Faris/ansible-debian-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stabalize containers

Browse Source
This commit is contained in:
admin 2025-02-01 13:08:53 +00:00
parent 01c1db8ed6
commit d096cc7e8f
5 changed files with 262 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
tasks/nvidia.yml
View File

@ -1,8 +1,46 @@
- name: Create systemd service file for NVIDIA CDI generator
become: true
ansible.builtin.copy:
dest: /etc/systemd/system/nvidia-cdi-generator.service
content: |
[Unit]
Description=Generate NVIDIA CDI YAML for Docker at boot
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/nvidia-ctk cdi generate --output /var/run/cdi/nvidia.yaml
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
- name: reload systemd daemon
ansible.builtin.systemd_service:
scope: user
daemon_reload: true
- name: Enable the NVIDIA CDI generator service
become: true
ansible.builtin.systemd_service:
name: nvidia-cdi-generator.service
enabled: yes
- name: add contrib and nonfree
become: true
ansible.builtin.apt_repository:
repo: deb http://deb.debian.org/debian {{ ansible_distribution_release }} main contrib non-free non-free-firmware
state: present
- name: install nvidia-container-toolkit repo
become: true
ansible.builtin.shell:
cmd: "curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --yes --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg && curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | tee /etc/apt/sources.list.d/nvidia-container-toolkit.list"
- name: Gather current kernel version
ansible.builtin.shell: uname -r
register: kernel_version
- name: install Nvidia driver
become: true
ansible.builtin.apt:
@ -10,7 +48,14 @@
- nvidia-container-toolkit
- nvidia-driver
- firmware-misc-nonfree
- "linux-headers-{{ kernel_version.stdout }}"
state: present
update_cache: true
register: updated_driver
- name: Unconditionally reboot the machine with all defaults
ansible.builtin.reboot:
when: updated_driver.changed
- name: configure nvidia for rootless podman
become: true
@ -19,3 +64,4 @@
register: nvidia_ctk_result
ignore_errors: true
failed_when: nvidia_ctk+result.rc != 1

