Add Identity/Dawarich

group_vars/adonalsium.yml

@@ -99,7 +99,7 @@ lxc_vlans:
     gw: 192.168.30.1
     ip: 192.168.30.5
     tag: 30
-    disk: 'local-lvm:40'
+    disk: 'local-lvm:45'
     cores: 6
     memory: 5120
     swap: 1024

group_vars/identity.yml

@@ -0,0 +1,184 @@
+---
+target_os: ubuntu
+hostname: identity
+
+### Install packages with grog.package
+package_list:
+  - name: sudo
+  - name: git
+  - name: curl
+  - name: restic
+  - name: wget
+
+pull_backup: false
+lnxlink_diskuse: true
+
+### Bash Aliases
+
+bash_docker: true
+bash_autorestic: true
+bash_systemctl: true
+bash_apt: true
+
+### Autorestic Config
+autorestic_config_user: "{{ main_username}}"
+autorestic_user_directory: /home/"{{ main_username}}"
+autorestic_run_check: false
+autorestic_config_yaml:
+  version: 2
+  backends:
+    local_docker:
+      type: rest
+      path: 'http://192.168.1.5:8500/identity'
+      key: "{{ secret_restic_repo_password }}"
+      rest:
+        user: "{{ secret_restic_rest_user }}"
+        password: "{{ secret_restic_rest_password }}"
+  locations:
+    docker:
+      from: '/home/{{ main_username }}/docker'
+      to:
+        - local_docker
+      options:
+        forget:
+          keep-daily: 1
+          keep-weekly: 4
+          keep-monthly: 2
+
+### Cronjobs
+cronjobs:
+  - name: Restic Prune
+    job: /usr/local/bin/runitor -uuid {{ secret_hc_restic_prune_virtuosity }} -- /usr/local/bin/autorestic forget -a -- prune
+    user: "{{ main_username }}"
+    minute: 20
+    hour: 22
+    weekday: 1
+  - name: Restic Check
+    job: /usr/local/bin/runitor -uuid {{ secret_hc_restic_check_virtuosity }} -- /usr/local/bin/autorestic exec -a -- check
+    user: "{{ main_username }}"
+    minute: 20
+    hour: 2
+    day: 1
+  - name: Media Backup
+    job: /usr/local/bin/runitor -uuid {{ secret_hc_restic_backup_virtuosity }} -- /usr/local/bin/autorestic backup -a -c /home/{{ main_username }}/.autorestic.yml
+    user: root
+    minute: 20
+    hour: 0
+
+### Docker-Compose with ironicbadger.docker_compose_generator
+appdata_path: "/home/{{ main_username }}/docker"
+containers:
+  ###
+  - service_name: dawarich-app
+    container_name: dawarich-app
+    active: true
+    image: freikin/dawarich:0.13.6
+    restart: unless-stopped
+    volumes:
+      - "{{ appdata_path }}/dawarich/gem:/usr/local/bundle/gems"
+      - "{{ appdata_path }}/dawarich/public:/var/app/public"
+    stdin_open: true
+    tty: true
+    entrypoint: dev-entrypoint.sh
+    command: bin/dev
+    ports:
+      - 3000:3000
+    environment:
+      - RAILS_ENV=development
+      - REDIS_URL=redis://dawarich-redis:6379/0
+      - DATABASE_HOST=dawarich-db
+      - DATABASE_USERNAME=dawarich
+      - DATABASE_PASSWORD={{ secret_dawarich_db_pass }}
+      - DATABASE_NAME=dawarich
+      - MIN_MINUTES_SPENT_IN_CITY=60
+      - APPLICATION_HOST=localhost
+      - APPLICATION_HOSTS=localhost
+      - TIME_ZONE={{ ntp_timezone }}
+      - APPLICATION_PROTOCOL=http
+      - DISTANCE_UNIT=mi
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "100m"
+        max-file: "5"
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'    # Limit CPU usage to 50% of one core
+          memory: '2G'    # Limit memory usage to 2GB
+    include_global_env_vars: false
+  ###
+  - service_name: dawarich-db
+    container_name: dawarich-db
+    active: true
+    image: postgres:15.8-alpine
+    restart: always
+    volumes:
+      - "{{ appdata_path }}/dawarich/db:/var/lib/postgresql/data"
+      - "{{ appdata_path }}/dawarich/shared:/var/shared"
+    environment:
+      - POSTGRES_DB=dawarich
+      - POSTGRES_USER=dawarich
+      - POSTGRES_PASSWORD={{ secret_dawarich_db_pass }}
+    mem_limit: 200M
+    include_global_env_vars: false
+  ###
+  - service_name: dawarich-redis
+    container_name: dawarich-redis
+    active: true
+    image: redis:7.4.0
+    restart: unless-stopped
+    command: redis-server
+    volumes:
+      - "{{ appdata_path }}/dawarich/shared:/var/shared/redis"
+    include_global_env_vars: false
+  ###
+  - service_name: dawarich-sidekiq
+    container_name: dawarich-sidekiq
+    active: true
+    image: freikin/dawarich:0.13.6
+    restart: unless-stopped
+    volumes:
+      - "{{ appdata_path }}/dawarich/gem:/usr/local/bundle/gems"
+      - "{{ appdata_path }}/dawarich/public:/var/app/public"
+    stdin_open: true
+    tty: true
+    entrypoint: dev-entrypoint.sh
+    command: sidekiq
+    environment:
+      - RAILS_ENV=development
+      - REDIS_URL=redis://dawarich-redis:6379/0
+      - DATABASE_HOST=dawarich-db
+      - DATABASE_USERNAME=dawarich
+      - DATABASE_PASSWORD={{ secret_dawarich_db_pass }}
+      - DATABASE_NAME=dawarich
+      - APPLICATION_HOST=localhost
+      - APPLICATION_HOSTS=localhost
+      - BACKGROUND_PROCESSING_CONCURRENCY=10
+      - APPLICATION_PROTOCOL=http
+      - DISTANCE_UNIT=mi
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "100m"
+        max-file: "5"
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'    # Limit CPU usage to 50% of one core
+          memory: '2G'    # Limit memory usage to 2GB
+    include_global_env_vars: false
+  ###
+  - service_name: portainer_agent
+    container_name: portainer_agent
+    active: true
+    image: portainer/agent:2.21.0
+    restart: always
+    ports:
+      - 9001:9001
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+    environment:
+      - AGENT_SECRET={{ secret_portainer_key }}
+    include_global_env_vars: false

group_vars/ishap.yml

@@ -73,6 +73,17 @@ lxc_vlans:
     memory: 2048
     nesting: 1
     keyctl: 1
+  - name: Identity
+    vmid: 402
+    privileged: false
+    gw: 192.168.50.1
+    ip: 192.168.50.23
+    tag: 50
+    disk: 'local-lvm:25'
+    cores: 6
+    memory: 4096
+    nesting: 1
+    keyctl: 1
 
 lxc_main:
   - name: Omada

hosts.ini

@@ -46,6 +46,9 @@
 [preservation]
 192.168.50.22
 
+[identity]
+192.168.50.23
+
 [virtuosity]
 192.168.50.25
 
@@ -62,6 +65,7 @@ honor
 omada
 investiture
 invention
+identity
 
 [docker:children]
 adonalsium
@@ -75,6 +79,7 @@ unity
 ambition
 investiture
 invention
+identity
 
 [lxc:children]
 dominion
@@ -86,6 +91,7 @@ preservation
 omada
 investiture
 invention
+identity
 
 [desktop:children]
 vasher
@@ -104,6 +110,7 @@ omada
 investiture
 invention
 virtuosity
+identity
 
 #[arch:children]
 

roles/honor/templates/Caddyfile.j2

@@ -156,12 +156,6 @@ photos.{{ secret_personal_url }} {
 	tls /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_url }}.crt /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_url }}.key
 	import headers
 }
-# Whoogle
-search.{{ secret_personal_url }} {
-	reverse_proxy http://192.168.50.21:5100
-	tls /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_url }}.crt /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_url }}.key
-	import headers
-}
 
 ######
 
@@ -292,12 +286,6 @@ read.{{ secret_personal_internal_url }} {
 	tls /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.crt /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.key
 	import headers
 }
-# Spoolman
-filament.{{ secret_personal_internal_url }} {
-	reverse_proxy http://192.168.50.21:7912
-	tls /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.crt /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.key
-	import headers
-}
 # Ollama
 ai.{{ secret_personal_internal_url }} {
 	reverse_proxy http://192.168.50.25:3010
@@ -315,4 +303,10 @@ pdf.{{ secret_personal_internal_url }} {
 	reverse_proxy http://192.168.50.21:8081
 	tls /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.crt /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.key
 	import headers
+}
+# Ollama
+track.{{ secret_personal_internal_url }} {
+	reverse_proxy http://192.168.50.23:3000
+	tls /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.crt /home/{{ main_username }}/lego/certificates/_.{{ secret_personal_internal_url }}.key
+	import headers
 }

roles/identity/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: create main user directories
+  file:
+    path: /home/{{ main_username }}/{{ item }}
+    state: directory
+    owner: "{{ main_username }}"
+    group: "{{ main_groupname }}"
+  loop:
+    - docker
+    - docker/dawarich
+
+### Backup Restore
+- name: Create restore script
+  copy:
+    dest: /home/{{ main_username }}/restore.sh
+    owner: "{{ main_username }}"
+    group: "{{ main_username }}"
+    mode: +x
+    content: |
+      #!/bin/bash
+      /usr/local/bin/autorestic restore -f -l docker --from local_docker --to /
+  when: pull_backup == true
+- name: Run restore script
+  command: /bin/bash ./restore.sh
+  args:
+    chdir: "/home/{{ main_username }}"
+  when: pull_backup == true
+- name: Remove restore script
+  file:
+    path: /home/{{ main_username }}/restore.sh
+    state: absent
+  when: pull_backup == true

run.yml

@@ -304,6 +304,22 @@
     - role: bash_alias
     - role: ironicbadger.docker_compose_generator
 
+- hosts: identity
+  become: true
+  vars_files:
+    - 'vars/vault.yaml'
+  roles:
+    - role: grog.package
+    - role: geerlingguy.pip
+    - role: geerlingguy.docker
+    - role: install/zsh
+    - role: identity
+    - role: fuzzymistborn.autorestic
+    - role: install/runitor
+    - role: install/lnxlink
+    - role: bash_alias
+    - role: ironicbadger.docker_compose_generator
+
 - hosts: investiture
   become: true
   vars_files:

templates/ssh_config.j2

@@ -64,6 +64,11 @@ Host unity
     User {{ main_username }}
     IdentityFile ~/.ssh/desktop_lxcs
 
+Host identity
+    HostName 192.168.50.23
+    User {{ main_username }}
+    IdentityFile ~/.ssh/desktop_lxcs
+
 Host virtuosity
     HostName 192.168.50.25
     User {{ main_username }}