Hi! I wanted to share a project I’ve been working on that lets you set up a huge variety of applications really quickly and painlessly. For example, instead of setting up and configuring a large docker compose for a complicated application like Immich, this playbook lets you simply write:
immich_enabled: true
And it will orchestrate all the containers, networks, directories, etc for you with reasonable defaults. All of which can be overwritten, for example to enable extra features like hardware acceleration:
immich_hardware_acceleration: "-cuda"
Or to automatically get a letsencrypt cert and expose the application on a subdomain to the outside world:
immich_available_externally: true
Included in the playbook is a ton of complicated applications, like Paperless, Meelo, TTRSS, Dawarich, as well as common self-hosted apps like Jellyfin, Home Assistant, Syncthing, Navidrome, Grafana, and a whole lot more (totaling 116 right now!).
It also comes with scripts and tests to help add your own applications (ansible roles) and ensure they work properly
I’ve been using this project myself for awhile, including to assist with moving from one homelab computer to another (point the playbook to the new address, run it to install everything, and restore a backup from the previous computer for data), and I hope it can help someone else build up their homelab without sinking too much time into setting things up
Here’s the repository: https://github.com/Dylancyclone/ansible-homelab-orchestration
And the documentation (that I’m really proud of :D): https://dylancyclone.github.io/ansible-homelab-orchestration/
Does it require docker installed and being in the docker group, with the docker daemon running?
Just an FYI, having the ability to create containers and do other docker is equivalent to root: https://docs.docker.com/engine/security/#docker-daemon-attack-surface
It’s not really accurate to say that your playbooks don’t require root to run when they basically do.
That is very true, I suppose a more accurate way to say it would be the playbook does not need to run as the root user, and can instead use the permissions of a regular user. This lets all the volume mounts be owned by your user, instead of root. I think it’s still an important distinction to make though, since by not running the playbook as root, the playbook can’t directly change any of your server’s settings, and only has the access the user you’re SSHing as has.
Yes, this playbook is intended to orchestrate an already set up environment. I know Ansible can easily install and set up docker (using something like the awesome https://github.com/geerlingguy/ansible-role-docker), but I decided against it (at least for now) for two main reasons: Firstly to avoid becoming the root user, and secondly to avoid the Ansible role installing a second version of Docker, causing things to break. I ran into that myself while testing this playbook, where I had set up a Ubuntu VM, told the installer to install Docker during setup not knowing it would install it through snap, then the Ansible playbook would install docker again through conventional means causing a lot of strange problems. So instead I opted to let the user install docker however they’d like and not have any gotchas like “Remember to add
--skip-tags="docker"if you installed Docker during OS installation on Ubuntu” or uninstalling their version of docker for them