root
/
homeinfra_infra
mirror of https://github.com/homeinfra-org/infra
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

init

This commit is contained in:
Developer 2023-12-16 22:01:00 +08:00
commit 7a2df6508b
26 changed files with 529 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
**/.env
**/.venv
**/data

49
README.md Normal file
View File

@ -0,0 +1,49 @@
# Home Infra
## Modules
### Gateway & Security
- Traefik (*.homeinfra.org)
- Automatic HTTPS certificate by Let's Encrypt with DNS-01 challenge (Cloudflare)
- SafeLine
- FRP
### Devops
- [Gitea](https://git.homeinfra.org)
- Github OIDC
- Built-in Registry
- Docker / PyPI / go / npm / NuGet ...
- Actions (compatible to GitHub Actions)
- [cronjobs](https://git.homeinfra.org/root/cronjobs/actions)
### Docker Management
- [Portainer](https://portainer.homeinfra.org)
- Gitea OIDC
### Observability
- [Uptime](https://uptime.homeinfra.org)
- Prometheus
- Loki
- Grafana
- msgpusher
### backup
- restic
### Applications
- File
- Music
- Photo
- Movie
### Integrations
- [Github OAuth](https://github.com/settings/developers)

45
docker/gitea/docker-compose.yml Normal file
View File

@ -0,0 +1,45 @@
version: '3.3'
services:
gitea:
image: gitea/gitea:1.21.1
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=postgres
- DB_HOST=db:5432
- DB_NAME=demo
- DB_USER=demo
- DB_PASSWD=demo
restart: always
networks:
- traefik_default
- gitea
volumes:
- ./data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# ports:
# - "3000:3000"
# - "2222:22"
depends_on:
- db
db:
image: postgres:13-alpine
restart: always
environment:
- POSTGRES_USER=demo
- POSTGRES_PASSWORD=demo
- POSTGRES_DB=demo
networks:
- gitea
volumes:
- ./data/postgres:/var/lib/postgresql/data
networks:
traefik_default:
external: true
gitea:

3
docker/gitea_runner/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM gitea/act_runner:0.2.6
RUN apk add curl nodejs python3 py3-pip

89
docker/gitea_runner/config.yaml Normal file
View File

@ -0,0 +1,89 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: info
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `deamon`, will use labels in `.runner` file.
labels: []
cache:
# Enable cache server to use actions/cache.
enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
host: ""
# The port of the cache server.
# 0 means to use a random available port.
port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

22
docker/gitea_runner/docker-compose.yml Normal file
View File

@ -0,0 +1,22 @@
version: "2.0"
services:
runner:
image: act_runner:latest
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
volumes:
- ./config.yaml:/config.yaml
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- CONFIG_FILE=/config.yaml
- GITEA_INSTANCE_URL=https://git.homeinfra.org
- GITEA_RUNNER_REGISTRATION_TOKEN=${TOKEN}
- GITEA_RUNNER_NAME=runner1
- GITEA_RUNNER_LABELS=linux
container_name: gitea_runner
env_file:
- .env
privileged: true

1
docker/grafana/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
grafana.ini

9
docker/grafana/docker-compose.yml Normal file
View File

@ -0,0 +1,9 @@
version: "3"
services:
grafana:
ports:
- 3000:3000
container_name: grafana
image: grafana/grafana-enterprise:10.2.2-boringcrypto
volumns:
- ./data/grafana.ini:/etc/grafana/grafana.ini

1
docker/grafana/pre-up.sh Normal file
View File

@ -0,0 +1 @@
docker run --rm --entrypoint "cat" grafana/grafana-enterprise:10.2.2-boringcrypto "/etc/grafana/grafana.ini" > grafana.example.ini

0
docker/homepage/.gitignore vendored Normal file
View File

19
docker/homepage/docker-compose.yml Normal file
View File

@ -0,0 +1,19 @@
version: "2"
services:
homepage:
image: nginx:1.18.0-alpine
#ports:
# - "8080:80"
volumes:
- ./public_html:/usr/share/nginx/html:ro
environment:
- TZ=Asia/Shanghai
restart: always
networks:
- traefik_default
networks:
traefik_default:
external: true

1
docker/portainer/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
data

22
docker/portainer/docker-compose.yml Normal file
View File

@ -0,0 +1,22 @@
version: '3.1'
services:
portainer:
image: portainer/portainer-ce
container_name: portainer
volumes:
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: always
# ports:
# - 3332:8000
# - 3333:9000
networks:
- traefik_default
- net
networks:
traefik_default:
external: true
net:

25
docker/ps.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
script_path=$(dirname "$(readlink -f "$0")")
docker_folder=$script_path
cd "$docker_folder"
subfolders=$(find . -maxdepth 1 -type d -not -name '.')
for subfolder in $subfolders; do
cd "$docker_folder"
cd "$subfolder"
echo "文件夹名称: $subfolder"
docker-compose ps
echo
echo
echo
done
cd "$docker_folder"

20
docker/traefik/conf/apps/base.yml Normal file
View File

@ -0,0 +1,20 @@
http:
middlewares:
redirect-to-https:
redirectscheme:
scheme: https
routers:
# traefik-api:
# middlewares: traefik-basic-auth
# rule: Host(`traefik-dashboard.homeinfra.org`)
# service: api@internal
# entrypoints: web
http_to_https:
entrypoints: web
middlewares: redirect-to-https
priority: 1
rule: HostRegexp(`{catchall:.*}`)
service: noop@internal

13
docker/traefik/conf/apps/code_server.yaml Normal file
View File

@ -0,0 +1,13 @@
http:
routers:
codeserver:
entrypoints: websecure
rule: Host(`test.homeinfra.net`)
service: codeserver
tls:
certresolver: cloudflare
services:
codeserver:
loadbalancer:
servers:
- url: http://1.1.1.1

27
docker/traefik/conf/apps/gitea.yaml Normal file
View File

@ -0,0 +1,27 @@
http:
routers:
docker_gitea:
entrypoints: websecure
rule: Host(`git.homeinfra.org`)
service: docker_gitea
tls:
certresolver: cloudflare
services:
docker_gitea:
loadbalancer:
servers:
- url: http://gitea:3000
tcp:
routers:
gitea-ssh:
rule: HostSNI(`*`)
entrypoints: gitssh
service: gitea-ssh
services:
gitea-ssh:
loadbalancer:
servers:
- address: gitea:22

13
docker/traefik/conf/apps/grafana.yaml Normal file
View File

@ -0,0 +1,13 @@
http:
routers:
grafana:
entrypoints: websecure
rule: Host(`grafana.homeinfra.org`)
service: grafana
tls:
certresolver: cloudflare
services:
grafana:
loadbalancer:
servers:
- url: http://grafana:3000

13
docker/traefik/conf/apps/homepage.yaml Normal file
View File

@ -0,0 +1,13 @@
http:
routers:
homepage:
entrypoints: websecure
rule: Host(`www.homeinfra.org`)
service: homepage
tls:
certresolver: cloudflare
services:
homepage:
loadbalancer:
servers:
- url: http://homepage:80

13
docker/traefik/conf/apps/portainer.yaml Normal file
View File

@ -0,0 +1,13 @@
http:
routers:
docker_portainer:
entrypoints: websecure
rule: Host(`portainer.homeinfra.org`)
service: docker_portainer
tls:
certresolver: cloudflare
services:
docker_portainer:
loadbalancer:
servers:
- url: http://portainer:9000

13
docker/traefik/conf/apps/uptime.yaml Normal file
View File

@ -0,0 +1,13 @@
http:
routers:
uptime-kuma:
entrypoints: websecure
rule: Host(`uptime.homeinfra.org`)
service: uptime-kuma
tls:
certresolver: cloudflare
services:
uptime-kuma:
loadbalancer:
servers:
- url: http://uptime-kuma:3001

44
docker/traefik/conf/traefik.yml Normal file
View File

@ -0,0 +1,44 @@
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
filepath: /logs/log.json
format: json
level: DEBUG
accesslog:
filepath: /logs/access.json
api:
dashboard: true
insecure: true
providers:
file:
directory: /conf/apps/
watch: true
entrypoints:
gitssh:
address: :22
web:
address: :80
websecure:
address: :443
tls:
stores:
default:
defaultCertResolver: cloudflare
defaultCertDomain:
main: homeinfra.org
sans:
- "*.homeinfra.org"
certificatesResolvers:
cloudflare:
acme:
dnsChallenge:
provider: cloudflare
email: admin@homeinfra.org
storage: /letsencrypt/acme.json

36
docker/traefik/docker-compose.yml Normal file
View File

@ -0,0 +1,36 @@
version: "2"
services:
web:
restart: always
image: traefik:v2.9.7
container_name: traefik
networks:
- traefik_default
- net
ports:
- "80:80"
- "443:443"
- "22:22"
# - "8080:8080"
command:
- "--configFile=/conf/traefik.yml"
environment:
- "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}"
- "TZ=Asia/Shanghai"
volumes:
- ./conf:/conf:ro
- "./data/letsencrypt:/letsencrypt"
- ./data/traefik_logs:/logs
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- .env
networks:
net:
driver: bridge
traefik_default:
external: true

1
docker/traefik/make_network.sh Normal file
View File

@ -0,0 +1 @@
docker network create -d bridge --internal traefik_default

18
docker/uptime_kuma/docker-compose.yml Normal file
View File

@ -0,0 +1,18 @@
version: '3.3'
services:
uptime-kuma:
image: 'louislam/uptime-kuma:1'
container_name: uptime-kuma
restart: always
# ports:
# - '3001:3001'
volumes:
- './data:/app/data'
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik_default
- net
networks:
traefik_default:
external: true
net:

29
setup.md Normal file
View File

@ -0,0 +1,29 @@
# Setup
- register a domain
- hostname
- change ssh port
- setup DNS
- cloudflare key
- install docker docker-compose
- create traefik network
- Gitea
- create Gitea OAuth App
- create Github OAuth App
- setup Github as authentication source
- get gitea runner token
- setup gitea runner
- Portainer
- setup Gitea as authentication source
- uptime
- setup homepage settings