README.md

@@ -1,29 +1,5 @@
 # Home Infra
 
-`Homeinfra` offers a strong, dependable, and easily replicable configuration for your homelab, incorporating vital elements like HTTPS, NAT traversal, Security, CI/CD pipelines, Cronjobs, DDNS, Docker management, Automatic Backup, and more.
-
-Currently, the setup is being managed through docker-compose. Although migrating to K8s or k3s is a potential consideration, it has not been implemented at this time.
-
-
-<table>
-  <tr>
-    <td><img src="images/actions.png"></td>
-    <td><img src="images/dockge.png"></td>
-    <td><img src="images/homeassistant.png"></td>
-  </tr>
-  <tr>
-    <td><img src="images/homeassistant2.png"></td>
-    <td><img src="images/homepage.png"></td>
-    <td><img src="images/music.png"></td>
-  </tr>
-  <tr>
-    <td><img src="images/oauth-proxy.png"></td>
-    <td><img src="images/openvscode.png"></td>
-    <td><img src="images/uptime.png"></td>
-  </tr>
-</table>
-
-
 ## Modules
 
 ### Gateway & Security
@@ -64,7 +40,7 @@ Currently, the setup is being managed through docker-compose. Although migrating
 - msgpusher
 
 
-### Backup
+### backup
 
 - restic
   - Backup to S3 (Backblaze)

docker/dockge/.env.example

@@ -1,3 +0,0 @@
-OAUTH2_PROXY_COOKIE_SECRET=""
-OAUTH2_PROXY_CLIENT_ID=""
-OAUTH2_PROXY_CLIENT_SECRET=""

docker/dockge/docker-compose.yml

@@ -3,12 +3,13 @@ services:
   dockge:
     image: louislam/dockge:1
     restart: unless-stopped
-    # ports:
+      #    ports:
-    #   - 5001:5001
+      # Host Port : Container Port
+      # - 5001:5001
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./data:/app/data
-      
+        
       # If you want to use private registries, you need to share the auth file with Dockge:
       # - /root/.docker/:/root/.docker
 
@@ -16,26 +17,12 @@ services:
       # ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
       # ⚠️ 1. FULL path only. No relative path (MUST)
       # ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
-      - ${DOCKGE_STACKS_DIR:-}:${DOCKGE_STACKS_DIR:-}
+      - /root/homeinfra/docker:/root/homeinfra/docker
     environment:
       # Tell Dockge where is your stacks directory
-      - DOCKGE_STACKS_DIR=${DOCKGE_STACKS_DIR:-}
+      - DOCKGE_STACKS_DIR=/root/homeinfra/docker
-    networks:
-      - traefik_default
 
 
-  dockge-oauth:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
-    command: --config /oauth2-proxy.cfg
-    hostname: dockge-oauth2-proxy
-    volumes:
-      - "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
-    restart: unless-stopped
-    
-    external_links:
-      - "traefik:git.homeinfra.org"
-    env_file:
-      - .env
     networks:
       - traefik_default
 

docker/dockge/oauth2-proxy.cfg

@@ -1,18 +0,0 @@
-http_address="0.0.0.0:80"
-# cookie_secret=""
-email_domains=["homeinfra.org"]
-cookie_secure="false"
-upstreams="http://dockge:5001"
-cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains.
-whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target.
-
-
-# gitea provider
-provider="github"
-provider_display_name="Gitea"
-# client_id=""
-# client_secret=""
-redirect_url="https://code.homeinfra.org/oauth2/callback"
-login_url="https://git.homeinfra.org/login/oauth/authorize"
-redeem_url="https://git.homeinfra.org/login/oauth/access_token"
-validate_url="https://git.homeinfra.org/api/v1/user/emails"

docker/dockge/setup.sh

@@ -1 +0,0 @@
-export DOCKGE_STACKS_DIR=$(dirname "$PWD")

docker/filebrowser/config.json

@@ -1,8 +0,0 @@
-{
-    "port": 80,
-    "baseURL": "",
-    "address": "",
-    "log": "stdout",
-    "database": "/database/filebrowser.db",
-    "root": "/srv"
-  }

docker/filebrowser/docker-compose.yml

@@ -1,16 +0,0 @@
-version: "3.8"
-services:
-  filebrowser:
-    volumes:
-      - ./data/srv:/srv
-      - ./data/database:/database
-      - ./config.json:/.filebrowser.json
-    # ports:
-    #   - 8080:80
-    image: filebrowser/filebrowser:v2.26.0-s6
-    restart: unless-stopped
-    networks:
-      - traefik_default
-networks:
-  traefik_default:
-    external: true

docker/gitea/.env.example

@@ -1,2 +0,0 @@
-GITEA_DB_PASSWORD=
-

docker/gitea/docker-compose.yml

@@ -1,5 +1,6 @@
-version: "3.3"
+version: '3.3'
 services:
+
   gitea:
     image: gitea/gitea:1.21.1
     container_name: gitea
@@ -10,8 +11,8 @@ services:
       - DB_HOST=db:5432
       - DB_NAME=demo
       - DB_USER=demo
-      - DB_PASSWD=${GITEA_DB_PASSWORD}
+      - DB_PASSWD=demo
-    restart: unless-stopped
+    restart: always
     networks:
       - traefik_default
       - gitea
@@ -19,25 +20,26 @@ services:
       - ./data/gitea:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-    # ports:
+        #    ports:
-    #   - "3000:3000"
+      # - "3000:3000"
-    #   - "2222:22"
+      # - "2222:22"
     depends_on:
-      - db
+       - db
-    env_file:
+
-      - .env
   db:
     image: postgres:13-alpine
-    restart: unless-stopped
+    restart: always
     environment:
       - POSTGRES_USER=demo
-      - POSTGRES_PASSWORD=${GITEA_DB_PASSWORD}
+      - POSTGRES_PASSWORD=demo
       - POSTGRES_DB=demo
     networks:
       - gitea
     volumes:
       - ./data/postgres:/var/lib/postgresql/data
+
 networks:
-  gitea: null
   traefik_default:
     external: true
+  gitea:
+

docker/gitea_runner/.env.example

@@ -1 +0,0 @@
-GITEA_RUNNER_REGISTRATION_TOKEN=

docker/gitea_runner/docker-compose.yml

@@ -3,8 +3,8 @@ services:
   runner:
     image: act_runner:latest
     build:
-      context: .
+        context: .
-      dockerfile: Dockerfile
+        dockerfile: Dockerfile
     restart: unless-stopped
     volumes:
       - ./config.yaml:/config.yaml
@@ -13,11 +13,10 @@ services:
     environment:
       - CONFIG_FILE=/config.yaml
       - GITEA_INSTANCE_URL=https://git.homeinfra.org
-      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN}
+      - GITEA_RUNNER_REGISTRATION_TOKEN=${TOKEN}
       - GITEA_RUNNER_NAME=runner1
       - GITEA_RUNNER_LABELS=linux
     container_name: gitea_runner
     env_file:
       - .env
-    privileged: false
+    privileged: true
-networks: {}

docker/homepage/docker-compose.yml

@@ -1,5 +1,6 @@
 version: "2"
 services:
+
   homepage:
     image: nginx:1.18.0-alpine
     #ports:
@@ -8,9 +9,11 @@ services:
       - ./public_html:/usr/share/nginx/html:ro
     environment:
       - TZ=Asia/Shanghai
-    restart: unless-stopped
+    restart: always
+
     networks:
       - traefik_default
+
 networks:
   traefik_default:
     external: true

docker/openvscode/.env.example

@@ -1,6 +0,0 @@
-OAUTH2_PROXY_COOKIE_SECRET=""
-OAUTH2_PROXY_CLIENT_ID=""
-OAUTH2_PROXY_CLIENT_SECRET=""
-CONNECTION_TOKEN=
-CONNECTION_SECRET=
-SUDO_PASSWORD=

docker/openvscode/docker-compose.yml

@@ -1,42 +0,0 @@
-version: "2.1"
-services:
-  openvscode-server:
-    image: linuxserver/openvscode-server:1.85.1
-    container_name: openvscode-server
-    user: 0:0
-    environment:
-      - PUID=0
-      - PGID=0
-      - TZ=Etc/UTC
-      - CONNECTION_TOKEN=${CONNECTION_TOKEN} #optional
-      - CONNECTION_SECRET=${CONNECTION_SECRET} #optional
-      - SUDO_PASSWORD=${SUDO_PASSWORD} #optional
-      - SUDO_PASSWORD_HASH=${SUDO_PASSWORD_HASH} #optional
-    volumes:
-      - ../..:/infra
-    env_file:
-      - .env
-    #ports:
-    #  - 3000:3000
-    restart: unless-stopped
-    networks:
-      - traefik_default
-
-
-  openvscode-oauth:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
-    command: --config /oauth2-proxy.cfg
-    hostname: openvscode-oauth2-proxy
-    volumes:
-      - "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
-    restart: unless-stopped
-    
-    external_links:
-      - "traefik:git.homeinfra.org"
-    networks:
-      - traefik_default
-    env_file:
-      - .env
-networks:
-  traefik_default:
-    external: true

docker/openvscode/oauth2-proxy.cfg

@@ -1,19 +0,0 @@
-http_address="0.0.0.0:80"
-# cookie_secret=""
-email_domains=["homeinfra.org"]
-cookie_secure="false"
-upstreams="http://openvscode-server:3000"
-cookie_domains=[".homeinfra.org"] # Required so cookie can be read on all subdomains.
-whitelist_domains=[".homeinfra.org"] # Required to allow redirection back to original requested target.
-
-# client_id=""
-# client_secret=""
-redirect_url="https://code.homeinfra.org/oauth2/callback"
-
-
-# gitea provider
-provider="github"
-provider_display_name="Gitea"
-login_url="https://git.homeinfra.org/login/oauth/authorize"
-redeem_url="https://git.homeinfra.org/login/oauth/access_token"
-validate_url="https://git.homeinfra.org/api/v1/user/emails"

docker/portainer/.gitignore

@@ -0,0 +1 @@
+data

docker/portainer/docker-compose.yml

@@ -0,0 +1,22 @@
+version: '3.1'
+
+services:
+  portainer:
+    image: portainer/portainer-ce
+    container_name: portainer
+    volumes:
+      - ./data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: always
+    #    ports: 
+    #      - 3332:8000
+    #      - 3333:9000
+
+    networks:
+      - traefik_default
+      - net
+
+networks:
+  traefik_default:
+    external: true
+  net:

docker/restic/.env.example

@@ -1,8 +0,0 @@
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-
-RESTIC_REPOSITORY=s3:https://s3.region.backblazeb2.com/bucket
-RESTIC_PASSWORD=password
-BACKUP_CRON="0 */8 * * *"
-HEALTH_CHECK_URL=
-

docker/traefik/.env.example

@@ -1 +0,0 @@
-CLOUDFLARE_DNS_API_TOKEN=

docker/traefik/conf/apps/code_server.yaml

@@ -1,13 +1,13 @@
 http:
   routers:
-    file:
+    codeserver:
       entrypoints: websecure
-      rule: Host(`file.homeinfra.org`)
+      rule: Host(`test.homeinfra.net`)
-      service: file
+      service: codeserver
       tls:
         certresolver: cloudflare
   services:
-    file:
+    codeserver:
       loadbalancer:
         servers:
-          - url: http://filebrowser
+          - url: http://1.1.1.1

docker/traefik/conf/apps/dockge.yaml

@@ -10,5 +10,4 @@ http:
     dockge:
       loadbalancer:
         servers:
-          # - url: http://dockge:5001
+          - url: http://dockge:5001
-          - url: http://dockge-oauth

docker/traefik/conf/apps/openvscode.yaml

@@ -1,15 +0,0 @@
-http:
-  routers:
-    openvscode:
-      entrypoints: websecure
-      rule: Host(`code.homeinfra.org`)
-      service: openvscode
-      tls:
-        certresolver: cloudflare
-  services:
-    openvscode:
-      loadbalancer:
-        servers:
-          - url: http://openvscode-oauth
-#          - url: http://openvscode-server:3000
-

docker/traefik/conf/traefik.yml

@@ -25,12 +25,6 @@ entrypoints:
     address: :80
   websecure:
     address: :443
-    http:
-      tls:
-        domains:
-          - main: homeinfra.org
-            sans: "*.homeinfra.org"
-
 
 tls:
   stores:

docker/traefik/docker-compose.yml

@@ -1,31 +1,36 @@
 version: "2"
 services:
   web:
-    restart: unless-stopped
+    restart: always
     image: traefik:v2.9.7
     container_name: traefik
     networks:
       - traefik_default
       - net
     ports:
-      - 80:80
+      - "80:80"
-      - 443:443
+      - "443:443"
-      - 22:22
+      - "22:22"
       # - "8080:8080"
     command:
-      - --configFile=/conf/traefik.yml
+      - "--configFile=/conf/traefik.yml"
     environment:
-      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
+      - "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}"
-      - TZ=Asia/Shanghai
+      - "TZ=Asia/Shanghai"
     volumes:
       - ./conf:/conf:ro
-      - ./data/letsencrypt:/letsencrypt
+      - "./data/letsencrypt:/letsencrypt"
-      - /var/log/traefik_logs:/logs
+      - ./data/traefik_logs:/logs
       - /var/run/docker.sock:/var/run/docker.sock
     env_file:
       - .env
+
 networks:
   net:
     driver: bridge
+
   traefik_default:
     external: true
+
+    
+

docker/uptime_kuma/docker-compose.yml

@@ -1,18 +1,18 @@
-version: "3.3"
+version: '3.3'
 services:
   uptime-kuma:
-    image: louislam/uptime-kuma:1
+    image: 'louislam/uptime-kuma:1'
     container_name: uptime-kuma
-    restart: unless-stopped
+    restart: always
       #    ports:
       #      - '3001:3001'
     volumes:
-      - ./data:/app/data
+      - './data:/app/data'
       - /var/run/docker.sock:/var/run/docker.sock
     networks:
       - traefik_default
       - net
 networks:
-  net: null
   traefik_default:
     external: true
+  net: