From affbfcd1160ce3008dbdd65facafdc8afea604cd Mon Sep 17 00:00:00 2001 From: quinm0 Date: Mon, 23 Feb 2026 16:39:06 -0500 Subject: [PATCH] Cleaning up --- .gitignore | 56 +++++++ installAppimage.sh | 86 +++++++++++ src/ansible/README.md | 23 +++ src/ansible/archive/driveConfigTasks.yaml | 44 ++++++ src/ansible/dietpi-inv.ini | 3 + src/ansible/dietpiconfig-playbook.yaml | 4 + src/ansible/install-zsh-playbook.yaml | 28 ++++ src/ansible/playbook.yaml | 7 + .../roles/devtools/tasks/install-ctop.yaml | 87 +++++++++++ .../devtools/tasks/install-lazydocker.yaml | 21 +++ .../devtools/tasks/install-opentofu.yaml | 34 +++++ src/ansible/roles/devtools/tasks/main.yaml | 8 + src/ansible/roles/dietpi/tasks/main.yaml | 2 + src/ansible/roles/dietpi/tasks/rns.yaml | 138 ++++++++++++++++++ src/ansible/roles/pcpanel/tasks/main.yaml | 66 +++++++++ .../roles/soupclown/defaults/main.yaml | 18 +++ .../roles/soupclown/tasks/create-users.yaml | 13 ++ .../roles/soupclown/tasks/docker-install.yaml | 47 ++++++ .../roles/soupclown/tasks/install-deps.yaml | 42 ++++++ src/ansible/roles/soupclown/tasks/main.yaml | 9 ++ .../soupclown/tasks/rclone-mega-install.yaml | 71 +++++++++ src/ansible/secrets.yaml | 30 ++++ src/ansible/tailscale-inventory.ini | 10 ++ src/ansible/vps-inv.ini | 2 + src/docker-compose/.gitignore | 2 + src/docker-compose/all-down.sh | 6 + src/docker-compose/all-up.sh | 6 + src/docker-compose/downloadin-compose.yaml | 121 +++++++++++++++ src/docker-compose/downloadin-down.sh | 2 + src/docker-compose/downloadin-up.sh | 2 + src/docker-compose/immich-compose.yaml | 75 ++++++++++ src/docker-compose/immich-down.sh | 2 + src/docker-compose/immich-up.sh | 2 + src/docker-compose/jellyfin-compose.yaml | 32 ++++ src/docker-compose/jellyfin-down.sh | 2 + src/docker-compose/jellyfin-up.sh | 2 + src/docker-compose/navidrome-compose.yaml | 11 ++ src/docker-compose/navidrome-down.sh | 2 + src/docker-compose/navidrome-up.sh | 2 + src/docker-compose/paperless-compose.env | 40 +++++ src/docker-compose/paperless-compose.yaml | 62 ++++++++ src/docker-compose/paperless-down.sh | 2 + src/docker-compose/paperless-up.sh | 2 + 43 files changed, 1224 insertions(+) create mode 100644 .gitignore create mode 100755 installAppimage.sh create mode 100644 src/ansible/README.md create mode 100644 src/ansible/archive/driveConfigTasks.yaml create mode 100644 src/ansible/dietpi-inv.ini create mode 100644 src/ansible/dietpiconfig-playbook.yaml create mode 100644 src/ansible/install-zsh-playbook.yaml create mode 100644 src/ansible/playbook.yaml create mode 100644 src/ansible/roles/devtools/tasks/install-ctop.yaml create mode 100644 src/ansible/roles/devtools/tasks/install-lazydocker.yaml create mode 100644 src/ansible/roles/devtools/tasks/install-opentofu.yaml create mode 100644 src/ansible/roles/devtools/tasks/main.yaml create mode 100644 src/ansible/roles/dietpi/tasks/main.yaml create mode 100644 src/ansible/roles/dietpi/tasks/rns.yaml create mode 100644 src/ansible/roles/pcpanel/tasks/main.yaml create mode 100644 src/ansible/roles/soupclown/defaults/main.yaml create mode 100644 src/ansible/roles/soupclown/tasks/create-users.yaml create mode 100644 src/ansible/roles/soupclown/tasks/docker-install.yaml create mode 100644 src/ansible/roles/soupclown/tasks/install-deps.yaml create mode 100644 src/ansible/roles/soupclown/tasks/main.yaml create mode 100644 src/ansible/roles/soupclown/tasks/rclone-mega-install.yaml create mode 100644 src/ansible/secrets.yaml create mode 100644 src/ansible/tailscale-inventory.ini create mode 100644 src/ansible/vps-inv.ini create mode 100644 src/docker-compose/.gitignore create mode 100755 src/docker-compose/all-down.sh create mode 100755 src/docker-compose/all-up.sh create mode 100644 src/docker-compose/downloadin-compose.yaml create mode 100755 src/docker-compose/downloadin-down.sh create mode 100755 src/docker-compose/downloadin-up.sh create mode 100644 src/docker-compose/immich-compose.yaml create mode 100755 src/docker-compose/immich-down.sh create mode 100755 src/docker-compose/immich-up.sh create mode 100644 src/docker-compose/jellyfin-compose.yaml create mode 100755 src/docker-compose/jellyfin-down.sh create mode 100755 src/docker-compose/jellyfin-up.sh create mode 100644 src/docker-compose/navidrome-compose.yaml create mode 100755 src/docker-compose/navidrome-down.sh create mode 100755 src/docker-compose/navidrome-up.sh create mode 100644 src/docker-compose/paperless-compose.env create mode 100644 src/docker-compose/paperless-compose.yaml create mode 100755 src/docker-compose/paperless-down.sh create mode 100755 src/docker-compose/paperless-up.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ad33a39 --- /dev/null +++ b/.gitignore @@ -0,0 +1,56 @@ +# See https://help.github.com/articles/ignoring-files/ for more about ignoring files. + +# dependencies +node_modules +/.pnp +.pnp.js + +# testing +/coverage +.venv/ + +# database +/prisma/db.sqlite +/prisma/db.sqlite-journal +db.sqlite + +# next.js +.next/ +out/ +next-env.d.ts + +# production +build + +credentials.json +tokens/ + +# misc +.DS_Store +*.pem + +# debug +npm-debug.log* +yarn-debug.log* +yarn-error.log* +.pnpm-debug.log* + +# local env files +# do not commit any .env files to git, except for the .env.example file. https://create.t3.gg/en/usage/env-variables#using-environment-variables +.env +.env*.local + +# vercel +.vercel + +# typescript +*.tsbuildinfo + +# idea files +.idea +.env* +.flaskenv* +!.env.project +!.env.vault + +dist/ \ No newline at end of file diff --git a/installAppimage.sh b/installAppimage.sh new file mode 100755 index 0000000..59416dc --- /dev/null +++ b/installAppimage.sh @@ -0,0 +1,86 @@ +#!/bin/bash +set -e +set -o pipefail + +APPIMAGE_PATH=$1 + +if [ -z "$APPIMAGE_PATH" ]; then + echo "Missing argument: appimage" + exit 1 +fi + +if [ ! -f "$APPIMAGE_PATH" ]; then + echo "File not found: $APPIMAGE_PATH" + exit 1 +fi + +TEMP_SQUASHFS_PATH=$(mktemp -d) +APPIMAGE_FULLPATH=$(readlink -e "$APPIMAGE_PATH") +APPIMAGE_FILENAME=$(basename "$APPIMAGE_PATH") +APP_NAME="${APPIMAGE_FILENAME%.*}" +DESKTOP_ENTRY_PATH="${HOME}/.local/share/applications/$APP_NAME.desktop" +ICON_FOLDER="${HOME}/.local/share/icons" +mkdir -p "${ICON_FOLDER}" + +if [ "$2" == "--remove" ]; then + rm -f "$DESKTOP_ENTRY_PATH" + find "${ICON_FOLDER}" -maxdepth 1 -type f -name "$APP_NAME.*" -delete + echo "Removed" + exit 0 +fi + +pushd $TEMP_SQUASHFS_PATH +"$APPIMAGE_FULLPATH" --appimage-extract > /dev/null +cd squashfs-root/ + +echo "Choose icon: " +mapfile -t FILENAMES < <(find -L . -maxdepth 1 -type f \( -iname '*.png' -o -iname '*.svg' \)) +i=1 +for filename in "${FILENAMES[@]}" +do + printf " %d) %s\n" "$i" "$filename" + i=$((i + 1)) +done + +read -r SELECTED_INDEX + +ICON_SRC=${FILENAMES[$((SELECTED_INDEX - 1))]} +ICON_EXT="${ICON_SRC##*.}" +ICON_DST="${ICON_FOLDER}/$APP_NAME.$ICON_EXT" +cp "$ICON_SRC" "$ICON_DST" + +cat < "$DESKTOP_ENTRY_PATH" +[Desktop Entry] +Name=$APP_NAME +StartupWMClass=$APP_NAME +Exec=$APPIMAGE_FULLPATH +Icon=$ICON_DST +Type=Application +Terminal=false +EOT + +popd + +cat < /etc/apparmor.d/$APP_NAME +# This profile allows everything and only exists to give the +# application a name instead of having the label "unconfined" +abi , +include + +profile $APP_NAME $APPIMAGE_FULLPATH flags=(default_allow) { + userns, + + # Site-specific additions and overrides. See local/README for details. + include if exists +} +EOT + +popd + +rm -rf $TEMP_SQUASHFS_PATH + +systemctl reload apparmor.service + + + +echo "Created" diff --git a/src/ansible/README.md b/src/ansible/README.md new file mode 100644 index 0000000..49e8935 --- /dev/null +++ b/src/ansible/README.md @@ -0,0 +1,23 @@ +# Ansible host setup + +### About + +This is made with the intent to be reuseable when any hosts on a network need to be configured back to a common state. +I've actually decided that this will only get the system configs and lower level configs in place for larger tools to then use the host for service orchistration. + +# Tasks + +- Install dependencies +- Create users +- Write env file +- Install Docker +- Install Rclone + +## Variables: + +``` +- soupclown_users: list (Creates a user for each user and then also sets them as sudoer) + - name: + isMod: true | false (sets as sudoer) +- soupclown_drive_configs: (not upgraded yet) +``` diff --git a/src/ansible/archive/driveConfigTasks.yaml b/src/ansible/archive/driveConfigTasks.yaml new file mode 100644 index 0000000..e2e0900 --- /dev/null +++ b/src/ansible/archive/driveConfigTasks.yaml @@ -0,0 +1,44 @@ +--- +- name: Install mergerfs if not present + apt: + name: mergerfs + state: present + update_cache: yes + +- name: Update mergerfs systemd service with drive paths + template: + src: mergerfs.service.j2 + dest: /etc/systemd/system/mergerfs.service + mode: "0644" + owner: root + group: root + +- name: Ensure fstab is updated with drive configurations + lineinfile: + regexp: "^PARTUUID={{ item.partuuid }}" + path: /etc/fstab + line: "PARTUUID={{ item.partuuid }} {{ mount_point }}/{{ item.name }} {{ item.fs_type }} defaults,auto,nofail 0 2" + state: present + loop: "{{ drive_configs }}" + +- name: Ensure mount points exist and have appropriate permissions + file: + path: "{{ mount_point }}/{{ item.name }}" + state: directory + mode: "0755" + owner: root + group: root + loop: "{{ drive_configs }}" + +- name: Systemctl daemon-reload + command: systemctl daemon-reload + +- name: Mount all filesystems + command: mount -a + ignore_errors: yes + +- name: Start and enable mergerfs service + systemd: + name: mergerfs + state: started + enabled: yes diff --git a/src/ansible/dietpi-inv.ini b/src/ansible/dietpi-inv.ini new file mode 100644 index 0000000..dfb8032 --- /dev/null +++ b/src/ansible/dietpi-inv.ini @@ -0,0 +1,3 @@ +[dietpi-inv] +; B407 Raspberry pi node +root@192.168.68.52 ansible_ssh_private_key_file=~/.ssh/id_ed25519 diff --git a/src/ansible/dietpiconfig-playbook.yaml b/src/ansible/dietpiconfig-playbook.yaml new file mode 100644 index 0000000..e444a05 --- /dev/null +++ b/src/ansible/dietpiconfig-playbook.yaml @@ -0,0 +1,4 @@ +--- +- hosts: dietpi-inv + roles: + - dietpi diff --git a/src/ansible/install-zsh-playbook.yaml b/src/ansible/install-zsh-playbook.yaml new file mode 100644 index 0000000..99615a0 --- /dev/null +++ b/src/ansible/install-zsh-playbook.yaml @@ -0,0 +1,28 @@ +--- +- name: Playbook + hosts: qmoran-laptop + become: true + + vars: + omz_install_zsh: true + users: + - name: "qmoran" + group: "qmoran" + settings: | + export PATH="/usr/local/sbin:$PATH" + alias desktop="ssh qmoran@100.96.19.102" + alias po1="ssh qmoran@100.70.86.70" + + tasks: + - name: Run oh-my-zsh. + include_role: + name: "oh-my-zsh" + vars: + omz_user: "{{ item }}" + # Only create `.zshrc` for user 'qmoran'; item.settings will be + # appended to `.zshrc` for the user 'qmoran'. + omz_zshrc_create: "{{ (item.name == 'qmoran') | ternary(true, false) }}" + omz_plugins: + # - "autojump" + - "git" + with_items: "{{ users }}" diff --git a/src/ansible/playbook.yaml b/src/ansible/playbook.yaml new file mode 100644 index 0000000..b2bc0cc --- /dev/null +++ b/src/ansible/playbook.yaml @@ -0,0 +1,7 @@ +--- +- hosts: qmoran-desktop + become: yes + roles: + - devtools + vars_files: + - secrets.yaml diff --git a/src/ansible/roles/devtools/tasks/install-ctop.yaml b/src/ansible/roles/devtools/tasks/install-ctop.yaml new file mode 100644 index 0000000..91bb45c --- /dev/null +++ b/src/ansible/roles/devtools/tasks/install-ctop.yaml @@ -0,0 +1,87 @@ +# ============================================================================ +# CTOP Installation Task +# ============================================================================ +# +# ## Overview +# This task sequence installs **ctop** (a top-like interface for container metrics) +# on the target system using the azlux repository. +# +# ## Prerequisites +# - Target system must be Debian/Ubuntu-based +# - Root or sudo privileges required +# - Internet connectivity to download packages and GPG keys +# +# ## Workflow +# 1. **Prerequisite Check**: Verifies if ctop is already installed via marker file +# 2. **Dependency Installation**: Installs required system packages +# - ca-certificates (SSL/TLS support) +# - curl (download utilities) +# - gnupg (GPG key management) +# - lsb-release (OS release detection) +# 3. **Repository Setup**: +# - Adds azlux GPG key for package verification +# - Validates GPG key integrity +# - Adds azlux apt repository with signed packages +# - Refreshes apt cache +# 4. **Package Installation**: Installs docker-ctop package +# +# ## Key Features +# - ✅ Idempotent: Skips execution if ctop is already installed +# - ✅ GPG Validation: Ensures repository authenticity +# - ✅ Error Handling: Fails playbook if GPG key or repo validation fails +# - ✅ Architecture-Aware: Uses ansible_architecture variable for multi-arch support +# +# ## Variables Used +# - `ansible_architecture`: Target system CPU architecture (auto-detected) +# - `ctop_installed_check`: Registration variable tracking installation status +# - `apt_key_finger_output`: GPG key validation results +# - `azlux_repo_check`: Repository addition verification results +# +# ## Failure Points +# - GPG key import fails or key not found in fingerprint output +# - Repository addition fails or cannot be verified +# - Package installation fails +# +# ## Notes +# - Uses `signed-by` parameter for secure apt repository configuration (modern approach) +# - Creates marker file at `/var/ctop_installed` to track installation state +# - `lsb_release -cs` dynamically determines Debian/Ubuntu codename +# - Ensure that the system is updated before running this playbook for best results + +- name: Check if ctop is installed + stat: + path: /var/ctop_installed + register: ctop_installed_check + +- name: Install prerequisites for ctop + apt: + name: + - ca-certificates + - curl + - gnupg + - lsb-release + state: present + update_cache: yes + when: not ctop_installed_check.stat.exists + +- name: Add azlux GPG key for ctop + apt_key: + url: https://azlux.fr/repo.gpg.key + state: present + keyring: /usr/share/keyrings/azlux-archive-keyring.gpg + when: not ctop_installed_check.stat.exists + +- name: Add azlux repository for ctop + shell: | + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/azlux-archive-keyring.gpg trusted=yes] http://packages.azlux.fr/debian stable main" | sudo tee /etc/apt/sources.list.d/azlux.list >/dev/null + when: not ctop_installed_check.stat.exists + +- name: Update apt cache after adding azlux repository + command: apt-get update + when: not ctop_installed_check.stat.exists + +- name: Install ctop + apt: + name: docker-ctop + state: present + when: not ctop_installed_check.stat.exists diff --git a/src/ansible/roles/devtools/tasks/install-lazydocker.yaml b/src/ansible/roles/devtools/tasks/install-lazydocker.yaml new file mode 100644 index 0000000..933a872 --- /dev/null +++ b/src/ansible/roles/devtools/tasks/install-lazydocker.yaml @@ -0,0 +1,21 @@ +- name: Check if lazydocker is installed + stat: + path: /var/lazydocker_installed + register: lazydocker_installed_check + +- name: Download install script for lazydocker + get_url: + url: https://raw.githubusercontent.com/jesseduffield/lazydocker/master/scripts/install_update_linux.sh + dest: /tmp/install_lazydocker.sh + mode: "0755" + when: not lazydocker_installed_check.stat.exists + +- name: Run lazydocker installer script + command: /tmp/install_lazydocker.sh + when: not lazydocker_installed_check.stat.exists + +- name: Create file indicating lazydocker is installed + file: + path: /var/lazydocker_installed + state: touch + when: not lazydocker_installed_check.stat.exists diff --git a/src/ansible/roles/devtools/tasks/install-opentofu.yaml b/src/ansible/roles/devtools/tasks/install-opentofu.yaml new file mode 100644 index 0000000..6296cc8 --- /dev/null +++ b/src/ansible/roles/devtools/tasks/install-opentofu.yaml @@ -0,0 +1,34 @@ +# get the installer script +# curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh + +- name: Check if opentofu is installed + stat: + path: /var/opentofu_installed + register: opentofu_installed_check + +- name: Download installer script + get_url: + url: https://get.opentofu.org/install-opentofu.sh + dest: /tmp/install-opentofu.sh + mode: "0755" + when: not opentofu_installed_check.stat.exists + +- name: Make installer script executable + command: chmod +x /tmp/install-opentofu.sh + when: not opentofu_installed_check.stat.exists + +- name: Install opentofu + command: /tmp/install-opentofu.sh --install-method deb + when: not opentofu_installed_check.stat.exists + +- name: Remove installer script + file: + path: /tmp/install-opentofu.sh + state: absent + when: not opentofu_installed_check.stat.exists + +- name: Create file indicating opentofu is installed + file: + path: /var/opentofu_installed + state: touch + when: not opentofu_installed_check.stat.exists diff --git a/src/ansible/roles/devtools/tasks/main.yaml b/src/ansible/roles/devtools/tasks/main.yaml new file mode 100644 index 0000000..45069ec --- /dev/null +++ b/src/ansible/roles/devtools/tasks/main.yaml @@ -0,0 +1,8 @@ +- name: Install opentofu + import_tasks: install-opentofu.yaml + +- name: Install lazydocker + import_tasks: install-lazydocker.yaml + +- name: Install ctop + import_tasks: install-ctop.yaml diff --git a/src/ansible/roles/dietpi/tasks/main.yaml b/src/ansible/roles/dietpi/tasks/main.yaml new file mode 100644 index 0000000..fbfbc83 --- /dev/null +++ b/src/ansible/roles/dietpi/tasks/main.yaml @@ -0,0 +1,2 @@ +- name: Install Reticulum Network Stack (RNS) + import_tasks: rns.yaml diff --git a/src/ansible/roles/dietpi/tasks/rns.yaml b/src/ansible/roles/dietpi/tasks/rns.yaml new file mode 100644 index 0000000..4e00ae7 --- /dev/null +++ b/src/ansible/roles/dietpi/tasks/rns.yaml @@ -0,0 +1,138 @@ +--- +# - name: Install