Initial Commit!

.ansible-lint

@@ -0,0 +1,2 @@
+skip_list:
+- 'role-name'

.gitattributes

@@ -0,0 +1,3 @@
+*.yml linguist-detectable=true
+*.yml linguist-language=YAML
+*.yml text eol=lf

.github/.github/ci.yml

@@ -0,0 +1,29 @@
+name: Lint
+
+'on':
+  pull_request:
+  push:
+    branches:
+    - main
+  schedule:
+  - cron: "3 2 * * 0"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Python3
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.x'
+
+    - name: Install Dependencies
+      run: pip3 install -r requirements.txt
+
+    - name: Lint YAML
+      run: |
+        yamllint .
+        ansible-lint

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: DudeCalledBro

.github/settings.yml

@@ -0,0 +1,3 @@
+repository:
+  description: "Ansible playbooks to automate the installation of Semaphore UI with a reverse proxy setup."
+  topics: ansible, automation, docker-compose, semaphoreui

.gitignore

@@ -0,0 +1,18 @@
+# ignore ansible inventories
+inventories/*.yml
+!inventories/example*
+
+# ignore deployment certificates
+inventories/certs/*
+!inventories/certs/.gitkeep
+
+# ignore ansible group_vars
+inventories/group_vars/*/*
+!inventories/group_vars/*/example*
+
+# ginore common
+.DS_Store
+*.retry
+*/__pycache__
+*.pyc
+.cache

.yamllint

@@ -0,0 +1,12 @@
+extends: default
+
+rules:
+  document-start:
+    present: false
+  indentation:
+    spaces: 2
+    indent-sequences: consistent
+    check-multi-line-strings: true
+  line-length:
+    max: 200
+    level: warning

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Niclas Spreng
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,107 @@
+# Automation Pi
+
+[![CI](https://github.com/DudeCalledBro/automation-pi/actions/workflows/ci.yml/badge.svg)](https://github.com/DudeCalledBro/automation-pi/actions/workflows/ci.yml)
+
+A Raspberry Pi Configuration for Automation Tools in My Homelab.
+
+This repository is a treasure trove for homelab enthusiasts, packed with a carefully curated collection of Ansible playbooks and configuration files. It's designed to supercharge your homelab setup, making the installation, configuration, and management of popular automation tools a breeze.
+
+* [SemaphoreUI](https://github.com/semaphoreui/semaphore) is a modern UI for Ansible. It lets you easily run Ansible playbooks, get notifications about fails, control access to deployment system.
+
+* **TODO**: [Gitea](https://github.com/go-gitea/gitea) is a community managed painless self-hosted Git service.
+
+## Prerequisites
+
+- Ensure you have Ansible installed (e.g. `pip3 install ansible`)
+- Ensure Docker is installed on the Home Assistant server (you may want to checkout my [ansible-docker-role](https://github.com/DudeCalledBro/ansible-role-docker))
+
+## Setup
+
+Follow these steps to kickstart your automated homelab journey:
+
+### Setting Up Your Inventory
+
+1. Navigate to the inventories directory:
+
+    ```bash
+    cd inventories
+    ```
+
+2. Create a copy of the example hosts file:
+
+    ```bash
+    cp example.hosts.yml hosts.yml
+    ```
+
+3. Edit the `hosts.yml` file to match your homelab setup:
+
+    ```bash
+    vim hosts.yml
+    ```
+
+    Customize the file according to your network layout. For example:
+
+    ```yaml
+    all:
+      hosts:
+        server1:
+          ansible_host: 192.168.1.10
+    ```
+
+### Configuring Variables
+
+1. Create and edit a new variables file:
+
+    ```bash
+    vim group_vars/all/main.yml
+    ```
+
+2. Add your configurations to this file. For example:
+
+    ```yaml
+    # Semaphore configuration
+    semaphore_docker_env:
+      SEMAPHORE_DB_DIALECT: bolt
+      SEMAPHORE_ADMIN: admin
+      SEMAPHORE_ADMIN_PASSWORD: changeme
+      SEMAPHORE_ADMIN_NAME: Admin
+      SEMAPHORE_ADMIN_EMAIL: admin@localhost
+    ```
+
+    > For role-specific defaults, check the `roles/*/defaults/main.yml` files. You can override these in your `group_vars/all/main.yml` or create host-specific variables in `host_vars/`.
+
+### Deploying Your Automation Stack
+
+You have flexibility in how you deploy your automation stack:
+
+1. To deploy the entire stack:
+
+    ```bash
+    ansible-playbook play-main.yml
+    ```
+
+2. To deploy a single role:
+
+    ```bash
+    ansible-playbook play-nginx.yml
+    ```
+
+3. For a dry run to see what would change:
+
+    ```bash
+    ansible-playbook play-main.yml --check
+    ```
+
+## Modular Deployment
+
+Remember, you don't need to deploy the entire stack at once. Many components can function independently. For instance:
+
+- Semaphore can operate without a reverse proxy or an external database.
+
+Tailor your deployment to your specific needs and gradually build up your homelab infrastructure.
+
+## License
+
+Copyright © 2024 Niclas Spreng
+
+Licensed under the [MIT license](LICENSE).

ansible.cfg

@@ -0,0 +1,10 @@
+[defaults]
+callbacks_enabled = profile_tasks
+host_key_checking = false
+inventory = inventories/hosts.yml
+nocows = true
+stdout_callback = yaml
+
+[privilege_escalation]
+become = true
+become_method = sudo

inventories/example.hosts.yml

@@ -0,0 +1,4 @@
+all:
+  hosts:
+    semaphore.local:
+      ansible_user: pi

inventories/group_vars/all/example.nginx.yml

@@ -0,0 +1,44 @@
+# Specify nginx tls certificates
+nginx_docker_certs:
+- name: tls.crt
+  content: "{{ lookup('ansible.builtin.file', inventory_dir + '/certs/tls.crt') }}"
+- name: tls.key
+  content: "{{ lookup('ansible.builtin.file', inventory_dir + '/certs/tls.key') }}"
+
+# Specify nginx docker vhosts
+# yamllint disable rule:indentation
+nginx_docker_vhosts:
+- listen: 80
+  server_name: semaphore.example.com
+  config: |
+    return 301 https://$host$request_uri;
+
+- listen: 443
+  listen_extra: ssl
+  server_name: semaphore.example.com
+  config: |
+    ssl_certificate /certs/tls.crt;
+    ssl_certificate_key /certs/tls.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers off;
+    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
+
+    location / {
+      proxy_pass http://semaphore/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+
+    location /api/ws {
+      proxy_pass http://semaphore/api/ws;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Origin "";
+    }
+# yamllint enable rule:indentation

play-main.yml

@@ -0,0 +1,3 @@
+- ansible.builtin.import_playbook: play-postgres.yml
+- ansible.builtin.import_playbook: play-semaphore.yml
+- ansible.builtin.import_playbook: play-nginx.yml

play-nginx.yml

@@ -0,0 +1,4 @@
+- name: Setup NGINX
+  hosts: all
+  roles:
+  - nginx

play-postgres.yml

@@ -0,0 +1,4 @@
+- name: Setup PostgreSQL
+  hosts: all
+  roles:
+  - postgres

play-semaphore.yml

@@ -0,0 +1,4 @@
+- name: Install and configure SemaphoreUI
+  hosts: all
+  roles:
+  - semaphore

requirements.txt

@@ -0,0 +1,3 @@
+ansible
+ansible-lint
+yamllint

roles/nginx/defaults/main.yml

@@ -0,0 +1,42 @@
+# Specifies the nginx docker image to be used.
+nginx_docker_image: nginx:alpine
+
+# Specifies the deployment path, owner and group for nginx.
+nginx_docker_path: /opt/nginx
+nginx_docker_owner: root
+nginx_docker_group: root
+
+# Specify nginx tls certificates.
+nginx_docker_certs: []
+
+# Specify nginx docker upstream hosts.
+nginx_docker_upstreams:
+- name: semaphore
+  servers:
+  - 127.0.0.1:3000
+
+# Specify nginx docker vhosts.
+# yamllint disable rule:indentation
+nginx_docker_vhosts:
+- listen: 80
+  listen_extra: default_server
+  server_name: "_"
+  config: |
+    location / {
+      proxy_pass http://semaphore/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+
+    location /api/ws {
+      proxy_pass http://semaphore/api/ws;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Origin "";
+    }
+# yamllint enable rule:indentation

roles/nginx/handlers/main.yml

@@ -0,0 +1,7 @@
+- name: Restart nginx container
+  ansible.builtin.command: >-
+    docker compose --ansi never --progress plain restart
+  args:
+    chdir: "{{ nginx_docker_path }}"
+  changed_when: true
+  listen: restart nginx

roles/nginx/meta/argument_specs.yml

@@ -0,0 +1,37 @@
+argument_specs:
+  main:
+    short_description: nginx
+    description: "Deploy nginx container."
+    author: dudecalledbro
+    options:
+      nginx_docker_image:
+        type: str
+        required: true
+        description: "Specifies the nginx docker image to be used."
+      nginx_docker_path:
+        type: str
+        required: true
+        description: "Defines the deployment path for nginx."
+      nginx_docker_owner:
+        type: str
+        required: true
+        description: "Defines the deployment owner for nginx."
+      nginx_docker_group:
+        type: str
+        required: true
+        description: "Defines the deployment group for nginx."
+      nginx_docker_certs:
+        type: list
+        required: false
+        elements: dict
+        description: "Specify nginx tls certificates."
+      nginx_docker_upstreams:
+        type: list
+        required: false
+        elements: dict
+        description: "Specify nginx docker upstream hosts."
+      nginx_docker_vhosts:
+        type: list
+        required: true
+        elements: dict
+        description: "Specify nginx docker vhosts."