root
/
homeinfra_infra
mirror of https://github.com/homeinfra-org/infra
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add filebrowser, add openvscode, add oauth2-proxy, add .env, remove portainer

This commit is contained in:
Anonymous 2024-01-26 12:51:17 +00:00
parent edf11b371c
commit b204f6c407
25 changed files with 209 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -1,5 +1,9 @@
# Home Infra
`Homeinfra` offers a strong, dependable, and easily replicable configuration for your homelab, incorporating vital elements like HTTPS, NAT traversal, Security, CI/CD pipelines, Cronjobs, DDNS, Docker management, Automatic Backup, and more.
Currently, the setup is being managed through docker-compose. Although migrating to K8s or k3s is a potential consideration, it has not been implemented at this time.
## Modules
### Gateway & Security
@ -40,7 +44,7 @@
- msgpusher
### backup
### Backup
- restic
- Backup to S3 (Backblaze)

3
docker/dockge/.env.example Normal file
View File

@ -0,0 +1,3 @@
OAUTH2_PROXY_COOKIE_SECRET=""
OAUTH2_PROXY_CLIENT_ID=""
OAUTH2_PROXY_CLIENT_SECRET=""

23
docker/dockge/docker-compose.yml
View File

@ -3,9 +3,8 @@ services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
# ports:
# Host Port : Container Port
# - 5001:5001
# ports:
# - 5001:5001
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/app/data
@ -17,12 +16,26 @@ services:
# ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
# ⚠️ 1. FULL path only. No relative path (MUST)
# ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
- /root/homeinfra/docker:/root/homeinfra/docker
- ${DOCKGE_STACKS_DIR:-}:${DOCKGE_STACKS_DIR:-}
environment:
# Tell Dockge where is your stacks directory
- DOCKGE_STACKS_DIR=/root/homeinfra/docker
- DOCKGE_STACKS_DIR=${DOCKGE_STACKS_DIR:-}
networks:
- traefik_default
dockge-oauth:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
command: --config /oauth2-proxy.cfg
hostname: dockge-oauth2-proxy
volumes:
- "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
restart: unless-stopped
external_links:
- "traefik:git.homeinfra.org"
env_file:
- .env
networks:
- traefik_default

18
docker/dockge/oauth2-proxy.cfg Normal file
View File

@ -0,0 +1,18 @@
http_address="0.0.0.0:80"
# cookie_secret=""
email_domains=["homeinfra.org"]
cookie_secure="false"
upstreams="http://dockge:5001"
cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target.
# gitea provider
provider="github"
provider_display_name="Gitea"
# client_id=""
# client_secret=""
redirect_url="https://code.homeinfra.org/oauth2/callback"
login_url="https://git.homeinfra.org/login/oauth/authorize"
redeem_url="https://git.homeinfra.org/login/oauth/access_token"
validate_url="https://git.homeinfra.org/api/v1/user/emails"

1
docker/dockge/setup.sh Normal file
View File

@ -0,0 +1 @@
export DOCKGE_STACKS_DIR=$(dirname "$PWD")

8
docker/filebrowser/config.json Normal file
View File

@ -0,0 +1,8 @@
{
"port": 80,
"baseURL": "",
"address": "",
"log": "stdout",
"database": "/database/filebrowser.db",
"root": "/srv"
}

16
docker/filebrowser/docker-compose.yml Normal file
View File

@ -0,0 +1,16 @@
version: "3.8"
services:
filebrowser:
volumes:
- ./data/srv:/srv
- ./data/database:/database
- ./config.json:/.filebrowser.json
# ports:
# - 8080:80
image: filebrowser/filebrowser:v2.26.0-s6
restart: unless-stopped
networks:
- traefik_default
networks:
traefik_default:
external: true

