feat: add nzbget module/role

- add nzbget module - add nzbget ldap user/group
2024-07-09 22:21:22 +10:00 · 2024-07-09 22:21:22 +10:00 · d67eba5860
commit d67eba5860
parent 4b8a9825c0
10 changed files with 1850 additions and 0 deletions
--- a/hieradata/roles/apps/media/nzbget.eyaml
+++ b/hieradata/roles/apps/media/nzbget.eyaml
@ -0,0 +1,2 @@
+---
+ldap_bindpass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPomn4iZbT0JEysvDo7OgblpoQLFp9DzryY558UfVWQq6HDAkgoSC42cbgZGBPFclCgLaO/LfBrFpRXkafEVV33Vg2AmP/FiS9SmmwREc3t/ZTvENlDIgasY3pDIph0/i5u0S45mjyzzciBK0KY6cMZvPDVRvU+d0SyVnbSBlef6VmyZOhUk6ILpaYTGu+suVR/BAL/DTKsmmY7iTotTWN+IW/1cY3vprvBMJQVftaO1WSqKftmX29/PAsxbQo6AMpuQFx/dMcMe3d5JTB0mgzIhAFaKmSC8vJFqe21Nrr8F+PxJMSEl1saBJTwJc5RyPVm9ejVKfcPhDfWK5stNNvjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAo205Hvo/Z+rhnSGgkTS2YgDB7pTHdgnQz1UOK323DRljWcqx+SnCA7izyF1SNMlzlCck79Fr4zKh0qnbYsMZDWZU=]
--- a/hieradata/roles/apps/media/nzbget.yaml
+++ b/hieradata/roles/apps/media/nzbget.yaml
@ -0,0 +1,55 @@
+---
+
+hiera_include:
+  - nzbget
+  - profiles::nginx::ldapauth
+
+# manage nzbget
+nzbget::params::user: nzbget
+nzbget::params::group: media
+nzbget::params::manage_group: false
+
+# additional altnames
+profiles::pki::vault::alt_names:
+  - nzbget.main.unkin.net
+  - nzbget.service.consul
+  - nzbget.query.consul
+  - "nzbget.service.%{facts.country}-%{facts.region}.consul"
+
+# manage a simple nginx reverse proxy
+profiles::nginx::simpleproxy::nginx_vhost: 'nzbget.query.consul'
+profiles::nginx::simpleproxy::nginx_aliases:
+  - nzbget.main.unkin.net
+  - nzbget.service.consul
+  - nzbget.query.consul
+  - "nzbget.service.%{facts.country}-%{facts.region}.consul"
+profiles::nginx::simpleproxy::proxy_port: 6789
+profiles::nginx::simpleproxy::proxy_host: 127.0.0.1
+profiles::nginx::simpleproxy::proxy_path: '/'
+profiles::nginx::simpleproxy::use_default_location: false
+nginx::client_max_body_size: 20M
+
+ldap_binddn: 'cn=svc_nzbget,ou=services,ou=users,dc=main,dc=unkin,dc=net'
+ldap_template: '(memberOf=ou=nzbget_access,ou=groups,dc=main,dc=unkin,dc=net)'
+
+# configure consul service
+consul::services:
+  nzbget:
+    service_name: 'nzbget'
+    tags:
+      - 'media'
+      - 'nzbget'
+    address: "%{facts.networking.ip}"
+    port: 443
+    checks:
+      - id: 'nzbget_http_check'
+        name: 'nzbget HTTP Check'
+        http: "https://%{facts.networking.fqdn}:443/consul/health"
+        method: 'GET'
+        tls_skip_verify: true
+        interval: '10s'
+        timeout: '1s'
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: nzbget
+    disposition: write
--- a/hieradata/roles/infra/auth/glauth.yaml
+++ b/hieradata/roles/infra/auth/glauth.yaml
@ -58,6 +58,7 @@ glauth::users:
      - 20013
      - 20014
      - 20015
+      - 20016
    loginshell: '/bin/bash'
    homedir: '/home/benvin'
    passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
@ -101,6 +102,12 @@ glauth::services:
    uidnumber: 30005
    primarygroup: 20001
    passsha256: 'd1e6bcc4a9f2d15b6e3c349155a88e433902dfe765e57bf3c10e6830f151a043'
+  svc_nzbget:
+    service_name: 'svc_nzbget'
+    mail: 'nzbget@service.main.unkin.net'
+    uidnumber: 30006
+    primarygroup: 20001
+    passsha256: 'c9d38f687fcbea754a9f78675d89276d2347f9d15190fff267c3ae1a75f61be6'

 glauth::groups:
  users:
@ -127,3 +134,6 @@ glauth::groups:
  prowlarr_access:
    group_name: 'prowlarr_access'
    gidnumber: 20015
+  nzbget_access:
