Navidrome Deploy Role¶
Deploys Navidrome as a systemd-managed service (no containers) with reverse-proxy exposure via Traefik and optional scheduled rescans.
Features¶
Installs pinned Navidrome release tarball to
{{ navidrome_install_dir }}with optional/usr/local/binsymlink.Creates dedicated
navidromesystem user, data/cache/log directories, and renders/etc/navidrome.toml.Ships hardened systemd unit with configurable limits and optional
navidrome-rescan.timerfor periodic scans.Generates Traefik dynamic config (dual-router pattern with internal allow list + basic auth).
Requirements¶
Debian/Ubuntu host with systemd.
Traefik file provider mounted at
/etc/traefik/dynamic/(for exposure).htpasswdavailable (role installsapache2-utils).
Usage¶
- hosts: media
become: true
roles:
- role: local.ops_library.navidrome_deploy
vars:
navidrome_external_url: "https://music.example.com"
navidrome_traefik_host: "music.example.com"
navidrome_music_folder: "/mnt/cryptdata/media/music"
navidrome_basic_auth_user: "admin"
navidrome_basic_auth_password: "{{ vault_traefik_basic_auth_password }}"
navidrome_scan_schedule: "@every 6h"
navidrome_rescan_timer_enabled: false
Key Variables¶
Variable |
Default |
Description |
|---|---|---|
|
|
Navidrome release to install (pinned). |
|
auto |
Architecture suffix ( |
|
per-arch |
SHA256 for the selected tarball; override when bumping versions. |
|
|
Path to music library (read-only). |
|
|
Data/config/cache directory for Navidrome. |
|
|
External base URL (used by Subsonic clients and redirects). |
|
|
Built-in scanner schedule ( |
|
|
Install a systemd timer calling |
|
|
Render Traefik dynamic config with dual-router basic auth. |
|
|
Basic auth username; requires either |
See defaults/main.yml and roles/navidrome_shared/defaults/main.yml for the full variable reference.