diff --git a/homelab.org b/homelab.org index cdd7a6d..15c6fdb 100644 --- a/homelab.org +++ b/homelab.org @@ -4,20 +4,26 @@ * Hardware #+caption: Home Server Hardware -| *Part* | *Model* | -|-------------+-------------------------------------------------| -| Case | Fractal Design Node 804 | -| Motherboard | ASUS PRIME B450M-A | -| CPU | AMD Ryzen 3 3200G | -| RAM | Corsair Vengeance LPX 16Go (2x8Go) DDR4 3200MHz | -| Cooler | ARCTIC Freezer 34 eSports DUO | -| PSU | Corsair SF450 | -| SSD M.2 | Samsung 970 EVO Plus 250Gb | -| Disk Drives | Various drives ranging from 3Tb to 8Tb | +| *Part* | *Model* | +|--------------+-------------------------------------------------| +| Case | Fractal Design Node 804 | +| Motherboard | ASUS PRIME B450M-A | +| CPU | AMD Ryzen 7 5700G | +| RAM | Corsair Vengeance LPX 32Go (4x8Go) DDR4 3200MHz | +| Cooler | ARCTIC Freezer 34 eSports DUO | +| PSU | Corsair RM750x | +| SSD M.2 | Samsung 970 EVO Plus 1Tb | +| Data Drives | 4x 8Tb | +| Parity Drive | 1x 10Tb | + +Note regarding the ASUS PRIME B450M-A +2*The M.2 Socket shares bandwidth with the SATA_5/6 ports, and therefore the SATA_5/6 ports cannot be used when an M.2 device is installed. + +But it seems that it is a NVME (and not M.2 SATA), and therefore I can use the last 2 SATA ports. * Installation ** Ubuntu -- Download *Ubuntu Server 20.04 LTS* ([[https://ubuntu.com/download/server][link]]). +- Download *Ubuntu Server 24.04 LTS* ([[https://ubuntu.com/download/server][link]]). - Activate OpenSSH and add SSH Keys - Account: =thomas=, hostname: =homelab= @@ -58,11 +64,11 @@ sudo parted /dev/sda mklabel gpt #+end_src #+begin_src bash :eval no -sudo parted -a opt /dev/sda mkpart "partitionname" ext4 0% 100% +sudo parted -a opt /dev/sda mkpart primary ext4 0% 100% #+end_src #+begin_src bash :eval no -sudo mkfs.ext4 -L partitionname /dev/sda1 +sudo mkfs.ext4 -L primary /dev/sda1 #+end_src ** MergerFS and FStab @@ -76,6 +82,7 @@ Create mount points #+begin_src bash :eval no sudo mkdir /mnt/disk0 sudo mkdir /mnt/disk1 +sudo mkdir /mnt/disk2 sudo mkdir /mnt/parity #+end_src @@ -86,23 +93,26 @@ sudo mkdir /srv/storage Edit =/etc/fstab=. #+begin_src conf :eval no -/dev/disk/by-uuid/7fb7873c-83bd-4805-98ab-506e6c7b56fa /mnt/disk0 ext4 defaults 0 0 -/dev/disk/by-uuid/6574b7ae-321c-4078-9793-bc41a4fa5588 /mnt/disk1 ext4 defaults 0 0 -/dev/disk/by-uuid/6fcd38b9-0886-46bd-900d-cb1f170dbcee /mnt/parity ext4 defaults 0 0 +/dev/disk/by-uuid/7fb7873c-83bd-4805-98ab-506e6c7b56fa /mnt/disk0 ext4 defaults 0 0 +/dev/disk/by-uuid/d9e7cc6b-5054-4eb9-bcb2-7e29480e0c6e /mnt/disk1 ext4 defaults 0 0 +/dev/disk/by-uuid/6fcd38b9-0886-46bd-900d-cb1f170dbcee /mnt/disk2 ext4 defaults 0 0 +/dev/disk/by-uuid/736bf432-baa8-465e-bf8e-c2bbad1cb7dd /mnt/parity ext4 defaults 0 0 -/mnt/disk* /srv/storage fuse.mergerfs direct_io,defaults,allow_other,minfreespace=50G,fsname=mergerfs 0 0 +/mnt/disk* /srv/storage fuse.mergerfs allow_other,use_ino,cache.files=partial,dropcacheonclose=true,category.create=mfs,fsname=mergerfs 0 0 #+end_src ** SnapRAID ([[https://github.com/amadvance/snapraid][link]]) and SnapRAID Runner ([[https://github.com/Chronial/snapraid-runner][link]]) -*SnapRAID* is a snapshot parity calculation tool which acts at the block level independent of filesystem ([[https://selfhostedhome.com/combining-different-sized-drives-with-mergerfs-and-snapraid/][link]]). +<> -It is manually installed with docker ([[https://github.com/ironicbadger/docker-snapraid][link]]). +*SnapRAID* is a snapshot parity calculation tool which acts at the block level independent of filesystem ([[https://selfhostedhome.com/combining-different-sized-drives-with-mergerfs-and-snapraid/][link]]). +#+begin_src bash :eval no +sudo apt install snapraid +#+end_src The configuration file is located in =/etc/snapraid.conf=: #+begin_src conf :tangle /ssh:thomas@homelab:/etc/snapraid.conf # Defines the file to use as parity storage # It must NOT be in a data disk -# Format: "parity FILE_PATH" parity /mnt/parity/snapraid.parity # Defines the files to use as content list @@ -111,28 +121,21 @@ parity /mnt/parity/snapraid.parity # hurt # They can be in the disks used for data, parity or boot, # but each file must be in a different disk -# Format: "content FILE_PATH" content /var/snapraid.content content /mnt/disk0/.snapraid.content content /mnt/disk1/.snapraid.content +content /mnt/disk2/.snapraid.content # Defines the data disks to use # The order is relevant for parity, do not change it -# Format: "disk DISK_NAME DISK_MOUNT_POINT" disk disk0 /mnt/disk0 disk disk1 /mnt/disk1 - -# Excludes hidden files and directories (uncomment to enable). -#nohidden +disk disk2 /mnt/disk2 # Defines files and directories to exclude -# Remember that all the paths are relative at the mount points -# Format: "exclude FILE" -# Format: "exclude DIR/" -# Format: "exclude /PATH/FILE" -# Format: "exclude /PATH/DIR/" exclude /tmp/ exclude /lost+found/ +exclude /Downloads/ # This changes a lot, not necessary to backup exclude *.!sync exclude .DS_Store exclude ._.DS_Store @@ -141,6 +144,7 @@ exclude .fseventsd exclude .Spotlight-V100 exclude .TemporaryItems exclude .Trashes +exclude .part #+end_src Go in the =/home/thomas/.local/soft/= directory and clone the =snapraid-runner= [[https://github.com/tdehaeze/snapraid-runner][repository]]. @@ -159,9 +163,9 @@ touch = true [logging] ; logfile to write to, leave empty to disable -file = snapraid.log +; file = snapraid.log ; maximum logfile size in KiB, leave empty for infinite -maxsize = 5000 +; maxsize = 5000 [gotify] sendon = error @@ -185,7 +189,7 @@ And finally, create a =cronjob= with =sudo crontab -e= and add the following lin ** Install Docker The procedure is well explained [[https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04][here]]. -If docker is already installed, remove it: +If docker is already installed, remove it with: #+begin_src bash sudo apt remove docker #+end_src @@ -219,7 +223,7 @@ sudo timedatectl set-timezone Europe/Paris ** Secure the Web Server Most of it comes from [[https://github.com/imthenachoman/How-To-Secure-A-Linux-Server][here]]. -- Set =PasswordAuthentication= no in =/etc/ssh/sshd_config= +- Set =PasswordAuthentication no= in =/etc/ssh/sshd_config= ** Automatic Security Updates The procedure is well explained [[https://www.linuxbabe.com/ubuntu/automatic-security-update-unattended-upgrades-ubuntu][here]]. @@ -267,9 +271,23 @@ cd ~/docker && docker-compose up -d } #+end_src +** Install =earlyoom= for better memory management +https://github.com/rfjakob/earlyoom + +#+begin_src bash :eval no +sudo apt install earlyoom +#+end_src + +Check the status with =systemctl status earlyoom=. + * Maintenance - How To ** Update System/Packages -#+begin_src bash +To show possible update: +#+begin_src bash :eval no +apt list --upgradable +#+end_src + +#+begin_src bash :eval no sudo -- sh -c 'apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y; apt-get autoclean -y' #+end_src @@ -300,7 +318,7 @@ sudo snapraid scrub Update All Containers #+begin_src bash :eval no -cd ~/docker/ && docker-compose pull --ignore-pull-failures && docker-compose up -d +cd ~/docker/ && docker compose pull --ignore-pull-failures && docker compose up -d #+end_src Clean up Docker environment @@ -361,16 +379,42 @@ Ask the new user to go to https://login.tdehaeze.xyz/ to reset his password. :header-args+: :comments none :mkdirp yes :END: -** Basic Config -#+begin_src yaml -version: "3.8" +** USB config +https://hackaday.io/page/13294-solved-docker-udev-usb-naming + +=/etc/udev/rules.d/99-usb-serial.rules= +#+begin_src conf :tangle no +# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", ACTION=="add", RUN+="/home/thomas/docker/mount-usb-device.sh tina2" +# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", ACTION=="remove", RUN+="/bin/rm -f /dev/ttyUSB-tina2" +SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ACTION=="add", RUN+="/home/thomas/docker/mount-usb-device.sh zigbee" +SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ACTION=="remove", RUN+="/bin/rm -f /dev/ttyUSB-zigbee" #+end_src +=/home/thomas/docker/mount-usb-device.sh= +#+begin_src bash :eval no :tangle no +p="" +# if [ "$1" == "tina2" ] +# then +# p=`realpath /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0` +# fi +if [ "$1" == "zigbee" ] +then + p=`realpath /dev/serial/by-id/usb-Silicon_Labs_slae.sh_cc2652rb_stick_-_slaesh_s_iot_stuff_00_12_4B_00_23_93_39_57-if00-port0` +fi + +if [ "x$p" != "x" ] +then + rm -f /dev/ttyUSB-$1 + ln $p /dev/ttyUSB-$1 +fi +#+end_src + +** Basic Config #+begin_src yaml networks: t2_proxy: - external: - name: t2_proxy + external: true + name: t2_proxy immich: external: false backend: @@ -397,7 +441,7 @@ services: #+begin_src yaml traefik: container_name: traefik - image: traefik:2.9 + image: traefik:v3.6 restart: unless-stopped depends_on: - authelia @@ -469,10 +513,15 @@ entryPoints: trustedIPs: 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 matrix-federation: address: :8448 + matrix-internal-matrix-client-api: + address: :8008 api: dashboard: true +core: + defaultRuleSyntax: v2 + log: level: ERROR @@ -494,13 +543,17 @@ providers: defaultrule: Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) exposedByDefault: false network: t2_proxy - swarmMode: false file: filename: /etc/traefik/services.yaml serversTransport: insecureSkipVerify: true # Necessary for Unifi (but not recommended) +# respondingTimeouts: +# readTimeout: "5s" +# writeTimeout: "5s" +# idleTimeout: "360s" + certificatesResolvers: dns-cloudflare: acme: @@ -533,13 +586,17 @@ http: headers: customRequestHeaders: Authorization: "" # Removes + basic-auth: + basicAuth: + users: + - "tdehaeze:$2y$05$SSzSMIUEGrfQgZMas1ROYeLzqfuqnQG6hJRgxGWV2It5yv7YzN3Ay" #+end_src *** =authelia= - Single Sign-On Multi-Factor portal ([[https://github.com/authelia/authelia][link]]) #+begin_src yaml authelia: - image: authelia/authelia:4.35 container_name: authelia + image: authelia/authelia:4.35 restart: unless-stopped networks: - t2_proxy @@ -606,7 +663,7 @@ access_control: policy: one_factor subject: - ["group:admins"] - - ["group:family"] + - ["group:colloc"] - domain: openwrt.tdehaeze.xyz policy: one_factor subject: @@ -619,10 +676,6 @@ access_control: policy: one_factor subject: - ["group:admins"] - - domain: sync-ju.tdehaeze.xyz - policy: one_factor - subject: - - ["group:admins"] - domain: sync-jm.tdehaeze.xyz policy: one_factor subject: @@ -639,11 +692,11 @@ access_control: policy: one_factor subject: - ["group:admins"] - - domain: wireguard.tdehaeze.xyz + - domain: homepage.tdehaeze.xyz policy: one_factor subject: - ["group:admins"] - - domain: joal.tdehaeze.xyz + - domain: wireguard.tdehaeze.xyz policy: one_factor subject: - ["group:admins"] @@ -663,11 +716,19 @@ access_control: policy: one_factor subject: - ["group:admins"] - - ["group:family"] + - ["group:colloc"] + - domain: mqttui.