smtp:
username: {{ email_smtp_account }}
password: {{ authelia_smtp_password }}
host: {{ email_smtp_host }}
port: {{ email_smtp_port }}
sender: "Authelia <{{ my_email_address }}>"
subject: "[Authelia] {title}"
startup_check_address: {{ my_email_address }}
notifier:
smtp:
username: {{ email_smtp_account }}
password: {{ authelia_smtp_password }}
host: {{ email_smtp_host }}
port: {{ email_smtp_port }}
sender: "Authelia <{{ my_email_address }}>"
subject: "[Authelia] {title}"
startup_check_address: {{ my_email_address }}
ntp:
address: "time.cloudflare.com:123"
version: 3
max_desync: 3s
disable_startup_check: true
disable_failure: true
EOH
}
ntp:
address: "time.cloudflare.com:123"
version: 3
max_desync: 3s
disable_startup_check: true
disable_failure: true
EOH
}
service {
port = "authelia-port"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`authelia.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
"traefik.http.middlewares.authelia-headers.headers.customResponseHeaders.Cache-Control=no-store",
"traefik.http.middlewares.authelia-headers.headers.customResponseHeaders.Pragma=no-cache",
"traefik.http.routers.authelia.middlewares=authelia-headers"
service {
port = "authelia-port"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`authelia.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
"traefik.http.middlewares.authelia-headers.headers.customResponseHeaders.Cache-Control=no-store",
"traefik.http.middlewares.authelia-headers.headers.customResponseHeaders.Pragma=no-cache",
"traefik.http.routers.authelia.middlewares=authelia-headers"
]
check {
type = "tcp"
port = "authelia-port"
interval = "30s"
timeout = "4s"
}
check_restart {
limit = 0
grace = "1m"
}
} // service
resources {
cpu = 200 # MHz
memory = 1000 # MB
}
} // task authelia
} // authelia-group
group "reverse-proxy-group" {
constraint {
attribute = "${node.unique.name}"
value = "rpi1"
}
restart {
attempts = 0
delay = "30s"
}
network {
port "whoami" {
to = 80
}
port "dashboard" {
static = 8080
to = 8080
}
port "web" {
static = 80
to = 80
}
port "websecure" {
static = 443
to = 443
}
port "externalwebsecure" {
static = 4430
to = 4430
}
port "ssh" { # Used for gitea
static = 2222
to = 2222
}
}
task "whoami" {
driver = "docker"
config {
image = "containous/whoami:latest"
hostname = "${NOMAD_TASK_NAME}"
image_pull_timeout = "10m"
ports = ["whoami"]
} // /docker config
service {
port = "whoami"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
"traefik.http.routers.${NOMAD_TASK_NAME}.middlewares=authelia@file"
]
check {
type = "http"
path = "/"
interval = "90s"
timeout = "15s"
}
check_restart {
limit = 2
grace = "1m"
}
}
resources {
cpu = 25 # MHz
memory = 10 # MB
}
} // /task whoami
task "traefik" {
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
CF_API_EMAIL = "{{ my_email_address }}"
CF_DNS_API_TOKEN = "{{ traefik_cf_api_token }}"
}
driver = "docker"
config {
image = "traefik:v{{ traefik_version }}"
hostname = "traefik"
ports = ["dashboard", "web", "websecure","externalwebsecure", "ssh"]
volumes = [ "${meta.nfsStorageRoot}/pi-cluster/traefik/acme:/acme" ]
image_pull_timeout = "10m"
args = [
"--global.sendAnonymousUsage=false",
"--global.checkNewVersion=false",
"--entryPoints.gitea-ssh.address=:2222",
"--entryPoints.web.address=:80",
"--entryPoints.websecure.address=:443",
"--entryPoints.externalwebsecure.address=:4430",
"--entrypoints.web.http.redirections.entryPoint.to=websecure",
"--entrypoints.web.http.redirections.entryPoint.scheme=https",
"--entrypoints.web.http.redirections.entryPoint.permanent=true",
"--providers.file.filename=/local/traefik/siteconfigs.toml",
"--providers.file.watch=true",
"--providers.consulcatalog=true",
"--providers.consulcatalog.endpoint.address=http://${NOMAD_IP_web}:8500",
"--providers.consulcatalog.prefix=traefik",
"--providers.consulcatalog.exposedbydefault=false",
"--providers.nomad=true",
"--providers.nomad.endpoint.address=http://${NOMAD_IP_web}:4646",
// "--metrics=true",
// "--metrics.influxdb=true",
// "--metrics.influxdb.address=influxdb.service.consul:{{ influxdb_port }}",
// "--metrics.influxdb.protocol=http",
// "--metrics.influxdb.pushinterval=10s",
// "--metrics.influxdb.database=homelab",
// "--metrics.influxdb.retentionpolicy=2day",
// "--metrics.influxdb.addentrypointslabels=true",
// "--metrics.influxdb.addserviceslabels=true",
"--accesslog=true",
"--log=true",
"--log.level=ERROR",
"--api=true",
"--api.dashboard=true",
"--api.insecure=true",
"--certificatesresolvers.cloudflare.acme.email={{ my_email_address }}",
"--certificatesresolvers.cloudflare.acme.storage=/acme/acme-${node.unique.name}.json",
"--certificatesresolvers.cloudflare.acme.dnschallenge=true",
"--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare",
"--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10",
"--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
]
} // docker config
template {
destination = "local/traefik/httpasswd"
env = false
change_mode = "noop"
data = <<-EOH
{{ my_username }}:{{ traefik_http_pass_me }}
family:{{ traefik_http_pass_family }}
EOH
}
template {
destination = "local/traefik/httpasswdFamily"
env = false
change_mode = "noop"
data = <<-EOH
{{ my_username }}:{{ traefik_http_pass_me }}
family:{{ traefik_http_pass_family }}
EOH
}
template {
destination = "local/traefik/siteconfigs.toml"
env = false
change_mode = "noop"
data = <<-EOH
[http]
[http.middlewares]
[http.middlewares.compress.compress]
[http.middlewares.localIPOnly.ipWhiteList]
sourceRange = ["10.0.0.0/8"]
[http.middlewares.redirectScheme.redirectScheme]
scheme = "https"
permanent = true
[http.middlewares.authelia.forwardAuth]
address = {% raw %}"http://{{ range nomadService "authelia" }}{{ .Address }}:{{ .Port }}{{ end }}{% endraw %}/api/verify?rd=https://authelia.{{ homelab_domain_name }}"
trustForwardHeader = true
authResponseHeaders = ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
[http.middlewares.basicauth.basicauth]
usersfile = "/local/traefik/httpasswd"
removeHeader = true
[http.middlewares.basicauth-family.basicauth]
usersfile = "/local/traefik/httpasswdFamily"
removeHeader = true
[http.middlewares.allowFrame.headers]
customFrameOptionsValue = "allow-from https://home.{{ homelab_domain_name }}"
[http.routers]
[http.routers.consul]
rule = "Host(`consul.{{ homelab_domain_name }}`)"
service = "consul"
entrypoints = ["web","websecure"]
[http.routers.consul.tls]
certResolver = "cloudflare" # From static configuration
[http.services]
[http.services.consul]
[http.services.consul.loadBalancer]
passHostHeader = true
[[http.services.consul.loadBalancer.servers]]
url = "http://consul.service.consul:8500"
EOH
}
service {
port = "dashboard"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
"traefik.http.routers.${NOMAD_TASK_NAME}.middlewares=authelia@file,redirectScheme@file"
]
check {
type = "tcp"
port = "authelia-port"
interval = "30s"
timeout = "4s"
}
check {
type = "tcp"
port = "dashboard"
interval = "30s"
timeout = "4s"
}
check_restart {
limit = 0
grace = "1m"
}
} // service
check_restart {
limit = 0
grace = "1m"
}
} // service
resources {
cpu = 200 # MHz
memory = 1000 # MB
}
resources {
cpu = 140 # MHz
memory = 100 # MB
} // resources
} // task authelia
} // task traefik
task "whoami" {
driver = "docker"
config {
image = "containous/whoami:latest"
hostname = "${NOMAD_TASK_NAME}"
ports = ["whoami"]
// task "promtail-traefik" {
} // /docker config
// driver = "docker"
// config {
// image = "grafana/promtail"
// hostname = "promtail-traefik"
// volumes = [
// "/mnt/pi-cluster/logs:/traefik"
// ]
// args = [
// "-config.file",
// "/local/promtail-config.yaml",
// "-print-config-stderr",
// ]
// } // docker config
service {
port = "whoami"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
// "traefik.http.routers.${NOMAD_TASK_NAME}.middlewares=authelia@file"
]
check {
type = "http"
path = "/"
interval = "90s"
timeout = "15s"
}
check_restart {
limit = 2
grace = "1m"
}
}
resources {
cpu = 25 # MHz
memory = 10 # MB
}
// template {
// destination = "local/promtail-config.yaml"
// env = false
// data = <<-EOH
// server:
// http_listen_port: 9080
// grpc_listen_port: 0
} // /task whoami
// positions:
// filename: /alloc/positions.yaml
task "traefik" {
// {% raw -%}
// clients:
// - url: http://{{ range nomadService "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push
// {% endraw %}
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
CF_API_EMAIL = "{{ my_email_address }}"
CF_DNS_API_TOKEN = "{{ traefik_cf_api_token }}"
}
// scrape_configs:
// - job_name: traefik
// static_configs:
// - targets:
// - localhost
// labels:
// job: traefik_access
// {% raw %}host: {{ env "node.unique.name" }}{% endraw +%}
// __path__: "/alloc/logs/traefik.std*.0"
// pipeline_stages:
// - regex:
// expression: '^(?P<remote_addr>[\w\.]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>.*)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)" (?P<request_number>[^ ]+) "(?P<router>[^ ]+)" "(?P<server_URL>[^ ]+)" (?P<response_time_ms>[^ ]+)ms$'
// - labels:
// method:
// status:
// router:
// response_time_ms:
driver = "docker"
config {
image = "traefik:{{ traefik_version }}"
hostname = "traefik"
ports = ["dashboard", "web", "websecure","externalwebsecure"]
volumes = [ "${meta.nfsStorageRoot}/pi-cluster/traefik/acme:/acme" ]
args = [
"--global.sendAnonymousUsage=false",
"--global.checkNewVersion=false",
"--entryPoints.web.address=:80",
"--entryPoints.websecure.address=:443",
"--entryPoints.externalwebsecure.address=:4430",
"--entrypoints.web.http.redirections.entryPoint.to=websecure",
"--entrypoints.web.http.redirections.entryPoint.scheme=https",
"--entrypoints.web.http.redirections.entryPoint.permanent=true",
"--providers.file.filename=/local/traefik/siteconfigs.toml",
"--providers.file.watch=true",
"--providers.consulcatalog=true",
"--providers.consulcatalog.endpoint.address=http://${NOMAD_IP_web}:8500",
"--providers.consulcatalog.prefix=traefik",
"--providers.consulcatalog.exposedbydefault=false",
"--providers.nomad=true",
"--providers.nomad.endpoint.address=http://${NOMAD_IP_web}:4646",
// "--metrics=true",
// "--metrics.influxdb=true",
// "--metrics.influxdb.address=influxdb.service.consul:{{ influxdb_port }}",
// "--metrics.influxdb.protocol=http",
// "--metrics.influxdb.pushinterval=10s",
// "--metrics.influxdb.database=homelab",
// "--metrics.influxdb.retentionpolicy=2day",
// "--metrics.influxdb.addentrypointslabels=true",
// "--metrics.influxdb.addserviceslabels=true",
"--accesslog=true",
"--log=true",
"--log.level=ERROR",
"--api=true",
"--api.dashboard=true",
"--api.insecure=true",
"--certificatesresolvers.cloudflare.acme.email={{ my_email_address }}",
"--certificatesresolvers.cloudflare.acme.storage=/acme/acme-${node.unique.name}.json",
"--certificatesresolvers.cloudflare.acme.dnschallenge=true",
"--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare",
"--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10",
"--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
]
} // docker config
// EOH
// } // template
template {
destination = "local/traefik/httpasswd"
env = false
change_mode = "noop"
data = <<-EOH
{{ my_username }}:{{ traefik_http_pass_me }}
family:{{ traefik_http_pass_family }}
EOH
}
// lifecycle {
// hook = "poststart"
// sidecar = true
// }
template {
destination = "local/traefik/httpasswdFamily"
env = false
change_mode = "noop"
data = <<-EOH
{{ my_username }}:{{ traefik_http_pass_me }}
family:{{ traefik_http_pass_family }}
EOH
}
// resources {
// cpu = 30 # MHz
// memory = 30 # MB
// } // resources
template {
destination = "local/traefik/siteconfigs.toml"
env = false
change_mode = "noop"
data = <<-EOH
[http]
[http.middlewares]
[http.middlewares.compress.compress]
// } // promtail sidecar task
[http.middlewares.localIPOnly.ipWhiteList]
sourceRange = ["10.0.0.0/8"]
[http.middlewares.redirectScheme.redirectScheme]
scheme = "https"
permanent = true
[http.middlewares.authelia.forwardAuth]
address = {% raw %}"http://{{ env "NOMAD_IP_authelia_port" }}:{{ env "NOMAD_PORT_authelia_port" }}{% endraw %}/api/verify?rd=https://authelia.{{ homelab_domain_name }}"
trustForwardHeader = true
authResponseHeaders = ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
[http.middlewares.basicauth.basicauth]
usersfile = "/local/traefik/httpasswd"
removeHeader = true
[http.middlewares.basicauth-family.basicauth]
usersfile = "/local/traefik/httpasswdFamily"
removeHeader = true
[http.middlewares.allowFrame.headers]
customFrameOptionsValue = "allow-from https://home.{{ homelab_domain_name }}"
[http.routers]
[http.routers.consul]
rule = "Host(`consul.{{ homelab_domain_name }}`)"
service = "consul"
entrypoints = ["web","websecure"]
[http.routers.consul.tls]
certResolver = "cloudflare" # From static configuration
[http.services]
[http.services.consul]
[http.services.consul.loadBalancer]
passHostHeader = true
[[http.services.consul.loadBalancer.servers]]
url = "http://consul.service.consul:8500"
EOH
}
service {
port = "dashboard"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_TASK_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
"traefik.http.routers.${NOMAD_TASK_NAME}.middlewares=authelia@file,redirectScheme@file"
]
check {
type = "tcp"
port = "dashboard"
interval = "30s"
