diff --git a/hosts b/hosts index aae1ac7..e2b8828 100644 --- a/hosts +++ b/hosts @@ -68,6 +68,8 @@ koji0.pyrocufflink.blue [koji-web] koji0.pyrocufflink.blue +[motioneye] + [named-server:children] pyrocufflink-dns diff --git a/motioneye.yml b/motioneye.yml new file mode 100644 index 0000000..f4cf124 --- /dev/null +++ b/motioneye.yml @@ -0,0 +1,5 @@ +- hosts: motioneye + roles: + - role: apache + tags: apache + - motioneye diff --git a/roles/motioneye/files/motioneye.service b/roles/motioneye/files/motioneye.service new file mode 100644 index 0000000..6740873 --- /dev/null +++ b/roles/motioneye/files/motioneye.service @@ -0,0 +1,10 @@ +[Unit] +Description=motionEye Server + +[Service] +User=motioneye +ExecStart=/usr/bin/meyectl startserver -c /etc/motioneye.conf +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/roles/motioneye/files/motioneye.tmpfiles.conf b/roles/motioneye/files/motioneye.tmpfiles.conf new file mode 100644 index 0000000..559552a --- /dev/null +++ b/roles/motioneye/files/motioneye.tmpfiles.conf @@ -0,0 +1 @@ +d /run/motioneye 0755 motioneye motioneye - diff --git a/roles/motioneye/handlers/main.yml b/roles/motioneye/handlers/main.yml new file mode 100644 index 0000000..0fe0e1c --- /dev/null +++ b/roles/motioneye/handlers/main.yml @@ -0,0 +1,10 @@ +- name: process tmpfiles + command: systemd-tmpfiles --create + +- name: reload systemd + command: systemctl daemon-reload + +- name: restart motioneye + service: + name: motioneye + state: restarted diff --git a/roles/motioneye/tasks/main.yml b/roles/motioneye/tasks/main.yml new file mode 100644 index 0000000..eb192b3 --- /dev/null +++ b/roles/motioneye/tasks/main.yml @@ -0,0 +1,110 @@ +- name: ensure rpmfusion repo is available + dnf: + name: >- + https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_version }}.noarch.rpm + state: present + tags: install + +- name: ensure motion is installed + package: + name: '{{ motion_packages }}' + state: present + tags: install +- name: ensure motioneye dependencies are installed + package: + name: '{{ motioneye_packages }}' + state: present + tags: install +- name: ensure motioneye is installed + pip: + name: motioneye + executable: /usr/bin/pip2 + state: present + tags: + - install + - pip + +- name: ensure motioneye user exists + user: + name: motioneye + system: true + shell: /sbin/nologin + state: present + tags: + - user + +- name: ensure motioneye media directory exists + file: + path: /var/lib/motioneye + owner: motioneye + group: motioneye + mode: '0755' + state: directory +- name: ensure motioneye configuration directory exists + file: + path: /var/lib/motioneye/conf + owner: motioneye + group: motioneye + mode: '0755' + state: directory +- name: ensure motioneye log directory exists + file: + path: /var/log/motioneye + owner: motioneye + group: motioneye + mode: '0755' + state: directory + +- name: ensure motioneye is configured + template: + src: motioneye.conf.j2 + dest: /etc/motioneye.conf + mode: '0644' + +- name: ensure tmpfiles.d directory exists + file: + path: /etc/tmpfiles.d + mode: '0755' + state: directory +- name: ensure motioneye tmpfiles are configured + copy: + src: motioneye.tmpfiles.conf + dest: /etc/tmpfiles.d/motioneye.conf + notify: process tmpfiles + +- name: ensure motioneye systemd unit is installed + copy: + src: motioneye.service + dest: /etc/systemd/system/motioneye.service + mode: '0644' + notify: + - reload systemd + - restart motioneye + tags: systemd +- name: ensure motioneye service is enabled + service: + name: motioneye + enabled: true +- meta: flush_handlers +- name: ensure motioneye service is running + service: + name: motioneye + state: started + +- name: ensure apache is allowed to proxy for motioneye + seboolean: + name: httpd_can_network_connect + persistent: true + state: true + tags: + - apache + - selinux +- name: ensure apache is configured to proxy for motioneye + template: + src: motioneye.httpd.conf.j2 + dest: /etc/httpd/conf.d/motioneye.conf + mode: '0644' + notify: reload httpd + tags: + - apache + - apache-config diff --git a/roles/motioneye/templates/motioneye.conf.j2 b/roles/motioneye/templates/motioneye.conf.j2 new file mode 100644 index 0000000..d1f2313 --- /dev/null +++ b/roles/motioneye/templates/motioneye.conf.j2 @@ -0,0 +1,98 @@ + +# path to the configuration directory (must be writable by motionEye) +conf_path /var/lib/motioneye/conf + +# path to the directory where pid files go (must be writable by motionEye) +run_path /var/run/motioneye + +# path to the directory where log files go (must be writable by motionEye) +log_path /var/log/motioneye + +# default output path for media files (must be writable by motionEye) +media_path /var/lib/motioneye + +# the log level (use quiet, error, warning, info or debug) +log_level info + +# the IP address to listen on +# (0.0.0.0 for all interfaces, 127.0.0.1 for localhost) +listen 0.0.0.0 + +# the TCP port to listen on +port 8765 + +# path to the motion binary to use (automatically detected if commented) +#motion_binary /usr/bin/motion + +# whether motion HTTP control interface listens on +# localhost or on all interfaces +motion_control_localhost true + +# the TCP port that motion HTTP control interface listens on +motion_control_port 7999 + +# interval in seconds at which motionEye checks if motion is running +motion_check_interval 10 + +# whether to restart the motion daemon when an error occurs while communicating with it +motion_restart_on_errors false + +# interval in seconds at which motionEye checks the SMB mounts +mount_check_interval 300 + +# interval in seconds at which the janitor is called +# to remove old pictures and movies +cleanup_interval 43200 + +# timeout in seconds to wait for response from a remote motionEye server +remote_request_timeout 10 + +# timeout in seconds to wait for mjpg data from the motion daemon +mjpg_client_timeout 10 + +# timeout in seconds after which an idle mjpg client is removed +# (set to 0 to disable) +mjpg_client_idle_timeout 10 + +# enable SMB shares (requires motionEye to run as root) +smb_shares false + +# the directory where the SMB mount points will be created +smb_mount_root /media + +# path to the wpa_supplicant.conf file +# (enable this to configure wifi settings from the UI) +#wpa_supplicant_conf /etc/wpa_supplicant.conf + +# path to the localtime file +# (enable this to configure the system time zone from the UI) +#local_time_file /etc/localtime + +# enables shutdown and rebooting after changing system settings +# (such as wifi settings or time zone) +enable_reboot false + +# timeout in seconds to use when talking to the SMTP server +smtp_timeout 60 + +# timeout in seconds to wait for media files list +list_media_timeout 120 + +# timeout in seconds to wait for media files list, when sending emails +list_media_timeout_email 10 + +# timeout in seconds to wait for zip file creation +zip_timeout 500 + +# timeout in seconds to wait for timelapse creation +timelapse_timeout 500 + +# enable adding and removing cameras from UI +add_remove_cameras true + +# enables HTTP basic authentication scheme (in addition to, not instead of the signature mechanism) +http_basic_auth false + +# overrides the hostname (useful if motionEye runs behind a reverse proxy) +# server_name motionEye + diff --git a/roles/motioneye/templates/motioneye.httpd.conf.j2 b/roles/motioneye/templates/motioneye.httpd.conf.j2 new file mode 100644 index 0000000..fa3f219 --- /dev/null +++ b/roles/motioneye/templates/motioneye.httpd.conf.j2 @@ -0,0 +1,13 @@ +# vim: set ft=apache : + +RewriteEngine On +RewriteCond %{HTTPS} !on +RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L] + +ProxyRequests Off +ProxyPass / http://localhost:8765/ nocanon +ProxyPassReverse / http://localhost:8657/ + + + Require all granted + diff --git a/roles/motioneye/vars/main.yml b/roles/motioneye/vars/main.yml new file mode 100644 index 0000000..5e814c8 --- /dev/null +++ b/roles/motioneye/vars/main.yml @@ -0,0 +1,9 @@ +motion_packages: +- motion +- ffmpeg +# XXX - v4l-utils + +motioneye_packages: +- python2 +- python2-pycurl +- python2-pillow