From 7a2df6508b41b79aae179d4d20ef0e0c37b09fbe Mon Sep 17 00:00:00 2001 From: Developer Date: Sat, 16 Dec 2023 22:01:00 +0800 Subject: [PATCH] init --- .gitignore | 3 + README.md | 49 +++++++++++++ docker/gitea/docker-compose.yml | 45 ++++++++++++ docker/gitea_runner/Dockerfile | 3 + docker/gitea_runner/config.yaml | 89 +++++++++++++++++++++++ docker/gitea_runner/docker-compose.yml | 22 ++++++ docker/grafana/.gitignore | 1 + docker/grafana/docker-compose.yml | 9 +++ docker/grafana/pre-up.sh | 1 + docker/homepage/.gitignore | 0 docker/homepage/docker-compose.yml | 19 +++++ docker/portainer/.gitignore | 1 + docker/portainer/docker-compose.yml | 22 ++++++ docker/ps.sh | 25 +++++++ docker/traefik/conf/apps/base.yml | 20 +++++ docker/traefik/conf/apps/code_server.yaml | 13 ++++ docker/traefik/conf/apps/gitea.yaml | 27 +++++++ docker/traefik/conf/apps/grafana.yaml | 13 ++++ docker/traefik/conf/apps/homepage.yaml | 13 ++++ docker/traefik/conf/apps/portainer.yaml | 13 ++++ docker/traefik/conf/apps/uptime.yaml | 13 ++++ docker/traefik/conf/traefik.yml | 44 +++++++++++ docker/traefik/docker-compose.yml | 36 +++++++++ docker/traefik/make_network.sh | 1 + docker/uptime_kuma/docker-compose.yml | 18 +++++ setup.md | 29 ++++++++ 26 files changed, 529 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 docker/gitea/docker-compose.yml create mode 100644 docker/gitea_runner/Dockerfile create mode 100644 docker/gitea_runner/config.yaml create mode 100644 docker/gitea_runner/docker-compose.yml create mode 100644 docker/grafana/.gitignore create mode 100644 docker/grafana/docker-compose.yml create mode 100644 docker/grafana/pre-up.sh create mode 100644 docker/homepage/.gitignore create mode 100644 docker/homepage/docker-compose.yml create mode 100644 docker/portainer/.gitignore create mode 100644 docker/portainer/docker-compose.yml create mode 100644 docker/ps.sh create mode 100644 docker/traefik/conf/apps/base.yml create mode 100644 docker/traefik/conf/apps/code_server.yaml create mode 100644 docker/traefik/conf/apps/gitea.yaml create mode 100644 docker/traefik/conf/apps/grafana.yaml create mode 100644 docker/traefik/conf/apps/homepage.yaml create mode 100644 docker/traefik/conf/apps/portainer.yaml create mode 100644 docker/traefik/conf/apps/uptime.yaml create mode 100644 docker/traefik/conf/traefik.yml create mode 100644 docker/traefik/docker-compose.yml create mode 100644 docker/traefik/make_network.sh create mode 100644 docker/uptime_kuma/docker-compose.yml create mode 100644 setup.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..347710a --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +**/.env +**/.venv +**/data diff --git a/README.md b/README.md new file mode 100644 index 0000000..608dd9a --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# Home Infra + +## Modules + +### Gateway & Security + +- Traefik (*.homeinfra.org) + - Automatic HTTPS certificate by Let's Encrypt with DNS-01 challenge (Cloudflare) +- SafeLine +- FRP + +### Devops + +- [Gitea](https://git.homeinfra.org) + - Github OIDC + - Built-in Registry + - Docker / PyPI / go / npm / NuGet ... + - Actions (compatible to GitHub Actions) +- [cronjobs](https://git.homeinfra.org/root/cronjobs/actions) + +### Docker Management + +- [Portainer](https://portainer.homeinfra.org) + - Gitea OIDC + +### Observability + +- [Uptime](https://uptime.homeinfra.org) +- Prometheus +- Loki +- Grafana +- msgpusher + + +### backup + +- restic + +### Applications + +- File +- Music +- Photo +- Movie + +### Integrations + +- [Github OAuth](https://github.com/settings/developers) + diff --git a/docker/gitea/docker-compose.yml b/docker/gitea/docker-compose.yml new file mode 100644 index 0000000..3e0b74d --- /dev/null +++ b/docker/gitea/docker-compose.yml @@ -0,0 +1,45 @@ +version: '3.3' +services: + + gitea: + image: gitea/gitea:1.21.1 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - DB_TYPE=postgres + - DB_HOST=db:5432 + - DB_NAME=demo + - DB_USER=demo + - DB_PASSWD=demo + restart: always + networks: + - traefik_default + - gitea + volumes: + - ./data/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + # ports: + # - "3000:3000" + # - "2222:22" + depends_on: + - db + + db: + image: postgres:13-alpine + restart: always + environment: + - POSTGRES_USER=demo + - POSTGRES_PASSWORD=demo + - POSTGRES_DB=demo + networks: + - gitea + volumes: + - ./data/postgres:/var/lib/postgresql/data + +networks: + traefik_default: + external: true + gitea: + diff --git a/docker/gitea_runner/Dockerfile b/docker/gitea_runner/Dockerfile new file mode 100644 index 0000000..3bef1f8 --- /dev/null +++ b/docker/gitea_runner/Dockerfile @@ -0,0 +1,3 @@ +FROM gitea/act_runner:0.2.6 + +RUN apk add curl nodejs python3 py3-pip \ No newline at end of file diff --git a/docker/gitea_runner/config.yaml b/docker/gitea_runner/config.yaml new file mode 100644 index 0000000..6fb528c --- /dev/null +++ b/docker/gitea_runner/config.yaml @@ -0,0 +1,89 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"] + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `deamon`, will use labels in `.runner` file. + labels: [] + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: false + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/docker/gitea_runner/docker-compose.yml b/docker/gitea_runner/docker-compose.yml new file mode 100644 index 0000000..1a3830b --- /dev/null +++ b/docker/gitea_runner/docker-compose.yml @@ -0,0 +1,22 @@ +version: "2.0" +services: + runner: + image: act_runner:latest + build: + context: . + dockerfile: Dockerfile + restart: unless-stopped + volumes: + - ./config.yaml:/config.yaml + - ./data:/data + - /var/run/docker.sock:/var/run/docker.sock + environment: + - CONFIG_FILE=/config.yaml + - GITEA_INSTANCE_URL=https://git.homeinfra.org + - GITEA_RUNNER_REGISTRATION_TOKEN=${TOKEN} + - GITEA_RUNNER_NAME=runner1 + - GITEA_RUNNER_LABELS=linux + container_name: gitea_runner + env_file: + - .env + privileged: true diff --git a/docker/grafana/.gitignore b/docker/grafana/.gitignore new file mode 100644 index 0000000..f897a93 --- /dev/null +++ b/docker/grafana/.gitignore @@ -0,0 +1 @@ +grafana.ini \ No newline at end of file diff --git a/docker/grafana/docker-compose.yml b/docker/grafana/docker-compose.yml new file mode 100644 index 0000000..e7c6543 --- /dev/null +++ b/docker/grafana/docker-compose.yml @@ -0,0 +1,9 @@ +version: "3" +services: + grafana: + ports: + - 3000:3000 + container_name: grafana + image: grafana/grafana-enterprise:10.2.2-boringcrypto + volumns: + - ./data/grafana.ini:/etc/grafana/grafana.ini \ No newline at end of file diff --git a/docker/grafana/pre-up.sh b/docker/grafana/pre-up.sh new file mode 100644 index 0000000..22a92d5 --- /dev/null +++ b/docker/grafana/pre-up.sh @@ -0,0 +1 @@ +docker run --rm --entrypoint "cat" grafana/grafana-enterprise:10.2.2-boringcrypto "/etc/grafana/grafana.ini" > grafana.example.ini \ No newline at end of file diff --git a/docker/homepage/.gitignore b/docker/homepage/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/docker/homepage/docker-compose.yml b/docker/homepage/docker-compose.yml new file mode 100644 index 0000000..03b1e79 --- /dev/null +++ b/docker/homepage/docker-compose.yml @@ -0,0 +1,19 @@ +version: "2" +services: + + homepage: + image: nginx:1.18.0-alpine + #ports: + # - "8080:80" + volumes: + - ./public_html:/usr/share/nginx/html:ro + environment: + - TZ=Asia/Shanghai + restart: always + + networks: + - traefik_default + +networks: + traefik_default: + external: true diff --git a/docker/portainer/.gitignore b/docker/portainer/.gitignore new file mode 100644 index 0000000..1269488 --- /dev/null +++ b/docker/portainer/.gitignore @@ -0,0 +1 @@ +data diff --git a/docker/portainer/docker-compose.yml b/docker/portainer/docker-compose.yml new file mode 100644 index 0000000..07e1195 --- /dev/null +++ b/docker/portainer/docker-compose.yml @@ -0,0 +1,22 @@ +version: '3.1' + +services: + portainer: + image: portainer/portainer-ce + container_name: portainer + volumes: + - ./data:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: always + # ports: + # - 3332:8000 + # - 3333:9000 + + networks: + - traefik_default + - net + +networks: + traefik_default: + external: true + net: \ No newline at end of file diff --git a/docker/ps.sh b/docker/ps.sh new file mode 100644 index 0000000..8867363 --- /dev/null +++ b/docker/ps.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +script_path=$(dirname "$(readlink -f "$0")") + +docker_folder=$script_path + +cd "$docker_folder" + +subfolders=$(find . -maxdepth 1 -type d -not -name '.') + +for subfolder in $subfolders; do + cd "$docker_folder" + cd "$subfolder" + + echo "文件夹名称: $subfolder" + + docker-compose ps + + echo + echo + echo + +done + +cd "$docker_folder" diff --git a/docker/traefik/conf/apps/base.yml b/docker/traefik/conf/apps/base.yml new file mode 100644 index 0000000..faa1a94 --- /dev/null +++ b/docker/traefik/conf/apps/base.yml @@ -0,0 +1,20 @@ + +http: + middlewares: + redirect-to-https: + redirectscheme: + scheme: https + routers: +# traefik-api: +# middlewares: traefik-basic-auth +# rule: Host(`traefik-dashboard.homeinfra.org`) +# service: api@internal +# entrypoints: web + + http_to_https: + entrypoints: web + middlewares: redirect-to-https + priority: 1 + rule: HostRegexp(`{catchall:.*}`) + service: noop@internal + diff --git a/docker/traefik/conf/apps/code_server.yaml b/docker/traefik/conf/apps/code_server.yaml new file mode 100644 index 0000000..c3ac567 --- /dev/null +++ b/docker/traefik/conf/apps/code_server.yaml @@ -0,0 +1,13 @@ +http: + routers: + codeserver: + entrypoints: websecure + rule: Host(`test.homeinfra.net`) + service: codeserver + tls: + certresolver: cloudflare + services: + codeserver: + loadbalancer: + servers: + - url: http://1.1.1.1 diff --git a/docker/traefik/conf/apps/gitea.yaml b/docker/traefik/conf/apps/gitea.yaml new file mode 100644 index 0000000..dfb372a --- /dev/null +++ b/docker/traefik/conf/apps/gitea.yaml @@ -0,0 +1,27 @@ +http: + routers: + docker_gitea: + entrypoints: websecure + rule: Host(`git.homeinfra.org`) + service: docker_gitea + tls: + certresolver: cloudflare + services: + docker_gitea: + loadbalancer: + servers: + - url: http://gitea:3000 + +tcp: + routers: + gitea-ssh: + rule: HostSNI(`*`) + entrypoints: gitssh + service: gitea-ssh + services: + gitea-ssh: + loadbalancer: + servers: + - address: gitea:22 + + diff --git a/docker/traefik/conf/apps/grafana.yaml b/docker/traefik/conf/apps/grafana.yaml new file mode 100644 index 0000000..cd7b6e0 --- /dev/null +++ b/docker/traefik/conf/apps/grafana.yaml @@ -0,0 +1,13 @@ +http: + routers: + grafana: + entrypoints: websecure + rule: Host(`grafana.homeinfra.org`) + service: grafana + tls: + certresolver: cloudflare + services: + grafana: + loadbalancer: + servers: + - url: http://grafana:3000 diff --git a/docker/traefik/conf/apps/homepage.yaml b/docker/traefik/conf/apps/homepage.yaml new file mode 100644 index 0000000..3cde6a1 --- /dev/null +++ b/docker/traefik/conf/apps/homepage.yaml @@ -0,0 +1,13 @@ +http: + routers: + homepage: + entrypoints: websecure + rule: Host(`www.homeinfra.org`) + service: homepage + tls: + certresolver: cloudflare + services: + homepage: + loadbalancer: + servers: + - url: http://homepage:80 diff --git a/docker/traefik/conf/apps/portainer.yaml b/docker/traefik/conf/apps/portainer.yaml new file mode 100644 index 0000000..9a1289a --- /dev/null +++ b/docker/traefik/conf/apps/portainer.yaml @@ -0,0 +1,13 @@ +http: + routers: + docker_portainer: + entrypoints: websecure + rule: Host(`portainer.homeinfra.org`) + service: docker_portainer + tls: + certresolver: cloudflare + services: + docker_portainer: + loadbalancer: + servers: + - url: http://portainer:9000 diff --git a/docker/traefik/conf/apps/uptime.yaml b/docker/traefik/conf/apps/uptime.yaml new file mode 100644 index 0000000..89e9d2c --- /dev/null +++ b/docker/traefik/conf/apps/uptime.yaml @@ -0,0 +1,13 @@ +http: + routers: + uptime-kuma: + entrypoints: websecure + rule: Host(`uptime.homeinfra.org`) + service: uptime-kuma + tls: + certresolver: cloudflare + services: + uptime-kuma: + loadbalancer: + servers: + - url: http://uptime-kuma:3001 diff --git a/docker/traefik/conf/traefik.yml b/docker/traefik/conf/traefik.yml new file mode 100644 index 0000000..f61c35e --- /dev/null +++ b/docker/traefik/conf/traefik.yml @@ -0,0 +1,44 @@ + +global: + checkNewVersion: false + sendAnonymousUsage: false +log: + filepath: /logs/log.json + format: json + level: DEBUG +accesslog: + filepath: /logs/access.json + +api: + dashboard: true + insecure: true + +providers: + file: + directory: /conf/apps/ + watch: true + +entrypoints: + gitssh: + address: :22 + web: + address: :80 + websecure: + address: :443 + +tls: + stores: + default: + defaultCertResolver: cloudflare + defaultCertDomain: + main: homeinfra.org + sans: + - "*.homeinfra.org" + +certificatesResolvers: + cloudflare: + acme: + dnsChallenge: + provider: cloudflare + email: admin@homeinfra.org + storage: /letsencrypt/acme.json diff --git a/docker/traefik/docker-compose.yml b/docker/traefik/docker-compose.yml new file mode 100644 index 0000000..6a8bc60 --- /dev/null +++ b/docker/traefik/docker-compose.yml @@ -0,0 +1,36 @@ +version: "2" +services: + web: + restart: always + image: traefik:v2.9.7 + container_name: traefik + networks: + - traefik_default + - net + ports: + - "80:80" + - "443:443" + - "22:22" + # - "8080:8080" + command: + - "--configFile=/conf/traefik.yml" + environment: + - "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}" + - "TZ=Asia/Shanghai" + volumes: + - ./conf:/conf:ro + - "./data/letsencrypt:/letsencrypt" + - ./data/traefik_logs:/logs + - /var/run/docker.sock:/var/run/docker.sock + env_file: + - .env + +networks: + net: + driver: bridge + + traefik_default: + external: true + + + diff --git a/docker/traefik/make_network.sh b/docker/traefik/make_network.sh new file mode 100644 index 0000000..9c5f02c --- /dev/null +++ b/docker/traefik/make_network.sh @@ -0,0 +1 @@ +docker network create -d bridge --internal traefik_default diff --git a/docker/uptime_kuma/docker-compose.yml b/docker/uptime_kuma/docker-compose.yml new file mode 100644 index 0000000..c2cac6a --- /dev/null +++ b/docker/uptime_kuma/docker-compose.yml @@ -0,0 +1,18 @@ +version: '3.3' +services: + uptime-kuma: + image: 'louislam/uptime-kuma:1' + container_name: uptime-kuma + restart: always + # ports: + # - '3001:3001' + volumes: + - './data:/app/data' + - /var/run/docker.sock:/var/run/docker.sock + networks: + - traefik_default + - net +networks: + traefik_default: + external: true + net: diff --git a/setup.md b/setup.md new file mode 100644 index 0000000..80af1d8 --- /dev/null +++ b/setup.md @@ -0,0 +1,29 @@ +# Setup + +- register a domain + +- hostname + - change ssh port + +- setup DNS + - cloudflare key + +- install docker docker-compose +- create traefik network + +- Gitea + - create Gitea OAuth App + - create Github OAuth App + - setup Github as authentication source + - get gitea runner token + - setup gitea runner + +- Portainer + - setup Gitea as authentication source + +- uptime + +- setup homepage settings + + +