From 9346aee86d9d515d432232fe9bafff4c1a842bcb Mon Sep 17 00:00:00 2001 From: Thomas Dehaeze Date: Wed, 8 Mar 2023 10:02:55 +0100 Subject: [PATCH] Huge change about matrix. Change some termination to be compatible with ansible-matrix: https: web-secure http: web --- homelab.org | 4228 +++++++++++++++++++++++++++++---------------------- 1 file changed, 2442 insertions(+), 1786 deletions(-) diff --git a/homelab.org b/homelab.org index 525371e..bcb00ae 100644 --- a/homelab.org +++ b/homelab.org @@ -93,10 +93,94 @@ Edit =/etc/fstab=. /mnt/disk* /srv/storage fuse.mergerfs direct_io,defaults,allow_other,minfreespace=50G,fsname=mergerfs 0 0 #+end_src -** Automating with SnapRAID Runner +** SnapRAID ([[https://github.com/amadvance/snapraid][link]]) and SnapRAID Runner ([[https://github.com/Chronial/snapraid-runner][link]]) *SnapRAID* is a snapshot parity calculation tool which acts at the block level independent of filesystem ([[https://selfhostedhome.com/combining-different-sized-drives-with-mergerfs-and-snapraid/][link]]). -SnapRAID is here used inside a Docker container ([[https://hub.docker.com/r/xagaba/snapraid][link]]). +It is manually installed with docker ([[https://github.com/ironicbadger/docker-snapraid][link]]). + +The configuration file is located in =/etc/snapraid.conf=: +#+begin_src conf :tangle /ssh:thomas@homelab:/etc/snapraid.conf +# Defines the file to use as parity storage +# It must NOT be in a data disk +# Format: "parity FILE_PATH" +parity /mnt/parity/snapraid.parity + +# Defines the files to use as content list +# You can use multiple specification to store more copies +# You must have least one copy for each parity file plus one. Some more don't +# hurt +# They can be in the disks used for data, parity or boot, +# but each file must be in a different disk +# Format: "content FILE_PATH" +content /var/snapraid.content +content /mnt/disk0/.snapraid.content +content /mnt/disk1/.snapraid.content + +# Defines the data disks to use +# The order is relevant for parity, do not change it +# Format: "disk DISK_NAME DISK_MOUNT_POINT" +disk disk0 /mnt/disk0 +disk disk1 /mnt/disk1 + +# Excludes hidden files and directories (uncomment to enable). +#nohidden + +# Defines files and directories to exclude +# Remember that all the paths are relative at the mount points +# Format: "exclude FILE" +# Format: "exclude DIR/" +# Format: "exclude /PATH/FILE" +# Format: "exclude /PATH/DIR/" +exclude /tmp/ +exclude /lost+found/ +exclude *.!sync +exclude .DS_Store +exclude ._.DS_Store +exclude .Thumbs.db +exclude .fseventsd +exclude .Spotlight-V100 +exclude .TemporaryItems +exclude .Trashes +#+end_src + +Go in the =/home/thomas/.local/soft/= directory and clone the =snapraid-runner= [[https://github.com/tdehaeze/snapraid-runner][repository]]. + +Then, create the =snapraid-runner.conf= file: +#+begin_src conf :noweb yes :tangle /ssh:thomas@homelab:~/.local/soft/snapraid-runner/snapraid-runner.conf +[snapraid] +; path to the snapraid executable (e.g. /bin/snapraid) +executable = /usr/local/bin/snapraid +; path to the snapraid config to be used +config = /etc/snapraid.conf +; abort operation if there are more deletes than this, set to -1 to disable +deletethreshold = -1 +; if you want touch to be ran each time +touch = true + +[logging] +; logfile to write to, leave empty to disable +file = snapraid.log +; maximum logfile size in KiB, leave empty for infinite +maxsize = 5000 + +[gotify] +sendon = error +url = https://gotify.tdehaeze.xyz +token = <> + +[scrub] +; set to true to run scrub after sync +enabled = true +; scrub plan - either a percentage or one of [bad, new, full] +plan = 12 +; minimum block age (in days) for scrubbing. Only used with percentage plans +older-than = 10 +#+end_src + +And finally, create a =cronjob= with =sudo crontab -e= and add the following line: +#+begin_src conf +0 3 * * * python3 /home/thomas/.local/soft/snapraid-runner/snapraid-runner.py -c /home/thomas/.local/soft/snapraid-runner/snapraid-runner.conf >> /home/thomas/cron/snapraid_runner.log 2>&1 +#+end_src ** Install Docker The procedure is well explained [[https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04][here]]. @@ -167,6 +251,10 @@ To edit the cron jobs, type =crontab -e= and add a line like: That will run every 5 minutes. To check how the first part of the crontab works, check [[https://crontab.guru/][this website]]. +** Setup Traefik proxy + +Follow [[https://www.smarthomebeginner.com/traefik-2-docker-tutorial/][this]] guide. + ** Run =docker-compose= #+begin_src bash cd ~/docker && docker-compose up -d @@ -179,12 +267,6 @@ cd ~/docker && docker-compose up -d } #+end_src -** Matrix server -Use Ansible https://github.com/spantaleev/matrix-docker-ansible-deploy - -Must install newer version of ansible: -- https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu - * Maintenance - How To ** Update System/Packages #+begin_src bash @@ -211,19 +293,6 @@ This will delete all unused images, volumes and networks. docker system prune -f && docker image prune -f && docker volume prune -f #+end_src -** =snapraid= -To see all files "backed up" by snapraid, use: -#+begin_src bash -docker exec -ti snapraid snapraid list | fzf -#+end_src - -In reality, snapraid is ran from the docker container: -#+begin_src bash -docker exec -ti snapraid snapraid fix -f -#+end_src - -The path to file should be relative: =/srv/storage/Cloud/org/file.org= -> =Cloud/org/file.org= - ** Restore Online backup with =restic= To list backups: @@ -311,6 +380,17 @@ Then, start the tunnel with: wg-quick up interfacename #+end_src +** Add new user to =authelia= + +Modify the user database file: +#+begin_src bash :eval no +nvim ~/docker/config/authelia/users_database.yml +#+end_src + +Add an entry for the new user. +Restart the container with =docker-compose restart authelia=. +Ask the new user to go to https://login.tdehaeze.xyz/ to reset his password. + * Docker-Compose :PROPERTIES: :header-args: :tangle /ssh:thomas@homelab:~/docker/docker-compose.yaml @@ -351,7 +431,7 @@ services: #+begin_src yaml traefik: container_name: traefik - image: traefik:2.2.1 + image: traefik:2.9 restart: unless-stopped depends_on: - authelia @@ -376,12 +456,12 @@ services: labels: - "traefik.enable=true" # HTTP-to-HTTPS Redirect - - "traefik.http.routers.http-catchall.entrypoints=http" + - "traefik.http.routers.http-catchall.entryPoints=web" - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" # HTTP Routers - - "traefik.http.routers.traefik-rtr.entrypoints=https" + - "traefik.http.routers.traefik-rtr.entrypoints=web-secure" - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)" - "traefik.http.routers.traefik-rtr.tls=true" - "traefik.http.routers.traefik-rtr.middlewares=authelia@docker" @@ -392,12 +472,12 @@ services: # Services - API - "traefik.http.routers.traefik-rtr.service=api@internal" # Router - - "traefik.http.routers.openwrt.entrypoints=https" + - "traefik.http.routers.openwrt.entrypoints=web-secure" - "traefik.http.routers.openwrt.rule=Host(`openwrt.$DOMAINNAME`)" - "traefik.http.routers.openwrt.tls=true" - "traefik.http.routers.openwrt.service=openwrt@file" # Valetudo - - "traefik.http.routers.valetudo.entrypoints=https" + - "traefik.http.routers.valetudo.entrypoints=web-secure" - "traefik.http.routers.valetudo.rule=Host(`valetudo.$DOMAINNAME`)" - "traefik.http.routers.valetudo.tls=true" - "traefik.http.routers.valetudo.middlewares=authelia@docker" @@ -415,13 +495,13 @@ global: sendAnonymousUsage: false entryPoints: - http: + web: address: :80 - https: + web-secure: address: :443 forwardedHeaders: trustedIPs: 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 - synapse: + matrix-federation: address: :8448 api: @@ -430,6 +510,13 @@ api: log: level: ERROR +metrics: + influxDB2: + address: https://influxdb.tdehaeze.xyz + token: dhkvChi1tXrMY18plDTWifz8MZNUm2M4QGpEAd2FftmMlfsN7KLq96uQXADbiQxDb1Vo2pYTSblCGqrfVygqJw== + org: homelab + bucket: traefik + accessLog: filePath: /var/log/access.log filters: @@ -444,7 +531,9 @@ providers: swarmMode: false file: filename: /etc/traefik/services.yaml - watch: true + +serverstransport: + insecureskipverify: true certificatesResolvers: dns-cloudflare: @@ -468,16 +557,24 @@ http: servers: - url: "http://192.168.1.110/" - url: "http://192.168.2.157/" + - url: "http://192.168.5.157/" healthCheck: path: / - inverval: "60s" - timeout: "3s" +#+end_src + +#+begin_src yaml :tangle /ssh:thomas@homelab:~/docker/config/traefik2/http.yaml +http: + middlewares: + unifiHeaders: + headers: + customRequestHeaders: + Authorization: "" # Removes #+end_src *** =authelia= - Single Sign-On Multi-Factor portal ([[https://github.com/authelia/authelia][link]]) #+begin_src yaml authelia: - image: authelia/authelia:4.30 + image: authelia/authelia:4.35 container_name: authelia restart: unless-stopped networks: @@ -491,11 +588,11 @@ http: - PUID=$PUID - PGID=$PGID - TZ=$TZ - - AUTHELIA_NOTIFIER_SMTP_PASSWORD=$AUTHELIA_NOTIFIER_SMTP_PASSWORD + - AUTHELIA_NOTIFIER_SMTP_PASSWORD=$GOOGLE_AUTHELIA_PASS - AUTHELIA_JWT_SECRET=$AUTHELIA_JWT_SECRET labels: - "traefik.enable=true" - - "traefik.http.routers.authelia-rtr.entrypoints=https" + - "traefik.http.routers.authelia-rtr.entrypoints=web-secure" - "traefik.http.routers.authelia-rtr.tls=true" - "traefik.http.routers.authelia-rtr.service=authelia-svc" - "traefik.http.routers.authelia-rtr.rule=Host(`login.$DOMAINNAME`)" @@ -558,10 +655,6 @@ access_control: policy: one_factor subject: - ["group:admins"] - - domain: portainer.tdehaeze.xyz - policy: one_factor - subject: - - ["group:admins"] - domain: sync-ju.tdehaeze.xyz policy: one_factor subject: @@ -578,16 +671,6 @@ access_control: policy: one_factor subject: - ["group:admins"] - - domain: octoprint.tdehaeze.xyz - policy: one_factor - subject: - - ["group:admins"] - - ["group:family"] - - domain: tina2.tdehaeze.xyz - policy: one_factor - subject: - - ["group:admins"] - - ["group:family"] - domain: uptime.tdehaeze.xyz policy: one_factor subject: @@ -608,6 +691,10 @@ access_control: policy: one_factor subject: - ["group:admins"] + - domain: influxdb.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] - domain: node-red.tdehaeze.xyz policy: one_factor subject: @@ -627,6 +714,26 @@ access_control: - ["group:admins"] - ["group:friends"] - ["group:family"] + - domain: sonarr.tdehaeze.xyz + policy: bypass + resources: + - "^/api.*$" + - domain: sonarr.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] + - domain: radarr.tdehaeze.xyz + policy: bypass + resources: + - "^/api.*$" + - domain: radarr.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] + - domain: unifi.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] session: name: authelia_session @@ -640,45 +747,18 @@ regulation: ban_time: 300 storage: + encryption_key: bUEO5bYNJYziXUxEWFYubUmUdUZPhy local: path: /config/db.sqlite3 notifier: smtp: - username: tdehaeze.xyz@gmail.com host: smtp.gmail.com port: 587 + username: tdehaeze.xyz@gmail.com sender: tdehaeze.xyz@gmail.com #+end_src -*** =portainer= - Manage docker ([[https://github.com/portainer/portainer][link]]) -#+begin_src yaml - portainer: - container_name: portainer - image: portainer/portainer - restart: unless-stopped - command: -H unix:///var/run/docker.sock - command: --no-auth - networks: - - t2_proxy - security_opt: - - no-new-privileges:true - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - $CONFIGDIR/portainer:/data - environment: - - TZ=$TZ - labels: - - "traefik.enable=true" - - "traefik.http.routers.portainer-rtr.entrypoints=https" - - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME`)" - - "traefik.http.routers.portainer-rtr.tls=true" - - "traefik.http.routers.portainer-rtr.service=portainer-svc" - - "traefik.http.routers.portainer-rtr.middlewares=authelia@docker" - - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" - logging: *default-logging -#+end_src - *** =uptime-kuma= - Monitoring Tool ([[https://github.com/louislam/uptime-kuma][link]]) #+begin_src yaml uptime-kuma: @@ -696,7 +776,7 @@ notifier: - $CONFIGDIR/uptime-kuma:/app/data labels: - "traefik.enable=true" - - "traefik.http.routers.uptime-rtr.entrypoints=https" + - "traefik.http.routers.uptime-rtr.entrypoints=web-secure" - "traefik.http.routers.uptime-rtr.rule=Host(`uptime.$DOMAINNAME`)" - "traefik.http.routers.uptime-rtr.tls=true" - "traefik.http.routers.uptime-rtr.service=uptime-svc" @@ -706,7 +786,6 @@ notifier: #+end_src *** =gotify= - Notification service ([[https://github.com/gotify/server][link]]) - In order to have notifications on Linux desktop use [[https://github.com/ztpnk/gotify-dunst][gotify-dunst]]. #+begin_src yaml @@ -726,14 +805,1978 @@ In order to have notifications on Linux desktop use [[https://github.com/ztpnk/g - $CONFIGDIR/gotify:/app/data labels: - "traefik.enable=true" - - "traefik.http.routers.gotify-rtr.entrypoints=https" + - "traefik.http.routers.gotify-rtr.entrypoints=web-secure" - "traefik.http.routers.gotify-rtr.rule=Host(`gotify.$DOMAINNAME`)" - "traefik.http.routers.gotify-rtr.tls=true" - "traefik.http.routers.gotify-rtr.service=gotify-svc" - "traefik.http.services.gotify-svc.loadbalancer.server.port=80" #+end_src -*** =snapraid= - Manage local backup with parity disk ([[https://github.com/amadvance/snapraid][link]]) +*** =scrutiny= - Hard drive monitoring ([[https://hub.docker.com/r/hotio/scrutiny][link]]) +#+begin_src yaml + scrutiny: + container_name: scrutiny + image: ghcr.io/analogj/scrutiny:master-omnibus + restart: unless-stopped + networks: + - t2_proxy + cap_add: + - SYS_RAWIO + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/scrutiny:/config + - /run/udev:/run/udev:ro + devices: + - /dev/sda:/dev/sda + - /dev/sdb:/dev/sdb + - /dev/sdc:/dev/sdc + - /dev/nvme0:/dev/nvme0 + labels: + - "traefik.enable=true" + - "traefik.http.routers.scrutiny-rtr.entrypoints=web-secure" + - "traefik.http.routers.scrutiny-rtr.rule=Host(`scrutiny.$DOMAINNAME`)" + - "traefik.http.routers.scrutiny-rtr.tls=true" + - "traefik.http.routers.scrutiny-rtr.service=scrutiny-svc" + - "traefik.http.routers.scrutiny-rtr.middlewares=authelia@docker" + - "traefik.http.services.scrutiny-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +*** =wireguard= - VPN ([[https://github.com/linuxserver/docker-wireguard][link]]) +#+begin_src yaml + wireguard: + container_name: wireguard + image: weejewel/wg-easy + restart: unless-stopped + networks: + - t2_proxy + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - WG_HOST=82.66.44.13 + - PASSWORD=$WIREGUARD_PASS + volumes: + - $CONFIGDIR/wg-easy:/etc/wireguard + ports: + - 51820:51820/udp + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + labels: + - "traefik.enable=true" + - "traefik.http.routers.wireguard-rtr.entrypoints=web-secure" + - "traefik.http.routers.wireguard-rtr.rule=Host(`wireguard.$DOMAINNAME`)" + - "traefik.http.routers.wireguard-rtr.tls=true" + - "traefik.http.routers.wireguard-rtr.service=wireguard-svc" + - "traefik.http.routers.wireguard-rtr.middlewares=authelia@docker" + - "traefik.http.services.wireguard-svc.loadbalancer.server.port=51821" + logging: *default-logging +#+end_src + +*** =nginx= - Root (used for Matrix) +#+begin_src yaml + root: + container_name: root + image: nginx + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/root/nginx.conf:/etc/nginx/nginx.conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.root-rtr.entrypoints=web-secure" + - "traefik.http.routers.root-rtr.rule=Host(`$DOMAINNAME`)" + - "traefik.http.routers.root-rtr.tls=true" + - "traefik.http.routers.root-rtr.service=root-svc" + - "traefik.http.services.root-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +=nginx.conf= +#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/root/Caddyfile +events { + +} + +http { + server { + server_name tdehaeze.xyz; + listen 8080; + + location /.well-known/matrix/client { + proxy_pass https://matrix.tdehaeze.xyz/.well-known/matrix/client; + proxy_set_header X-Forwarded-For $remote_addr; + } + + location /.well-known/matrix/server { + proxy_pass https://matrix.tdehaeze.xyz/.well-known/matrix/server; + proxy_set_header X-Forwarded-For $remote_addr; + } + } +} +#+end_src + +*** =commento= - Commenting system ([[https://github.com/adtac/commento][link]]) +#+begin_src yaml + commento: + container_name: commento + image: registry.gitlab.com/commento/commento + restart: unless-stopped + networks: + - t2_proxy + - backend + # ports: + # - 8080:8080 + environment: + - TZ=$TZ + - UID=$PUID + - GID=$PGID + - COMMENTO_ORIGIN=https://commento.tdehaeze.xyz/ + - COMMENTO_PORT=8080 + - COMMENTO_POSTGRES=postgres://postgres:$COMMENTO_DB_PASSWORD@commento_db:5432/commento?sslmode=disable + - COMMENTO_SMTP_HOST=smtp.gmail.com + - COMMENTO_SMTP_PORT=587 + - COMMENTO_SMTP_USERNAME=tdehaeze.xyz@gmail.com + - COMMENTO_SMTP_PASSWORD=$GOOGLE_AUTHELIA_PASS + - COMMENTO_SMTP_FROM_ADDRESS=tdehaeze.xyz@gmail.com + depends_on: + - commento_db + labels: + - "traefik.enable=true" + - "traefik.http.routers.commento-rtr.entrypoints=web-secure" + - "traefik.http.routers.commento-rtr.rule=Host(`commento.$DOMAINNAME`)" + - "traefik.http.routers.commento-rtr.tls=true" + - "traefik.http.routers.commento-rtr.service=commento-svc" + - "traefik.http.services.commento-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +#+begin_src yaml + commento_db: + container_name: commento_db + image: postgres:13 + restart: unless-stopped + networks: + - backend + environment: + - POSTGRES_DB=commento + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=$COMMENTO_DB_PASSWORD + volumes: + - $CONFIGDIR/commento_db:/var/lib/postgresql/data + logging: *default-logging +#+end_src + +*** =unifi-controller= - Software for Unifi devices ([[https://hub.docker.com/r/linuxserver/unifi-controller][link]]) +#+begin_src yaml + unifi-controller: + container_name: unifi-controller + image: jacobalberty/unifi + networks: + - t2_proxy + restart: unless-stopped + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/unifi-controller:/unifi + ports: + - 8443:8443 + - 3478:3478/udp + - 10001:10001/udp + - 8080:8080 + - 1900:1900/udp #optional + # - 8843:8843 # Unifi guest portal HTTPS redirect port + # - 8880:8880 # Unifi guest portal HTTP redirect port + # - 6789:6789 # For mobile throughput test + # - 5514:5514/udp # Remote syslog port + labels: + - "traefik.enable=true" + - "traefik.http.routers.unifi-rtr.entrypoints=web-secure" + - "traefik.http.routers.unifi-rtr.rule=Host(`unifi.$DOMAINNAME`)" + - "traefik.http.routers.unifi-rtr.tls=true" + - "traefik.http.routers.unifi-rtr.service=unifi-svc" + - "traefik.http.services.unifi-svc.loadbalancer.server.scheme=https" + - "traefik.http.services.unifi-svc.loadbalancer.server.port=8443" + + logging: *default-logging +#+end_src + +** Metrics +*** =influxdb= +#+begin_src yaml + influxdb: + container_name: influxdb + image: influxdb + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/influxdb:/var/lib/influxdb2:rw + labels: + - "traefik.enable=true" + - "traefik.http.routers.influxdb-rtr.entrypoints=web-secure" + - "traefik.http.routers.influxdb-rtr.rule=Host(`influxdb.$DOMAINNAME`)" + - "traefik.http.routers.influxdb-rtr.tls=true" + - "traefik.http.routers.influxdb-rtr.service=influxdb-svc" + - "traefik.http.services.influxdb-svc.loadbalancer.server.port=8086" + logging: *default-logging +#+end_src + +** Websites +*** =homer= - Home page for myself ([[https://github.com/bastienwirtz/homer][link]]) +#+begin_src yaml + homer: + container_name: homer + image: b4bz/homer + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/homer/assets/:/www/assets + labels: + - "traefik.enable=true" + - "traefik.http.routers.homer-rtr.entrypoints=web-secure" + - "traefik.http.routers.homer-rtr.rule=Host(`homer.$DOMAINNAME`)" + - "traefik.http.routers.homer-rtr.tls=true" + - "traefik.http.routers.homer-rtr.service=homer-svc" + - "traefik.http.services.homer-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +=config.yml= +#+begin_src yaml :tangle /ssh:thomas@homelab:~/docker/config/homer/assets/config.yml +--- +title: "Homepage" +subtitle: "" +logo: "assets/homer.png" +header: false +footer: false + +columns: "auto" +connectivityCheck: false + +theme: default + +links: [] + +services: + - name: "Websites" + icon: "fas fa-desktop" + items: + - name: "Brain" + logo: "/assets/tools/brain.png" + subtitle: "Digital Brain" + url: "https://brain.tdehaeze.xyz" + - name: "Research" + logo: "/assets/tools/orgmode.png" + subtitle: "Research Pages" + url: "https://research.tdehaeze.xyz" + - name: "Help" + logo: "/assets/tools/help.png" + subtitle: "Help Page" + url: "https://help.tdehaeze.xyz" + - name: "Dotfiles" + logo: "/assets/tools/dotfiles.png" + subtitle: "My Literate Dotfiles" + url: "https://dotfiles.tdehaeze.xyz" + - name: "Miam" + logo: "/assets/tools/miam.png" + subtitle: "Personnal Recipes" + url: "https://miam.tdehaeze.xyz" + - name: "Multimedia" + icon: "fas fa-photo-video" + items: + - name: "Jellyfin" + logo: "/assets/tools/jellyfin.png" + subtitle: "Media Library" + url: "https://jellyfin.tdehaeze.xyz" + # - name: "Audioserve" + # logo: "/assets/tools/audiobook.png" + # subtitle: "Audiobook Server" + # url: "https://audiobook.tdehaeze.xyz" + # - name: "Kavita" + # logo: "/assets/tools/kavita.png" + # subtitle: "Book Library" + # url: "https://kavita.tdehaeze.xyz" + - name: "Cloud" + icon: "fas fa-cloud" + items: + - name: "File Browser" + logo: "/assets/tools/cloud.png" + subtitle: "Simple Personnal Could" + url: "https://cloud.tdehaeze.xyz" + - name: "Syncthing" + logo: "/assets/tools/syncthing.png" + subtitle: "Anne" + url: "https://sync-anne.tdehaeze.xyz" + - name: "Syncthing" + logo: "/assets/tools/syncthing.png" + subtitle: "Juliette" + url: "https://sync-ju.tdehaeze.xyz" + - name: "Syncthing" + logo: "/assets/tools/syncthing.png" + subtitle: "Jean-Marie" + url: "https://sync-jm.tdehaeze.xyz" + - name: "Syncthing" + logo: "/assets/tools/syncthing.png" + subtitle: "P2P Sync" + url: "https://syncthing.tdehaeze.xyz" + - name: "Radicale" + logo: "/assets/tools/radicale.png" + subtitle: "CalDAV/CardDAV Server" + url: "https://radicale.tdehaeze.xyz" + - name: "Miniflux" + logo: "/assets/tools/miniflux.png" + subtitle: "RSS Feeds" + url: "https://rss.tdehaeze.xyz" + - name: "LinkDing" + logo: "/assets/tools/linkding.png" + subtitle: "Bookmark Manager" + url: "https://bm.tdehaeze.xyz" + - name: "Gitea" + logo: "/assets/tools/gitea.png" + subtitle: "Git Server" + url: "https://git.tdehaeze.xyz" + - name: "Download" + icon: "fas fa-download" + items: + - name: "JellySrerr" + logo: "/assets/tools/jellyseerr.png" + subtitle: "Torrent Client" + url: "http://jellyseerr.tdehaeze.xyz/" + # - name: "Down" + # logo: "/assets/tools/down.png" + # subtitle: "Torrent Download" + # url: "https://down.tdehaeze.xyz/" + - name: "Qobuz" + subtitle: "Music Download" + logo: "/assets/tools/qobuz.png" + url: "https://qobuz.tdehaeze.xyz" + - name: "Sonarr" + logo: "/assets/tools/sonarr.png" + subtitle: "TVShows Download" + url: "http://sonarr.tdehaeze.xyz/" + - name: "Radarr" + logo: "/assets/tools/radarr.png" + subtitle: "Movies Download" + url: "http://radarr.tdehaeze.xyz/" + - name: "Prowlarr" + logo: "/assets/tools/prowlarr.png" + subtitle: "Torrent Indexer" + url: "http://prowlarr.tdehaeze.xyz/" + # - name: "Jackett" + # logo: "/assets/tools/jackett.png" + # subtitle: "Torrent Client" + # url: "http://jackett.tdehaeze.xyz/" + - name: "Transmission" + logo: "/assets/tools/transmission.png" + subtitle: "Torrent Client" + url: "http://torrent.tdehaeze.xyz/transmission/web/" + # - name: "Metube" + # logo: "/assets/tools/metube.png" + # subtitle: "Youtube Download" + # url: "https://metube.tdehaeze.xyz/" + # - name: "Joal" + # logo: "/assets/tools/joal.png" + # subtitle: "Increase Ratio" + # url: "https://joal.tdehaeze.xyz/joal/ui/#/" + - name: "Config" + icon: "fas fa-cog" + items: + # - name: "Portainer" + # logo: "/assets/tools/portainer.png" + # subtitle: "Manger Docker" + # url: "https://portainer.tdehaeze.xyz/#/containers" + - name: "Traefik" + logo: "/assets/tools/traefik.png" + subtitle: "Reverse Proxy" + url: "https://traefik.tdehaeze.xyz" + - name: "Wireguard" + logo: "/assets/tools/wireguard.png" + subtitle: "Manger Docker" + url: "https://wireguard.tdehaeze.xyz/" + - name: "Uptime" + logo: "/assets/tools/uptime.png" + subtitle: "Monitoring" + url: "https://uptime.tdehaeze.xyz" + - name: "Commento" + logo: "/assets/tools/commento.png" + subtitle: "Commenting System" + url: "https://commento.tdehaeze.xyz" + - name: "Gotify" + logo: "/assets/tools/gotify.png" + subtitle: "Messaging System" + url: "https://gotify.tdehaeze.xyz" + - name: "JFA-Go" + logo: "/assets/tools/jellyfin.png" + subtitle: "Manage Jellyfin Users" + url: "http://jfa.tdehaeze.xyz/" + - name: "Scrutiny" + logo: "/assets/tools/scrutiny.png" + subtitle: "S.M.A.R.T" + url: "http://scrutiny.tdehaeze.xyz/web/dashboard" + - name: "Home" + icon: "fas fa-home" + items: + - name: "OpenWRT" + logo: "/assets/tools/openwrt.png" + subtitle: "Router" + url: "https://openwrt.tdehaeze.xyz/" + - name: "Unifi" + logo: "/assets/tools/unifi.png" + subtitle: "Wifi Expander" + url: "https://unifi.tdehaeze.xyz/" + - name: "Changedetection.io" + logo: "/assets/tools/changedetection.png" + subtitle: "Detect change in websites" + url: "https://change.tdehaeze.xyz" + - name: "Zigbee2MQTT" + logo: "/assets/tools/zigbee2mqtt.png" + subtitle: "Zigbee2MQTT" + url: "https://zigbee2mqtt.tdehaeze.xyz/" + - name: "Node Red" + logo: "/assets/tools/node-red.png" + subtitle: "Event-driven applications" + url: "https://node-red.tdehaeze.xyz/" + - name: "InfluxDB" + logo: "/assets/tools/influxdb.png" + subtitle: "Time series database" + url: "https://influxdb.tdehaeze.xyz/" + - name: "ESPHome" + logo: "/assets/tools/esphome.png" + subtitle: "System to control ESP8266/ESP32" + url: "https://esphome.tdehaeze.xyz/" + - name: "OctoPrint" + logo: "/assets/tools/octoprint.png" + subtitle: "Tina2" + url: "https://3d-printer.tdehaeze.xyz/" +#+end_src + +*** =family= - Home page for family ([[https://github.com/bastienwirtz/homer][link]]) +#+begin_src yaml + famille: + container_name: famille + image: b4bz/homer + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/famille/assets/:/www/assets + labels: + - "traefik.enable=true" + - "traefik.http.routers.famille-rtr.entrypoints=web-secure" + - "traefik.http.routers.famille-rtr.rule=Host(`famille.$DOMAINNAME`)" + - "traefik.http.routers.famille-rtr.tls=true" + - "traefik.http.routers.famille-rtr.service=famille-svc" + - "traefik.http.services.famille-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +=config.yml= +#+begin_src yaml :tangle /ssh:thomas@homelab:~/docker/config/famille/assets/config.yml +--- +title: "Homepage" +subtitle: "" +logo: "assets/homer.png" +header: false +footer: false + +columns: "auto" +connectivityCheck: false + +theme: default + +message: + style: "" # See https://bulma.io/documentation/components/message/#colors for styling options. + title: "Coucou !" + content: "Ci dessous tu peux trouver différents sites accéssibles sur mon serveur. Si tu as besoin d'aide avec l'utilisation de Jellyfin, tout est expliqué ici." + + +links: [] + +services: + - name: "Websites" + icon: "fas fa-desktop" + items: + - name: "Jellyfin" + logo: "/assets/tools/jellyfin.png" + subtitle: "Librairie multimédia" + url: "https://jellyfin.tdehaeze.xyz" + - name: "File Browser" + logo: "/assets/tools/cloud.png" + subtitle: "Cloud personnel" + url: "https://cloud.tdehaeze.xyz" + - name: "Miam" + logo: "/assets/tools/miam.png" + subtitle: "Site de recettes partagées" + url: "https://miam.tdehaeze.xyz" + - name: "Multimedia" + icon: "fas fa-photo-video" + items: + - name: "Jellyseerr" + subtitle: "Ajout de Films/Séries sur Jellyfin" + logo: "/assets/tools/jellyseerr.png" + url: "https://jellyseerr.tdehaeze.xyz" + - name: "Qobuz" + subtitle: "Ajout de Musique sur Jellyfin" + logo: "/assets/tools/qobuz.png" + url: "https://qobuz.tdehaeze.xyz" +#+end_src + +*** =hugo= - Wiki + Blog ([[https://git.tdehaeze.xyz/tdehaeze/digital-brain][link]]) +#+begin_src yaml + hugo: + container_name: hugo + image: tdehaeze/hugo-caddy + restart: unless-stopped + networks: + - t2_proxy + environment: + - REPO=git.tdehaeze.xyz/tdehaeze/digital-brain + labels: + - "traefik.enable=true" + - "traefik.http.routers.hugo-rtr.entrypoints=web-secure" + - "traefik.http.routers.hugo-rtr.rule=Host(`brain.$DOMAINNAME`)" + - "traefik.http.routers.hugo-rtr.tls=true" + - "traefik.http.routers.hugo-rtr.service=hugo-svc" + - "traefik.http.services.hugo-svc.loadbalancer.server.port=2015" + logging: *default-logging +#+end_src + +*** =research= - Research Pages ([[https://git.tdehaeze.xyz/tdehaeze/research-home-page][link]]) +#+begin_src yaml + research: + container_name: research + image: abiosoft/caddy:1.0.3-no-stats + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - PLUGINS=git + volumes: + - $CONFIGDIR/research/Caddyfile:/etc/Caddyfile + - $CONFIGDIR/research/web:/srv + # - ~/.ssh:/root/.ssh + labels: + - "traefik.enable=true" + - "traefik.http.routers.caddy-rtr.entrypoints=web-secure" + - "traefik.http.routers.caddy-rtr.rule=Host(`research.$DOMAINNAME`)" + - "traefik.http.routers.caddy-rtr.tls=true" + - "traefik.http.routers.caddy-rtr.service=caddy-svc" + - "traefik.http.services.caddy-svc.loadbalancer.server.port=2015" + logging: *default-logging +#+end_src + +=Caddyfile= +#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/caddy/Caddyfile +0.0.0.0:2015 { + root /srv/www/ + + git { + repo https://git.tdehaeze.xyz/tdehaeze/research-home-page + path /srv/www/ + interval -1 + hook /research-home-page/webhook QHZgAKjD8q2v54Ru + then git submodule update --init --recursive --merge --remote + } +} +#+end_src + +*** =dotfiles= - Dotfiles ([[https://git.tdehaeze.xyz/tdehaeze/literate-dotfiles][link]]) +#+begin_src yaml + dotfiles: + container_name: dotfiles + image: abiosoft/caddy:1.0.3-no-stats + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - PLUGINS=git + volumes: + - $CONFIGDIR/dotfiles/Caddyfile:/etc/Caddyfile + - $CONFIGDIR/dotfiles/www:/srv/www + labels: + - "traefik.enable=true" + - "traefik.http.routers.dotfiles-rtr.entrypoints=web-secure" + - "traefik.http.routers.dotfiles-rtr.rule=Host(`dotfiles.$DOMAINNAME`)" + - "traefik.http.routers.dotfiles-rtr.tls=true" + - "traefik.http.routers.dotfiles-rtr.service=dotfiles-svc" + - "traefik.http.services.dotfiles-svc.loadbalancer.server.port=2015" + logging: *default-logging +#+end_src + +=Caddyfile= +#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/dotfiles/Caddyfile +0.0.0.0:2015 { + root /srv/www/docs/ + + git { + repo https://git.tdehaeze.xyz/tdehaeze/literate-dotfiles + path /srv/www/ + interval -1 + hook /literate-dotfiles/webhook QHZgAKjD8q2v54Ru + } +} +#+end_src + +*** =help= - Help page for Jellyfin ([[https://git.tdehaeze.xyz/tdehaeze/family-page][link]]) +#+begin_src yaml + help: + container_name: help + image: abiosoft/caddy:1.0.3-no-stats + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - PLUGINS=git + volumes: + - $CONFIGDIR/help/Caddyfile:/etc/Caddyfile + - $CONFIGDIR/help/www:/srv/www + labels: + - "traefik.enable=true" + - "traefik.http.routers.help-rtr.entrypoints=web-secure" + - "traefik.http.routers.help-rtr.rule=Host(`help.$DOMAINNAME`)" + - "traefik.http.routers.help-rtr.tls=true" + - "traefik.http.routers.help-rtr.service=help-svc" + - "traefik.http.services.help-svc.loadbalancer.server.port=2015" + logging: *default-logging +#+end_src + +=Caddyfile= +#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/help/Caddyfile +0.0.0.0:2015 { + root /srv/www/ + + git { + repo https://git.tdehaeze.xyz/tdehaeze/family-page + path /srv/www/ + interval -1 + hook /help/webhook 0fdVzNShbcmw + } +} +#+end_src + +*** =mealie= - Recipe Manager ([[https://github.com/hay-kot/mealie][link]]) +#+begin_src yaml + miam: + container_name: miam + image: hkotel/mealie + restart: unless-stopped + networks: + - t2_proxy + environment: + - db_type=sqlite + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/mealie:/app/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.miam-rtr.entrypoints=web-secure" + - "traefik.http.routers.miam-rtr.rule=Host(`miam.$DOMAINNAME`)" + - "traefik.http.routers.miam-rtr.tls=true" + - "traefik.http.routers.miam-rtr.service=miam-svc" + - "traefik.http.services.miam-svc.loadbalancer.server.port=80" + logging: *default-logging +#+end_src + +*** =gitea= - Git server ([[https://github.com/go-gitea/gitea][link]]) +#+begin_src yaml + gitea: + container_name: git + image: gitea/gitea + depends_on: + - gitea_db + restart: unless-stopped + networks: + - t2_proxy + - backend + volumes: + - $CONFIGDIR/gitea:/data + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - SSH_PORT=$GITEA_SSH_PORT + ports: + - "2222:22" + labels: + - "traefik.enable=true" + - "traefik.http.routers.git-rtr.entrypoints=web-secure" + - "traefik.http.routers.git-rtr.rule=Host(`git.$DOMAINNAME`)" + - "traefik.http.routers.git-rtr.tls=true" + - "traefik.http.routers.git-rtr.service=git-svc" + - "traefik.http.services.git-svc.loadbalancer.server.port=3000" + logging: *default-logging +#+end_src + +#+begin_src yaml + gitea_db: + container_name: gitea_db + image: mariadb:10 + restart: unless-stopped + networks: + - backend + ports: + - 3306:3306 + environment: + - MYSQL_ROOT_PASSWORD=$GITEA_DB_MYSQL_ROOT_PASSWORD + - MYSQL_DATABASE=gitea + - MYSQL_USER=gitea + - MYSQL_PASSWORD=$GITEA_DB_MYSQL_PASSWORD + volumes: + - $CONFIGDIR/mariadb:/var/lib/mysql +#+end_src + +*** =changedetection= - Detect change in websites ([[https://github.com/dgtlmoon/changedetection.io][link]]) +#+begin_src yaml + changedetection: + container_name: changedetection + image: ghcr.io/dgtlmoon/changedetection.io + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + - BASE_URL=https://change.tdehaeze.xyz + volumes: + - $CONFIGDIR/changedetection:/datastore + labels: + - "traefik.enable=true" + - "traefik.http.routers.changedetection-rtr.entrypoints=web-secure" + - "traefik.http.routers.changedetection-rtr.rule=Host(`change.