actcur/salt
3
0
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity

Compare commits

base: actcur:nginx
Branches Tags
actcur:prod
actcur:dev
actcur:seer
actcur:nginx
actcur:bazarr
actcur:qual
actcur:matrix
actcur:fix_secrets
..
compare: actcur:prod
Branches Tags
actcur:prod
actcur:dev
actcur:seer
actcur:nginx
actcur:bazarr
actcur:qual
actcur:matrix
actcur:fix_secrets

13 commits
nginx ... prod

Author SHA1 Message Date
Actaeus Curabitur
5db30c42fb removed temp file 2024-07-31 00:49:56 -05:00
Actaeus Curabitur
0bbe0450aa forgot to include updated nextcloud configuration 2024-07-31 00:49:28 -05:00
Actaeus Curabitur
1e9094e3cb added nolocal flag to nginx configuration for nextcloud and fixed nextcloud remote config 2024-07-31 00:46:57 -05:00
Jayne
887df39849 Merge pull request 'seer' (#18) from seer into prod 
Reviewed-on: #18
 2024-06-01 14:09:12 -05:00
Jayne
69ce732461 Merge pull request 'updated nginx configuration' (#17) from dev into prod 
Reviewed-on: #17
 2024-06-01 12:07:46 -05:00
Jayne
0d71dab542 Merge branch 'prod' into dev 2024-06-01 12:07:15 -05:00
Actaeus Curabitur
dd60a1755c updated nginx configuration 2024-06-01 12:04:18 -05:00
Actaeus Curabitur
c1fe7075c0 updated nextcloud nginx proxy, removing local proxy 2024-03-24 22:52:16 -05:00
Actaeus Curabitur
0c74876b91 Added auto-ballooning 2023-12-25 23:34:07 -06:00
Actaeus Curabitur
a8d74f2ea7 Added Readarr 2023-12-25 04:20:46 -06:00
Actaeus Curabitur
49f68f3dc5 added prowlarr 2023-12-25 03:26:25 -06:00
Actaeus Curabitur
08aac58570 Added Jellyseerr 2023-12-25 02:35:51 -06:00
Jayne
1cdc458c59 Merge pull request 'added per-service proxy header settings and set them for jellyfin' (#16) from nginx into prod 
Reviewed-on: #16
 2023-12-06 01:26:46 -06:00
19 changed files with 189 additions and 8 deletions
Show stats Expand all files Collapse all files

20
pillars/roles/nginx/jellyseerr.sls Normal file
View file

@ -0,0 +1,20 @@
nginx:
jellyseerr:
auth: none
default: no
https:
port: 5055
prot: http
request:
auth: none
default: no
https:
port: 5055
prot: http
portal:
Media:
request:
name: Mediar Request Server
summary: Jellyseerr media request server
public: false

3
pillars/roles/nginx/nextcloud.sls
View file

@ -1,10 +1,11 @@
nginx: nginx:
cloud: cloud:
auth: none auth: none
https: https:
port: 8080 port: 8080
prot: http prot: http
nolocal: true
portal: portal:
Misc: Misc:
cloud: cloud:

14
pillars/roles/nginx/prowlarr.sls Normal file
View file

@ -0,0 +1,14 @@
nginx:
prowlarr:
auth: 2fa
default: no
https:
port: 9696
prot: http
portal:
Media:
prowlarr:
name: Torrent Indexers
summary: Prowlarr Server
public: false

14
pillars/roles/nginx/readarr.sls Normal file
View file

@ -0,0 +1,14 @@
nginx:
readarr:
auth: 2fa
default: no
https:
port: 8787
prot: http
portal:
Media:
readarr:
name: Audiobook/ebook Downloader
summary: Readarr Server
public: false

3
pillars/servers/roles/server/arr.sls
View file

@ -6,8 +6,9 @@ roles:
- arr - arr
- sonarr - sonarr
- radarr - radarr
- readarr
- lidarr - lidarr
- bazarr - bazarr
- jackett - prowlarr
- ytdownloader - ytdownloader
- podfox - podfox

7
pillars/servers/roles/server/jellyseerr.sls Normal file
View file

@ -0,0 +1,7 @@
roles:
- server
- ssh
- nrpe
- saltminion
- nginx-proxy
- jellyseerr

3
states/roles/maintain/certbot/certbot.sh
View file

@ -1,3 +1,6 @@
echo "Running certbot renew" > /root/scripts/certbot.log echo "Running certbot renew" > /root/scripts/certbot.log
/bin/certbot renew >> /root/scripts/certbot.log /bin/certbot renew >> /root/scripts/certbot.log
echo "Finished certbot renew" >> /root/scripts/certbot.log echo "Finished certbot renew" >> /root/scripts/certbot.log
echo "Copying certs to /secure" >> /root/scripts/certbot.log
cp -rL /etc/letsencrypt/live/* /secure/certs/
echo "Done copying certs to /secure" >> /root/scripts/certbot.log

10
states/roles/maintain/host/balloon.service Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=Automatically adjust balloon size to free up unused memory
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=/bin/bash /root/scripts/balloon.sh
[Install]
WantedBy=multi-user.target

21
states/roles/maintain/host/balloon.sh Normal file
View file

@ -0,0 +1,21 @@
for domain in `virsh list --name`
do
virsh dommemstat --period 5 $domain
max=`virsh dominfo $domain | grep Max | grep -Po "\d+"`
current=`virsh dominfo $domain | grep Used | grep -Po "\d+"`
unused=`virsh dommemstat $domain | grep unused | grep -Po "\d+"`
used=$(($current - $unused))
newfree=$((($max - $used) / 5))
if test $newfree -gt 524288
then
target=$(($newfree + $used))
else
target=$((524288 + $used))
fi
if test $target -gt $max
then
target=$max
fi
echo "$domain: $target"
virsh setmem $domain --size $target
done

9
states/roles/maintain/host/balloon.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Update balloon sizes every 10 minutes
[Timer]
OnCalendar=*:0/10
Unit=balloon.service
[Install]
WantedBy=multi-user.target

32
states/roles/maintain/host/init.sls
View file

@ -99,3 +99,35 @@ libvirtd:
# - file: /etc/systemd/network/br1.netdev # - file: /etc/systemd/network/br1.netdev
# - file: /etc/systemd/network/br1.network # - file: /etc/systemd/network/br1.network
# - file: /etc/systemd/network/uplink.network # - file: /etc/systemd/network/uplink.network
/root/scripts/balloon.sh:
file.managed:
- source: salt://roles/maintain/host/balloon.sh
- user: root
- group: root
- mode: 644
/lib/systemd/system/balloon.service:
file.managed:
- source: salt://roles/maintain/host/balloon.service
- user: root
- group: root
- mode: 644
/lib/systemd/system/balloon.timer:
file.managed:
- source: salt://roles/maintain/host/balloon.timer
- user: root
- group: root
- mode: 644
balloon-reload:
module.run:
- name: service.systemctl_reload
- onchanges:
- file: /lib/systemd/system/*
balloon.timer:
service.running:
- enable: true

14
states/roles/maintain/jellyseerr/init.sls Normal file
View file

@ -0,0 +1,14 @@
{%- set os=grains['os'] -%}
jellyseerr:
pkg.installed:
- name: jellyseerr
service.running:
- enable: true
#/etc/conf.d/jellyfin:
# file.managed:
# - source: salt://roles/maintain/jellyfin/jellyfin
# - user: root
# - group: root
# - mode: 644

0
states/roles/maintain/nginx-proxy/empty.conf Normal file
View file

2
states/roles/maintain/nginx-proxy/init.sls
View file

@ -49,6 +49,8 @@ nginx:
- makedirs: true - makedirs: true
{%- if portal is defined %} {%- if portal is defined %}
- source: salt://roles/maintain/nginx-proxy/remote.conf - source: salt://roles/maintain/nginx-proxy/remote.conf
{%- elif pillar['nginx'][name]['nolocal'] is defined and pillar['nginx'][name]['nolocal'] == 'true' %}
- source: salt://roles/maintain/nginx-proxy/empty.conf
{%- else %} {%- else %}
- source: salt://roles/maintain/nginx-proxy/local.conf - source: salt://roles/maintain/nginx-proxy/local.conf
{%- endif %} {%- endif %}

3
states/roles/maintain/nginx-proxy/local.conf
View file

@ -19,13 +19,12 @@
{%- set prot = "https" -%} {%- set prot = "https" -%}
{%- endif -%} {%- endif -%}
server { server {
listen 443; listen 443 ssl;
server_name {{server}}.actcur.com {{wildcard}}; server_name {{server}}.actcur.com {{wildcard}};
# resolver {{ resolver }}; # resolver {{ resolver }};
set $backend "{{prot}}://127.0.0.1{%- if port is defined -%}:{{port}}{%- endif -%}"; set $backend "{{prot}}://127.0.0.1{%- if port is defined -%}:{{port}}{%- endif -%}";
ssl on;
ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem; ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem; ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;

3
states/roles/maintain/nginx-proxy/portal.conf
View file

@ -1,12 +1,11 @@
server { server {
listen 443 default_server; listen 443 ssl default_server;
server_name portal.actcur.com; server_name portal.actcur.com;
resolver {{resolver}}; resolver {{resolver}};
set $certbot "https://salt.actcur.com"; set $certbot "https://salt.actcur.com";
ssl on;
ssl_certificate /etc/nginx/certs/portal.actcur.com/fullchain.pem; ssl_certificate /etc/nginx/certs/portal.actcur.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/portal.actcur.com/privkey.pem; ssl_certificate_key /etc/nginx/certs/portal.actcur.com/privkey.pem;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;

3
states/roles/maintain/nginx-proxy/remote.conf
View file

@ -12,14 +12,13 @@
{%- endif -%} {%- endif -%}
server { server {
listen 443; listen 443 ssl;
server_name {{server}}.actcur.com {{wildcard}}; server_name {{server}}.actcur.com {{wildcard}};
resolver {{resolver}}; resolver {{resolver}};
set $backend "https://{{server}}.actcur.com"; set $backend "https://{{server}}.actcur.com";
set $certbot "https://salt.actcur.com"; set $certbot "https://salt.actcur.com";
ssl on;
ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem; ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem; ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;

22
states/roles/maintain/prowlarr/init.sls Normal file
View file

@ -0,0 +1,22 @@
/var/lib/prowlarr:
file.symlink:
- target: /mnt/data/prowlarr
- force: true
- mkdirs: true
#package is in aur repo
prowlarr:
pkg.installed
prowlarr_service:
service.running:
- name: prowlarr
- enable: true
flaresolverr:
pkg.installed
flaresolverr_service:
service.running:
- name: flaresolverr
- enable: true

14
states/roles/maintain/readarr/init.sls Normal file
View file

@ -0,0 +1,14 @@
/var/lib/readarr:
file.symlink:
- target: /mnt/data/readarr
- force: true
- mkdirs: true
#package is in aur repo
readarr-develop:
pkg.installed
readarr_service:
service.running:
- name: readarr
- enable: true