cyclane/kovalhome
1
1
Fork 0
Code Issues 7 Pull Requests 1 Actions Packages Projects 3 Releases Activity

Compare commits

base: cyclane:23aa518c604b891ccce2223bf9b9c3cef017650d
Branches Tags
cyclane:main cyclane:cleanup-playbooks cyclane:initial-vm-provisioning
..
compare: cyclane:main
Branches Tags
cyclane:main cyclane:cleanup-playbooks cyclane:initial-vm-provisioning

8 Commits
23aa518c60 ... main

Author SHA1 Message Date
Gleb Koval
56ead186cd feat: upgrade immich to release
All checks were successful
Infrastructure / Check and run Ansbile playbooks (push) Successful in 3m58s
Details
2025-08-06 01:36:54 +02:00
Gleb Koval
44aba5dd18 feat: force deployment of immich
All checks were successful
Infrastructure / Check and run Ansbile playbooks (push) Successful in 3m53s
Details
2025-08-06 01:22:58 +02:00
Gleb Koval
10c5e865b8 feat: upgrade immich to 1.133
All checks were successful
Infrastructure / Check and run Ansbile playbooks (push) Successful in 2m44s
Details
2025-08-06 01:16:56 +02:00
Gleb Koval
1d15d33bcd fix(rmfakecloud): forward port 3000
All checks were successful
Infrastructure / Check and run Ansbile playbooks (push) Successful in 2m8s
Details
2025-03-16 00:30:57 +00:00
Gleb Koval
2ef09a3fc8 fix: re-trigger rmfakecloud deployment
All checks were successful
Infrastructure / Check and run Ansbile playbooks (push) Successful in 3m24s
Details
2025-03-16 00:23:39 +00:00
Gleb Koval
960fe49753 feat: rmfakecloud VM
Some checks failed
Infrastructure / Check and run Ansbile playbooks (push) Failing after 7m5s
Details
2025-03-16 00:11:20 +00:00
Gleb Koval
88e10984e7 fix: disable solidtime registration
All checks were successful
Infrastructure / Check and run Ansbile playbooks (push) Successful in 2m18s
Details
2025-02-16 00:55:25 +00:00
Gleb Koval
d14056d11c fix: use infisicalsdk instead of infisical-python
All checks were successful
Infrastructure / Check and run Ansbile playbooks (push) Successful in 3m30s
Details
2025-02-16 00:44:47 +00:00
11 changed files with 279 additions and 26 deletions
Expand all files Collapse all files

33
infra/photos/immich/docker-compose.yml
View File

@@ -5,7 +5,7 @@ services:
container_name: immich_server container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION} image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION}
volumes: volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload - ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
env_file: env_file:
- .env - .env
@@ -15,6 +15,8 @@ services:
- redis - redis
- database - database
restart: always restart: always
healthcheck:
disable: false
immich-machine-learning: immich-machine-learning:
container_name: immich_machine_learning container_name: immich_machine_learning
@@ -24,46 +26,29 @@ services:
env_file: env_file:
- .env - .env
restart: always restart: always
healthcheck:
disable: false
redis: redis:
container_name: immich_redis container_name: immich_redis
image: redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5 image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
healthcheck: healthcheck:
test: redis-cli ping || exit 1 test: redis-cli ping || exit 1
restart: always restart: always
database: database:
container_name: immich_postgres container_name: immich_postgres
image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
env_file: env_file:
- .env - .env
environment: environment:
POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME} POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME} POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes: volumes:
- pgdata:/var/lib/postgresql/data - pgdata:/var/lib/postgresql/data
healthcheck: shm_size: 128mb
test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
interval: 5m
start_interval: 30s
start_period: 5m
command:
[
'postgres',
'-c',
'shared_preload_libraries=vectors.so',
'-c',
'search_path="$$user", public, vectors',
'-c',
'logging_collector=on',
'-c',
'max_wal_size=2GB',
'-c',
'shared_buffers=512MB',
'-c',
'wal_compression=on',
]
restart: always restart: always
volumes: volumes:

