feat: add nzbget module/role

- add nzbget module - add nzbget ldap user/group
2024-07-09 22:21:22 +10:00 · 2024-07-09 22:21:22 +10:00 · d67eba5860
commit d67eba5860
parent 4b8a9825c0
10 changed files with 1850 additions and 0 deletions
--- a/hieradata/roles/apps/media/nzbget.eyaml
+++ b/hieradata/roles/apps/media/nzbget.eyaml
@ -0,0 +1,2 @@
 ---
 ldap_bindpass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPomn4iZbT0JEysvDo7OgblpoQLFp9DzryY558UfVWQq6HDAkgoSC42cbgZGBPFclCgLaO/LfBrFpRXkafEVV33Vg2AmP/FiS9SmmwREc3t/ZTvENlDIgasY3pDIph0/i5u0S45mjyzzciBK0KY6cMZvPDVRvU+d0SyVnbSBlef6VmyZOhUk6ILpaYTGu+suVR/BAL/DTKsmmY7iTotTWN+IW/1cY3vprvBMJQVftaO1WSqKftmX29/PAsxbQo6AMpuQFx/dMcMe3d5JTB0mgzIhAFaKmSC8vJFqe21Nrr8F+PxJMSEl1saBJTwJc5RyPVm9ejVKfcPhDfWK5stNNvjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAo205Hvo/Z+rhnSGgkTS2YgDB7pTHdgnQz1UOK323DRljWcqx+SnCA7izyF1SNMlzlCck79Fr4zKh0qnbYsMZDWZU=]
--- a/hieradata/roles/apps/media/nzbget.yaml
+++ b/hieradata/roles/apps/media/nzbget.yaml
@ -0,0 +1,55 @@
 ---
 hiera_include:
  - nzbget
  - profiles::nginx::ldapauth
 # manage nzbget
 nzbget::params::user: nzbget
 nzbget::params::group: media
 nzbget::params::manage_group: false
 # additional altnames
 profiles::pki::vault::alt_names:
  - nzbget.main.unkin.net
  - nzbget.service.consul
  - nzbget.query.consul
  - "nzbget.service.%{facts.country}-%{facts.region}.consul"
 # manage a simple nginx reverse proxy
 profiles::nginx::simpleproxy::nginx_vhost: 'nzbget.query.consul'
 profiles::nginx::simpleproxy::nginx_aliases:
  - nzbget.main.unkin.net
  - nzbget.service.consul
  - nzbget.query.consul
  - "nzbget.service.%{facts.country}-%{facts.region}.consul"
 profiles::nginx::simpleproxy::proxy_port: 6789
 profiles::nginx::simpleproxy::proxy_host: 127.0.0.1
 profiles::nginx::simpleproxy::proxy_path: '/'
 profiles::nginx::simpleproxy::use_default_location: false
 nginx::client_max_body_size: 20M
 ldap_binddn: 'cn=svc_nzbget,ou=services,ou=users,dc=main,dc=unkin,dc=net'
 ldap_template: '(memberOf=ou=nzbget_access,ou=groups,dc=main,dc=unkin,dc=net)'
 # configure consul service
 consul::services:
  nzbget:
    service_name: 'nzbget'
    tags:
      - 'media'
      - 'nzbget'
    address: "%{facts.networking.ip}"
    port: 443
    checks:
      - id: 'nzbget_http_check'
        name: 'nzbget HTTP Check'
        http: "https://%{facts.networking.fqdn}:443/consul/health"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
 profiles::consul::client::node_rules:
  - resource: service
    segment: nzbget
    disposition: write
--- a/hieradata/roles/infra/auth/glauth.yaml
+++ b/hieradata/roles/infra/auth/glauth.yaml
@ -58,6 +58,7 @@ glauth::users:
      - 20013
      - 20014
      - 20015
      - 20016
    loginshell: '/bin/bash'
    homedir: '/home/benvin'
    passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
@ -101,6 +102,12 @@ glauth::services:
    uidnumber: 30005
    primarygroup: 20001
    passsha256: 'd1e6bcc4a9f2d15b6e3c349155a88e433902dfe765e57bf3c10e6830f151a043'
  svc_nzbget:
    service_name: 'svc_nzbget'
    mail: 'nzbget@service.main.unkin.net'
    uidnumber: 30006
    primarygroup: 20001
    passsha256: 'c9d38f687fcbea754a9f78675d89276d2347f9d15190fff267c3ae1a75f61be6'
 glauth::groups:
  users:
@ -127,3 +134,6 @@ glauth::groups:
  prowlarr_access:
    group_name: 'prowlarr_access'
    gidnumber: 20015
  nzbget_access:
    group_name: 'nzbget_access'
    gidnumber: 20016
--- a/modules/nzbget/manifests/config.pp
+++ b/modules/nzbget/manifests/config.pp
@ -0,0 +1,6 @@
 class nzbget::config (
  $user               = $nzbget::params::user,
  $group              = $nzbget::params::group,
 ) {
  # todo
 }
--- a/modules/nzbget/manifests/init.pp
+++ b/modules/nzbget/manifests/init.pp
@ -0,0 +1,18 @@
 # manage nzbget
 class nzbget (
  $packages           = $nzbget::params::packages,
  $user               = $nzbget::params::user,
  $group              = $nzbget::params::group,
  $manage_group       = $nzbget::params::manage_group,
  $service_enable     = $nzbget::params::service_enable,
  $service_name       = $nzbget::params::service_name,
  $bind_address       = $sonarr::params::bind_address,
  $port               = $sonarr::params::port,
 ) inherits nzbget::params {
  include nzbget::install
  include nzbget::config
  include nzbget::service
  Class['nzbget::install'] -> Class['nzbget::config'] -> Class['nzbget::service']
 }
--- a/modules/nzbget/manifests/install.pp
+++ b/modules/nzbget/manifests/install.pp
@ -0,0 +1,29 @@
 # instsall nzbget
 class nzbget::install (
  $packages      = $nzbget::packages,
  $user          = $nzbget::user,
  $group         = $nzbget::group,
  $manage_group  = $nzbget::manage_group,
 ) {
  $_packages = $packages ? {
    Array   => true,
    default => false,
  }
  if $_packages {
    ensure_packages($packages, {ensure => 'installed'})
  }
  if $manage_group {
    group { $group:
      ensure => present,
    }
  }
  user { $user:
    ensure => present,
    shell  => '/sbin/nologin',
    groups => $group,
  }
 }
--- a/modules/nzbget/manifests/params.pp
+++ b/modules/nzbget/manifests/params.pp
@ -0,0 +1,11 @@
 # nzbget params
 class nzbget::params (
  Array[String]             $packages = [
    'nzbget'
  ],
  String                    $user            = 'nzbget',
  String                    $group           = 'nzbget',
  String                    $manage_group    = true,
  Stdlib::Host              $bind_address    = '127.0.0.1',
  Stdlib::Port              $port            = 6789,
 ) { }
--- a/modules/nzbget/manifests/service.pp
+++ b/modules/nzbget/manifests/service.pp
@ -0,0 +1,17 @@
 # manage nzbget service
 class nzbget::service (
  $service_enable = $nzbget::service_enable,
  $service_name   = $nzbget::service_name,
  $user           = $nzbget::user,
  $group          = $nzbget::group,
 ) {
  if $service_enable {
    include ::systemd
    systemd::unit_file { "${service_name}.service":
      content => template('nzbget/nzbget.service.erb'),
      enable  => true,
      active  => true,
    }
  }
 }
--- a/modules/nzbget/templates/nzbget.conf.erb
+++ b/modules/nzbget/templates/nzbget.conf.erb
--- a/modules/nzbget/templates/nzbget.service.erb
+++ b/modules/nzbget/templates/nzbget.service.erb
@ -0,0 +1,17 @@
 [Unit]
 Description=<%= @service_name %> Daemon
 Documentation=http://nzbget.com/documentation/
 After=network.target
 [Service]
 Type=simple
 User=<%= @user %>
 Group=<%= @group %>
 WorkingDirectory=/var/lib/nzbget
 ExecStart=/usr/bin/nzbget -s -c /var/lib/nzbget/nzbget.conf -o OutputMode=log -o WriteLog=none
 ExecReload=/usr/bin/nzbget -O -c /var/lib/nzbget/nzbget.conf
 ExecStop=/usr/bin/nzbget -Q -c /var/lib/nzbget/nzbget.conf
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
		`@ -0,0 +1,2 @@`
							`---`
							ldap_bindpass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPomn4iZbT0JEysvDo7OgblpoQLFp9DzryY558UfVWQq6HDAkgoSC42cbgZGBPFclCgLaO/LfBrFpRXkafEVV33Vg2AmP/FiS9SmmwREc3t/ZTvENlDIgasY3pDIph0/i5u0S45mjyzzciBK0KY6cMZvPDVRvU+d0SyVnbSBlef6VmyZOhUk6ILpaYTGu+suVR/BAL/DTKsmmY7iTotTWN+IW/1cY3vprvBMJQVftaO1WSqKftmX29/PAsxbQo6AMpuQFx/dMcMe3d5JTB0mgzIhAFaKmSC8vJFqe21Nrr8F+PxJMSEl1saBJTwJc5RyPVm9ejVKfcPhDfWK5stNNvjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAo205Hvo/Z+rhnSGgkTS2YgDB7pTHdgnQz1UOK323DRljWcqx+SnCA7izyF1SNMlzlCck79Fr4zKh0qnbYsMZDWZU=]