$DOMAINNAME`)" + - "traefik.http.routers.changedetection-rtr.tls=true" + - "traefik.http.routers.changedetection-rtr.service=changedetection-svc" + - "traefik.http.routers.changedetection-rtr.middlewares=authelia@docker" + - "traefik.http.services.changedetection-svc.loadbalancer.server.port=5000" + logging: *default-logging +#+end_src + +** Affichtoo +*** =japonais= - Affichtoo +#+begin_src yaml + affichtoo-japonais: + container_name: affichtoo-japonais + image: tdehaeze/affichtoo + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/japonais:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.japonais-rtr.entrypoints=web-secure" + - "traefik.http.routers.japonais-rtr.rule=Host(`japonais.$DOMAINNAME`)" + - "traefik.http.routers.japonais-rtr.tls=true" + - "traefik.http.routers.japonais-rtr.service=japonais-svc" + - "traefik.http.services.japonais-svc.loadbalancer.server.port=8000" + # - "traefik.http.routers.japonais-rtr.middlewares=japonais-auth" + logging: *default-logging +#+end_src + +*** =creperie= - Affichtoo +#+begin_src yaml + affichtoo-creperie: + container_name: affichtoo-creperie + image: tdehaeze/affichtoo + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/creperie:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.creperie-rtr.entrypoints=web-secure" + - "traefik.http.routers.creperie-rtr.rule=Host(`creperie.$DOMAINNAME`)" + - "traefik.http.routers.creperie-rtr.tls=true" + - "traefik.http.routers.creperie-rtr.service=creperie-svc" + - "traefik.http.services.creperie-svc.loadbalancer.server.port=8000" + # - "traefik.http.routers.creperie-rtr.middlewares=creperie-auth" + logging: *default-logging +#+end_src + +*** =burger= - Affichtoo +#+begin_src yaml + affichtoo-burger: + container_name: affichtoo-burger + image: tdehaeze/affichtoo + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/burger:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.burger-rtr.entrypoints=web-secure" + - "traefik.http.routers.burger-rtr.rule=Host(`burger.$DOMAINNAME`)" + - "traefik.http.routers.burger-rtr.tls=true" + - "traefik.http.routers.burger-rtr.service=burger-svc" + - "traefik.http.services.burger-svc.loadbalancer.server.port=8000" + # - "traefik.http.routers.burger-rtr.middlewares=burger-auth" + logging: *default-logging +#+end_src + +*** =indien= - Affichtoo +#+begin_src yaml + affichtoo-indien: + container_name: affichtoo-indien + image: tdehaeze/affichtoo + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/indien:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.indien-rtr.entrypoints=web-secure" + - "traefik.http.routers.indien-rtr.rule=Host(`indien.$DOMAINNAME`)" + - "traefik.http.routers.indien-rtr.tls=true" + - "traefik.http.routers.indien-rtr.service=indien-svc" + - "traefik.http.services.indien-svc.loadbalancer.server.port=8000" + # - "traefik.http.routers.indien-rtr.middlewares=indien-auth" + logging: *default-logging +#+end_src + +*** =italien= - Affichtoo +#+begin_src yaml + affichtoo-italien: + container_name: affichtoo-italien + image: tdehaeze/affichtoo + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/italien:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.italien-rtr.entrypoints=web-secure" + - "traefik.http.routers.italien-rtr.rule=Host(`italien.$DOMAINNAME`)" + - "traefik.http.routers.italien-rtr.tls=true" + - "traefik.http.routers.italien-rtr.service=italien-svc" + - "traefik.http.services.italien-svc.loadbalancer.server.port=8000" + # - "traefik.http.routers.italien-rtr.middlewares=italien-auth" + logging: *default-logging +#+end_src + +*** =libanais= - Affichtoo +#+begin_src yaml + affichtoo-libanais: + container_name: affichtoo-libanais + image: tdehaeze/affichtoo + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/libanais:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.libanais-rtr.entrypoints=web-secure" + - "traefik.http.routers.libanais-rtr.rule=Host(`libanais.$DOMAINNAME`)" + - "traefik.http.routers.libanais-rtr.tls=true" + - "traefik.http.routers.libanais-rtr.service=libanais-svc" + - "traefik.http.services.libanais-svc.loadbalancer.server.port=8000" + # - "traefik.http.routers.libanais-rtr.middlewares=libanais-auth" + logging: *default-logging +#+end_src + +** Multimedia +*** =jellyfin= - Media server ([[https://hub.docker.com/r/linuxserver/jellyfin][link]]) +#+begin_src yaml + jellyfin: + container_name: jellyfin + image: linuxserver/jellyfin + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/jellyfin:/config + - /srv/storage/TVShows:/data/tvshows + - /srv/storage/Documentaries:/data/documentaries + - /srv/storage/LiveMusic:/data/livemusic + - /srv/storage/Animes:/data/animes + - /srv/storage/Movies:/data/movies + - /srv/storage/Music:/data/music + - /srv/storage/StandUp:/data/standup + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + group_add: + - 109 + devices: + # VAAPI Devices + - /dev/dri/renderD128:/dev/dri/renderD128 + - /dev/dri/card0:/dev/dri/card0 + ports: + - 8096:8096 + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin-rtr.entrypoints=web-secure" + - "traefik.http.routers.jellyfin-rtr.rule=Host(`jellyfin.$DOMAINNAME`)" + - "traefik.http.routers.jellyfin-rtr.tls=true" + - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc" + - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" + logging: *default-logging +#+end_src + +*** =jfa-go= - Manage Jellyfin Users ([[https://github.com/hrfee/jfa-go][link]]) +#+begin_src yaml + jfa: + container_name: jfa + image: hrfee/jfa-go + restart: unless-stopped + depends_on: + - jellyfin + networks: + - t2_proxy + volumes: + - $CONFIGDIR/jfa:/data + - $CONFIGDIR/jellyfin:/jf + - /etc/localtime:/etc/localtime:ro + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + labels: + - "traefik.enable=true" + - "traefik.http.routers.jfa-rtr.entrypoints=web-secure" + - "traefik.http.routers.jfa-rtr.rule=Host(`jfa.$DOMAINNAME`)" + - "traefik.http.routers.jfa-rtr.tls=true" + - "traefik.http.routers.jfa-rtr.service=jfa-svc" + - "traefik.http.services.jfa-svc.loadbalancer.server.port=8056" + logging: *default-logging +#+end_src + +** Cloud +*** =syncthing= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) +#+begin_src yaml + syncthing: + container_name: syncthing + image: linuxserver/syncthing + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - UMASK_SET=022 + volumes: + - $CONFIGDIR/syncthing:/config + - /srv/storage/Cloud:/Cloud + - /srv/storage/Cloud/pictures/phone:/Pictures + - /srv/storage/Cloud/pdfs:/Onyx/Download + - /srv/storage/Cloud/pdfs-notes:/Onyx/note + - /srv/storage/Cloud/.stfolder:/Onyx/.stfolder + - /srv/storage/.password-store:/.password-store + ports: + - 22000:22000 + - 21027:21027/udp + labels: + - "traefik.enable=true" + - "traefik.http.routers.syncthing-rtr.entrypoints=web-secure" + - "traefik.http.routers.syncthing-rtr.rule=Host(`syncthing.$DOMAINNAME`)" + - "traefik.http.routers.syncthing-rtr.tls=true" + - "traefik.http.routers.syncthing-rtr.service=syncthing-svc" + - "traefik.http.routers.syncthing-rtr.middlewares=authelia@docker" + - "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384" + logging: *default-logging +#+end_src + +*** =sync-anne= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) +#+begin_src yaml + sync-anne: + container_name: sync-anne + image: linuxserver/syncthing + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - UMASK_SET=022 + volumes: + - $CONFIGDIR/sync-anne:/config + - /srv/storage/Users/anne:/Cloud + - /srv/storage/Users/anne/Photos/telephone:/telephone + ports: + - 22001:22001 + - 21028:21028/udp + labels: + - "traefik.enable=true" + - "traefik.http.routers.sync-anne-rtr.entrypoints=web-secure" + - "traefik.http.routers.sync-anne-rtr.rule=Host(`sync-anne.$DOMAINNAME`)" + - "traefik.http.routers.sync-anne-rtr.tls=true" + - "traefik.http.routers.sync-anne-rtr.service=sync-anne-svc" + - "traefik.http.routers.sync-anne-rtr.middlewares=authelia@docker" + - "traefik.http.services.sync-anne-svc.loadbalancer.server.port=8384" + logging: *default-logging +#+end_src + +*** =sync-jm= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) +#+begin_src yaml + sync-jm: + container_name: sync-jm + image: linuxserver/syncthing + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - UMASK_SET=022 + volumes: + - $CONFIGDIR/sync-jm:/config + - /srv/storage/Users/jean-marie:/Cloud + # - /srv/storage/Users/jean-marie/Photos/telephone:/telephone + ports: + - 22002:22002 + - 21029:21029/udp + labels: + - "traefik.enable=true" + - "traefik.http.routers.sync-jm-rtr.entrypoints=web-secure" + - "traefik.http.routers.sync-jm-rtr.rule=Host(`sync-jm.$DOMAINNAME`)" + - "traefik.http.routers.sync-jm-rtr.tls=true" + - "traefik.http.routers.sync-jm-rtr.service=sync-jm-svc" + - "traefik.http.routers.sync-jm-rtr.middlewares=authelia@docker" + - "traefik.http.services.sync-jm-svc.loadbalancer.server.port=8384" + logging: *default-logging +#+end_src + +*** =sync-ju= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) +#+begin_src yaml + sync-ju: + container_name: sync-ju + image: linuxserver/syncthing + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - UMASK_SET=022 + volumes: + - $CONFIGDIR/sync-ju:/config + - /srv/storage/Users/juliette:/Cloud + - /srv/storage/Cloud/personnal:/Cloud/Thomas + ports: + - 22003:22003 + - 21030:21030/udp + labels: + - "traefik.enable=true" + - "traefik.http.routers.sync-ju-rtr.entrypoints=web-secure" + - "traefik.http.routers.sync-ju-rtr.rule=Host(`sync-ju.$DOMAINNAME`)" + - "traefik.http.routers.sync-ju-rtr.tls=true" + - "traefik.http.routers.sync-ju-rtr.service=sync-ju-svc" + - "traefik.http.routers.sync-ju-rtr.middlewares=authelia@docker" + - "traefik.http.services.sync-ju-svc.loadbalancer.server.port=8384" + logging: *default-logging +#+end_src + +*** =filebrowser= - Web file browser ([[https://hub.docker.com/r/filebrowser/filebrowser][link]]) +#+begin_src yaml + filebrowser: + container_name: filebrowser + image: filebrowser/filebrowser + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/filebrowser/database.db:/database.db + - $CONFIGDIR/filebrowser/.filebrowser.json:/.filebrowser.json + - /srv/storage:/srv/storage + user: "${PUID}:${PGID}" + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + labels: + - "traefik.enable=true" + - "traefik.http.routers.filebrowser-rtr.entrypoints=web-secure" + - "traefik.http.routers.filebrowser-rtr.rule=Host(`cloud.$DOMAINNAME`)" + - "traefik.http.routers.filebrowser-rtr.tls=true" + - "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc" + - "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80" + logging: *default-logging +#+end_src + +=.filebrowser.json= + +#+begin_src json :tangle /ssh:thomas@homelab:~/docker/config/filebrowser/.filebrowser.json +{ + "port": 80, + "baseURL": "", + "address": "", + "log": "stdout", + "database": "/database.db", + "root": "/srv/storage" +} +#+end_src + +*** =radicale= - CalDAV/CardDAV server ([[https://github.com/tomsquest/docker-radicale][link]]) +#+begin_src yaml + radicale: + container_name: radicale + image: tomsquest/docker-radicale + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/radicale/config:/config:ro + - $CONFIGDIR/radicale/data:/data + environment: + - TZ=$TZ + - UID=$PUID + - GID=$PGID + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - SETUID + - SETGID + - CHOWN + - KILL + labels: + - "traefik.enable=true" + - "traefik.http.routers.radicale-rtr.entrypoints=web-secure" + - "traefik.http.routers.radicale-rtr.rule=Host(`radicale.$DOMAINNAME`)" + - "traefik.http.routers.radicale-rtr.tls=true" + - "traefik.http.routers.radicale-rtr.service=radicale-svc" + - "traefik.http.services.radicale-svc.loadbalancer.server.port=5232" + logging: *default-logging +#+end_src + +=config= +#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/radicale/config/config +[server] +hosts = 0.0.0.0:5232 + +[auth] +type = htpasswd +htpasswd_filename = /config/users +htpasswd_encryption = md5 + +[storage] +filesystem_folder = /data/collections +#+end_src + +*** =linkding= - Bookmark manager ([[https://github.com/sissbruecker/linkding][link]]) +#+begin_src yaml + linkding: + container_name: linkding + image: sissbruecker/linkding + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/linkding:/etc/linkding/data + environment: + - TZ=$TZ + - PUID=$PUID + - PGID=$PGID + labels: + - "traefik.enable=true" + - "traefik.http.routers.linkding-rtr.entrypoints=web-secure" + - "traefik.http.routers.linkding-rtr.rule=Host(`bm.$DOMAINNAME`)" + - "traefik.http.routers.linkding-rtr.tls=true" + - "traefik.http.routers.linkding-rtr.service=linkding-svc" + - "traefik.http.services.linkding-svc.loadbalancer.server.port=9090" + logging: *default-logging +#+end_src + +*** =restic-b2= - Automatic backups on BackBlaze ([[https://github.com/djmaze/resticker/][link]]) +#+begin_src yaml + restic-b2: + container_name: restic-b2 + image: mazzolino/restic + restart: unless-stopped + networks: + - t2_proxy + environment: + - BACKUP_CRON=0 30 0 * * * + - RESTIC_REPOSITORY=b2:tdehaeze:/restic + - RESTIC_PASSWORD=$RESTIC_PASSWORD + - RESTIC_BACKUP_SOURCES=/source + - RESTIC_FORGET_ARGS=--group-by tag --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune + - RESTIC_BACKUP_ARGS=--tag local --exclude-file /exclude.txt + - B2_ACCOUNT_ID=$RESTIC_B2_ACCOUNT_ID + - B2_ACCOUNT_KEY=$RESTIC_B2_ACCOUNT_KEY + - RESTIC_GOTIFY_TOKEN=$RESTIC_GOTIFY_TOKEN + - UID=$PUID + - GID=$PGID + - TZ=$TZ + - POST_COMMANDS_FAILURE=curl "https://gotify.tdehaeze.xyz/message?token=$RESTIC_GOTIFY_TOKEN" -F "title=Restic B2" -F "message=Backup failed" -F "priority=5" + volumes: + - $CONFIGDIR/restic-b2/exclude.txt:/exclude.txt:ro + - /srv/storage/Cloud/thesis:/source/Cloud/thesis:ro + - /home/thomas/docker:/source/docker:ro + logging: *default-logging +#+end_src + +=exclude.txt= - Exclude files + +#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/restic-b2/exclude.txt +*.db +*.log +*.log.* +/source/docker/config/gitea/git/ +/source/docker/config/guacamole/ +/source/docker/config/guacamole_db/ +/source/docker/config/mariadb/ +/source/docker/config/miniflux_db/ +/source/docker/config/jellyfin/data/ +/source/docker/config/dotfiles/www/ +/source/docker/config/web/www/ +#+end_src + +*** =restic-hc4= - Automatic backups on Odroid HC4 ([[https://github.com/djmaze/resticker/][link]]) +#+begin_src yaml + restic-hc4: + container_name: restic-hc4 + image: mazzolino/restic + restart: unless-stopped + networks: + - t2_proxy + environment: + - BACKUP_CRON=10 13 * * * + - RESTIC_REPOSITORY=sftp://thomas@pierrick.tdehaeze.xyz:10022//srv/storage/backup + - RESTIC_PASSWORD=$RESTIC_PASSWORD + - RESTIC_BACKUP_SOURCES=/source + - RESTIC_FORGET_ARGS=--group-by tag --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune + - RESTIC_BACKUP_ARGS=--tag local --exclude-file /exclude.txt + - RESTIC_GOTIFY_TOKEN=$RESTIC_GOTIFY_TOKEN + - UID=$PUID + - GID=$PGID + - TZ=$TZ + - POST_COMMANDS_FAILURE=curl "https://gotify.tdehaeze.xyz/message?token=$RESTIC_GOTIFY_TOKEN" -F "title=Restic HC4" -F "message=Backup failed" -F "priority=5" + - POST_COMMANDS_EXIT=ssh -p 10022 thomas@pierrick.tdehaeze.xyz "sudo systemctl poweroff" + volumes: + - $CONFIGDIR/restic-hc4/exclude.txt:/exclude.txt:ro + - /srv/storage/Users:/source/Users:ro + - /home/thomas/.ssh/known_hosts:/root/.ssh/known_hosts:ro + - /home/thomas/.ssh/id_rsa:/root/.ssh/id_rsa:ro + + logging: *default-logging +#+end_src + +=exclude.txt= - Exclude files + +#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/restic-hc4/exclude.txt +*.db +*.log +*.log.* +#+end_src + +*** =miniflux= - RSS reader ([[https://hub.docker.com/r/miniflux/miniflux][link]]) +#+begin_src yaml + miniflux: + container_name: miniflux + image: miniflux/miniflux + restart: unless-stopped + networks: + - t2_proxy + - backend + depends_on: + - miniflux_db + environment: + - DATABASE_URL=postgres://miniflux:SCJWWXqHwehP7f8g@miniflux_db/miniflux?sslmode=disable + - RUN_MIGRATIONS=1 + - CREATE_ADMIN=1 + - ADMIN_USERNAME=$MINIFLUX_ADMIN_NAME + - ADMIN_PASSWORD=$MINIFLUX_ADMIN_PASS + labels: + - "traefik.enable=true" + - "traefik.http.routers.miniflux-rtr.entrypoints=web-secure" + - "traefik.http.routers.miniflux-rtr.rule=Host(`rss.$DOMAINNAME`)" + - "traefik.http.routers.miniflux-rtr.tls=true" + - "traefik.http.routers.miniflux-rtr.service=miniflux-svc" + - "traefik.http.services.miniflux-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +#+begin_src yaml + miniflux_db: + container_name: miniflux_db + image: postgres:12 + restart: unless-stopped + networks: + - backend + environment: + - POSTGRES_USER=miniflux + - POSTGRES_PASSWORD=$MINIFLUX_POSTGRES_PASSWORD + volumes: + - $CONFIGDIR/miniflux_db:/var/lib/postgresql/data + logging: *default-logging +#+end_src + +** Home +*** =mosquitto= - MQTT broker ([[https://github.com/eclipse/mosquitto/][link]]) +#+begin_src yaml + mosquitto: + container_name: mosquitto + image: eclipse-mosquitto + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + expose: + - 1883 + - 9001 + ports: + - 1883:1883 + - 9001:9001 + volumes: + - $CONFIGDIR/mosquitto/config:/mosquitto/config + - $CONFIGDIR/mosquitto/log:/mosquitto/log + - $CONFIGDIR/mosquitto/data:/mosquitto/data + logging: *default-logging +#+end_src + +*** =zigbee2mqtt= - Zigbee to MQTT bridge ([[https://github.com/Koenkk/zigbee2mqtt/][link]]) +In =/etc/udev/rules.d/99-usb-serial.rules=: +#+begin_src conf :tangle no +SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="zigbee/slaesh" +#+end_src + +#+begin_src yaml + zigbee2mqtt: + container_name: zigbee2mqtt + image: koenkk/zigbee2mqtt + restart: unless-stopped + privileged: true + depends_on: + - mosquitto + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/zigbee2mqtt:/app/data + - /run/udev:/run/udev:ro + - /dev/zigbee:/dev/zigbee:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.zigbee2mqtt-rtr.entrypoints=web-secure" + - "traefik.http.routers.zigbee2mqtt-rtr.rule=Host(`zigbee2mqtt.$DOMAINNAME`)" + - "traefik.http.routers.zigbee2mqtt-rtr.tls=true" + - "traefik.http.routers.zigbee2mqtt-rtr.service=zigbee2mqtt-svc" + - "traefik.http.routers.zigbee2mqtt-rtr.middlewares=authelia@docker" + - "traefik.http.services.zigbee2mqtt-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +*** =node-red= - Automation tool +#+begin_src yaml + node-red: + container_name: node-red + image: nodered/node-red + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/node-red:/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.node-red-rtr.entrypoints=web-secure" + - "traefik.http.routers.node-red-rtr.rule=Host(`node-red.$DOMAINNAME`)" + - "traefik.http.routers.node-red-rtr.tls=true" + - "traefik.http.routers.node-red-rtr.service=node-red-svc" + - "traefik.http.routers.node-red-rtr.middlewares=authelia@docker" + - "traefik.http.services.node-red-svc.loadbalancer.server.port=1880" + logging: *default-logging +#+end_src + +*** =esphome= - Automation tool +#+begin_src yaml + esphome: + container_name: esphome + image: esphome/esphome + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - ESPHOME_DASHBOARD_USE_PING=true + volumes: + - $CONFIGDIR/esphome:/config + labels: + - "traefik.enable=true" + - "traefik.http.routers.esphome-rtr.entrypoints=web-secure" + - "traefik.http.routers.esphome-rtr.rule=Host(`esphome.$DOMAINNAME`)" + - "traefik.http.routers.esphome-rtr.tls=true" + - "traefik.http.routers.esphome-rtr.service=esphome-svc" + - "traefik.http.routers.esphome-rtr.middlewares=authelia@docker" + - "traefik.http.services.esphome-svc.loadbalancer.server.port=6052" + logging: *default-logging +#+end_src + +*** =tina2= - Web interface for 3D printing ([[https://github.com/OctoPrint/OctoPrint][link]]) +In order for the 3D printer to always have the same =/dev/path=, =sudoedit /etc/udev/rules.d/99-usb-serial.rules=: +#+begin_src conf :tangle no +SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="3d-printer/tina2" +#+end_src + +#+begin_src yaml + tina2: + container_name: tina2 + image: octoprint/octoprint + restart: unless-stopped + privileged: true + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/tina2:/octoprint + - /run/udev:/run/udev:ro + - /dev/3d-printer:/dev/3d-printer:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.tina2-rtr.entrypoints=web-secure" + - "traefik.http.routers.tina2-rtr.rule=Host(`3d-printer.$DOMAINNAME`)" + - "traefik.http.routers.tina2-rtr.tls=true" + - "traefik.http.routers.tina2-rtr.service=tina2-svc" + - "traefik.http.services.tina2-svc.loadbalancer.server.port=80" + logging: *default-logging +#+end_src + +** Download +*** =transmission-openvpn= - Torrent server ([[https://hub.docker.com/r/haugene/transmission-openvpn][link]]) +#+begin_src yaml + transmission: + container_name: transmission + image: haugene/transmission-openvpn + cap_add: + - NET_ADMIN + networks: + - t2_proxy + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 + restart: unless-stopped + ports: + - 9091:9091 + dns: + - 8.8.8.8 + - 8.8.4.4 + volumes: + - /etc/localtime:/etc/localtime:ro + - $CONFIGDIR/transmission:/config + - /srv/storage/Downloads:/data + - /srv/storage/Downloads/watch:/watch + environment: + - CREATE_TUN_DEVICE=true + - PUID=$PUID + - PGID=$PGID + - TRANSMISSION_WEB_UI=flood-for-transmission + - LOCAL_NETWORK=192.168.0.0/16 + - OPENVPN_PROVIDER=NORDVPN + - OPENVPN_USERNAME=$NORDVPN_NAME + - OPENVPN_PASSWORD=$NORDVPN_PASS + - NORDVPN_COUNTRY=FR + - NORDVPN_CATEGORY=legacy_p2p + - NORDVPN_PROTOCOL=udp + - TRANSMISSION_UTP_ENABLED=false + - TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true + - TRANSMISSION_RPC_USERNAME=$TRANSMISSION_NAME + - TRANSMISSION_RPC_PASSWORD=$TRANSMISSION_PASS + labels: + - "traefik.enable=true" + - "traefik.docker.network=t2_proxy" + - "traefik.http.routers.transmission-rtr.entrypoints=web-secure" + - "traefik.http.routers.transmission-rtr.rule=Host(`torrent.$DOMAINNAME`)" + - "traefik.http.routers.transmission-rtr.tls=true" + - "traefik.http.routers.transmission-rtr.service=transmission-svc" + - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091" + logging: *default-logging +#+end_src + +*** =flaresolverr= +#+begin_src yaml + flaresolverr: + container_name: flaresolverr + image: ghcr.io/flaresolverr/flaresolverr:latest + restart: unless-stopped + networks: + - t2_proxy + environment: + - LOG_LEVEL=info + - LOG_HTML=false + - CAPTCHA_SOLVER=none + - TZ=$TZ + labels: + - "traefik.enable=true" + - "traefik.http.routers.flaresolverr-rtr.entrypoints=web-secure" + - "traefik.http.routers.flaresolverr-rtr.rule=Host(`flaresolverr.$DOMAINNAME`)" + - "traefik.http.routers.flaresolverr-rtr.tls=true" + # - "traefik.http.routers.flaresolverr-rtr.middlewares=authelia@docker" + - "traefik.http.routers.flaresolverr-rtr.service=flaresolverr-svc" + - "traefik.http.services.flaresolverr-svc.loadbalancer.server.port=8191" +#+end_src + + +*** =prowlarr= - API support for torrents ([[https://github.com/Prowlarr/Prowlarr][link]]) :noexport: +#+begin_src yaml + prowlarr: + container_name: prowlarr + image: lscr.io/linuxserver/prowlarr:develop + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - AUTO_UPDATE=true + volumes: + - $CONFIGDIR/prowlarr:/config + labels: + - "traefik.enable=true" + - "traefik.http.routers.prowlarr-rtr.entrypoints=web-secure" + - "traefik.http.routers.prowlarr-rtr.rule=Host(`prowlarr.$DOMAINNAME`)" + - "traefik.http.routers.prowlarr-rtr.tls=true" + # - "traefik.http.routers.prowlarr-rtr.middlewares=authelia@docker" + - "traefik.http.routers.prowlarr-rtr.service=prowlarr-svc" + - "traefik.http.services.prowlarr-svc.loadbalancer.server.port=9696" +#+end_src + +*** =jellyseerr= - Managing requests for the media library ([[https://github.com/Fallenbagel/jellyseerr][link]]) :noexport: +#+begin_src yaml + jellyseerr: + container_name: jellyseerr + image: fallenbagel/jellyseerr + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/jellyseerr:/app/config + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyseerr-rtr.entrypoints=web-secure" + - "traefik.http.routers.jellyseerr-rtr.rule=Host(`jellyseerr.$DOMAINNAME`)" + - "traefik.http.routers.jellyseerr-rtr.tls=true" + # - "traefik.http.routers.jellyseerr-rtr.middlewares=authelia@docker" + - "traefik.http.routers.jellyseerr-rtr.service=jellyseerr-svc" + - "traefik.http.services.jellyseerr-svc.loadbalancer.server.port=5055" +#+end_src + +*** =qobuz= - Qobuz Downloader ([[https://github.com/tdehaeze/qobuz-docker][link]]) :noexport: +#+begin_src yaml + qobuz: + container_name: qobuz + image: tdehaeze/docker-qobuz + restart: unless-stopped + networks: + - t2_proxy + volumes: + - /srv/storage/Music:/downloads + environment: + - TZ=$TZ + - QOBUZNAME=$QOBUZNAME + - QOBUZPASS=$QOBUZPASS + - DOWNLOADDIR=/downloads + - JELLYFINURL=https://jellyfin.tdehaeze.xyz/library/refresh + - JELLYFINTOKEN=$JELLYFINTOKEN + - NOTIF_TYPE=gotify + - GOTIFY_URL=$GOTIFY_URL + - GOTIFY_TOKEN=$QOBUZ_GOTIFY_TOKEN + user: "${PUID}:${PGID}" + labels: + - "traefik.enable=true" + - "traefik.http.routers.qobuz-rtr.entrypoints=web-secure" + - "traefik.http.routers.qobuz-rtr.rule=Host(`qobuz.$DOMAINNAME`)" + - "traefik.http.routers.qobuz-rtr.tls=true" + - "traefik.http.routers.qobuz-rtr.service=qobuz-svc" + - "traefik.http.routers.qobuz-rtr.middlewares=authelia@docker" + - "traefik.http.services.qobuz-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +*** =sonarr= - Automatically download TVshows ([[https://github.com/Sonarr/Sonarr][link]]) :noexport: +#+begin_src yaml + sonarr: + container_name: sonarr + image: lscr.io/linuxserver/sonarr + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - UMASK_SET=022 + volumes: + - $CONFIGDIR/sonarr:/config + - /srv/storage/TVShows:/data/tv + - /srv/storage/Animes:/data/animes + - /srv/storage/Downloads:/data/downloads + labels: + - "traefik.enable=true" + - "traefik.http.routers.sonarr-rtr.entrypoints=web-secure" + - "traefik.http.routers.sonarr-rtr.rule=Host(`sonarr.$DOMAINNAME`)" + - "traefik.http.routers.sonarr-rtr.tls=true" + - "traefik.http.routers.sonarr-rtr.middlewares=authelia@docker" + - "traefik.http.routers.sonarr-rtr.service=sonarr-svc" + - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989" +#+end_src + +*** =radarr= - Automatically download Movies ([[https://github.com/Radarr/Radarr][link]]) :noexport: +#+begin_src yaml + radarr: + container_name: radarr + image: lscr.io/linuxserver/radarr + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - UMASK_SET=022 + volumes: + - $CONFIGDIR/radarr:/config + - /srv/storage/Movies:/movies + - /srv/storage/Downloads:/downloads + labels: + - "traefik.enable=true" + - "traefik.http.routers.radarr-rtr.entrypoints=web-secure" + - "traefik.http.routers.radarr-rtr.rule=Host(`radarr.$DOMAINNAME`)" + - "traefik.http.routers.radarr-rtr.tls=true" + - "traefik.http.routers.radarr-rtr.middlewares=authelia@docker" + - "traefik.http.routers.radarr-rtr.service=radarr-svc" + - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878" +#+end_src + +* Docker-Compose OLD :noexport: +** =adguardhome= - Network-wide ads & trackers blocking DNS server ([[https://github.com/AdguardTeam/AdGuardHome][link]]) +#+begin_src yaml :tangle no + adguardhome: + container_name: adguardhome + image: adguard/adguardhome + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/adguardhome/work:/opt/adguardhome/work + - $CONFIGDIR/adguardhome/conf:/opt/adguardhome/conf + ports: + - 53:53/tcp + - 53:53/udp + # - 853:853 + labels: + - "traefik.enable=true" + - "traefik.http.routers.adguardhome-rtr.entrypoints=web-secure" + - "traefik.http.routers.adguardhome-rtr.rule=Host(`adguardhome.$DOMAINNAME`)" + - "traefik.http.routers.adguardhome-rtr.tls=true" + - "traefik.http.routers.adguardhome-rtr.service=adguardhome-svc" + - "traefik.http.routers.adguardhome-rtr.middlewares=authelia@docker" + - "traefik.http.services.adguardhome-svc.loadbalancer.server.port=3000" + logging: *default-logging +#+end_src + +** =metube= - Download Youtube Videos ([[https://github.com/alexta69/metube][link]]) +#+begin_src yaml :tangle no + metube: + container_name: metube + image: alexta69/metube + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - STATE_DIR=/statedir + user: "1000:1000" + volumes: + - /srv/storage/Downloads/youtube:/downloads + - $CONFIGDIR/metube:/statedir + labels: + - "traefik.enable=true" + - "traefik.http.routers.metube-rtr.entrypoints=web-secure" + - "traefik.http.routers.metube-rtr.rule=Host(`metube.$DOMAINNAME`)" + - "traefik.http.routers.metube-rtr.tls=true" + # - "traefik.http.routers.metube-rtr.middlewares=authelia@docker" + - "traefik.http.routers.metube-rtr.service=metube-svc" + - "traefik.http.services.metube-svc.loadbalancer.server.port=8081" +#+end_src + +** =joal= - Seeding Torrents ([[https://github.com/anthonyraymond/joal][link]]) :noexport: +#+begin_src yaml :tangle no + joal: + image: anthonyraymond/joal + container_name: joal + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/joal:/data + command: ["--joal-conf=/data", "--spring.main.web-environment=true", "--server.port=80", "--joal.ui.path.prefix=joal", "--joal.ui.secret-token=$JOALTOKEN"] + labels: + - "traefik.enable=true" + - "traefik.http.routers.joal-rtr.entrypoints=web-secure" + - "traefik.http.routers.joal-rtr.rule=Host(`joal.$DOMAINNAME`)" + - "traefik.http.routers.joal-rtr.tls=true" + - "traefik.http.routers.joal-rtr.service=joal-svc" + - "traefik.http.routers.joal-rtr.middlewares=authelia@docker" + - "traefik.http.services.joal-svc.loadbalancer.server.port=80" + logging: *default-logging +#+end_src + +** =jackett= - API support for torrents ([[https://github.com/Jackett/Jackett][link]]) +#+begin_src yaml :tangle no + jackett: + container_name: jackett + image: lscr.io/linuxserver/jackett + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - AUTO_UPDATE=true + volumes: + - $CONFIGDIR/jackett:/config + - /srv/storage/Downloads:/downloads + labels: + - "traefik.enable=true" + - "traefik.http.routers.jackett-rtr.entrypoints=web-secure" + - "traefik.http.routers.jackett-rtr.rule=Host(`jackett.$DOMAINNAME`)" + - "traefik.http.routers.jackett-rtr.tls=true" + - "traefik.http.routers.jackett-rtr.middlewares=authelia@docker" + - "traefik.http.routers.jackett-rtr.service=jackett-svc" + - "traefik.http.services.jackett-svc.loadbalancer.server.port=9117" +#+end_src + +** =alfawiseu20= - Web interface for 3D printing ([[https://github.com/OctoPrint/OctoPrint][link]]) +#+begin_src yaml + octoprint: + container_name: alfawiseu20 + image: octoprint/octoprint + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + privileged: true + volumes: + - $CONFIGDIR/alfawiseu20:/octoprint + - /dev/bus/usb:/dev/bus/usb + labels: + - "traefik.enable=true" + - "traefik.http.routers.alfawiseu20-rtr.entrypoints=web-secure" + - "traefik.http.routers.alfawiseu20-rtr.rule=Host(`alfawiseu20.$DOMAINNAME`)" + - "traefik.http.routers.alfawiseu20-rtr.tls=true" + - "traefik.http.routers.alfawiseu20-rtr.service=alfawiseu20-svc" + - "traefik.http.routers.alfawiseu20-rtr.middlewares=authelia@docker" + - "traefik.http.services.alfawiseu20-svc.loadbalancer.server.port=80" + logging: *default-logging +#+end_src + +** =portainer= - Manage docker ([[https://github.com/portainer/portainer][link]]) +#+begin_src yaml :tangle no + portainer: + container_name: portainer + image: portainer/portainer + restart: unless-stopped + command: -H unix:///var/run/docker.sock + networks: + - t2_proxy + security_opt: + - no-new-privileges:true + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - $CONFIGDIR/portainer:/data + environment: + - TZ=$TZ + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer-rtr.entrypoints=web-secure" + - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME`)" + - "traefik.http.routers.portainer-rtr.tls=true" + - "traefik.http.routers.portainer-rtr.service=portainer-svc" + - "traefik.http.routers.portainer-rtr.middlewares=authelia@docker" + - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" + logging: *default-logging +#+end_src + +** =ddns= - Dynamic DNS Server +#+begin_src yaml :tangle no + ddns: + container_name: ddns + image: davd/docker-ddns + restart: unless-stopped + networks: + - t2_proxy + environment: + - RECORD_TTL=60 + - ZONE=example.org + - SHARED_SECRET=9Kzd9vSyPQuO4CPO +# volumes: +# - ./bind-data:/var/cache/bind + ports: + - "53:53" + - "53:53/udp" + labels: + - "traefik.enable=true" + - "traefik.http.routers.ddns-rtr.entrypoints=web-secure" + - "traefik.http.routers.ddns-rtr.rule=Host(`ddns.$DOMAINNAME`)" + - "traefik.http.routers.ddns-rtr.tls=true" + - "traefik.http.routers.ddns-rtr.service=ddns-svc" + - "traefik.http.services.ddns-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +** Wireguard +#+begin_src yaml + wireguard: + container_name: wireguard + image: linuxserver/wireguard + restart: unless-stopped + networks: + - t2_proxy + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - SERVERURL=wireguard.tdehaeze.xyz + - SERVERPORT=51820 + - PEERS=4 + - PEERDNS=8.8.8.8 + volumes: + - $CONFIGDIR/wireguard:/config + - /lib/modules:/lib/modules + ports: + - 51820:51820/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + logging: *default-logging +#+end_src + +** =docker-torrent= - Download Torrents from YGG ([[https://github.com/tdehaeze/qobuz-docker][link]]) +#+begin_src yaml + down: + container_name: down + image: tdehaeze/docker-torrent + restart: always + networks: + - t2_proxy + volumes: + - /srv/storage/Downloads/watch:/watch + - /srv/storage/Cloud/org/asked-list.org:/list.org + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - YGGTORRENTNAME=$YGGTORRENTNAME + - YGGTORRENTPASS=$YGGTORRENTPASS + - NOTIF_TYPE=gotify + - GOTIFY_URL=$GOTIFY_URL + - GOTIFY_TOKEN=$DOWN_GOTIFY_TOKEN + user: "${PUID}:${PGID}" + labels: + - "traefik.enable=true" + - "traefik.http.routers.down-rtr.entrypoints=web-secure" + - "traefik.http.routers.down-rtr.rule=Host(`down.$DOMAINNAME`)" + - "traefik.http.routers.down-rtr.tls=true" + - "traefik.http.routers.down-rtr.service=down-svc" + - "traefik.http.services.down-svc.loadbalancer.server.port=3000" + logging: *default-logging +#+end_src + +** =snapraid= - Manage local backup with parity disk ([[https://github.com/amadvance/snapraid][link]]) #+begin_src yaml snapraid: container_name: snapraid @@ -767,15 +2810,15 @@ parity /mnt/parity/snapraid.parity # They can be in the disks used for data, parity or boot, # but each file must be in a different disk # Format: "content FILE_PATH" -content /var/snapraid.content +# content /var/snapraid.content content /mnt/disk0/.snapraid.content content /mnt/disk1/.snapraid.content # Defines the data disks to use # The order is relevant for parity, do not change it # Format: "disk DISK_NAME DISK_MOUNT_POINT" -disk d0 /mnt/disk0 -disk d1 /mnt/disk1 +disk disk0 /mnt/disk0 +disk disk1 /mnt/disk1 # Excludes hidden files and directories (uncomment to enable). #nohidden @@ -786,12 +2829,9 @@ disk d1 /mnt/disk1 # Format: "exclude DIR/" # Format: "exclude /PATH/FILE" # Format: "exclude /PATH/DIR/" -exclude *.unrecoverable exclude /tmp/ exclude /lost+found/ exclude *.!sync -exclude .AppleDouble -exclude ._AppleDouble exclude .DS_Store exclude ._.DS_Store exclude .Thumbs.db @@ -799,7 +2839,6 @@ exclude .fseventsd exclude .Spotlight-V100 exclude .TemporaryItems exclude .Trashes -exclude .AppleDB #+end_src =snapraid-runner.conf= @@ -849,1025 +2888,116 @@ older-than = 10 #+end_src -*** =scrutiny= - Hard drive monitoring ([[https://hub.docker.com/r/hotio/scrutiny][link]]) +** =gluetun= - Provide VPN connection to other containers ([[https://github.com/bubuntux/nordvpn][link]]) #+begin_src yaml - scrutiny: - container_name: scrutiny - image: linuxserver/scrutiny + gluetun: + image: qmcgaw/gluetun:v3.28.2 + container_name: gluetun restart: unless-stopped - networks: - - t2_proxy - cap_add: - - SYS_RAWIO - - SYS_ADMIN - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - SCRUTINY_WEB=true - - SCRUTINY_COLLECTOR=false - volumes: - - $CONFIGDIR/scrutiny:/config - - /run/udev:/run/udev:ro - devices: - - /dev/sda:/dev/sda - - /dev/sdb:/dev/sdb - - /dev/sdc:/dev/sdc - - /dev/sdd:/dev/sdd - - /dev/nvme0n1:/dev/nvme0n1 - labels: - - "traefik.enable=true" - - "traefik.http.routers.scrutiny-rtr.entrypoints=https" - - "traefik.http.routers.scrutiny-rtr.rule=Host(`scrutiny.$DOMAINNAME`)" - - "traefik.http.routers.scrutiny-rtr.tls=true" - - "traefik.http.routers.scrutiny-rtr.service=scrutiny-svc" - - "traefik.http.routers.scrutiny-rtr.middlewares=authelia@docker" - - "traefik.http.services.scrutiny-svc.loadbalancer.server.port=8080" - logging: *default-logging -#+end_src - -*** =wireguard= - VPN ([[https://github.com/linuxserver/docker-wireguard][link]]) -#+begin_src yaml :tangle no - wireguard: - container_name: wireguard - image: linuxserver/wireguard - restart: unless-stopped - networks: - - t2_proxy cap_add: - NET_ADMIN - - SYS_MODULE - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - SERVERURL=wireguard.tdehaeze.xyz - - SERVERPORT=51820 - - PEERS=4 - - PEERDNS=8.8.8.8 - volumes: - - $CONFIGDIR/wireguard:/config - - /lib/modules:/lib/modules + network_mode: bridge ports: - - 51820:51820/udp + - 8065:8065 # For transmission + - 9091:9091 # For transmission + - 51413:51413 # For transmission + - 51413:51413/udp # For transmission + environment: + - OPENVPN_USER=$NORDVPN_NAME + - OPENVPN_PASSWORD=$NORDVPN_PASS + - VPNSP=nordvpn + - REGION=France + - SERVER_NUMBER=822 + - TZ=$TZ + volumes: + - $CONFIGDIR/gluetun:/config logging: *default-logging #+end_src +** =transmission= - Torrent client ([[https://hub.docker.com/r/linuxserver/transmission][link]]) #+begin_src yaml - wireguard: - container_name: wireguard - image: weejewel/wg-easy + transmission: + container_name: transmission + image: lscr.io/linuxserver/transmission restart: unless-stopped - networks: - - t2_proxy - cap_add: - - NET_ADMIN - - SYS_MODULE + network_mode: container:gluetun environment: - PUID=$PUID - PGID=$PGID - TZ=$TZ - - WG_HOST=wireguard.tdehaeze.xyz - - PASSWORD=$WIREGUARD_PASS + - USER=$TRANSMISSION_NAME + - PASS=$TRANSMISSION_PASS + - TRANSMISSION_WEB_HOME=/flood-for-transmission/ volumes: - - $CONFIGDIR/wg-easy:/etc/wireguard - - /lib/modules:/lib/modules + - $CONFIGDIR/transmission:/config + - /srv/storage/Downloads:/downloads + - /srv/storage/Downloads/watch:/watch + logging: *default-logging +#+end_src + +** =ihatemoney= - Tricount Alternative ([[https://github.com/spiral-project/ihatemoney][link]]) +#+begin_src yaml + tricount: + container_name: tricount + image: ihatemoney/ihatemoney + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/tricount:/database + labels: + - "traefik.enable=true" + - "traefik.http.routers.tricount-rtr.entrypoints=web-secure" + - "traefik.http.routers.tricount-rtr.rule=Host(`tricount.$DOMAINNAME`)" + - "traefik.http.routers.tricount-rtr.tls=true" + - "traefik.http.routers.tricount-rtr.service=tricount-svc" + # - "traefik.http.routers.tricount-rtr.middlewares=authelia@docker" + - "traefik.http.services.tricount-svc.loadbalancer.server.port=8000" + logging: *default-logging +#+end_src + +** =homeassistant= - Home Automation ([[https://hub.docker.com/r/homeassistant/home-assistant][link]]) +#+begin_src yaml + homeassistant: + container_name: homeassistant + image: homeassistant/home-assistant + restart: unless-stopped + #networks: + # - t2_proxy + #ports: + # - target: 8123 + # published: 8123 + # protocol: tcp + # mode: host + privileged: true ports: - - 51820:51820/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.wireguard-rtr.entrypoints=https" - - "traefik.http.routers.wireguard-rtr.rule=Host(`wireguard.$DOMAINNAME`)" - - "traefik.http.routers.wireguard-rtr.tls=true" - - "traefik.http.routers.wireguard-rtr.service=wireguard-svc" - - "traefik.http.routers.wireguard-rtr.middlewares=authelia@docker" - - "traefik.http.services.wireguard-svc.loadbalancer.server.port=51821" - logging: *default-logging -#+end_src - -*** =nginx= - Root (used for Matrix) -#+begin_src yaml - root: - container_name: root - image: nginx - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ + - 8123:8123 + # network_mode: host volumes: - - $CONFIGDIR/root/nginx.conf:/etc/nginx/nginx.conf - labels: - - "traefik.enable=true" - - "traefik.http.routers.root-rtr.entrypoints=https" - - "traefik.http.routers.root-rtr.rule=Host(`$DOMAINNAME`)" - - "traefik.http.routers.root-rtr.tls=true" - - "traefik.http.routers.root-rtr.service=root-svc" - - "traefik.http.services.root-svc.loadbalancer.server.port=8080" - logging: *default-logging -#+end_src - -=nginx.conf= -#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/root/Caddyfile -events { - -} - -http { - server { - server_name tdehaeze.xyz; - listen 8080; - - location /.well-known/matrix/client { - proxy_pass https://matrix.tdehaeze.xyz/.well-known/matrix/client; - proxy_set_header X-Forwarded-For $remote_addr; - } - - location /.well-known/matrix/server { - proxy_pass https://matrix.tdehaeze.xyz/.well-known/matrix/server; - proxy_set_header X-Forwarded-For $remote_addr; - } - } -} -#+end_src - -*** =diun= - Notification for Docker image updates ([[https://github.com/crazy-max/diun/][link]]) -#+begin_src yaml - diun: - container_name: diun - image: crazymax/diun - restart: unless-stopped - networks: - - backend - environment: - - TZ=$TZ - - LOG_LEVEL=info - - LOG_JSON=false - - DIUN_WATCH_WORKERS=20 - - DIUN_WATCH_SCHEDULE=0 7 * * 6 - - DIUN_PROVIDERS_DOCKER=true - - DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true - - DIUN_NOTIF_GOTIFY_ENDPOINT=$GOTIFY_URL - - DIUN_NOTIF_GOTIFY_TOKEN=$DIUN_GOTIFY_TOKEN - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - $CONFIGDIR/diun:/data - logging: *default-logging -#+end_src - -** Websites -*** =wasabi= - Affichtoo -#+begin_src yaml - wasabi: - container_name: wasabi - image: tdehaeze/affichtoo - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/wasabi/config:/app/config - labels: - - "traefik.enable=true" - - "traefik.http.routers.wasabi-rtr.entrypoints=https" - - "traefik.http.routers.wasabi-rtr.rule=Host(`wasabi.$DOMAINNAME`)" - - "traefik.http.routers.wasabi-rtr.tls=true" - - "traefik.http.routers.wasabi-rtr.service=wasabi-svc" - - "traefik.http.services.wasabi-svc.loadbalancer.server.port=8000" - - "traefik.http.routers.wasabi-rtr.middlewares=wasabi-auth" - logging: *default-logging -#+end_src - -*** =potaupho= - Affichtoo -#+begin_src yaml - potaupho: - container_name: potaupho - image: tdehaeze/affichtoo - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/potaupho/config:/app/config - labels: - - "traefik.enable=true" - - "traefik.http.routers.potaupho-rtr.entrypoints=https" - - "traefik.http.routers.potaupho-rtr.rule=Host(`potaupho.$DOMAINNAME`)" - - "traefik.http.routers.potaupho-rtr.tls=true" - - "traefik.http.routers.potaupho-rtr.service=potaupho-svc" - - "traefik.http.services.potaupho-svc.loadbalancer.server.port=8000" - - "traefik.http.routers.potaupho-rtr.middlewares=potaupho-auth" - logging: *default-logging -#+end_src - -*** =homer= - Home page ([[https://github.com/bastienwirtz/homer][link]]) -#+begin_src yaml - homer: - container_name: homer - image: b4bz/homer - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/homer/assets/:/www/assets - labels: - - "traefik.enable=true" - - "traefik.http.routers.homer-rtr.entrypoints=https" - - "traefik.http.routers.homer-rtr.rule=Host(`homer.$DOMAINNAME`)" - - "traefik.http.routers.homer-rtr.tls=true" - - "traefik.http.routers.homer-rtr.service=homer-svc" - - "traefik.http.services.homer-svc.loadbalancer.server.port=8080" - logging: *default-logging -#+end_src - -=config.yml= -#+begin_src yaml :tangle /ssh:thomas@homelab:~/docker/config/homer/assets/config.yml ---- -title: "Homepage" -subtitle: "" -logo: "assets/homer.png" -header: false -footer: false - -columns: "auto" -connectivityCheck: false - -theme: default - -links: [] - -services: - - name: "Websites" - icon: "fas fa-desktop" - items: - - name: "Brain" - logo: "/assets/tools/brain.png" - subtitle: "Digital Brain" - url: "https://brain.tdehaeze.xyz" - - name: "Wiki" - logo: "/assets/tools/wikijs.png" - subtitle: "Shared Wiki" - url: "https://wiki.tdehaeze.xyz" - - name: "Research" - logo: "/assets/tools/orgmode.png" - subtitle: "Research Pages" - url: "https://research.tdehaeze.xyz" - - name: "Dotfiles" - logo: "/assets/tools/dotfiles.png" - subtitle: "My Literate Dotfiles" - url: "https://dotfiles.tdehaeze.xyz" - - name: "Miam" - logo: "/assets/tools/miam.png" - subtitle: "Personnal Recipes" - url: "https://miam.tdehaeze.xyz" - - name: "Multimedia" - icon: "fas fa-photo-video" - items: - - name: "Jellyfin" - logo: "/assets/tools/jellyfin.png" - subtitle: "Media Library" - url: "https://jellyfin.tdehaeze.xyz" - - name: "Audioserve" - logo: "/assets/tools/audiobook.png" - subtitle: "Audiobook Server" - url: "https://audiobook.tdehaeze.xyz" - - name: "Kavita" - logo: "/assets/tools/kavita.png" - subtitle: "Book Library" - url: "https://kavita.tdehaeze.xyz" - - name: "Cloud" - icon: "fas fa-cloud" - items: - - name: "File Browser" - logo: "/assets/tools/cloud.png" - subtitle: "Simple Personnal Could" - url: "https://cloud.tdehaeze.xyz" - - name: "Syncthing" - logo: "/assets/tools/syncthing.png" - subtitle: "P2P Sync" - url: "https://syncthing.tdehaeze.xyz" - - name: "Radicale" - logo: "/assets/tools/radicale.png" - subtitle: "CalDAV/CardDAV Server" - url: "https://radicale.tdehaeze.xyz" - - name: "Miniflux" - logo: "/assets/tools/miniflux.png" - subtitle: "RSS Feeds" - url: "https://rss.tdehaeze.xyz" - - name: "LinkDing" - logo: "/assets/tools/linkding.png" - subtitle: "Bookmark Manager" - url: "https://bm.tdehaeze.xyz" - - name: "Gitea" - logo: "/assets/tools/gitea.png" - subtitle: "Git Server" - url: "https://git.tdehaeze.xyz" - - name: "Download" - icon: "fas fa-download" - items: - - name: "Down" - logo: "/assets/tools/down.png" - subtitle: "Torrent Download" - url: "https://down.tdehaeze.xyz/" - - name: "Qobuz" - subtitle: "Music Download" - logo: "/assets/tools/qobuz.png" - url: "https://qobuz.tdehaeze.xyz" - - name: "Transmission" - logo: "/assets/tools/transmission.png" - subtitle: "Torrent Client" - url: "http://torrent.tdehaeze.xyz:9091/transmission/web/" - - name: "Joal" - logo: "/assets/tools/joal.png" - subtitle: "Increase Ratio" - url: "https://joal.tdehaeze.xyz/joal/ui/#/" - - name: "Config" - icon: "fas fa-cog" - items: - - name: "Portainer" - logo: "/assets/tools/portainer.png" - subtitle: "Manger Docker" - url: "https://portainer.tdehaeze.xyz/#/containers" - - name: "Traefik" - logo: "/assets/tools/traefik.png" - subtitle: "Reverse Proxy" - url: "https://traefik.tdehaeze.xyz" - - name: "Uptime" - logo: "/assets/tools/uptime.png" - subtitle: "Monitoring" - url: "https://uptime.tdehaeze.xyz" - - name: "Commento" - logo: "/assets/tools/commento.png" - subtitle: "Commenting System" - url: "https://commento.tdehaeze.xyz" - - name: "Gotify" - logo: "/assets/tools/gotify.png" - subtitle: "Messaging System" - url: "https://gotify.tdehaeze.xyz" - - name: "JFA-Go" - logo: "/assets/tools/jellyfin.png" - subtitle: "Manage Jellyfin Users" - url: "http://jfa.tdehaeze.xyz/" - - name: "Scrutiny" - logo: "/assets/tools/scrutiny.png" - subtitle: "S.M.A.R.T" - url: "http://scrutiny.tdehaeze.xyz/web/dashboard" - - name: "Home" - icon: "fas fa-home" - items: - - name: "OpenWRT" - logo: "/assets/tools/openwrt.png" - subtitle: "Router" - url: "https://openwrt.tdehaeze.xyz/" - - name: "Home Assistant" - logo: "/assets/tools/homeassistant.png" - subtitle: "Home Assistant" - url: "http://home.tdehaeze.xyz:8123" - - name: "Changedetection.io" - logo: "/assets/tools/changedetection.png" - subtitle: "Detect change in websites" - url: "https://change.tdehaeze.xyz" - - name: "Zigbee2MQTT" - logo: "/assets/tools/zigbee2mqtt.png" - subtitle: "Zigbee2MQTT" - url: "https://zigbee2mqtt.tdehaeze.xyz/" - - name: "Node Red" - logo: "/assets/tools/node-red.png" - subtitle: "Event-driven applications" - url: "https://node-red.tdehaeze.xyz/" - - name: "ESPHome" - logo: "/assets/tools/esphome.png" - subtitle: "System to control ESP8266/ESP32" - url: "https://esphome.tdehaeze.xyz/" - - name: "OctoPrint" - logo: "/assets/tools/octoprint.png" - subtitle: "3D-Printing" - url: "https://octoprint.tdehaeze.xyz/" -#+end_src - -*** =hugo= - Wiki + Blog ([[https://git.tdehaeze.xyz/tdehaeze/digital-brain][link]]) -#+begin_src yaml - hugo: - container_name: hugo - image: tdehaeze/hugo-caddy - restart: unless-stopped - networks: - - t2_proxy - environment: - - REPO=git.tdehaeze.xyz/tdehaeze/digital-brain - labels: - - "traefik.enable=true" - - "traefik.http.routers.hugo-rtr.entrypoints=https" - - "traefik.http.routers.hugo-rtr.rule=Host(`brain.$DOMAINNAME`)" - - "traefik.http.routers.hugo-rtr.tls=true" - - "traefik.http.routers.hugo-rtr.service=hugo-svc" - - "traefik.http.services.hugo-svc.loadbalancer.server.port=2015" - logging: *default-logging -#+end_src - -*** =research= - Research Pages ([[https://git.tdehaeze.xyz/tdehaeze/research-home-page][link]]) -#+begin_src yaml - caddy: - container_name: caddy - image: abiosoft/caddy:1.0.3-no-stats - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - PLUGINS=git - volumes: - - $CONFIGDIR/caddy/Caddyfile:/etc/Caddyfile - - $CONFIGDIR/web:/srv - # - ~/.ssh:/root/.ssh - labels: - - "traefik.enable=true" - - "traefik.http.routers.caddy-rtr.entrypoints=https" - - "traefik.http.routers.caddy-rtr.rule=Host(`research.$DOMAINNAME`)" - - "traefik.http.routers.caddy-rtr.tls=true" - - "traefik.http.routers.caddy-rtr.service=caddy-svc" - - "traefik.http.services.caddy-svc.loadbalancer.server.port=2015" - logging: *default-logging -#+end_src - -=Caddyfile= -#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/caddy/Caddyfile -0.0.0.0:2015 { - root /srv/www/ - - git { - repo https://git.tdehaeze.xyz/tdehaeze/research-home-page - path /srv/www/ - interval -1 - hook /research-home-page/webhook QHZgAKjD8q2v54Ru - then git submodule update --init --recursive --merge - } -} -#+end_src - -*** =dotfiles= - Dotfiles ([[https://git.tdehaeze.xyz/tdehaeze/literate-dotfiles][link]]) -#+begin_src yaml - dotfiles: - container_name: dotfiles - image: abiosoft/caddy:1.0.3-no-stats - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - PLUGINS=git - volumes: - - $CONFIGDIR/dotfiles/Caddyfile:/etc/Caddyfile - - $CONFIGDIR/dotfiles/www:/srv/www - labels: - - "traefik.enable=true" - - "traefik.http.routers.dotfiles-rtr.entrypoints=https" - - "traefik.http.routers.dotfiles-rtr.rule=Host(`dotfiles.$DOMAINNAME`)" - - "traefik.http.routers.dotfiles-rtr.tls=true" - - "traefik.http.routers.dotfiles-rtr.service=dotfiles-svc" - - "traefik.http.services.dotfiles-svc.loadbalancer.server.port=2015" - logging: *default-logging -#+end_src - -=Caddyfile= -#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/dotfiles/Caddyfile -0.0.0.0:2015 { - root /srv/www/docs/ - - git { - repo https://git.tdehaeze.xyz/tdehaeze/literate-dotfiles - path /srv/www/ - interval -1 - hook /literate-dotfiles/webhook QHZgAKjD8q2v54Ru - } -} -#+end_src - -*** =family-page= - Dotfiles ([[https://git.tdehaeze.xyz/tdehaeze/family-page][link]]) -#+begin_src yaml - family-page: - container_name: family-page - image: abiosoft/caddy:1.0.3-no-stats - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - PLUGINS=git - volumes: - - $CONFIGDIR/family-page/Caddyfile:/etc/Caddyfile - - $CONFIGDIR/family-page/www:/srv/www - labels: - - "traefik.enable=true" - - "traefik.http.routers.family-page-rtr.entrypoints=https" - - "traefik.http.routers.family-page-rtr.rule=Host(`help.$DOMAINNAME`)" - - "traefik.http.routers.family-page-rtr.tls=true" - - "traefik.http.routers.family-page-rtr.service=family-page-svc" - - "traefik.http.services.family-page-svc.loadbalancer.server.port=2015" - logging: *default-logging -#+end_src - -=Caddyfile= -#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/family-page/Caddyfile -0.0.0.0:2015 { - root /srv/www/ - - git { - repo https://git.tdehaeze.xyz/tdehaeze/family-page - path /srv/www/ - interval -1 - hook /family-page/webhook 0fdVzNShbcmw - } -} -#+end_src - -*** =wikijs= - Wiki App ([[https://github.com/Requarks/wiki][link]]) -#+begin_src yaml - wikijs: - image: ghcr.io/linuxserver/wikijs:version-2.5.201 - container_name: wikijs - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/wikijs/config:/config - - $CONFIGDIR/wikijs/data:/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.wikijs-rtr.entrypoints=https" - - "traefik.http.routers.wikijs-rtr.rule=Host(`wiki.$DOMAINNAME`)" - - "traefik.http.routers.wikijs-rtr.tls=true" - - "traefik.http.routers.wikijs-rtr.service=wikijs-svc" - - "traefik.http.services.wikijs-svc.loadbalancer.server.port=3000" - logging: *default-logging -#+end_src - -*** =commento= - Commenting system ([[https://github.com/adtac/commento][link]]) -#+begin_src yaml - commento: - container_name: commento - image: registry.gitlab.com/commento/commento - restart: unless-stopped - networks: - - t2_proxy - - backend - # ports: - # - 8080:8080 - environment: - - TZ=$TZ - - UID=$PUID - - GID=$PGID - - COMMENTO_ORIGIN=https://commento.tdehaeze.xyz/ - - COMMENTO_PORT=8080 - - COMMENTO_POSTGRES=postgres://postgres:$COMMENTO_DB_PASSWORD@commento_db:5432/commento?sslmode=disable - - COMMENTO_SMTP_HOST=smtp.gmail.com - - COMMENTO_SMTP_PORT=587 - - COMMENTO_SMTP_USERNAME=tdehaeze.xyz@gmail.com - - COMMENTO_SMTP_PASSWORD=$GMAIL_PASS - - COMMENTO_SMTP_FROM_ADDRESS=tdehaeze.xyz@gmail.com - depends_on: - - commento_db - labels: - - "traefik.enable=true" - - "traefik.http.routers.commento-rtr.entrypoints=https" - - "traefik.http.routers.commento-rtr.rule=Host(`commento.$DOMAINNAME`)" - - "traefik.http.routers.commento-rtr.tls=true" - - "traefik.http.routers.commento-rtr.service=commento-svc" - - "traefik.http.services.commento-svc.loadbalancer.server.port=8080" - logging: *default-logging -#+end_src - -#+begin_src yaml - commento_db: - container_name: commento_db - image: postgres:13 - restart: unless-stopped - networks: - - backend - environment: - - POSTGRES_DB=commento - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=$COMMENTO_DB_PASSWORD - volumes: - - $CONFIGDIR/commento_db:/var/lib/postgresql/data - logging: *default-logging -#+end_src - -*** =mealie= - Recipe Manager ([[https://github.com/hay-kot/mealie][link]]) -#+begin_src yaml - miam: - container_name: miam - image: hkotel/mealie - restart: unless-stopped - networks: - - t2_proxy - environment: - - db_type=sqlite - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/mealie:/app/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.miam-rtr.entrypoints=https" - - "traefik.http.routers.miam-rtr.rule=Host(`miam.$DOMAINNAME`)" - - "traefik.http.routers.miam-rtr.tls=true" - - "traefik.http.routers.miam-rtr.service=miam-svc" - - "traefik.http.services.miam-svc.loadbalancer.server.port=80" - logging: *default-logging -#+end_src - -*** =gitea= - Git server ([[https://github.com/go-gitea/gitea][link]]) -#+begin_src yaml - gitea: - container_name: git - image: gitea/gitea:1.13.2 - depends_on: - - gitea_db - restart: unless-stopped - networks: - - t2_proxy - - backend - volumes: - - $CONFIGDIR/gitea:/data - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - SSH_PORT=$GITEA_SSH_PORT - ports: - - "2222:22" - labels: - - "traefik.enable=true" - - "traefik.http.routers.git-rtr.entrypoints=https" - - "traefik.http.routers.git-rtr.rule=Host(`git.$DOMAINNAME`)" - - "traefik.http.routers.git-rtr.tls=true" - - "traefik.http.routers.git-rtr.service=git-svc" - - "traefik.http.services.git-svc.loadbalancer.server.port=3000" - logging: *default-logging -#+end_src - -#+begin_src yaml - gitea_db: - container_name: gitea_db - image: mariadb:10 - restart: unless-stopped - networks: - - backend - ports: - - 3306:3306 - environment: - - MYSQL_ROOT_PASSWORD=$GITEA_DB_MYSQL_ROOT_PASSWORD - - MYSQL_DATABASE=gitea - - MYSQL_USER=gitea - - MYSQL_PASSWORD=$GITEA_DB_MYSQL_PASSWORD - volumes: - - $CONFIGDIR/mariadb:/var/lib/mysql -#+end_src - -*** =changedetection= - Detect change in websites ([[https://github.com/dgtlmoon/changedetection.io][link]]) -#+begin_src yaml - changedetection: - container_name: changedetection - image: ghcr.io/dgtlmoon/changedetection.io - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - - BASE_URL=https://change.tdehaeze.xyz - volumes: - - $CONFIGDIR/changedetection:/datastore - labels: - - "traefik.enable=true" - - "traefik.http.routers.changedetection-rtr.entrypoints=https" - - "traefik.http.routers.changedetection-rtr.rule=Host(`change.$DOMAINNAME`)" - - "traefik.http.routers.changedetection-rtr.tls=true" - - "traefik.http.routers.changedetection-rtr.service=changedetection-svc" - - "traefik.http.routers.changedetection-rtr.middlewares=authelia@docker" - - "traefik.http.services.changedetection-svc.loadbalancer.server.port=5000" - logging: *default-logging -#+end_src - -** Multimedia -*** =jellyfin= - Media server ([[https://hub.docker.com/r/linuxserver/jellyfin][link]]) -#+begin_src yaml - jellyfin: - container_name: jellyfin - image: linuxserver/jellyfin - restart: unless-stopped - networks: - - t2_proxy - volumes: - - $CONFIGDIR/jellyfin:/config - - /srv/storage/TVShows:/data/tvshows - - /srv/storage/Documentaries:/data/documentaries - - /srv/storage/LiveMusic:/data/livemusic - - /srv/storage/Animes:/data/animes - - /srv/storage/Movies:/data/movies - - /srv/storage/Music:/data/music - - /srv/storage/StandUp:/data/standup - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - group_add: - - 109 - devices: - # VAAPI Devices - - /dev/dri/renderD128:/dev/dri/renderD128 - - /dev/dri/card0:/dev/dri/card0 - ports: - - 8096:8096 - labels: - - "traefik.enable=true" - - "traefik.http.routers.jellyfin-rtr.entrypoints=https" - - "traefik.http.routers.jellyfin-rtr.rule=Host(`jellyfin.$DOMAINNAME`)" - - "traefik.http.routers.jellyfin-rtr.tls=true" - - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc" - - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" - logging: *default-logging -#+end_src - -*** =jfa-go= - Manage Jellyfin Users ([[https://github.com/hrfee/jfa-go][link]]) -#+begin_src yaml - jfa: - container_name: jfa - image: hrfee/jfa-go - restart: unless-stopped - depends_on: - - jellyfin - networks: - - t2_proxy - volumes: - - $CONFIGDIR/jfa:/data - - $CONFIGDIR/jellyfin:/jf + - $CONFIGDIR/homeassistant:/config - /etc/localtime:/etc/localtime:ro + - /dev/bus/usb:/dev/bus/usb environment: - PUID=$PUID - PGID=$PGID - TZ=$TZ labels: - "traefik.enable=true" - - "traefik.http.routers.jfa-rtr.entrypoints=https" - - "traefik.http.routers.jfa-rtr.rule=Host(`jfa.$DOMAINNAME`)" - - "traefik.http.routers.jfa-rtr.tls=true" - - "traefik.http.routers.jfa-rtr.service=jfa-svc" - - "traefik.http.services.jfa-svc.loadbalancer.server.port=8056" + - "traefik.http.routers.homeassistant-rtr.entrypoints=web-secure" + - "traefik.http.routers.homeassistant-rtr.rule=Host(`home.$DOMAINNAME`)" + - "traefik.http.routers.homeassistant-rtr.tls=true" + - "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc" + - "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123" + # - "traefik.http.services.homeassistant-svc.loadbalancer.servers.url=http://172.17.0.1:8123" logging: *default-logging #+end_src -*** =audioserve= - Audiobook server ([[https://github.com/izderadicka/audioserve][link]]) +** =photoprism= ([[https://github.com/photoprism/photoprism][link]]) #+begin_src yaml - audioserve: - container_name: audioserve - image: izderadicka/audioserve - restart: unless-stopped - command: /audiobooks - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - AUDIOSERVE_SHARED_SECRET=$AUDIOSERVE_SHARED_SECRET - volumes: - - /srv/storage/AudioBooks:/audiobooks - - /etc/localtime:/etc/localtime:ro - - $CONFIGDIR/audioserve:/home/audioserve/.audioserve - labels: - - "traefik.enable=true" - - "traefik.http.routers.audioserve-rtr.entrypoints=https" - - "traefik.http.routers.audioserve-rtr.rule=Host(`audiobook.$DOMAINNAME`)" - - "traefik.http.routers.audioserve-rtr.tls=true" - - "traefik.http.routers.audioserve-rtr.service=audioserve-svc" - - "traefik.http.services.audioserve-svc.loadbalancer.server.port=3000" - logging: *default-logging -#+end_src - - -*** TODO =kavita= - Reading server ([[https://github.com/Kareadita/Kavita][link]]) -#+begin_src yaml - kavita: - container_name: kavita - image: kizaing/kavita:latest - restart: unless-stopped - networks: - - t2_proxy - environment: - - TZ=$TZ - - UID=$PUID - - GID=$PGID - volumes: - - $CONFIGDIR/kavita:/kavita/config - - /srv/storage/Books:/books - - /srv/storage/Scans:/scans - - /srv/storage/Comics:/comics - labels: - - "traefik.enable=true" - - "traefik.http.routers.kavita-rtr.entrypoints=https" - - "traefik.http.routers.kavita-rtr.rule=Host(`kavita.$DOMAINNAME`)" - - "traefik.http.routers.kavita-rtr.tls=true" - - "traefik.http.routers.kavita-rtr.service=kavita-svc" - - "traefik.http.services.kavita-svc.loadbalancer.server.port=5000" - logging: *default-logging -#+end_src - -** Cloud -*** =syncthing= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) -#+begin_src yaml - syncthing: - container_name: syncthing - image: linuxserver/syncthing - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - UMASK_SET=022 - volumes: - - $CONFIGDIR/syncthing:/config - - /srv/storage/Cloud:/Cloud - - /srv/storage/Cloud/pictures/phone:/Pictures - - /srv/storage/Cloud/pdfs:/Onyx/Download - - /srv/storage/Cloud/pdfs-notes:/Onyx/note - - /srv/storage/Cloud/.stfolder:/Onyx/.stfolder - - /srv/storage/.password-store:/.password-store - ports: - - 22000:22000 - - 21027:21027/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.syncthing-rtr.entrypoints=https" - - "traefik.http.routers.syncthing-rtr.rule=Host(`syncthing.$DOMAINNAME`)" - - "traefik.http.routers.syncthing-rtr.tls=true" - - "traefik.http.routers.syncthing-rtr.service=syncthing-svc" - - "traefik.http.routers.syncthing-rtr.middlewares=authelia@docker" - - "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384" - logging: *default-logging -#+end_src - -*** =sync-anne= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) -#+begin_src yaml - sync-anne: - container_name: sync-anne - image: linuxserver/syncthing - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - UMASK_SET=022 - volumes: - - $CONFIGDIR/sync-anne:/config - - /srv/storage/Users/anne:/Cloud - - /srv/storage/Users/anne/Photos/telephone:/telephone - ports: - - 22001:22001 - - 21028:21028/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.sync-anne-rtr.entrypoints=https" - - "traefik.http.routers.sync-anne-rtr.rule=Host(`sync-anne.$DOMAINNAME`)" - - "traefik.http.routers.sync-anne-rtr.tls=true" - - "traefik.http.routers.sync-anne-rtr.service=sync-anne-svc" - - "traefik.http.routers.sync-anne-rtr.middlewares=authelia@docker" - - "traefik.http.services.sync-anne-svc.loadbalancer.server.port=8384" - logging: *default-logging -#+end_src - -*** =sync-jm= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) -#+begin_src yaml - sync-jm: - container_name: sync-jm - image: linuxserver/syncthing - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - UMASK_SET=022 - volumes: - - $CONFIGDIR/sync-jm:/config - - /srv/storage/Users/jean-marie:/Cloud - # - /srv/storage/Users/jean-marie/Photos/telephone:/telephone - ports: - - 22002:22002 - - 21029:21029/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.sync-jm-rtr.entrypoints=https" - - "traefik.http.routers.sync-jm-rtr.rule=Host(`sync-jm.$DOMAINNAME`)" - - "traefik.http.routers.sync-jm-rtr.tls=true" - - "traefik.http.routers.sync-jm-rtr.service=sync-jm-svc" - - "traefik.http.routers.sync-jm-rtr.middlewares=authelia@docker" - - "traefik.http.services.sync-jm-svc.loadbalancer.server.port=8384" - logging: *default-logging -#+end_src - -*** =sync-ju= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) -#+begin_src yaml - sync-ju: - container_name: sync-ju - image: linuxserver/syncthing - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - UMASK_SET=022 - volumes: - - $CONFIGDIR/sync-ju:/config - - /srv/storage/Users/juliette:/Cloud - ports: - - 22003:22003 - - 21030:21030/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.sync-ju-rtr.entrypoints=https" - - "traefik.http.routers.sync-ju-rtr.rule=Host(`sync-ju.$DOMAINNAME`)" - - "traefik.http.routers.sync-ju-rtr.tls=true" - - "traefik.http.routers.sync-ju-rtr.service=sync-ju-svc" - - "traefik.http.routers.sync-ju-rtr.middlewares=authelia@docker" - - "traefik.http.services.sync-ju-svc.loadbalancer.server.port=8384" - logging: *default-logging -#+end_src - -*** =filebrowser= - Web file browser ([[https://hub.docker.com/r/filebrowser/filebrowser][link]]) -#+begin_src yaml - filebrowser: - container_name: filebrowser - image: filebrowser/filebrowser - restart: unless-stopped - networks: - - t2_proxy - volumes: - - $CONFIGDIR/filebrowser/database.db:/database.db - - $CONFIGDIR/filebrowser/.filebrowser.json:/.filebrowser.json - - /srv/storage:/srv/storage - user: "${PUID}:${PGID}" - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - labels: - - "traefik.enable=true" - - "traefik.http.routers.filebrowser-rtr.entrypoints=https" - - "traefik.http.routers.filebrowser-rtr.rule=Host(`cloud.$DOMAINNAME`)" - - "traefik.http.routers.filebrowser-rtr.tls=true" - - "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc" - - "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80" - logging: *default-logging -#+end_src - -=.filebrowser.json= - -#+begin_src json :tangle /ssh:thomas@homelab:~/docker/config/filebrowser/.filebrowser.json -{ - "port": 80, - "baseURL": "", - "address": "", - "log": "stdout", - "database": "/database.db", - "root": "/srv/storage" -} -#+end_src - -*** TODO =photoprism= ([[https://github.com/photoprism/photoprism][link]]) -#+begin_src yaml :tangle no photoprism: container_name: photoprism image: photoprism/photoprism:latest @@ -1907,7 +3037,7 @@ services: # - "~/Import:/photoprism/import" # *optional* base folder from which files can be imported to originals labels: - "traefik.enable=true" - - "traefik.http.routers.photos-rtr.entrypoints=https" + - "traefik.http.routers.photos-rtr.entrypoints=web-secure" - "traefik.http.routers.photos-rtr.rule=Host(`photos.$DOMAINNAME`)" - "traefik.http.routers.photos-rtr.tls=true" - "traefik.http.routers.photos-rtr.service=photos-svc" @@ -1935,298 +3065,90 @@ services: MYSQL_PASSWORD: PMsLF5577UagH08c #+end_src -*** =radicale= - CalDAV/CardDAV server ([[https://github.com/tomsquest/docker-radicale][link]]) +** =diun= - Notification for Docker image updates ([[https://github.com/crazy-max/diun/][link]]) #+begin_src yaml - radicale: - container_name: radicale - image: tomsquest/docker-radicale:latest + diun: + container_name: diun + image: crazymax/diun restart: unless-stopped networks: - - t2_proxy - volumes: - - $CONFIGDIR/radicale/config:/config:ro - - $CONFIGDIR/radicale/data:/data + - backend environment: - TZ=$TZ - - UID=$PUID - - GID=$PGID - security_opt: - - no-new-privileges:true - cap_drop: - - ALL - cap_add: - - SETUID - - SETGID - - CHOWN - - KILL - labels: - - "traefik.enable=true" - - "traefik.http.routers.radicale-rtr.entrypoints=https" - - "traefik.http.routers.radicale-rtr.rule=Host(`radicale.$DOMAINNAME`)" - - "traefik.http.routers.radicale-rtr.tls=true" - - "traefik.http.routers.radicale-rtr.service=radicale-svc" - - "traefik.http.services.radicale-svc.loadbalancer.server.port=5232" + - LOG_LEVEL=info + - LOG_JSON=false + - DIUN_WATCH_WORKERS=20 + - DIUN_WATCH_SCHEDULE=0 7 * * 6 + - DIUN_PROVIDERS_DOCKER=true + - DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true + - DIUN_NOTIF_GOTIFY_ENDPOINT=$GOTIFY_URL + - DIUN_NOTIF_GOTIFY_TOKEN=$DIUN_GOTIFY_TOKEN + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - $CONFIGDIR/diun:/data logging: *default-logging #+end_src -=config= -#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/radicale/config/config -[server] -hosts = 0.0.0.0:5232 - -[auth] -type = htpasswd -htpasswd_filename = /config/users -htpasswd_encryption = md5 - -[storage] -filesystem_folder = /data/collections -#+end_src - -*** =linkding= - Bookmark manager ([[https://github.com/sissbruecker/linkding][link]]) +** =audioserve= - Audiobook server ([[https://github.com/izderadicka/audioserve][link]]) #+begin_src yaml - linkding: - container_name: linkding - image: sissbruecker/linkding:latest + audioserve: + container_name: audioserve + image: izderadicka/audioserve restart: unless-stopped + command: /audiobooks networks: - t2_proxy - volumes: - - $CONFIGDIR/linkding:/etc/linkding/data environment: - - TZ=$TZ - PUID=$PUID - PGID=$PGID - labels: - - "traefik.enable=true" - - "traefik.http.routers.linkding-rtr.entrypoints=https" - - "traefik.http.routers.linkding-rtr.rule=Host(`bm.