2
docker/gitea/.env.example Normal file
View File

@ -0,0 +1,2 @@
GITEA_DB_PASSWORD=

26
docker/gitea/docker-compose.yml
View File

@ -1,6 +1,5 @@
version: '3.3'
version: "3.3"
services:
gitea:
image: gitea/gitea:1.21.1
container_name: gitea
@ -11,8 +10,8 @@ services:
- DB_HOST=db:5432
- DB_NAME=demo
- DB_USER=demo
- DB_PASSWD=demo
restart: always
- DB_PASSWD=${GITEA_DB_PASSWORD}
restart: unless-stopped
networks:
- traefik_default
- gitea
@ -20,26 +19,25 @@ services:
- ./data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# ports:
# - "3000:3000"
# - "2222:22"
# ports:
# - "3000:3000"
# - "2222:22"
depends_on:
- db
- db
env_file:
- .env
db:
image: postgres:13-alpine
restart: always
restart: unless-stopped
environment:
- POSTGRES_USER=demo
- POSTGRES_PASSWORD=demo
- POSTGRES_PASSWORD=${GITEA_DB_PASSWORD}
- POSTGRES_DB=demo
networks:
- gitea
volumes:
- ./data/postgres:/var/lib/postgresql/data
networks:
gitea: null
traefik_default:
external: true
gitea:

1
docker/gitea_runner/.env.example Normal file
View File

@ -0,0 +1 @@
GITEA_RUNNER_REGISTRATION_TOKEN=

9
docker/gitea_runner/docker-compose.yml
View File

@ -3,8 +3,8 @@ services:
runner:
image: act_runner:latest
build:
context: .
dockerfile: Dockerfile
context: .
dockerfile: Dockerfile
restart: unless-stopped
volumes:
- ./config.yaml:/config.yaml
@ -13,10 +13,11 @@ services:
environment:
- CONFIG_FILE=/config.yaml
- GITEA_INSTANCE_URL=https://git.homeinfra.org
- GITEA_RUNNER_REGISTRATION_TOKEN=${TOKEN}
- GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN}
- GITEA_RUNNER_NAME=runner1
- GITEA_RUNNER_LABELS=linux
container_name: gitea_runner
env_file:
- .env
privileged: true
privileged: false
networks: {}

5
docker/homepage/docker-compose.yml
View File

@ -1,6 +1,5 @@
version: "2"
services:
homepage:
image: nginx:1.18.0-alpine
#ports:
@ -9,11 +8,9 @@ services:
- ./public_html:/usr/share/nginx/html:ro
environment:
- TZ=Asia/Shanghai
restart: always
restart: unless-stopped
networks:
- traefik_default
networks:
traefik_default:
external: true

6
docker/openvscode/.env.example Normal file
View File

@ -0,0 +1,6 @@
OAUTH2_PROXY_COOKIE_SECRET=""
OAUTH2_PROXY_CLIENT_ID=""
OAUTH2_PROXY_CLIENT_SECRET=""
CONNECTION_TOKEN=
CONNECTION_SECRET=
SUDO_PASSWORD=

42
docker/openvscode/docker-compose.yml Normal file
View File

@ -0,0 +1,42 @@
version: "2.1"
services:
openvscode-server:
image: linuxserver/openvscode-server:1.85.1
container_name: openvscode-server
user: 0:0
environment:
- PUID=0
- PGID=0
- TZ=Etc/UTC
- CONNECTION_TOKEN=${CONNECTION_TOKEN} #optional
- CONNECTION_SECRET=${CONNECTION_SECRET} #optional
- SUDO_PASSWORD=${SUDO_PASSWORD} #optional
- SUDO_PASSWORD_HASH=${SUDO_PASSWORD_HASH} #optional
volumes:
- ../..:/infra
env_file:
- .env
#ports:
# - 3000:3000
restart: unless-stopped
networks:
- traefik_default
openvscode-oauth:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
command: --config /oauth2-proxy.cfg
hostname: openvscode-oauth2-proxy
volumes:
- "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
restart: unless-stopped
external_links:
- "traefik:git.homeinfra.org"
networks:
- traefik_default
env_file:
- .env
networks:
traefik_default:
external: true

