mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-07-27 00:05:44 +02:00
Update to 2021-12-01 19:13
This commit is contained in:
Daniel Berteaud
35
roles/navidrome/defaults/main.yml
Normal file
35
roles/navidrome/defaults/main.yml
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
|
||||
# Version to deploy
|
||||
nd_version: 0.47.0
|
||||
# URL of the archive
|
||||
nd_archive_url: https://github.com/navidrome/navidrome/releases/download/v{{ nd_version }}/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz
|
||||
# Expected sha1 of the archive
|
||||
nd_archive_sha1: 3d06456e26953931399d001f1d3c412f48ac9f34
|
||||
|
||||
# Should ansible handle upgrades, or only initial install ?
|
||||
nd_manage_upgrade: True
|
||||
|
||||
# Where navidrome will be installed
|
||||
nd_root_dir: /opt/navidrome
|
||||
|
||||
# User account under which the service will run. Will be created
|
||||
nd_user: navidrome
|
||||
|
||||
# Port navidrome will listen on
|
||||
nd_port: 4533
|
||||
# List of IP addresses or CIDR allowed to access the port (only if iptables_manage is True)
|
||||
nd_src_ip: {}
|
||||
|
||||
|
||||
# Directory where music is available (can, and should be read only for nd_user
|
||||
nd_music_dir: '{{ nd_root_dir }}/music'
|
||||
# Size of the cache for transcoding
|
||||
nd_transcoding_cache_size: 200M
|
||||
# Image cache
|
||||
nd_image_cache_size: 100M
|
||||
|
||||
# Proxy authentication. Set nd_header_auth to the name of the header containing the user name
|
||||
# nd_header_auth: Auth-User
|
||||
nd_proxy_whitelist: "{{ nd_src_ip }}"
|
||||
|
||||
4
roles/navidrome/handlers/main.yml
Normal file
4
roles/navidrome/handlers/main.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
|
||||
- name: restart navidrome
|
||||
service: name=navidrome state=restarted
|
||||
5
roles/navidrome/meta/main.yml
Normal file
5
roles/navidrome/meta/main.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- role: mkdir
|
||||
- role: repo_rpmfusion # For ffmpeg
|
||||
7
roles/navidrome/tasks/archive_post.yml
Normal file
7
roles/navidrome/tasks/archive_post.yml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
|
||||
- import_tasks: ../includes/webapps_compress_archive.yml
|
||||
vars:
|
||||
- root_dir: "{{ nd_root_dir }}"
|
||||
- version: "{{ nd_current_version }}"
|
||||
tags: navidrome
|
||||
23
roles/navidrome/tasks/archive_pre.yml
Normal file
23
roles/navidrome/tasks/archive_pre.yml
Normal file
@@ -0,0 +1,23 @@
|
||||
---
|
||||
|
||||
- name: Create archive directory
|
||||
file: path={{ nd_root_dir }}/archives/{{ nd_current_version }} state=directory mode=700
|
||||
tags: navidrome
|
||||
|
||||
- name: Archive previous version
|
||||
copy: src={{ nd_root_dir }}/bin/navidrome dest={{ nd_root_dir }}/archives/{{ nd_current_version }}/ remote_src=True
|
||||
tags: navidrome
|
||||
|
||||
- name: Stop navidrome during upgrade
|
||||
service: name=navidrome state=stopped
|
||||
tags: navidrome
|
||||
|
||||
- name: Archive the database and the configuration
|
||||
copy: src={{ nd_root_dir }}/{{ item }} dest={{ nd_root_dir }}/archives/{{ nd_current_version }}/ remote_src=True
|
||||
loop:
|
||||
- data/navidrome.db
|
||||
- etc/navidrome.toml
|
||||
tags: navidrome
|
||||
|
||||
|
||||
|
||||
8
roles/navidrome/tasks/cleanup.yml
Normal file
8
roles/navidrome/tasks/cleanup.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
- name: Remove tmp and obsolete files
|
||||
file: path={{ item }} state=absent
|
||||
loop:
|
||||
- "{{ nd_root_dir }}/tmp/navidrome"
|
||||
- "{{ nd_root_dir }}/tmp/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz"
|
||||
tags: navidrome
|
||||
6
roles/navidrome/tasks/conf.yml
Normal file
6