timeout = "4s"
}
check_restart {
limit = 0
grace = "1m"
}
} // service
resources {
//cpu = 40 # MHz
memory = 64 # MB
} // resources
} // task traefik
// task "promtail-traefik" {
// driver = "docker"
// config {
// image = "grafana/promtail"
// hostname = "promtail-traefik"
// volumes = [
// "/mnt/pi-cluster/logs:/traefik"
// ]
// args = [
// "-config.file",
// "/local/promtail-config.yaml",
// "-print-config-stderr",
// ]
// } // docker config
// template {
// destination = "local/promtail-config.yaml"
// env = false
// data = <<-EOH
// server:
// http_listen_port: 9080
// grpc_listen_port: 0
// positions:
// filename: /alloc/positions.yaml
// {% raw -%}
// clients:
// - url: http://{{ range service "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push
// {% endraw %}
// scrape_configs:
// - job_name: traefik
// static_configs:
// - targets:
// - localhost
// labels:
// job: traefik_access
// {% raw %}host: {{ env "node.unique.name" }}{% endraw +%}
// __path__: "/alloc/logs/traefik.std*.0"
// pipeline_stages:
// - regex:
// expression: '^(?P<remote_addr>[\w\.]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>.*)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)" (?P<request_number>[^ ]+) "(?P<router>[^ ]+)" "(?P<server_URL>[^ ]+)" (?P<response_time_ms>[^ ]+)ms$'
// - labels:
// method:
// status:
// router:
// response_time_ms:
// EOH
// } // template
// lifecycle {
// hook = "poststart"
// sidecar = true
// }
// resources {
// cpu = 30 # MHz
// memory = 30 # MB
// } // resources
// } // promtail sidecar task
} // reverse-proxy-group
} // reverse-proxy-group
}

2
templates/nomad_jobs/sabnzbd.hcl
View File

@@ -71,7 +71,7 @@ job "sabnzbd" {
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare"
// "traefik.http.routers.${NOMAD_TASK_NAME}.middlewares=authelia@file"
]

97
templates/nomad_jobs/speedtest.hcl Normal file
View File

@@ -0,0 +1,97 @@
job "speedtest" {
region = "global"
datacenters = ["{{ datacenter_name }}"]
type = "service"
constraint {
attribute = "${node.unique.name}"
operator = "regexp"
value = "macmini"
}
update {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
progress_deadline = "10m"
auto_revert = true
canary = 0
stagger = "30s"
}
group "speedtest" {
count = 1
restart {
attempts = 0
delay = "30s"
}
network {
port "port1" {
to = "80"
}
}
task "speedtest" {
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
DB_CONNECTION = "sqlite"
APP_KEY = "{{ speedtest_app_key }}"
}
driver = "docker"
config {
image = "lscr.io/linuxserver/speedtest-tracker:latest"
image_pull_timeout = "10m"
hostname = "${NOMAD_TASK_NAME}"
volumes = [
"${meta.nfsStorageRoot}/pi-cluster/${NOMAD_TASK_NAME}:/config"
]
ports = ["port1"]
} // docker config
service {
port = "port1"
name = "${NOMAD_TASK_NAME}"
provider = "nomad"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.{{ homelab_domain_name }}`)",
"traefik.http.routers.${NOMAD_TASK_NAME}.entryPoints=web,websecure",
"traefik.http.routers.${NOMAD_TASK_NAME}.service=${NOMAD_TASK_NAME}",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls=true",
"traefik.http.routers.${NOMAD_TASK_NAME}.tls.certresolver=cloudflare"
]
check {
type = "tcp"
port = "port1"
interval = "30s"
timeout = "4s"
}
check_restart {
limit = 0
grace = "1m"
}
} // service
resources {
cpu = 1000 # MHz
memory = 200 # MB
} // resources
} // task
} // group
} // job

5
templates/nomad_jobs/stash.hcl
View File

@@ -40,6 +40,7 @@ job "stash" {
env {
PUID = "${meta.PUID}"
PGID = "${meta.PGID}"
TZ = "America/New_York"
STASH_STASH = "/data/"
STASH_GENERATED = "/generated/"
STASH_METADATA = "/metadata/"
@@ -58,6 +59,7 @@ job "stash" {
"${meta.nfsStorageRoot}/nate/.stash/generated:/generated",
"${meta.nfsStorageRoot}/nate/.stash/media:/data",
"${meta.nfsStorageRoot}/nate/.stash/metadata:/metadata",
"${meta.nfsStorageRoot}/nate/.stash/blobs:/blobs",
"/etc/timezone:/etc/timezone:ro"
]
ports = ["port1"]
@@ -74,7 +76,6 @@ job "stash" {
"traefik.http.routers.${NOMAD_JOB_NAME}.service=${NOMAD_JOB_NAME}",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=cloudflare",
// "traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=authelia@file"
]
check {
@@ -90,7 +91,7 @@ job "stash" {
} // service
resources {
cpu = 4500 # MHz
cpu = 3000 # MHz
memory = 400 # MB
} // resources

6
templates/nomad_jobs/valentina.hcl
View File

@@ -40,12 +40,14 @@ job "valentina" {
VALENTINA_GUILDS = "{{ valentina_guids }}"
VALENTINA_LOG_LEVEL = "INFO"
VALENTINA_LOG_LEVEL_AWS = "INFO"
VALENTINA_LOG_LEVEL_HTTP = "ERROR"
VALENTINA_MONGO_DATABASE_NAME = "{{ valentina_mongo_database_name }}"
VALENTINA_MONGO_URI = "{{ valentina_mongo_uri }}"
VALENTINA_OWNER_CHANNELS = "{{ valentina_owner_channels }}"
VALENTINA_OWNER_IDS = "{{ valentina_owner_ids }}"
VALENTINA_S3_BUCKET_NAME = "{{ valentina_s3_bucket_name}}"
VALENTINA_DB_PATH = "/valentina/valentina.sqlite" # Depreciated
VALENTINA_GITHUB_TOKEN = "{{ valentina_github_token }}"
VALENTINA_GITHUB_REPO = "{{ valentina_github_repo }}"
}
driver = "docker"
config {
@@ -114,7 +116,7 @@ job "valentina" {
driver = "docker"
config {
image = "ghcr.io/natelandau/backup-mongodb:{{ backup_mongodb_version }}"
image = "ghcr.io/natelandau/backup-mongodb:v{{ backup_mongodb_version }}"
image_pull_timeout = "10m"
hostname = "${NOMAD_TASK_NAME}"
ports = ["port1"]

3
templates/scripts/service_backups.sh.j2
View File

@@ -20,6 +20,7 @@ _mainScript_() {
readarr
sonarr
uptimekuma
gitea
)
fi
@@ -131,7 +132,7 @@ _mainScript_() {
BACKUP_RETENTION_HOURLY=2
BACKUP_RETENTION_DAILY=6
BACKUP_RETENTION_WEEKLY=3
BACKUP_RETENTION_MONTHLY=2
BACKUP_RETENTION_MONTHLY=4
;;
esac

420
vault.yml
View File

@@ -1,200 +1,222 @@
$ANSIBLE_VAULT;1.1;AES256
36633538333031373964616162643635383635323235326464303732623566653562363461616636
3362653639613765636235333439303032346433356564340a663330356135373930623666333162
66613339353363376462383038326439326463303734616138363166363762366465626262393534
3362643736343663610a313638616433393166323962393965633465643931636334356634336436
65316365656532343066353530626131346535396165393439383539646531376131356534353935
64306437313261366466353234623864303731356637363561633535356565653331316566626331
66353834613733353362353938343036366162396562623935343238363766653466393731653265
33323830343766373836373764333637656461613635303366356464623338663937656165383335
39383039386465323461346334333730323266376231613161363539333561373164316132373166
30323034323835383861353133323233396166313033616535316462656166343435303937613831
31376638363732616134316239326632343266393661613937333436313636386334376466393034
65346239383165373763363364386639643735363762313938626462663837656635656332366332
