initial server setup

5 files changed, 138 insertions, 0 deletions

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..f9d4a52
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,9 @@
+BACKUP := backup
+
+setup:
+	ansible-playbook -i inventory.ini --diff setup.yml
+
+backup:
+	ssh -t ship.lan "test -d $(BACKUP) \
+		|| restic -r $(BACKUP) init \
+		&& restic -r $(BACKUP) backup services"
diff --git a/files/ftp/Dockerfile b/files/ftp/Dockerfile
new file mode 100644
index 0000000..b2a816a
--- /dev/null
+++ b/files/ftp/Dockerfile
@@ -0,0 +1,4 @@
+FROM alpine:latest
+
+RUN apk add --update-cache --upgrade --no-cache --purge py3-pyftpdlib \
+    && rm -rf /var/cache/apk
diff --git a/files/mosquitto/mosquitto.conf b/files/mosquitto/mosquitto.conf
new file mode 100644
index 0000000..bcef3ed
--- /dev/null
+++ b/files/mosquitto/mosquitto.conf
@@ -0,0 +1,4 @@
+socket_domain ipv4
+bind_address 0.0.0.0
+allow_anonymous true
+log_dest file /mosquitto/log/mosquitto.log
diff --git a/inventory.ini b/inventory.ini
new file mode 100644
index 0000000..495bc76
--- /dev/null
+++ b/inventory.ini
@@ -0,0 +1 @@
+ship.lan
\ No newline at end of file
diff --git a/setup.yml b/setup.yml
new file mode 100644
index 0000000..89498dd
--- /dev/null
+++ b/setup.yml
@@ -0,0 +1,120 @@
+- name: ship setup
+  hosts: all
+  gather_facts: no
+  vars:
+    user: "{{ '$USER' | expandvars }}"
+    data: "{{ '$HOME/services' | expandvars }}"
+
+  # podman-rootless
+  #
+  # * using native overflay fs support (no fuse)
+  #   - at least kernel version 5.13
+  #   - podman info -f '{{.Store.GraphDriverName}}'
+  #     -> "overlay"
+  #   - podman info -f '{{index .Store.GraphStatus "Native Overlay Diff"}}'
+  #     -> true
+  #   - if configured with different storage driver before may need to run
+  #     podman system reset  # deletes every image/container/.. with old driver
+  #   - cat .local/share/containers/storage/overlay/.has-mount-program
+  #     -> false
+  #
+  # * configure storage driver
+  #   > cat .config/containers/storage.conf
+  #   [storage]
+  #   driver = "overlay"
+
+  tasks:
+
+    # -- LINGER ----------------------------------------------------------------
+
+    # Enable lingering for user, such that processes are not killed if
+    # there is no login session.
+    - name: enable-linger
+      become: true
+      command: loginctl enable-linger {{ user }}
+      args:
+        # Command is not re-run if following file exits.
+        # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html#parameter-creates
+        creates: "/var/lib/systemd/linger/{{ user }}"
+
+    # -- PACKAGES --------------------------------------------------------------
+
+    - name: install-packages
+      become: true
+      ansible.builtin.package:
+        name: "{{ item }}"
+        state: latest
+      loop:
+        - vim
+        - podman
+        - tmux
+        - git
+        - ncdu
+        - restic
+        # For restic mount.
+        - fuse
+
+    # -- COPY FILES ------------------------------------------------------------
+
+    - name: copy-files
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: "{{ data }}"
+        mode: preserve
+      loop:
+        - ftp
+        - mosquitto
+
+    # -- FTP SERVER ------------------------------------------------------------
+
+    - name: build-podman-ftp
+      containers.podman.podman_image:
+        name: ftp
+        path: "{{ data }}/ftp"
+        force: true
+      register: ftp_build
+
+    - name: run-podman-ftp
+      containers.podman.podman_container:
+        name: ftp
+        image: ftp
+        network: host
+        volumes:
+          - "{{ data }}/ftp/inbox:/inbox"
+        command: python3 -m pyftpdlib --write -d /inbox -u pleb -P moose
+        recreate: "{{ ftp_build.changed }}"
+
+    # -- MOSQUITTO SERVER ------------------------------------------------------
+
+    # Use `mosquitto_sub -t '#'` to subscribe to all topics.
+    - name: run-podman-mosquitto
+      containers.podman.podman_container:
+        name: mosquitto
+        image: docker.io/eclipse-mosquitto
+        ports:
+          - "1883:1883/tcp"
+        volumes:
+          - "{{ data }}/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf"
+
+    # -- HOME ASSISTANT --------------------------------------------------------
+
+    - name: add-user-to-group
+      become: true
+      user:
+        name: "{{ user }}"
+        group: dialout
+        append: yes
+
+    - name: run-podman-home-assistant
+      containers.podman.podman_container:
+        name: homeassistant
+        image: ghcr.io/home-assistant/home-assistant:stable
+        #privileged: true
+        network: host
+        volumes:
+          - "{{ data }}/home-assistant/config:/config"
+          - "/etc/localtime:/etc/localtime:ro"
+        device:
+          # Podman somehow stores the device file all lower-case.
+          # Writing it as /dev/ttyUSB0 is treated as a change.
+          - "/dev/ttyusb0:/dev/ttyusb0"