From 0cbd9b3b8aeecfb9c4e92cc9ebedc1a07efc1434 Mon Sep 17 00:00:00 2001 From: nols <138515901+sleepy-nols@users.noreply.github.com> Date: Tue, 30 Jan 2024 21:21:50 +0100 Subject: [PATCH] support more variables, general fixes (#9) * templates: move to ansible_managed * readme: update with new variables * defaults: add new variables, move fail2ban defaults from template to defaults file * templates/config: add support for optional vars, rearrange config file, fix #3 * .ansible-lint: remove skipping yaml line-length, add production profile * defaults: remove blank line to make ansible-lint happy --- .ansible-lint | 3 +- README.md | 68 ++++++++++++++++++++++++-------- defaults/main.yml | 29 ++++++-------- templates/config.jinja | 36 +++++------------ templates/fail2ban_filter | 2 +- templates/fail2ban_jail | 8 ++-- templates/jellyfin.sources.jinja | 2 +- 7 files changed, 81 insertions(+), 67 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 5719c8e..b89a374 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,2 +1 @@ -skip_list: - - yaml[line-length] +profile: production diff --git a/README.md b/README.md index 0783919..e484262 100644 --- a/README.md +++ b/README.md @@ -5,55 +5,87 @@ Ansible role to install and configure [Jellyfin](https://jellyfin.org/) on Debia ![push-galaxy](https://github.com/sleepy-nols/ansible-jellyfin/actions/workflows/ansible-galaxy-push-role.yml/badge.svg) ![Ansible ](https://img.shields.io/badge/Ansible_Galaxy-sleepy--nols.jellyfin-blue?url=https://galaxy.ansible.com/api/v2/collections/ibm/ibm_zos_core/&query=latest_version.version) + +--- ## Role Variables and Defaults -User that Jellyfin runs as. ```yml jellyfin_user: "jellyfin" ``` -Skip restarting Jellyfin, even on config change. +User that Jellyfin runs as. + ```yml jellyfin_skip_restart: false ``` -Enable fail2ban integration for the Jellyfin login. +Skip restarting Jellyfin, even on config change. + +### fail2ban + ```yml jellyfin_enable_fail2ban: false ``` -Set these if you use custom ports for Jellyfin. +Enable fail2ban integration for the Jellyfin login. + ```yml jellyfin_fail2ban_ports: - "80" - "443" ``` -Configuration of fail2ban parameters. You probably want to tweak these according to your userbase and threatmodel. +Set these if you use custom ports for Jellyfin. + ```yml jellyfin_fail2ban_maxretry: "3" jellyfin_fail2ban_bantime: "6000" jellyfin_fail2ban_findtime: "600" ``` +Configuration of fail2ban parameters. You probably want to tweak these according to your userbase and threatmodel. + +### Jellyfin + +```yml +jellyfin_cache_dir: "/var/cache/jellyfin" +jellyfin_log_dir: "/var/log/jellyfin" +jellyfin_config_dir: "/etc/jellyfin" +jellyfin_data_dir: "/var/lib/jellyfin" +``` +Jellyfin directories. -Additional Jellyfin options as in [Main Configuration Options](https://jellyfin.org/docs/general/administration/configuration#main-configuration-options) ```yml -jellyfin_additional_opts: "" +jellyfin_restart_bin: "/usr/lib/jellyfin/restart.sh" +jellyfin_ffmpeg_bin: "/usr/lib/jellyfin-ffmpeg/ffmpeg" +jellyfin_web_bin: "/usr/share/jellyfin/web" ``` +Jellyfin binary