66646333393433303431636436633632353966373737363965623935643261386462353935623136
31376235663761386166643965313362373631386561303536303638386661356436323566323862
34613935316636623663303534303265373763643863343035323234306331316361373833386263
39326266393130356131666539643163303863373034396264376534613863343865306131343432
63323636303031623761613133373439373234383862353533323037666138626162353533643066
61383266383539363862623961393932353739396563383639313864326336653732306332336137
39393435653832653466343839626665323361626138356463353964316130313937386234366534
63653362373039356635306631333535326338623562316138653036393137316466653266613430
66363362663334613532663337316638663365393239376639643237306464626336323662356166
64323134363539373239643064343465613661613366613961386438616562616232366566666266
34326266643832316133663538656339643736373437373766343561373333353333636563313761
37376338343066613435623061363461666633316637326364316138623866633362626430373363
34656564613933376631353032303531333330613039366561336632396338613130643161643934
64653965373163613734383433666261303532363063383836313337363862613032663930343039
62623330303861343735346134626666633162316432396136663635303036343733386530623766
66646539623939333166323963363535303533666132656661303862633435643330336437313834
32326232393334383131363632653263343632363133616635396263386535383331346139653532
30323631373731663038363465636434383739646635626432393066323030303962363363636265
37386338356237623934656238306133363265613663376466656464303564393363366365613531
66306136366139323434316537616231356539663130353863653135333032653266353230393032
36346462393335363664663936623164336435383038656535663963623430643730333865386364
62323764303038643937396634393437663734356238363762303030386663313539623739663638
33326435633530323535303835343261653962346666323764346539373261353766386262323330
61663363373639613365333235386531313934303564646666623632353837643666643337363764
30323033653531363636323664343639303030396432653566656364346638623536616630636261
31613365386563626432363961376466616632636535366438653466393136636663303062343833
31333032623839353639376136633765643962656536323337623634613734326437366466383939
32343439656339303061626264616138366530373535373031346636393762373237646432613162
31393335373262383565666163396163376332643637303932343861393764653732626565663665
33656263656636616634363565616432653939663530383532356237396535346265616533373161
64643763626635666436373832386263633163333837313733623963316231303833303136323963
30313665643739353666376163376539326363383436346565636534666361336132323537656631
33316266313238636664666333356630656464363665623234363432656334376366333336643830
33646361396663383565306164626665336231633234343466646465333263363236646230626633
36363363633166376237326239386334346337353165353561396437623532333931373462323364
32663935336335663735336166373034303165326330333733346365356635626634313366376430
39636632353663373435386234353566643663613830363735386139373964623130363162346436
30363564383462306430643362663463623539643931356339643938333631663735653238653031
34376663623835323835316535376664333462306536373965376539346235653963316533633737
30623463353461356363343765333637366563313162373733376230613638613134626437623366
32613238386264353334346239353735636636333263633130373964326164393264663137306461
39643837336162646261353232666161643635653336363435303733616135666666313361326331
34303536626238663932623930643265663135396464636631343566383831613562386236616562
62623431316539383366633133643734363938393131643936653237613937393236646239346537
65646233653230383238343466663336313734643031663134633538633734353630626336376536
64343031643733326537653365363138613166613832323737393162306462643932646330616635
31356634323636386661613133346235666265343832393232626162653961656536326536613835
34343637353435383732333661613464663530393636353261386131386363653533646564633932
31373236333837353235333735323332346631656539363663633462663337326338346339626665
64333831376538663161306664643534333433353563316639323866363334386163663661633032
31626633663336643534396461623236386330393561663763626531303163316233303362623266
36386363376635333332363332343532363331656166616165333639303561613830336639346561
38393631306630356432393731346431383839373834393034626663636438313530333661646666
36333630306165663165376561643331656137653565353066343165376530643439393239633765
37356361303833363065313166303263313161656236326164313765656664303565353564363432
31333035613163333634666539303266383165356339643737376332376633656230363866383437
36613439656433363736633562373764313237633861303733613863636264663230343662393732
64313839363639363431613738353438616162326138306463646363383264313638376432346430
66363033333331393165323365393064303235366337303230336361663732333833613736396663
36313763353162636262616165323137363337303961636463613566323631393535373634643162
37323164323632626135333434363131323863366563636565346663356164616539343762383966
63623237346636383363643930323230356335393563656363346435653934353136633238656666
35373564616666306332633633653233326465393836613934316465616365396663626532323730
63646531313931396638633063646539366162396131666330313839343561386335313733343333
32383463386563623635353533313035393862333565623864383439663433363563646232623830
31663061373863613537313534373331633830656163373665343432303833653066643863346639
65663562613833326233396437616237633866643166303630323532383035353065363364353134
30336632323363343833343335336535646533386365616234333936363835343661616630396537
38383963356466323036336530316438643463663566333136303534373931633566633335326165
65386362336431653338333866353231323635383432326134663963343336313264306439376361
32353465663439643831636464326362666330393136646530653234313865656561653865356336
39303164366662303164373931323861613238366632663963343863363663383637656132346631
31376436303533306534383065663333353565623564373530396436613835353233316332663635
36613736303434623664313831343434633962353766313664616564323865333634363138373962
37396632343032376531373266353032326338323663323337613337353964643765333061653136
63333430303961376261333761643763613438653834333534613934376565613439336662653134
35323433616131613131316662666239643430333934646264663235356235373936666462613532
39656239396138663361333135663432363463663139373531346335633134666261356161396632
62656262623562373031393833626433633766646163623533656565663636633035326535643338
61656165643266343361646635656464626630616330363638353362313737393530353836613662
61383334366639343034653933313563613263356539646237353366306433666130333866616666
32363635386538323934393438343961643834373634373035626237623466383630643035623261
61616363323065656265363931336139626435643263316133623033663437623836396666646437
35653438363139383863336133326134373464623730326131386432353031323665643538333636
35326438356431653761633765366665303166656432363534366265336531613331383366396261
38313338313134373235313533336632363032383335346564356333313233653734323137313935
38653266666166393935383462373761303732616665393833626130613039613162326238646566
31323933336464306264613135376561356639396137363135383062313430313666363862643261
30613161393739373763343333313865333830663735336364343637373637353438613462323434
39616339343863336536343831343434396432626139666139386636393132336330376332666238
39313935353061383463353238316362363665393166396230663064393137666536316337383534
39343166356637333934363364343534623962373163303933313636373531346631643061336562
34366330633361396339653937613030313264343031383137393061616237396661623666303438
36653165646337643766323531643233376365366261313439633262663563616437646332323262
63323537373631376262393738623166303736653539333639626562343061633832333538353437
38656237613633336437323038643337376438636666386531393935353732303666383234383162
66323463343663366664376138613834396262636631343137326361666637666165613064623161
65613230353632636162396265626634646334616431313162633534386630333239323637363365
37653333303435363836393330663036646530303532366139616337306139393266346162633132
65373066373562356237336235363036623362316337366662336561373038626537373239616431
34653938383539636164353931643835386533356538623533323832346164313963656430616462
34306131373365353662666565623366306431663365316661323038616138626663393963383430
64666533613365383563353864366361663934643234393130613561316436306636346639353138
32346339663439616632616237613937306162623662386232363831333234323065373730396266
36393438366261306565383864613566323230646563653862326536306633616230663637373238
63336333356130356631653539616131383336383338363564353063656562393430303562333861
32323434303532326461653130396563646561353133363462333463646236363834346636633936
34623439313533353265333566616362373062313562303934613632613066646537616534323638
37643166353162386630356565303031343965663762353661326132396337613336346366393839
33383831663264646161633135623930636539313332343335333232653961636439653835333661
62643635356563326265666335626462373361336366626530656139313932313765306264373637
61306132386537383233646334663163633436313030623362303462656234353464313466623836
38366163383662613133306133366631666436623666346361626432333363653135366661366637
39653662333933646263323166646633326564663465663265363532386233626335303161333161
38633539326234643138613537303936356637336335326230646534373035613531626537383665
34633936656531373633373062623937383362623939656538376633333938646637306135633432
33326332383633646466383732323866333962623937386563393033646137383536653562666461
38333464393664333633613865396162373831666365653430643165643437376233373031653532
32663333363865323338633466396261396638343538373233363662636535313839333930653936
63386630346537323934376565336263316231326537393535333261313830303339366437353930
34373636613363383539656665636163393366316462313763646564613836613133613830343535
37343739363136386234623433636431326366646161303937306165323932663632376639383263
33613539623034376536396131633436626239613434323162623736373138373365663962623661
39336135353337653432323164346262353936316637646265376133386334313430326235326535
38626330643961646563316130356533333133366431356239376238383062653766393962666138
39616231383336646562393031646231393963656338613334616131323166383063366363316231
66343766383461363436383730613862646435326236346565356233376230373839303865326338
32316636333061636637663938306462306561343239393434323835643738383130373439376664
61636531666366333231653762636539366531353136373261313565623934616466616636343233
35303365393161313034333366643232643765646664346665653335343533366535346437376631
36353838633262303466643238373534363462333062396262373037653136343632663536653437
36313564656333373331346432316533663832306662303666343638623235653166333634373066
31656164333939633264616436613132333337363837616531623839393238626261383164393062
35623437356338313830303435393765386333313861373765306265643635653166646266363130
35306264393963306661383130373162323931666430366431343765326533653331383033386333
62393130613365333865626362346637343166663132633164366364373466666637346439633162
33613438376338663032633830346161313963306631313234366461333731316532623262646363
34613734353930376366633066396435303962383263306666373462396530353965366461346632
61646334663535623565343539626431326235613761353538663536643234343931326266336665
30316433656639373935323931366366323734636265303464333931346166613732376231383534
61643839393731356666386335653539383434306331666333626666663435346239383565633466
33346634653962383039646137623564386561643732653062343731303837303238353265336163
34343362393865373663656534333731336264303130353462666463643564336262366564636165
34396530613161316637373135653864616133393339303535346636633162323261663062663464
65373062393966303838363164363964376665363965636164373331623865343834313837333639
63623061643830663630363134653863336432393538373032653232386632333739366462613332
38326139303032393433326534326335666364626533356431376639323564316534666338356138
30643231373332356462646565666466623539313139303764666563633361653061376164333338
64363461313565313662633533663538386261396563646364326636636466306637636132353466
30396534653565353261383433373238666334636134663439643336616233663564656562666437
35663866363032366139333234386538393562666233663866303565333431336132393464666334
66323166623939623162393265373437336337396638376635643139326363383734383862306630
34333062356237363633306231316463653962303964636634363136396630613037353463373837
35336430373734373436393363303164393139313162326239636561656637663732303766363534
64646536633430633665663464383631633039353531336131313835323939306664383732316563
33653462366166633066363665633665633133663338633662633930646633396364613366366562
32343766376638623035366364386162313465383131666639393238383031303137646133343633
61326135323735363930333133623330316136363165646537363034663036663333386530333264
35323266663437306165376438373032643132343736343862316161626139303037613261323432
32333264643835343331333736383630386634383735646632646165323032356461656339393265
62396235336134653732323966366638623338616166316166343136346265313561376664633432
36613163616263326361376131616265613334363931393032613264363336643432393233326166
66343831383763393734393539323762653636346265323061656632623636363865326439343262
