actcur/salt
3
0
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity

Changed video server role from dl to video, migrated to emby and put it in container on video, updated lxc overlays, added fstrim at end of every state call (to reclaim hd space), updated rtorrent role, added windscribe role

Browse source
This commit is contained in:
Beth Parker 2018-05-24 01:33:50 -05:00
parent 3192a3f95a
commit 61832a7c32
106 changed files with 213 additions and 2707 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pillars/roles/aurpkgs/emby.sls Normal file
View file

@ -0,0 +1,3 @@
aur:
pkgs:
emby-server-beta: []

3
pillars/roles/aurpkgs/headphones.sls
View file

@ -1,3 +0,0 @@
aur:
pkgs:
headphones: []

3
pillars/roles/aurpkgs/plexmediaserver.sls
View file

@ -1,3 +0,0 @@
aur:
pkgs:
plex-media-server-plexpass: []

13
pillars/roles/backup/deluge.sls
View file

@ -1,13 +0,0 @@
backup:
deluge:
location: /srv/deluge
rsync_user: backups
key: backups_key
host: host.actcur.com
user: deluge
group: deluge
fmode: 644
dmode: 755
services:
- deluged
- deluge-web

12
pillars/roles/backup/radarr.sls
View file

@ -1,12 +0,0 @@
backup:
radarr:
location: /var/lib/radarr
rsync_user: backups
key: backups_key
host: host.actcur.com
user: radarr
group: radarr
fmode: 644
dmode: 755
services:
- radarr

11
pillars/roles/firewalld/deluge.sls
View file

@ -1,11 +0,0 @@
firewalld:
70_internal:
service:
http: []
port:
58846/tcp: []
8112/tcp: []
99_public:
port:
63150/tcp: []
63150/udp: []

3
pillars/roles/firewalld/git.sls
View file

@ -1,7 +1,4 @@
firewalld:
70_internal:
port:
3000/tcp: []
99_public:
port:
5022/tcp: []

7
pillars/roles/firewalld/gitlab.sls
View file

@ -1,7 +0,0 @@
firewalld:
70_internal:
port:
8000/tcp: []
99_public:
port:
5022/tcp: []

4
pillars/roles/firewalld/plexmediaserver.sls
View file

@ -1,4 +0,0 @@
firewalld:
99_public:
port:
32400/tcp: []

9
pillars/roles/firewalld/video.sls Normal file
View file

@ -0,0 +1,9 @@
firewalld:
99_public:
port:
8096/tcp: []
9117/tcp: []
5000/tcp: []
7878/tcp: []
5080/tcp: []
8989/tcp: []

17
pillars/roles/git/lightbooks.sls
View file

@ -1,17 +0,0 @@
git:
lightbooks:
repo: "ssh://gogs@git.actcur.com:5022/actcur/lightbooks.git"
path: "/usr/share/webapps/lightbooks"
branch: "master"
key: "git_actcur"
force: true
email: "actcur@actcur.com"
name: "Actaeus Curabitur"
lightbooks.dev:
repo: "ssh://gogs@git.actcur.com:5022/actcur/lightbooks.git"
path: "/usr/share/webapps/lightbooks-dev"
branch: "dev"
key: "git_actcur"
force: true
email: "actcur@actcur.com"
name: "Actaeus Curabitur"

1
pillars/roles/init.sls
View file

@ -1,5 +1,4 @@
include:
- roles.maintainer
- roles.firewalld
- roles.nginx
- roles.aurpkgs

5
pillars/roles/lxc/dl.sls → pillars/roles/lxc/video.sls
View file

@ -8,4 +8,9 @@ lxc:
radarr:
bind_dirs:
- mnt/video
emby:
bind_dirs:
- mnt/video
- mnt/emby
ombi: []
jackett: []

4
pillars/roles/maintainer/deluge.sls
View file

@ -1,4 +0,0 @@
roles:
pepper:
maintainer:
- masaufuku

7
pillars/roles/maintainer/init.sls
View file

@ -1,7 +0,0 @@
include:
- roles.maintainer.saltmaster
- roles.maintainer.ssh
- roles.maintainer.server
- roles.maintainer.saltminion
- roles.maintainer.pepper
- roles.maintainer.deluge

4
pillars/roles/maintainer/pepper.sls
View file

@ -1,4 +0,0 @@
roles:
pepper:
maintainer:
- masaufuku

4
pillars/roles/maintainer/saltmaster.sls
View file

@ -1,4 +0,0 @@
roles:
saltmaster:
maintainer:
- masaufuku

4
pillars/roles/maintainer/saltminion.sls
View file

@ -1,4 +0,0 @@
roles:
saltminion:
maintainer:
- masaufuku

5
pillars/roles/maintainer/server.sls
View file

@ -1,5 +0,0 @@
roles:
server:
maintainer:
- masaufuku

5
pillars/roles/maintainer/ssh.sls
View file

@ -1,5 +0,0 @@
roles:
ssh:
maintainer:
- masaufuku

7
pillars/roles/mount/dl.sls
View file

@ -1,7 +0,0 @@
mount:
sshfs:
/mnt/video:
name: video
host: host.actcur.com
directory: /mnt/butter/video
user: mount

7
pillars/roles/mount/gitlab.sls
View file

@ -1,7 +0,0 @@
mount:
sshfs:
/mnt/repos:
name: repos
host: host.actcur.com
directory: /mnt/butter/repos
user: gitlab

15
pillars/roles/mount/plexmediaserver.sls
View file

@ -1,15 +0,0 @@
mount:
sshfs:
/mnt/video:
name: video
host: host.actcur.com
directory: /mnt/butter/video
user: mount
/mnt/music:
name: music
host: host.actcur.com
directory: /mnt/butter/music
user: mount
ext4:
/var/lib/plexmediaserver/Library:
device: UUID=0ab3f7fc-6525-40ba-905c-ff5fff2de1a3

3
pillars/roles/mount/deluge.sls → pillars/roles/mount/video.sls
View file

@ -5,3 +5,6 @@ mount:
host: host.actcur.com
directory: /mnt/butter/video
user: mount
ext4:
/mnt/emby:
device: UUID=e1e56368-5771-4b6c-a70c-ce23dde1681c

13
pillars/roles/nginx/deluge.sls
View file

@ -1,13 +0,0 @@
nginx:
deluge:
auth: 2fa
https:
port: 8112
prot: http
portal:
Media:
deluge:
name: Torrents
summary: Deluge Torrent Server
public: false

6
pillars/roles/nginx/headphones.sls
View file

@ -1,6 +0,0 @@
nginx:
headphones:
auth: 2fa
https:
port: 8181
prot: http

24
pillars/roles/nginx/lightbooks.sls
View file

@ -1,24 +0,0 @@
nginx:
books:
auth: 2fa
https:
port: 8000
prot: http
books.dev:
auth: 2fa
https:
port: 8080
prot: http
default: no
portal:
Media:
books:
name: Books and Podcasts
summary: LightBooks Server
public: false
Dev:
books.dev:
name: Books and Podcasts - Dev
summary: LightBooks Server
public: false

13
pillars/roles/nginx/ombi.sls
View file

@ -1,13 +0,0 @@
nginx:
ombi:
auth: none
https:
port: 5000
prot: http
portal:
Media:
ombi:
name: TV/Movie Requests
summary: OMBI Plex Requests Server
public: true

13
pillars/roles/nginx/plexmediaserver.sls
View file

@ -1,13 +0,0 @@
nginx:
plex:
auth: none
https:
port: 32400
prot: http
portal:
Media:
plex:
name: Plex
summary: Plex Media Server
public: true

20
pillars/roles/nginx/dl.sls → pillars/roles/nginx/video.sls
View file

@ -1,6 +1,18 @@
nginx:
emby:
auth: none
https:
port: 8096
prot: http
ombi:
auth: none
default: no
https:
port: 5000
prot: http
rtorrent:
auth: 2fa
default: no
https:
port: 5080
prot: http
@ -25,6 +37,14 @@ nginx:
portal:
Media:
emby:
name: Emby
summary: Emby Media Server
public: true
ombi:
name: TV/Movie Requests
summary: OMBI Plex Requests Server
public: true
rtorrent:
name: Torrents
summary: Rtorrent Torrent Server

4
pillars/roles/services/deluge.sls
View file

@ -1,4 +0,0 @@
services:
deluge:
deluged: []
deluge-web: []

3
pillars/roles/services/emby.sls Normal file
View file

@ -0,0 +1,3 @@
services:
emby:
emby-server: []

3
pillars/roles/services/lightbooks.sls
View file

@ -1,3 +0,0 @@
services:
lightbooks:
php-fpm: []

3
pillars/roles/services/plexmediaserver.sls
View file

@ -1,3 +0,0 @@
services:
plexmediaserver:
plexmediaserver: []

3
pillars/roles/services/radarr.sls Normal file
View file

@ -0,0 +1,3 @@
services:
radarr:
radarr: []