19
docker/openvscode/oauth2-proxy.cfg Normal file
View File

@ -0,0 +1,19 @@
http_address="0.0.0.0:80"
# cookie_secret=""
email_domains=["homeinfra.org"]
cookie_secure="false"
upstreams="http://openvscode-server:3000"
cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target.
# client_id=""
# client_secret=""
redirect_url="https://code.homeinfra.org/oauth2/callback"
# gitea provider
provider="github"
provider_display_name="Gitea"
login_url="https://git.homeinfra.org/login/oauth/authorize"
redeem_url="https://git.homeinfra.org/login/oauth/access_token"
validate_url="https://git.homeinfra.org/api/v1/user/emails"

1
docker/portainer/.gitignore vendored
View File

@ -1 +0,0 @@
data

22
docker/portainer/docker-compose.yml
View File

@ -1,22 +0,0 @@
version: '3.1'
services:
portainer:
image: portainer/portainer-ce
container_name: portainer
volumes:
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: always
# ports:
# - 3332:8000
# - 3333:9000
networks:
- traefik_default
- net
networks:
traefik_default:
external: true
net:

8
docker/restic/.env.example Normal file
View File

@ -0,0 +1,8 @@
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
RESTIC_REPOSITORY=s3:https://s3.region.backblazeb2.com/bucket
RESTIC_PASSWORD=password
BACKUP_CRON="0 */8 * * *"
HEALTH_CHECK_URL=

1
docker/traefik/.env.example Normal file
View File

@ -0,0 +1 @@
CLOUDFLARE_DNS_API_TOKEN=

3
docker/traefik/conf/apps/dockge.yaml
View File

@ -10,4 +10,5 @@ http:
dockge:
loadbalancer:
servers:
- url: http://dockge:5001
# - url: http://dockge:5001
- url: http://dockge-oauth

10
docker/traefik/conf/apps/code_server.yaml → docker/traefik/conf/apps/filebrowser.yaml
View File

@ -1,13 +1,13 @@
http:
routers:
codeserver:
file:
entrypoints: websecure
rule: Host(`test.homeinfra.net`)
service: codeserver
rule: Host(`file.homeinfra.org`)
service: file
tls:
certresolver: cloudflare
services:
codeserver:
file:
loadbalancer:
servers:
- url: http://1.1.1.1
- url: http://filebrowser

15
docker/traefik/conf/apps/openvscode.yaml Normal file
View File

@ -0,0 +1,15 @@
http:
routers:
openvscode:
entrypoints: websecure
rule: Host(`code.homeinfra.org`)
service: openvscode
tls:
certresolver: cloudflare
services:
openvscode:
loadbalancer:
servers:
- url: http://openvscode-oauth
# - url: http://openvscode-server:3000

6
docker/traefik/conf/traefik.yml
View File

@ -25,6 +25,12 @@ entrypoints:
address: :80
websecure:
address: :443
http:
tls:
domains:
- main: homeinfra.org
sans: "*.homeinfra.org"
tls:
stores:

23
docker/traefik/docker-compose.yml
View File

@ -1,36 +1,31 @@
version: "2"
services:
web:
restart: always
restart: unless-stopped
image: traefik:v2.9.7
container_name: traefik
networks:
- traefik_default
- net
ports:
- "80:80"
- "443:443"
- "22:22"
- 80:80
- 443:443
- 22:22
# - "8080:8080"
command:
- "--configFile=/conf/traefik.yml"
- --configFile=/conf/traefik.yml
environment:
- "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}"
- "TZ=Asia/Shanghai"
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
- TZ=Asia/Shanghai
volumes:
- ./conf:/conf:ro
- "./data/letsencrypt:/letsencrypt"
- ./data/traefik_logs:/logs
- ./data/letsencrypt:/letsencrypt
- /var/log/traefik_logs:/logs
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- .env
networks:
net:
driver: bridge
traefik_default:
external: true

10
docker/uptime_kuma/docker-compose.yml
View File

@ -1,18 +1,18 @@
version: '3.3'
version: "3.3"
services:
uptime-kuma:
image: 'louislam/uptime-kuma:1'
image: louislam/uptime-kuma:1
container_name: uptime-kuma
restart: always
restart: unless-stopped
# ports:
# - '3001:3001'
volumes:
- './data:/app/data'
- ./data:/app/data
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik_default
- net
networks:
net: null
traefik_default:
external: true
net: