diff --git a/menu/functions/install.sh b/menu/functions/install.sh index c28eb059..817601b7 100644 --- a/menu/functions/install.sh +++ b/menu/functions/install.sh @@ -77,6 +77,8 @@ pginstall() { core mergerinstall core dockerinstall core docstart + core kernel + core cloudflare touch /var/plexguide/install.roles rolenumber=3 @@ -105,6 +107,8 @@ pginstall() { core mountcheck emergency pgdeploy + core kernel + core cloudflare } core() { @@ -155,6 +159,18 @@ docstart() { ansible-playbook /opt/plexguide/menu/pg.yml --tags docstart } +kernel () { + ansible-playbook /opt/plexguide/menu/pg.yml --tags kernel +} + +cloudflare () { + ansible-playbook /opt/plexguide/menu/pg.yml --tags cloudflare +} + +nvidia () { + ansible-playbook /opt/plexguide/menu/pg.yml --tags nvidia +} + emergency() { variable /var/plexguide/emergency.display "On" if [[ $(ls /opt/appdata/plexguide/emergency) != "" ]]; then diff --git a/menu/pg.yml b/menu/pg.yml index 55d4832a..ae4a911c 100644 --- a/menu/pg.yml +++ b/menu/pg.yml @@ -10,4 +10,7 @@ - { role: autodelete, tags: ['autodelete'] } - { role: clean, tags: ['clean'] } - { role: clean-encrypt, tags: ['clean-encrypt'] } - - { role: kernel, tags: ['kernel'] } \ No newline at end of file + - { role: kernel, tags: ['kernel'] } + - { role: cloudflare, tags: ['cloudflare'] } + - { role: nvidia, tags: ['nvidia'] } + - { role: system, tags: ['system'] } \ No newline at end of file diff --git a/menu/roles/cloudflare/tasks/main.yml b/menu/roles/cloudflare/tasks/main.yml new file mode 100644 index 00000000..f15a9a5a --- /dev/null +++ b/menu/roles/cloudflare/tasks/main.yml @@ -0,0 +1,40 @@ +######################################################################### +# Title: Cloudbox: Cloudflare Role # +# Author(s): l3uddz, desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Install 'dnsutils' + apt: "name=dnsutils state=present" + +- name: Get Public IP Address + shell: dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'\"' '{ print $2}' + register: public_ip_lookup + +- name: Set 'public_ip' variable + set_fact: + public_ip: "{{ public_ip_lookup.stdout }}" + +- name: Set 'record' variable + set_fact: + record: "{{ (subdomain == user.domain) | ternary(user.domain,subdomain + '.' + user.domain) }}" + +- name: Set DNS Record + cloudflare_dns: + account_api_token: "{{ cloudflare.api }}" + account_email: "{{ cloudflare.email }}" + zone: "{{ user.domain }}" + state: present + solo: true + proxied: no + type: A + value: "{{ public_ip }}" + record: "{{ subdomain }}" + +- name: Display DNS Record + debug: + msg: "DNS Record for '{{ record }}' set to '{{ public_ip }}'." diff --git a/menu/roles/nvidia/files/blacklist-nouveau.conf b/menu/roles/nvidia/files/blacklist-nouveau.conf new file mode 100644 index 00000000..1dc35c15 --- /dev/null +++ b/menu/roles/nvidia/files/blacklist-nouveau.conf @@ -0,0 +1,3 @@ +# generated by cloudbox nvidia role +blacklist nouveau +options nouveau modeset=0 \ No newline at end of file diff --git a/menu/roles/nvidia/tasks/main.yml b/menu/roles/nvidia/tasks/main.yml new file mode 100644 index 00000000..4d54ad10 --- /dev/null +++ b/menu/roles/nvidia/tasks/main.yml @@ -0,0 +1,110 @@ +######################################################################### +# Title: Cloudbox: Nvidia Role # +# Author(s): desimaniac, l3uddz # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Install common pip modules + pip: + state: present + name: + - jmespath + +- name: Fetch Nvidia card info + shell: | + if [ `lspci | grep -c -E '.*VGA.*NVIDIA'` -eq 1 ]; then + lspci -s $(lspci | grep -E '.*VGA.*NVIDIA' | cut -d' ' -f 1) + else + echo "" + fi + register: lspci_resp + +- name: Nvidia Setup block + block: + + # Install Ubuntu drivers + + - name: Install Ubuntu drivers + apt: + name: ubuntu-drivers-common + update_cache: yes + state: present + + - name: Get list of devices + shell: ubuntu-drivers devices + register: ubuntu_devices + + # Install Nvidia Drivers + + - name: Nvidia Kernel and Driver Tasks + block: + + - name: Check if 'blacklist-nouveau.conf' exists + stat: + path: "/etc/modprobe.d/blacklist-nouveau.conf" + register: blacklist_nouveau_conf + + - name: "Nvidia Kernel Task" + include_tasks: "nvidia_kernel.yml" + when: (not blacklist_nouveau_conf.stat.exists) + + - name: "Nvidia Driver Task" + include_tasks: "nvidia_driver.yml" + + when: '("manual_install: True" not in ubuntu_devices.stdout)' + + # Install Nvidia Driver Patch to remove transcode limit + + - name: Nvidia Driver Patch Tasks + block: + + - name: Check to see if patch backup files exist + find: + paths: "/opt/nvidia/libnvidia-encode-backup" + file_type: file + recurse: yes + patterns: '*.so*' + register: nvidia_patch_backup_files + + - name: "Nvidia Driver Patch Task" + include_tasks: "nvidia_patch.yml" + when: (nvidia_patch_backup_files.matched|int == 0) + + when: ('GeForce' in lspci_resp.stdout) + + # Install Nvidia Runtime Container + + - name: Nvidia Runtime Container Tasks + block: + + - name: Get contents of 'daemon.json' + shell: cat /etc/docker/daemon.json + register: docker_daemon_json + + - name: Set 'docker_default_runtime' + set_fact: + docker_default_runtime: "{{ docker_daemon_json.stdout | from_json | json_query('\"default-runtime\"') }}" + + - name: "Nvidia Docker Task" + include_tasks: "nvidia_docker.yml" + when: (docker_default_runtime != 'nvidia') + + # Install Nvidia Nvtop Tool + + - name: Nvidia Nvtop Tasks + block: + + - name: Check nvtop exists + stat: + path: "/usr/local/bin/nvtop" + register: nvtop_binary + + - name: "Nvidia Nvtop Task" + include_tasks: "nvidia_nvtop.yml" + when: not nvtop_binary.stat.exists + + when: (ansible_distribution == 'Ubuntu') and ('NVIDIA' in lspci_resp.stdout) diff --git a/menu/roles/nvidia/tasks/nvidia_docker.yml b/menu/roles/nvidia/tasks/nvidia_docker.yml new file mode 100644 index 00000000..fadc202c --- /dev/null +++ b/menu/roles/nvidia/tasks/nvidia_docker.yml @@ -0,0 +1,65 @@ +######################################################################### +# Title: Nvidia: Nvidia Docker Task # +# Author(s): desimaniac, l3uddz # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Add nvidia repository + shell: | + curl -s -L https://nvidia.github.io/nvidia-container-runtime/gpgkey | \ + sudo apt-key add - + distribution=$(. /etc/os-release;echo $ID$VERSION_ID) + curl -s -L https://nvidia.github.io/nvidia-container-runtime/$distribution/nvidia-container-runtime.list | \ + sudo tee /etc/apt/sources.list.d/nvidia-container-runtime.list + +- name: Install 'nvidia-container-runtime' + apt: + name: nvidia-container-runtime + update_cache: yes + state: present + +- name: Populate Service Facts + service_facts: + +- name: Get Docker service state + set_fact: + docker_service_running: "{{ (services['docker.service'] is defined) and (services['docker.service']['state'] == 'running') }}" + +- name: Gather list of running Docker containers + shell: "docker ps --format '{{ '{{' }} .Names{{ '}}' }}' | xargs echo -n" + register: docker_running_containers + ignore_errors: yes + when: (docker_service_running) + +- name: Stop all running Docker containers + shell: "docker stop {{ docker_running_containers.stdout }}" + ignore_errors: yes + when: (docker_service_running) and not (docker_running_containers.stdout | trim | length == 0) + +- name: Stop docker service + systemd: + name: docker + state: stopped + when: (docker_service_running) + +# https://github.com/linkernetworks/vortex-installer/blob/master/roles/common/tasks/nvidia-docker.yml +- name: Add runtime to '/etc/docker/daemon.json' + shell: | + jq '."default-runtime" = "nvidia" | .runtimes.nvidia.path = "/usr/bin/nvidia-container-runtime" | .runtimes.nvidia.runtimeArgs = []' \ + /etc/docker/daemon.json | jq . > /etc/docker/daemon.json_tmp \ + && mv /etc/docker/daemon.json_tmp /etc/docker/daemon.json + +- name: Start docker service + systemd: + name: docker + state: started + when: (docker_service_running) + +- name: "Re-start all previously running Docker containers" + shell: 'docker start {{ docker_running_containers.stdout }}' + ignore_errors: yes + when: (docker_service_running) and not (docker_running_containers.stdout | trim | length == 0) diff --git a/menu/roles/nvidia/tasks/nvidia_driver.yml b/menu/roles/nvidia/tasks/nvidia_driver.yml new file mode 100644 index 00000000..967e0de5 --- /dev/null +++ b/menu/roles/nvidia/tasks/nvidia_driver.yml @@ -0,0 +1,42 @@ +######################################################################### +# Title: Nvidia: Nvidia Driver Task # +# Author(s): desimaniac, l3uddz # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Download Nvidia drivers + get_url: + url: "https://download.nvidia.com/XFree86/Linux-x86_64/410.78/NVIDIA-Linux-x86_64-410.78.run" + dest: /tmp/NVIDIA-Linux-x86_64-410.78.run + mode: 0775 + owner: root + group: root + force: yes + validate_certs: no + register: driver_download + +- name: Install 'build-essential' + apt: + name: build-essential + update_cache: yes + state: present + +- name: Install Nvidia drivers + shell: /tmp/NVIDIA-Linux-x86_64-410.78.run --silent + register: driver_install + ignore_errors: yes + +- name: Nvidia driver did not install + debug: + when: (driver_install is failed) or ('ERROR' in driver_install.stdout) + +- name: Nvidia driver did not install + fail: + msg: + - "{{ driver_install.stdout }}" + - "Nvidia driver did not install" + when: (driver_install is failed) or ('ERROR' in driver_install.stdout) diff --git a/menu/roles/nvidia/tasks/nvidia_kernel.yml b/menu/roles/nvidia/tasks/nvidia_kernel.yml new file mode 100644 index 00000000..05bf84f1 --- /dev/null +++ b/menu/roles/nvidia/tasks/nvidia_kernel.yml @@ -0,0 +1,37 @@ +######################################################################### +# Title: Nvidia: Nvidia Kernel Task # +# Author(s): desimaniac, l3uddz # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Copy 'blacklist-nouveau.conf' + copy: + src: "blacklist-nouveau.conf" + dest: "/etc/modprobe.d/blacklist-nouveau.conf" + owner: "root" + group: "root" + mode: 0664 + register: r + +- name: Continue with tasks + block: + + - name: Success message + debug: + msg: "Disabled nouveau driver. System will now reboot ..." + + - name: Update initramfs + command: update-initramfs -u + + - name: Reboot command + shell: reboot + + - name: Reboot message + fail: + msg: "Disabled nouveau driver. You will need to restart the server for changes to take effect." + + when: (r.changed) diff --git a/menu/roles/nvidia/tasks/nvidia_nvtop.yml b/menu/roles/nvidia/tasks/nvidia_nvtop.yml new file mode 100644 index 00000000..1b3767a3 --- /dev/null +++ b/menu/roles/nvidia/tasks/nvidia_nvtop.yml @@ -0,0 +1,39 @@ +######################################################################### +# Title: Nvidia: Nvidia Nvtop Task # +# Author(s): desimaniac, l3uddz # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Install nvtop dependencies + apt: name="{{ item }}" state=present update_cache=yes + become: true + with_items: + - cmake + - libncurses5-dev + - libncursesw5-dev + +- name: Pull nvtop repo from github + git: clone=yes repo=https://github.com/Syllo/nvtop dest=/tmp/nvtop/ + register: diff + +- name: Build and install nvtop + shell: "cd /tmp/nvtop && \ + mkdir build && \ + cd build && \ + cmake .. -DNVML_RETRIEVE_HEADER_ONLINE=True && \ + make && \ + make install" + when: diff.changed + +- name: "Get nvtop version" + shell: "/usr/local/bin/nvtop --version | head -n 1 | awk '{print $3}' | cut -f1,2 -d'-'" + register: nvtop_version + ignore_errors: yes + +- name: "Display nvtop version" + debug: + msg: "nvtop {{ nvtop_version.stdout }} installed." diff --git a/menu/roles/nvidia/tasks/nvidia_patch.yml b/menu/roles/nvidia/tasks/nvidia_patch.yml new file mode 100644 index 00000000..bfea5a34 --- /dev/null +++ b/menu/roles/nvidia/tasks/nvidia_patch.yml @@ -0,0 +1,39 @@ +######################################################################### +# Title: Nvidia: Nvidia Patch Task # +# Author(s): desimaniac, l3uddz # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Download Nvidia patch + get_url: + url: "https://raw.githubusercontent.com/keylase/nvidia-patch/master/patch.sh" + dest: /tmp/NVIDIA-patch.sh + mode: 0775 + owner: root + group: root + force: yes + validate_certs: no + +- name: Install Nvidia patch + shell: /tmp/NVIDIA-patch.sh + args: + executable: /bin/bash + warn: no + register: patch_install + ignore_errors: yes + +- name: Nvidia patch installed! + debug: + msg: "Nvidia patch installed!" + when: (patch_install is succeeded) and ('Patched!' in patch_install.stdout) + +- name: Nvidia patch did not install! + fail: + msg: + - "Nvidia patch did not install!" + - "{{ patch_install.stdout }}" + when: (patch_install is failed) or ('Patched!' not in patch_install.stdout) \ No newline at end of file diff --git a/menu/roles/system/files/etc/rc.local b/menu/roles/system/files/etc/rc.local new file mode 100644 index 00000000..65634dfa --- /dev/null +++ b/menu/roles/system/files/etc/rc.local @@ -0,0 +1,14 @@ +#!/bin/sh -e +# +# rc.local +# +# This script is executed at the end of each multiuser runlevel. +# Make sure that the script will "exit 0" on success or any other +# value on error. +# +# In order to enable or disable this script just change the execution +# bits. +# +# By default this script does nothing. + +exit 0 diff --git a/menu/roles/system/handlers/main.yml b/menu/roles/system/handlers/main.yml new file mode 100644 index 00000000..00d8fa75 --- /dev/null +++ b/menu/roles/system/handlers/main.yml @@ -0,0 +1,15 @@ +######################################################################### +# Title: Cloudbox: System Handler # +# Author(s): desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: update locales + command: dpkg-reconfigure --frontend noninteractive locales + +- name: update tzdata + command: dpkg-reconfigure --frontend noninteractive tzdata diff --git a/menu/roles/system/tasks/main.yml b/menu/roles/system/tasks/main.yml new file mode 100644 index 00000000..99ef9943 --- /dev/null +++ b/menu/roles/system/tasks/main.yml @@ -0,0 +1,40 @@ +######################################################################### +# Title: Cloudbox: System Role # +# Author(s): l3uddz, desimaniac, EnorMOZ # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: APT tasks + include_tasks: "subtasks/apt.yml" + +- name: Network tasks + import_tasks: "subtasks/network.yml" + +- name: SYSCTL tasks + include_tasks: "subtasks/sysctl.yml" + +- name: Check if intel_pstate directory exists. + stat: + path: /sys/devices/system/cpu/intel_pstate + register: p + +- name: CPU Frequency tasks + include_tasks: "subtasks/cpufrequency.yml" + when: p.stat.isdir is defined and p.stat.isdir + +- name: Remove CPU Power task + include_tasks: "subtasks/remove_cpupower.yml" + +- name: Set Time Zone task + import_tasks: "subtasks/timezone.yml" + tags: set-timezone + +- name: Set Locale task + import_tasks: "subtasks/locale.yml" + tags: set-locale + +- meta: flush_handlers diff --git a/menu/roles/system/tasks/subtasks/apt.yml b/menu/roles/system/tasks/subtasks/apt.yml new file mode 100644 index 00000000..90586362 --- /dev/null +++ b/menu/roles/system/tasks/subtasks/apt.yml @@ -0,0 +1,65 @@ +######################################################################### +# Title: System: APT Tasks # +# Author(s): l3uddz, desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Set env variables + set_fact: + env_vars: + DEBIAN_FRONTEND: noninteractive + DEBIAN_PRIORITY: critical + +- name: Fix any potential dpkg issues + shell: dpkg --configure --pending + +- name: Kill existing apt and apt-get + shell: "killall apt apt-get >/dev/null 2>&1 || :" + ignore_errors: yes + +- name: Fix any potential apt issues + shell: apt-get install --fix-broken --quiet --yes + environment: "{{ env_vars }}" + ignore_errors: yes + +- name: Install required packages + apt: + state: present + name: + - apt-utils + - byobu + +- name: APT update + apt: + update_cache: yes + ignore_errors: yes + +# https://serverfault.com/a/839563 +# https://raymii.org/s/tutorials/Silent-automatic-apt-get-upgrade.html +- name: APT upgrade + shell: apt-get upgrade --quiet --yes --allow-unauthenticated -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" + environment: "{{ env_vars }}" + when: not continuous_integration + ignore_errors: yes + +# https://serverfault.com/a/839563 +# https://raymii.org/s/tutorials/Silent-automatic-apt-get-upgrade.html +- name: APT dist-upgrade + shell: apt-get dist-upgrade --quiet --yes --allow-unauthenticated -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" + environment: "{{ env_vars }}" + when: not continuous_integration + ignore_errors: yes + +- name: Remove useless packages from the cache + apt: + autoclean: yes + ignore_errors: yes + +- name: Remove dependencies that are no longer required + apt: + autoremove: yes + ignore_errors: yes diff --git a/menu/roles/system/tasks/subtasks/cpufrequency.yml b/menu/roles/system/tasks/subtasks/cpufrequency.yml new file mode 100644 index 00000000..2137eb4c --- /dev/null +++ b/menu/roles/system/tasks/subtasks/cpufrequency.yml @@ -0,0 +1,68 @@ +######################################################################### +# Title: System: CPU Frequency Tasks # +# Author(s): l3uddz, EnorMOZ, desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Install 'cpufrequtils' + apt: + name: cpufrequtils + state: present + +- name: Install 'linux-tools' for Ubuntu + apt: + state: present + name: + - linux-tools-common + - linux-tools-generic + when: ansible_distribution == 'Ubuntu' + +- name: Install 'linux-tools' for Debian + apt: + name: linux-tools + state: present + when: ansible_distribution == 'Debian' + +- name: "Install linux-tools-{{ ansible_kernel }}" + shell: "apt-get install -qq $(apt-cache search -n linux-tools-{{ ansible_kernel }} | awk '{print $1}' | tail -n 1)" + ignore_errors: yes + +- name: Check /etc/default/cpufrequtils exists + stat: + path: /etc/default/cpufrequtils + register: cpufrequtils_file + +- name: Create /etc/default/cpufrequtils + file: + path: /etc/default/cpufrequtils + state: touch + when: not cpufrequtils_file.stat.exists + +- name: Set CPU frequency scaling governor to performance + lineinfile: + path: "/etc/default/cpufrequtils" + regexp: '^GOVENOR\s?=' + line: 'GOVENOR="performance"' + state: present + +- name: Set CPU frequency scaling governor to performance + lineinfile: + path: "/etc/default/cpufrequtils" + regexp: '^GOVERNOR\s?=' + line: 'GOVERNOR="performance"' + state: present + +- name: Ensure governor is enabled + lineinfile: + path: "/etc/default/cpufrequtils" + regexp: '^ENABLE\s?=' + line: 'ENABLE="true"' + state: present + +- name: Disable ondemand CPU frequency scaling daemon + shell: "update-rc.d ondemand disable" + when: ansible_distribution_version == "16.04" diff --git a/menu/roles/system/tasks/subtasks/locale.yml b/menu/roles/system/tasks/subtasks/locale.yml new file mode 100644 index 00000000..f35ba660 --- /dev/null +++ b/menu/roles/system/tasks/subtasks/locale.yml @@ -0,0 +1,36 @@ +######################################################################### +# Title: System: Locale Tasks # +# Author(s): desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: "Install 'locales'" + apt: + name: locales + state: present + +- name: "Generate 'locales'" + locale_gen: + name: "en_US.UTF-8" + state: present + notify: update locales + +- name: "Uncomment 'LANG='" + replace: + path: "/etc/default/locale" + regexp: '^#(LANG=.