fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 2021-07-02 19:00

Browse Source
master
Daniel Berteaud 3 years ago
parent 91fe2c9480
commit 2097344867
20 changed files with 270 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      roles/lemonldap_ng/files/logos/navidrome.png
  2. 35
      roles/navidrome/defaults/main.yml
  3. 4
      roles/navidrome/handlers/main.yml
  4. 5
      roles/navidrome/meta/main.yml
  5. 7
      roles/navidrome/tasks/archive_post.yml
  6. 23
      roles/navidrome/tasks/archive_pre.yml
  7. 8
      roles/navidrome/tasks/cleanup.yml
  8. 6
      roles/navidrome/tasks/conf.yml
  9. 29
      roles/navidrome/tasks/directories.yml
  10. 11
      roles/navidrome/tasks/facts.yml
  11. 43
      roles/navidrome/tasks/install.yml
  12. 8
      roles/navidrome/tasks/iptables.yml
  13. 16
      roles/navidrome/tasks/main.yml
  14. 5
      roles/navidrome/tasks/services.yml
  15. 5
      roles/navidrome/tasks/user.yml
  16. 5
      roles/navidrome/tasks/write_version.yml
  17. 44
      roles/navidrome/templates/navidrome.service.j2
  18. 9
      roles/navidrome/templates/navidrome.toml.j2
  19. 3
      roles/navidrome/templates/post-backup.j2
  20. 4
      roles/navidrome/templates/pre-backup.j2

BIN
roles/lemonldap_ng/files/logos/navidrome.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.6 KiB

35
roles/navidrome/defaults/main.yml
Unescape View File

@ -0,0 +1,35 @@
---
# Version to deploy
nd_version: 0.44.1
# URL of the archive
nd_archive_url: https://github.com/navidrome/navidrome/releases/download/v{{ nd_version }}/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz
# Expected sha1 of the archive
nd_archive_sha1: 39acb4fc6f4375d50da96c00ecc07045b0263dca
# Should ansible handle upgrades, or only initial install ?
nd_manage_upgrade: True
# Where navidrome will be installed
nd_root_dir: /opt/navidrome
# User account under which the service will run. Will be created
nd_user: navidrome
# Port navidrome will listen on
nd_port: 4533
# List of IP addresses or CIDR allowed to access the port (only if iptables_manage is True)
nd_src_ip: {}
# Directory where music is available (can, and should be read only for nd_user
nd_music_dir: '{{ nd_root_dir }}/music'
# Size of the cache for transcoding
nd_transcoding_cache_size: 200M
# Image cache
nd_image_cache_size: 100M
# Proxy authentication. Set nd_header_auth to the name of the header containing the user name
# nd_header_auth: Auth-User
nd_proxy_whitelist: "{{ nd_src_ip }}"

4
roles/navidrome/handlers/main.yml
Unescape View File

@ -0,0 +1,4 @@
---
- name: restart navidrome
service: name=navidrome state=restarted

5
roles/navidrome/meta/main.yml
Unescape View File

@ -0,0 +1,5 @@
---
dependencies:
- role: mkdir
- role: repo_rpmfusion # For ffmpeg

7
roles/navidrome/tasks/archive_post.yml
Unescape View File

@ -0,0 +1,7 @@
---
- import_tasks: ../includes/webapps_compress_archive.yml
vars:
- root_dir: "{{ nd_root_dir }}"
- version: "{{ nd_current_version }}"
tags: navidrome

23
roles/navidrome/tasks/archive_pre.yml
Unescape View File

@ -0,0 +1,23 @@
---
- name: Create archive directory
file: path={{ nd_root_dir }}/archives/{{ nd_current_version }} state=directory mode=700
tags: navidrome
- name: Archive previous version
copy: src={{ nd_root_dir }}/bin/navidrome dest={{ nd_root_dir }}/archives/{{ nd_current_version }}/ remote_src=True
tags: navidrome
- name: Stop navidrome during upgrade
service: name=navidrome state=stopped
tags: navidrome
- name: Archive the database and the configuration
copy: src={{ nd_root_dir }}/{{ item }} dest={{ nd_root_dir }}/archives/{{ nd_current_version }}/ remote_src=True
loop:
- data/navidrome.db
- etc/navidrome.toml
tags: navidrome

8
roles/navidrome/tasks/cleanup.yml
Unescape View File

@ -0,0 +1,8 @@
---
- name: Remove tmp and obsolete files
file: path={{ item }} state=absent
loop:
- "{{ nd_root_dir }}/tmp/navidrome"
- "{{ nd_root_dir }}/tmp/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz"
tags: navidrome

6
roles/navidrome/tasks/conf.yml
Unescape View File

@ -0,0 +1,6 @@
---
- name: Deploy configuration
template: src=navidrome.toml.j2 dest={{ nd_root_dir }}/etc/navidrome.toml
notify: restart navidrome
tags: navidrome

29
roles/navidrome/tasks/directories.yml
Unescape View File

@ -0,0 +1,29 @@
---
- name: Create directory structure
file:
path: "{{ nd_root_dir }}/{{ item.dir }}"
state: directory
owner: "{{ item.owner | default(omit) }}"
group: "{{ item.group | default(omit) }}"
mode: "{{ item.mode | default(omit) }}"
loop:
- dir: /
group: "{{ nd_user }}"
mode: 750
- dir: /data
owner: "{{ nd_user }}"
- dir: /etc
group: "{{ nd_user }}"
mode: 750
- dir: /music
- dir: /bin
- dir: /tmp
- dir: meta
mode: 700
- dir: backup
mode: 700
- dir: archives
mode: 700
tags: navidrome