112
infra/rmfakecloud/0000_proxmox_playbook.yaml Normal file
View File

@@ -0,0 +1,112 @@
- name: Provision rmfakecloud Proxmox VM
hosts: rmfakecloud
connection: ansible.builtin.local
gather_facts: false
vars:
api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}"
api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}"
api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}"
api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}"
ssh_public: "{{ lookup('ansible.builtin.env', 'SSH_PUBLIC') }}"
vmname: "{{ inventory_hostname | regex_replace('^([^\\.]+)\\..+$', '\\1') }}"
node: pve
module_defaults:
community.general.proxmox_kvm:
api_user: "{{ api_user }}"
api_host: "{{ api_host }}"
api_token_id: "{{ api_token_id }}"
api_token_secret: "{{ api_token_secret }}"
name: "{{ vmname }}"
node: "{{ node }}"
community.general.proxmox_nic:
api_user: "{{ api_user }}"
api_host: "{{ api_host }}"
api_token_id: "{{ api_token_id }}"
api_token_secret: "{{ api_token_secret }}"
name: "{{ vmname }}"
community.general.proxmox_disk:
api_user: "{{ api_user }}"
api_host: "{{ api_host }}"
api_token_id: "{{ api_token_id }}"
api_token_secret: "{{ api_token_secret }}"
name: "{{ vmname }}"
tasks:
# Initial setup
- name: Create VM
community.general.proxmox_kvm:
clone: "{{ node }}-debian-12"
storage: nvme
notify:
- Start VM
- Wait
- name: Wait for status
community.general.proxmox_kvm:
state: current
register: vm
retries: 30
delay: 10
until: vm.status is defined
# Networking and initial config
- name: Add PUB NIC
community.general.proxmox_nic:
interface: net0
firewall: false
bridge: PUB
- name: Add SRV NIC
community.general.proxmox_nic:
interface: net1
firewall: false
bridge: SRV
- name: Configure cloud-init
community.general.proxmox_kvm:
update: true
ciuser: debian
sshkeys: "{{ ssh_public }}"
ipconfig:
ipconfig0: ip=dhcp,ip6=auto
ipconfig1: ip=dhcp
- name: Force all notified handlers to run
ansible.builtin.meta: flush_handlers
# VM Configuration
- name: Resize root disk
community.general.proxmox_disk:
disk: scsi0
size: 16G
state: resized
- name: Create data disk
community.general.proxmox_disk:
disk: scsi1
backup: true
storage: nvme
size: 16
- name: Update VM
community.general.proxmox_kvm:
update: true
agent: enabled=1
tags:
- debian-12
- managed
onboot: true
cores: 2
memory: 4096
- name: Retart VM
community.general.proxmox_kvm:
state: restarted
timeout: 60
handlers:
# Initial boot
# For some reason debian cloud images don't use
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Start VM
community.general.proxmox_kvm:
state: started
register: start
- name: Wait # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90

43
infra/rmfakecloud/0001_initialise_playbook.yaml Normal file
View File

@@ -0,0 +1,43 @@
- name: Initialise VM
hosts: rmfakecloud
gather_facts: false
tasks:
- name: Wait for connection
ansible.builtin.wait_for_connection:
timeout: 300
- name: Install system packages
ansible.builtin.apt:
update_cache: true
pkg:
- qemu-guest-agent
- parted
become: true
- name: Enable qemu-guest-agent
ansible.builtin.systemd:
name: qemu-guest-agent
state: started
enabled: true
become: true
- name: Create data partition
community.general.parted:
device: /dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:1
label: gpt
name: data
number: 1
state: present
become: true
- name: Create data filesystem
community.general.filesystem:
dev: /dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:1-part1
fstype: ext4
become: true
- name: Mount data partition
ansible.posix.mount:
src: /dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:1-part1
path: /var/lib/docker
fstype: ext4
opts: rw,errors=remount-ro,x-systemd.growfs
state: mounted
become: true

