From b204f6c40711c732c1eb173efb96cc83bc691568 Mon Sep 17 00:00:00 2001 From: Anonymous <> Date: Fri, 26 Jan 2024 12:51:17 +0000 Subject: [PATCH] add filebrowser, add openvscode, add oauth2-proxy, add .env, remove portainer --- README.md | 6 ++- docker/dockge/.env.example | 3 ++ docker/dockge/docker-compose.yml | 25 ++++++++--- docker/dockge/oauth2-proxy.cfg | 18 ++++++++ docker/dockge/setup.sh | 1 + docker/filebrowser/config.json | 8 ++++ docker/filebrowser/docker-compose.yml | 16 +++++++ docker/gitea/.env.example | 2 + docker/gitea/docker-compose.yml | 26 ++++++------ docker/gitea_runner/.env.example | 1 + docker/gitea_runner/docker-compose.yml | 9 ++-- docker/homepage/docker-compose.yml | 5 +-- docker/openvscode/.env.example | 6 +++ docker/openvscode/docker-compose.yml | 42 +++++++++++++++++++ docker/openvscode/oauth2-proxy.cfg | 19 +++++++++ docker/portainer/.gitignore | 1 - docker/portainer/docker-compose.yml | 22 ---------- docker/restic/.env.example | 8 ++++ docker/traefik/.env.example | 1 + docker/traefik/conf/apps/dockge.yaml | 3 +- .../{code_server.yaml => filebrowser.yaml} | 10 ++--- docker/traefik/conf/apps/openvscode.yaml | 15 +++++++ docker/traefik/conf/traefik.yml | 6 +++ docker/traefik/docker-compose.yml | 23 ++++------ docker/uptime_kuma/docker-compose.yml | 10 ++--- 25 files changed, 209 insertions(+), 77 deletions(-) create mode 100644 docker/dockge/.env.example create mode 100644 docker/dockge/oauth2-proxy.cfg create mode 100644 docker/dockge/setup.sh create mode 100644 docker/filebrowser/config.json create mode 100644 docker/filebrowser/docker-compose.yml create mode 100644 docker/gitea/.env.example create mode 100644 docker/gitea_runner/.env.example create mode 100644 docker/openvscode/.env.example create mode 100644 docker/openvscode/docker-compose.yml create mode 100644 docker/openvscode/oauth2-proxy.cfg delete mode 100644 docker/portainer/.gitignore delete mode 100644 docker/portainer/docker-compose.yml create mode 100644 docker/restic/.env.example create mode 100644 docker/traefik/.env.example rename docker/traefik/conf/apps/{code_server.yaml => filebrowser.yaml} (51%) create mode 100644 docker/traefik/conf/apps/openvscode.yaml diff --git a/README.md b/README.md index 114e9e2..84c8f35 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # Home Infra +`Homeinfra` offers a strong, dependable, and easily replicable configuration for your homelab, incorporating vital elements like HTTPS, NAT traversal, Security, CI/CD pipelines, Cronjobs, DDNS, Docker management, Automatic Backup, and more. + +Currently, the setup is being managed through docker-compose. Although migrating to K8s or k3s is a potential consideration, it has not been implemented at this time. + ## Modules ### Gateway & Security @@ -40,7 +44,7 @@ - msgpusher -### backup +### Backup - restic - Backup to S3 (Backblaze) diff --git a/docker/dockge/.env.example b/docker/dockge/.env.example new file mode 100644 index 0000000..4629d5a --- /dev/null +++ b/docker/dockge/.env.example @@ -0,0 +1,3 @@ +OAUTH2_PROXY_COOKIE_SECRET="" +OAUTH2_PROXY_CLIENT_ID="" +OAUTH2_PROXY_CLIENT_SECRET="" \ No newline at end of file diff --git a/docker/dockge/docker-compose.yml b/docker/dockge/docker-compose.yml index 0247971..e67976f 100644 --- a/docker/dockge/docker-compose.yml +++ b/docker/dockge/docker-compose.yml @@ -3,13 +3,12 @@ services: dockge: image: louislam/dockge:1 restart: unless-stopped - # ports: - # Host Port : Container Port - # - 5001:5001 + # ports: + # - 5001:5001 volumes: - /var/run/docker.sock:/var/run/docker.sock - ./data:/app/data - + # If you want to use private registries, you need to share the auth file with Dockge: # - /root/.docker/:/root/.docker @@ -17,12 +16,26 @@ services: # ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH. # ⚠️ 1. FULL path only. No relative path (MUST) # ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST) - - /root/homeinfra/docker:/root/homeinfra/docker + - ${DOCKGE_STACKS_DIR:-}:${DOCKGE_STACKS_DIR:-} environment: # Tell Dockge where is your stacks directory - - DOCKGE_STACKS_DIR=/root/homeinfra/docker + - DOCKGE_STACKS_DIR=${DOCKGE_STACKS_DIR:-} + networks: + - traefik_default + dockge-oauth: + image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 + command: --config /oauth2-proxy.cfg + hostname: dockge-oauth2-proxy + volumes: + - "./oauth2-proxy.cfg:/oauth2-proxy.cfg" + restart: unless-stopped + + external_links: + - "traefik:git.homeinfra.org" + env_file: + - .env networks: - traefik_default diff --git a/docker/dockge/oauth2-proxy.cfg b/docker/dockge/oauth2-proxy.cfg new file mode 100644 index 0000000..0e3a863 --- /dev/null +++ b/docker/dockge/oauth2-proxy.cfg @@ -0,0 +1,18 @@ +http_address="0.0.0.0:80" +# cookie_secret="" +email_domains=["homeinfra.org"] +cookie_secure="false" +upstreams="http://dockge:5001" +cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains. +whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target. + + +# gitea provider +provider="github" +provider_display_name="Gitea" +# client_id="" +# client_secret="" +redirect_url="https://code.homeinfra.org/oauth2/callback" +login_url="https://git.homeinfra.org/login/oauth/authorize" +redeem_url="https://git.homeinfra.org/login/oauth/access_token" +validate_url="https://git.homeinfra.org/api/v1/user/emails" \ No newline at end of file diff --git a/docker/dockge/setup.sh b/docker/dockge/setup.sh new file mode 100644 index 0000000..084dd6c --- /dev/null +++ b/docker/dockge/setup.sh @@ -0,0 +1 @@ +export DOCKGE_STACKS_DIR=$(dirname "$PWD") \ No newline at end of file diff --git a/docker/filebrowser/config.json b/docker/filebrowser/config.json new file mode 100644 index 0000000..fbcf6a1 --- /dev/null +++ b/docker/filebrowser/config.json @@ -0,0 +1,8 @@ +{ + "port": 80, + "baseURL": "", + "address": "", + "log": "stdout", + "database": "/database/filebrowser.db", + "root": "/srv" + } \ No newline at end of file diff --git a/docker/filebrowser/docker-compose.yml b/docker/filebrowser/docker-compose.yml new file mode 100644 index 0000000..87b347b --- /dev/null +++ b/docker/filebrowser/docker-compose.yml @@ -0,0 +1,16 @@ +version: "3.8" +services: + filebrowser: + volumes: + - ./data/srv:/srv + - ./data/database:/database + - ./config.json:/.filebrowser.json + # ports: + # - 8080:80 + image: filebrowser/filebrowser:v2.26.0-s6 + restart: unless-stopped + networks: + - traefik_default +networks: + traefik_default: + external: true diff --git a/docker/gitea/.env.example b/docker/gitea/.env.example new file mode 100644 index 0000000..7f2b14e --- /dev/null +++ b/docker/gitea/.env.example @@ -0,0 +1,2 @@ +GITEA_DB_PASSWORD= + diff --git a/docker/gitea/docker-compose.yml b/docker/gitea/docker-compose.yml index 3e0b74d..51b7335 100644 --- a/docker/gitea/docker-compose.yml +++ b/docker/gitea/docker-compose.yml @@ -1,6 +1,5 @@ -version: '3.3' +version: "3.3" services: - gitea: image: gitea/gitea:1.21.1 container_name: gitea @@ -11,8 +10,8 @@ services: - DB_HOST=db:5432 - DB_NAME=demo - DB_USER=demo - - DB_PASSWD=demo - restart: always + - DB_PASSWD=${GITEA_DB_PASSWORD} + restart: unless-stopped networks: - traefik_default - gitea @@ -20,26 +19,25 @@ services: - ./data/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - # ports: - # - "3000:3000" - # - "2222:22" + # ports: + # - "3000:3000" + # - "2222:22" depends_on: - - db - + - db + env_file: + - .env db: image: postgres:13-alpine - restart: always + restart: unless-stopped environment: - POSTGRES_USER=demo - - POSTGRES_PASSWORD=demo + - POSTGRES_PASSWORD=${GITEA_DB_PASSWORD} - POSTGRES_DB=demo networks: - gitea volumes: - ./data/postgres:/var/lib/postgresql/data - networks: + gitea: null traefik_default: external: true - gitea: - diff --git a/docker/gitea_runner/.env.example b/docker/gitea_runner/.env.example new file mode 100644 index 0000000..2617920 --- /dev/null +++ b/docker/gitea_runner/.env.example @@ -0,0 +1 @@ +GITEA_RUNNER_REGISTRATION_TOKEN= diff --git a/docker/gitea_runner/docker-compose.yml b/docker/gitea_runner/docker-compose.yml index 1a3830b..f77d72d 100644 --- a/docker/gitea_runner/docker-compose.yml +++ b/docker/gitea_runner/docker-compose.yml @@ -3,8 +3,8 @@ services: runner: image: act_runner:latest build: - context: . - dockerfile: Dockerfile + context: . + dockerfile: Dockerfile restart: unless-stopped volumes: - ./config.yaml:/config.yaml @@ -13,10 +13,11 @@ services: environment: - CONFIG_FILE=/config.yaml - GITEA_INSTANCE_URL=https://git.homeinfra.org - - GITEA_RUNNER_REGISTRATION_TOKEN=${TOKEN} + - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN} - GITEA_RUNNER_NAME=runner1 - GITEA_RUNNER_LABELS=linux container_name: gitea_runner env_file: - .env - privileged: true + privileged: false +networks: {} diff --git a/docker/homepage/docker-compose.yml b/docker/homepage/docker-compose.yml index 03b1e79..f5ad427 100644 --- a/docker/homepage/docker-compose.yml +++ b/docker/homepage/docker-compose.yml @@ -1,6 +1,5 @@ version: "2" services: - homepage: image: nginx:1.18.0-alpine #ports: @@ -9,11 +8,9 @@ services: - ./public_html:/usr/share/nginx/html:ro environment: - TZ=Asia/Shanghai - restart: always - + restart: unless-stopped networks: - traefik_default - networks: traefik_default: external: true diff --git a/docker/openvscode/.env.example b/docker/openvscode/.env.example new file mode 100644 index 0000000..fbaaf32 --- /dev/null +++ b/docker/openvscode/.env.example @@ -0,0 +1,6 @@ +OAUTH2_PROXY_COOKIE_SECRET="" +OAUTH2_PROXY_CLIENT_ID="" +OAUTH2_PROXY_CLIENT_SECRET="" +CONNECTION_TOKEN= +CONNECTION_SECRET= +SUDO_PASSWORD= diff --git a/docker/openvscode/docker-compose.yml b/docker/openvscode/docker-compose.yml new file mode 100644 index 0000000..01f96f5 --- /dev/null +++ b/docker/openvscode/docker-compose.yml @@ -0,0 +1,42 @@ +version: "2.1" +services: + openvscode-server: + image: linuxserver/openvscode-server:1.85.1 + container_name: openvscode-server + user: 0:0 + environment: + - PUID=0 + - PGID=0 + - TZ=Etc/UTC + - CONNECTION_TOKEN=${CONNECTION_TOKEN} #optional + - CONNECTION_SECRET=${CONNECTION_SECRET} #optional + - SUDO_PASSWORD=${SUDO_PASSWORD} #optional + - SUDO_PASSWORD_HASH=${SUDO_PASSWORD_HASH} #optional + volumes: + - ../..:/infra + env_file: + - .env + #ports: + # - 3000:3000 + restart: unless-stopped + networks: + - traefik_default + + + openvscode-oauth: + image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 + command: --config /oauth2-proxy.cfg + hostname: openvscode-oauth2-proxy + volumes: + - "./oauth2-proxy.cfg:/oauth2-proxy.cfg" + restart: unless-stopped + + external_links: + - "traefik:git.homeinfra.org" + networks: + - traefik_default + env_file: + - .env +networks: + traefik_default: + external: true diff --git a/docker/openvscode/oauth2-proxy.cfg b/docker/openvscode/oauth2-proxy.cfg new file mode 100644 index 0000000..e179f0a --- /dev/null +++ b/docker/openvscode/oauth2-proxy.cfg @@ -0,0 +1,19 @@ +http_address="0.0.0.0:80" +# cookie_secret="" +email_domains=["homeinfra.org"] +cookie_secure="false" +upstreams="http://openvscode-server:3000" +cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains. +whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target. + +# client_id="" +# client_secret="" +redirect_url="https://code.homeinfra.org/oauth2/callback" + + +# gitea provider +provider="github" +provider_display_name="Gitea" +login_url="https://git.homeinfra.org/login/oauth/authorize" +redeem_url="https://git.homeinfra.org/login/oauth/access_token" +validate_url="https://git.homeinfra.org/api/v1/user/emails" \ No newline at end of file diff --git a/docker/portainer/.gitignore b/docker/portainer/.gitignore deleted file mode 100644 index 1269488..0000000 --- a/docker/portainer/.gitignore +++ /dev/null @@ -1 +0,0 @@ -data diff --git a/docker/portainer/docker-compose.yml b/docker/portainer/docker-compose.yml deleted file mode 100644 index 07e1195..0000000 --- a/docker/portainer/docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: '3.1' - -services: - portainer: - image: portainer/portainer-ce - container_name: portainer - volumes: - - ./data:/data - - /var/run/docker.sock:/var/run/docker.sock - restart: always - # ports: - # - 3332:8000 - # - 3333:9000 - - networks: - - traefik_default - - net - -networks: - traefik_default: - external: true - net: \ No newline at end of file diff --git a/docker/restic/.env.example b/docker/restic/.env.example new file mode 100644 index 0000000..78d489d --- /dev/null +++ b/docker/restic/.env.example @@ -0,0 +1,8 @@ +AWS_ACCESS_KEY_ID= +AWS_SECRET_ACCESS_KEY= + +RESTIC_REPOSITORY=s3:https://s3.region.backblazeb2.com/bucket +RESTIC_PASSWORD=password +BACKUP_CRON="0 */8 * * *" +HEALTH_CHECK_URL= + diff --git a/docker/traefik/.env.example b/docker/traefik/.env.example new file mode 100644 index 0000000..d8d050f --- /dev/null +++ b/docker/traefik/.env.example @@ -0,0 +1 @@ +CLOUDFLARE_DNS_API_TOKEN= diff --git a/docker/traefik/conf/apps/dockge.yaml b/docker/traefik/conf/apps/dockge.yaml index 6ab9666..a79ecfa 100644 --- a/docker/traefik/conf/apps/dockge.yaml +++ b/docker/traefik/conf/apps/dockge.yaml @@ -10,4 +10,5 @@ http: dockge: loadbalancer: servers: - - url: http://dockge:5001 + # - url: http://dockge:5001 + - url: http://dockge-oauth diff --git a/docker/traefik/conf/apps/code_server.yaml b/docker/traefik/conf/apps/filebrowser.yaml similarity index 51% rename from docker/traefik/conf/apps/code_server.yaml rename to docker/traefik/conf/apps/filebrowser.yaml index c3ac567..afbfcb7 100644 --- a/docker/traefik/conf/apps/code_server.yaml +++ b/docker/traefik/conf/apps/filebrowser.yaml @@ -1,13 +1,13 @@ http: routers: - codeserver: + file: entrypoints: websecure - rule: Host(`test.homeinfra.net`) - service: codeserver + rule: Host(`file.homeinfra.org`) + service: file tls: certresolver: cloudflare services: - codeserver: + file: loadbalancer: servers: - - url: http://1.1.1.1 + - url: http://filebrowser diff --git a/docker/traefik/conf/apps/openvscode.yaml b/docker/traefik/conf/apps/openvscode.yaml new file mode 100644 index 0000000..03b0cdf --- /dev/null +++ b/docker/traefik/conf/apps/openvscode.yaml @@ -0,0 +1,15 @@ +http: + routers: + openvscode: + entrypoints: websecure + rule: Host(`code.homeinfra.org`) + service: openvscode + tls: + certresolver: cloudflare + services: + openvscode: + loadbalancer: + servers: + - url: http://openvscode-oauth +# - url: http://openvscode-server:3000 + diff --git a/docker/traefik/conf/traefik.yml b/docker/traefik/conf/traefik.yml index f61c35e..1a97638 100644 --- a/docker/traefik/conf/traefik.yml +++ b/docker/traefik/conf/traefik.yml @@ -25,6 +25,12 @@ entrypoints: address: :80 websecure: address: :443 + http: + tls: + domains: + - main: homeinfra.org + sans: "*.homeinfra.org" + tls: stores: diff --git a/docker/traefik/docker-compose.yml b/docker/traefik/docker-compose.yml index 6a8bc60..9ab5bf0 100644 --- a/docker/traefik/docker-compose.yml +++ b/docker/traefik/docker-compose.yml @@ -1,36 +1,31 @@ version: "2" services: web: - restart: always + restart: unless-stopped image: traefik:v2.9.7 container_name: traefik networks: - traefik_default - net ports: - - "80:80" - - "443:443" - - "22:22" + - 80:80 + - 443:443 + - 22:22 # - "8080:8080" command: - - "--configFile=/conf/traefik.yml" + - --configFile=/conf/traefik.yml environment: - - "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}" - - "TZ=Asia/Shanghai" + - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN} + - TZ=Asia/Shanghai volumes: - ./conf:/conf:ro - - "./data/letsencrypt:/letsencrypt" - - ./data/traefik_logs:/logs + - ./data/letsencrypt:/letsencrypt + - /var/log/traefik_logs:/logs - /var/run/docker.sock:/var/run/docker.sock env_file: - .env - networks: net: driver: bridge - traefik_default: external: true - - - diff --git a/docker/uptime_kuma/docker-compose.yml b/docker/uptime_kuma/docker-compose.yml index c2cac6a..5cef17a 100644 --- a/docker/uptime_kuma/docker-compose.yml +++ b/docker/uptime_kuma/docker-compose.yml @@ -1,18 +1,18 @@ -version: '3.3' +version: "3.3" services: uptime-kuma: - image: 'louislam/uptime-kuma:1' + image: louislam/uptime-kuma:1 container_name: uptime-kuma - restart: always + restart: unless-stopped # ports: # - '3001:3001' volumes: - - './data:/app/data' + - ./data:/app/data - /var/run/docker.sock:/var/run/docker.sock networks: - traefik_default - net networks: + net: null traefik_default: external: true - net: