Merge pull request #57 from ahembree/monitoring-scripts

Monitoring scripts

.github/extra-vars.yml

@@ -0,0 +1,205 @@
+{
+  "is_github_runner": true,
+  "container_expose_ports": true,
+  "hms_docker_plex_ssl_enabled": true,
+  "separate_4k_instances_enable": true,
+  "tautulli_include_jbops": true,
+  "traefik_security_hardening": true,
+  "flaresolverr_enabled": true,
+  "custom_scripts_enabled": true,
+  "monitoring_scripts_enabled": true,
+  "media_avail_script_enabled": true,
+  "hms_docker_container_map": {
+    "traefik": {
+      "enabled": true,
+      "proxy_host_rule": "traefik",
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy
+    },
+    "sonarr": {
+      "enabled": true,
+      "proxy_host_rule": sonarr,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "radarr": {
+      "enabled": true,
+      "proxy_host_rule": radarr,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "bazarr": {
+      "enabled": true,
+      "proxy_host_rule": bazarr,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "transmission": {
+      "enabled": false,
+      "proxy_host_rule": transmission,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": true
+    },
+    "portainer": {
+      "enabled": true,
+      "proxy_host_rule": portainer,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": oauth2,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "overseerr": {
+      "enabled": true,
+      "proxy_host_rule": overseerr,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "prowlarr": {
+      "enabled": true,
+      "proxy_host_rule": prowlarr,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "requestrr": {
+      "enabled": true,
+      "proxy_host_rule": requestrr,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "plex": {
+      "enabled": true,
+      "proxy_host_rule": plex,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": true
+    },
+    "tautulli": {
+      "enabled": true,
+      "proxy_host_rule": tautulli,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "nzbget": {
+      "enabled": true,
+      "proxy_host_rule": nzbget,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": true
+    },
+    "sabnzbd": {
+      "enabled": false,
+      "proxy_host_rule": sabnzbd,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": true
+    },
+    "authentik": {
+      "enabled": false,
+      "proxy_host_rule": "authentik",
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "tdarr": {
+      "enabled": true,
+      "proxy_host_rule": tdarr,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "homepage": {
+      "enabled": true,
+      "proxy_host_rule": "homepage",
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false,
+      "homepage": true,
+      "homepage_stats": false
+    },
+    "uptimekuma": {
+      "enabled": true,
+      "proxy_host_rule": uptime-kuma,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false
+    },
+    "heimdall": {
+      "enabled": true,
+      "proxy_host_rule": heimdall,
+      "directory": true,
+      "traefik": true,
+      "authentik": false,
+      "authentik_provider_type": proxy,
+      "expose_to_public": false
+    }
+  }
+}

.github/workflows/run-playbook.yml

@@ -34,14 +34,7 @@ jobs:
           --connection local
           hms-docker.yml
           --diff
-          --extra-vars "
-          is_github_runner=yes
-          container_expose_ports=yes
-          hms_docker_plex_ssl_enabled=yes
-          separate_4k_instances_enable=yes
-          tautulli_include_jbops=yes
-          traefik_security_hardening=yes
-          "
+          --extra-vars "@.github/extra-vars.yml"
 
       - name: Check containers
         run: |

.github/workflows/scripts/check_containers.py

@@ -69,7 +69,7 @@ def main():
                                 name = 'authentik'
                                 ssl = True
                             url = f'http{"s" if ssl else ""}://{host_ip}:{host_port}{suffix}'
-                            host_header = f'{name}.home.{domain}'
+                            host_header = f'{name}.{domain}'
                             logging.debug(f'getting {url} with Host header {host_header}')
                             # file deepcode ignore SSLVerificationBypass: Containers may host a self-signed certificate
                             response = requests.get(url, verify=False, headers={

README.md

@@ -34,12 +34,15 @@ Ansible Playbook to setup an automated Home Media Server stack running on Docker
 - Overseerr: request platform
 - Requestrr: chat client for requests
 - Tdarr: media transcoding
-- Homepage: dashboarding
+- Homepage: dashboarding / homepage
+- Heimdall: dashboarding / homepage
 - Watchtower: automatic container updates (if enabled)
 - Cloudflare-ddns: dynamic dns (if enabled)
 - Cloudflare Tunnel: Allows you to expose HTTP services without port-forwarding on your router, [see here](https://www.cloudflare.com/products/tunnel/) for more info
 - Authentik: SSO
 - Tailscale: mesh VPN
+- Flaresolverr: CAPTCHA solving
+- Uptime Kuma: service status monitoring
 