48
infra/rmfakecloud/0002_docker_playbook.yaml Normal file
View File

@@ -0,0 +1,48 @@
- name: Install docker
hosts: rmfakecloud
gather_facts: false
tasks:
- name: Wait for connection
ansible.builtin.wait_for_connection:
timeout: 300
- name: Install dependencies
ansible.builtin.apt:
update_cache: true
pkg:
- curl
- python3-apt
- gpg
become: true
- name: Add docker key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/debian/gpg
keyring: /etc/apt/keyrings/docker.gpg
become: true
- name: Add docker repo
ansible.builtin.apt_repository:
repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable
become: true
- name: Install docker
ansible.builtin.apt:
update_cache: true
pkg:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
become: true
- name: Add user to docker group
ansible.builtin.user:
user: debian
groups:
- docker
append: true
become: true
- name: Enable docker
ansible.builtin.systemd:
name: docker
state: started
enabled: true
become: true

40
infra/rmfakecloud/0003_rmfakecloud_playbook.yaml Normal file
View File

@@ -0,0 +1,40 @@
- name: Deploy app
hosts: rmfakecloud
gather_facts: false
vars:
app: rmfakecloud
tasks:
- name: Wait for connection
ansible.builtin.wait_for_connection:
timeout: 300
- name: Check if project exists
ansible.builtin.stat:
path: "$HOME/{{ app }}"
register: project
- name: Docker compose down
when: project.stat.exists
community.docker.docker_compose_v2:
project_src: "$HOME/{{ app }}"
state: absent
- name: Copy project
ansible.builtin.copy:
src: "./{{ app }}"
dest: "$HOME"
mode: "0744"
- name: Replace JWT_SECRET_KEY secret
ansible.builtin.replace:
path: "$HOME/{{ app }}/.env"
regexp: "JWT_SECRET_KEY_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
path='/rmfakecloud', secret_name='JWT_SECRET_KEY')['value'] }}"
- name: Replace SMTP Password secret
ansible.builtin.replace:
path: "$HOME/{{ app }}/.env"
regexp: "SMTP_PASSWORD_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
- name: Docker compose up
community.docker.docker_compose_v2:
project_src: "$HOME/{{ app }}"

10
infra/rmfakecloud/rmfakecloud/.env Normal file
View File

@@ -0,0 +1,10 @@
# General
JWT_SECRET_KEY=JWT_SECRET_KEY_VALUE
PORT=3000
RM_TRUST_PROXY=10.4.0.1
# Email
RM_SMTP_SERVER=mx.koval.net:465
RM_SMTP_USERNAME=no-reply@koval.net
RM_SMTP_PASSWORD=SMTP_PASSWORD_VALUE
RM_SMTP_FROM=ReMarkable.koval.net <no-reply@koval.net>

1
infra/rmfakecloud/rmfakecloud/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
!*.env

12
infra/rmfakecloud/rmfakecloud/docker-compose.yml Normal file
View File

@@ -0,0 +1,12 @@
services:
rmfakecloud:
image: ddvk/rmfakecloud
restart: unless-stopped
env_file:
- .env
volumes:
- data:/data
ports:
- 3000:3000
volumes:
data:

1
infra/solidtime/solidtime/laravel.env
View File

@@ -4,7 +4,6 @@ APP_ENV="production"
APP_DEBUG="false" APP_DEBUG="false"
APP_URL="https://solidtime.koval.net" APP_URL="https://solidtime.koval.net"
APP_FORCE_HTTPS="true" APP_FORCE_HTTPS="true"
APP_ENABLE_REGISTRATION="false"
TRUSTED_PROXIES="10.4.0.1/32" TRUSTED_PROXIES="10.4.0.1/32"
# Authentication # Authentication

3
inventory/proxmox.yaml
View File

@@ -29,6 +29,9 @@ proxmox:
solidtime: solidtime:
hosts: hosts:
solidtime.srv.home.local.koval.net: solidtime.srv.home.local.koval.net:
rmfakecloud:
hosts:
rmfakecloud.srv.home.local.koval.net:
vars: vars:
ansible_user: debian ansible_user: debian
ansible_ssh_private_key_file: ~/.ssh/id_rsa ansible_ssh_private_key_file: ~/.ssh/id_rsa

2
requirements.txt
View File

@@ -1,4 +1,4 @@
ansible ansible
proxmoxer proxmoxer
requests requests
infisical-python infisicalsdk