first commit

.github/workflows/add-labels.yml

@@ -0,0 +1,43 @@
+---
+name: add-label
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - edited
+  issues:
+    types:
+      - opened
+      - reopened
+      - edited
+  issue_comment:
+
+jobs:
+  apply-label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: add-label
+        uses: actions/github-script@v4
+        with:
+          script: |
+
+            const title = (context.payload.pull_request) ? context.payload.pull_request.title : context.payload.issue.title
+
+            if (title.startsWith('bug:')) {
+              github.issues.setLabels({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                labels: ['bug']
+              })
+            } else {
+              github.issues.setLabels({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                labels: ['enhancement']
+              })
+            }

.github/workflows/auto-merge.yml

@@ -0,0 +1,23 @@
+---
+
+name: auto-merge
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - edited
+
+jobs:
+  apply-auto-merge:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run auto-merge
+        if: ${{ github.actor == github.repository_owner }}
+        run: gh pr merge ${PR} --auto -s -d -R ${GITHUB_REPO}
+        env:
+          GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          GITHUB_REPO: ${{ github.repository }}
+          PR: ${{ github.event.number }}

.github/workflows/checks.yml

@@ -0,0 +1,48 @@
+---
+
+name: checks
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+  schedule:
+    - cron: '0 0 * * 0'
+  workflow_dispatch:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checking out repo
+        uses: actions/checkout@v2
+      - name: Setup Python
+        uses: actions/setup-python@v2
+      - name: Run pre-commit checks
+        uses: pre-commit/action@v2.0.3
+  # Testing first deploy ansible pull playbook
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checking out repo
+        uses: actions/checkout@v2
+      - name: Install ansible 4.5.0
+        run: sudo pip install ansible==4.5.0
+      - name: Run Ansible test
+        run: |
+          cd ansible
+          ansible-playbook --inventory '127.0.0.1,' --connection local --become --check ansible_pull.yml
+  # Testing ansible-pull that is ran via cronjob
+  test-pull:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checking out repo
+        uses: actions/checkout@v2
+      - name: Install python3-docker
+        run: sudo apt-get -y install python3-docker
+      - name: Install ansible 4.5.0
+        run: sudo pip install ansible==4.5.0
+      - name: Run Ansible test
+        run: |
+          cd ansible
+          ansible-playbook --inventory '127.0.0.1,' --connection local --become --check local.yml

.github/workflows/pre-commit-autoupdate.yml

@@ -0,0 +1,39 @@
+---
+
+name: pre-commit-autoupdate
+
+on:
+  schedule:
+    - cron: '0 0 * * 0'
+  workflow_dispatch:
+
+jobs:
+  autoupdate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checking out repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Setup Python
+        uses: actions/setup-python@v2
+      - name: Install pre-commit
+        run: sudo pip install pre-commit
+      - name: Run pre-commit autoupdate
+        run: pre-commit autoupdate
+      - name: Create PR if required
+        run: |
+          # If there are changes, only then continue
+          if [[ $(git status --porcelain | wc -l) -gt 0 ]]; then
+              DATENOW=$(date '+%s')
+              # Adding author info
+              git config user.email "action@github.com"
+              git config user.name "Github Action"
+              git checkout -b pre-commit-autoupdate-${DATENOW}
+              git add -A
+              git commit -m "chore: pre-commit autoupdate"
+              git push -u origin HEAD
+              gh pr create --fill
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1 @@
+__pycache__

.pre-commit-config.yaml

@@ -0,0 +1,31 @@
+---
+
+# pre-commit run --all-files
+fail_fast: true
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      - id: fix-byte-order-marker
+      - id: check-case-conflict
+      - id: check-json
+      - id: check-executables-have-shebangs
+      - id: check-shebang-scripts-are-executable
+      - id: check-symlinks
+      - id: detect-private-key
+
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.26.3
+    hooks:
+      - id: yamllint
+
+  - repo: https://github.com/ansible-community/ansible-lint.git
+    rev: v5.1.3
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
+
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: 3.9.2
+    hooks:
+      - id: flake8

.yamllint

@@ -0,0 +1,8 @@
+---
+extends: default
+
+ignore: |
+  *vault*
+
+rules:
+  line-length: disable

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Ahmed Sajid
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,45 @@
+# Repo for home setup
+
+[![Checks](https://github.com/ahmedsajid/home-setup/workflows/checks/badge.svg)](https://github.com/ahmedsajid/home-setup/actions?query=workflow%3A%22checks%22)
+[![Deploy](https://healthchecks.io/badge/ddd55f41-eb2c-4f60-a543-5a9f58/pEfoA72_/deploy.svg)](https://healthchecks.io/badge/ddd55f41-eb2c-4f60-a543-5a9f58/pEfoA72_/deploy.svg)
+[![License](https://img.shields.io/github/license/ahmedsajid/home-setup)](LICENSE)
+
+I have chosen to use ansible pull mechanism as it doesn't require a controller.
+Also ensures that my setup is always up to date.
+And, my home setup can run on unreliable hardware with a small RTO (cattle NOT pet).
+
+## First install (ansible-pull setup)
+```
+cd ansible
+
+ansible-playbook -i '<hostname/ipaddress>,' ansible_pull.yml --user <username> --become --ask-become-pass
+```
+
+The `,` is required to be passed as inventory parameter, otherwise the playbook would fail.
+
+To enable healthchecks.io monitoring for the ansible-pull cronjob, run playbook with the extra vars specified below.
+```
+ansible-playbook -i '<hostname/ipaddress>,' ansible_pull.yml --user <username> --become --ask-become-pass -e healthchecks_uuid=<checkUUID> -e config_deploy=true
+```
+
+To enable noip dynamic updates, first have your hostname registered. Then you can pass in required parameters to the pull playbook as below.
+```
+ansible-playbook -i '<hostname/ipaddress>,' ansible_pull.yml --user <username> --become --ask-become-pass -e noip_hostname=myhostname -e noip_username=username -e noip_password=myrandompassword -e config_deploy=true
+```
+
+## Running services
+
+Once the cronjob has been setup, there should be following available services provided by the server:
+- Emby
+- Pihole (+Unbound)
+- Grafana
+- Wireguard - [Coming soon](https://github.com/ahmedsajid/home-setup/issues/29)
+- Webui Aria2
+- NAS to external hdd backup - [Coming soon](https://github.com/ahmedsajid/home-setup/issues/32)
+- HTTPs access to services (Nginx, LetsEncrypt, NoIP) - [Coming soon](https://github.com/ahmedsajid/home-setup/issues/33)
+
+## Integrations
+
+The whole work flow and repo is integrated with:
+- Github Actions to perform some actions that I'm too lazy to perform, linting and checks
+- healthchecks.io to monitor ansible-pull cronjob status

ansible/ansible_pull.yml

@@ -0,0 +1,82 @@
+---
+
+- hosts: "{{ target | default('all') }}"
+  vars:
+
+    # schedule is fed directly to cron
+    schedule: '*/10 * * * *'
+
+    # User to run ansible-pull as from cron
+    cron_user: root
+
+    # File that ansible will use for logs
+    logfile: /var/log/ansible-pull.log
+
+    # Directory to where repository will be cloned
+    workdir: /var/lib/ansible/local
+
+    # Repository to check out -- YOU MUST CHANGE THIS
+    # repo must contain a local.yml file at top level
+    repo_url: git://github.com/ahmedsajid/home-setup.git
+    checkout: main
+
+    # ini config file with various secrets and parameters
+    config_file: /root/config.ini
+
+  tasks:
+
+    - name: Remove ansible version provided by package managers
+      package:
+        name: ansible
+        state: absent
+
+    - name: Install python3-pip
+      package:
+        name: python3-pip
+        state: present
+
+    - name: Install via pip
+      pip:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - ansible==4.5.0
+        - requests==2.26.0
+
+    - name: Create local directory to work from
+      file:
+        path: "{{ workdir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: 0751
+
+    - name: Check if config file exists
+      stat:
+        path: "{{ config_file }}"
+      register: config_exists
+
+    - name: Deploy a config ini file
+      template:
+        src: templates/config.ini.j2
+        dest: "{{ config_file }}"
+        owner: root
+        group: root
+        mode: 0644
+      when: (not config_exists.stat.exists) or (config_deploy is defined and config_deploy)
+
+    - name: Create crontab entry to clone/pull git repository
+      template:
+        src: templates/etc_cron.d_ansible-pull.j2
+        dest: /etc/cron.d/ansible-pull
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: Create logrotate entry for ansible-pull.log
+      template:
+        src: templates/etc_logrotate.d_ansible-pull.j2
+        dest: /etc/logrotate.d/ansible-pull
+        owner: root
+        group: root
+        mode: 0644