Compare commits

..

No commits in common. "b98bd2f7c165fbfbe56914c61464b76b71712773" and "edf11b371cdeaa8e1e1ede1e77e5d46e8f36f079" have entirely different histories.

34 changed files with 77 additions and 229 deletions

View File

@ -1,29 +1,5 @@
# Home Infra
`Homeinfra` offers a strong, dependable, and easily replicable configuration for your homelab, incorporating vital elements like HTTPS, NAT traversal, Security, CI/CD pipelines, Cronjobs, DDNS, Docker management, Automatic Backup, and more.
Currently, the setup is being managed through docker-compose. Although migrating to K8s or k3s is a potential consideration, it has not been implemented at this time.
<table>
<tr>
<td><img src="images/actions.png"></td>
<td><img src="images/dockge.png"></td>
<td><img src="images/homeassistant.png"></td>
</tr>
<tr>
<td><img src="images/homeassistant2.png"></td>
<td><img src="images/homepage.png"></td>
<td><img src="images/music.png"></td>
</tr>
<tr>
<td><img src="images/oauth-proxy.png"></td>
<td><img src="images/openvscode.png"></td>
<td><img src="images/uptime.png"></td>
</tr>
</table>
## Modules
### Gateway & Security
@ -64,7 +40,7 @@ Currently, the setup is being managed through docker-compose. Although migrating
- msgpusher
### Backup
### backup
- restic
- Backup to S3 (Backblaze)

View File

@ -1,3 +0,0 @@
OAUTH2_PROXY_COOKIE_SECRET=""
OAUTH2_PROXY_CLIENT_ID=""
OAUTH2_PROXY_CLIENT_SECRET=""

View File

@ -3,12 +3,13 @@ services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
# ports:
# - 5001:5001
# ports:
# Host Port : Container Port
# - 5001:5001
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/app/data
# If you want to use private registries, you need to share the auth file with Dockge:
# - /root/.docker/:/root/.docker
@ -16,26 +17,12 @@ services:
# ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
# ⚠️ 1. FULL path only. No relative path (MUST)
# ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
- ${DOCKGE_STACKS_DIR:-}:${DOCKGE_STACKS_DIR:-}
- /root/homeinfra/docker:/root/homeinfra/docker
environment:
# Tell Dockge where is your stacks directory
- DOCKGE_STACKS_DIR=${DOCKGE_STACKS_DIR:-}
networks:
- traefik_default
- DOCKGE_STACKS_DIR=/root/homeinfra/docker
dockge-oauth:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
command: --config /oauth2-proxy.cfg
hostname: dockge-oauth2-proxy
volumes:
- "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
restart: unless-stopped
external_links:
- "traefik:git.homeinfra.org"
env_file:
- .env
networks:
- traefik_default

View File

@ -1,18 +0,0 @@
http_address="0.0.0.0:80"
# cookie_secret=""
email_domains=["homeinfra.org"]
cookie_secure="false"
upstreams="http://dockge:5001"
cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target.
# gitea provider
provider="github"
provider_display_name="Gitea"
# client_id=""
# client_secret=""
redirect_url="https://code.homeinfra.org/oauth2/callback"
login_url="https://git.homeinfra.org/login/oauth/authorize"
redeem_url="https://git.homeinfra.org/login/oauth/access_token"
validate_url="https://git.homeinfra.org/api/v1/user/emails"

View File

@ -1 +0,0 @@
export DOCKGE_STACKS_DIR=$(dirname "$PWD")

View File

@ -1,8 +0,0 @@
{
"port": 80,
"baseURL": "",
"address": "",
"log": "stdout",
"database": "/database/filebrowser.db",
"root": "/srv"
}

View File

@ -1,16 +0,0 @@
version: "3.8"
services:
filebrowser:
volumes:
- ./data/srv:/srv
- ./data/database:/database
- ./config.json:/.filebrowser.json
# ports:
# - 8080:80
image: filebrowser/filebrowser:v2.26.0-s6
restart: unless-stopped
networks:
- traefik_default
networks:
traefik_default:
external: true