roles/navidrome/tasks/conf.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- name: Deploy configuration
|
||||
template: src=navidrome.toml.j2 dest={{ nd_root_dir }}/etc/navidrome.toml
|
||||
notify: restart navidrome
|
||||
tags: navidrome
|
||||
29
roles/navidrome/tasks/directories.yml
Normal file
29
roles/navidrome/tasks/directories.yml
Normal file
@@ -0,0 +1,29 @@
|
||||
---
|
||||
|
||||
- name: Create directory structure
|
||||
file:
|
||||
path: "{{ nd_root_dir }}/{{ item.dir }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner | default(omit) }}"
|
||||
group: "{{ item.group | default(omit) }}"
|
||||
mode: "{{ item.mode | default(omit) }}"
|
||||
loop:
|
||||
- dir: /
|
||||
group: "{{ nd_user }}"
|
||||
mode: 750
|
||||
- dir: /data
|
||||
owner: "{{ nd_user }}"
|
||||
- dir: /etc
|
||||
group: "{{ nd_user }}"
|
||||
mode: 750
|
||||
- dir: /music
|
||||
- dir: /bin
|
||||
- dir: /tmp
|
||||
- dir: meta
|
||||
mode: 700
|
||||
- dir: backup
|
||||
mode: 700
|
||||
- dir: archives
|
||||
mode: 700
|
||||
tags: navidrome
|
||||
|
||||
11
roles/navidrome/tasks/facts.yml
Normal file
11
roles/navidrome/tasks/facts.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
- block:
|
||||
- import_tasks: ../includes/webapps_set_install_mode.yml
|
||||
vars:
|
||||
- root_dir: "{{ nd_root_dir }}"
|
||||
- version: "{{ nd_version }}"
|
||||
- set_fact: nd_install_mode={{ (install_mode == 'upgrade' and not nd_manage_upgrade) | ternary('none',install_mode) }}
|
||||
- set_fact: nd_current_version={{ current_version | default('') }}
|
||||
tags: navidrome
|
||||
|
||||
43
roles/navidrome/tasks/install.yml
Normal file
43
roles/navidrome/tasks/install.yml
Normal file
@@ -0,0 +1,43 @@
|
||||
---
|
||||
|
||||
- name: Install dependencies
|
||||
package:
|
||||
name:
|
||||
- ffmpeg
|
||||
tags: navidrome
|
||||
|
||||
- when: nd_install_mode != 'none'
|
||||
block:
|
||||
- name: Download navidrome
|
||||
get_url:
|
||||
url: "{{ nd_archive_url }}"
|
||||
dest: "{{ nd_root_dir }}/tmp/"
|
||||
checksum: sha1:{{ nd_archive_sha1 }}
|
||||
|
||||
- name: Extract navidrome
|
||||
unarchive:
|
||||
src: "{{ nd_root_dir }}/tmp/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz"
|
||||
dest: "{{ nd_root_dir }}/tmp/"
|
||||
remote_src: True
|
||||
|
||||
- name: Install navidrome binary
|
||||
copy: src={{ nd_root_dir }}/tmp/navidrome dest={{ nd_root_dir }}/bin/navidrome mode=755 remote_src=True
|
||||
|
||||
tags: navidrome
|
||||
|
||||
- name: Install systemd unit
|
||||
template: src=navidrome.service.j2 dest=/etc/systemd/system/navidrome.service
|
||||
register: nd_systemd_unit
|
||||
tags: navidrome
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=True
|
||||
when: nd_systemd_unit.changed
|
||||
tags: navidrome
|
||||
|
||||
- name: Install pre/post backup hooks
|
||||
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/navidrom mode=755
|
||||
loop:
|
||||
- pre
|
||||
- post
|
||||
tags: navidrome
|
||||
8
roles/navidrome/tasks/iptables.yml
Normal file
8
roles/navidrome/tasks/iptables.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
- name: Handle navidrome ports in the firewall
|
||||
iptables_raw:
|
||||
name: navidrome_port
|
||||
state: "{{ (nd_src_ip | length > 0) | ternary('present','absent') }}"
|
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ nd_port }} -s {{ nd_src_ip | join(',') }} -j ACCEPT"
|
||||
tags: firewall,navidrome
|
||||
16
roles/navidrome/tasks/main.yml
Normal file
16
roles/navidrome/tasks/main.yml
Normal file
@@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
- include: user.yml
|
||||
- include: directories.yml
|
||||
- include: facts.yml
|
||||
- include: archive_pre.yml
|
||||
when: nd_install_mode == 'upgrade'
|
||||
- include: install.yml
|
||||
- include: conf.yml
|
||||
- include: iptables.yml
|
||||
when: iptables_manage | default(True)
|
||||
- include: services.yml
|
||||
- include: write_version.yml
|
||||
- include: archive_post.yml
|
||||
when: nd_install_mode == 'upgrade'
|
||||
- include: cleanup.yml
|
||||
5
roles/navidrome/tasks/services.yml
Normal file
5
roles/navidrome/tasks/services.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
- name: Start and enable service
|
||||
service: name=navidrome state=started enabled=True
|
||||
tags: navidrome
|
||||
5
roles/navidrome/tasks/user.yml
Normal file
5
roles/navidrome/tasks/user.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
- name: Create navidrome user
|
||||
user: name={{ nd_user }} system=True shell=/sbin/nologin
|
||||
tags: navidrome
|
||||
5
roles/navidrome/tasks/write_version.yml
Normal file
5
roles/navidrome/tasks/write_version.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
- name: Write installed version
|
||||
copy: content={{ nd_version }} dest={{nd_root_dir }}/meta/ansible_version
|
||||
tags: navidrome
|
||||
44
roles/navidrome/templates/navidrome.service.j2
Normal file
44
roles/navidrome/templates/navidrome.service.j2
Normal file
@@ -0,0 +1,44 @@
|
||||
[Unit]
|
||||
Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic
|
||||
After=remote-fs.target network.target
|
||||
AssertPathExists={{ nd_root_dir }}/data
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
[Service]
|
||||
User={{ nd_user }}
|
||||
Group={{ nd_user }}
|
||||
Type=simple
|
||||
ExecStart={{ nd_root_dir }}/bin/navidrome --configfile "{{ nd_root_dir }}/etc/navidrome.toml"
|
||||
WorkingDirectory={{ nd_root_dir }}
|
||||
TimeoutStopSec=20
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
|
||||
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
DevicePolicy=closed
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateUsers=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
ReadWritePaths={{ nd_root_dir }}/data
|
||||
|
||||
# You can uncomment the following line if you're not using the jukebox This
|
||||
# will prevent navidrome from accessing any real (physical) devices
|
||||
PrivateDevices=yes
|
||||
|
||||
# You can change the following line to `strict` instead of `full` if you don't
|
||||
# want navidrome to be able to write anything on your filesystem outside of
|
||||
# /var/lib/navidrome.
|
||||
ProtectSystem=full
|
||||
|
||||
# You can uncomment the following line if you don't have any media in /home/*.
|
||||
# This will prevent navidrome from ever reading/writing anything there.
|
||||
ProtectHome=true
|
||||
9
roles/navidrome/templates/navidrome.toml.j2
Normal file
9
roles/navidrome/templates/navidrome.toml.j2
Normal file
@@ -0,0 +1,9 @@
|
||||
Port = '{{ nd_port }}'
|
||||
MusicFolder = '{{ nd_music_dir }}'
|
||||
DataFolder = '{{ nd_root_dir }}/data'
|
||||
TranscodingCacheSize = '{{ nd_transcoding_cache_size }}'
|
||||
ImageCacheSize = '{{ nd_image_cache_size }}'
|
||||
{% if nd_proxy_auth is defined %}
|
||||
ReverseProxyUserHeader = '{{ nd_proxy_auth }}'
|
||||
ReverseProxyWhitelist = '{{ nd_proxy_whitelist | join(',') }}'
|
||||
{% endif %}
|
||||
3
roles/navidrome/templates/post-backup.j2
Normal file
3
roles/navidrome/templates/post-backup.j2
Normal file
@@ -0,0 +1,3 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
rm -f {{ nd_root_dir }}/backup/*
|
||||
6
roles/navidrome/templates/pre-backup.j2
Normal file
6
roles/navidrome/templates/pre-backup.j2
Normal file
@@ -0,0 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
sqlite3 {{ nd_root_dir }}/data/navidrome.db .dump | zstd -c > {{ nd_root_dir }}/backup/navidrome.sql.zst
|
||||
cp {{ nd_root_dir }}/etc/navidrome.toml {{ nd_root_dir }}/backup/
|
||||
Reference in New Issue
Block a user