63613639663139383563316630313266346237326562366637616535333661353061333561663931
63373762353362303761316165653163643165663837356265613932353738306163303230386133
31303862633539373934636638376239363933646235363866396166333136353164626530636235
33356461303737306463643833393839643930373730306566306462336635383234313734663361
62636539653336303831303866643639366262383939316138366562393530613632626363623562
32343764326433383733333531373137626363393836613962396535333462313966343634343735
61333635393961613636323738376164306332343166633936626432316165363531396264373139
61623738616534366664356164376533363531643436653937646435356636396433386564663363
61616636636439633961336333636434643630643833643836653262396636656239636235633565
64623030303561303961663164616461306135653533653563333839383639373233376263316361
33343137636166383839393830343336363439623637663237316631633366343238663761346232
65633133326263383638306133666237313934323630646666376233653837366138303766636661
37356337376637666239323934393835326262323138393863656130373563656630363237623262
32373262373666663064303664386137323334313461636531316463393761386239356364383263
61636566616463623833613065396536643032386664356566373538616561346234653036393132
32633231336664663566343935393462396438643562333765623566663531646262626232343165
31333831316466353036633138343361393436626231323038343935623831396361386264333634
62373439663035326435633737633463303531643530616166343162373431366666353639306235
63383564353934393863616261373638643637396230363639663063306163393964386630383136
33313638643334353332323661646463643838353638636533373136636235336538393265313539
36393036343166346362646561646337656331396432653264383831656163353531613163333532
33306361636437343261323363316661316663616439386330616138323837396666376539333463
61393964646231383534306562373135313735373738363436663535643032646364323865613130
383733326433376463386536616164656261
39376437663661656434636637396539303863633934376535353938656434386533323063626439
3665306133383637383739626233663565383562393534640a396436386366303730653366363530
39383533663836613934303665613031636535646233316364313766303964666266646134343833
3365623733383236630a616635383739636635663964323361663439336235336536626433333438
63356539353363663930363639396666386236653337313366313362326132346563663663633165
36396635616138313539653966373462363666316462313765623665303439383233353733656237
38643466393336333031326438316662386137613936626563393461613236613738306537666166
34313964346132623131623561363331323764373336613238313764653739623437656136333133
37663238653665313430653031393239636562376533346335363263373836613331333131623164
36323535633831656136633661326362646366623037386233656238616163623564653137303834
39643965363039643537303031643032333836316534336439346665316436306465663062323338
35393132346334653539343430373934323233623432386665633532366335333031356263376266
36386231613533383265346130383238316666663230643532383938663562386639326330646462
38633930343332353664363463303438643232633862646535626131633633396266353337396231
65353132653034653661316630663462633565363966326137373835316366313734646230376365
33666536333134323532363935326234393031393261393935656131366364616165643662333137
33316562663566353338346538313933313562613532383733326433653262366135353830336361
65343437346234343032323763353030663731336236623635633437393332323164666539313965
37366563383463613032333437366133343361643131353963346531313037643862363762383735
65383765386462653263343335633065623836613736663532313433396433376139633333653663
37336565656463356166636330306333636561366335366638383861316633623661396565633462
32623530326334383065346466643766383531353962666135313466633532643664356430386133
64653737326430623666313666643334313866616630313162666436373031363630613065393938
34626562346333346362643461346163396565393064356663356132663731353364363565316466
64343938613864646438326630323463323435393730643631626237303466346538376566333235
35393939626463376633306566336564663765313333616539376237323735656335646635366662
65363761616439656162363834623035346230383434653662366235343334636630383331623637
63633666646262646134303930363431343964373963393035343932393739633664373362343563
30643766643935643731613737646134303133646632313630353530376635616439666566636634
64336161336535323362616637306231376534336437633364393962666662336564643030373030
37356136336235313737316232613036366632663266306131366634386462336535303636353663
34313538373965636366356435613664313934663264666533316231623331336533396634333761
66363562623235626235346232306664636239386131353966366134393932653465636137646333
37376534313361666534383433613331663131626461373931343338643433616561336566626361
62623661323338353265356361366537653164316465316631653263636165636166366466326230
37363632653031616563323737616438666166363936386531313537653239656163353731366662
66616438303538366338326533653630636338323435636263616263306636616632616533623130
32316139356430656262343133653932356231386364393734393964343537306561383138316536
64663132393239306665353636643561336334393938643239336637303766393533323436386665
61373036623566613931366365663961396432346535633837323531323934373939383832636637
64653131333432666366393431303036353165643362383934623730323965306163303333323236
63626130373234366531386465636336663065633339386337366361316235333563653534313064
38393437383438323762616330393535326333366364666330646135636339363232333336326162
39633964373439346237363734316633376234383933666137616533313034333932353330623333
37373963363234326634663634333766616232626262663764326164333464663066636339646463
37633937666532613762313330323365323033613039316463363633316164363663653865653363
64343536333634663864333035623238316536386131613762616161636361326632353234313236
61353831666664316361613065323038326439636262363762653066396434353137373439303662
35333437616432326334333536666633616334313530316262623634386531313066666662633633
33343635666433316437386661633361336466306161653262323734623961363736643532623132
39323364656339386561333463323866356438663965393661353638333530663934346563393565
33383862633632613366313738383337636366666565353464623131316630316237653335376239
66623436663366653530323864366264666362306461613939393463353437636535656539653131
63623433346431393165346235396565373038633430366138316163613238386231363736626630
65336533663233386331663534636236393531643139386434373032666234343736336264396630
32353131356461343938633164306338366338303736353665613137316664653337313135363031
61306636613833336538663764616138633532396164666461636362336533383330343434326237
32663833313066396263636634316566383966326334396465396633363961616365383434653137
33373163363362643765313033646537386533396230333232343163333432323631386662363765
66643232323239303766643033326362373162333237383863336365336530386563663264626365
38383337646138643762623937643333383834633735356434613561626433633035386236376135
36656234666363356433356565666161303664623236303961623332353431646565613733393031
38643661376636393335643839326133653464343637393661623464336230343761353738616438
31306335396538643366643734633164393037616363623435623330396432323231313665393864
64336662386639326637373866386234343638366630366434356537666437643364613466613331
63363338333962356261346664643635373964633339373935356339666661343532386534366264
30323538656539353433613765356232386366633065366235316434626438396630363862653433
63323537616630666339653732623838666132613333386231333934393065663930653436336133
35633432363738623366376537303065306330613664626535333361383431663331623836353361
64393937316639383934383963313738313539316334356232316265623830346337343933336465
66316338343762646165643030633865343561323434636239306131373238303931633261396332
30306139343634613130646434303766356639353334663165643435666635373638623130353734
63336432653134653462633032383232343839333734653966653038343935303932386535623863
61383638383835353836626138393534353239356462396235656662613138356530316532633137
36383832623364363435363535343131373238613534393462636638663130373265326362303435
38666261633263363262333338333765343164316566363366666563643030353338656535613437
30616436656239343438313133386564383566623930353866323336643131306166393632353830
61646534356433376534376436383366323836663766376661343961626238316338633039623539
35346637633963346464616361613862333662663239376635346437346436393736346130343534
32313736613936383339323738316335633039626563303136373363316365336565633062373065
62313632336138626665373365303463623264623034623538336461333962343432353435396162
66396264326661323865393638343166373336653561373437313266636536623534333165323537
32396331353964316231306466653237393430313736393932323365363239353264616565326466
34643866323736303730356433326463306536383662316566653738613636363061623261313239
62663961343636366631613732343363366165383335613635616433316539383035623762336363
37373764343038393136373139613565363838343435333730346430396535333533643534363532
63376332303162633533666439303065366162653838393333313738643662303135353665373338
35326436393233623961383263636134393038373435666131616332323462653337303162346363
37633735376432663236633234383166306132633037303731373735356663626539333362613132
64313838626136356663323936356337623561633364303438353038666539363738616537653364
34646535306462666164626566323739623333306132396534343938313766663836643534396335
33306330356337653663666337313039376464633132383933323732313235393338346239303664
66666561396331653636646530616534616132363834386436623634366339623538383065363836
33313131303533616335366339333239313031346365353461326430643666666534613637616564
66623264303263663261653034383661306261366263303233336231386265393164393231363263
63396334303431623833313864353263663538623165656230316232646464383335363732333833
35383030396138313635613966336639623330626662383835333336646632313338353239313262
36663431373464363734376136393362653536636436386139643438643362386631663161356636
37653337306435633365333039663832353331653030393161353338656532323130353230383862
37636633666361373430663139646466643530313336616139663539313838346233326634366138
61656161383838356662393366643537633438623066306134636332373735363536653031643064
66363033336533393739366235346264656432383065633364333838303766643938396362393935
30353363343839333536393866366561393261623863383964373366626666323363323664333962
32663064366133386263306262656564613563653066313732366134383166313362383832393561
66316563643733633062326530366263323339353039326664643935346235316632386337396266
66363836666639313066333736653535393435653631316132323637316234303032366664366537
30373739363136393037613039623761343261346633343066633462616535313037316535376639
33653232373237613933616531393130356466363761316531353234663334343630363736383465
37623063323065363130303661633939663436646435313834636437653938396264646137343561
31373937346337396338393666666264636632343961343461646134653338373164313238313030
38326231343838623730633334356162303934393538333035356139613939353833326637633933
34626363616239363661346665333232646230316534666436333335363038303033356232326231
33333034373833353530376435303135313230313361326137363737643733363961616265343764
30303730623536303731633561333162373036316263376461666265363133363836613666353732
39343637333538303830633064313432646239336539346136323537356663373464303862653232
61653235303638376161326531626339616164353636306162353739316666333537633836636562
64626432656438376238633763356565356365623739616663303639646431393465376439643538
38326436313563396536383162316365383065653866663138663265373131333437626664366638
32633033366138663263653639376534633933323633326332636335303262373931656539356230
31643061636139373362343735396337313534316230646435333036636238393131353635393061
37313031633566396336353664626431376238336363323164393562613335613361623932393635
39613633626437383932323063353238366466663365396134663431303334333866323134646137
61336233356437323362346661373566633363353431323138316262343865636239376165353031
33613432633239626336323964646461643233313633636239333430346463323334373863303736
61343566383135653736663761643461343866373930616165613166336230616639316332663764
35323438633339383736383539383836613436313036393262316362663038336134366263376365
30616231633536643138383235393362306435333536363538353936626532366439366534646535
37653563623839633133396430376464326336663233396234386264386331366366356632313366
65363332363661623739623563303064626230363966643137616337383366343236663638326130
61316637336430643539656266396435623362633465366132653036353435386635653034376266
30313466366538373832393363313661653936303035363136343739336239356461356433393964
32393239343238366262616662373235633763383532613961653164303234663231313038393237
66353836623437653164373165393834366162623138653363316231306131383438653265663866
35643433636230363232303837323939366131613933366137373861303538633830303631313765
38313838313538643437613965353430386231376263643938343365333433313864313039336466
65323531616439333363373433663464373366653834643861373566373631316339643330393232
63373962353737303232653562303834323766353932323130303565383934306366636666626666
36376136333962643663333730336161613466306261636531353935336631373635663662356139
64383635333864333638316433303463616534376661333433313664623536303532613532363733