python3 packages +# pip: +# name: "{{ item }}" +# state: present +# executable: pip3 +# with_items: +# - rns +# - lxmf + +- name: Create systemd service for rns + copy: + dest: /etc/systemd/system/rns.service + content: | + [Unit] + Description=Reticulum Network Stack Daemon + After=multi-user.target + + [Service] + Type=simple + Restart=always + RestartSec=3 + User=root + ExecStart=rnsd --service + + [Install] + WantedBy=multi-user.target + +- name: Reload systemd + systemd: + daemon_reload: yes + +- name: Ensure rns service is enabled and started + systemd: + name: rns.service + enabled: yes + state: started + +- name: Stop service for config file update + systemd: + name: rns.service + state: stopped + +- name: Ensure Reticulum config directory exists + file: + path: /root/.reticulum + state: directory + mode: "0755" + +- name: Deploy rns configuration file (using block for friendly file updates) + copy: + dest: /root/.reticulum/config + content: | + [reticulum] + enable_transport = True + share_instance = Yes + instance_name = B407 + discover_interfaces = Yes + panic_on_interface_error = No + + # If you're connecting to a large external network, you + # can use one or more external blackhole list to block + # spammy and excessive announces onto your network. This + # funtionality is especially useful if you're hosting public + # entrypoints or gateways. The list source below provides a + # functional example, but better, more timely maintained + # lists probably exist in the community. + + # blackhole_sources = 521c87a83afb8f29e4455e77930b973b + + [logging] + # Valid log levels are 0 through 7: + # 0: Log only critical information + # 1: Log errors and lower log levels + # 2: Log warnings and lower log levels + # 3: Log notices and lower log levels + # 4: Log info and lower (this is the default) + # 5: Verbose logging + # 6: Debug logging + # 7: Extreme logging + loglevel = 4 + + # The interfaces section defines the physical and virtual + # interfaces Reticulum will use to communicate on. This + # section will contain examples for a variety of interface + # types. You can modify these or use them as a basis for + # your own config, or simply remove the unused ones. + + [interfaces] + + [[Default Interface]] + type = AutoInterface + enabled = Yes + [[RNode LoRa Interface]] + type = RNodeInterface + enabled = yes + port = /dev/ttyACM0 + # Set frequency to 915 MHz (US ISM Band) + frequency = 915000000 + # Set LoRa bandwidth to 125 KHz + bandwidth = 125000 + # Set TX power to 7 dBm (5 mW) + txpower = 7 + # Select spreading factor 8. Valid + # range is 7 through 12, with 7 + # being the fastest and 12 having + # the longest range. + spreadingfactor = 8 + # Select coding rate 5. Valid range + # is 5 throough 8, with 5 being the + # fastest, and 8 the longest range. + codingrate = 5 + # You can configure the RNode to send + # out identification on the channel with + # a set interval by configuring the + # following two parameters. + id_callsign = B407 + id_interval = 600 + # For certain homebrew RNode interfaces + # with low amounts of RAM, using packet + # flow control can be useful. By default + # it is disabled. + # flow_control = False + # It is possible to limit the airtime + # utilisation of an RNode by using the + # following two configuration options. + # The short-term limit is applied in a + # window of approximately 15 seconds, + # and the long-term limit is enforced + # over a rolling 60 minute window. Both + # options are specified in percent. + # airtime_limit_long = 1.5 + # airtime_limit_short = 33 + +- name: Start rns service after config update + systemd: + name: rns.service + state: started diff --git a/src/ansible/roles/pcpanel/tasks/main.yaml b/src/ansible/roles/pcpanel/tasks/main.yaml new file mode 100644 index 0000000..72fc4fc --- /dev/null +++ b/src/ansible/roles/pcpanel/tasks/main.yaml @@ -0,0 +1,66 @@ +# add block to /etc/udev/rules.d/70-pcpanel.rules +# SUBSYSTEM=="usb", ATTRS{idVendor}=="04D8", ATTRS{idProduct}=="eb52", TAG+="uaccess" +# SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c4", TAG+="uaccess" +# SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c5", TAG+="uaccess" + +- name: Check if we've already set up pcpanel + stat: + path: /etc/udev/rules.d/70-pcpanel.rules + register: pcpanel_rules_file + +- name: Check if we've installed the deb file before + stat: + path: /var/pcpanel_installed + register: pcpanel_deb_file + +- name: Ensure pulseaudio is installed + apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: + - pulseaudio + - pulseaudio-utils + when: not pcpanel_rules_file.stat.exists + +- name: Create required directories for pcpanel + file: + path: /etc/udev/rules.d + state: directory + mode: "0755" + when: not pcpanel_rules_file.stat.exists + +- name: Add udev rules for pcpanel + copy: + content: | + # SUBSYSTEM=="usb", ATTRS{idVendor}=="04D8", ATTRS{idProduct}=="eb52", TAG+="uaccess" + SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c4", TAG+="uaccess" + SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c5", TAG+="uaccess" + dest: /etc/udev/rules.d/70-pcpanel.rules + mode: "0644" + owner: root + group: root + when: not pcpanel_rules_file.stat.exists + +- name: Reload udev rules + shell: udevadm control --reload-rules && udevadm trigger + when: not pcpanel_rules_file.stat.exists + +- name: Download pcpanel deb file + get_url: + url: "https://github.com/nvdweem/PCPanel/releases/download/v1.7.1/pcpanel_1.7.1_amd64.deb" + dest: /tmp/pcpanel_1.7.1_amd64.deb + mode: "0644" + when: not pcpanel_deb_file.stat.exists + +- name: Install pcpanel deb file + apt: + deb: /tmp/pcpanel_1.7.1_amd64.deb + when: not pcpanel_deb_file.stat.exists + +- name: Create file to indicate pcpanel installed + file: + path: /var/pcpanel_installed + state: touch + mode: "0644" + when: not pcpanel_deb_file.stat.exists diff --git a/src/ansible/roles/soupclown/defaults/main.yaml b/src/ansible/roles/soupclown/defaults/main.yaml new file mode 100644 index 0000000..0766a50 --- /dev/null +++ b/src/ansible/roles/soupclown/defaults/main.yaml @@ -0,0 +1,18 @@ +soupclown_mod_group_name: soupclown_moderator + +soupclown_users: + - name: dbowen + isMod: false + +soupclown_drive_configs: + - name: d1 + partuuid: ea8eb756-01 + fs_type: ext4 + + - name: d2 + partuuid: d9892c39-c6f2-4090-bccc-1b976f85c762 + fs_type: ext4 + + - name: DATA + partuuid: 9f9dfead-c8bd-40bc-a012-7c3fa996e610 + fs_type: ext4 diff --git a/src/ansible/roles/soupclown/tasks/create-users.yaml b/src/ansible/roles/soupclown/tasks/create-users.yaml new file mode 100644 index 0000000..5049acd --- /dev/null +++ b/src/ansible/roles/soupclown/tasks/create-users.yaml @@ -0,0 +1,13 @@ +- name: Create soupclown moderator group + group: + name: "{{ soupclown_mod_group_name }}" + state: present + +- name: For each user in config, ensure user exists and if isMod true, add to moderator group + user: + name: "{{ item.name }}" + state: present + groups: "{{ [soupclown_mod_group_name] if item.isMod else [] }}" + password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits') | password_hash('sha512') }}" + update_password: on_create + loop: "{{ soupclown_users }}" diff --git a/src/ansible/roles/soupclown/tasks/docker-install.yaml b/src/ansible/roles/soupclown/tasks/docker-install.yaml new file mode 100644 index 0000000..072f2dc --- /dev/null +++ b/src/ansible/roles/soupclown/tasks/docker-install.yaml @@ -0,0 +1,47 @@ +--- +- name: Check if our custom file indicating Docker is installed exists + stat: + path: /var/docker_installed + register: docker_installed_check + +- name: Uninstall old Docker versions if present + apt: + name: + - docker + - docker-engine + - docker.io + - containerd + - runc + state: absent + purge: yes + update_cache: yes + when: not docker_installed_check.stat.exists + +- name: Install required packages for Docker + apt: + name: + - gpg + - ca-certificates + - curl + - gnupg + - lsb-release + state: present + update_cache: yes + when: not docker_installed_check.stat.exists + +# curl -fsSL https://get.docker.com -o get-docker.sh +- name: Get temporary Docker installation script + get_url: + url: https://get.docker.com + dest: /tmp/get-docker.sh + mode: "0755" + when: not docker_installed_check.stat.exists + +- name: Install Docker using the official installation script + command: sh /tmp/get-docker.sh + when: not docker_installed_check.stat.exists + +- name: Create file indicating Docker is installed + file: + path: /var/docker_installed + state: touch diff --git a/src/ansible/roles/soupclown/tasks/install-deps.yaml b/src/ansible/roles/soupclown/tasks/install-deps.yaml new file mode 100644 index 0000000..7250796 --- /dev/null +++ b/src/ansible/roles/soupclown/tasks/install-deps.yaml @@ -0,0 +1,42 @@ +# NOTE: Never use apt for rclone, use official script + +- name: Remove defualt packages + apt: + name: + - firefox + - thunderbird + state: absent + +- name: Install common packages + apt: + name: + - btop + - htop + - desktop-file-utils + - git + - gh + - ssh-import-id + - python3-venv + - python3-pip + +- name: Install snap packages + snap: + name: "{{ item }}" + state: present + with_items: + - vivaldi + - signal-desktop + +- name: Install python3 packages + pip: + name: "{{ item }}" + state: present + break_system_packages: yes + executable: pip3 + with_items: + - pyyaml + - cryptography + - passlib + +- name: Install Docker + import_tasks: docker-install.yaml diff --git a/src/ansible/roles/soupclown/tasks/main.yaml b/src/ansible/roles/soupclown/tasks/main.yaml new file mode 100644 index 0000000..0ee7cd3 --- /dev/null +++ b/src/ansible/roles/soupclown/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Install all dependencies + import_tasks: install-deps.yaml + +- name: Create users + import_tasks: create-users.yaml + +- name: Install rclone (MEGA) + import_tasks: rclone-mega-install.yaml diff --git a/src/ansible/roles/soupclown/tasks/rclone-mega-install.yaml b/src/ansible/roles/soupclown/tasks/rclone-mega-install.yaml new file mode 100644 index 0000000..034f3e3 --- /dev/null +++ b/src/ansible/roles/soupclown/tasks/rclone-mega-install.yaml @@ -0,0 +1,71 @@ +- name: Check if rclone is installed + stat: + path: /var/rclone_installed + register: rclone_installed_check + +- name: Install rclone (mega) + command: + # This command is for sure not working but I ran it manually and it worked. So I blame ansible + cmd: "curl https://rclone.org/install.sh | sudo bash ; touch /var/rclone_installed" + creates: /var/rclone_installed + when: not rclone_installed_check.stat.exists + +- name: Create required directories + file: + path: "{{ item }}" + state: directory + mode: "0770" + with_items: + - /root/.config/rclone + - /mnt/mega + +- name: Create rclone config + copy: + content: | + [mega] + type = mega + user = tnuu9h362@mozmail.com + pass = {{ rclone_mega_key }} + + [data] + type = crypt + remote = mega:enc + password = {{ rclone_encPass_one }} + password2 = {{ rclone_encPass_two }} + dest: /root/.config/rclone/rclone.conf + +- name: Write service file for rclone mount + copy: + content: | + [Unit] + Description=Rclone mount service + After=local-fs.target network.target + + [Service] + Type=simple + User=root + KillMode=control-group + ExecStart=rclone mount data:enc /mnt/mega -vv \ + --vfs-cache-mode full \ + --allow-other \ + --umask 0 \ + --dir-perms 0777 \ + --file-perms 0777 \ + --dir-cache-time 300h + ExecStop=umount /mnt/mega + Restart=on-failure + [Install] + WantedBy=default.target + dest: /etc/systemd/system/rclone.service + mode: "0644" + owner: root + group: root + +- name: Systemctl daemon-reload + command: systemctl daemon-reload + +- name: Enable and start rclone service + systemd: + name: rclone + state: started + enabled: yes diff --git a/src/ansible/secrets.yaml b/src/ansible/secrets.yaml new file mode 100644 index 0000000..92fc130 --- /dev/null +++ b/src/ansible/secrets.yaml @@ -0,0 +1,30 @@ +$ANSIBLE_VAULT;1.1;AES256 +35333866366632636535643265303930333238373736323863663930383864643861613638353135 +3363643465343935306530376262376566303861346464380a356135316234363437636663636237 +30363465383361656638313038326262623032613561373936363139343066636334316166373439 +3834363166383931660a303833383930333839366465376563623939636664626231653930623634 +65653263613263613539333866386536396431383562396561326530326434666532656337616439 +34663336313836646530343665323830333233366139383034363530303530376532623963623132 +35653330616666396565353263666632633636613931643861623732306363663830373936356664 +30373337383739636561383964316664363466626536663636376237336635333330653738643232 +64313365643763656339313863303662336466363862343839313739636130343838663337643439 +39393632376539383735353236396633363664653665393834386635666437316431386633333731 +63656238383736303336653938613266626231306561353035306634663938306435346437303231 +35396464366130646464646261626534653933366161656534356530616637663135336664353731 +34366163396361363665653031303066623234343831333334313862613665656166373063643464 +63313935343166663231343736323933616463633738323032383137363666383531613563366365 +31666239303665326230666264376439323032343862636165316339396638643837366562626665 +63643066336332373365663030613133643061316333343062356531643835316437303465626162 +33373166636163643830373639366634316364666237363832646636656634643534616432343734 +30313562643832653530623462383938653963323036636365626264363130666434383535666331 +30376366333564323637666136393834396138313034643464306439636134626136316464383936 +61383432356534326335616433373237633338633936323836356561343933356562653934303334 +64303566636335363864663166373833616363616330613362616534346532326134653430656632 +35626439663662623961356235616239613237333564316662393333326162626466613737343361 +32343338663065626666613735666166386438383261616535393032346236656532623462663662 +61643330336430636632386662623336663363623535323861346433626666386331616363653634 +62313162396431343135653336656665313536343033623635663832353037383032353861663064 +31316131303563303139343763656539613034643330663030386438643938646237326137396233 +32356161616639643930373763626164623531643736316363623731333935303330306632646139 +63303661613537396439656134353835646232363163363664616462356337386662303062646261 +64316366633133386437373339323333633433393763323531346330663839396130 diff --git a/src/ansible/tailscale-inventory.ini b/src/ansible/tailscale-inventory.ini new file mode 100644 index 0000000..754c8a2 --- /dev/null +++ b/src/ansible/tailscale-inventory.ini @@ -0,0 +1,10 @@ + +; qmoran-laptop (personal laptop) +[qmoran-laptop] +qmoran@100.118.33.8 ansible_ssh_private_key_file=~/.ssh/po/qmoran@qmoran-laptop_ed25519 + +[qmoran-desktop] +qmoran@qmoran-desktop + +[po1] +qmoran@po1 \ No newline at end of file diff --git a/src/ansible/vps-inv.ini b/src/ansible/vps-inv.ini new file mode 100644 index 0000000..7d86867 --- /dev/null +++ b/src/ansible/vps-inv.ini @@ -0,0 +1,2 @@ +[all] +root@187.77.193.76 \ No newline at end of file diff --git a/src/docker-compose/.gitignore b/src/docker-compose/.gitignore new file mode 100644 index 0000000..195db73 --- /dev/null +++ b/src/docker-compose/.gitignore @@ -0,0 +1,2 @@ +immich.env +downloadin.env \ No newline at end of file diff --git a/src/docker-compose/all-down.sh b/src/docker-compose/all-down.sh new file mode 100755 index 0000000..c2a851b --- /dev/null +++ b/src/docker-compose/all-down.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +SERVICE_NAMES=("paperless" "jellyfin" "immich" "navidrome" "deluge" "downloadin") +for SERVICE in "${SERVICE_NAMES[@]}"; do + bash $(pwd)/${SERVICE}-down.sh +done diff --git a/src/docker-compose/all-up.sh b/src/docker-compose/all-up.sh new file mode 100755 index 0000000..68bda9c --- /dev/null +++ b/src/docker-compose/all-up.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +SERVICE_NAMES=("paperless" "jellyfin" "immich" "navidrome" "downloadin") +for SERVICE in "${SERVICE_NAMES[@]}"; do + bash $(pwd)/${SERVICE}-up.sh +done diff --git a/src/docker-compose/downloadin-compose.yaml b/src/docker-compose/downloadin-compose.yaml new file mode 100644 index 0000000..e13983a --- /dev/null +++ b/src/docker-compose/downloadin-compose.yaml @@ -0,0 +1,121 @@ +# PIA_USERNAME: your PIA username +# PIA_PASSWORD: your PIA password +# ETC_PATH: path to store config files, e.g. /etc/services +# DOWNLOAD_PATH: path to store in-progress downloads +# STORAGE_PATH: path to store completed downloads +# STORAGE_MINIMUM_FREE_SPACE_GB*: minimum free space in GB for storage +# DOWNLOAD_MINIMUM_FREE_SPACE_GB*: minimum free space in GB for in-progress downloads +# * = not implemented + +services: + vpn: + container_name: vpn + image: qmcgaw/gluetun:v3.40 + cap_add: + - NET_ADMIN # Quin does not like these + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - ${ETC_PATH}/gluetun:/gluetun + environment: + - VPN_SERVICE_PROVIDER=private internet access + - SERVER_REGIONS=Netherlands + - OPENVPN_USER=${PIA_USERNAME} + - OPENVPN_PASSWORD=${PIA_PASSWORD} + - UPDATER_PERIOD=24h + ports: + # Deluge + - 8112:8112 + - 6881:6881 + - 6881:6881/udp + - 58846:58846 #optional + # Prowlarr + - 9696:9696 + # Radarr + - 7878:7878 + # Sonarr + - 8989:8989 + + restart: unless-stopped + + deluge: + container_name: deluge + image: lscr.io/linuxserver/deluge:latest + network_mode: "service:vpn" + environment: + - TZ=America/New_York + - PUID=1000 + - PGID=1000 + volumes: + - ${ETC_PATH}/deluge:/config + - ${DOWNLOAD_PATH}:/downloads + - ${STORAGE_PATH}:/storage + depends_on: + vpn: + condition: service_started + restart: true + required: true + restart: unless-stopped + + prowlarr: + container_name: prowlarr + image: lscr.io/linuxserver/prowlarr:latest + network_mode: "service:vpn" + environment: + - TZ=America/New_York + - PUID=1000 + - PGID=1000 + volumes: + - ${ETC_PATH}/prowlarr:/config + depends_on: + vpn: + condition: service_started + restart: true + required: true + restart: unless-stopped + + radarr: + image: lscr.io/linuxserver/radarr:latest + network_mode: "service:vpn" + container_name: radarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/New_York + volumes: + - ${ETC_PATH}/radarr:/config + - ${STORAGE_PATH}/Movies:/Movies #optional + - ${DOWNLOAD_PATH}:/downloads #optional + depends_on: + vpn: + condition: service_started + restart: true + required: true + prowlarr: + condition: service_started + restart: true + required: true + restart: unless-stopped + + sonarr: + image: lscr.io/linuxserver/sonarr:latest + network_mode: "service:vpn" + container_name: sonarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/New_York + volumes: + - ${ETC_PATH}/sonarr:/config + - ${STORAGE_PATH}/Shows:/tv #optional + - ${DOWNLOAD_PATH}:/downloads #optional + depends_on: + vpn: + condition: service_started + restart: true + required: true + prowlarr: + condition: service_started + restart: true + required: true + restart: unless-stopped diff --git a/src/docker-compose/downloadin-down.sh b/src/docker-compose/downloadin-down.sh new file mode 100755 index 0000000..c61d453 --- /dev/null +++ b/src/docker-compose/downloadin-down.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose --env-file $(pwd)/downloadin.env -f downloadin-compose.yaml down \ No newline at end of file diff --git a/src/docker-compose/downloadin-up.sh b/src/docker-compose/downloadin-up.sh new file mode 100755 index 0000000..f94748a --- /dev/null +++ b/src/docker-compose/downloadin-up.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose --env-file $(pwd)/downloadin.env -f downloadin-compose.yaml up -d \ No newline at end of file diff --git a/src/docker-compose/immich-compose.yaml b/src/docker-compose/immich-compose.yaml new file mode 100644 index 0000000..ebb4abf --- /dev/null +++ b/src/docker-compose/immich-compose.yaml @@ -0,0 +1,75 @@ +# +# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose +# +# Make sure to use the docker-compose.yml of the current release: +# +# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml +# +# The compose file on main may not be compatible with the latest release. + +name: immich + +services: + immich-server: + container_name: immich-server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + # extends: + # file: hwaccel.transcoding.yml + # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding + volumes: + # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file + - ${UPLOAD_LOCATION}:/data + - /mnt/mega/immich/old-album:/old-album + - /etc/localtime:/etc/localtime:ro + env_file: + - immich.env + ports: + - "2283:2283" + depends_on: + - redis + - database + restart: always + healthcheck: + disable: false + + immich-machine-learning: + container_name: immich-machine-learning + # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag. + # Example tag: ${IMMICH_VERSION:-release}-cuda + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration + # file: hwaccel.ml.yml + # service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable + volumes: + - model-cache:/cache + env_file: + - immich.env + restart: always + healthcheck: + disable: false + + redis: + container_name: immich-redis + image: docker.io/valkey/valkey:9@sha256:fb8d272e529ea567b9bf1302245796f21a2672b8368ca3fcb938ac334e613c8f + healthcheck: + test: redis-cli ping || exit 1 + restart: always + + database: + container_name: immich-postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: "--data-checksums" + # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs + # DB_STORAGE_TYPE: 'HDD' + volumes: + # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + restart: always + +volumes: + model-cache: diff --git a/src/docker-compose/immich-down.sh b/src/docker-compose/immich-down.sh new file mode 100755 index 0000000..c81e644 --- /dev/null +++ b/src/docker-compose/immich-down.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose --env-file $(pwd)/immich.env -f immich-compose.yaml down \ No newline at end of file diff --git a/src/docker-compose/immich-up.sh b/src/docker-compose/immich-up.sh new file mode 100755 index 0000000..46958a8 --- /dev/null +++ b/src/docker-compose/immich-up.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose --env-file $(pwd)/immich.env -f $(pwd)/immich-compose.yaml up -d \ No newline at end of file diff --git a/src/docker-compose/jellyfin-compose.yaml b/src/docker-compose/jellyfin-compose.yaml new file mode 100644 index 0000000..2c260c6 --- /dev/null +++ b/src/docker-compose/jellyfin-compose.yaml @@ -0,0 +1,32 @@ +services: + jellyfin: + image: jellyfin/jellyfin + container_name: jellyfin + user: 1000:1000 + ports: + - 8096:8096/tcp + - 7359:7359/udp + environment: + - TZ=America/New_York + volumes: + - /mnt/mega/jellyfin-etc:/config + - /mnt/mega/jellyfinMedia/cache:/cache + - type: bind + source: /mnt/mega/jellyfinMedia + target: /media + runtime: nvidia + devices: + - /dev/nvidia-caps:/dev/nvidia-caps + - /dev/nvidia0:/dev/nvidia0 + - /dev/nvidiactl:/dev/nvidiactl + - /dev/nvidia-modeset:/dev/nvidia-modeset + - /dev/nvidia-uvm:/dev/nvidia-uvm + - /dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: all + capabilities: [gpu] + restart: "always" diff --git a/src/docker-compose/jellyfin-down.sh b/src/docker-compose/jellyfin-down.sh new file mode 100755 index 0000000..8856f58 --- /dev/null +++ b/src/docker-compose/jellyfin-down.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose -f jellyfin-compose.yaml down \ No newline at end of file diff --git a/src/docker-compose/jellyfin-up.sh b/src/docker-compose/jellyfin-up.sh new file mode 100755 index 0000000..b15e04f --- /dev/null +++ b/src/docker-compose/jellyfin-up.