*)' + replace: '\1' + +- name: "Set Default 'locale'" + ini_file: + path: "/etc/default/locale" + section: null + option: "LANG" + value: "en_US.UTF-8" + state: present + no_extra_spaces: yes + notify: update locales diff --git a/menu/roles/system/tasks/subtasks/mounts.yml b/menu/roles/system/tasks/subtasks/mounts.yml new file mode 100644 index 00000000..7bc62ce6 --- /dev/null +++ b/menu/roles/system/tasks/subtasks/mounts.yml @@ -0,0 +1,23 @@ +######################################################################### +# Title: System: Mounts Tasks # +# Author(s): l3uddz, desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- debug: + msg: "System mounts: are {{ ansible_mounts }}" + +- name: Set noatime,nobarrier opts for / mount + mount: + path: / + opts: defaults,noatime,nobarrier + state: present + fstype: ext4 + src: "{{ item.device }}" + with_items: + - "{{ ansible_mounts }}" + when: (item.mount == '/') and (item.fstype == 'ext4') diff --git a/menu/roles/system/tasks/subtasks/network.yml b/menu/roles/system/tasks/subtasks/network.yml new file mode 100644 index 00000000..4d2de488 --- /dev/null +++ b/menu/roles/system/tasks/subtasks/network.yml @@ -0,0 +1,63 @@ +######################################################################### +# Title: System: Network Tasks # +# Author(s): desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Install common packages + apt: + state: present + name: + - vnstat + - pciutils + +- block: + + - name: Check for '/etc/vnstat.conf' + stat: + path: "/etc/vnstat.conf" + register: vnstat_conf + + - name: Set vnstat to proper default interface + lineinfile: + path: "/etc/vnstat.conf" + regexp: '(Interface)\s?.*' + line: '\1 "{{ ansible_default_ipv4.interface }}"' + state: present + backrefs: yes + when: (vnstat_conf.stat.exists) + + - name: Import rc.local if missing + copy: + src: "etc/rc.local" + dest: "/etc/rc.local" + owner: "root" + group: "root" + mode: 0755 + force: no + + - name: Get nic info + shell: lspci + register: nic + + - name: Disable TSO / TX + blockinfile: + path: "/etc/rc.local" + state: present + create: no + marker: "### {mark} CLOUDBOX MANAGED BLOCK ###" + block: | + /sbin/ifconfig {{ ansible_default_ipv4.interface }} txqueuelen 10000 + ethtool -G {{ ansible_default_ipv4.interface }} rx 4096 tx 4096 + ethtool -K {{ ansible_default_ipv4.interface }} tso off tx off + insertbefore: "^exit 0" + owner: "root" + group: "root" + mode: 0755 + when: ('I218' in nic.stdout) or ('I219' in nic.stdout) + + when: (ansible_default_ipv4 is defined) and (ansible_default_ipv4.type == "ether") diff --git a/menu/roles/system/tasks/subtasks/remove_cpupower.yml b/menu/roles/system/tasks/subtasks/remove_cpupower.yml new file mode 100644 index 00000000..6dbc92c4 --- /dev/null +++ b/menu/roles/system/tasks/subtasks/remove_cpupower.yml @@ -0,0 +1,29 @@ +######################################################################### +# Title: System: Remove CPU Power Tasks # +# Author(s): desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Check if cpupower.service exists + stat: + path: "/etc/systemd/system/cpupower.service" + register: cpupower_service + +- name: Stop and disable cpupower.service + systemd: + state: stopped + name: cpupower + daemon_reload: yes + enabled: no + ignore_errors: yes + when: cpupower_service.stat.exists + +- name: Delete cpupower.service + file: + path: /etc/systemd/system/cpupower.service + state: absent + when: cpupower_service.stat.exists diff --git a/menu/roles/system/tasks/subtasks/sysctl.yml b/menu/roles/system/tasks/subtasks/sysctl.yml new file mode 100644 index 00000000..d4c938e8 --- /dev/null +++ b/menu/roles/system/tasks/subtasks/sysctl.yml @@ -0,0 +1,92 @@ +######################################################################### +# Title: System: SYSCTL Tasks # +# Author(s): l3uddz, desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: SYSCTL Tuning + ignore_errors: yes + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + state: present + loop: + # Enable tcp_window_scaling + - { name: net.ipv4.tcp_window_scaling, value: 1 } + # Increase rmem_max test buffer limit to 64 MB + - { name: net.core.rmem_max, value: 67108864 } + # Increase wmem_max test buffer limit to 64 MB + - { name: net.core.wmem_max, value: 67108864 } + # Increase tcp_rmem autotune buffer limit to 32 MB + - { name: net.ipv4.tcp_rmem, value: "4096 87380 33554432" } + # Increase tcp_wmem autotune buffer limit to 32 MB + - { name: net.ipv4.tcp_wmem, value: "4096 87380 33554432" } + # Set tcp_congestion_control to bbr + - { name: net.ipv4.tcp_congestion_control, value: bbr } + # Increase system file descriptor limit + - { name: fs.file-max, value: 100000 } + # Reduce swappiness + - { name: vm.swappiness, value: 10 } + # Set dirty_ratio + - { name: vm.dirty_ratio, value: 15 } + # Set dirty_background_ratio + - { name: vm.dirty_background_ratio, value: 10 } + # Set somaxconn to 1024 + - { name: net.core.somaxconn, value: 1024 } + # Increase netdev_max_backlog + - { name: net.core.netdev_max_backlog, value: 100000 } + # Increase tcp_max_syn_backlog + - { name: net.ipv4.tcp_max_syn_backlog, value: 30000 } + # Increase tcp_max_tw_buckets + - { name: net.ipv4.tcp_max_tw_buckets, value: 2000000 } + # Enable tcp_tw_reuse + - { name: net.ipv4.tcp_tw_reuse, value: 1 } + # Enable tcp_mtu_probing + - { name: net.ipv4.tcp_mtu_probing, value: 1 } + # Enable tcp_sack + - { name: net.ipv4.tcp_sack, value: 1 } + # Increase tcp_adv_win_scale + - { name: net.ipv4.tcp_adv_win_scale, value: 2 } + # Enable tcp_rfc1337 + - { name: net.ipv4.tcp_rfc1337, value: 1 } + # Increase tcp_fin_timeout + - { name: net.ipv4.tcp_fin_timeout, value: 10 } + # Disable tcp_slow_start_after_idle + - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 } + # Increase udp_rmem_min + - { name: net.ipv4.udp_rmem_min, value: 8192 } + # Increase udp_wmem_min + - { name: net.ipv4.udp_wmem_min, value: 8192 } + # Disable accept_source_route + - { name: net.ipv4.conf.all.accept_source_route, value: 0 } + # Disable accept_redirects + - { name: net.ipv4.conf.all.accept_redirects, value: 0 } + # Disable secure_redirects + - { name: net.ipv4.conf.all.secure_redirects, value: 0 } + # Set default_qdisc to fq + - { name: net.core.default_qdisc, value: fq } + # Set max_user_watches for plex inotify + - { name: fs.inotify.max_user_watches, value: 131072 } + # Set net.core.netdev_budget + - { name: net.core.netdev_budget, value: 50000 } + + +- name: Check to see if '/proc/sys/net/core/netdev_budget_usecs' exists + stat: + path: "/proc/sys/net/core/netdev_budget_usecs" + register: netdev_budget_usecs + +- name: "SYSCTL Tuning - 'netdev_budget_usecs'" + ignore_errors: yes + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + state: present + loop: + # Set netdev_budget_usecs + - { name: net.core.netdev_budget_usecs, value: 5000 } + when: netdev_budget_usecs.stat.exists diff --git a/menu/roles/system/tasks/subtasks/timezone.yml b/menu/roles/system/tasks/subtasks/timezone.yml new file mode 100644 index 00000000..84cf19c4 --- /dev/null +++ b/menu/roles/system/tasks/subtasks/timezone.yml @@ -0,0 +1,32 @@ +######################################################################### +# Title: System: Time Zone Tasks # +# Author(s): desimaniac # +# URL: https://github.com/cloudbox/cloudbox # +# -- # +# Part of the Cloudbox project: https://cloudbox.works # +######################################################################### +# GNU General Public License v3.0 # +######################################################################### +--- +- name: Remove '/etc/localtime' + file: + path: "/etc/localtime" + state: absent + +- name: Install tzdata + apt: + name: tzdata + state: present + +- name: Set time zone + timezone: + name: "{{ tz }}" + notify: update tzdata + +- name: Import '/etc/timezone' + template: + src: "etc/timezone.j2" + dest: "/etc/timezone" + mode: 0644 + force: yes + notify: update tzdata diff --git a/menu/roles/system/templates/etc/timezone.j2 b/menu/roles/system/templates/etc/timezone.j2 new file mode 100644 index 00000000..15b8962c --- /dev/null +++ b/menu/roles/system/templates/etc/timezone.j2 @@ -0,0 +1 @@ +{{ tz }}