paths. -Jellyfin Paths ```yml -jellyfin_restart_opt: "--restartpath=/usr/lib/jellyfin/restart.sh" -jellyfin_ffmpeg_opt: "--ffmpeg=/usr/lib/jellyfin-ffmpeg/ffmpeg" -jellyfin_web_opt: "--webdir=/usr/share/jellyfin/web" +jellyfin_additional_opts: str ``` +**Optional:** Additional Jellyfin options as in [Main Configuration Options](https://jellyfin.org/docs/general/administration/configuration#main-configuration-options) +```yml +jellyfin_service: bool +``` +**Optional:** Run Jellyfin as a headless service. -Jellyfin Directories ```yml -jellyfin_cache_dir: "/var/cache/jellyfin" -jellyfin_log_dir: "/var/log/jellyfin" -jellyfin_config_dir: "/etc/jellyfin" -jellyfin_data_dir: "/var/lib/jellyfin" +jellyfin_nowebapp: bool +``` +**Optional:** Run Jellyfin without the web app. + +### Advanced + +```yml +jellyfin_complus_gcserver: int ``` +**Optional:** Run Jellyfin with ASP.NET Server Garbage Collection (uses more RAM and less CPU than Workstation GC). 0=Workstation, 1=Server. +```yml +jellyfin_malloc_trim_threshold: 131072 +``` +Disable glibc dynamic heap adjustment. + +--- ## Installing Install via Ansible Galaxy or clone the Repo @@ -62,7 +94,7 @@ ansible-galaxy role install sleepy-nols.jellyfin git clone git@github.com:sleepy-nols/ansible-jellyfin.git ``` - +--- ## Example Playbook ```yml @@ -71,9 +103,11 @@ git clone git@github.com:sleepy-nols/ansible-jellyfin.git - sleepy-nols.jellyfin ``` +--- ## Contributing Contributions on are welcome, please write meaningfull commit messages :) +--- ## License GPLv3 diff --git a/defaults/main.yml b/defaults/main.yml index 2331341..ae05d24 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,27 +1,24 @@ --- - +jellyfin_name: "jellyfin" +jellyfin_user: "{{ jellyfin_name }}" jellyfin_skip_apt_key: false jellyfin_skip_restart: false + jellyfin_enable_fail2ban: false jellyfin_fail2ban_ports: - "80" - "443" +jellyfin_fail2ban_maxretry: 3 +jellyfin_fail2ban_bantime: 6000 +jellyfin_fail2ban_findtime: 600 -jellyfin_user: "jellyfin" - -jellyfin_additional_opts: "" - -# Paths -jellyfin_restart_opt: "--restartpath=/usr/lib/jellyfin/restart.sh" -jellyfin_ffmpeg_opt: "--ffmpeg=/usr/lib/jellyfin-ffmpeg/ffmpeg" -jellyfin_web_opt: "--webdir=/usr/share/jellyfin/web" - -# Directories jellyfin_cache_dir: "/var/cache/jellyfin" jellyfin_log_dir: "/var/log/jellyfin" -jellyfin_config_dir: "/etc/jellyfin" -jellyfin_data_dir: "/var/lib/jellyfin" -# optional -# jellyfin_nowebapp_opt: "--nowebclient" -# jellyfin_service_opt: "--service" +jellyfin_web_bin: "/usr/share/jellyfin/web" +jellyfin_restart_bin: "/usr/lib/jellyfin/restart.sh" +jellyfin_ffmpeg_bin: "/usr/lib/jellyfin-ffmpeg/ffmpeg" + +jellyfin_additional_opts: "" + +jellyfin_malloc_trim_threshold: 131072 diff --git a/templates/config.jinja b/templates/config.jinja index e247860..fb7b688 100644 --- a/templates/config.jinja +++ b/templates/config.jinja @@ -1,9 +1,5 @@ # -# Ansible managed -# - -# -# General options +# {{ ansible_managed }} # # Program directories @@ -13,42 +9,30 @@ JELLYFIN_LOG_DIR="{{ jellyfin_log_dir }}" JELLYFIN_CACHE_DIR="{{ jellyfin_cache_dir }}" # web client path, installed by the jellyfin-web package -JELLYFIN_WEB_OPT="{{ jellyfin_web_opt }}" +JELLYFIN_WEB_OPT="--webdir={{ jellyfin_web_bin }}" # Restart script for in-app server control -JELLYFIN_RESTART_OPT="{{ jellyfin_restart_opt }}" +JELLYFIN_RESTART_OPT="--restartpath={{ jellyfin_restart_bin }}" # ffmpeg binary paths, overriding the system values -JELLYFIN_FFMPEG_OPT="{{ jellyfin_ffmpeg_opt }}" +JELLYFIN_FFMPEG_OPT="--ffmpeg={{ jellyfin_ffmpeg_bin }}" # Disable glibc dynamic heap adjustment -MALLOC_TRIM_THRESHOLD_=131072 +MALLOC_TRIM_THRESHOLD_={{ jellyfin_malloc_trim_threshold | int }} # [OPTIONAL] run Jellyfin as a headless service -{% if jellyfin_service_opt is defined %} -JELLYFIN_SERVICE_OPT="{{ jellyfin_service_opt }}" +{% if jellyfin_service is defined %} +JELLYFIN_SERVICE_OPT="{% if jellyfin_service | bool %}--service{% endif %}" {% endif %} # [OPTIONAL] run Jellyfin without the web app -{% if jellyfin_nowebapp_opt is defined %} -JELLYFIN_NOWEBAPP_OPT="{{ jellyfin_nowebapp_opt }}" +{% if jellyfin_nowebapp is defined %} +JELLYFIN_NOWEBAPP_OPT="{% if jellyfin_nowebapp | bool %}--nowebclient{% endif %}" {% endif %} # Space to add additional command line options to jellyfin (for help see ~$ jellyfin --help) JELLYFIN_ADDITIONAL_OPTS="{{ jellyfin_additional_opts }}" -# [OPTIONAL] run Jellyfin with ASP.NET Server Garbage Collection (uses more RAM and less CPU than Workstation GC) -# 0 = Workstation -# 1 = Server -#COMPlus_gcServer=1 -# -# SysV init/Upstart options -# -# Note: These options are ignored by systemd; use /etc/systemd/system/jellyfin.d overrides instead. -# +COMPlus_gcServer={{ jellyfin_complus_gcserver | int }} -# Application username -JELLYFIN_USER="{{ jellyfin_user }}" -# Full application command -JELLYFIN_ARGS="$JELLYFIN_WEB_OPT $JELLYFIN_RESTART_OPT $JELLYFIN_FFMPEG_OPT $JELLYFIN_SERVICE_OPT $JELLYFIN_NOWEBAPP_OPT $JELLFIN_ADDITIONAL_OPTS" diff --git a/templates/fail2ban_filter b/templates/fail2ban_filter index 43665e8..a5d8bb9 100644 --- a/templates/fail2ban_filter +++ b/templates/fail2ban_filter @@ -1,5 +1,5 @@ # -# Ansible managed +# {{ ansible_managed }} # [Definition] diff --git a/templates/fail2ban_jail b/templates/fail2ban_jail index e4eb546..0d1b10e 100644 --- a/templates/fail2ban_jail +++ b/templates/fail2ban_jail @@ -1,5 +1,5 @@ # -# Ansible managed +# {{ ansible_managed }} # [jellyfin] @@ -10,7 +10,7 @@ port = {% for p in jellyfin_fail2ban_ports %}{{ p }}{% if not loop.last %},{% en protocol = tcp filter = jellyfin -maxretry = {{ jellyfin_fail2ban_maxretry | default("3") }} -bantime = {{ jellyfin_fail2ban_bantime | default("6000") }} -findtime = {{ jellyfin_fail2ban_findtime | default("600") }} +maxretry = {{ jellyfin_fail2ban_maxretry }} +bantime = {{ jellyfin_fail2ban_bantime }} +findtime = {{ jellyfin_fail2ban_findtime }} logpath = {{ jellyfin_log_dir }}/jellyfin*.log diff --git a/templates/jellyfin.sources.jinja b/templates/jellyfin.sources.jinja index 8328966..897c8e9 100644 --- a/templates/jellyfin.sources.jinja +++ b/templates/jellyfin.sources.jinja @@ -1,5 +1,5 @@ # -# Ansible Managed +# {{ ansible_managed }} # Types: deb