unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

neoloc/nzbget #101

Merged
unkinben merged 5 commits from neoloc/nzbget into develop 2024-07-09 22:34:38 +10:00
Conversation 0 Commits 5 Files Changed 14 +1883 -1
14 changed files with 1883 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
View File

@ -11,6 +11,7 @@ profiles::haproxy::mappings:
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
- 'nzbget.main.unkin.net be_nzbget'
- 'jellyfin.main.unkin.net be_jellyfin'
- 'fafflix.unkin.net be_jellyfin'
fe_https:
@ -23,6 +24,7 @@ profiles::haproxy::mappings:
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
- 'nzbget.main.unkin.net be_nzbget'
- 'jellyfin.main.unkin.net be_jellyfin'
- 'fafflix.unkin.net be_jellyfin'
@ -40,6 +42,7 @@ profiles::haproxy::frontends:
- 'acl_lidarr req.hdr(host) -i lidarr.main.unkin.net'
- 'acl_readarr req.hdr(host) -i readarr.main.unkin.net'
- 'acl_prowlarr req.hdr(host) -i prowlarr.main.unkin.net'
- 'acl_nzbget req.hdr(host) -i nzbget.main.unkin.net'
- 'acl_jellyfin req.hdr(host) -i jellyfin.main.unkin.net'
- 'acl_fafflix req.hdr(host) -i fafflix.unkin.net'
- 'acl_internalsubnets src 198.18.0.0/16 10.10.12.0/24'
@ -54,6 +57,7 @@ profiles::haproxy::frontends:
- 'set-header X-Frame-Options DENY if acl_lidarr'
- 'set-header X-Frame-Options DENY if acl_readarr'
- 'set-header X-Frame-Options DENY if acl_prowlarr'
- 'set-header X-Frame-Options DENY if acl_nzbget'
- 'set-header X-Frame-Options DENY if acl_jellyfin'
- 'set-header X-Frame-Options DENY if acl_fafflix'
- 'set-header X-Content-Type-Options nosniff'
@ -171,6 +175,22 @@ profiles::haproxy::backends:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_nzbget:
description: Backend for au-syd1 nzbget
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /consul/health
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_jellyfin:
description: Backend for au-syd1 jellyfin
collect_exported: false # handled in custom function
@ -197,6 +217,7 @@ profiles::haproxy::certlist::certificates:
- /etc/pki/tls/letsencrypt/lidarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/readarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/prowlarr.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/nzbget.main.unkin.net/fullchain_combined.pem
- /etc/pki/tls/letsencrypt/fafflix.unkin.net/fullchain_combined.pem
- /etc/pki/tls/vault/certificate.pem
@ -220,4 +241,5 @@ certbot::client::domains:
- lidarr.main.unkin.net
- readarr.main.unkin.net
- prowlarr.main.unkin.net
- nzbget.main.unkin.net
- fafflix.unkin.net

7
hieradata/nodes/ausyd1nxvm1048.main.unkin.net.yaml
View File

@ -2,6 +2,13 @@
networking::interfaces:
eth0:
ipaddress: 198.18.13.58
ens19:
ensure: present
family: inet
method: static
ipaddress: 10.18.15.58
netmask: 255.255.255.0
onboot: true
networking::routes:
default:
gateway: 198.18.13.254

2
hieradata/roles/apps/media/nzbget.eyaml Normal file
View File

@ -0,0 +1,2 @@
---
ldap_bindpass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPomn4iZbT0JEysvDo7OgblpoQLFp9DzryY558UfVWQq6HDAkgoSC42cbgZGBPFclCgLaO/LfBrFpRXkafEVV33Vg2AmP/FiS9SmmwREc3t/ZTvENlDIgasY3pDIph0/i5u0S45mjyzzciBK0KY6cMZvPDVRvU+d0SyVnbSBlef6VmyZOhUk6ILpaYTGu+suVR/BAL/DTKsmmY7iTotTWN+IW/1cY3vprvBMJQVftaO1WSqKftmX29/PAsxbQo6AMpuQFx/dMcMe3d5JTB0mgzIhAFaKmSC8vJFqe21Nrr8F+PxJMSEl1saBJTwJc5RyPVm9ejVKfcPhDfWK5stNNvjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAo205Hvo/Z+rhnSGgkTS2YgDB7pTHdgnQz1UOK323DRljWcqx+SnCA7izyF1SNMlzlCck79Fr4zKh0qnbYsMZDWZU=]

56
hieradata/roles/apps/media/nzbget.yaml Normal file
View File

@ -0,0 +1,56 @@
---
hiera_include:
- nzbget
- profiles::media::nzbget
- profiles::nginx::ldapauth
# manage nzbget
nzbget::params::user: nzbget
nzbget::params::group: media
nzbget::params::manage_group: false
# additional altnames
profiles::pki::vault::alt_names:
- nzbget.main.unkin.net
- nzbget.service.consul
- nzbget.query.consul
- "nzbget.service.%{facts.country}-%{facts.region}.consul"
# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'nzbget.query.consul'
profiles::nginx::simpleproxy::nginx_aliases:
- nzbget.main.unkin.net
- nzbget.service.consul
- nzbget.query.consul
- "nzbget.service.%{facts.country}-%{facts.region}.consul"
profiles::nginx::simpleproxy::proxy_port: 6789
profiles::nginx::simpleproxy::proxy_host: 127.0.0.1
profiles::nginx::simpleproxy::proxy_path: '/'
profiles::nginx::simpleproxy::use_default_location: false
nginx::client_max_body_size: 20M
ldap_binddn: 'cn=svc_nzbget,ou=services,ou=users,dc=main,dc=unkin,dc=net'
ldap_template: '(memberOf=ou=nzbget_access,ou=groups,dc=main,dc=unkin,dc=net)'
# configure consul service
consul::services:
nzbget:
service_name: 'nzbget'
tags:
- 'media'
- 'nzbget'
address: "%{facts.networking.ip}"
port: 443
checks:
- id: 'nzbget_http_check'
name: 'nzbget HTTP Check'
http: "https://%{facts.networking.fqdn}:443/consul/health"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: nzbget
disposition: write

