runner

5 KBMD
DirectoryView in Forgejo
README.md
5 KB178 lines • markdown
1# Runner Services Role
2
3Comprehensive multi-service deployment role that sets up production-ready containerized services with NFS storage integration and proper networking.
4
5## Services Deployed
6
7### CCTV & Security
8- **Frigate** - AI-powered NVR with person/vehicle detection
9  - MQTT integration, RTSP camera feeds
10  - Hardware acceleration support
11  - NFS storage for recordings
12
13### Media & Content
14- **Immich** - High-performance photo management
15  - Multi-container stack (server, ML, Redis, PostgreSQL)
16  - Hardware-accelerated machine learning
17  - NFS storage for photos
18  
19- **Ghost CMS** - Headless content management system
20  - MySQL database backend
21  - Mail server integration
22  - Content API for websites
23
24### Development & Documentation
25- **Forgejo** - Self-hosted Git service
26  - SSH and HTTP Git access
27  - Issue tracking and CI/CD
28  - NFS storage for repositories
29
30- **Stirling-PDF** - PDF processing service
31  - OCR, conversion, manipulation
32  - Caddy CORS proxy for API access
33  - REST API for integration
34
35### Productivity
36- **Tandoor** - Recipe management system
37  - Meal planning and shopping lists
38  - Local SQLite storage
39  - Recipe import/export
40
41## Architecture
42
43### Storage Strategy
44- **Local NVMe**: Databases and application configs (fast access)
45- **NFS Mounts**: Bulk data storage (photos, videos, repos)
46- **Automatic Mounting**: systemd mount units with failover
47
48### Network Configuration
49- **Internal Docker Networks**: Service-to-service communication
50- **Host Network Access**: Direct port binding for select services
51- **Reverse Proxy Ready**: Caddy integration for CORS and SSL termination
52- **API Access**: Services accessible both locally and via API endpoints
53
54### Security Features
55- **Vault Integration**: All secrets managed via ansible-vault
56- **Environment Isolation**: Separate .env files per service
57- **Network Segmentation**: Docker networks with controlled access
58
59## Prerequisites
60
61### NFS Server Setup
62- NAS server with exports configured for:
63  - `/mnt/rstorage/cctv-data` → Frigate recordings
64  - `/mnt/rstorage/media/pictures` → Immich photo library
65  - `/mnt/rstorage/code-repo` → Forgejo repositories
66  - `/mnt/rstorage/registry-data` → Harbor registry (manual setup)
67
68### Hardware Requirements
69- **CPU**: 4+ cores recommended (ML workloads for Frigate/Immich)
70- **RAM**: 16GB+ for full stack
71- **Storage**: Fast NVMe for databases, NFS for bulk data
72- **Network**: Gigabit for NFS performance
73
74### Software Dependencies
75- Docker and Docker Compose
76- NFS client utilities
77- systemd for mount management
78
79## Configuration
80
81### Vault Variables
82Store sensitive data in `group_vars/vault.yml`:
83```yaml
84vault_runner:
85  # Database passwords
86  postgres_password: "secure_password"
87  mysql_password: "secure_password"
88  mysql_root_password: "secure_root_password"
89  
90  # API keys and tokens
91  frigate_mqtt_password: "mqtt_password"
92  
93  # Camera credentials (RTSP)
94  camera_credentials:
95    front_door:
96      username: "camera_user"
97      password: "camera_pass"
98      host: "192.168.1.100"
99```
100
101### Host Variables
102Configure per-host in `host_vars/runner-host.yml`:
103```yaml
104runner_enabled: true
105
106# Network settings
107runner_network_subnet: "192.168.1.0/24"
108runner_nas_host: "192.168.1.200"
109
110# Service configuration
111frigate_cameras:
112  - name: "front_door"
113    host: "{{ vault_runner.camera_credentials.front_door.host }}"
114    
115immich_enable_ml: true
116immich_enable_facial_recognition: true
117
118ghost_site_url: "https://blog.example.com"
119```
120
121## Service Details
122
123### Port Allocation
124- **Frigate**: 5000 (Web UI), 1935 (RTMP), 8554 (RTSP)
125- **Immich**: 2283 (Web UI/API), 3001 (Machine Learning)
126- **Forgejo**: 3000 (Web), 2222 (SSH)
127- **Stirling-PDF**: 8080 (App), 8081 (Caddy CORS Proxy)
128- **Tandoor**: 8010 (Web UI)
129- **Ghost**: 2368 (Web/API)
130
131### Data Paths
132- **Local Config**: `/docker/runner/` (service configurations)
133- **Local Data**: `/docker/runner-data/` (databases, caches)
134- **NFS Mounts**: `/mnt/docker/` (bulk data storage)
135
136## Management Commands
137
138Generated scripts for service management:
139- `runner-status.sh` - Check all service status
140- `runner-logs.sh` - View service logs
141- `runner-restart.sh` - Restart all services
142- `runner-update.sh` - Update container images
143
144## Monitoring
145
146### Logging
147- Centralized logging via Docker
148- Log rotation and retention
149- Service-specific log levels
150
151## API Integration
152
153Services designed for integration with website containers:
154- **Ghost CMS**: Content API for blogs/websites
155- **Stirling-PDF**: Document processing API
156- **Immich**: Photo gallery API
157- **Forgejo**: Git webhook integration
158
159## Backup Strategy
160
161### Data Protection
162- Configuration files → managed via Infrastructure as Code
163- Database persistence → local storage with regular snapshots
164- NFS data → handled by NAS backup systems
165
166## Usage Examples
167
168```bash
169# Deploy all services
170ansible-playbook runner.yml -i inventory/hosts
171
172# Deploy specific service
173ansible-playbook runner.yml -i inventory/hosts --tags frigate
174
175# Update service configuration
176ansible-playbook runner.yml -i inventory/hosts --tags config
177
178```