$DOMAINNAME`)" - - "traefik.http.routers.linkding-rtr.tls=true" - - "traefik.http.routers.linkding-rtr.service=linkding-svc" - - "traefik.http.services.linkding-svc.loadbalancer.server.port=9090" - logging: *default-logging -#+end_src - -*** =restic-b2= - Automatic backups on BackBlaze ([[https://github.com/djmaze/resticker/][link]]) -#+begin_src yaml - restic-b2: - container_name: restic-b2 - image: mazzolino/restic - restart: unless-stopped - networks: - - t2_proxy - environment: - - BACKUP_CRON=0 30 0 * * * - - RESTIC_REPOSITORY=b2:tdehaeze:/restic - - RESTIC_PASSWORD=$RESTIC_PASSWORD - - RESTIC_BACKUP_SOURCES=/source - - RESTIC_FORGET_ARGS=--group-by tag --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune - - RESTIC_BACKUP_ARGS=--tag local --exclude-file /exclude.txt - - B2_ACCOUNT_ID=$RESTIC_B2_ACCOUNT_ID - - B2_ACCOUNT_KEY=$RESTIC_B2_ACCOUNT_KEY - - UID=$PUID - - GID=$PGID - TZ=$TZ - - POST_COMMANDS_FAILURE=curl "https://gotify.tdehaeze.xyz/message?token=$RESTIC_GOTIFY_TOKEN" -F "title=Restic B2" -F "message=Backup failed" -F "priority=5" + - AUDIOSERVE_SHARED_SECRET=$AUDIOSERVE_SHARED_SECRET volumes: - - $CONFIGDIR/restic-b2/exclude.txt:/exclude.txt:ro - - /srv/storage/Cloud/thesis:/source/Cloud/thesis:ro - - /home/thomas/docker:/source/docker:ro - logging: *default-logging -#+end_src - -=exclude.txt= - Exclude files - -#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/restic-b2/exclude.txt -*.db -*.log -*.log.* -/source/docker/config/gitea/git/ -/source/docker/config/guacamole/ -/source/docker/config/guacamole_db/ -/source/docker/config/mariadb/ -/source/docker/config/miniflux_db/ -/source/docker/config/jellyfin/data/ -/source/docker/config/dotfiles/www/ -/source/docker/config/web/www/ -#+end_src - -*** =restic-aouste= - Automatic backups on Raspberry ([[https://github.com/djmaze/resticker/][link]]) -#+begin_src yaml - restic-aouste: - container_name: restic-aouste - image: mazzolino/restic - restart: unless-stopped - networks: - - t2_proxy - environment: - - BACKUP_CRON=0 30 3 * * * - - RESTIC_REPOSITORY=sftp:thomas@192.168.1.22:/hdd/backup - - RESTIC_PASSWORD=$RESTIC_PASSWORD - - RESTIC_BACKUP_SOURCES=/source - - RESTIC_FORGET_ARGS=--group-by tag --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune - - RESTIC_BACKUP_ARGS=--tag local --exclude-file /exclude.txt - - UID=$PUID - - GID=$PGID - - TZ=$TZ - - POST_COMMANDS_FAILURE=curl "https://gotify.tdehaeze.xyz/message?token=AoWn1nAMGoCE0om" -F "title=Restic Aouste" -F "message=Backup failed" -F "priority=5" - volumes: - - $CONFIGDIR/restic-aouste/exclude.txt:/exclude.txt:ro - - /srv/storage/Users:/source/Users:ro - - /home/thomas/.ssh/known_hosts:/root/.ssh/known_hosts:ro - - /home/thomas/.ssh/id_rsa:/root/.ssh/id_rsa:ro - - logging: *default-logging -#+end_src - -=exclude.txt= - Exclude files - -#+begin_src conf :tangle /ssh:thomas@homelab:~/docker/config/restic-aouste/exclude.txt -*.db -*.log -*.log.* -#+end_src - -*** =miniflux= - RSS reader ([[https://hub.docker.com/r/miniflux/miniflux][link]]) -#+begin_src yaml - miniflux: - container_name: miniflux - image: miniflux/miniflux - restart: unless-stopped - networks: - - t2_proxy - - backend - depends_on: - - miniflux_db - environment: - - DATABASE_URL=postgres://miniflux:SCJWWXqHwehP7f8g@miniflux_db/miniflux?sslmode=disable - - RUN_MIGRATIONS=1 - - CREATE_ADMIN=1 - - ADMIN_USERNAME=$MINIFLUX_ADMIN_NAME - - ADMIN_PASSWORD=$MINIFLUX_ADMIN_PASS - labels: - - "traefik.enable=true" - - "traefik.http.routers.miniflux-rtr.entrypoints=https" - - "traefik.http.routers.miniflux-rtr.rule=Host(`rss.$DOMAINNAME`)" - - "traefik.http.routers.miniflux-rtr.tls=true" - - "traefik.http.routers.miniflux-rtr.service=miniflux-svc" - - "traefik.http.services.miniflux-svc.loadbalancer.server.port=8080" - logging: *default-logging -#+end_src - -#+begin_src yaml - miniflux_db: - container_name: miniflux_db - image: postgres:12 - restart: unless-stopped - networks: - - backend - environment: - - POSTGRES_USER=miniflux - - POSTGRES_PASSWORD=$MINIFLUX_POSTGRES_PASSWORD - volumes: - - $CONFIGDIR/miniflux_db:/var/lib/postgresql/data - logging: *default-logging -#+end_src - -** Home -*** =homeassistant= - Home Automation ([[https://hub.docker.com/r/homeassistant/home-assistant][link]]) -#+begin_src yaml - homeassistant: - container_name: homeassistant - image: homeassistant/home-assistant - restart: unless-stopped - #networks: - # - t2_proxy - #ports: - # - target: 8123 - # published: 8123 - # protocol: tcp - # mode: host - privileged: true - ports: - - 8123:8123 - # network_mode: host - volumes: - - $CONFIGDIR/homeassistant:/config + - /srv/storage/AudioBooks:/audiobooks - /etc/localtime:/etc/localtime:ro - - /dev/bus/usb:/dev/bus/usb - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ + - $CONFIGDIR/audioserve:/home/audioserve/.audioserve labels: - "traefik.enable=true" - - "traefik.http.routers.homeassistant-rtr.entrypoints=https" - - "traefik.http.routers.homeassistant-rtr.rule=Host(`home.$DOMAINNAME`)" - - "traefik.http.routers.homeassistant-rtr.tls=true" - - "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc" - - "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123" - # - "traefik.http.services.homeassistant-svc.loadbalancer.servers.url=http://172.17.0.1:8123" + - "traefik.http.routers.audioserve-rtr.entrypoints=web-secure" + - "traefik.http.routers.audioserve-rtr.rule=Host(`audiobook.$DOMAINNAME`)" + - "traefik.http.routers.audioserve-rtr.tls=true" + - "traefik.http.routers.audioserve-rtr.service=audioserve-svc" + - "traefik.http.services.audioserve-svc.loadbalancer.server.port=3000" logging: *default-logging #+end_src -*** =mosquitto= - MQTT broker ([[https://github.com/eclipse/mosquitto/][link]]) +** =kavita= - Reading server ([[https://github.com/Kareadita/Kavita][link]]) #+begin_src yaml - mosquitto: - container_name: mosquitto - image: eclipse-mosquitto + kavita: + container_name: kavita + image: kizaing/kavita:latest restart: unless-stopped networks: - t2_proxy environment: + - TZ=$TZ - UID=$PUID - GID=$PGID - - TZ=$TZ - expose: - - 1883 - - 9001 - ports: - - 1883:1883 - - 9001:9001 volumes: - - $CONFIGDIR/mosquitto/config:/mosquitto/config - - $CONFIGDIR/mosquitto/log:/mosquitto/log - - $CONFIGDIR/mosquitto/data:/mosquitto/data - logging: *default-logging -#+end_src - -*** =zigbee2mqtt= - Zigbee to MQTT bridge ([[https://github.com/Koenkk/zigbee2mqtt/][link]]) -#+begin_src yaml - zigbee2mqtt: - container_name: zigbee2mqtt - image: koenkk/zigbee2mqtt - restart: unless-stopped - privileged: true - depends_on: - - mosquitto - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/zigbee2mqtt:/app/data - - /run/udev:/run/udev:ro - devices: - - /dev/serial/by-id/usb-Silicon_Labs_slae.sh_cc2652rb_stick_-_slaesh_s_iot_stuff_00_12_4B_00_23_93_39_57-if00-port0:/dev/ttyUSB0 + - $CONFIGDIR/kavita:/kavita/config + - /srv/storage/Books:/books + - /srv/storage/Scans:/scans + - /srv/storage/Comics:/comics labels: - "traefik.enable=true" - - "traefik.http.routers.zigbee2mqtt-rtr.entrypoints=https" - - "traefik.http.routers.zigbee2mqtt-rtr.rule=Host(`zigbee2mqtt.$DOMAINNAME`)" - - "traefik.http.routers.zigbee2mqtt-rtr.tls=true" - - "traefik.http.routers.zigbee2mqtt-rtr.service=zigbee2mqtt-svc" - - "traefik.http.routers.zigbee2mqtt-rtr.middlewares=authelia@docker" - - "traefik.http.services.zigbee2mqtt-svc.loadbalancer.server.port=8080" + - "traefik.http.routers.kavita-rtr.entrypoints=web-secure" + - "traefik.http.routers.kavita-rtr.rule=Host(`kavita.$DOMAINNAME`)" + - "traefik.http.routers.kavita-rtr.tls=true" + - "traefik.http.routers.kavita-rtr.service=kavita-svc" + - "traefik.http.services.kavita-svc.loadbalancer.server.port=5000" logging: *default-logging #+end_src -*** =node-red= - Automation tool +** =wikijs= - Wiki App ([[https://github.com/Requarks/wiki][link]]) #+begin_src yaml - node-red: - container_name: node-red - image: nodered/node-red:latest + wikijs: + image: ghcr.io/linuxserver/wikijs:version-2.5.201 + container_name: wikijs restart: unless-stopped networks: - t2_proxy @@ -2235,259 +3157,18 @@ filesystem_folder = /data/collections - PGID=$PGID - TZ=$TZ volumes: - - $CONFIGDIR/node-red:/data + - $CONFIGDIR/wikijs/config:/config + - $CONFIGDIR/wikijs/data:/data labels: - "traefik.enable=true" - - "traefik.http.routers.node-red-rtr.entrypoints=https" - - "traefik.http.routers.node-red-rtr.rule=Host(`node-red.$DOMAINNAME`)" - - "traefik.http.routers.node-red-rtr.tls=true" - - "traefik.http.routers.node-red-rtr.service=node-red-svc" - - "traefik.http.routers.node-red-rtr.middlewares=authelia@docker" - - "traefik.http.services.node-red-svc.loadbalancer.server.port=1880" + - "traefik.http.routers.wikijs-rtr.entrypoints=web-secure" + - "traefik.http.routers.wikijs-rtr.rule=Host(`wiki.$DOMAINNAME`)" + - "traefik.http.routers.wikijs-rtr.tls=true" + - "traefik.http.routers.wikijs-rtr.service=wikijs-svc" + - "traefik.http.services.wikijs-svc.loadbalancer.server.port=3000" logging: *default-logging #+end_src -*** =esphome= - Automation tool -#+begin_src yaml - esphome: - container_name: esphome - image: esphome/esphome:latest - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - ESPHOME_DASHBOARD_USE_PING=true - volumes: - - $CONFIGDIR/esphome:/config - labels: - - "traefik.enable=true" - - "traefik.http.routers.esphome-rtr.entrypoints=https" - - "traefik.http.routers.esphome-rtr.rule=Host(`esphome.$DOMAINNAME`)" - - "traefik.http.routers.esphome-rtr.tls=true" - - "traefik.http.routers.esphome-rtr.service=esphome-svc" - - "traefik.http.routers.esphome-rtr.middlewares=authelia@docker" - - "traefik.http.services.esphome-svc.loadbalancer.server.port=6052" - logging: *default-logging -#+end_src - -*** =alfawiseu20= - Web interface for 3D printing ([[https://github.com/OctoPrint/OctoPrint][link]]) -#+begin_src yaml - octoprint: - container_name: alfawiseu20 - image: octoprint/octoprint - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - privileged: true - volumes: - - $CONFIGDIR/alfawiseu20:/octoprint - - /dev/bus/usb:/dev/bus/usb - labels: - - "traefik.enable=true" - - "traefik.http.routers.alfawiseu20-rtr.entrypoints=https" - - "traefik.http.routers.alfawiseu20-rtr.rule=Host(`alfawiseu20.$DOMAINNAME`)" - - "traefik.http.routers.alfawiseu20-rtr.tls=true" - - "traefik.http.routers.alfawiseu20-rtr.service=alfawiseu20-svc" - - "traefik.http.routers.alfawiseu20-rtr.middlewares=authelia@docker" - - "traefik.http.services.alfawiseu20-svc.loadbalancer.server.port=80" - logging: *default-logging -#+end_src - -*** =tina2= - Web interface for 3D printing ([[https://github.com/OctoPrint/OctoPrint][link]]) -#+begin_src yaml - tina2: - container_name: tina2 - image: octoprint/octoprint - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - privileged: true - volumes: - - $CONFIGDIR/tina2:/octoprint - - /dev/bus/usb:/dev/bus/usb - labels: - - "traefik.enable=true" - - "traefik.http.routers.tina2-rtr.entrypoints=https" - - "traefik.http.routers.tina2-rtr.rule=Host(`tina2.$DOMAINNAME`)" - - "traefik.http.routers.tina2-rtr.tls=true" - - "traefik.http.routers.tina2-rtr.service=tina2-svc" - - "traefik.http.routers.tina2-rtr.middlewares=authelia@docker" - - "traefik.http.services.tina2-svc.loadbalancer.server.port=80" - logging: *default-logging -#+end_src - -*** =ihatemoney= - Tricount Alternative ([[https://github.com/spiral-project/ihatemoney][link]]) -#+begin_src yaml - tricount: - container_name: tricount - image: ihatemoney/ihatemoney - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/tricount:/database - labels: - - "traefik.enable=true" - - "traefik.http.routers.tricount-rtr.entrypoints=https" - - "traefik.http.routers.tricount-rtr.rule=Host(`tricount.$DOMAINNAME`)" - - "traefik.http.routers.tricount-rtr.tls=true" - - "traefik.http.routers.tricount-rtr.service=tricount-svc" - # - "traefik.http.routers.tricount-rtr.middlewares=authelia@docker" - - "traefik.http.services.tricount-svc.loadbalancer.server.port=8000" - logging: *default-logging -#+end_src - -** Download -*** =gluetun= - Provide VPN connection to other containers ([[https://github.com/bubuntux/nordvpn][link]]) -#+begin_src yaml - gluetun: - image: qmcgaw/gluetun:v3.28.2 - container_name: gluetun - restart: unless-stopped - cap_add: - - NET_ADMIN - network_mode: bridge - ports: - - 8065:8065 # For transmission - - 9091:9091 # For transmission - - 51413:51413 # For transmission - - 51413:51413/udp # For transmission - environment: - - OPENVPN_USER=$NORDVPN_NAME - - OPENVPN_PASSWORD=$NORDVPN_PASS - - VPNSP=nordvpn - - REGION=France - - SERVER_NUMBER=822 - - TZ=$TZ - volumes: - - $CONFIGDIR/gluetun:/config - logging: *default-logging -#+end_src - -*** =transmission= - Torrent client ([[https://hub.docker.com/r/linuxserver/transmission][link]]) -#+begin_src yaml - transmission: - container_name: transmission - image: lscr.io/linuxserver/transmission - restart: unless-stopped - network_mode: container:gluetun - depends_on: - - gluetun - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - USER=$TRANSMISSION_NAME - - PASS=$TRANSMISSION_PASS - - TRANSMISSION_WEB_HOME=/flood-for-transmission/ - volumes: - - $CONFIGDIR/transmission:/config - - /srv/storage/Downloads:/downloads - - /srv/storage/Downloads/watch:/watch - logging: *default-logging -#+end_src - -*** =qobuz= - Qobuz Downloader ([[https://github.com/tdehaeze/qobuz-docker][link]]) :noexport: -#+begin_src yaml - qobuz: - container_name: qobuz - image: tdehaeze/docker-qobuz - restart: unless-stopped - networks: - - t2_proxy - volumes: - - /srv/storage/Music:/downloads - environment: - - TZ=$TZ - - QOBUZNAME=$QOBUZNAME - - QOBUZPASS=$QOBUZPASS - - DOWNLOADDIR=/downloads - - JELLYFINURL=https://jellyfin.tdehaeze.xyz/library/refresh - - JELLYFINTOKEN=$JELLYFINTOKEN - - NOTIF_TYPE=gotify - - GOTIFY_URL=$GOTIFY_URL - - GOTIFY_TOKEN=$QOBUZ_GOTIFY_TOKEN - user: "${PUID}:${PGID}" - labels: - - "traefik.enable=true" - - "traefik.http.routers.qobuz-rtr.entrypoints=https" - - "traefik.http.routers.qobuz-rtr.rule=Host(`qobuz.$DOMAINNAME`)" - - "traefik.http.routers.qobuz-rtr.tls=true" - - "traefik.http.routers.qobuz-rtr.service=qobuz-svc" - - "traefik.http.routers.qobuz-rtr.middlewares=authelia@docker" - - "traefik.http.services.qobuz-svc.loadbalancer.server.port=8080" - logging: *default-logging -#+end_src - -*** =joal= - Seeding Torrents ([[https://github.com/anthonyraymond/joal][link]]) :noexport: -#+begin_src yaml - joal: - image: anthonyraymond/joal - container_name: joal - restart: unless-stopped - networks: - - t2_proxy - volumes: - - $CONFIGDIR/joal:/data - command: ["--joal-conf=/data", "--spring.main.web-environment=true", "--server.port=80", "--joal.ui.path.prefix=joal", "--joal.ui.secret-token=$JOALTOKEN"] - labels: - - "traefik.enable=true" - - "traefik.http.routers.joal-rtr.entrypoints=https" - - "traefik.http.routers.joal-rtr.rule=Host(`joal.$DOMAINNAME`)" - - "traefik.http.routers.joal-rtr.tls=true" - - "traefik.http.routers.joal-rtr.service=joal-svc" - - "traefik.http.routers.joal-rtr.middlewares=authelia@docker" - - "traefik.http.services.joal-svc.loadbalancer.server.port=80" - logging: *default-logging -#+end_src - -*** =docker-torrent= - Download Torrents from YGG ([[https://github.com/tdehaeze/qobuz-docker][link]]) :noexport: -#+begin_src yaml - down: - container_name: down - image: tdehaeze/docker-torrent - restart: always - networks: - - t2_proxy - volumes: - - /srv/storage/Downloads/watch:/watch - - /srv/storage/Cloud/org/asked-list.org:/list.org - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - YGGTORRENTNAME=$YGGTORRENTNAME - - YGGTORRENTPASS=$YGGTORRENTPASS - - NOTIF_TYPE=gotify - - GOTIFY_URL=$GOTIFY_URL - - GOTIFY_TOKEN=$DOWN_GOTIFY_TOKEN - user: "${PUID}:${PGID}" - labels: - - "traefik.enable=true" - - "traefik.http.routers.down-rtr.entrypoints=https" - - "traefik.http.routers.down-rtr.rule=Host(`down.$DOMAINNAME`)" - - "traefik.http.routers.down-rtr.tls=true" - - "traefik.http.routers.down-rtr.service=down-svc" - - "traefik.http.services.down-svc.loadbalancer.server.port=3000" - logging: *default-logging -#+end_src - -* Docker-Compose OLD :noexport: ** =lldap= - LDAP Server ([[https://github.com/nitnelave/lldap][link]]) #+begin_src yaml :tangle no lldap: @@ -2503,7 +3184,7 @@ filesystem_folder = /data/collections - $CONFIGDIR/lldap:/data labels: - "traefik.enable=true" - - "traefik.http.routers.lldap-rtr.entrypoints=https" + - "traefik.http.routers.lldap-rtr.entrypoints=web-secure" - "traefik.http.routers.lldap-rtr.rule=Host(`lldap.