11
hieradata/roles/infra/auth/glauth.yaml
View File

@ -58,6 +58,7 @@ glauth::users:
- 20013
- 20014
- 20015
- 20016
loginshell: '/bin/bash'
homedir: '/home/benvin'
passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
@ -77,6 +78,7 @@ glauth::users:
- 20013
- 20014
- 20015
- 20016
loginshell: '/bin/bash'
homedir: '/home/matsol'
passsha256: '369263e2455a57c8c21388860c417b640fcf045a303cfc88def18c5197493600'
@ -118,6 +120,12 @@ glauth::services:
uidnumber: 30005
primarygroup: 20001
passsha256: 'd1e6bcc4a9f2d15b6e3c349155a88e433902dfe765e57bf3c10e6830f151a043'
svc_nzbget:
service_name: 'svc_nzbget'
mail: 'nzbget@service.main.unkin.net'
uidnumber: 30006
primarygroup: 20001
passsha256: 'c9d38f687fcbea754a9f78675d89276d2347f9d15190fff267c3ae1a75f61be6'
glauth::groups:
users:
@ -144,3 +152,6 @@ glauth::groups:
prowlarr_access:
group_name: 'prowlarr_access'
gidnumber: 20015
nzbget_access:
group_name: 'nzbget_access'
gidnumber: 20016

1
hieradata/roles/infra/pki/certbot.yaml
View File

@ -11,4 +11,5 @@ certbot::domains:
- lidarr.main.unkin.net
- readarr.main.unkin.net
- prowlarr.main.unkin.net
- nzbget.main.unkin.net
- fafflix.unkin.net

6
modules/nzbget/manifests/config.pp Normal file
View File

@ -0,0 +1,6 @@
class nzbget::config (
$user = $nzbget::params::user,
$group = $nzbget::params::group,
) {
# todo
}

18
modules/nzbget/manifests/init.pp Normal file
View File

@ -0,0 +1,18 @@
# manage nzbget
class nzbget (
$packages = $nzbget::params::packages,
$user = $nzbget::params::user,
$group = $nzbget::params::group,
$manage_group = $nzbget::params::manage_group,
$service_enable = $nzbget::params::service_enable,
$service_name = $nzbget::params::service_name,
$bind_address = $sonarr::params::bind_address,
$port = $sonarr::params::port,
) inherits nzbget::params {
include nzbget::install
include nzbget::config
include nzbget::service
Class['nzbget::install'] -> Class['nzbget::config'] -> Class['nzbget::service']
}

29
modules/nzbget/manifests/install.pp Normal file
View File

@ -0,0 +1,29 @@
# instsall nzbget
class nzbget::install (
$packages = $nzbget::packages,
$user = $nzbget::user,
$group = $nzbget::group,
$manage_group = $nzbget::manage_group,
) {
$_packages = $packages ? {
Array => true,
default => false,
}
if $_packages {
ensure_packages($packages, {ensure => 'installed'})
}
if $manage_group {
group { $group:
ensure => present,
}
}
user { $user:
ensure => present,
shell => '/sbin/nologin',
groups => $group,
}
}

11
modules/nzbget/manifests/params.pp Normal file
View File

@ -0,0 +1,11 @@
# nzbget params
class nzbget::params (
Array[String] $packages = [
'nzbget'
],
String $user = 'nzbget',
String $group = 'nzbget',
String $manage_group = true,
Stdlib::Host $bind_address = '127.0.0.1',
Stdlib::Port $port = 6789,
) { }

17
modules/nzbget/manifests/service.pp Normal file
View File

@ -0,0 +1,17 @@
# manage nzbget service
class nzbget::service (
$service_enable = $nzbget::service_enable,
$service_name = $nzbget::service_name,
$user = $nzbget::user,
$group = $nzbget::group,
) {
if $service_enable {
include ::systemd
systemd::unit_file { "${service_name}.service":
content => template('nzbget/nzbget.service.erb'),
enable => true,
active => true,
}
}
}

1685
modules/nzbget/templates/nzbget.conf.erb Normal file
View File

File diff suppressed because it is too large Load Diff

17
modules/nzbget/templates/nzbget.service.erb Normal file
View File

@ -0,0 +1,17 @@
[Unit]
Description=<%= @service_name %> Daemon
Documentation=http://nzbget.com/documentation/
After=network.target
[Service]
Type=simple
User=<%= @user %>
Group=<%= @group %>
WorkingDirectory=/var/lib/nzbget
ExecStart=/usr/bin/nzbget -s -c /var/lib/nzbget/nzbget.conf -o OutputMode=log -o WriteLog=none
ExecReload=/usr/bin/nzbget -O -c /var/lib/nzbget/nzbget.conf
ExecStop=/usr/bin/nzbget -Q -c /var/lib/nzbget/nzbget.conf
Restart=on-failure
[Install]
WantedBy=multi-user.target

0
site/profiles/manifests/media/nzbget.pp Normal file
View File