diff --git a/group_vars/Octoprint_hosts/vars.yml b/group_vars/Octoprint_hosts/vars.yml new file mode 100644 index 0000000..b484fe6 --- /dev/null +++ b/group_vars/Octoprint_hosts/vars.yml @@ -0,0 +1,18 @@ +octoprint_users_list: + binarykitchen: + active: true + apikey: null + groups: + - users + - admins + password: fb5adb1fbecb856f2f37da607ea17faf4887cb353b0d28459b12fb814b59d325825b7856d604efddf30b7b0a08e95af0b5a78d6912830bac171d84fe0d8d2a33 + permissions: [] + roles: + - user + - admin + settings: {} + +octoprint_app_keys: + binarykitchen: + - api_key: 966930451181429EAAR2D2B78EF0B1F5 + app_id: slicer_upload diff --git a/roles/fluidd/defaults/main.yml b/roles/fluidd/defaults/main.yml new file mode 100644 index 0000000..aa6cc5c --- /dev/null +++ b/roles/fluidd/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +fluidd_dir: /var/www/fluidd +fluidd_api_server: localhost:7125 \ No newline at end of file diff --git a/roles/fluidd/meta/main.yml b/roles/fluidd/meta/main.yml new file mode 100644 index 0000000..43f5678 --- /dev/null +++ b/roles/fluidd/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: + - { role: acertmgr } + - { role: nginx, nginx_ssl: true} diff --git a/roles/fluidd/tasks/main.yml b/roles/fluidd/tasks/main.yml new file mode 100644 index 0000000..c9d63fc --- /dev/null +++ b/roles/fluidd/tasks/main.yml @@ -0,0 +1,26 @@ +--- + +- name: Create fluidd directory + file: + path: "{{ fluidd_dir }}" + owner: www-data + group: www-data + state: directory + +- name: Get fluidd src + unarchive: + remote_src: yes + src: https://github.com/fluidd-core/fluidd/releases/latest/download/fluidd.zip + dest: "{{ fluidd_dir }}" + group: www-data + +- name: Copy vhost + template: + src: vhost.j2 + dest: /etc/nginx/sites-available/fluidd + +- name: Enable vhost + file: + src: /etc/nginx/sites-available/fluidd + dest: /etc/nginx/sites-enabled/fluidd + state: link \ No newline at end of file diff --git a/roles/fluidd/templates/vhost.j2 b/roles/fluidd/templates/vhost.j2 new file mode 100644 index 0000000..061bb60 --- /dev/null +++ b/roles/fluidd/templates/vhost.j2 @@ -0,0 +1,66 @@ +# /etc/nginx/sites-available/fluidd + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream apiserver { + ip_hash; + server {{ fluidd_api_server }}; +} + +server { + listen 80 ; + server_name {{ fluidd_domain }}; + access_log /var/log/nginx/fluidd-access.log; + error_log /var/log/nginx/fluidd-error.log; + + # disable this section on smaller hardware like a pi zero + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_proxied expired no-cache no-store private auth; + gzip_comp_level 4; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml; + + # web_path from fluidd static files + root {{ fluidd_dir }}; + + index index.html; + + # disable max upload size checks + client_max_body_size 0; + + # disable proxy request buffering + proxy_request_buffering off; + + location / { + try_files $uri $uri/ /index.html; + } + + location = /index.html { + add_header Cache-Control "no-store, no-cache, must-revalidate"; + } + + location /websocket { + proxy_pass http://apiserver/websocket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 86400; + } + + location ~ ^/(printer|api|access|machine|server)/ { + proxy_pass http://apiserver$request_uri; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + } +} \ No newline at end of file diff --git a/roles/klipper/defaults/main.yml b/roles/klipper/defaults/main.yml new file mode 100644 index 0000000..4b1837f --- /dev/null +++ b/roles/klipper/defaults/main.yml @@ -0,0 +1,5 @@ +klipper_user: klipper +klipper_group: klipper +klipper_dir: /opt/klipper +klipper_conf_dir: /etc/klipper +klipper_venv: /opt/klipper/venv \ No newline at end of file diff --git a/roles/klipper/tasks/main.yml b/roles/klipper/tasks/main.yml new file mode 100644 index 0000000..2d5ae68 --- /dev/null +++ b/roles/klipper/tasks/main.yml @@ -0,0 +1,90 @@ +--- + +- name: Create group + group: + name: "{{ klipper_group }}" + +- name: Create user + user: + name: "{{ klipper_user }}" + home: "/home/{{ klipper_user }}" + group: "{{ klipper_group }}" + append: yes + groups: + - tty + - dialout + - video + +- name: Add klipper user to additional groups + user: + name: "{{ klipper_user }}" + append: yes + groups: "{{ klipper_groups }}" + when: klipper_groups is defined + +- name: Create config directory + file: + path: "{{ klipper_conf_dir }}" + owner: "{{ klipper_user }}" + group: "{{ klipper_group }}" + recurse: true + state: directory + +- name: Install requirements + apt: + name: + - python3-pip + - python3-virtualenv + - virtualenv + - python-dev + - libffi-dev + - build-essential + - libncurses-dev + - libusb-dev + - avrdude + - gcc-avr + - binutils-avr + - avr-libc + - stm32flash + - dfu-util + - libnewlib-arm-none-eabi + - gcc-arm-none-eabi + - binutils-arm-none-eabi + - libusb-1.0-0 + - git + +- name: Clone klipper + git: + repo: https://github.com/Klipper3d/klipper.git + dest: "{{ klipper_dir }}" + +- name: Set user and group for klipper src + file: + path: "{{ klipper_dir }}" + owner: "{{ klipper_user }}" + group: "{{ klipper_group }}" + recurse: true + state: directory + +- name: Create virtual env and install python dependencies + pip: + requirements: /opt/klipper/scripts/klippy-requirements.txt + virtualenv: /opt/klipper/venv + virtualenv_python: python2.7 + +- name: Install klipper config + git: + repo: https://git.binary-kitchen.de/3D-Printers/Voron2_Config.git + dest: "{{ klipper_conf_dir }}" + umask: "002" + become: yes + become_user: "{{ klipper_user }}" + +- name: Install service file + template: + src: klipper.service.j2 + dest: /usr/lib/systemd/system/klipper.service + +- name: Enable klipper + service: name=klipper enabled=yes + diff --git a/roles/klipper/templates/klipper.service.j2 b/roles/klipper/templates/klipper.service.j2 new file mode 100644 index 0000000..937f21d --- /dev/null +++ b/roles/klipper/templates/klipper.service.j2 @@ -0,0 +1,16 @@ +#Systemd service file for klipper + +[Unit] +Description=Starts klipper on startup +After=network.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=simple +User= {{ klipper_user }} +RemainAfterExit=yes +ExecStart={{ klipper_dir }}/venv/bin/python {{ klipper_dir }}/klippy/klippy.py {{ klipper_conf_dir }}/printer.cfg -l /tmp/klippy.log -a /tmp/klipper_uds -I /home/klipper/printer +Restart=always +RestartSec=10 \ No newline at end of file diff --git a/roles/mainsail/defaults/main.yml b/roles/mainsail/defaults/main.yml new file mode 100644 index 0000000..90014b0 --- /dev/null +++ b/roles/mainsail/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +mainsail_dir: /var/www/mainsail +mainsail_api_server: localhost:7125 \ No newline at end of file diff --git a/roles/mainsail/meta/main.yml b/roles/mainsail/meta/main.yml new file mode 100644 index 0000000..43f5678 --- /dev/null +++ b/roles/mainsail/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: + - { role: acertmgr } + - { role: nginx, nginx_ssl: true} diff --git a/roles/mainsail/tasks/main.yml b/roles/mainsail/tasks/main.yml new file mode 100644 index 0000000..6358940 --- /dev/null +++ b/roles/mainsail/tasks/main.yml @@ -0,0 +1,26 @@ +--- + +- name: Create mainsail directory + file: + path: "{{ mainsail_dir }}" + owner: www-data + group: www-data + state: directory + +- name: Get Mainsail src + unarchive: + remote_src: yes + src: https://github.com/mainsail-crew/mainsail/releases/latest/download/mainsail.zip + dest: "{{ mainsail_dir }}" + group: www-data + +- name: Copy vhost + template: + src: vhost.j2 + dest: /etc/nginx/sites-available/mainsail + +- name: Enable vhost + file: + src: /etc/nginx/sites-available/mainsail + dest: /etc/nginx/sites-enabled/mainsail + state: link \ No newline at end of file diff --git a/roles/mainsail/templates/vhost.j2 b/roles/mainsail/templates/vhost.j2 new file mode 100644 index 0000000..14ccdcf --- /dev/null +++ b/roles/mainsail/templates/vhost.j2 @@ -0,0 +1,66 @@ +# /etc/nginx/sites-available/mainsail + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream apiserver { + ip_hash; + server {{ mainsail_api_server }}; +} + +server { + listen 80 ; + server_name {{ mainsail_domain }}; + access_log /var/log/nginx/mainsail-access.log; + error_log /var/log/nginx/mainsail-error.log; + + # disable this section on smaller hardware like a pi zero + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_proxied expired no-cache no-store private auth; + gzip_comp_level 4; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml; + + # web_path from mainsail static files + root {{ mainsail_dir }}; + + index index.html; + + # disable max upload size checks + client_max_body_size 0; + + # disable proxy request buffering + proxy_request_buffering off; + + location / { + try_files $uri $uri/ /index.html; + } + + location = /index.html { + add_header Cache-Control "no-store, no-cache, must-revalidate"; + } + + location /websocket { + proxy_pass http://apiserver/websocket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 86400; + } + + location ~ ^/(printer|api|access|machine|server)/ { + proxy_pass http://apiserver$request_uri; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + } +} \ No newline at end of file diff --git a/roles/moonraker/defaults/main.yml b/roles/moonraker/defaults/main.yml new file mode 100644 index 0000000..72abb05 --- /dev/null +++ b/roles/moonraker/defaults/main.yml @@ -0,0 +1,12 @@ +moonraker_user: klipper +moonraker_group: klipper + +moonraker_src_dir: /opt/moonraker +moonraker_conf_dir: /etc/moonraker +moonraker_file_manager_config_path: /etc/klipper +moonraker_file_manager_log_path: /tmp + +moonraker_klippy_uds_address: /tmp/klipper_uds +moonraker_host: 127.0.0.1 +moonraker_port: 7125 + \ No newline at end of file diff --git a/roles/moonraker/tasks/main.yml b/roles/moonraker/tasks/main.yml new file mode 100644 index 0000000..a23e3c0 --- /dev/null +++ b/roles/moonraker/tasks/main.yml @@ -0,0 +1,66 @@ +--- + +- name: Create group + group: + name: "{{ moonraker_group }}" + +- name: Create user + user: + name: "{{ moonraker_user }}" + home: "/home/{{ moonraker_user }}" + group: "{{ moonraker_group }}" + append: yes + groups: + - video + - klipper + +- name: Install dependencies + apt: + name: + - python3-virtualenv + - python3-dev + - libopenjp2-7 + - python3-libgpiod + - curl + - libcurl4-openssl-dev + - libssl-dev + - liblmdb-dev + - libsodium-dev + - zlib1g-dev + - libjpeg-dev + +- name: Create config directory + file: + path: "{{ moonraker_conf_dir }}" + state: directory + owner: "{{ moonraker_user }}" + group: "{{ moonraker_group }}" + +- name: Copy moonraker config + template: + src: moonraker.conf.j2 + dest: "{{ moonraker_conf_dir }}/moonraker.conf" + become: yes + become_user: "{{ moonraker_user }}" + +- name: Clone moonraker src + git: + repo: https://github.com/Arksine/moonraker.git + dest: "{{ moonraker_src_dir }}" + +- name: Create python virtual environment + pip: + requirements: "{{ moonraker_src_dir }}/scripts/moonraker-requirements.txt" + virtualenv: "{{ moonraker_src_dir }}/venv" + +- name: Copy systemd service file + template: + src: moonraker.service.j2 + dest: /etc/systemd/system/moonraker.service + +- name: Enable moonraker + service: + name: moonraker + enabled: yes + + diff --git a/roles/moonraker/templates/moonraker.conf.j2 b/roles/moonraker/templates/moonraker.conf.j2 new file mode 100644 index 0000000..26dc0da --- /dev/null +++ b/roles/moonraker/templates/moonraker.conf.j2 @@ -0,0 +1,24 @@ +[server] +host: {{ moonraker_host }} +port: {{ moonraker_port }} + +[file_manager] +config_path: {{ moonraker_file_manager_config_path }} +log_path: {{ moonraker_file_manager_log_path }} +queue_gcode_uploads: True +enable_object_processing: True + +[authorization] +trusted_clients: + 0.0.0.0/0 + +[secrets] +secrets_path: /etc/moonraker/passwd + +[octoprint_compat] + +[history] + +[zeroconf] + + diff --git a/roles/moonraker/templates/moonraker.service.j2 b/roles/moonraker/templates/moonraker.service.j2 new file mode 100644 index 0000000..976471b --- /dev/null +++ b/roles/moonraker/templates/moonraker.service.j2 @@ -0,0 +1,17 @@ +#Systemd service file for moonraker +[Unit] +Description=API Server for Klipper +Requires=network-online.target +After=network-online.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=simple +User={{ moonraker_user }} +RemainAfterExit=yes +WorkingDirectory={{ moonraker_src_dir }} +ExecStart={{moonraker_src_dir}}/venv/bin/python {{moonraker_src_dir}}/moonraker/moonraker.py -c {{moonraker_conf_dir}}/moonraker.conf -l /tmp/moonraker.log +Restart=always +RestartSec=10 \ No newline at end of file diff --git a/roles/moonraker/templates/passwd.j2 b/roles/moonraker/templates/passwd.j2 new file mode 100644 index 0000000..8e2f0be --- /dev/null +++ b/roles/moonraker/templates/passwd.j2 @@ -0,0 +1 @@ +[ \ No newline at end of file diff --git a/roles/noodlehub/defaults/main.yml b/roles/noodlehub/defaults/main.yml new file mode 100644 index 0000000..eb7bdc2 --- /dev/null +++ b/roles/noodlehub/defaults/main.yml @@ -0,0 +1,5 @@ +noodlehub_user: noodlehub +noodlehub_group: noodlehub +noodlehub_dir: /opt/noodlehub +noodlehub_venv: /opt/noodlehub/venv +noodlehub_ssl: false \ No newline at end of file diff --git a/roles/noodlehub/handlers/main.yml b/roles/noodlehub/handlers/main.yml new file mode 100644 index 0000000..ac03627 --- /dev/null +++ b/roles/noodlehub/handlers/main.yml @@ -0,0 +1,8 @@ +- name: Reload systemd + systemd: daemon_reload=yes + +- name: Restart noodlehub + service: name=noodlehub state=restarted + +- name: Restart nginx + service: name=nginx state=restarted diff --git a/roles/noodlehub/meta/main.yml b/roles/noodlehub/meta/main.yml new file mode 100644 index 0000000..7cb3bd0 --- /dev/null +++ b/roles/noodlehub/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: + - { role: acertmgr, when: noodlehub_ssl} + - { role: nginx, nginx_ssl: noodlehub_ssl} diff --git a/roles/noodlehub/tasks/main.yml b/roles/noodlehub/tasks/main.yml new file mode 100644 index 0000000..8c348a2 --- /dev/null +++ b/roles/noodlehub/tasks/main.yml @@ -0,0 +1,73 @@ +--- + +- name: Install dependencies + apt: + name: + - python3-pip + - python3-virtualenv + - gpiod + - python3-libgpiod + - git + +- name: Create group + group: + name: "{{ noodlehub_user }}" + +- name: Create user + user: + name: "{{ noodlehub_user }}" + group: "{{ noodlehub_group }}" + home: /home/{{ noodlehub_user }} + groups: + - gpio + +- name: Create directory + file: + owner: "{{ noodlehub_user }}" + group: "{{ noodlehub_group }}" + path: "{{ noodlehub_dir }}" + state: directory + +- name: Clone noodlehub repository + git: + repo: https://github.com/binary-kitchen/noodle_hub.git + version: devel + dest: "{{ noodlehub_dir }}" + update: true + become: true + become_user: "{{ noodlehub_user }}" + +- name: Create virtualenv and install python dependencies + pip: + name: + - pyyaml + - flask + - jinja2 + - paho-mqtt + - utils + virtualenv: "{{ noodlehub_venv }}" + become: true + become_user: "{{ noodlehub_user }}" + +- name: Configure vhost + template: src=nginx_vhost.j2 dest=/etc/nginx/sites-available/noodlehub + notify: Restart nginx + +- name: Enable vhost + file: src=/etc/nginx/sites-available/noodlehub dest=/etc/nginx/sites-enabled/noodlehub state=link + notify: Restart nginx + +- name: Install systemd unit file + template: + src: noodlehub.service.j2 + dest: /usr/lib/systemd/system/noodlehub.service + notify: Reload systemd + +- name: Enable noodlehub + service: + name: noodlehub + enabled: yes + state: started + + + diff --git a/roles/noodlehub/templates/nginx_vhost.j2 b/roles/noodlehub/templates/nginx_vhost.j2 new file mode 100644 index 0000000..7e5ad1e --- /dev/null +++ b/roles/noodlehub/templates/nginx_vhost.j2 @@ -0,0 +1,59 @@ +{% if not noodlehub_ssl %} +server { + listen 80; + listen [::]:80; + + server_name {{ noodlehub_domain }}; + + location / { + client_max_body_size 1024M; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_http_version 1.1; + proxy_pass http://localhost:5000; + } +} +{% else %} +server { + listen 80; + listen [::]:80; + + server_name {{ octoprint_domain }}; + + location /.well-known/acme-challenge { + default_type "text/plain"; + alias /var/www/acme-challenge; + } + + location / { + return 301 https://{{ octoprint_domain }}$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ gitea_domain }}; + + ssl_certificate_key /etc/nginx/ssl/{{ gitea_domain }}.key; + ssl_certificate /etc/nginx/ssl/{{ gitea_domain }}.crt; + + location / { + client_max_body_size 1024M; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /octoprint; + proxy_http_version 1.1; + proxy_pass http://localhost:5000; + } +} +{% endif %} diff --git a/roles/noodlehub/templates/noodlehub.service.j2 b/roles/noodlehub/templates/noodlehub.service.j2 new file mode 100644 index 0000000..514358f --- /dev/null +++ b/roles/noodlehub/templates/noodlehub.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Noodlehub +After=syslog.target +After=network.target + +[Service] +RestartSec=2s +Type=simple +User={{ noodlehub_user }} +Group={{ noodlehub_user }} +WorkingDirectory={{ noodlehub_dir }} +ExecStart={{ noodlehub_dir }}/venv/bin/python ./noodle_hub +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/site.yml b/site.yml index a28043f..20e9e28 100644 --- a/site.yml +++ b/site.yml @@ -4,6 +4,18 @@ - common - root_keys +- name: Setup noodlehub + hosts: noodlehub.binary.kitchen + roles: + - noodlehub + tags: noodlehub + +- name: Setup klipper + hosts: cannelloni.binary.kitchen + roles: + - klipper + tags: klipper + - name: Setup octoprint hosts: [Octoprint_hosts] roles: