README: add Radarr

Create a single external network called "external".
Create container-specific networks.
Only a few containers need access to these.
So far: openldap, postgres.

README.adoc

@@ -12,12 +12,14 @@ homelab.
 
 === Containers
 
-* NGINX
-* Jellyfin
-* OpenLDAP
-* PostgreSQL
-* Keycloak
 * Authelia
+* Jellyfin
+* Keycloak
+* NGINX
+* OpenLDAP
+* Portainer
+* PostgreSQL
+* Radarr
 
 === Testing
 To run locally, specify the inventory file with `-i hosts`.

group_vars/all

@@ -13,4 +13,9 @@ pgid: "1000"
 tz: "Europe/Prague"
 media:
   tv: "{{ data_folder }}/media/tv"
-  movies: "{{ data_folder }}/media/movies"
+  movies: "{{ data_folder }}/media/movies"
+downloads:
+  nzb: "{{ data_folder }}/downloads/nzb"
+  torrent: "{{ data_folder }}/downloads/torrent"
+  torrent_blackhole: "{{ data_folder }}/downloads/blackhole"
+  music: "{{ data_folder }}/downloads/music"

playbook.yml

@@ -3,12 +3,13 @@
   roles:
     - docker
     - nginx
+    - openldap
     - portainer
     - jellyfin
-    - openldap
     - postgres
     - authelia
     - keycloak
+    - radarr
   vars_files:
     - vault/certs/{{ base_domain }}.yml
     - vault/passwords.yml

roles/authelia/templates/configuration.yml.j2

@@ -39,6 +39,8 @@ access_control:
       policy: one_factor
     - domain: keycloak.{{ base_domain }}
       policy: one_factor
+    - domain: radarr.{{ base_domain }}
+      policy: two_factor
 session:
   name: authelia_session
   secret: somerandomsecret

roles/jellyfin/tasks/main.yml

@@ -29,7 +29,6 @@
     devices:
       - /dev/dri:/dev/dri
     state: started
-    restart: yes
 - name: copy jellyfin nginx config
   template:
     src: jellyfin.conf.j2

roles/nginx/tasks/main.yml

@@ -52,5 +52,4 @@
     env:
       NGINX_HOST: "{{ base_domain }}"
       NGINX_PORT: '80'
-    state: started
-    restart: yes
+    state: started

roles/openldap/tasks/main.yml

@@ -29,5 +29,4 @@
       LDAP_DOMAIN: "kucharczyk.xyz"
       LDAP_ADMIN_PASSWORD: "{{ vault_openldap_admin_password }}"
       LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
-    state: started
-    restart: yes
+    state: started

roles/openldap/templates/base.ldif.j2

@@ -1,6 +0,0 @@
-dn: dc=kucharczyk,dc=xyz
-objectclass: top
-objectclass: dcObject
-objectclass: organization
-dc: kucharczyk
-o: Homelab

roles/radarr/tasks/main.yml

@@ -0,0 +1,34 @@
+- name: ensure directories exist
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "{{ data_folder }}/radarr"
+    - "{{ media.tv }}"
+    - "{{ media.movies }}"
+    - "{{ downloads.nzb }}"
+- name: run container
+  docker_container:
+    name: "{{ role_name }}"
+    image: "linuxserver/radarr"
+    networks:
+      - name: external
+    env:
+      "TZ": "{{ tz }}"
+      "PUID": "{{ puid }}"
+      "PGID": "{{  pgid }}"
+      "UMASK": "022"
+    volumes:
+      - "{{ data_folder }}/radarr:/config"
+      - "{{ downloads.nzb }}:/downloads"
+      - "{{ media.movies }}:/movies"
+    ports:
+      - "7878:7878"
+    state: started
+- name: copy nginx conf
+  template:
+    src: "{{ role_name }}.conf.j2"
+    dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
+    mode: "755"
+  notify: reload nginx

roles/radarr/templates/radarr.conf.j2

@@ -0,0 +1,20 @@
+server {
+    server_name {{ role_name }}.{{ base_domain }};
+    listen 80;
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    server_name {{ role_name }}.{{ base_domain }};
+    listen 443 ssl http2;
+
+    include /etc/nginx/snippets/authelia-endpoint.conf;
+
+    location / {
+        include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-auth.conf;
+
+        set $upstream http://{{ role_name }}:7878;
+        proxy_pass $upstream;
+    }
+}