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose -f jellyfin-compose.yaml up -d \ No newline at end of file diff --git a/src/docker-compose/navidrome-compose.yaml b/src/docker-compose/navidrome-compose.yaml new file mode 100644 index 0000000..41e2970 --- /dev/null +++ b/src/docker-compose/navidrome-compose.yaml @@ -0,0 +1,11 @@ +services: + navidrome: + container_name: navidrome + image: deluan/navidrome:latest + user: 1000:1000 + ports: + - "4533:4533" + volumes: + - /root/navidrome:/data + - /mnt/mega/jellyfinMedia/Music:/music + restart: unless-stopped diff --git a/src/docker-compose/navidrome-down.sh b/src/docker-compose/navidrome-down.sh new file mode 100755 index 0000000..49a648d --- /dev/null +++ b/src/docker-compose/navidrome-down.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose -f $(pwd)/navidrome-compose.yaml down \ No newline at end of file diff --git a/src/docker-compose/navidrome-up.sh b/src/docker-compose/navidrome-up.sh new file mode 100755 index 0000000..f814b66 --- /dev/null +++ b/src/docker-compose/navidrome-up.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose -f $(pwd)/navidrome-compose.yaml up -d \ No newline at end of file diff --git a/src/docker-compose/paperless-compose.env b/src/docker-compose/paperless-compose.env new file mode 100644 index 0000000..fbcf256 --- /dev/null +++ b/src/docker-compose/paperless-compose.env @@ -0,0 +1,40 @@ +############################################################################### +# Paperless-ngx settings # +############################################################################### + +# See http://docs.paperless-ngx.com/configuration/ for all available options. + +# The UID and GID of the user used to run paperless in the container. Set this +# to your UID and GID on the host so that you have write access to the +# consumption directory. +#USERMAP_UID=1000 +#USERMAP_GID=1000 + + +PAPERLESS_CONSUMPTION_DIR=/usr/src/paperless/consume + +# See the documentation linked above for all options. A few commonly adjusted settings +# are provided below. + +# This is required if you will be exposing Paperless-ngx on a public domain +# (if doing so please consider security measures such as reverse proxy) +PAPERLESS_URL=http://qmoran-desktop:8000 + +# Adjust this key if you plan to make paperless available publicly. It should +# be a very long sequence of random characters. You don't need to remember it. +PAPERLESS_SECRET_KEY=faluw4hltilweui4thueiuraew4hro7wlrhalweifuafsuhelwu3erhaiwuwehfiufhaluhrfawle98f7aspdhf98apwh3raw9i3raw9efhawepfufaopudspifushf98eup4h89qra8wfqjw39rjfap + +# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC. +PAPERLESS_TIME_ZONE=America/New_York + +# The default language to use for OCR. Set this to the language most of your +# documents are written in. +PAPERLESS_OCR_LANGUAGE=eng + +# Additional languages to install for text recognition, separated by a whitespace. +# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines +# the language used for OCR. +# The container installs English, German, Italian, Spanish and French by default. +# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names +# for available languages. +#PAPERLESS_OCR_LANGUAGES=tur ces diff --git a/src/docker-compose/paperless-compose.yaml b/src/docker-compose/paperless-compose.yaml new file mode 100644 index 0000000..d4dc543 --- /dev/null +++ b/src/docker-compose/paperless-compose.yaml @@ -0,0 +1,62 @@ +# Docker Compose file for running paperless from the Docker Hub. +# This file contains everything paperless needs to run. +# Paperless supports amd64, arm and arm64 hardware. +# +# All compose files of paperless configure paperless in the following way: +# +# - Paperless is (re)started on system boot, if it was running before shutdown. +# - Docker volumes for storing data are managed by Docker. +# - Folders for importing and exporting files are created in the same directory +# as this file and mounted to the correct folders inside the container. +# - Paperless listens on port 8000. +# +# In addition to that, this Docker Compose file adds the following optional +# configurations: +# +# - Instead of SQLite (default), PostgreSQL is used as the database server. +# +# To install and update paperless with this file, do the following: +# +# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env' +# and '.env' into a folder. +# - Run 'docker compose pull'. +# - Run 'docker compose up -d'. +# +# For more extensive installation and update instructions, refer to the +# documentation. +services: + broker: + container_name: paperless-redis + image: docker.io/library/redis:8 + restart: unless-stopped + volumes: + - /root/paperless/redisdata:/data + db: + container_name: paperless-postgres + image: docker.io/library/postgres:18 + restart: unless-stopped + volumes: + - /root/paperless/pgdata:/var/lib/postgresql + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: paperless + webserver: + container_name: paperless-web + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: unless-stopped + depends_on: + - db + - broker + ports: + - "8000:8000" + volumes: + - /mnt/mega/paperless_data:/usr/src/paperless/data + - /mnt/mega/paperless_media:/usr/src/paperless/media + - /mnt/mega/paperless/export:/usr/src/paperless/export + - /mnt/mega/paperless/consume:/usr/src/paperless/consume + env_file: paperless-compose.env + environment: + PAPERLESS_URL: https://paperless.soupclown.com + PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_DBHOST: db diff --git a/src/docker-compose/paperless-down.sh b/src/docker-compose/paperless-down.sh new file mode 100755 index 0000000..57ddfbb --- /dev/null +++ b/src/docker-compose/paperless-down.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose --env-file $(pwd)/paperless-compose.env -f $(pwd)/paperless-compose.yaml down \ No newline at end of file diff --git a/src/docker-compose/paperless-up.sh b/src/docker-compose/paperless-up.sh new file mode 100755 index 0000000..4a71e1d --- /dev/null +++ b/src/docker-compose/paperless-up.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker compose --env-file $(pwd)/paperless-compose.env -f $(pwd)/paperless-compose.yaml up -d \ No newline at end of file