Initial commit

.github/workflows/ansible-lint.yml

@@ -0,0 +1,17 @@
+---
+name: Ansible Lint
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run ansible-lint
+        uses: ansible/[email protected]

.gitignore

@@ -0,0 +1,4 @@
+.dependencies
+venv
+plugins/
+host_vars/labbot_host.yml

.vscode/settings.json

@@ -0,0 +1,8 @@
+{
+  "files.associations": {
+    "*.yml": "ansible",
+    "*.yaml": "ansible",
+    "*.j2": "ansible-jinja",
+  },
+  "ansible.python.activationScript": "venv/bin/activate",
+}

README.md

@@ -0,0 +1,49 @@
+# labbot-deploy
+
+This repository containers an Ansible playbook & role to deploy LabBot and related monitoring infrastructure (Grafana, Prometheus, cAdvisor, and node_exporter).
+
+While it may work with others, this role is designed to be run against a Debian-based Linux distribution.
+
+## Usage
+
+1. Enter the [`host_vars`](host_vars/) directory and create a copy of [`labbot_host.example.yml`](host_vars/labbot_host.example.yml) named `labbot_host.yml`.
+2. Set all relevant values in `labbot_host.yml`.
+3. Run the following commands:
+
+```sh
+# Create a Python virtual environment (venv)
+python3 -m venv venv
+# Activate the venv
+source venv/bin/activate
+# Install Ansible (in the venv)
+pip install ansible
+# Install required Ansible roles/collections
+ansible-galaxy install -r requirements.yml
+# Run the playbook to initiate the deployment
+ansible-playbook playbook.yml
+```
+
+> [!TIP]
+> The `labbot` Ansible role contains several optional components that are not included in the `labbot_host.yml` example file for the sake of simplicity; see [`roles/labbot/defaults/main.yml`](roles/labbot/defaults/main.yml) for advanced values such as backup options and more.
+
+## Bot monitoring setup
+
+If this is a fresh deployment, LabBot will not automatically serve Prometheus metrics. This is because the `prometheus_exporter` cog will not yet be installed.
+
+If this is the case, you will see a task named _"Set LabBot prometheus_exporter cog scrape interval"_ fail during the Ansible deployment.
+
+Follow the steps below and then re-run the playbook. It should no longer fail.
+
+Enter a chat with the bot and run the following (where `[p]` is the configured prefix):
+
+```
+[p]repo add homelab https://github.com/rHomelab/LabBot-Cogs
+[p]cog install homelab prometheus_exporter
+[p]load prometheus_exporter
+```
+
+---
+
+## Disclaimer
+
+Most common settings are variablised, however I only prepared this for shared use/more generic environments after extracting it from my own infrastructure definitions, so there may be some things that are still 'hardcoded', otherwise inoptimal for a shared configuration, or not fully tested.

ansible.cfg

@@ -0,0 +1,10 @@
+[defaults]
+inventory       = ./hosts.yml
+stdout_callback = yaml
+roles_path      = .dependencies:roles
+lookup_plugins  = ./plugins/lookup
+nocows          = true
+ansible_managed = Ansible Managed. Last edited on %Y-%m-%d at %H:%M:%S.
+
+[diff]
+always = true

host_vars/labbot_host.example.yml

@@ -0,0 +1,26 @@
+#################################### NOTE ####################################
+# The settings in this file are the minimum required to run the playbook.
+# For more advanced configurations, please see roles/labbot/defaults/main.yml
+##############################################################################
+
+# Connection settings
+ansible_host: # ip or host.name
+ansible_user: # username
+ansible_password: # password
+# OR
+ansible_ssh_private_key_file: # path to private key
+
+# Bot and monitoring settings
+labbot_discord_token: '!CHANGE_ME!'
+
+labbot_grafana_domain: labbot.tiga.tech
+labbot_grafana_password: '!CHANGE_ME!'
+
+labbot_prometheus_users:
+  - username: admin
+    password: '!CHANGE_ME!'
+    # Hashed version of the password
+    # htpasswd -nBC 10 '<password>' | tr -d ':\n'
+    password_bcrypt: '<hash here>'
+
+labbot_certbot_letsencrypt_email: "admin@{{ labbot_grafana_domain }}"

hosts.yml

@@ -0,0 +1,5 @@
+---
+
+all:
+  hosts:
+    labbot_host:

playbook.yml

@@ -0,0 +1,13 @@
+---
+
+- name: LabBot deployment
+  hosts: all
+  become: true
+  module_defaults:
+    community.docker.docker_container:
+      restart_policy: always
+      state: started
+      comparisons:
+        '*': strict
+        env: allow_more_present
+  roles: [labbot]

requirements.txt

@@ -0,0 +1,2 @@
+ansible==10.2.0
+ansible-lint==24.7.0

requirements.yml

@@ -0,0 +1,5 @@
+---
+
+roles:
+  - name: stefangweichinger.ansible_rclone
+    version: 0.1.6

roles/labbot/defaults/main.yml

@@ -0,0 +1,62 @@
+---
+
+###################### NOTE ######################
+# All commented settings must be defined in host_vars!
+##################################################
+
+# Parent directory for container config paths
+labbot_app_base_dir: /opt
+
+# Discord bot token for LabBot
+# labbot_discord_token:
+
+# labbot_grafana_domain:
+labbot_grafana_username: labbot_admin
+# labbot_grafana_password:
+
+labbot_grafana_container_user: "{{ ansible_user_uid }}"
+labbot_prometheus_container_user: "{{ ansible_user_uid }}"
+
+# List of dictionaries with keys `username`, `password`, and `password_bcrypt`
+labbot_prometheus_users: []
+
+labbot_prometheus_scrape_interval: 10 # seconds
+
+# Whether to bind the prometheus web UI port on the host
+# Necessary only for testing/debugging
+labbot_prometheus_open_port: false
+
+# Whether to bind the cadvisor web UI port on the host
+# Necessary only for testing/debugging
+labbot_cadvisor_open_port: false
+
+# Settings for bot data backup
+labbot_enable_bot_backup: false
+
+# NOTE: All backup variables below must be defined ONLY if labbot_enable_bot_backup is true
+
+# labbot_backup_webdav_url:
+# labbot_backup_webdav_username:
+# labbot_backup_webdav_password:
+
+# Discord webhook URL for backup report
+# labbot_backup_report_webhook: ''
+
+# User ID to mention upon backup failure
+# labbot_backup_report_mention_user_id: ''
+
+# Certbot settings for Grafana SSL certificate
+# Whether to run certbot in dry-run mode
+labbot_certbot_dry_run: false
+
+# Email address to register with LetsEncrypt
+# labbot_certbot_letsencrypt_email:
+
+# Misc settings
+
+# [OPTIONAL] SSH keys to install on the bot host
+# EXAMPLE:
+# labbot_ssh_keys:
+#   - key: <string or URL>
+#     comment: <optional comment>
+labbot_ssh_keys: []

roles/labbot/files/home_dashboard.json

@@ -0,0 +1,126 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "datasource",
+          "uid": "grafana"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "id": 3,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "gridPos": {
+        "h": 7,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 4,
+      "options": {
+        "code": {
+          "language": "plaintext",
+          "showLineNumbers": false,
+          "showMiniMap": false
+        },
+        "content": "# <center>LabBot Monitoring</center>\n#### <center>Welcome to the home of LabBot & Homelab Discord monitoring.</center>\n\n## Homelab Community Links\n\n* [Homelab on Discord](https://discord.gg/homelab)\n* [Homelab on Reddit](https://reddit.com/r/homelab)\n* [Homelab on Github](https://github.com/rHomelab)\n\nSee the dashboards below for bot and Discord server metrics:",
+        "mode": "markdown"
+      },
+      "pluginVersion": "9.3.6",
+      "transparent": true,
+      "type": "text"
+    },
+    {
+      "gridPos": {
+        "h": 9,
+        "w": 8,
+        "x": 0,
+        "y": 7
+      },
+      "id": 2,
+      "options": {
+        "maxItems": 10,
+        "query": "LabBot",
+        "showHeadings": false,
+        "showRecentlyViewed": false,
+        "showSearch": true,
+        "showStarred": false,
+        "tags": []
+      },
+      "pluginVersion": "9.3.6",
+      "targets": [
+        {
+          "groupBy": [
+            {
+              "params": [
+                "$__interval"
+              ],
+              "type": "time"
+            },
+            {
+              "params": [
+                "null"
+              ],
+              "type": "fill"
+            }
+          ],
+          "orderByTime": "ASC",
+          "policy": "default",
+          "refId": "A",
+          "resultFormat": "time_series",
+          "select": [
+            [
+              {
+                "params": [
+                  "value"
+                ],
+                "type": "field"
+              },
+              {
+                "params": [],
+                "type": "mean"
+              }
+            ]
+          ],
+          "tags": []
+        }
+      ],
+      "transparent": true,
+      "type": "dashlist"
+    }
+  ],
+  "schemaVersion": 37,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-6h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "browser",
+  "title": "Home",
+  "version": 2,
+  "weekStart": ""
+}

roles/labbot/handlers/main.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Restart Grafana
+  community.docker.docker_container:
+    name: grafana
+    restart: true
+    state: started
+    comparisons:
+      '*': ignore
+
+- name: Restart labbot
+  community.docker.docker_container:
+    name: labbot
+    restart: true
+    state: started
+    comparisons:
+      '*': ignore
+
+- name: Restart Prometheus
+  community.docker.docker_container:
+    name: prometheus
+    restart: true
+    state: started
+    comparisons:
+      '*': ignore
+
+- name: Reload nginx
+  community.docker.docker_container_exec:
+    container: nginx
+    command: nginx -s reload
+
+- name: Prune Docker images
+  community.docker.docker_prune:
+    images: true
+    images_filters:
+      dangling: false