View File

@ -1,2 +0,0 @@
GITEA_DB_PASSWORD=

View File

@ -1,5 +1,6 @@
version: "3.3"
version: '3.3'
services:
gitea:
image: gitea/gitea:1.21.1
container_name: gitea
@ -10,8 +11,8 @@ services:
- DB_HOST=db:5432
- DB_NAME=demo
- DB_USER=demo
- DB_PASSWD=${GITEA_DB_PASSWORD}
restart: unless-stopped
- DB_PASSWD=demo
restart: always
networks:
- traefik_default
- gitea
@ -19,25 +20,26 @@ services:
- ./data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# ports:
# - "3000:3000"
# - "2222:22"
# ports:
# - "3000:3000"
# - "2222:22"
depends_on:
- db
env_file:
- .env
- db
db:
image: postgres:13-alpine
restart: unless-stopped
restart: always
environment:
- POSTGRES_USER=demo
- POSTGRES_PASSWORD=${GITEA_DB_PASSWORD}
- POSTGRES_PASSWORD=demo
- POSTGRES_DB=demo
networks:
- gitea
volumes:
- ./data/postgres:/var/lib/postgresql/data
networks:
gitea: null
traefik_default:
external: true
gitea:

View File

@ -1 +0,0 @@
GITEA_RUNNER_REGISTRATION_TOKEN=

View File

@ -3,8 +3,8 @@ services:
runner:
image: act_runner:latest
build:
context: .
dockerfile: Dockerfile
context: .
dockerfile: Dockerfile
restart: unless-stopped
volumes:
- ./config.yaml:/config.yaml
@ -13,11 +13,10 @@ services:
environment:
- CONFIG_FILE=/config.yaml
- GITEA_INSTANCE_URL=https://git.homeinfra.org
- GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN}
- GITEA_RUNNER_REGISTRATION_TOKEN=${TOKEN}
- GITEA_RUNNER_NAME=runner1
- GITEA_RUNNER_LABELS=linux
container_name: gitea_runner
env_file:
- .env
privileged: false
networks: {}
privileged: true

View File

@ -1,5 +1,6 @@
version: "2"
services:
homepage:
image: nginx:1.18.0-alpine
#ports:
@ -8,9 +9,11 @@ services:
- ./public_html:/usr/share/nginx/html:ro
environment:
- TZ=Asia/Shanghai
restart: unless-stopped
restart: always
networks:
- traefik_default
networks:
traefik_default:
external: true

View File

@ -1,6 +0,0 @@
OAUTH2_PROXY_COOKIE_SECRET=""
OAUTH2_PROXY_CLIENT_ID=""
OAUTH2_PROXY_CLIENT_SECRET=""
CONNECTION_TOKEN=
CONNECTION_SECRET=
SUDO_PASSWORD=

View File

@ -1,42 +0,0 @@
version: "2.1"
services:
openvscode-server:
image: linuxserver/openvscode-server:1.85.1
container_name: openvscode-server
user: 0:0
environment:
- PUID=0
- PGID=0
- TZ=Etc/UTC
- CONNECTION_TOKEN=${CONNECTION_TOKEN} #optional
- CONNECTION_SECRET=${CONNECTION_SECRET} #optional
- SUDO_PASSWORD=${SUDO_PASSWORD} #optional
- SUDO_PASSWORD_HASH=${SUDO_PASSWORD_HASH} #optional
volumes:
- ../..:/infra
env_file:
- .env
#ports:
# - 3000:3000
restart: unless-stopped
networks:
- traefik_default
openvscode-oauth:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
command: --config /oauth2-proxy.cfg
hostname: openvscode-oauth2-proxy
volumes:
- "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
restart: unless-stopped
external_links:
- "traefik:git.homeinfra.org"
networks:
- traefik_default
env_file:
- .env
networks:
traefik_default:
external: true

View File

@ -1,19 +0,0 @@
http_address="0.0.0.0:80"
# cookie_secret=""
email_domains=["homeinfra.org"]
cookie_secure="false"
upstreams="http://openvscode-server:3000"
cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target.
# client_id=""
# client_secret=""
redirect_url="https://code.homeinfra.org/oauth2/callback"
# gitea provider
provider="github"
provider_display_name="Gitea"
login_url="https://git.homeinfra.org/login/oauth/authorize"
redeem_url="https://git.homeinfra.org/login/oauth/access_token"
validate_url="https://git.homeinfra.org/api/v1/user/emails"

1
docker/portainer/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
data

View File

@ -0,0 +1,22 @@
version: '3.1'
services:
portainer:
image: portainer/portainer-ce
container_name: portainer
volumes:
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: always
# ports:
# - 3332:8000
# - 3333:9000
networks:
- traefik_default
- net
networks:
traefik_default:
external: true
net:

View File

@ -1,8 +0,0 @@
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
RESTIC_REPOSITORY=s3:https://s3.region.backblazeb2.com/bucket
RESTIC_PASSWORD=password
BACKUP_CRON="0 */8 * * *"
HEALTH_CHECK_URL=

View File

@ -1 +0,0 @@
CLOUDFLARE_DNS_API_TOKEN=

View File

@ -1,13 +1,13 @@
http:
routers:
file:
codeserver:
entrypoints: websecure
rule: Host(`file.homeinfra.org`)
service: file
rule: Host(`test.homeinfra.net`)
service: codeserver
tls:
certresolver: cloudflare
services:
file:
codeserver:
loadbalancer:
servers:
- url: http://filebrowser
- url: http://1.1.1.1

View File

@ -10,5 +10,4 @@ http:
dockge:
loadbalancer:
servers:
# - url: http://dockge:5001
- url: http://dockge-oauth
- url: http://dockge:5001

View File

@ -1,15 +0,0 @@
http:
routers:
openvscode:
entrypoints: websecure
rule: Host(`code.homeinfra.org`)
service: openvscode
tls:
certresolver: cloudflare
services:
openvscode:
loadbalancer:
servers:
- url: http://openvscode-oauth
# - url: http://openvscode-server:3000

View File

@ -25,12 +25,6 @@ entrypoints:
address: :80
websecure:
address: :443
http:
tls:
domains:
- main: homeinfra.org
sans: "*.homeinfra.org"
tls:
stores:

View File

@ -1,31 +1,36 @@
version: "2"
services:
web:
restart: unless-stopped
restart: always
image: traefik:v2.9.7
container_name: traefik
networks:
- traefik_default
- net
ports:
- 80:80
- 443:443
- 22:22
- "80:80"
- "443:443"
- "22:22"
# - "8080:8080"
command:
- --configFile=/conf/traefik.yml
- "--configFile=/conf/traefik.yml"
environment:
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
- TZ=Asia/Shanghai
- "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}"
- "TZ=Asia/Shanghai"
volumes:
- ./conf:/conf:ro
- ./data/letsencrypt:/letsencrypt
- /var/log/traefik_logs:/logs
- "./data/letsencrypt:/letsencrypt"
- ./data/traefik_logs:/logs
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- .env
networks:
net:
driver: bridge
traefik_default:
external: true

View File

@ -1,18 +1,18 @@
version: "3.3"
version: '3.3'
services:
uptime-kuma:
image: louislam/uptime-kuma:1
image: 'louislam/uptime-kuma:1'
container_name: uptime-kuma
restart: unless-stopped
restart: always
# ports:
# - '3001:3001'
volumes:
- ./data:/app/data
- './data:/app/data'
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik_default
- net
networks:
net: null
traefik_default:
external: true
net:

Binary file not shown.

Before

Width:  |  Height:  |  Size: 315 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 253 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 200 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 266 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 240 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.8 MiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 140 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 348 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 256 KiB