161
tasks/podman.yml
View File

@ -14,15 +14,48 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
- name: comfyui
containers.podman.podman_container:
state: quadlet
name: podman_comfyui
image: ghcr.io/ai-dock/comfyui:latest
network: bridge
device: "nvidia.com/gpu=all"
volumes:
- "/home/admin/podman/comfyui:/workspace"
ports:
- "1111:1111"
- "8188:8188"
env:
COMFYUI_PORT_HOST: "8188"
DIRECT_ADDRESS: "192.168.0.30"
COMFYUI_URL: "http://192.168.0.30:1111"
WEB_USER: "admin"
WEB_PASSWORD: "{{ rtsp_password }}"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
- name: ollama
containers.podman.podman_container:
state: quadlet
name: podman_ollama
image: docker.io/ollama/ollama:latest
network: bridge
device: "nvidia.com/gpu=all"
volumes:
- "/home/admin/podman/ollama:/root/.ollama"
ports:
@ -33,6 +66,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -56,6 +92,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -73,6 +112,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -82,18 +124,25 @@
name: podman_jellyfin
image: docker.io/jellyfin/jellyfin
network: bridge
device: "nvidia.com/gpu=all"
volumes:
- "/home/admin/podman/jellyfin:/config"
- "/mnt/media/video/movies:/movies:ro"
- "/mnt/media/video/tv:/tv:ro"
- "/mnt/media/audio/music/flac:/music:ro"
- "/mnt/media/video/Family:/family:ro"
- "/mnt/media/video/family:/family:ro"
- "/mnt/media/video/anime/tv:/anime-tv:ro"
- "/mnt/media/video/anime/movies:/anime-movies:ro"
- "/mnt/media/video/livetv:/livetv:ro"
ports:
- "8096:8096"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -113,6 +162,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
- name: eclipse-mosquitto
@ -130,6 +182,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -139,10 +194,13 @@
name: podman_frigate
image: "ghcr.io/blakeblackshear/frigate:{{ frigate_version }}"
network: bridge
device: "nvidia.com/gpu=all"
privileged: true
volumes:
- /etc/localtime:/etc/localtime:ro
- /home/admin/podman/frigate:/config
- /mnt/share/services/cctv:/media/frigate
- /mnt/services/cctv:/media/frigate
- /usr/lib/x86_64-linux-gnu/libcuda.so:/usr/lib/x86_64-linux-gnu/libcuda.so:ro
ports:
- "5005:5000"
- "5001:8971"
@ -150,12 +208,17 @@
- "8554:8554"
env:
FRIGATE_RTSP_PASSWORD: "{{ rtsp_password }}"
YOLO_MODELS: "yolov7-tiny-288"
USE_FP16: "false"
quadlet_options:
- "Tmpfs=/tmp/cache"
- "ShmSize=128mb"
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -179,6 +242,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -196,6 +262,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -219,6 +288,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -240,6 +312,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -264,6 +339,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -286,6 +364,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -316,6 +397,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -339,6 +423,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -359,6 +446,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -383,6 +473,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -402,6 +495,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -423,6 +519,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -444,9 +543,35 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
- name: readarr
containers.podman.podman_container:
state: quadlet
name: podman_readarr
image: lscr.io/linuxserver/readarr:develop
network: bridge
volumes:
- "/home/admin/podman/readarr:/config"
- "/mnt/media/books:/books"
- "/mnt/media/torrents:/downloads"
ports:
- "8787:8787"
env:
TZ: "Europe/London"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
- name: lidarr
containers.podman.podman_container:
state: quadlet
@ -465,6 +590,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -477,13 +605,16 @@
network: bridge
command: "*.zim"
volumes:
- "/mnt/share/shared/Faris/1 documents/zim:/data"
- "/mnt/media/kiwix:/data"
ports:
- "8088:8080"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -494,8 +625,9 @@
name: podman_immich-server
image: "ghcr.io/immich-app/immich-server:{{ immich_version }}"
network: bridge
device: "nvidia.com/gpu=all"
volumes:
- "/mnt/share/services/immich:/usr/src/app/upload"
- "/mnt/services/immich:/usr/src/app/upload"
- "/etc/localtime:/etc/localtime:ro"
ports:
- "2283:2283"
@ -505,6 +637,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -512,16 +647,22 @@
containers.podman.podman_container:
state: quadlet
name: podman_immich-machine-learning
image: "ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}"
image: "ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}-cuda"
network: bridge
device: "nvidia.com/gpu=all"
volumes:
- "/home/admin/podman/immich/cache:/cache"
env_file:
- "/home/admin/podman/.env"
ports:
- "3003:3003"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -537,6 +678,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -558,6 +702,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
@ -578,5 +725,9 @@
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target