4
pillars/roles/services/rtorrent Normal file
View file

@ -0,0 +1,4 @@
services:
rtorrent:
rtorrent: []
rutorrent: []

3
pillars/roles/services/sonarr.sls Normal file
View file

@ -0,0 +1,3 @@
services:
sonarr:
sonarr: []

0
pillars/servers/env/server/books.sls → pillars/servers/env/server/archtest.sls vendored
View file

0
pillars/servers/env/server/deluge.sls → pillars/servers/env/server/emby.sls vendored
View file

1
pillars/servers/env/server/plex.sls vendored
View file

@ -1 +0,0 @@
env: prod

0
pillars/servers/env/server/dl.sls → pillars/servers/env/server/video.sls vendored
View file

1
pillars/servers/init.sls
View file

@ -1,4 +1,3 @@
include:
- servers.maintainer
- servers.env
- servers.roles

2
pillars/servers/maintainer/init.sls
View file

@ -1,2 +0,0 @@
include:
- servers.maintainer.server.{{ grains['host'] }}

3
pillars/servers/maintainer/server/authelia.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/baikal.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/base
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/bbs.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/books.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/ca.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/deluge.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/dl.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/git.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/host.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/icinga.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/ipa.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/jackett.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/ombi.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/pass.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/pkg.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/plex.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/portal.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/project.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/radarr.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/rtorrent.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/salt.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/sonarr.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/sql.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/ssh.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/sync.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/tt.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

3
pillars/servers/maintainer/server/vpn.sls
View file

@ -1,3 +0,0 @@
maintainer:
- masaufuku

1
pillars/servers/mkserver.sh
View file

@ -1,5 +1,4 @@
#!/bin/bash
cp maintainer/server/base maintainer/server/$1.sls
cp env/server/base env/server/$1.sls
cp roles/server/base roles/server/$1.sls

8
pillars/servers/roles/server/books.sls
View file

@ -1,8 +0,0 @@
grains:
roles:
- server
- ssh
- nrpe
- saltminion
- lightbooks
- nginx-proxy

5
pillars/servers/roles/server/deluge.sls → pillars/servers/roles/server/emby.sls
View file

@ -1,8 +1,7 @@
grains:
roles:
- server
- ssh
- nrpe
- saltminion
- deluge
- nginx-proxy
- lxc_container
- emby

3
pillars/servers/roles/server/ombi.sls
View file

@ -1,8 +1,7 @@
grains:
roles:
- server
- ssh
- nrpe
- saltminion
- nginx-proxy
- lxc_container
- ombi

8
pillars/servers/roles/server/plex.sls
View file

@ -1,8 +0,0 @@
grains:
roles:
- server
- ssh
- nrpe
- saltminion
- nginx-proxy
- plexmediaserver

3
pillars/servers/roles/server/rtorrent.sls
View file

@ -4,4 +4,5 @@ grains:
- nrpe
- saltminion
- lxc_container
- rtorrent
- rtorrent
- windscribe

2
pillars/servers/roles/server/dl.sls → pillars/servers/roles/server/video.sls
View file