63356535336239333262323432643932636164623833656237623831373062663261363330393664
62646337343536356434336463386337373963363832306338316139636430363530346636353765
35303963636132313264666133633837356563386537646464636563303734653062393331333561
65346134386136353433326234616635393632383934363862636130346532303561336632636437
65616230373063323063326663613131663162326530326466306331353237303462396639663934
35333035353831383664336133636363363930353866383237363666393365323837306562393838
32343431643062393532396339383539353863643466653235363963336136313836393663623132
62376634333630353532653436643333636330303334366565316538313138396566663834353334
35613830326430393433333539373938323435623061323833653736663938306366636335333964
35303862326561613038643765643066636665663734336434616430356666393861666661303430
30636437663738633463303561353566393035613134313664633037373261646337663736613562
37393934653437343736386438633234653764653736636265623563666362333431633765326331
62396135613637666237303164323661303461613739316538663633626639353932366363626331
38383033643965616232333138613761613933323934356530623763363162613464653736333639
35666339393866373431623663383130356532656263643332373064363864346639326635353132
38666534346133623232636635383335376438343434633633303531636163303736333738656364
38373864313066376361626163333162323138663936386232383034366437393737353833386664
33303935666264633465366363333932396139643964323066336565623334393239393132343236
33366536653864656233663461396432386437363239323064333234313937373033323962336231
61313331636334313365306133646339643731303732356136633130386261656263616435623866
30353031373939303236313235643963623338643531386265656230336434373365303432386262
37356631376661326266343266613862333737303630316637363333623632633832653534346232
30623535393934303332653537316133396639366331323865366333663638653730366431666463
34366632626665353731616637393132353531613232356538613764376361616536313430633965
37643836363366656666653366383233623231333364333661656632336137383732363435353933
36353038653835643632316563383930376462363238386361303939343730316537313662626164
34613065306332333433653766396365396332353839383562326361373939356662396361613362
63623030353463396131336361653730646537303066653636633239333634386663366637346465
61626633633436316233646432323534666333396238363366313433656134646566333862623833
61393263376638353634333338653763363639383136306165393736663865616337643864333432
35366563643637363465303930333062396165643366366464373636373463326663333162613361
33323032626433333664333161623031316430383939613533313534393833303935343865333262
66396366383233356436663762316231656535626237633739613765356238386339333331363031
32616238313137376635623631303232616330303037373433376333313763626262643636636638
36353738373036343535616337663634393764633062306435396263343032323032353130326137
38613134306438626331636633346361336161633831353761623236326638663462653039643961
64653938613361336463663532366431316138356236633637313133333961316266326132653730
65333266666566373962363962356132383531656130356465383363356166303764643863303531
33363137356237616361316565336536376236353637633435633433356161316361313330643834
34626664323065666166613530373664623635643566613333353565616439383365383962633230
65316437373430623561346333363463613531356333356234663338633338316161633039323964
62376534373636376166383166393139613331323937306138396232653762653765386231616637
33376338346532363366383438353266326366626434336430616566653438313334383337613939
64366136323631653766616232386438656635333964343439633666613834613361393262653462
39383336356233343436313036643435303639343435356365333765653464656238336338323034
30363039623866346539323739393664623564373230353533383631663137313533366538373537
32346134663533353063323639383735323365336133373334343233303961663631333864373134
62306432643663646663353065643565626538343538333431616364376535616261656431626263
39643136623964336630353231346637613437333437616265353630616533383761356430343633
37303737336335633661363663326561323433613431653264653635653766353030373437653333
32393935613831636333313735613066306166643734303731363038343532363638386130343837
39376537336437393263363662313831353633343130626365616431383663633235306238396439
35396461303136323733346638306430643030646262623661643764336264666161373263356535
38336234326631303838313538343061653037366366316236383333623563323264643462326531
35373061653734663766663063613466333836333566343562616666646566313163636266663961
37623035383632353735306661313530353334656563323866616462626565313035663739343663
66646332653939666163636432396332316563356534336463326466316133333731636534383734
36613936393064376361343437303365643534653961616634656261323335336335373932343535
36373263666665393164393563316166363938333462643736626235303231316562393334373736
65353961313065636332353432333539636431353833333337346636356661633565646339393865
33666230383462363136336665396463393862363637316634616262386363303062356663343265
39666466303337643637343665356330373938653066346139653365346263623437363539313334
65313834366239326161323535336339303764353736623365663336353763383061396630656631
36623961633166353261393536663234623335323063343764363864656139623633393932616665
32356138613135616163613532316231366137326131346366313638386335393664383061326631
30653933323434303931653465376132313831326235343563663932333233633033613962633532
39343065653934383565376262663262633637313864346363643631353564306337626335306135
38356430626566366634313538336563393262396434303463363561646165313330646561333366
37333931316432346561623535313735313331373664393931383166663133373263383766343539
66323338366637343133633735373465313266626465323237656563343137363763643634333536
37353635643835656461316438653961346131643535643461383632613436653634666439643739
62323234633230326433383164386532326339623838336130393264666561323063396137653534
65643036316131313330353265633564383164363365303838376535623639383239323433656165
61363933333737306331393166316666316561663262613261646533666365623531663130326564
64656134316438363431366434303836383666316435373762343739663136643337343531393166
35356663346564316436663031636262323764376231663238613233353231666564313333666331
34616565636261343963646435313536326364303130336137323234393432343437386137363630
33386632353730333563626163656366646133376465383430616637653065373962306532616330
36323466373339386139316466373163383363376262643264323332343064656464363134656563
61316462333462303139653361303765613062633265616335313032306165633033666432616138
38356635646431306462393061643363323335386666616666353063646164623338363265623166
35663532613666613765313861353832336233653564653734656339383935623538