59
tasks/setup.yml
View File

@ -29,15 +29,20 @@
- nfs-common
- fzf
- rsync
- restic
state: present
update_cache: true
- name: create mount directories
become: true
block:
- name: create /mnt/share
- name: create /mnt/data
ansible.builtin.file:
path: /mnt/share
path: /mnt/data
state: directory
- name: create /mnt/services
ansible.builtin.file:
path: /mnt/services
state: directory
- name: create /mnt/media
ansible.builtin.file:
@ -49,11 +54,18 @@
block:
- name: mount data
ansible.posix.mount:
path: /mnt/share
path: /mnt/data
src: "{{ truenas_ip }}:/mnt/pool/data"
fstype: nfs4
opts: defaults,auto,rw
state: mounted
- name: mount services
ansible.posix.mount:
path: /mnt/services
src: "{{ truenas_ip }}:/mnt/pool/services"
fstype: nfs4
opts: defaults,auto,rw
state: mounted
- name: mount media
ansible.posix.mount:
path: /mnt/media
@ -62,27 +74,46 @@
opts: defaults,auto,rw
state: mounted
- name: setup backup
- name: setup cronjob to sync podman folder to nfs
become: true
ansible.builtin.cron:
minute: "0"
hour: "4"
name: "backup"
user: "root"
job: "/bin/bash '/mnt/share/services/scripts/backup.sh'"
user: "admin"
job: "/bin/bash '/usr/bin/systemctl --user stop podman_* && /usr/bin/rsync -a --delete /home/admin/podman /mnt/services/podman && /usr/bin/systemctl --user start podman_* --all'"
cron_file: backup
- name: check for podman folder
- name: setup cronjob to backup data to b2
become: true
ansible.builtin.cron:
minute: "40"
hour: "15"
name: "backup-restic"
user: "admin"
job: /bin/bash "env RESTIC_PASSWORD='Outshine-Playmaker-Earthen' B2_ACCOUNT_KEY='004e1d35edc52cd716719a747edd66d5f42111d604' B2_ACCOUNT_ID='257549133968' RESTIC_REPOSITORY='b2:faris-backup' GOGC=20 restic backup --cache-dir=/home/admin/.cache/restic /mnt/services/ /mnt/media/video/family/ /mnt/data/ --exclude /mnt/services/cctv/** --exclude /mnt/services/podman/ollama/models/** --exclude /mnt/services/immich/encoded-video/** --exclude /mnt/services/immich/thumbs/** && restic forget --keep-within 1y --prune --cache-dir=/home/admin/.cache/restic"
cron_file: backup
# env RESTIC_PASSWORD="Outshine-Playmaker-Earthen3" B2_ACCOUNT_KEY="004e1d35edc52cd716719a747edd66d5f42111d604" B2_ACCOUNT_ID="257549133968" RESTIC_REPOSITORY="b2:faris-backup" GOGC=20 restic backup --cache-dir=/home/admin/.cache/restic /mnt/services/ /mnt/media/video/family/ /mnt/data/ --exclude /mnt/services/cctv/** --exclude /mnt/services/podman/ollama/models/** --exclude /mnt/services/immich/encoded-video --exclude /mnt/services/immich/thumbs && restic forget --keep-within 1y --prune --cache-dir=/home/admin/.cache/restic
- name: Check if /home/admin/podman exists
ansible.builtin.stat:
path: /home/admin/podman
register: podman_dir
- name: create /home/admin/podman if it doesn't exist
ansible.builtin.file:
path: /home/admin/podman
state: directory
# - name: initialize podman-compose
# become: true
# ignore_errors: true
# ansible.posix.synchronize:
# src: /mnt/share/DUNNO
# dest: /home/admin
# checksum: true
when: not podman_dir.stat.exists
- name: initialize podman-compose
ansible.posix.synchronize:
src: /mnt/services/podman/
dest: /home/admin/podman
archive: true
delegate_to: "{{ inventory_hostname }}"
when: not podman_dir.stat.exists
- name: change podman to overlayfs (system might need to be reset after this)
block:

4
vars
View File

@ -1,2 +1,2 @@
immich_version: v1.124.2
frigate_version: 0.14.1
immich_version: v1.125.7
frigate_version: 0.15.0-rc1-tensorrt

11
vault.yml Normal file
View File

@ -0,0 +1,11 @@
$ANSIBLE_VAULT;1.1;AES256
30303833326339323836646434313236366533396465303564636439666631366336393833613138
3731306362373238386361333866343464353030313338640a373135353164303132623231393930
36653335353866326161333430656634306232343235636666306463623034343234366432303730
6236653964306161310a323965373830353839366161353236643061396533346463373232383963
31383934336239616666663332353035656534666438633861656434303136353834313235653536
61326537393935393730393932393930343134346131353264636263396134356466356266323163
39363364653436613337636262633961303334363162386265653133393538636332636235663262
63386231326261663135663462313532303764386533356561356636636563353464613230383938
39633436643131633665363763323732626137356335376463396565636363313338336634376630
6164373439633233613463633933313966366532363666343564