11
roles/navidrome/tasks/facts.yml
Unescape View File

@ -0,0 +1,11 @@
---
- block:
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ nd_root_dir }}"
- version: "{{ nd_version }}"
- set_fact: nd_install_mode={{ (install_mode == 'upgrade' and not nd_manage_upgrade) | ternary('none',install_mode) }}
- set_fact: nd_current_version={{ current_version | default('') }}
tags: navidrome

43
roles/navidrome/tasks/install.yml
Unescape View File

@ -0,0 +1,43 @@
---
- name: Install dependencies
package:
name:
- ffmpeg
tags: navidrome
- when: nd_install_mode != 'none'
block:
- name: Download navidrome
get_url:
url: "{{ nd_archive_url }}"
dest: "{{ nd_root_dir }}/tmp/"
checksum: sha1:{{ nd_archive_sha1 }}
- name: Extract navidrome
unarchive:
src: "{{ nd_root_dir }}/tmp/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz"
dest: "{{ nd_root_dir }}/tmp/"
remote_src: True
- name: Install navidrome binary
copy: src={{ nd_root_dir }}/tmp/navidrome dest={{ nd_root_dir }}/bin/navidrome mode=755 remote_src=True
tags: navidrome
- name: Install systemd unit
template: src=navidrome.service.j2 dest=/etc/systemd/system/navidrome.service
register: nd_systemd_unit
tags: navidrome
- name: Reload systemd
systemd: daemon_reload=True
when: nd_systemd_unit.changed
tags: navidrome
- name: Install pre/post backup hooks
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/navidrom mode=755
loop:
- pre
- post
tags: navidrome

8
roles/navidrome/tasks/iptables.yml
Unescape View File

@ -0,0 +1,8 @@
---
- name: Handle navidrome ports in the firewall
iptables_raw:
name: navidrome_port
state: "{{ (nd_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ nd_port }} -s {{ nd_src_ip | join(',') }} -j ACCEPT"
tags: firewall,navidrome

16
roles/navidrome/tasks/main.yml
Unescape View File

@ -0,0 +1,16 @@
---
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: archive_pre.yml
when: nd_install_mode == 'upgrade'
- include: install.yml
- include: conf.yml
- include: iptables.yml
when: iptables_manage | default(True)
- include: services.yml
- include: write_version.yml
- include: archive_post.yml
when: nd_install_mode == 'upgrade'
- include: cleanup.yml

5
roles/navidrome/tasks/services.yml
Unescape View File

@ -0,0 +1,5 @@
---
- name: Start and enable service
service: name=navidrome state=started enabled=True
tags: navidrome

5
roles/navidrome/tasks/user.yml
Unescape View File

@ -0,0 +1,5 @@
---
- name: Create navidrome user
user: name={{ nd_user }} system=True shell=/sbin/nologin
tags: navidrome

5
roles/navidrome/tasks/write_version.yml
Unescape View File

@ -0,0 +1,5 @@
---
- name: Write installed version
copy: content={{ nd_version }} dest={{nd_root_dir }}/meta/ansible_version
tags: navidrome

44
roles/navidrome/templates/navidrome.service.j2
Unescape View File

@ -0,0 +1,44 @@
[Unit]
Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic
After=remote-fs.target network.target
AssertPathExists={{ nd_root_dir }}/data
[Install]
WantedBy=multi-user.target
[Service]
User={{ nd_user }}
Group={{ nd_user }}
Type=simple
ExecStart={{ nd_root_dir }}/bin/navidrome --configfile "{{ nd_root_dir }}/etc/navidrome.toml"
WorkingDirectory={{ nd_root_dir }}
TimeoutStopSec=20
KillMode=process
Restart=on-failure
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
DevicePolicy=closed
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
ReadWritePaths={{ nd_root_dir }}/data
# You can uncomment the following line if you're not using the jukebox This
# will prevent navidrome from accessing any real (physical) devices
PrivateDevices=yes
# You can change the following line to `strict` instead of `full` if you don't
# want navidrome to be able to write anything on your filesystem outside of
# /var/lib/navidrome.
ProtectSystem=full
# You can uncomment the following line if you don't have any media in /home/*.
# This will prevent navidrome from ever reading/writing anything there.
ProtectHome=true

9
roles/navidrome/templates/navidrome.toml.j2
Unescape View File

@ -0,0 +1,9 @@
Port = '{{ nd_port }}'
MusicFolder = '{{ nd_music_dir }}'
DataFolder = '{{ nd_root_dir }}/data'
TranscodingCacheSize = '{{ nd_transcoding_cache_size }}'
ImageCacheSize = '{{ nd_image_cache_size }}'
{% if nd_proxy_auth is defined %}
ReverseProxyUserHeader = '{{ nd_proxy_auth }}'
ReverseProxyWhitelist = '{{ nd_proxy_whitelist | join(',') }}'
{% endif %}

3
roles/navidrome/templates/post-backup.j2
Unescape View File

@ -0,0 +1,3 @@
#!/bin/bash -e
rm -f {{ nd_root_dir }}/backup/*

4
roles/navidrome/templates/pre-backup.j2
Unescape View File

@ -0,0 +1,4 @@
#!/bin/bash -e
sqlite3 {{ nd_root_dir }}/data/navidrome.db .dump | zstd -c > {{ nd_root_dir }}/backup/navidrome.sql.zst
cp {{ nd_root_dir }}/etc/navidrome.toml {{ nd_root_dir }}/backup/
Write Preview
Loading…
Cancel
Save