From 3bbb7b42961517538afbd63c3e2c67bf1e226242 Mon Sep 17 00:00:00 2001
From: tolerryan <105945216+tolerryan@users.noreply.github.com>
Date: Sun, 2 Nov 2025 00:55:58 -0500
Subject: [PATCH] Adding James vm

---
 james.tf                           |  49 +++++++++++
 roles/ind/james/docker-compose.env | 135 +++++++++++++++++++++++++++++
 roles/ind/james/docker-compose.yml |  59 +++++++++++++
 roles/ind/james/james.yml          |  48 ++++++++++
 4 files changed, 291 insertions(+)
 create mode 100644 james.tf
 create mode 100644 roles/ind/james/docker-compose.env
 create mode 100644 roles/ind/james/docker-compose.yml
 create mode 100644 roles/ind/james/james.yml

diff --git a/james.tf b/james.tf
new file mode 100644
index 0000000..0cefa09
--- /dev/null
+++ b/james.tf
@@ -0,0 +1,49 @@
+resource "proxmox_lxc" "james" {
+    target_node = "ryuk"
+    hostname = "james"
+    vmid = 228
+    ostemplate = "cephfs:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst"
+    password = "terraform"
+    unprivileged = true
+    cores = 6
+    memory = 4096
+    swap = 1024
+    start = true
+    tags = "terraform;deb13"
+    nameserver = "192.168.0.224"
+    ssh_public_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFw70PrMsilcsqCrwW1I6PAt3anQbhmVg+t/HUfomug ryan@mxDesktop"
+
+    features {
+        nesting = true
+    }
+
+    rootfs {
+        storage = "local-lvm"
+        size = "64G"
+    }
+
+    mountpoint{
+        key = "0"
+        slot = 0
+        storage = "Ceph"
+        mp      = "/data"
+        # 300GB, terraform plugin is setting it to Ms 
+        size    = "300000M"
+    }
+
+    network {
+        name = "eth0"
+        bridge = "vmbr0"
+        ip = "192.168.0.63/24"
+        gw = "192.168.0.1"
+
+    }
+
+    provisioner "local-exec" {
+        command = "./.ansible.d/setup.sh $IP"
+        environment = {
+            IP = "192.168.0.63"
+        }
+    }
+
+}
diff --git a/roles/ind/james/docker-compose.env b/roles/ind/james/docker-compose.env
new file mode 100644
index 0000000..b1f9999
--- /dev/null
+++ b/roles/ind/james/docker-compose.env
@@ -0,0 +1,135 @@
+########################################################################
+########################################################################
+########################################################################
+##
+##  Docker Compose Environment Variable file for Jellyfin Media Stack
+##
+##  Update any of the environment variables below as required.
+##
+##  It is highly recommended Linux users set up a "docker"
+##  user, so the applications can access the local filesystem
+##  with this user's access privileges. Use PUID / PGID to map
+##  user access between the Docker apps and local filesystem.
+##
+########################################################################
+########################################################################
+########################################################################
+
+#Name of the project in Docker
+COMPOSE_PROJECT_NAME=media-stack
+
+# This is the network subnet which will be used inside the docker "media_network", change as required.
+# LOCAL_SUBNET is your home network and is needed so the VPN client allows access to your home computers.
+DOCKER_SUBNET=172.28.10.0/24
+DOCKER_GATEWAY=172.28.10.1
+LOCAL_SUBNET=192.168.0.0/24
+LOCAL_DOCKER_IP=192.168.0.57
+
+# Each of the "*ARR" applications have been configured so the theme can be changed to your needs.
+# Refer to Theme Park for more info / options: https://docs.theme-park.dev/theme-options/aquamarine/
+TP_DISABLE_THEME=false
+TP_THEME=nord
+
+# These are the folders on your local host computer / NAS running docker, they MUST exist
+# and have correct permissions for PUID and PGUI prior to running the docker-compose.
+#
+# Use the commands in the Guide to create all the sub-folders in each of these folders.
+
+# Host Data Folders - Will accept Linux, Windows, NAS folders
+FOLDER_FOR_CONFIGS=/home/grail/docker
+FOLDER_FOR_MEDIA=/media
+
+# File access, date and time details for the containers / applications to use.
+# Run "sudo id docker" on host computer to find PUID / PGID and update these to suit.
+PUID=1000
+PGID=1000
+UMASK=0002
+TIMEZONE=America/Chicago
+
+# Update your own Internet VPN provide details below
+VPN_TYPE=openvpn
+VPN_SERVICE_PROVIDER=airvpn
+VPN_USERNAME=
+VPN_PASSWORD=
+            
+
+SERVER_COUNTRIES=
+SERVER_REGION=
+SERVER_CITIES="Chicago Illinois"
+SERVER_HOSTNAMES=
+
+# Fill in this item ONLY if you're using a custom OpenVPN configuration
+# Should be inside gluetun data folder - Example: /gluetun/custom-openvpn.conf
+# You can then edit it inside the FOLDER_FOR_CONFIGS location for gluetun.
+OPENVPN_CUSTOM_CONFIG=/gluetun/ipvanish.openvpn.conf
+#OPENVPN_CUSTOM_CONFIG=
+
+QBIT_PORT_TCP=44172
+QBIT_PORT_UDP=44172
+FLARESOLVERR_PORT=8191
+TDARR_SERVER_PORT=8266
+WEBUI_PORT_TDARR=8265
+RUTORRENT_PORT=8200
+
+
+# SWAG is configured for Reverse Proxy. Set your Internet gateway to redirect incoming ports 80 and 443
+# to the ports used below (using Docker IP Address), and they will be translated back to 80 and 443 by SWAG.
+# Change these port numbers if you have conflicting services running on the Docker host computer.
+
+REVERSE_PROXY_PORT_HTTP=5080
+REVERSE_PROXY_PORT_HTTPS=5443
+
+# SWAG REVERSE PROXY SETTINGS:
+URL=your-domain-name-goes-here.com
+SUBDOMAINS=wildcard
+VALIDATION=dns
+DNSPLUGIN=cloudflare
+CERTPROVIDER=
+PROPAGATION=
+DUCKDNSTOKEN=
+EMAIL=
+ONLY_SUBDOMAINS=false
+EXTRA_DOMAINS=
+STAGING=false
+HEALTH_VPN_DURATION_INITIAL=45s
+HEALTH_VPN_DURATION_ADDITION=30s
+UPDATER_PERIOD=8h
+TZ=America/Chicago
+PUID=1000
+PGID=1000
+
+WAN_IP_CMD=false
+
+AUTH_DELAY=0s
+MEMORY_LIMIT=256M
+UPLOAD_MAX_SIZE=16M
+OPCACHE_MEM_SIZE=128
+MAX_FILE_UPLOADS=50
+REAL_IP_FROM=0.0.0.0/32
+REAL_IP_HEADER=X-Forwarded-For
+LOG_IP_VAR=remote_addr
+LOG_ACCESS=true
+
+XMLRPC_AUTHBASIC_STRING=rTorrent XMLRPC restricted access
+RUTORRENT_AUTHBASIC_STRING=ruTorrent restricted access
+WEBDAV_AUTHBASIC_STRING=WebDAV restricted access
+
+RT_LOG_LEVEL=info
+RT_LOG_EXECUTE=false
+RT_LOG_XMLRPC=false
+
+RU_HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.0; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
+RU_HTTP_TIME_OUT=30
+RU_HTTP_USE_GZIP=true
+RU_RPC_TIME_OUT=5
+RU_LOG_RPC_CALLS=false
+RU_LOG_RPC_FAULTS=true
+RU_PHP_USE_GZIP=false
+RU_PHP_GZIP_LEVEL=2
+RU_SCHEDULE_RAND=10
+RU_LOG_FILE=/data/rutorrent/rutorrent.log
+RU_DO_DIAGNOSTIC=true
+RU_SAVE_UPLOADED_TORRENTS=true
+RU_OVERWRITE_UPLOADED_TORRENTS=false
+RU_FORBID_USER_SETTINGS=false
+RU_LOCALE=UTF8
\ No newline at end of file
diff --git a/roles/ind/james/docker-compose.yml b/roles/ind/james/docker-compose.yml
new file mode 100644
index 0000000..c3af880
--- /dev/null
+++ b/roles/ind/james/docker-compose.yml
@@ -0,0 +1,59 @@
+services:
+ gluetun:
+  image: qmcgaw/gluetun
+  # container_name: gluetun
+  restart: always
+  cap_add:
+    - NET_ADMIN
+  devices:
+    - /dev/net/tun
+  volumes:
+    - ./data/gluetun:/gluetun
+  ports:
+    - 11000:6881/udp #rutorrent
+    - 11001:11001 #rutorrent
+    - 11002:8080 #rutorrent
+    - 11003:9000 #rutorremt
+    - 4733:4733 #rutorrent
+  environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=America/Chicago
+    - VPN_SERVICE_PROVIDER=airvpn
+    - VPN_TYPE=openvpn # change it to your protocol
+    - OPENVPN_CUSTOM_CONFIG=/gluetun/ipvanish.openvpn.conf
+    - VPN_INTERFACE=tun0
+    - FIREWALL_OUTBOUND_SUBNETS=192.168.0.0/24
+    - SERVER_CITIES="Chicago Illinois"
+    - FIREWALL_VPN_INPUT_PORTS=4733
+
+ rutorrent:
+   image: crazymax/rtorrent-rutorrent:latest
+   # container_name: rutorrent
+   environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=America/Chicago
+    - XMLRPC_PORT=11001 #the default port is 8000 but mine was already in use. if yours is free then you don't need this line and you can change this line '- 11001:11001' in ports to '- 11001:8000'
+    - RT_INC_PORT=4733
+   depends_on:
+    - gluetun
+   volumes:
+    - ./data/rutorrent/data:/data
+    - /data:/downloads
+    - ./data/rutorrent/password:/passwd
+   network_mode: service:gluetun 
+   security_opt:
+    - no-new-privileges:true
+   restart: always
+
+ tinyfilemanager:
+   image: tinyfilemanager/tinyfilemanager:master
+   # container_name: tinyfilemanager
+   ports:
+     - 80:80
+   environment:
+      - PUID=1000
+      - PGID=1000
+   volumes:
+      - /data:/var/www/html/data
\ No newline at end of file
diff --git a/roles/ind/james/james.yml b/roles/ind/james/james.yml
new file mode 100644
index 0000000..0b78516
--- /dev/null
+++ b/roles/ind/james/james.yml
@@ -0,0 +1,48 @@
+---
+- hosts: all
+  become: yes
+  remote_user: ansible
+  gather_facts: true
+
+  vars:
+
+  tasks:
+    - name: set-debcache.yml - Setup apt proxy debcache
+      import_tasks: ../../lib/set-debcache.yml
+
+    - name: Upgrade-packages.yml - update packages
+      import_tasks: ../../lib/upgrade-packages.yml
+    
+    - name: Install-docker.yml - setting up docker
+      import_tasks: ../../lib/install-docker.yml
+
+    - name: Setup-netbird.yml - setting up netbird mesh vpn
+      import_tasks: ../../lib/setup-netbird.yml
+
+    - name: setup-restic.yml - setup restic 
+      import_tasks: ../../lib/setup-restic.yml
+
+    - name: Create james user
+      user:
+        name: james
+        uid: 2005
+        group: docker
+        state: present
+        create_home: yes
+        home: /data
+        shell: /bin/bash
+      
+    - name: Add Authorized key for james user
+      ansible.posix.authorized_key:
+        user: james
+        state: present
+        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+mOQoCMlroQQWqHYo50rFbZ0j+K6v8YW99xznYSjWL fake@gmail.com"
+
+    - name: Install Python Packages
+      apt:
+        name:
+          - python3-full
+          - python3-pip
+        state: present
+        update_cache: yes
+