diff --git a/roles/stack-arr/qbittorrent/files/docker-secrets.yaml b/roles/stack-arr/qbittorrent/files/docker-secrets.yaml new file mode 100644 index 0000000..be33499 --- /dev/null +++ b/roles/stack-arr/qbittorrent/files/docker-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: stack-arr +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ== +type: kubernetes.io/dockerconfigjson diff --git a/roles/stack-arr/qbittorrent/files/qbittorrent-deployment.yaml b/roles/stack-arr/qbittorrent/files/qbittorrent-deployment.yaml new file mode 100644 index 0000000..9947be2 --- /dev/null +++ b/roles/stack-arr/qbittorrent/files/qbittorrent-deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: qbittorrentvpn + namespace: stack-arr +spec: + replicas: 1 + selector: + matchLabels: + app: qbittorrentvpn + template: + metadata: + labels: + app: qbittorrentvpn + spec: + imagePullSecrets: + - name: regcred + containers: + - name: qbittorrentvpn + image: binhex/arch-qbittorrentvpn:5 + securityContext: + privileged: true # necessário para manipular tun devices + ports: + - containerPort: 8080 # WebUI do qBittorrent + - containerPort: 8118 + - containerPort: 9118 + - containerPort: 58946 + env: + - name: VPN_ENABLED + value: "yes" + - name: VPN_PROV + valueFrom: + secretKeyRef: + name: vpn-secrets + key: vpnprov + - name: VPN_USER + valueFrom: + secretKeyRef: + name: vpn-secrets + key: username + - name: VPN_PASS + valueFrom: + secretKeyRef: + name: vpn-secrets + key: password + - name: VPN_CLIENT + value: "openvpn" + - name: ENABLE_STARTUP_SCRIPTS + value: "no" + - name: ENABLE_PRIVOXY + value: "yes" + - name: STRICT_PORT_FORWARD + value: "yes" + - name: USERSPACE_WIREGUARD + value: "no" + - name: ENABLE_SOCKS + value: "no" + - name: DEBUG + value: "false" + - name: WEBUI_PORT + value: "8080" + - name: UMASK + value: "000" + - name: PUID + value: "1013" + - name: PGID + value: "1013" + - name: LAN_NETWORK + valueFrom: + secretKeyRef: + name: vpn-secrets + key: lannetwork + - name: NAME_SERVERS + value: "1.1.1.1,8.8.8.8" + volumeMounts: + - name: config + mountPath: /config + - name: downloads + mountPath: /data + volumes: + - name: config + persistentVolumeClaim: + claimName: qbittorrent-config-pvc + - name: downloads + persistentVolumeClaim: + claimName: qbittorrent-downloads-pvc diff --git a/roles/stack-arr/qbittorrent/files/qbittorrent-namespace.yaml b/roles/stack-arr/qbittorrent/files/qbittorrent-namespace.yaml new file mode 100644 index 0000000..9bb4d27 --- /dev/null +++ b/roles/stack-arr/qbittorrent/files/qbittorrent-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: stack-arr diff --git a/roles/stack-arr/qbittorrent/files/qbittorrent-pvcs.yaml b/roles/stack-arr/qbittorrent/files/qbittorrent-pvcs.yaml new file mode 100644 index 0000000..df2d6cd --- /dev/null +++ b/roles/stack-arr/qbittorrent/files/qbittorrent-pvcs.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: qbittorrent-config-pv + namespace: stack-arr +spec: + capacity: + storage: 2Gi + storageClassName: qbittorrent-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/bittorrent/config +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-config-pvc + namespace: stack-arr +spec: + storageClassName: qbittorrent-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: qbittorrent-config-pv + resources: + requests: + storage: 2Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: qbittorrent-downloads-pv + namespace: stack-arr +spec: + capacity: + storage: 10Gi + storageClassName: qbittorrent-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/bittorrent/downloads +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-downloads-pvc + namespace: stack-arr +spec: + storageClassName: qbittorrent-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: qbittorrent-downloads-pv + resources: + requests: + storage: 10Gi +--- \ No newline at end of file diff --git a/roles/stack-arr/qbittorrent/files/stolon-nfs-csi.yaml b/roles/stack-arr/qbittorrent/files/stolon-nfs-csi.yaml new file mode 100644 index 0000000..b1c8911 --- /dev/null +++ b/roles/stack-arr/qbittorrent/files/stolon-nfs-csi.yaml @@ -0,0 +1,11 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: qbittorrent-nfs-csi + namespace: stack-arr +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/stack-arr/bittorrent +allowVolumeExpansion: true +reclaimPolicy: Retain \ No newline at end of file diff --git a/roles/stack-arr/qbittorrent/files/vpn-secret.yaml b/roles/stack-arr/qbittorrent/files/vpn-secret.yaml new file mode 100644 index 0000000..143365e --- /dev/null +++ b/roles/stack-arr/qbittorrent/files/vpn-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vpn-secret + namespace: stack-arr +type: Opaque +data: + lannetwork: MTkyLjE2OC4xLjAvMjQ= + vpnprov: cGlh + username: dXNlcm5hbWU= + password: cGFzc3dvcmQ= \ No newline at end of file diff --git a/roles/stack-arr/qbittorrent/tasks/main.yml b/roles/stack-arr/qbittorrent/tasks/main.yml new file mode 100644 index 0000000..ce4f46e --- /dev/null +++ b/roles/stack-arr/qbittorrent/tasks/main.yml @@ -0,0 +1,52 @@ +- name: Remover o diretório /tmp/stack-arr/qbittorrent/kubernetes-files + ansible.builtin.file: + path: /tmp/stack-arr/qbittorrent/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/stack-arr/qbittorrent/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/stack-arr/qbittorrent/kubernetes-files + owner: fenix + group: root + mode: '0644' + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/stack-arr/qbittorrent/kubernetes-files + register: resultado_ls + + +- name: Obter várias notas do Bitwarden + shell: | + echo "unlock" + BW_SESSION=$(bw unlock {{ bw_password }} --raw) + echo "get item" + bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} + loop: + - { id: "iac.ansible.dockersecrets", dest: "/tmp/stack-arr/qbittorrent/kubernetes-files/files/docker-secrets.yaml" } + - { id: "iac.ansible.stackarr.qbittorrent.secret", dest: "/tmp/stack-arr/qbittorrent/kubernetes-files/files/vpn-secret.yaml" } + args: + executable: /bin/bash + environment: + BW_PASSWORD: "{{ BW_PASSWORD }}" + + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + + +- name: Aplicar o stolon + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/stack-arr/qbittorrent/kubernetes-files/files/qbittorrent-namespace.yaml + kubectl apply -f /tmp/stack-arr/qbittorrent/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config \ No newline at end of file diff --git a/roles/stack-arr/qbittorrent/vars/main.yml b/roles/stack-arr/qbittorrent/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/stack-arr/qbittorrent/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file diff --git a/roles/stolon/files/stolon-proxy-service.yaml b/roles/stolon/files/stolon-proxy-service.yaml index 144d57a..ed4bb86 100644 --- a/roles/stolon/files/stolon-proxy-service.yaml +++ b/roles/stolon/files/stolon-proxy-service.yaml @@ -11,4 +11,4 @@ spec: component: stolon-proxy stolon-cluster: kube-stolon type: LoadBalancer - #loadBalancerIP: 192.168.1.105 \ No newline at end of file + loadBalancerIP: 10.240.0.100 \ No newline at end of file