@ -5,5 +5,5 @@ grains:
- nrpe
- saltminion
- lxc
- dl
- video
- nginx-proxy

112
states/roles/maintain/deluge/cert.pem
View file

@ -1,112 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WI, L=Stevens Point, O=Masau++, OU=Masau++ CA, CN=ca.s.mpp/emailAddress=masau.fuku@gmail.com
Validity
Not Before: May 26 16:52:50 2015 GMT
Not After : May 25 16:52:50 2016 GMT
Subject: C=US, ST=WI, L=Stevens Point, O=Masau++, OU=Masau++ Downloads, CN=deluge.s.mpp/emailAddress=masau.fuku@gmail.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:9d:14:c4:97:0e:8c:cb:85:e6:63:98:26:96:
9c:f8:18:c3:dc:d1:f6:fe:94:a2:2a:18:db:27:c3:
d9:1e:82:0f:48:a4:9e:95:cb:c3:3f:9e:5e:9c:0d:
3f:0f:54:f6:0d:9d:39:4f:a9:49:34:ff:38:55:2c:
ee:39:44:b7:c6:12:26:f6:a3:65:24:81:b0:ae:86:
c4:b2:fd:98:74:5f:4b:85:35:50:6c:38:0d:59:2a:
46:a7:cc:ea:94:45:de:ad:fd:07:89:57:1d:a2:9c:
71:16:cb:fd:ca:ef:13:c9:57:67:46:0c:48:de:59:
3d:88:f5:40:2a:f0:76:ab:90:f5:9b:cc:7f:14:6e:
81:04:fb:d3:58:57:ac:0e:20:34:7e:16:66:46:e2:
c2:ec:75:95:08:c0:94:a5:d6:69:1f:54:65:0d:d0:
6d:64:1a:53:ab:79:a3:de:3d:04:b7:0c:32:c4:f9:
62:5a:0d:9d:36:65:b5:c3:70:f9:3b:bf:df:c8:31:
8a:c1:55:49:67:ec:5c:77:cf:16:33:50:f7:73:b8:
76:33:7c:c7:82:7e:d4:d8:0d:09:5f:0f:22:9f:58:
2d:f9:3d:7f:e8:c5:24:a9:d3:00:3f:cf:c6:79:cc:
ec:c5:ac:5e:97:45:10:e5:91:77:6d:1d:63:d3:72:
85:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
AF:FE:08:07:B5:EF:A7:91:47:64:A8:A8:A5:94:B6:83:38:5E:1E:4A
X509v3 Authority Key Identifier:
keyid:4E:3B:BB:11:1A:0C:46:6E:1C:E4:64:39:49:91:09:B0:2E:F2:C8:5A
Signature Algorithm: sha256WithRSAEncryption
67:e9:e0:3f:28:e4:dc:76:b8:4c:e7:63:d1:3f:c5:3b:e0:a0:
e4:14:28:41:14:f0:c9:ba:8d:4d:96:d6:e7:bb:49:1b:fa:a2:
ab:54:66:88:40:42:ec:71:5c:5e:9e:ab:bc:cb:3a:c2:03:4e:
c5:5e:d5:0f:89:ae:55:db:9f:1e:d6:37:01:fc:4a:a7:fa:94:
a2:52:cf:04:18:fa:90:99:54:10:20:d6:b7:44:86:00:bb:85:
01:1f:e4:27:6a:89:94:d6:67:94:ff:2e:50:58:53:0a:34:96:
6c:35:bd:04:71:25:f1:91:55:60:e5:1a:89:7a:a1:79:c2:2c:
a2:2a:fb:33:48:bd:7a:a0:b5:97:07:3c:85:3a:f5:aa:81:e6:
ad:c2:09:9f:f7:f9:bb:00:d9:67:6d:ca:e9:4b:1c:3b:41:b1:
77:4a:a2:88:5e:b5:9a:c2:ed:04:38:91:c4:08:f4:ae:8b:a1:
f3:5c:8a:5b:e2:93:a1:84:5c:d7:f3:55:ab:f1:26:4c:8a:96:
e3:3b:7a:75:5e:4a:98:4e:ae:1d:e1:db:6f:5f:8a:85:94:2c:
c9:84:36:7a:27:e4:52:e7:f3:93:0b:99:c2:22:96:60:9d:c6:
29:2e:cc:0e:81:45:f1:17:69:bb:89:4d:be:f0:09:67:4c:15:
1b:12:6d:9f
-----BEGIN CERTIFICATE-----
MIIEJTCCAw2gAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgMAldJMRYwFAYDVQQHDA1TdGV2ZW5zIFBvaW50MRAwDgYDVQQKDAdN
YXNhdSsrMRMwEQYDVQQLDApNYXNhdSsrIENBMREwDwYDVQQDDAhjYS5zLm1wcDEj
MCEGCSqGSIb3DQEJARYUbWFzYXUuZnVrdUBnbWFpbC5jb20wHhcNMTUwNTI2MTY1
MjUwWhcNMTYwNTI1MTY1MjUwWjCBnDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldJ
MRYwFAYDVQQHDA1TdGV2ZW5zIFBvaW50MRAwDgYDVQQKDAdNYXNhdSsrMRowGAYD
VQQLDBFNYXNhdSsrIERvd25sb2FkczEVMBMGA1UEAwwMZGVsdWdlLnMubXBwMSMw
IQYJKoZIhvcNAQkBFhRtYXNhdS5mdWt1QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAL2dFMSXDozLheZjmCaWnPgYw9zR9v6UoioY2yfD
2R6CD0iknpXLwz+eXpwNPw9U9g2dOU+pSTT/OFUs7jlEt8YSJvajZSSBsK6GxLL9
mHRfS4U1UGw4DVkqRqfM6pRF3q39B4lXHaKccRbL/crvE8lXZ0YMSN5ZPYj1QCrw
dquQ9ZvMfxRugQT701hXrA4gNH4WZkbiwux1lQjAlKXWaR9UZQ3QbWQaU6t5o949
BLcMMsT5YloNnTZltcNw+Tu/38gxisFVSWfsXHfPFjNQ93O4djN8x4J+1NgNCV8P
Ip9YLfk9f+jFJKnTAD/PxnnM7MWsXpdFEOWRd20dY9NyhZUCAwEAAaN7MHkwCQYD
VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFK/+CAe176eRR2SoqKWUtoM4Xh5KMB8GA1UdIwQYMBaA
FE47uxEaDEZuHORkOUmRCbAu8shaMA0GCSqGSIb3DQEBCwUAA4IBAQBn6eA/KOTc
drhM52PRP8U74KDkFChBFPDJuo1Nltbnu0kb+qKrVGaIQELscVxenqu8yzrCA07F
XtUPia5V258e1jcB/Eqn+pSiUs8EGPqQmVQQINa3RIYAu4UBH+QnaomU1meU/y5Q
WFMKNJZsNb0EcSXxkVVg5RqJeqF5wiyiKvszSL16oLWXBzyFOvWqgeatwgmf9/m7
ANlnbcrpSxw7QbF3SqKIXrWawu0EOJHECPSui6HzXIpb4pOhhFzX81Wr8SZMipbj
O3p1XkqYTq4d4dtvX4qFlCzJhDZ6J+RS5/OTC5nCIpZgncYpLswOgUXxF2m7iU2+
8AlnTBUbEm2f
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC9nRTElw6My4Xm
Y5gmlpz4GMPc0fb+lKIqGNsnw9kegg9IpJ6Vy8M/nl6cDT8PVPYNnTlPqUk0/zhV
LO45RLfGEib2o2UkgbCuhsSy/Zh0X0uFNVBsOA1ZKkanzOqURd6t/QeJVx2inHEW
y/3K7xPJV2dGDEjeWT2I9UAq8HarkPWbzH8UboEE+9NYV6wOIDR+FmZG4sLsdZUI
wJSl1mkfVGUN0G1kGlOreaPePQS3DDLE+WJaDZ02ZbXDcPk7v9/IMYrBVUln7Fx3
zxYzUPdzuHYzfMeCftTYDQlfDyKfWC35PX/oxSSp0wA/z8Z5zOzFrF6XRRDlkXdt
HWPTcoWVAgMBAAECggEAMNT5ej+k4aGwlErl7lovhr1qA76XK60/rjPEjRMlIXRB
V2X96XoWiJXSq8HFkb9BtvPcxKVGUz2/VkBCAcGuynX2TuJ5s9Mqm2fd1HL3BlFc
c6vtUFGHLoVyuNhPOWxdEtXtUPN8kFpVzZcvf0nfAKVf1Wxof8rfzBvNMMHI7hnv
UsxuuKkvRp4EPMFM5bTJqRCnnUjw+Al4cnuVgejw3z4+aW3qL71SryXV9p5K0AM2
C5zpx++Lho03TEV2fKpz4V9XzP1GEJNjrBTgGsCHfwkegfXyf8aXUdDn6QeUBq7F
KTo2CPgIA180WOk2WJ3ZBTFJw9iuEQJym/cDUUjaqQKBgQDqir2XvfhjqEDpcihB
rPvVE7L04Dp5wUZExdwCVl42hoHoDWoPMcJW++5tdV+Q4viJeEJ6daNLSpcsYlzK
zux0r16obaHH80OK0Q51qn8NiSuW7BKXfajBJPDmyZ/SG5X0XkHr5Z/UQL777Iqp
15hTay+Dh3hjZbIhwW0Ah7//lwKBgQDO9hA+5jjWl8YA4bPdbRlXGx4ORBjTe6hn
potDsFqUF4vfcdlgBaMHwEAtJoSMVbMK2Hw3U+CqlwIb6B7JhxzCzJKOK/ISTyxZ
aPs7brEOiZ6YTuaV+u4tS+fXUp0inQQV3tJ0Yoym2EyoQXhEvVKD4/5AdKCh0znk
Nc/D+E2JswKBgEy8a99ztgrVB7fZM7aZJCPIuCpKGpevVpA1tA/Htjdctq/3g5XJ
D+5pqs6BMm0y9WH0yLtMNcrycpeA7x8jqFVc8zlj9SR4QMbwMyzoRX1mPa65OjP6
VvYqYe8AVJvnjp5PIH5PuIU3UcUW1R9QfHP+g6Mi9Y5/vVIx+LnNsFGtAoGABL8R
6k9fWFSMvvJuLJLW9O9zRgJ7y0XXu+DO6tN9kE3l8E7tHE2kyoW3MxHiElHY1FPY
rXAoA+GIs9kj8508pJ8KcWZCm/bi3n4Q3PER8HJph7avhRsHIVTPUVncrrGJKXM9
wluMPDtTrrwppPHulYXCC/pgwLVWa4xsYmMsbA8CgYBkm2/+sS+TPS8FgM2UxM1w
WkIMqp57bZgLZeoG5fvkQOQRpd6R/g4F44+8b3386rtEDie1IRKDkX8l03WzcfMO
X5Rl1UV6crS3qy/jdURII3uo6cX1/L7ndXeD4rS/Giyz/NsbvAESlmvnA2uVgaFF
yc1fobuHTYZkM8EBZFqK1w==
-----END PRIVATE KEY-----

25
states/roles/maintain/deluge/conf.d/deluge-web.conf
View file

@ -1,25 +0,0 @@
server {
# listen 443;
listen 80;
server_name deluge.s.mpp;
# ssl_certificate /etc/nginx/cert.pem;
# ssl_certificate_key /etc/nginx/cert.pem;
# ssl on;
# ssl_session_cache builtin:1000 shared:SSL:10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
# ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8112/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_pass_header P3P;
}
}

7
states/roles/maintain/deluge/firewalld-direct.xml
View file

@ -1,7 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --gid-owner deluge -o lo -j ACCEPT</rule>
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --uid-owner deluge -p tcp --dport 53 -j ACCEPT</rule>
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --uid-owner deluge -p udp --dport 53 -j ACCEPT</rule>
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-m owner --gid-owner deluge '!' -o tun0 -j REJECT</rule>
</direct>

65
states/roles/maintain/deluge/init.sls
View file

@ -1,65 +0,0 @@
{%- set os=grains['os'] -%}
deluge:
pkg.installed
python2-mako:
pkg.installed
deluge-vpn-pkg:
pkg.installed:
- name: openvpn
#This should be handled by backup and restore states
#{% if not salt['file.directory_exists']('/srv/deluge/.config/deluge') %}
#/srv/deluge/.config/deluge:
# file.recurse:
# - source: salt://backups/deluge
# - user: deluge
# - group: deluge
# - dir_mode: 0755
# - file_mode: 0644
#{% endif %}
deluged:
service.running:
- enable: true
deluge-web:
service.running:
- enable: true
/etc/firewalld/direct.xml:
file.managed:
- source: salt://roles/maintain/deluge/firewalld-direct.xml
- user: root
- group: root
- mode: 644
/etc/openvpn/client/windscribe-denmark.conf:
file.managed:
- source: salt://roles/maintain/deluge/windscribe-denmark.conf
- user: root
- group: root
- mode: 644
/etc/openvpn/client/windscribe.login:
file.managed:
- source: salt://secure/files/windscribe.login
- user: root
- group: root
- mode: 644
openvpn-client@windscribe-denmark:
service.running:
- enable: true
- watch:
- file: /etc/openvpn/client/windscribe-denmark.conf
- file: /etc/openvpn/client/windscribe.login
deluge-firewall:
service.running:
- name: firewalld
- enable: true
- watch:
- file: /etc/firewalld/direct.xml

71
states/roles/maintain/deluge/nginx.conf
View file

@ -1,71 +0,0 @@
#user html;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include conf.d/*;
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}

3
states/roles/maintain/emby/emby-server Normal file
View file

@ -0,0 +1,3 @@
FFMPEG=/usr/bin/ffmpeg
FFPROBE=/usr/bin/ffprobe
PROGRAM_DATA=/var/lib/emby

25
states/roles/maintain/emby/init.sls Normal file
View file

@ -0,0 +1,25 @@
{%- set os=grains['os'] -%}
emby-server:
pkg.installed:
- name: emby-server
service.running:
- enable: true
/var/lib/emby:
file.symlink:
- target: /mnt/emby
- force: true
/etc/conf.d/emby-server:
file.managed:
- source: salt://roles/maintain/emby/emby-server
- user: root
- group: root
- mode: 644
mount:
group.present:
- gid: 503
- addusers:
- emby

36
states/roles/maintain/lightbooks/init.sls
View file

@ -1,36 +0,0 @@
lightbooks-php:
pkg.installed:
- name: php
lightbooks-php-fpm:
pkg.installed:
- name: php-fpm
service.running:
- name: php-fpm
- enable: true
- watch:
- file: /etc/php/php.ini
lightbooks-mysql-client:
pkg.installed:
- name: mariadb-clients
/etc/nginx/conf.d/lightbooks.conf:
file.managed:
- source: salt://roles/maintain/lightbooks/nginx.conf
- user: root
- group: root
- mode: 644
- makedirs: true
/etc/nginx/conf.d/lightbooks-dev.conf:
file.managed:
- source: salt://roles/maintain/lightbooks/nginx-dev.conf
- user: root
- group: root
- mode: 644
- makedirs: true
/etc/php/php.ini:
file.managed:
- source: salt://roles/maintain/lightbooks/php.ini
- user: root
- group: root
- mode: 644

44
states/roles/maintain/lightbooks/nginx-dev.conf
View file

@ -1,44 +0,0 @@
server {
listen *:8080;
server_name books.dev.actcur.com;
root /usr/share/webapps/lightbooks-dev/public; #Path of lightbooks-dev web directory
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~ \..*/.*\.php$ {
return 403;
}
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
location / {
try_files $1 $uri $uri/ /index.php$is_args$args;
}
location ~ ^/index\.php(.*)$ {
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; #Replace with the port if php fpm is configured to run on port.
fastcgi_param SCRIPT_FILENAME /usr/share/webapps/lightbooks-dev/public/index.php; #Replace with lightbooks-dev2 web index.php file path.
fastcgi_param LIGHTBOOKSWEB_CONFIGDIR /etc/lightbooks-dev;
fastcgi_param REMOTE_USER $remote_user;
}
}

44
states/roles/maintain/lightbooks/nginx.conf
View file

@ -1,44 +0,0 @@
server {
listen *:8000;
server_name books.actcur.com;
root /usr/share/webapps/lightbooks/public; #Path of lightbooks2 web directory
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~ \..*/.*\.php$ {
return 403;
}
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
location / {
try_files $1 $uri $uri/ /index.php$is_args$args;
}
location ~ ^/index\.php(.*)$ {
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; #Replace with the port if php fpm is configured to run on port.
fastcgi_param SCRIPT_FILENAME /usr/share/webapps/lightbooks/public/index.php; #Replace with lightbooks2 web index.php file path.
fastcgi_param LIGHTBOOKSWEB_CONFIGDIR /etc/lightbooks;
fastcgi_param REMOTE_USER $remote_user;
}
}

1930
states/roles/maintain/lightbooks/php.ini
View file

File diff suppressed because it is too large Load diff

6
states/roles/maintain/lxc/container.conf
View file

@ -9,10 +9,16 @@ lxc.uts.name = {{container}}
# Network configuration
lxc.net.0.type = none
# for openvpn
lxc.mount.entry = /dev/net dev/net none bind,create=dir
lxc.cgroup.devices.allow = c 10:200 rwm
# bind directories
{%- for bind_dir in bind_dirs %}
lxc.mount.entry=/{{bind_dir}} {{bind_dir}} none bind 0 0
{%- endfor %}
# overlay directories
{%- for overlay_dir in overlay_dirs %}
lxc.mount.entry=overlay {{overlay_dir}} overlay lowerdir=/{{overlay_dir}},upperdir=/var/lib/lxc/{{container}}/upperdirs/{{overlay_dir}},workdir=/var/lib/lxc/{{container}}/workdirs/{{overlay_dir}} 0 0
{%- endfor %}

27
states/roles/maintain/lxc/init.sls
View file

@ -5,6 +5,21 @@ lxc-create-symlink:
file.symlink:
- name: /lxc
- target: /var/lib/lxc
/etc/systemd/system/start_lxc.service:
file.managed:
- source: salt://roles/maintain/lxc/start_lxc.service
- user: root
- group: root
- mode: 644
/opt/start_lxc.sh:
file.managed:
- source: salt://roles/maintain/lxc/start_lxc.sh
- user: root
- group: root
- mode: 744
- template: jinja
{%- if pillar['lxc'] is defined -%}
{%- for container in pillar['lxc'] %}
@ -125,11 +140,9 @@ lxc-create-symlink:
cmd.run:
- name: 'setfattr -n trusted.overlay.opaque -v y "/var/lib/lxc/{{container}}/upperdirs/{{hidden_dir}}"'
{%- endfor %}
{{container}}-running:
service.running:
- name: lxc@{{container}}.service
- enable: true
{%- endfor %}
{%- endif %}
{%- endif %}
start_lxc:
service.running:
- enable: true

8
states/roles/maintain/lxc/start_lxc.service Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=My script
[Service]
ExecStart=/opt/start_lxc.sh
[Install]
WantedBy=multi-user.target