 ## Other Features
 
@@ -54,6 +57,7 @@ Ansible Playbook to setup an automated Home Media Server stack running on Docker
 - Support for separate 4K instances for Sonarr and Radarr
 - Script to convert a Traefik certificate file to a Plex-supported certificate file (PKCS12)
 - Automated dashboard configuration in Homepage
+- Custom advanced monitoring script(s)
 
 ## Supported Platforms
 
@@ -261,3 +265,5 @@ Authentik: `https://authentik.< domain >`
 Tdarr: `https://tdarr.< domain >`
 
 Homepage: `https://homepage.< domain >`
+
+Uptime Kuma: `https://uptime-kuma.< domain >`

docs/Container Map.md

@@ -30,10 +30,12 @@ If you choose to expose the container ports on the host (by setting `container_e
 | Portainer                                | `portainer`          | `9000`                 | `9000`            | ☑                |
 | Bazarr                                   | `bazarr`             | `6767`                 | `6767`            | ☑                |
 | Tautulli                                 | `tautulli`           | `8181`                 | `8181`            | ☑                |
-| Traefik                                  | `traefik`            | `8080`                 | `8080`            | ☑                |
+| Traefik                                  | `traefik`            | `80`, `8080`, `443`    | `80`, `8080`, `443`| ☑                |
 | Nzbget                                   | `nzbget`             | `6789`                 | `6789`            | ☑                |
 | Sabnzb                                   | `sabnzb`             | `8082`                 | `8080`            | ☑                |
 | Authentik                                | `authentik-server`   | `9001` and `9443`      | `9000` and `9443` | ☑                |
 | Tdarr                                    | `tdarr`              | `8265` and `8266`      | `8265` and `8266` | ☑                |
 | HomePage                                 | `homepage`           | `3000`                 | `3000`            | ☑                |
 | Flaresolverr                             | `flaresolverr`       | `8191`                 | `8191`            | ☐                |
+| Uptime Kuma                              | `uptime-kuma`        | `3001`                 | `3001`            | ☑                |
+| Heimdall                                 | `heimdall`           | `8000` and `8443`      | `80` and `443`    | ☑                |

roles/hmsdocker/defaults/main/container_map.yml

@@ -165,3 +165,20 @@ hms_docker_container_map:
     expose_to_public: no
     homepage: yes
     homepage_stats: no
+  uptimekuma:
+    enabled: no
+    proxy_host_rule: uptime-kuma
+    directory: yes
+    traefik: yes
+    authentik: no
+    authentik_provider_type: proxy
+    expose_to_public: no
+  heimdall:
+    enabled: no
+    proxy_host_rule: heimdall
+    directory: yes
+    traefik: yes
+    authentik: no
+    authentik_provider_type: proxy
+    expose_to_public: no
+

roles/hmsdocker/defaults/main/plex.yml

@@ -7,6 +7,7 @@ plex_claim_token: ""
 plex_advertise_ip: "{{ ansible_default_ipv4.address }}"
 
 # Transcode folder location for Plex.
+# If you have enough RAM, you can change this to "/dev/shm/plex_transcode" to use RAM for transcoding
 plex_transcode_folder: "/tmp/{{ project_name }}/plex_transcode" # default: "/tmp/{{ project_name }}/plex_transcode"
 
 # Adds a script to convert a Traefik certificate file to a Plex-supported certificate file so you can define a custom certificate for Plex

roles/hmsdocker/defaults/main/scripts.yml

@@ -0,0 +1,16 @@
+# Enable custom scripts
+custom_scripts_enabled: no
+
+
+##### Monitoring scripts
+monitoring_scripts_enabled: no
+
+### Media Availability script settings
+## Checks to see if a specific media item is actually available on disk (one that you know you'll never delete)
+## Useful for when there is an issue with a network share that causes media to show as unavailable, but the plex service is still online
+media_avail_script_enabled: no
+
+# The URL from Uptime Kuma for a "Push" notification
+# Remove the "?status=up&msg=OK&ping=" from the end, that is added by the script
+media_avail_kuma_push_url: 
+