$DOMAINNAME`)" - "traefik.http.routers.lldap-rtr.tls=true" - "traefik.http.routers.lldap-rtr.service=lldap-svc" @@ -2530,7 +3211,7 @@ filesystem_folder = /data/collections - $CONFIGDIR/acoustic/web:/srv labels: - "traefik.enable=true" - - "traefik.http.routers.acoustic-rtr.entrypoints=https" + - "traefik.http.routers.acoustic-rtr.entrypoints=web-secure" - "traefik.http.routers.acoustic-rtr.rule=Host(`acoustic.$DOMAINNAME`)" - "traefik.http.routers.acoustic-rtr.tls=true" - "traefik.http.routers.acoustic-rtr.service=acoustic-svc" @@ -2570,7 +3251,7 @@ filesystem_folder = /data/collections - TZ=$TZ labels: - "traefik.enable=true" - - "traefik.http.routers.pyload-rtr.entrypoints=https" + - "traefik.http.routers.pyload-rtr.entrypoints=web-secure" - "traefik.http.routers.pyload-rtr.rule=Host(`pyload.$DOMAINNAME`)" - "traefik.http.routers.pyload-rtr.tls=true" - "traefik.http.routers.pyload-rtr.service=pyload-svc" @@ -2647,74 +3328,6 @@ min-split-size=1M split=16 #+end_src -** =transmission-openvpn= - Torrent server ([[https://hub.docker.com/r/haugene/transmission-openvpn][link]]) -#+begin_src yaml :tangle no - transmission-openvpn: - container_name: transmission - image: haugene/transmission-openvpn - restart: unless-stopped - environment: - - PUID=$PUID - - PGID=$PGID - - CREATE_TUN_DEVICE=true - - ENABLE_UFW=true - - WEBPROXY_ENABLED=false - - TRANSMISSION_WEB_UI=combustion - - OPENVPN_PROVIDER=NORDVPN - - OPENVPN_USERNAME=$NORDVPN_NAME - - OPENVPN_PASSWORD=$NORDVPN_PASS - - NORDVPN_COUNTRY=FR - - NORDVPN_CATEGORY=P2P - - NORDVPN_PROTOCOL=tcp - - LOCAL_NETWORK=192.168.0.0/16 - volumes: - - /srv/storage/Downloads:/data - - /etc/localtime:/etc/localtime:ro - cap_add: - - NET_ADMIN - ports: - - 51413:51413 - - 51413:51413/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.transmission-rtr.entrypoints=https" - - "traefik.http.routers.transmission-rtr.rule=Host(`torrent.$DOMAINNAME`)" - - "traefik.http.routers.transmission-rtr.tls=true" - - "traefik.http.routers.transmission-rtr.service=transmission-svc" - - "traefik.http.routers.transmission-rtr.middlewares=private-auth" - - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091" - logging: *default-logging -#+end_src - -** =adguardhome= - Network-wide ads & trackers blocking DNS server ([[https://github.com/AdguardTeam/AdGuardHome][link]]) -#+begin_src yaml - adguardhome: - container_name: adguardhome - image: adguard/adguardhome - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/adguardhome/work:/opt/adguardhome/work - - $CONFIGDIR/adguardhome/conf:/opt/adguardhome/conf - ports: - - 53:53 - - 853:853 - labels: - - "traefik.enable=true" - - "traefik.http.routers.adguardhome-rtr.entrypoints=https" - - "traefik.http.routers.adguardhome-rtr.rule=Host(`adguardhome.$DOMAINNAME`)" - - "traefik.http.routers.adguardhome-rtr.tls=true" - - "traefik.http.routers.adguardhome-rtr.service=adguardhome-svc" - - "traefik.http.routers.adguardhome-rtr.middlewares=private-auth" - - "traefik.http.services.adguardhome-svc.loadbalancer.server.port=3000" - logging: *default-logging -#+end_src - ** =deemix= - Music Download ([[https://gitlab.com/Bockiii/deemix-docker][link]]) :noexport: #+begin_src yaml deemix: @@ -2733,7 +3346,7 @@ split=16 - ARL=$DEEMIX_ARL labels: - "traefik.enable=true" - - "traefik.http.routers.deemix-rtr.entrypoints=https" + - "traefik.http.routers.deemix-rtr.entrypoints=web-secure" - "traefik.http.routers.deemix-rtr.rule=Host(`deemix.$DOMAINNAME`)" - "traefik.http.routers.deemix-rtr.tls=true" - "traefik.http.routers.deemix-rtr.service=deemix-svc" @@ -2763,7 +3376,7 @@ split=16 - $CONFIGDIR/vaultwarden:/data labels: - "traefik.enable=true" - - "traefik.http.routers.vaultwarden-rtr.entrypoints=https" + - "traefik.http.routers.vaultwarden-rtr.entrypoints=web-secure" - "traefik.http.routers.vaultwarden-rtr.rule=Host(`pass.$DOMAINNAME`)" - "traefik.http.routers.vaultwarden-rtr.tls=true" - "traefik.http.routers.vaultwarden-rtr.service=vaultwarden-svc" @@ -2787,7 +3400,7 @@ split=16 - /srv/storage/Music:/music:ro labels: - "traefik.enable=true" - - "traefik.http.routers.gonic-rtr.entrypoints=https" + - "traefik.http.routers.gonic-rtr.entrypoints=web-secure" - "traefik.http.routers.gonic-rtr.rule=Host(`gonic.$DOMAINNAME`)" - "traefik.http.routers.gonic-rtr.tls=true" - "traefik.http.routers.gonic-rtr.service=gonic-svc" @@ -2816,7 +3429,7 @@ split=16 - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.gmail.com - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=tdehaeze.xyz@gmail.com - - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=$GMAIL_PASS + - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=$GOOGLE_WATCHTOWER_PASS - WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro @@ -2839,7 +3452,7 @@ split=16 - $CONFIGDIR/guacamole:/config labels: - "traefik.enable=true" - - "traefik.http.routers.guacamole-rtr.entrypoints=https" + - "traefik.http.routers.guacamole-rtr.entrypoints=web-secure" - "traefik.http.routers.guacamole-rtr.rule=Host(`guacamole.$DOMAINNAME`)" - "traefik.http.routers.guacamole-rtr.tls=true" - "traefik.http.routers.guacamole-rtr.service=guacamole-svc" @@ -2866,100 +3479,13 @@ split=16 - /srv/storage/Uploads:/tmp/ labels: - "traefik.enable=true" - - "traefik.http.routers.transfer-rtr.entrypoints=https" + - "traefik.http.routers.transfer-rtr.entrypoints=web-secure" - "traefik.http.routers.transfer-rtr.rule=Host(`file.$DOMAINNAME`)" - "traefik.http.routers.transfer-rtr.tls=true" - "traefik.http.routers.transfer-rtr.service=transfer-svc" - "traefik.http.services.transfer-svc.loadbalancer.server.port=8080" #+end_src -** =ombi= - Request movies/tv-shows -#+begin_src yaml - ombi: - container_name: ombi - image: linuxserver/ombi - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - # - BASE_URL=/ombi #optional - volumes: - - $CONFIGDIR/ombi:/config - labels: - - "traefik.enable=true" - - "traefik.http.routers.ombi-rtr.entrypoints=https" - - "traefik.http.routers.ombi-rtr.rule=Host(`ombi.$DOMAINNAME`)" - - "traefik.http.routers.ombi-rtr.tls=true" - - "traefik.http.routers.ombi-rtr.service=ombi-svc" - - "traefik.http.services.ombi-svc.loadbalancer.server.port=3579" -#+end_src - -** =jackett= - API support for torrents -#+begin_src yaml - jackett: - container_name: jackett - image: linuxserver/jackett - restart: unless-stopped - networks: - - backend - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - AUTO_UPDATE=true - # - RUN_OPTS= - volumes: - - $CONFIGDIR/jackett:/config - - /srv/storage/Downloads:/downloads - ports: - - 9117:9117 -#+end_src - -** =radarr= - Automatically download Movies -#+begin_src yaml - radarr: - container_name: radarr - image: linuxserver/radarr - restart: unless-stopped - networks: - - backend - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - UMASK_SET=022 - volumes: - - $CONFIGDIR/radarr:/config - - /srv/storage/Movies:/movies - - /srv/storage/Downloads:/downloads - ports: - - 7878:7878 -#+end_src - -** =sonarr= - Automatically download TVshows -#+begin_src yaml - sonarr: - container_name: sonarr - image: linuxserver/sonarr - restart: unless-stopped - networks: - - backend - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - UMASK_SET=022 - volumes: - - $CONFIGDIR/sonarr:/config - - /srv/storage/TVShows:/tv - - /srv/storage/Downloads:/downloads - ports: - - 8989:8989 -#+end_src - ** =bazarr= - Automatically download Music #+begin_src yaml bazarr: @@ -3019,7 +3545,7 @@ split=16 - /srv/storage/TVShows:/mnt/fs/TVShows labels: - "traefik.enable=true" - - "traefik.http.routers.cloudcmd-rtr.entrypoints=https" + - "traefik.http.routers.cloudcmd-rtr.entrypoints=web-secure" - "traefik.http.routers.cloudcmd-rtr.rule=Host(`cloud.$DOMAINNAME`)" - "traefik.http.routers.cloudcmd-rtr.tls=true" - "traefik.http.routers.cloudcmd-rtr.service=cloudcmd-svc" @@ -3052,7 +3578,7 @@ split=16 - $CONFIGDIR/wallabag/images:/var/www/wallabag/web/assets/images labels: - "traefik.enable=true" - - "traefik.http.routers.wallabag-rtr.entrypoints=https" + - "traefik.http.routers.wallabag-rtr.entrypoints=web-secure" - "traefik.http.routers.wallabag-rtr.rule=Host(`wallabag.$DOMAINNAME`)" - "traefik.http.routers.wallabag-rtr.tls=true" - "traefik.http.routers.wallabag-rtr.service=wallabag-svc" @@ -3096,7 +3622,7 @@ split=16 - $CONFIGDIR/buku:/root/.local/share/buku labels: - "traefik.enable=true" - - "traefik.http.routers.buku-rtr.entrypoints=https" + - "traefik.http.routers.buku-rtr.entrypoints=web-secure" - "traefik.http.routers.buku-rtr.rule=Host(`bookmarks.$DOMAINNAME`)" - "traefik.http.routers.buku-rtr.tls=true" - "traefik.http.routers.buku-rtr.service=buku-svc" @@ -3104,36 +3630,6 @@ split=16 - "traefik.http.services.buku-svc.loadbalancer.server.port=5001" #+end_src -** =transmission= - Torrent server -#+begin_src yaml - transmission: - container_name: transmission - image: linuxserver/transmission - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/transmission:/config - - /srv/storage/Downloads:/downloads - - /srv/storage/Downloads/watch:/watch - ports: - - 9091:9091 - - 51413:51413 - - 51413:51413/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.transmission-rtr.entrypoints=https" - - "traefik.http.routers.transmission-rtr.rule=Host(`torrent.$DOMAINNAME`)" - - "traefik.http.routers.transmission-rtr.tls=true" - - "traefik.http.routers.transmission-rtr.service=transmission-svc" - - "traefik.http.routers.transmission-rtr.middlewares=private-auth" - - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091" -#+end_src - ** =navidrome= - Music server #+begin_src yaml navidrome: @@ -3156,7 +3652,7 @@ split=16 - /srv/storage/Music:/music:ro labels: - "traefik.enable=true" - - "traefik.http.routers.navidrome-rtr.entrypoints=https" + - "traefik.http.routers.navidrome-rtr.entrypoints=web-secure" - "traefik.http.routers.navidrome-rtr.rule=Host(`music.$DOMAINNAME`)" - "traefik.http.routers.navidrome-rtr.tls=true" - "traefik.http.routers.navidrome-rtr.service=navidrome-svc" @@ -3182,7 +3678,7 @@ split=16 - /srv/storage/Cloud/thesis:/source labels: - "traefik.enable=true" - - "traefik.http.routers.duplicati-rtr.entrypoints=https" + - "traefik.http.routers.duplicati-rtr.entrypoints=web-secure" - "traefik.http.routers.duplicati-rtr.rule=Host(`backup.$DOMAINNAME`)" - "traefik.http.routers.duplicati-rtr.tls=true" - "traefik.http.routers.duplicati-rtr.service=duplicati-svc" @@ -3215,7 +3711,7 @@ split=16 - $CONFIGDIR/netdata:/etc/netdata labels: - "traefik.enable=true" - - "traefik.http.routers.netdata-rtr.entrypoints=https" + - "traefik.http.routers.netdata-rtr.entrypoints=web-secure" - "traefik.http.routers.netdata-rtr.rule=Host(`netdata.$DOMAINNAME`)" - "traefik.http.routers.netdata-rtr.tls=true" - "traefik.http.routers.netdata-rtr.service=netdata-svc" @@ -3316,7 +3812,7 @@ JELLYFINTOKEN=<> #+end_src #+begin_src conf -AUTHELIA_NOTIFIER_SMTP_PASSWORD=<> +AUTHELIA_NOTIFIER_SMTP_PASSWORD=<> AUTHELIA_JWT_SECRET=<> #+end_src @@ -3338,13 +3834,161 @@ DEEMIX_ARL=<> #+end_src #+begin_src conf -GMAIL_PASS=<> +GOOGLE_COMMENTO_PASS=<> +GOOGLE_AUTHELIA_PASS=<> #+end_src #+begin_src conf COMMENTO_DB_PASSWORD=<> #+end_src +* TODO Matrix +** Matrix server +Use Ansible https://github.com/spantaleev/matrix-docker-ansible-deploy + +Must install newer version of ansible: +- https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu + +** Basic Config +#+begin_src yaml +matrix_domain: tdehaeze.xyz +matrix_ssl_lets_encrypt_support_email: 'dehaeze.thomas@gmail.com' +matrix_coturn_turn_static_auth_secret: 'nxSdNOonPYXHmpog8j6dC1EciAmdYPNgpre1SZw1yc8VybtJcAQrzArVLAjzDR2z' +matrix_synapse_macaroon_secret_key: 'exz3Wv7eWBDGYpnp5x3o3qGg6oalG04teu2eNlzMv6H7HxhW5U8Dr1HXZhMHafhl' +matrix_postgres_connection_password: '4WmtV4utoNMKMOY1TxfJ9EsgCV8dTIV8hyB8YrCpZqd33bsursGKEP6BA1gY4YZJ' +matrix_client_element_enabled: false +matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}" +#+end_src + +#+begin_src yaml +# ================================================================================================= +# Setting up the Shared Secret Auth password provider module +matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true +matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: Ru1kRNNyj8k7cVx2q2aAZCZL3R3Ph79Pq762W17CfExhmnAfxb9BI7zOktsBK32O +#+end_src + +** Use Traefik as reverse proxy +#+begin_src yaml +# ================================================================================================= +# Disable Nginx and use Traefik instead +# ================================================================================================= + +# Disable generation and retrieval of SSL certs +matrix_ssl_retrieval_method: none + +# Configure Nginx to only use plain HTTP +matrix_nginx_proxy_https_enabled: false + +# Don't bind any HTTP or federation port to the host +# (Traefik will proxy directly into the containers) +matrix_nginx_proxy_container_http_host_bind_port: '' +matrix_nginx_proxy_container_federation_host_bind_port: '' + +# Disable Coturn because it needs SSL certs +# (Clients can, though exposing IP address, use Matrix.org TURN) +matrix_coturn_enabled: false + +# All containers need to be on the same Docker network as Traefik +# (This network should already exist and Traefik should be using this network) +matrix_docker_network: 't2_proxy' + +matrix_nginx_proxy_container_extra_arguments: + - '--label "traefik.enable=true"' + - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=https"' + - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`,`{{ matrix_server_fqn_jitsi }}`)"' + - '--label "traefik.http.routers.matrix-nginx-proxy.tls=true"' + - '--label "traefik.http.services.matrix-nginx-proxy.loadbalancer.server.port=8080"' + # - '--label "traefik.http.routers.matrix-nginx-proxy.middlewares=matrix-regex"' + # - '--label "traefik.http.middlewares.matrix-regex.redirectregex.regex=https://matrix.tdehaeze.xyz/.well-known/matrix/(client|server)"' + # - '--label "traefik.http.middlewares.matrix-regex.redirectregex.replacement=https://matrix.tdehaeze.xyz/"' + +matrix_synapse_container_extra_arguments: + - '--label "traefik.enable=true"' + - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"' + - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"' + - '--label "traefik.http.routers.matrix-synapse.tls=true"' + - '--label "traefik.http.routers.matrix-synapse.service=matrix-synapse"' + - '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"' +#+end_src + +** Bridges +*** Slack +#+begin_src yaml +# Slack +matrix_mx_puppet_slack_enabled: true +matrix_mx_puppet_slack_client_id: "299050134212.1969032215654" +matrix_mx_puppet_slack_client_secret: "9a3240e570997645d4961d3cb595e798" +#+end_src + +*** WhatsApp +#+begin_src yaml +# WhatsApp +matrix_mautrix_whatsapp_enabled: true +#+end_src + +*** Signal +#+begin_src yaml +# Signal +matrix_mautrix_signal_enabled: true +#+end_src + +*** Facebook +#+begin_src yaml +# Facebook +matrix_mautrix_facebook_enabled: true +#+end_src + +*** Telegram +#+begin_src yaml +# Telegram +matrix_mautrix_telegram_enabled: true +matrix_mautrix_telegram_api_id: 5596434 +matrix_mautrix_telegram_api_hash: 29d6742e35799b88b9a7b5a46fe05ff2 +#+end_src + +* Backup server +** Hardware +odroid HC4 + +** Install +*** Install MicroSD +Ubuntu 20.04 minimal + +https://github.com/snakajim/odroidhc4-install + +*** First boot +#+begin_quote +Choose "Exit to shell" +(switch to console then) +# netboot_default +# exit +(back to petiboot menu) +#+end_quote + +*** Setup SSH and Drive +- create =thomas= user +- add user to sudo group +- add SSH key (use =ssh-copy-id=) +- disable root ssh and password authentication +- format disk drive +- edit =/etc/fstab= to add the disk drive and mount it to =/srv/storage=. + +*** Install packages +#+begin_src bash +sudo apt install neovim tmux fd-find ripgrep fzf apache2-utils unrar ranger man git +#+end_src + +*** Install docker +https://blog.rylander.io/2020/12/23/setting-up-docker-on-ubuntu-20-04-focal-arm64/ + + +** Poweroff without =sudo= +add the following at the end of =/etc/sudoers=: + +#+begin_src bash +thomas backup =NOPASSWD: /usr/bin/systemctl poweroff,/usr/bin/systemctl halt,/usr/bin/systemctl reboot +#+end_src + * Cron Jobs ** Caddy Update Create a script =~/cron/caddy_update.sh= with: @@ -3357,3 +4001,15 @@ Type =crontab -e= and add this line: */5 * * * * /home/thomas/cron/caddy_update.sh >> /home/thomas/cron/caddy_update.log 2>&1 #+end_src + +** Back OpenWRT Config +Create a script =~/cron/backup_openwrt_conf.sh= with: +#+begin_src bash :tangle /ssh:thomas@homelab:~/cron/backup_openwrt_conf.sh :shebang "#!/usr/bin/env bash" +ssh root@192.168.1.1 "umask go=; sysupgrade -b /tmp/backup-${HOSTNAME}-$(date +%F).tar.gz" && \ + scp root@192.168.1.1:/tmp/backup-*.tar.gz /srv/storage/Backups/openWRT/ +#+end_src + +Type =crontab -e= and add this line: +#+begin_src conf +*/5 * * * * /home/thomas/cron/backup_openwrt_conf.sh >> /home/thomas/cron/backup_openwrt_conf.log 2>&1 +#+end_src