17
states/roles/maintain/lxc/start_lxc.sh Normal file
View file

@ -0,0 +1,17 @@
#!/bin/sh
sleep 5
systemctl restart autofs
sleep 5
{%- if pillar['lxc'] is defined -%}
{%- for container in pillar['lxc'] -%}
{%- if pillar['lxc'][container]['bind_dirs'] is defined -%}
{%- for dir in pillar['lxc'][container]['bind_dirs'] %}
ls /{{dir}}/
{%- endfor -%}
{%- endif -%}
{%- endfor %}
sleep 5
{%- for container in pillar['lxc'] %}
systemctl start lxc@{{container}}.service
{%- endfor -%}
{%- endif -%}

8
states/roles/maintain/ombi/init.sls Normal file
View file

@ -0,0 +1,8 @@
#package is in aur repo
ombi:
pkg.installed
ombi_service:
service.running:
- name: ombi
- enable: true

22
states/roles/maintain/plexmediaserver/init.sls
View file

@ -1,22 +0,0 @@
{%- set os=grains['os'] -%}
plex-media-server-plexpass:
pkg.installed
plexmediaserver:
service.running:
- enable: true
/etc/conf.d/plexmediaserver:
file.managed:
- source: salt://roles/maintain/plexmediaserver/plexmediaserver
- user: root
- group: root
- mode: 644
mount:
group.present:
- gid: 503
- addusers:
- plex

7
states/roles/maintain/plexmediaserver/plexmediaserver
View file

@ -1,7 +0,0 @@
LD_LIBRARY_PATH=/opt/plexmediaserver
PLEX_MEDIA_SERVER_HOME=/opt/plexmediaserver
#PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=/var/lib/plex
PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=/var/lib/plexmediaserver/Library/Application\ Support
PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=6
PLEX_MEDIA_SERVER_TMPDIR=/tmp
TMPDIR=/tmp

9
states/roles/maintain/rtorrent/init.sls
View file

@ -62,6 +62,15 @@ rtorrent-php-fpm:
- group: root
- mode: 644
- mkdirs: true
/opt/scripts/rtorrent.sh:
file.managed:
- source: salt://roles/maintain/rtorrent/rtorrent.sh
- user: root
- group: root
- mode: 644
- mkdirs: true
/etc/systemd/system/rtorrent.service:
file.managed:
- source: salt://roles/maintain/rtorrent/rtorrent.service

2
states/roles/maintain/rtorrent/nginx.conf
View file

@ -21,7 +21,7 @@ http {
}
location /RPC2 {
include scgi_params;
scgi_pass localhost:5000;
scgi_pass localhost:5050;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {

6
states/roles/maintain/rtorrent/rtorrent.rc
View file

@ -10,8 +10,8 @@ max_peers_seed = 60
max_uploads = 30
# Global upload and download rate in KiB. "0" for unlimited.
#download_rate = 0
#upload_rate = 0
download_rate = 1024
upload_rate = 50
# Default directory to save the downloaded torrents.
directory = /mnt/video/rtorrent/downloads
@ -78,4 +78,4 @@ dht = on
#
peer_exchange = yes
scgi_port = 127.0.0.1:5000
scgi_port = 127.0.0.1:5050

11
states/roles/maintain/rtorrent/rtorrent.service
View file

@ -1,14 +1,17 @@
[Unit]
Description=rTorrent
After=network.target
After=openvpn-client@windscribe-denmark
[Service]
User=root
Type=forking
KillMode=none
ExecStart=/usr/bin/screen -d -m -fa -S rtorrent /usr/bin/rtorrent
ExecStop=/usr/bin/killall -w -s 2 /usr/bin/rtorrent
WorkingDirectory=%h
ExecStartPre=/usr/bin/bash -c 'if test -e /mnt/video/rtorrent/.session/rtorrent.lock && test -z `pidof rtorrent`; then rm -f /mnt/video/rtorrent/.session/rtorrent.lock; fi'
ExecStart=/bin/bash -c 'sleep 10;/usr/bin/screen -dmfa -S rtorrent /usr/bin/rtorrent -b `ifconfig tun0 | grep "inet " | grep -Po "(?<=inet).*(?=net)"`'
ExecStop=/usr/bin/bash -c "test `pidof rtorrent` && killall -w -s 2 /usr/bin/rtorrent"
WorkingDirectory=/mnt/video/rtorrent
Restart=on-failure
[Install]
WantedBy=default.target
WantedBy=default.target

Some files were not shown because too many files have changed in this diff Show more