+    group_name: 'nzbget_access'
+    gidnumber: 20016
--- a/modules/nzbget/manifests/config.pp
+++ b/modules/nzbget/manifests/config.pp
@ -0,0 +1,6 @@
+class nzbget::config (
+  $user               = $nzbget::params::user,
+  $group              = $nzbget::params::group,
+) {
+  # todo
+}
--- a/modules/nzbget/manifests/init.pp
+++ b/modules/nzbget/manifests/init.pp
@ -0,0 +1,18 @@
+# manage nzbget
+class nzbget (
+  $packages           = $nzbget::params::packages,
+  $user               = $nzbget::params::user,
+  $group              = $nzbget::params::group,
+  $manage_group       = $nzbget::params::manage_group,
+  $service_enable     = $nzbget::params::service_enable,
+  $service_name       = $nzbget::params::service_name,
+  $bind_address       = $sonarr::params::bind_address,
+  $port               = $sonarr::params::port,
+) inherits nzbget::params {
+
+  include nzbget::install
+  include nzbget::config
+  include nzbget::service
+
+  Class['nzbget::install'] -> Class['nzbget::config'] -> Class['nzbget::service']
+}
--- a/modules/nzbget/manifests/install.pp
+++ b/modules/nzbget/manifests/install.pp
@ -0,0 +1,29 @@
+# instsall nzbget
+class nzbget::install (
+  $packages      = $nzbget::packages,
+  $user          = $nzbget::user,
+  $group         = $nzbget::group,
+  $manage_group  = $nzbget::manage_group,
+) {
+
+  $_packages = $packages ? {
+    Array   => true,
+    default => false,
+  }
+
+  if $_packages {
+    ensure_packages($packages, {ensure => 'installed'})
+  }
+
+  if $manage_group {
+    group { $group:
+      ensure => present,
+    }
+  }
+
+  user { $user:
+    ensure => present,
+    shell  => '/sbin/nologin',
+    groups => $group,
+  }
+}
--- a/modules/nzbget/manifests/params.pp
+++ b/modules/nzbget/manifests/params.pp
@ -0,0 +1,11 @@
+# nzbget params
+class nzbget::params (
+  Array[String]             $packages = [
+    'nzbget'
+  ],
+  String                    $user            = 'nzbget',
+  String                    $group           = 'nzbget',
+  String                    $manage_group    = true,
+  Stdlib::Host              $bind_address    = '127.0.0.1',
+  Stdlib::Port              $port            = 6789,
+) { }
--- a/modules/nzbget/manifests/service.pp
+++ b/modules/nzbget/manifests/service.pp
@ -0,0 +1,17 @@
+# manage nzbget service
+class nzbget::service (
+  $service_enable = $nzbget::service_enable,
+  $service_name   = $nzbget::service_name,
+  $user           = $nzbget::user,
+  $group          = $nzbget::group,
+) {
+  if $service_enable {
+    include ::systemd
+
+    systemd::unit_file { "${service_name}.service":
+      content => template('nzbget/nzbget.service.erb'),
+      enable  => true,
+      active  => true,
+    }
+  }
+}
--- a/modules/nzbget/templates/nzbget.conf.erb
+++ b/modules/nzbget/templates/nzbget.conf.erb
--- a/modules/nzbget/templates/nzbget.service.erb
+++ b/modules/nzbget/templates/nzbget.service.erb
@ -0,0 +1,17 @@
+[Unit]
+Description=<%= @service_name %> Daemon
+Documentation=http://nzbget.com/documentation/
+After=network.target
+
+[Service]
+Type=simple
+User=<%= @user %>
+Group=<%= @group %>
+WorkingDirectory=/var/lib/nzbget
+ExecStart=/usr/bin/nzbget -s -c /var/lib/nzbget/nzbget.conf -o OutputMode=log -o WriteLog=none
+ExecReload=/usr/bin/nzbget -O -c /var/lib/nzbget/nzbget.conf
+ExecStop=/usr/bin/nzbget -Q -c /var/lib/nzbget/nzbget.conf
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target