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] - domain: zigbee2mqtt.tdehaeze.xyz policy: one_factor subject: - ["group:admins"] + - domain: restic.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] - domain: qobuz.tdehaeze.xyz policy: bypass resources: @@ -680,16 +741,24 @@ access_control: - ["group:family"] - domain: sonarr.tdehaeze.xyz policy: bypass - resources: - - "^/api.*$" + networks: + - 172.18.0.0/16 - domain: sonarr.tdehaeze.xyz policy: one_factor subject: - ["group:admins"] + - domain: prowlarr.tdehaeze.xyz + policy: bypass + networks: + - 172.18.0.0/16 + - domain: prowlarr.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] - domain: radarr.tdehaeze.xyz policy: bypass - resources: - - "^/api.*$" + networks: + - 172.18.0.0/16 - domain: radarr.tdehaeze.xyz policy: one_factor subject: @@ -698,6 +767,28 @@ access_control: policy: one_factor subject: - ["group:admins"] + - domain: joal.tdehaeze.xyz + policy: one_factor + subject: + - ["group:admins"] + - domain: owasabi.tdehaeze.xyz + policy: one_factor + resources: + - "^/control.*$" + subject: + - ["group:admins"] + - ["user:owasabi"] + - domain: owasabi.tdehaeze.xyz + policy: bypass + - domain: owasabi-mountains.tdehaeze.xyz + policy: one_factor + resources: + - "^/control.*$" + subject: + - ["group:admins"] + - ["user:owasabi"] + - domain: owasabi-mountains.tdehaeze.xyz + policy: bypass session: name: authelia_session @@ -727,7 +818,7 @@ notifier: #+begin_src yaml uptime-kuma: container_name: uptime-kuma - image: louislam/uptime-kuma + image: louislam/uptime-kuma:2 restart: unless-stopped networks: - t2_proxy @@ -736,7 +827,7 @@ notifier: - PUID=$PUID - PGID=$PGID volumes: - - $CONFIGDIR/uptime-kuma:/app/data + - /docker/uptime-kuma:/app/data labels: - "traefik.enable=true" - "traefik.http.routers.uptime-rtr.entrypoints=web-secure" @@ -823,6 +914,7 @@ In order to have notifications on Linux desktop use [[https://github.com/ztpnk/g - /dev/sda:/dev/sda - /dev/sdb:/dev/sdb - /dev/sdc:/dev/sdc + - /dev/sdd:/dev/sdd - /dev/nvme0:/dev/nvme0 logging: *default-logging #+end_src @@ -843,7 +935,7 @@ In order to have notifications on Linux desktop use [[https://github.com/ztpnk/g - PGID=$PGID - TZ=$TZ - WG_HOST=82.66.44.13 - - PASSWORD=$WIREGUARD_PASS + - PASSWORD_HASH='$$2a$$12$$kVt.q4N25VD/n5bXjk9yGubmHlPjGtXKGcDa2c3qYzfse4U502mzm' volumes: - $CONFIGDIR/wg-easy:/etc/wireguard ports: @@ -900,11 +992,13 @@ http { location /.well-known/matrix/client { proxy_pass https://matrix.tdehaeze.xyz/.well-known/matrix/client; proxy_set_header X-Forwarded-For $remote_addr; + proxy_ssl_server_name on; } location /.well-known/matrix/server { proxy_pass https://matrix.tdehaeze.xyz/.well-known/matrix/server; proxy_set_header X-Forwarded-For $remote_addr; + proxy_ssl_server_name on; } } } @@ -947,8 +1041,8 @@ http { #+begin_src yaml commento_db: - container_name: commento_db image: postgres:13 + shm_size: 512mb restart: unless-stopped networks: - backend @@ -962,6 +1056,42 @@ http { logging: *default-logging #+end_src +*** =rustdesk= - Remote desktop application ([[https://github.com/rustdesk/rustdesk][link]]) +#+begin_src yaml + hbbs: + container_name: hbbs + image: rustdesk/rustdesk-server:latest + restart: unless-stopped + command: hbbs -r rustdesk.tdehaeze.xyz:21117 + volumes: + - $CONFIGDIR/rustdesk:/root + ports: + - 21115:21115 + - 21116:21116 + - 21116:21116/udp + - 21118:21118 + depends_on: + - hbbr + + hbbr: + container_name: hbbr + image: rustdesk/rustdesk-server:latest + restart: unless-stopped + command: hbbr + volumes: + - $CONFIGDIR/rustdesk:/root + ports: + - 21117:21117 + - 21119:21119 + labels: + - "traefik.enable=true" + - "traefik.http.routers.rustdesk-rtr.entrypoints=web-secure" + - "traefik.http.routers.rustdesk-rtr.rule=Host(`rustdesk.$DOMAINNAME`)" + - "traefik.http.routers.rustdesk-rtr.tls=true" + - "traefik.http.routers.rustdesk-rtr.service=rustdesk-svc" + - "traefik.http.services.rustdesk-svc.loadbalancer.server.port=21117" +#+end_src + *** =unifi-controller= - Software for Unifi devices ([[https://hub.docker.com/r/linuxserver/unifi-controller][link]]) #+begin_src yaml unifi-mongodb: @@ -1024,7 +1154,6 @@ http { #+begin_src yaml :tangle no unifi-controller: - container_name: unifi-controller image: jacobalberty/unifi networks: - t2_proxy @@ -1059,342 +1188,37 @@ http { logging: *default-logging #+end_src -** Metrics -*** =influxdb= -#+begin_src yaml - influxdb: - container_name: influxdb - image: influxdb - restart: unless-stopped - networks: - - t2_proxy - - backend - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/influxdb:/var/lib/influxdb2:rw - labels: - - "traefik.enable=true" - - "traefik.http.routers.influxdb-rtr.entrypoints=web-secure" - - "traefik.http.routers.influxdb-rtr.rule=Host(`influxdb.$DOMAINNAME`)" - - "traefik.http.routers.influxdb-rtr.tls=true" - - "traefik.http.routers.influxdb-rtr.service=influxdb-svc" - - "traefik.http.services.influxdb-svc.loadbalancer.server.port=8086" - healthcheck: - test: "curl -f http://localhost:8086/ping" - interval: 5s - timeout: 10s - retries: 5 - logging: *default-logging -#+end_src - ** Websites -*** =homer= - Home page for myself ([[https://github.com/bastienwirtz/homer][link]]) +*** =homepage= - A highly customizable homepage ([[https://github.com/gethomepage/homepage][link]]) #+begin_src yaml - homer: - container_name: homer - image: b4bz/homer + homepage: + container_name: homepage + image: ghcr.io/gethomepage/homepage:latest restart: unless-stopped networks: - t2_proxy environment: + - HOMEPAGE_ALLOWED_HOSTS=* # TODO - Not recommanded See gethomepage.dev/installation/#homepage_allowed_hosts - UID=$PUID - GID=$PGID - TZ=$TZ volumes: - - $CONFIGDIR/homer/assets/:/www/assets + - $CONFIGDIR/homepage/:/app/config + - /var/run/docker.sock:/var/run/docker.sock:ro # optional, for docker integrations + - /mnt/disk0:/mnt/disk0:ro + - /mnt/disk1:/mnt/disk1:ro + - /mnt/disk2:/mnt/disk2:ro labels: - "traefik.enable=true" - - "traefik.http.routers.homer-rtr.entrypoints=web-secure" - - "traefik.http.routers.homer-rtr.rule=Host(`homer.$DOMAINNAME`)" - - "traefik.http.routers.homer-rtr.tls=true" - - "traefik.http.routers.homer-rtr.service=homer-svc" - - "traefik.http.services.homer-svc.loadbalancer.server.port=8080" + - "traefik.http.routers.homepage-rtr.entrypoints=web-secure" + - "traefik.http.routers.homepage-rtr.rule=Host(`homepage.$DOMAINNAME`)" + - "traefik.http.routers.homepage-rtr.tls=true" + - "traefik.http.routers.homepage-rtr.service=homepage-svc" + - "traefik.http.routers.homepage-rtr.middlewares=authelia@docker" + - "traefik.http.services.homepage-svc.loadbalancer.server.port=3000" logging: *default-logging #+end_src -=config.yml= -#+begin_src yaml :tangle /ssh:thomas@homelab:/home/thomas/docker/config/homer/assets/config.yml ---- -title: "Homepage" -subtitle: "" -logo: "assets/homer.png" -header: false -footer: false - -columns: "auto" -connectivityCheck: false - -theme: default - -links: [] - -services: - - name: "Websites" - icon: "fas fa-desktop" - items: - - name: "Brain" - logo: "/assets/tools/brain.png" - subtitle: "Digital Brain" - url: "https://brain.tdehaeze.xyz" - - name: "Research" - logo: "/assets/tools/orgmode.png" - subtitle: "Research Pages" - url: "https://research.tdehaeze.xyz" - - name: "Help" - logo: "/assets/tools/help.png" - subtitle: "Help Page" - url: "https://help.tdehaeze.xyz" - - name: "Dotfiles" - logo: "/assets/tools/dotfiles.png" - subtitle: "My Literate Dotfiles" - url: "https://dotfiles.tdehaeze.xyz" - - name: "Miam" - logo: "/assets/tools/miam.png" - subtitle: "Personnal Recipes" - url: "https://miam.tdehaeze.xyz" - - name: "Miniflux" - logo: "/assets/tools/miniflux.png" - subtitle: "RSS Feeds" - url: "https://rss.tdehaeze.xyz" - - name: "LinkDing" - logo: "/assets/tools/linkding.png" - subtitle: "Bookmark Manager" - url: "https://bm.tdehaeze.xyz" - - name: "Multimedia" - icon: "fas fa-photo-video" - items: - - name: "Jellyfin" - logo: "/assets/tools/jellyfin.png" - subtitle: "Media Library" - url: "https://jellyfin.tdehaeze.xyz" - - name: "JFA-Go" - logo: "/assets/tools/jellyfin.png" - subtitle: "Manage Jellyfin Users" - url: "http://jfa.tdehaeze.xyz/" - # - name: "Audioserve" - # logo: "/assets/tools/audiobook.png" - # subtitle: "Audiobook Server" - # url: "https://audiobook.tdehaeze.xyz" - # - name: "Kavita" - # logo: "/assets/tools/kavita.png" - # subtitle: "Book Library" - # url: "https://kavita.tdehaeze.xyz" - - name: "Cloud" - icon: "fas fa-cloud" - items: - - name: "Cinny" - logo: "/assets/tools/cinny.png" - subtitle: "Matrix web client" - url: "https://cinny.tdehaeze.xyz" - - name: "File Browser" - logo: "/assets/tools/cloud.png" - subtitle: "Simple Personnal Could" - url: "https://cloud.tdehaeze.xyz" - - name: "Syncthing" - logo: "/assets/tools/syncthing.png" - subtitle: "Anne" - url: "https://sync-anne.tdehaeze.xyz" - - name: "Syncthing" - logo: "/assets/tools/syncthing.png" - subtitle: "Juliette" - url: "https://sync-ju.tdehaeze.xyz" - - name: "Syncthing" - logo: "/assets/tools/syncthing.png" - subtitle: "Jean-Marie" - url: "https://sync-jm.tdehaeze.xyz" - - name: "Syncthing" - logo: "/assets/tools/syncthing.png" - subtitle: "P2P Sync" - url: "https://syncthing.tdehaeze.xyz" - - name: "Radicale" - logo: "/assets/tools/radicale.png" - subtitle: "CalDAV/CardDAV Server" - url: "https://radicale.tdehaeze.xyz" - - name: "Gitea" - logo: "/assets/tools/gitea.png" - subtitle: "Git Server" - url: "https://git.tdehaeze.xyz" - - name: "Download" - icon: "fas fa-download" - items: - - name: "JellySrerr" - logo: "/assets/tools/jellyseerr.png" - subtitle: "Torrent Client" - url: "http://jellyseerr.tdehaeze.xyz/" - # - name: "Down" - # logo: "/assets/tools/down.png" - # subtitle: "Torrent Download" - # url: "https://down.tdehaeze.xyz/" - - name: "Qobuz" - subtitle: "Music Download" - logo: "/assets/tools/qobuz.png" - url: "https://qobuz.tdehaeze.xyz" - - name: "Sonarr" - logo: "/assets/tools/sonarr.png" - subtitle: "TVShows Download" - url: "http://sonarr.tdehaeze.xyz/" - - name: "Radarr" - logo: "/assets/tools/radarr.png" - subtitle: "Movies Download" - url: "http://radarr.tdehaeze.xyz/" - - name: "Prowlarr" - logo: "/assets/tools/prowlarr.png" - subtitle: "Torrent Indexer" - url: "http://prowlarr.tdehaeze.xyz/" - # - name: "Jackett" - # logo: "/assets/tools/jackett.png" - # subtitle: "Torrent Client" - # url: "http://jackett.tdehaeze.xyz/" - - name: "Transmission" - logo: "/assets/tools/transmission.png" - subtitle: "Torrent Client" - url: "http://torrent.tdehaeze.xyz/transmission/web/" - - name: "Config" - icon: "fas fa-cog" - items: - # - name: "Portainer" - # logo: "/assets/tools/portainer.png" - # subtitle: "Manger Docker" - # url: "https://portainer.tdehaeze.xyz/#/containers" - - name: "Traefik" - logo: "/assets/tools/traefik.png" - subtitle: "Reverse Proxy" - url: "https://traefik.tdehaeze.xyz" - - name: "Wireguard" - logo: "/assets/tools/wireguard.png" - subtitle: "Manger Docker" - url: "https://wireguard.tdehaeze.xyz/" - - name: "Uptime" - logo: "/assets/tools/uptime.png" - subtitle: "Monitoring" - url: "https://uptime.tdehaeze.xyz" - - name: "Commento" - logo: "/assets/tools/commento.png" - subtitle: "Commenting System" - url: "https://commento.tdehaeze.xyz" - - name: "Gotify" - logo: "/assets/tools/gotify.png" - subtitle: "Messaging System" - url: "https://gotify.tdehaeze.xyz" - - name: "Scrutiny" - logo: "/assets/tools/scrutiny.png" - subtitle: "S.M.A.R.T" - url: "http://scrutiny.tdehaeze.xyz/web/dashboard" - - name: "Home" - icon: "fas fa-home" - items: - - name: "OpenWRT" - logo: "/assets/tools/openwrt.png" - subtitle: "Router" - url: "https://openwrt.tdehaeze.xyz/" - - name: "Unifi" - logo: "/assets/tools/unifi.png" - subtitle: "Wifi Expander" - url: "https://unifi.tdehaeze.xyz/" - - name: "Changedetection.io" - logo: "/assets/tools/changedetection.png" - subtitle: "Detect change in websites" - url: "https://change.tdehaeze.xyz" - - name: "Zigbee2MQTT" - logo: "/assets/tools/zigbee2mqtt.png" - subtitle: "Zigbee2MQTT" - url: "https://zigbee2mqtt.tdehaeze.xyz/" - - name: "Node Red" - logo: "/assets/tools/node-red.png" - subtitle: "Event-driven applications" - url: "https://node-red.tdehaeze.xyz/" - - name: "InfluxDB" - logo: "/assets/tools/influxdb.png" - subtitle: "Time series database" - url: "https://influxdb.tdehaeze.xyz/" - - name: "ESPHome" - logo: "/assets/tools/esphome.png" - subtitle: "System to control ESP8266/ESP32" - url: "https://esphome.tdehaeze.xyz/" - - name: "OctoPrint" - logo: "/assets/tools/octoprint.png" - subtitle: "Tina2" - url: "https://3d-printer.tdehaeze.xyz/" -#+end_src - -*** =family= - Home page for family ([[https://github.com/bastienwirtz/homer][link]]) -#+begin_src yaml - famille: - container_name: famille - image: b4bz/homer - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/famille/assets/:/www/assets - labels: - - "traefik.enable=true" - - "traefik.http.routers.famille-rtr.entrypoints=web-secure" - - "traefik.http.routers.famille-rtr.rule=Host(`famille.$DOMAINNAME`)" - - "traefik.http.routers.famille-rtr.tls=true" - - "traefik.http.routers.famille-rtr.service=famille-svc" - - "traefik.http.services.famille-svc.loadbalancer.server.port=8080" - logging: *default-logging -#+end_src - -=config.yml= -#+begin_src yaml :tangle /ssh:thomas@homelab:/home/thomas/docker/config/famille/assets/config.yml ---- -title: "Homepage" -subtitle: "" -logo: "assets/homer.png" -header: false -footer: false - -columns: "auto" -connectivityCheck: false - -theme: default - -message: - style: "" # See https://bulma.io/documentation/components/message/#colors for styling options. - title: "Coucou !" - content: "Ci dessous tu peux trouver différents sites accéssibles sur mon serveur. Si tu as besoin d'aide avec l'utilisation de Jellyfin, tout est expliqué ici." - - -links: [] - -services: - - name: "Websites" - icon: "fas fa-desktop" - items: - - name: "Jellyfin" - logo: "/assets/tools/jellyfin.png" - subtitle: "Librairie multimédia" - url: "https://jellyfin.tdehaeze.xyz" - - name: "File Browser" - logo: "/assets/tools/cloud.png" - subtitle: "Cloud personnel" - url: "https://cloud.tdehaeze.xyz" - - name: "Miam" - logo: "/assets/tools/miam.png" - subtitle: "Site de recettes partagées" - url: "https://miam.tdehaeze.xyz" - - name: "Multimedia" - icon: "fas fa-photo-video" - items: - - name: "Jellyseerr" - subtitle: "Ajout de Films/Séries sur Jellyfin" - logo: "/assets/tools/jellyseerr.png" - url: "https://jellyseerr.tdehaeze.xyz" - - name: "Qobuz" - subtitle: "Ajout de Musique sur Jellyfin" - logo: "/assets/tools/qobuz.png" - url: "https://qobuz.tdehaeze.xyz" -#+end_src - *** =hugo= - Wiki + Blog ([[https://git.tdehaeze.xyz/tdehaeze/digital-brain][link]]) #+begin_src yaml hugo: @@ -1430,9 +1254,12 @@ services: - PLUGINS=git volumes: - $CONFIGDIR/research/Caddyfile:/etc/Caddyfile - - $CONFIGDIR/research/web:/srv + - /docker/research:/srv # - ~/.ssh:/root/.ssh labels: + - "homepage.group=Blog" + - "homepage.href=`research.$DOMAINNAME`" + - "homepage.description=Research blog" - "traefik.enable=true" - "traefik.http.routers.caddy-rtr.entrypoints=web-secure" - "traefik.http.routers.caddy-rtr.rule=Host(`research.$DOMAINNAME`)" @@ -1558,14 +1385,14 @@ services: - "traefik.http.routers.miam-rtr.rule=Host(`miam.$DOMAINNAME`)" - "traefik.http.routers.miam-rtr.tls=true" - "traefik.http.routers.miam-rtr.service=miam-svc" - - "traefik.http.services.miam-svc.loadbalancer.server.port=80" + - "traefik.http.services.miam-svc.loadbalancer.server.port=9000" logging: *default-logging #+end_src *** =gitea= - Git server ([[https://github.com/go-gitea/gitea][link]]) #+begin_src yaml gitea: - container_name: git + container_name: gitea image: gitea/gitea depends_on: - gitea_db @@ -1637,8 +1464,7 @@ services: logging: *default-logging #+end_src -** WingAudio -*** =wordpress= +*** =wingaudio= - With Wordpress #+begin_src yaml wingaudio: container_name: wingaudio @@ -1699,6 +1525,8 @@ services: - t2_proxy volumes: - $CONFIGDIR/jellyfin:/config + - /docker/jellyfin-cache:/cache + - /docker/jellyfin-metadata:/metadata - /srv/storage/TVShows:/data/tvshows - /srv/storage/Documentaries:/data/documentaries - /srv/storage/LiveMusic:/data/livemusic @@ -1715,7 +1543,7 @@ services: devices: # VAAPI Devices - /dev/dri/renderD128:/dev/dri/renderD128 - - /dev/dri/card0:/dev/dri/card0 + - /dev/dri/card1:/dev/dri/card1 ports: - 8096:8096 labels: @@ -1728,6 +1556,56 @@ services: logging: *default-logging #+end_src +*** =jellystat= - Statistics App for Jellyfin ([[https://github.com/CyferShepard/Jellystat][link]]) +#+begin_src yaml + jellystat: + container_name: jellystat + image: cyfershepard/jellystat:latest + restart: unless-stopped + networks: + - backend + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=fmxi0iS3TSGVigvZ + - POSTGRES_IP=jellystat_db + - POSTGRES_PORT=5432 + - JWT_SECRET='k36isYXNuQT7Kk9S' + volumes: + - $CONFIGDIR/jellystat:/app/backend/backup-data + depends_on: + - jellystat_db + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellystat-rtr.entrypoints=web-secure" + - "traefik.http.routers.jellystat-rtr.rule=Host(`jellystat.$DOMAINNAME`)" + - "traefik.http.routers.jellystat-rtr.tls=true" + - "traefik.http.routers.jellystat-rtr.service=jellystat-svc" + - "traefik.http.services.jellystat-svc.loadbalancer.server.port=3000" + logging: *default-logging +#+end_src + +#+begin_src yaml + jellystat_db: + image: postgres:15.2 + shm_size: 512mb + restart: unless-stopped + networks: + - backend + volumes: + - $CONFIGDIR/jellystat_db:/var/lib/postgresql/data + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - POSTGRES_DB='jfstat' + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=fmxi0iS3TSGVigvZ +#+end_src + *** =jfa-go= - Manage Jellyfin Users ([[https://github.com/hrfee/jfa-go][link]]) #+begin_src yaml jfa: @@ -1756,6 +1634,36 @@ services: logging: *default-logging #+end_src +*** =lms= - Server for Squeezebox and compatible players ([[https://github.com/LMS-Community/slimserver][link]]) +#+begin_src yaml + lms: + container_name: lms + image: lmscommunity/lyrionmusicserver + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/lms/config:/config:rw + - $CONFIGDIR/lms/playlist:/playlist:rw + - /srv/storage/Music:/music:ro + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + ports: + - 9000:9000/tcp + - 9090:9090/tcp + - 3483:3483/tcp + environment: + - HTTP_PORT=9000 + labels: + - "traefik.enable=true" + # - "traefik.http.routers.lms-rtr.entrypoints=web-secure" + # - "traefik.http.routers.lms-rtr.rule=Host(`lms.$DOMAINNAME`)" + # - "traefik.http.routers.lms-rtr.tls=true" + # - "traefik.http.routers.lms-rtr.service=lms-svc" + # - "traefik.http.services.lms-svc.loadbalancer.server.port=9000" + logging: *default-logging +#+end_src + ** Cloud *** =syncthing= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) #+begin_src yaml @@ -1854,77 +1762,36 @@ services: logging: *default-logging #+end_src -*** =sync-ju= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) -#+begin_src yaml - sync-ju: - container_name: sync-ju - image: linuxserver/syncthing - restart: unless-stopped - networks: - - t2_proxy - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - UMASK_SET=022 - volumes: - - $CONFIGDIR/sync-ju:/config - - /srv/storage/Users/juliette:/Cloud - - /srv/storage/Cloud/personnal:/Cloud/Thomas - ports: - - 22003:22003 - - 21030:21030/udp - labels: - - "traefik.enable=true" - - "traefik.http.routers.sync-ju-rtr.entrypoints=web-secure" - - "traefik.http.routers.sync-ju-rtr.rule=Host(`sync-ju.$DOMAINNAME`)" - - "traefik.http.routers.sync-ju-rtr.tls=true" - - "traefik.http.routers.sync-ju-rtr.service=sync-ju-svc" - - "traefik.http.routers.sync-ju-rtr.middlewares=authelia@docker" - - "traefik.http.services.sync-ju-svc.loadbalancer.server.port=8384" - logging: *default-logging -#+end_src - -*** =filebrowser= - Web file browser ([[https://hub.docker.com/r/filebrowser/filebrowser][link]]) +*** =filebrowser-quantum= - Web file browser ([[https://hub.docker.com/r/filebrowser/filebrowser][link]]) #+begin_src yaml filebrowser: container_name: filebrowser - image: filebrowser/filebrowser + image: gtstef/filebrowser:stable restart: unless-stopped networks: - t2_proxy volumes: - - $CONFIGDIR/filebrowser/database.db:/database.db - - $CONFIGDIR/filebrowser/.filebrowser.json:/.filebrowser.json - /srv/storage:/srv/storage + - $CONFIGDIR/filebrowser-quantum:/home/filebrowser/data + - /docker/filebrowser-tmp:/home/filebrowser/tmp # Required if uid other than 1000 user: "${PUID}:${PGID}" environment: + - FILEBROWSER_CONFIG=data/config.yaml + - FILEBROWSER_DATABASE=data/database.db - PUID=$PUID - PGID=$PGID - TZ=$TZ labels: - "traefik.enable=true" - - "traefik.http.routers.filebrowser-rtr.entrypoints=web-secure" - - "traefik.http.routers.filebrowser-rtr.rule=Host(`cloud.$DOMAINNAME`)" - - "traefik.http.routers.filebrowser-rtr.tls=true" - - "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc" - - "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80" + - "traefik.http.routers.cloud-rtr.entrypoints=web-secure" + - "traefik.http.routers.cloud-rtr.rule=Host(`cloud.$DOMAINNAME`)" + - "traefik.http.routers.cloud-rtr.tls=true" + - "traefik.http.routers.cloud-rtr.service=cloud-svc" + - "traefik.http.services.cloud-svc.loadbalancer.server.port=80" + - "traefik.http.middlewares.filebrowser-buffering.buffering.maxRequestBodyBytes=10737418240" # Upload Configuration logging: *default-logging #+end_src -=.filebrowser.json= - -#+begin_src json :tangle /ssh:thomas@homelab:/home/thomas/docker/config/filebrowser/.filebrowser.json -{ - "port": 80, - "baseURL": "", - "address": "", - "log": "stdout", - "database": "/database.db", - "root": "/srv/storage" -} -#+end_src - *** =radicale= - CalDAV/CardDAV server ([[https://github.com/tomsquest/docker-radicale][link]]) #+begin_src yaml radicale: @@ -1998,47 +1865,44 @@ filesystem_folder = /data/collections logging: *default-logging #+end_src -*** =restic-hc4= - Automatic backups on Odroid HC4 ([[https://github.com/djmaze/resticker/][link]]) +*** =backrest= - Automatic Backups ([[https://github.com/garethgeorge/backrest][link]]) #+begin_src yaml - restic-hc4: - container_name: restic-hc4 - image: mazzolino/restic + restic: + container_name: restic + image: garethgeorge/backrest:latest-alpine restart: unless-stopped networks: - t2_proxy environment: - - BACKUP_CRON=0 14 * * * # Backup at 3am every day - - RESTIC_REPOSITORY=sftp://thomas@pierrick.tdehaeze.xyz:10022//srv/storage/backup - - RESTIC_PASSWORD=$RESTIC_PASSWORD - - RESTIC_BACKUP_SOURCES=/source - - RESTIC_FORGET_ARGS=--group-by tag --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune - - RESTIC_BACKUP_ARGS=--tag local --exclude-file /exclude.txt --verbose - - RESTIC_GOTIFY_TOKEN=$RESTIC_GOTIFY_TOKEN - - SUCCESS_ON_INCOMPLETE_BACKUP="true" - UID=$PUID - GID=$PGID - TZ=$TZ - - POST_COMMANDS_FAILURE=curl "https://gotify.tdehaeze.xyz/message?token=$RESTIC_GOTIFY_TOKEN" -F "title=Restic HC4" -F "message=Backup failed" -F "priority=5" - - POST_COMMANDS_EXIT=ssh -p 10022 thomas@pierrick.tdehaeze.xyz "sudo systemctl poweroff" + - BACKREST_DATA=/data # path for backrest data. restic binary and the database are placed here. + - BACKREST_CONFIG=/config/config.json # path for the backrest config file. + - XDG_CACHE_HOME=/cache # path for the restic cache which greatly improves performance. volumes: - - $CONFIGDIR/restic-hc4/exclude.txt:/exclude.txt:ro + - $CONFIGDIR/restic/config:/config + - $CONFIGDIR/restic/data:/data + - /docker/restic-cache:/cache + - /srv/storage/Backups:/srv/Backups # Local Restic Backups - /srv/storage/Users:/source/Users:ro # User Clouds - /srv/storage/Cloud:/source/Cloud:ro # My Own Cloud - - /srv/storage/Music:/source/Music:ro # Musics - - /home/thomas:/source/home:ro # Homelab - home directory - - /home/thomas/.ssh/known_hosts:/root/.ssh/known_hosts:ro - - /home/thomas/.ssh/id_rsa:/root/.ssh/id_rsa:ro + # - /srv/storage/Music:/source/Music:ro # Musics + - /srv/storage/immich:/source/immich:ro # Musics + - /home/thomas:/source/home:ro # Homelab - Home directory + - /home/thomas/.ssh/known_hosts:/root/.ssh/known_hosts:ro # Used to SSH to backup machine + - /home/thomas/.ssh/id_rsa:/root/.ssh/id_rsa:ro # Used to SSH to backup machine + labels: + - "traefik.enable=true" + - "traefik.http.routers.restic-rtr.entrypoints=web-secure" + - "traefik.http.routers.restic-rtr.rule=Host(`restic.$DOMAINNAME`)" + - "traefik.http.routers.restic-rtr.tls=true" + - "traefik.http.routers.restic-rtr.service=restic-svc" + - "traefik.http.routers.restic-rtr.middlewares=authelia@docker" + - "traefik.http.services.restic-svc.loadbalancer.server.port=9898" logging: *default-logging #+end_src -=exclude.txt= - Exclude files - -#+begin_src conf :tangle /ssh:thomas@homelab:/home/thomas/docker/config/restic-hc4/exclude.txt -*.db -*.log -*.log.* -#+end_src - *** =miniflux= - RSS reader ([[https://hub.docker.com/r/miniflux/miniflux][link]]) #+begin_src yaml miniflux: @@ -2070,6 +1934,7 @@ filesystem_folder = /data/collections miniflux_db: container_name: miniflux_db image: postgres:12 + shm_size: 512mb restart: unless-stopped networks: - backend @@ -2109,11 +1974,6 @@ filesystem_folder = /data/collections #+end_src *** =zigbee2mqtt= - Zigbee to MQTT bridge ([[https://github.com/Koenkk/zigbee2mqtt/][link]]) -In =/etc/udev/rules.d/99-usb-serial.rules=: -#+begin_src conf :tangle no -SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="zigbee/slaesh" -#+end_src - #+begin_src yaml zigbee2mqtt: container_name: zigbee2mqtt @@ -2131,7 +1991,7 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="z volumes: - $CONFIGDIR/zigbee2mqtt:/app/data - /run/udev:/run/udev:ro - - /dev/zigbee:/dev/zigbee:ro + - /dev/ttyUSB-zigbee:/dev/ttyUSB0:ro labels: - "traefik.enable=true" - "traefik.http.routers.zigbee2mqtt-rtr.entrypoints=web-secure" @@ -2143,7 +2003,7 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="z logging: *default-logging #+end_src -*** =node-red= - Automation tool +*** =node-red= - Automation tool ([[https://github.com/node-red/node-red][link]]) #+begin_src yaml node-red: container_name: node-red @@ -2170,7 +2030,7 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="z logging: *default-logging #+end_src -*** =esphome= - Automation tool +*** =esphome= - System to control ESP8266/ESP32 devices ([[https://github.com/esphome/esphome][link]]) #+begin_src yaml esphome: container_name: esphome @@ -2185,6 +2045,7 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="z - ESPHOME_DASHBOARD_USE_PING=true volumes: - $CONFIGDIR/esphome:/config + - /docker/.esphome:/config/.esphome labels: - "traefik.enable=true" - "traefik.http.routers.esphome-rtr.entrypoints=web-secure" @@ -2196,101 +2057,86 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="z logging: *default-logging #+end_src -*** =tina2= - Web interface for 3D printing ([[https://github.com/OctoPrint/OctoPrint][link]]) -In order for the 3D printer to always have the same =/dev/path=, =sudoedit /etc/udev/rules.d/99-usb-serial.rules=: -#+begin_src conf :tangle no -SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="3d-printer/tina2" -#+end_src - +*** =mqttui= - MQTT Web Interface ([[https://github.com/terdia/mqttui][link]]) #+begin_src yaml - tina2: - container_name: tina2 - image: octoprint/octoprint + mqttui: + container_name: mqttui + image: terdia07/mqttui restart: unless-stopped - privileged: true networks: - t2_proxy environment: - - UID=$PUID - - GID=$PGID + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - MQTT_BROKER=192.168.1.21 + - MQTT_PORT=1883 + labels: + - "traefik.enable=true" + - "traefik.http.routers.mqttui-rtr.entrypoints=web-secure" + - "traefik.http.routers.mqttui-rtr.rule=Host(`mqttui.$DOMAINNAME`)" + - "traefik.http.routers.mqttui-rtr.tls=true" + - "traefik.http.routers.mqttui-rtr.service=mqttui-svc" + - "traefik.http.routers.mqttui-rtr.middlewares=authelia@docker" + - "traefik.http.services.mqttui-svc.loadbalancer.server.port=5000" + logging: *default-logging +#+end_src +*** =influxdb= - Scalable datastore for metrics, events, and real-time analytics ([[https://github.com/influxdata/influxdb][link]]) +#+begin_src yaml + influxdb: + container_name: influxdb + image: influxdb + restart: unless-stopped + networks: + - t2_proxy + - backend + environment: + - PUID=$PUID + - PGID=$PGID - TZ=$TZ volumes: - - $CONFIGDIR/tina2:/octoprint - - /run/udev:/run/udev:ro - - /dev/3d-printer:/dev/3d-printer:ro + - /docker/influxdb:/var/lib/influxdb2:rw labels: - "traefik.enable=true" - - "traefik.http.routers.tina2-rtr.entrypoints=web-secure" - - "traefik.http.routers.tina2-rtr.rule=Host(`3d-printer.$DOMAINNAME`)" - - "traefik.http.routers.tina2-rtr.tls=true" - - "traefik.http.routers.tina2-rtr.service=tina2-svc" - - "traefik.http.services.tina2-svc.loadbalancer.server.port=80" - logging: *default-logging -#+end_src - -** Photo - Immich -*** =immich-proxy= -#+begin_src yaml - immich-proxy: - container_name: immich-proxy - image: ghcr.io/immich-app/immich-proxy:release - restart: unless-stopped - networks: - - t2_proxy - - immich - environment: - # Make sure these values get passed through from the env file - - IMMICH_SERVER_URL - - IMMICH_WEB_URL - depends_on: - - immich-server - labels: - - "traefik.enable=true" - - "traefik.http.routers.immich-rtr.entrypoints=web-secure" - - "traefik.http.routers.immich-rtr.rule=Host(`immich.$DOMAINNAME`)" - - "traefik.http.routers.immich-rtr.tls=true" - - "traefik.http.routers.immich-rtr.service=immich-svc" - - "traefik.http.services.immich-svc.loadbalancer.server.port=8080" + - "traefik.http.routers.influxdb-rtr.entrypoints=web-secure" + - "traefik.http.routers.influxdb-rtr.rule=Host(`influxdb.$DOMAINNAME`)" + - "traefik.http.routers.influxdb-rtr.tls=true" + - "traefik.http.routers.influxdb-rtr.service=influxdb-svc" + - "traefik.http.services.influxdb-svc.loadbalancer.server.port=8086" + healthcheck: + test: "curl -f http://localhost:8086/ping" + interval: 5s + timeout: 10s + retries: 5 logging: *default-logging #+end_src +** Immich *** =immich-server= #+begin_src yaml immich-server: container_name: immich-server image: ghcr.io/immich-app/immich-server:release restart: unless-stopped - entrypoint: ["/bin/sh", "./start-server.sh"] networks: + - t2_proxy - immich volumes: - /srv/storage/immich:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro env_file: - immich.env depends_on: - immich-redis - immich-database - - immich-typesense - logging: *default-logging -#+end_src - -*** =immich-microservices= -#+begin_src yaml - immich-microservices: - container_name: immich-microservices - image: ghcr.io/immich-app/immich-server:release - restart: unless-stopped - command: ["start.sh", "microservices"] - networks: - - immich - volumes: - - /srv/storage/immich:/usr/src/app/upload - env_file: - - immich.env - depends_on: - - immich-redis - - immich-database - - immich-typesense + user: "${PUID}:${PGID}" + labels: + - "traefik.enable=true" + - "traefik.http.routers.immich-rtr.entrypoints=web-secure" + - "traefik.http.routers.immich-rtr.rule=Host(`immich.$DOMAINNAME`)" + - "traefik.http.routers.immich-rtr.tls=true" + - "traefik.http.routers.immich-rtr.service=immich-svc" + - "traefik.http.services.immich-svc.loadbalancer.server.port=2283" logging: *default-logging #+end_src @@ -2304,39 +2150,10 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="3 - immich volumes: - /srv/storage/immich:/usr/src/app/upload - - $CONFIGDIR/immich/machine-learning-cache:/cache + - /docker/immich-machine-learning-cache:/cache env_file: - immich.env - logging: *default-logging -#+end_src - -*** =immich-web= -#+begin_src yaml - immich-web: - container_name: immich-web - image: ghcr.io/immich-app/immich-web:release - restart: unless-stopped - networks: - - immich - env_file: - - immich.env - logging: *default-logging -#+end_src - -*** =immich-typesense= -#+begin_src yaml - immich-typesense: - container_name: immich-typesense - image: typesense/typesense:0.24.1@sha256:9bcff2b829f12074426ca044b56160ca9d777a0c488303469143dd9f8259d4dd - restart: unless-stopped - networks: - - immich - env_file: - - immich.env - environment: - - TYPESENSE_DATA_DIR=/data - volumes: - - $CONFIGDIR/immich/typesense-data:/data + user: "${PUID}:${PGID}" logging: *default-logging #+end_src @@ -2345,7 +2162,6 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="3 immich-redis: container_name: immich-redis image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3 - restart: unless-stopped networks: - immich @@ -2356,7 +2172,7 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="3 #+begin_src yaml immich-database: container_name: immich-database - image: postgres:14-alpine@sha256:28407a9961e76f2d285dc6991e8e48893503cc3836a4755bbc2d40bcc272a441 + image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0 restart: unless-stopped networks: - immich @@ -2367,6 +2183,8 @@ SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="3 - POSTGRES_USER=$${DB_USERNAME} - POSTGRES_DB=$${DB_DATABASE_NAME} - PG_DATA=/var/lib/postgresql/data + # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs + # - DB_STORAGE_TYPE: 'HDD' volumes: - $CONFIGDIR/immich/postgresql-data:/var/lib/postgresql/data logging: *default-logging @@ -2401,16 +2219,7 @@ REDIS_HOSTNAME=immich-redis # Log message level - [simple|verbose] ################################################################################### -LOG_LEVEL=simple - -################################################################################### -# Typesense -################################################################################### -TYPESENSE_ENABLED=true -TYPESENSE_API_KEY=I7kSTDznqhmIcjPB -TYPESENSE_HOST=immich-typesense -# TYPESENSE_PORT: 8108 -# TYPESENSE_PROTOCOL: http +LOG_LEVEL=log #################################################################################### # Alternative Service Addresses - Optional @@ -2420,7 +2229,7 @@ TYPESENSE_HOST=immich-typesense # Note: immich-microservices is bound to 3002, but no references are made #################################################################################### -IMMICH_WEB_URL=http://immich-web:3000 +IMMICH_WEB_URL=http://immich-server:3000 IMMICH_SERVER_URL=http://immich-server:3001 IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 @@ -2436,88 +2245,16 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 #IMMICH_API_URL_EXTERNAL=http://localhost:3001 #+end_src -** Download -*** =transmission-openvpn= - Torrent server ([[https://hub.docker.com/r/haugene/transmission-openvpn][link]]) -#+begin_src yaml - transmission: - container_name: transmission - image: haugene/transmission-openvpn - cap_add: - - NET_ADMIN - networks: - - t2_proxy - sysctls: - - net.ipv6.conf.all.disable_ipv6=0 - restart: unless-stopped - ports: - - 9091:9091 - dns: - - 8.8.8.8 - - 8.8.4.4 - volumes: - - /etc/localtime:/etc/localtime:ro - - $CONFIGDIR/transmission:/config - - /srv/storage/Downloads:/data - - /srv/storage/Downloads/watch:/watch - environment: - - CREATE_TUN_DEVICE=true - - PUID=$PUID - - PGID=$PGID - - TRANSMISSION_WEB_UI=flood-for-transmission - - LOCAL_NETWORK=192.168.0.0/16 - - OPENVPN_PROVIDER=NORDVPN - - OPENVPN_USERNAME=$NORDVPN_NAME - - OPENVPN_PASSWORD=$NORDVPN_PASS - - NORDVPN_COUNTRY=FR - - NORDVPN_CATEGORY=legacy_p2p - - NORDVPN_PROTOCOL=udp - - TRANSMISSION_UTP_ENABLED=false - - TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true - - TRANSMISSION_RPC_USERNAME=$TRANSMISSION_NAME - - TRANSMISSION_RPC_PASSWORD=$TRANSMISSION_PASS - labels: - - "traefik.enable=true" - - "traefik.docker.network=t2_proxy" - - "traefik.http.routers.transmission-rtr.entrypoints=web-secure" - - "traefik.http.routers.transmission-rtr.rule=Host(`torrent.$DOMAINNAME`)" - - "traefik.http.routers.transmission-rtr.tls=true" - - "traefik.http.routers.transmission-rtr.service=transmission-svc" - - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091" - logging: *default-logging -#+end_src - -*** =flaresolverr= - Proxy server to bypass Cloudflare protection ([[https://github.com/FlareSolverr/FlareSolverr][link]]) :noexport: -#+begin_src yaml - flaresolverr: - container_name: flaresolverr - image: ghcr.io/flaresolverr/flaresolverr:latest - restart: unless-stopped - networks: - - t2_proxy - environment: - - LOG_LEVEL=info - - LOG_HTML=false - - CAPTCHA_SOLVER=none - - TZ=$TZ - labels: - - "traefik.enable=true" - - "traefik.http.routers.flaresolverr-rtr.entrypoints=web-secure" - - "traefik.http.routers.flaresolverr-rtr.rule=Host(`flaresolverr.$DOMAINNAME`)" - - "traefik.http.routers.flaresolverr-rtr.tls=true" - # - "traefik.http.routers.flaresolverr-rtr.middlewares=authelia@docker" - - "traefik.http.routers.flaresolverr-rtr.service=flaresolverr-svc" - - "traefik.http.services.flaresolverr-svc.loadbalancer.server.port=8191" -#+end_src - - -*** =prowlarr= - API support for torrents ([[https://github.com/Prowlarr/Prowlarr][link]]) :noexport: +** Download :noexport: +*** =prowlarr= - API support for torrents ([[https://github.com/Prowlarr/Prowlarr][link]]) #+begin_src yaml prowlarr: container_name: prowlarr - image: lscr.io/linuxserver/prowlarr:develop + image: ghcr.io/almottier/prowlarr-ygg restart: unless-stopped networks: - t2_proxy + - backend environment: - PUID=$PUID - PGID=$PGID @@ -2530,17 +2267,18 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 - "traefik.http.routers.prowlarr-rtr.entrypoints=web-secure" - "traefik.http.routers.prowlarr-rtr.rule=Host(`prowlarr.$DOMAINNAME`)" - "traefik.http.routers.prowlarr-rtr.tls=true" - # - "traefik.http.routers.prowlarr-rtr.middlewares=authelia@docker" + - "traefik.http.routers.prowlarr-rtr.middlewares=authelia@docker" - "traefik.http.routers.prowlarr-rtr.service=prowlarr-svc" - "traefik.http.services.prowlarr-svc.loadbalancer.server.port=9696" #+end_src -*** =jellyseerr= - Managing requests for the media library ([[https://github.com/Fallenbagel/jellyseerr][link]]) :noexport: +*** =jellyseerr= - Managing requests for the media library ([[https://github.com/Fallenbagel/jellyseerr][link]]) #+begin_src yaml jellyseerr: container_name: jellyseerr - image: fallenbagel/jellyseerr + image: ghcr.io/seerr-team/seerr:latest restart: unless-stopped + init: true networks: - t2_proxy environment: @@ -2559,7 +2297,7 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 - "traefik.http.services.jellyseerr-svc.loadbalancer.server.port=5055" #+end_src -*** =qobuz= - Qobuz Downloader ([[https://github.com/tdehaeze/qobuz-docker][link]]) :noexport: +*** =qobuz= - Qobuz Downloader ([[https://github.com/tdehaeze/qobuz-docker][link]]) #+begin_src yaml qobuz: container_name: qobuz @@ -2591,7 +2329,7 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 logging: *default-logging #+end_src -*** =sonarr= - Automatically download TVshows ([[https://github.com/Sonarr/Sonarr][link]]) :noexport: +*** =sonarr= - Automatically download TVshows ([[https://github.com/Sonarr/Sonarr][link]]) #+begin_src yaml sonarr: container_name: sonarr @@ -2606,9 +2344,9 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 - UMASK_SET=022 volumes: - $CONFIGDIR/sonarr:/config - - /srv/storage/TVShows:/data/tv - - /srv/storage/Animes:/data/animes - - /srv/storage/Downloads:/data/downloads + - /srv/storage/TVShows:/data/TVShows + - /srv/storage/Animes:/data/Animes + - /srv/storage/Downloads:/data/Downloads labels: - "traefik.enable=true" - "traefik.http.routers.sonarr-rtr.entrypoints=web-secure" @@ -2619,7 +2357,7 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989" #+end_src -*** =radarr= - Automatically download Movies ([[https://github.com/Radarr/Radarr][link]]) :noexport: +*** =radarr= - Automatically download Movies ([[https://github.com/Radarr/Radarr][link]]) #+begin_src yaml radarr: container_name: radarr @@ -2634,8 +2372,8 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 - UMASK_SET=022 volumes: - $CONFIGDIR/radarr:/config - - /srv/storage/Movies:/movies - - /srv/storage/Downloads:/downloads + - /srv/storage/Movies:/data/Movies + - /srv/storage/Downloads:/data/Downloads labels: - "traefik.enable=true" - "traefik.http.routers.radarr-rtr.entrypoints=web-secure" @@ -2646,20 +2384,490 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878" #+end_src -* Docker-Compose OLD :noexport: -** =metube= - Download Youtube Videos ([[https://github.com/alexta69/metube][link]]) +*** =transmission= - Torrent Client #+begin_src yaml - metube: - container_name: metube - image: alexta69/metube + transmission: + container_name: transmission + image: lscr.io/linuxserver/transmission + restart: unless-stopped + network_mode: "service:gluetun" + volumes: + - /etc/localtime:/etc/localtime:ro + - $CONFIGDIR/transmission:/config + - /srv/storage/Downloads:/data/Downloads + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - USER=$TRANSMISSION_NAME + - PASS=$TRANSMISSION_PASS + logging: *default-logging +#+end_src + +*** =gluetun= - Provide VPN connection to other containers ([[https://github.com/bubuntux/nordvpn][link]]) +#+begin_src yaml + gluetun: + container_name: gluetun + image: qmcgaw/gluetun + restart: unless-stopped + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun + # network_mode: bridge + networks: + - t2_proxy + ports: + - 9091:9091/tcp # For transmission + - 27133:27133/tcp # For transmission + - 27133:27133/udp # For transmission + # - 8065:8065 # For transmission + environment: + - VPN_SERVICE_PROVIDER=airvpn + - VPN_TYPE=wireguard + - WIREGUARD_PRIVATE_KEY=MAmROmJK6GeU7SwmIeVqzOMzo5pp28NEzGZsleucGWM= + - WIREGUARD_PRESHARED_KEY=6UzMUwNNQWC3x7YKmjdg3n1KudwnFfqgROYMYFfXkYc= + - WIREGUARD_ADDRESSES=10.188.186.114 + - SERVER_COUNTRIES=Switzerland + - FIREWALL_VPN_INPUT_PORTS=27133 + - HEALTH_VPN_DURATION_INITIAL=120s + - DNS_KEEP_NAMESERVER=off + - TZ=$TZ + volumes: + - $CONFIGDIR/gluetun:/config + labels: + - "traefik.enable=true" + - "traefik.docker.network=t2_proxy" + - "traefik.http.routers.transmission-rtr.entrypoints=web-secure" + - "traefik.http.routers.transmission-rtr.rule=Host(`torrent.$DOMAINNAME`)" + - "traefik.http.routers.transmission-rtr.tls=true" + - "traefik.http.routers.transmission-rtr.service=gluetun-svc" + - "traefik.http.routers.transmission-rtr.middlewares=basic-auth@file" + - "traefik.http.services.gluetun-svc.loadbalancer.server.port=9091" + - "traefik.http.services.gluetun-svc.loadbalancer.server.scheme=http" + logging: *default-logging +#+end_src + +** Affichtoo +*** =affichtoo-owasabi= - Affichtoo +#+begin_src yaml + affichtoo-owasabi: + container_name: affichtoo-owasabi + image: tdehaeze/affichtoo restart: unless-stopped networks: - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/owasabi:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.owasabi-rtr.entrypoints=web-secure" + - "traefik.http.routers.owasabi-rtr.rule=Host(`owasabi.$DOMAINNAME`)" + - "traefik.http.routers.owasabi-rtr.tls=true" + - "traefik.http.routers.owasabi-rtr.service=owasabi-svc" + - "traefik.http.routers.owasabi-rtr.middlewares=authelia@docker" + - "traefik.http.services.owasabi-svc.loadbalancer.server.port=8000" + logging: *default-logging +#+end_src + +*** =affichtoo-owasabi-mountains= - Affichtoo +#+begin_src yaml + affichtoo-owasabi-mountins: + container_name: affichtoo-owasabi-mountins + image: tdehaeze/affichtoo + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/affichtoo/owasabi-mountains:/app/static/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.owasabi-mountains-rtr.entrypoints=web-secure" + - "traefik.http.routers.owasabi-mountains-rtr.rule=Host(`owasabi-mountains.$DOMAINNAME`)" + - "traefik.http.routers.owasabi-mountains-rtr.tls=true" + - "traefik.http.routers.owasabi-mountains-rtr.service=owasabi-mountains-svc" + - "traefik.http.routers.owasabi-mountains-rtr.middlewares=authelia@docker" + - "traefik.http.services.owasabi-mountains-svc.loadbalancer.server.port=8000" + logging: *default-logging +#+end_src + +* Docker-Compose OLD :noexport: +** =huntarr= - Find Missing & Upgrade Media Items ([[https://github.com/plexguide/Huntarr.io][link]]) +#+begin_src yaml + huntarr: + container_name: huntarr + image: huntarr/huntarr:latest + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/huntarr:/config + labels: + - "traefik.enable=true" + - "traefik.http.routers.huntarr-rtr.entrypoints=web-secure" + - "traefik.http.routers.huntarr-rtr.rule=Host(`huntarr.$DOMAINNAME`)" + - "traefik.http.routers.huntarr-rtr.tls=true" + - "traefik.http.routers.huntarr-rtr.service=huntarr-svc" + - "traefik.http.services.huntarr-svc.loadbalancer.server.port=9705" +#+end_src + +** =ygege= ([[https://github.com/UwUDev/ygege][link]]) +#+begin_src yaml + ygege: + container_name: ygege + image: uwucode/ygege + restart: unless-stopped + networks: + - t2_proxy + - backend environment: - PUID=$PUID - PGID=$PGID - TZ=$TZ - - STATE_DIR=/statedir + volumes: + - $CONFIGDIR/ygege/sessions:/app/sessions + - $CONFIGDIR/ygege/config.json:/app/config.json + labels: + - "traefik.enable=false" + # ports: + # - 8715:8715 +#+end_src + +** =joal= - Seeding Torrents ([[https://github.com/anthonyraymond/joal][link]]) +#+begin_src yaml + joal: + container_name: joal + image: anthonyraymond/joal + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/joal:/data + command: ["--joal-conf=/data", "--spring.main.web-environment=true", "--server.port=443", "--joal.ui.path.prefix=joal", "--joal.ui.secret-token=test"] + labels: + - "traefik.enable=true" + - "traefik.http.routers.joal-rtr.entrypoints=web-secure" + - "traefik.http.routers.joal-rtr.rule=Host(`joal.$DOMAINNAME`)" + - "traefik.http.routers.joal-rtr.tls=true" + - "traefik.http.routers.joal-rtr.service=joal-svc" + - "traefik.http.routers.joal-rtr.middlewares=authelia@docker" + - "traefik.http.services.joal-svc.loadbalancer.server.port=443" + logging: *default-logging +#+end_src + +** =flaresolverr= - Proxy server to bypass Cloudflare protection ([[https://github.com/FlareSolverr/FlareSolverr][link]]) +#+begin_src yaml + flaresolverr: + container_name: flaresolverr + # image: ghcr.io/flaresolverr/flaresolverr:latest + # image: 21hsmw/flaresolverr:nodriver + image: alexfozor/flaresolverr:pr-1300-experimental + restart: unless-stopped + networks: + - t2_proxy + environment: + - LOG_LEVEL=info + - LOG_HTML=false + # - CAPTCHA_SOLVER=none + - TZ=$TZ + labels: + - "traefik.enable=true" + - "traefik.http.routers.flaresolverr-rtr.entrypoints=web-secure" + - "traefik.http.routers.flaresolverr-rtr.rule=Host(`flaresolverr.$DOMAINNAME`)" + - "traefik.http.routers.flaresolverr-rtr.tls=true" + # - "traefik.http.routers.flaresolverr-rtr.middlewares=authelia@docker" + - "traefik.http.routers.flaresolverr-rtr.service=flaresolverr-svc" + - "traefik.http.services.flaresolverr-svc.loadbalancer.server.port=8191" +#+end_src + +** =filebrowser= - Web file browser ([[https://hub.docker.com/r/filebrowser/filebrowser][link]]) +#+begin_src yaml + filebrowser: + container_name: filebrowser + image: filebrowser/filebrowser + restart: unless-stopped + networks: + - t2_proxy + volumes: + - $CONFIGDIR/filebrowser/filebrowser.db:/database/filebrowser.db + - $CONFIGDIR/filebrowser/settings.json:/config/settings.json + - /srv/storage:/srv/storage + user: "${PUID}:${PGID}" + healthcheck: + disable: true # https://github.com/filebrowser/filebrowser/issues/3092 + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + labels: + - "traefik.enable=true" + - "traefik.http.routers.cloud-rtr.entrypoints=web-secure" + - "traefik.http.routers.cloud-rtr.rule=Host(`cloud.$DOMAINNAME`)" + - "traefik.http.routers.cloud-rtr.tls=true" + - "traefik.http.routers.cloud-rtr.service=cloud-svc" + - "traefik.http.services.cloud-svc.loadbalancer.server.port=80" + logging: *default-logging +#+end_src + +=settings.json= + +#+begin_src json :tangle /ssh:thomas@homelab:/home/thomas/docker/config/filebrowser/settings.json +{ + "port": 80, + "baseURL": "", + "address": "", + "log": "stdout", + "database": "/database/filebrowser.db", + "root": "/srv/storage" +} +#+end_src + +** =homer= - Home page for myself ([[https://github.com/bastienwirtz/homer][link]]) +#+begin_src yaml :tangle no + homer: + container_name: homer + image: b4bz/homer + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/homer/assets/:/www/assets + labels: + - "traefik.enable=true" + - "traefik.http.routers.homer-rtr.entrypoints=web-secure" + - "traefik.http.routers.homer-rtr.rule=Host(`homer.$DOMAINNAME`)" + - "traefik.http.routers.homer-rtr.tls=true" + - "traefik.http.routers.homer-rtr.service=homer-svc" + - "traefik.http.services.homer-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +=config.yml= +#+begin_src yaml :tangle /ssh:thomas@homelab:/home/thomas/docker/config/homer/assets/config.yml +--- +title: "Homepage" +subtitle: "" +logo: "assets/homer.png" +header: false +footer: false + +columns: "auto" +connectivityCheck: false + +theme: default + +links: [] + +services: + - name: "Websites" + icon: "fas fa-desktop" + items: + - name: "Brain" + logo: "/assets/tools/brain.png" + subtitle: "Digital Brain" + url: "https://brain.tdehaeze.xyz" + - name: "Research" + logo: "/assets/tools/orgmode.png" + subtitle: "Research Pages" + url: "https://research.tdehaeze.xyz" + - name: "Help" + logo: "/assets/tools/help.png" + subtitle: "Help Page" + url: "https://help.tdehaeze.xyz" + - name: "Dotfiles" + logo: "/assets/tools/dotfiles.png" + subtitle: "My Literate Dotfiles" + url: "https://dotfiles.tdehaeze.xyz" + - name: "Miam" + logo: "/assets/tools/miam.png" + subtitle: "Personnal Recipes" + url: "https://miam.tdehaeze.xyz" + - name: "Miniflux" + logo: "/assets/tools/miniflux.png" + subtitle: "RSS Feeds" + url: "https://rss.tdehaeze.xyz" + - name: "LinkDing" + logo: "/assets/tools/linkding.png" + subtitle: "Bookmark Manager" + url: "https://bm.tdehaeze.xyz" + - name: "Multimedia" + icon: "fas fa-photo-video" + items: + - name: "Jellyfin" + logo: "/assets/tools/jellyfin.png" + subtitle: "Media Library" + url: "https://jellyfin.tdehaeze.xyz" + - name: "JFA-Go" + logo: "/assets/tools/jellyfin.png" + subtitle: "Manage Jellyfin Users" + url: "http://jfa.tdehaeze.xyz/" + # - name: "Audioserve" + # logo: "/assets/tools/audiobook.png" + # subtitle: "Audiobook Server" + # url: "https://audiobook.tdehaeze.xyz" + # - name: "Kavita" + # logo: "/assets/tools/kavita.png" + # subtitle: "Book Library" + # url: "https://kavita.tdehaeze.xyz" + - name: "Cloud" + icon: "fas fa-cloud" + items: + - name: "Cinny" + logo: "/assets/tools/cinny.png" + subtitle: "Matrix web client" + url: "https://cinny.tdehaeze.xyz" + - name: "File Browser" + logo: "/assets/tools/cloud.png" + subtitle: "Simple Personnal Could" + url: "https://cloud.tdehaeze.xyz" + - name: "Syncthing" + logo: "/assets/tools/syncthing.png" + subtitle: "Anne" + url: "https://sync-anne.tdehaeze.xyz" + - name: "Syncthing" + logo: "/assets/tools/syncthing.png" + subtitle: "Jean-Marie" + url: "https://sync-jm.tdehaeze.xyz" + - name: "Syncthing" + logo: "/assets/tools/syncthing.png" + subtitle: "P2P Sync" + url: "https://syncthing.tdehaeze.xyz" + - name: "Radicale" + logo: "/assets/tools/radicale.png" + subtitle: "CalDAV/CardDAV Server" + url: "https://radicale.tdehaeze.xyz" + - name: "Gitea" + logo: "/assets/tools/gitea.png" + subtitle: "Git Server" + url: "https://git.tdehaeze.xyz" + - name: "Download" + icon: "fas fa-download" + items: + - name: "JellySrerr" + logo: "/assets/tools/jellyseerr.png" + subtitle: "Torrent Client" + url: "http://jellyseerr.tdehaeze.xyz/" + # - name: "Down" + # logo: "/assets/tools/down.png" + # subtitle: "Torrent Download" + # url: "https://down.tdehaeze.xyz/" + - name: "Qobuz" + subtitle: "Music Download" + logo: "/assets/tools/qobuz.png" + url: "https://qobuz.tdehaeze.xyz" + - name: "Sonarr" + logo: "/assets/tools/sonarr.png" + subtitle: "TVShows Download" + url: "http://sonarr.tdehaeze.xyz/" + - name: "Radarr" + logo: "/assets/tools/radarr.png" + subtitle: "Movies Download" + url: "http://radarr.tdehaeze.xyz/" + - name: "Prowlarr" + logo: "/assets/tools/prowlarr.png" + subtitle: "Torrent Indexer" + url: "http://prowlarr.tdehaeze.xyz/" + # - name: "Jackett" + # logo: "/assets/tools/jackett.png" + # subtitle: "Torrent Client" + # url: "http://jackett.tdehaeze.xyz/" + - name: "Transmission" + logo: "/assets/tools/transmission.png" + subtitle: "Torrent Client" + url: "http://torrent.tdehaeze.xyz/transmission/web/" + - name: "Config" + icon: "fas fa-cog" + items: + # - name: "Portainer" + # logo: "/assets/tools/portainer.png" + # subtitle: "Manger Docker" + # url: "https://portainer.tdehaeze.xyz/#/containers" + - name: "Traefik" + logo: "/assets/tools/traefik.png" + subtitle: "Reverse Proxy" + url: "https://traefik.tdehaeze.xyz" + - name: "Wireguard" + logo: "/assets/tools/wireguard.png" + subtitle: "Manger Docker" + url: "https://wireguard.tdehaeze.xyz/" + - name: "Uptime" + logo: "/assets/tools/uptime.png" + subtitle: "Monitoring" + url: "https://uptime.tdehaeze.xyz" + - name: "Commento" + logo: "/assets/tools/commento.png" + subtitle: "Commenting System" + url: "https://commento.tdehaeze.xyz" + - name: "Gotify" + logo: "/assets/tools/gotify.png" + subtitle: "Messaging System" + url: "https://gotify.tdehaeze.xyz" + - name: "Scrutiny" + logo: "/assets/tools/scrutiny.png" + subtitle: "S.M.A.R.T" + url: "http://scrutiny.tdehaeze.xyz/web/dashboard" + - name: "Home" + icon: "fas fa-home" + items: + - name: "OpenWRT" + logo: "/assets/tools/openwrt.png" + subtitle: "Router" + url: "https://openwrt.tdehaeze.xyz/" + - name: "Unifi" + logo: "/assets/tools/unifi.png" + subtitle: "Wifi Expander" + url: "https://unifi.tdehaeze.xyz/" + - name: "Changedetection.io" + logo: "/assets/tools/changedetection.png" + subtitle: "Detect change in websites" + url: "https://change.tdehaeze.xyz" + - name: "Zigbee2MQTT" + logo: "/assets/tools/zigbee2mqtt.png" + subtitle: "Zigbee2MQTT" + url: "https://zigbee2mqtt.tdehaeze.xyz/" + - name: "Node Red" + logo: "/assets/tools/node-red.png" + subtitle: "Event-driven applications" + url: "https://node-red.tdehaeze.xyz/" + - name: "InfluxDB" + logo: "/assets/tools/influxdb.png" + subtitle: "Time series database" + url: "https://influxdb.tdehaeze.xyz/" + - name: "ESPHome" + logo: "/assets/tools/esphome.png" + subtitle: "System to control ESP8266/ESP32" + url: "https://esphome.tdehaeze.xyz/" +#+end_src + +** =metube= - Download Youtube Videos ([[https://github.com/alexta69/metube][link]]) +#+begin_src yaml :tangle no + metube: + container_name: metube + restart: unless-stopped + image: alexta69/metube + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - STATE_DIR=/statedir user: "1000:1000" volumes: - /srv/storage/Downloads/youtube:/downloads @@ -2674,6 +2882,100 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 - "traefik.http.services.metube-svc.loadbalancer.server.port=8081" #+end_src +** Homeassistant +:PROPERTIES: +:header-args+: :tangle no +:END: +*** =homeassistant= - Home Automation ([[https://hub.docker.com/r/homeassistant/home-assistant][link]]) +#+begin_src yaml + homeassistant: + container_name: homeassistant + image: homeassistant/home-assistant:stable + restart: unless-stopped + networks: + - t2_proxy + - backend + #ports: + # - target: 8123 + # published: 8123 + # protocol: tcp + # mode: host + # privileged: true + # ports: + # - 8123:8123 + # network_mode: host + volumes: + - $CONFIGDIR/homeassistant:/config + - /etc/localtime:/etc/localtime:ro + - /dev/bus/usb:/dev/bus/usb + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + labels: + - "traefik.enable=true" + - "traefik.http.routers.homeassistant-rtr.entrypoints=web-secure" + - "traefik.http.routers.homeassistant-rtr.rule=Host(`home.$DOMAINNAME`)" + - "traefik.http.routers.homeassistant-rtr.tls=true" + - "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc" + - "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123" + # - "traefik.http.services.homeassistant-svc.loadbalancer.servers.url=http://172.17.0.1:8123" + logging: *default-logging +#+end_src + +*** =whishper= - Speech Recognition +#+begin_src yaml + wyoming-whisper: + container_name: homeassistant + image: rhasspy/wyoming-whisper + restart: unless-stopped + networks: + - t2_proxy + - backend + volumes: + - $CONFIGDIR/whisper:/data + ports: + - 10300:10300 + labels: + - "traefik.enable=true" + logging: *default-logging + command: --model tiny-int8 --language en +#+end_src + +*** =piper= - text to speech +#+begin_src yaml + wyoming-piper: + image: rhasspy/wyoming-piper + restart: unless-stopped + networks: + - t2_proxy + - backend + volumes: + - $CONFIGDIR/piper:/data + ports: + - 10200:10200 + labels: + - "traefik.enable=true" + logging: *default-logging + command: --voice en_US-lessac-medium +#+end_src + +*** =openwakeword= - audio wake word +#+begin_src yaml + openwakeword: + image: rhasspy/wyoming-openwakeword + restart: unless-stopped + networks: + - t2_proxy + - backend + ports: + - 10400:10400 + labels: + - "traefik.enable=true" + command: --preload-model 'ok_nabu' + logging: *default-logging +#+end_src + ** =navidrome= - Music server #+begin_src yaml navidrome: @@ -2706,6 +3008,319 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 logging: *default-logging #+end_src +** =family= - Home page for family ([[https://github.com/bastienwirtz/homer][link]]) +#+begin_src yaml + famille: + container_name: famille + image: b4bz/homer + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/famille/assets/:/www/assets + labels: + - "traefik.enable=true" + - "traefik.http.routers.famille-rtr.entrypoints=web-secure" + - "traefik.http.routers.famille-rtr.rule=Host(`famille.$DOMAINNAME`)" + - "traefik.http.routers.famille-rtr.tls=true" + - "traefik.http.routers.famille-rtr.service=famille-svc" + - "traefik.http.services.famille-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +=config.yml= +#+begin_src yaml :tangle /ssh:thomas@homelab:/home/thomas/docker/config/famille/assets/config.yml +--- +title: "Homepage" +subtitle: "" +logo: "assets/homer.png" +header: false +footer: false + +columns: "auto" +connectivityCheck: false + +theme: default + +message: + style: "" # See https://bulma.io/documentation/components/message/#colors for styling options. + title: "Coucou !" + content: "Ci dessous tu peux trouver différents sites accéssibles sur mon serveur. Si tu as besoin d'aide avec l'utilisation de Jellyfin, tout est expliqué ici." + + +links: [] + +services: + - name: "Websites" + icon: "fas fa-desktop" + items: + - name: "Jellyfin" + logo: "/assets/tools/jellyfin.png" + subtitle: "Librairie multimédia" + url: "https://jellyfin.tdehaeze.xyz" + - name: "File Browser" + logo: "/assets/tools/cloud.png" + subtitle: "Cloud personnel" + url: "https://cloud.tdehaeze.xyz" + - name: "Miam" + logo: "/assets/tools/miam.png" + subtitle: "Site de recettes partagées" + url: "https://miam.tdehaeze.xyz" + - name: "Multimedia" + icon: "fas fa-photo-video" + items: + - name: "Jellyseerr" + subtitle: "Ajout de Films/Séries sur Jellyfin" + logo: "/assets/tools/jellyseerr.png" + url: "https://jellyseerr.tdehaeze.xyz" + - name: "Qobuz" + subtitle: "Ajout de Musique sur Jellyfin" + logo: "/assets/tools/qobuz.png" + url: "https://qobuz.tdehaeze.xyz" +#+end_src + +** =sync-ju= - File Synchronization ([[https://hub.docker.com/r/linuxserver/syncthing][link]]) +#+begin_src yaml + sync-ju: + container_name: sync-ju + image: linuxserver/syncthing + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - UMASK_SET=022 + volumes: + - $CONFIGDIR/sync-ju:/config + - /srv/storage/Users/juliette:/Cloud + - /srv/storage/Cloud/personnal:/Cloud/Thomas + ports: + - 22003:22003 + - 21030:21030/udp + labels: + - "traefik.enable=true" + - "traefik.http.routers.sync-ju-rtr.entrypoints=web-secure" + - "traefik.http.routers.sync-ju-rtr.rule=Host(`sync-ju.$DOMAINNAME`)" + - "traefik.http.routers.sync-ju-rtr.tls=true" + - "traefik.http.routers.sync-ju-rtr.service=sync-ju-svc" + - "traefik.http.routers.sync-ju-rtr.middlewares=authelia@docker" + - "traefik.http.services.sync-ju-svc.loadbalancer.server.port=8384" + logging: *default-logging +#+end_src + +** =tina2= - Web interface for 3D printing ([[https://github.com/OctoPrint/OctoPrint][link]]) +#+begin_src yaml + tina2: + image: octoprint/octoprint + restart: unless-stopped + privileged: true + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/tina2:/octoprint + - /run/udev:/run/udev:ro + - /dev/ttyUSB-tina2:/dev/ttyUSB0:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.tina2-rtr.entrypoints=web-secure" + - "traefik.http.routers.tina2-rtr.rule=Host(`3d-printer.$DOMAINNAME`)" + - "traefik.http.routers.tina2-rtr.tls=true" + - "traefik.http.routers.tina2-rtr.service=tina2-svc" + - "traefik.http.services.tina2-svc.loadbalancer.server.port=80" + logging: *default-logging +#+end_src + +** =transmission-openvpn= - Torrent server ([[https://hub.docker.com/r/haugene/transmission-openvpn][link]]) +#+begin_src yaml :tangle no + transmission: + image: haugene/transmission-openvpn + cap_add: + - NET_ADMIN + networks: + - t2_proxy + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 + restart: unless-stopped + ports: + - 9091:9091 + dns: + - 8.8.8.8 + - 8.8.4.4 + volumes: + - /etc/localtime:/etc/localtime:ro + - $CONFIGDIR/transmission:/config + - /srv/storage/Downloads:/data + - /srv/storage/Downloads/watch:/watch + environment: + - CREATE_TUN_DEVICE=true + - PUID=$PUID + - PGID=$PGID + - TRANSMISSION_WEB_UI=flood-for-transmission + - LOCAL_NETWORK=192.168.0.0/16 + - OPENVPN_PROVIDER=AIRVPN + - OPENVPN_CONFIG=default + - HEALTH_CHECK_HOST=github.com + - TRANSMISSION_UTP_ENABLED=false + - TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true + - TRANSMISSION_RPC_USERNAME=$TRANSMISSION_NAME + - TRANSMISSION_RPC_PASSWORD=$TRANSMISSION_PASS + labels: + - "traefik.enable=true" + - "traefik.docker.network=t2_proxy" + - "traefik.http.routers.transmission-rtr.entrypoints=web-secure" + - "traefik.http.routers.transmission-rtr.rule=Host(`torrent.$DOMAINNAME`)" + - "traefik.http.routers.transmission-rtr.tls=true" + - "traefik.http.routers.transmission-rtr.service=transmission-svc" + - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091" + - "traefik.http.services.transmission-svc.loadbalancer.server.scheme=http" + logging: *default-logging +#+end_src + +** =restic-hc4= - Automatic backups on Odroid HC4 ([[https://github.com/djmaze/resticker/][link]]) +#+begin_src yaml :tangle no + restic-hc4: + image: mazzolino/restic + restart: "no" + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + - RUN_ON_STARTUP=false + - BACKUP_CRON=45 13 * * * # Backup every day + - RESTIC_REPOSITORY=sftp://thomas@pierrick.tdehaeze.xyz:10022//srv/storage/backup + - RESTIC_PASSWORD=$RESTIC_PASSWORD + - RESTIC_BACKUP_SOURCES=/source + - RESTIC_BACKUP_ARGS=--host homelab --tag local --group-by host --exclude-file /exclude.txt --verbose + - RESTIC_FORGET_ARGS=--group-by tag --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune + - RESTIC_GOTIFY_TOKEN=$RESTIC_GOTIFY_TOKEN + - SUCCESS_ON_INCOMPLETE_BACKUP=true + - POST_COMMANDS_FAILURE=curl "https://gotify.tdehaeze.xyz/message?token=$RESTIC_GOTIFY_TOKEN" -F "title=Restic HC4" -F "message=Backup failed" -F "priority=5" + - POST_COMMANDS_EXIT=ssh -p 10022 thomas@pierrick.tdehaeze.xyz "sudo systemctl poweroff" + volumes: + - $CONFIGDIR/restic-hc4/exclude.txt:/exclude.txt:ro + - /srv/storage/Users:/source/Users:ro # User Clouds + - /srv/storage/Cloud:/source/Cloud:ro # My Own Cloud + - /srv/storage/Music:/source/Music:ro # Musics + - /home/thomas:/source/home:ro # Homelab - Home directory + - /home/thomas/.ssh/known_hosts:/root/.ssh/known_hosts:ro # Used to SSH to backup machine + - /home/thomas/.ssh/id_rsa:/root/.ssh/id_rsa:ro # Used to SSH to backup machine + logging: *default-logging +#+end_src + +=exclude.txt= - Exclude files + +#+begin_src conf :tangle /ssh:thomas@homelab:/home/thomas/docker/config/restic-hc4/exclude.txt +*.db +*.log +*.log.* +#+end_src + +The backup server should power at 1:30pm, and at 1:35 it should update the dynamic DNS server. + +The Docker container (if stopped) will automatically starts at 1:40 using a Cronjob: +#+begin_src conf :tangle no +40 13 * * * cd /home/thomas/docker && docker-compose start restic-hc4 +#+end_src + +Then the backup should start at 1:45PM + +** =pdf= - Stirling +#+begin_src yaml + stirling-pdf: + image: frooodle/s-pdf + restart: unless-stopped + networks: + - t2_proxy + environment: + - DOCKER_ENABLE_SECURITY=false + - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/pdf:/configs + labels: + - "traefik.enable=true" + - "traefik.http.routers.pdf-rtr.entrypoints=web-secure" + - "traefik.http.routers.pdf-rtr.rule=Host(`pdf.$DOMAINNAME`)" + - "traefik.http.routers.pdf-rtr.tls=true" + - "traefik.http.routers.pdf-rtr.service=pdf-svc" + - "traefik.http.services.pdf-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src + +** TODO =blocky= - DNS proxy ad-blocker +#+begin_src yaml :tangle no + blocky: + container_name: blocky + image: spx01/blocky + networks: + - t2_proxy + restart: unless-stopped + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + volumes: + - /etc/localtime:/etc/localtime:ro + - $CONFIGDIR/blocky/config.yml:/app/config.yml + ports: + - 53:53/tcp + - 53:53/udp + - 4000:4000/tcp + labels: + - "traefik.enable=false" + # - "traefik.http.routers.unifi-rtr.entrypoints=web-secure" + # - "traefik.http.routers.unifi-rtr.rule=Host(`unifi.$DOMAINNAME`)" + # - "traefik.http.routers.unifi-rtr.tls=true" + # - "traefik.http.routers.unifi-rtr.service=unifi-svc" + # - "traefik.http.routers.unifi-rtr.middlewares=unifiHeaders@file" + # - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" + # # - "traefik.http.routers.unifi-rtr.middlewares=authelia@docker" + # - "traefik.http.services.unifi-svc.loadbalancer.server.port=8443" + # - "traefik.http.services.unifi-svc.loadbalancer.server.scheme=https" + logging: *default-logging +#+end_src + +** =metube= - Download Youtube Videos ([[https://github.com/alexta69/metube][link]]) +#+begin_src yaml + metube: + container_name: metube + image: alexta69/metube + restart: unless-stopped + networks: + - t2_proxy + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - STATE_DIR=/statedir + user: "1000:1000" + volumes: + - /srv/storage/Downloads/youtube:/downloads + - $CONFIGDIR/metube:/statedir + labels: + - "traefik.enable=true" + - "traefik.http.routers.metube-rtr.entrypoints=web-secure" + - "traefik.http.routers.metube-rtr.rule=Host(`metube.$DOMAINNAME`)" + - "traefik.http.routers.metube-rtr.tls=true" + # - "traefik.http.routers.metube-rtr.middlewares=authelia@docker" + - "traefik.http.routers.metube-rtr.service=metube-svc" + - "traefik.http.services.metube-svc.loadbalancer.server.port=8081" +#+end_src + ** Affichtoo *** =japonais= - Affichtoo #+begin_src yaml @@ -2890,7 +3505,7 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 logging: *default-logging #+end_src -** =ihatemoney= +** =ihatemoney= - Tricount Alternative ([[https://github.com/spiral-project/ihatemoney][link]]) #+begin_src yaml ihatemoney: image: ihatemoney/ihatemoney:6.1.0 @@ -2946,28 +3561,6 @@ IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003 logging: *default-logging #+end_src -** =joal= - Seeding Torrents ([[https://github.com/anthonyraymond/joal][link]]) :noexport: -#+begin_src yaml :tangle no - joal: - image: anthonyraymond/joal - container_name: joal - restart: unless-stopped - networks: - - t2_proxy - volumes: - - $CONFIGDIR/joal:/data - command: ["--joal-conf=/data", "--spring.main.web-environment=true", "--server.port=80", "--joal.ui.path.prefix=joal", "--joal.ui.secret-token=$JOALTOKEN"] - labels: - - "traefik.enable=true" - - "traefik.http.routers.joal-rtr.entrypoints=web-secure" - - "traefik.http.routers.joal-rtr.rule=Host(`joal.$DOMAINNAME`)" - - "traefik.http.routers.joal-rtr.tls=true" - - "traefik.http.routers.joal-rtr.service=joal-svc" - - "traefik.http.routers.joal-rtr.middlewares=authelia@docker" - - "traefik.http.services.joal-svc.loadbalancer.server.port=80" - logging: *default-logging -#+end_src - ** =jackett= - API support for torrents ([[https://github.com/Jackett/Jackett][link]]) #+begin_src yaml :tangle no jackett: @@ -3116,12 +3709,14 @@ parity /mnt/parity/snapraid.parity # content /var/snapraid.content content /mnt/disk0/.snapraid.content content /mnt/disk1/.snapraid.content +content /mnt/disk2/.snapraid.content # Defines the data disks to use # The order is relevant for parity, do not change it # Format: "disk DISK_NAME DISK_MOUNT_POINT" disk disk0 /mnt/disk0 disk disk1 /mnt/disk1 +disk disk2 /mnt/disk2 # Excludes hidden files and directories (uncomment to enable). #nohidden @@ -3134,6 +3729,7 @@ disk disk1 /mnt/disk1 # Format: "exclude /PATH/DIR/" exclude /tmp/ exclude /lost+found/ +exclude /srv/storage/Downloads/incomplete/ # This changes a lot, not necessary to backup exclude *.!sync exclude .DS_Store exclude ._.DS_Store @@ -3142,6 +3738,8 @@ exclude .fseventsd exclude .Spotlight-V100 exclude .TemporaryItems exclude .Trashes +exclude .part +exclude .arc #+end_src =snapraid-runner.conf= @@ -3191,32 +3789,6 @@ older-than = 10 #+end_src -** =gluetun= - Provide VPN connection to other containers ([[https://github.com/bubuntux/nordvpn][link]]) -#+begin_src yaml - gluetun: - image: qmcgaw/gluetun:v3.28.2 - container_name: gluetun - restart: unless-stopped - cap_add: - - NET_ADMIN - network_mode: bridge - ports: - - 8065:8065 # For transmission - - 9091:9091 # For transmission - - 51413:51413 # For transmission - - 51413:51413/udp # For transmission - environment: - - OPENVPN_USER=$NORDVPN_NAME - - OPENVPN_PASSWORD=$NORDVPN_PASS - - VPNSP=nordvpn - - REGION=France - - SERVER_NUMBER=822 - - TZ=$TZ - volumes: - - $CONFIGDIR/gluetun:/config - logging: *default-logging -#+end_src - ** =transmission= - Torrent client ([[https://hub.docker.com/r/linuxserver/transmission][link]]) #+begin_src yaml transmission: @@ -3238,67 +3810,6 @@ older-than = 10 logging: *default-logging #+end_src -** =ihatemoney= - Tricount Alternative ([[https://github.com/spiral-project/ihatemoney][link]]) -#+begin_src yaml - tricount: - container_name: tricount - image: ihatemoney/ihatemoney - restart: unless-stopped - networks: - - t2_proxy - environment: - - UID=$PUID - - GID=$PGID - - TZ=$TZ - volumes: - - $CONFIGDIR/tricount:/database - labels: - - "traefik.enable=true" - - "traefik.http.routers.tricount-rtr.entrypoints=web-secure" - - "traefik.http.routers.tricount-rtr.rule=Host(`tricount.$DOMAINNAME`)" - - "traefik.http.routers.tricount-rtr.tls=true" - - "traefik.http.routers.tricount-rtr.service=tricount-svc" - # - "traefik.http.routers.tricount-rtr.middlewares=authelia@docker" - - "traefik.http.services.tricount-svc.loadbalancer.server.port=8000" - logging: *default-logging -#+end_src - -** =homeassistant= - Home Automation ([[https://hub.docker.com/r/homeassistant/home-assistant][link]]) -#+begin_src yaml - homeassistant: - container_name: homeassistant - image: homeassistant/home-assistant - restart: unless-stopped - #networks: - # - t2_proxy - #ports: - # - target: 8123 - # published: 8123 - # protocol: tcp - # mode: host - privileged: true - ports: - - 8123:8123 - # network_mode: host - volumes: - - $CONFIGDIR/homeassistant:/config - - /etc/localtime:/etc/localtime:ro - - /dev/bus/usb:/dev/bus/usb - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - labels: - - "traefik.enable=true" - - "traefik.http.routers.homeassistant-rtr.entrypoints=web-secure" - - "traefik.http.routers.homeassistant-rtr.rule=Host(`home.$DOMAINNAME`)" - - "traefik.http.routers.homeassistant-rtr.tls=true" - - "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc" - - "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123" - # - "traefik.http.services.homeassistant-svc.loadbalancer.servers.url=http://172.17.0.1:8123" - logging: *default-logging -#+end_src - ** =photoprism= ([[https://github.com/photoprism/photoprism][link]]) #+begin_src yaml photoprism: @@ -4055,8 +4566,8 @@ GITEA_SSH_PORT=2222 #+end_src #+begin_src conf -NORDVPN_NAME=AacP7CV8mjAkBtk5Bk6eGr1q -NORDVPN_PASS=<> +PUREVPN_NAME=purevpn0s13581687 +PUREVPN_PASS=<> #+end_src #+begin_src conf @@ -4064,10 +4575,6 @@ TRANSMISSION_NAME=tdehaeze TRANSMISSION_PASS=<> #+end_src -#+begin_src conf -WIREGUARD_PASS=<> -#+end_src - #+begin_src conf GOTIFY_URL=https://gotify.tdehaeze.xyz/ GOTIFY_DEFAULTUSER_NAME=tdehaeze @@ -4244,6 +4751,12 @@ sudo apt install neovim tmux fd-find ripgrep fzf apache2-utils unrar ranger man https://blog.rylander.io/2020/12/23/setting-up-docker-on-ubuntu-20-04-focal-arm64/ +** Update +#+begin_src bash :eval no +sudo apt update +sudo apt upgrade +#+end_src + ** Poweroff without =sudo= add the following at the end of =/etc/sudoers=: @@ -4251,8 +4764,46 @@ add the following at the end of =/etc/sudoers=: thomas backup =NOPASSWD: /usr/bin/systemctl poweroff,/usr/bin/systemctl halt,/usr/bin/systemctl reboot #+end_src +** Install Restic + +Restic is used for Backup. +The binary is installed directly from [[https://github.com/restic/restic/releases][Github]] (for instance =restic_0.16.2_linux_arm64.bz2=). +Then, the binary is copied in =/usr/local/bin=. + +To update restic, use the command =restic self-update=. + * Cron Jobs -** Caddy Update +** Snapraid +A snapraid Cron job is run with the Root user (use =sudo crontab -e= to edit). (See Section ref:sec:snapraid). + +** Restic Backup Restart Container +Sometimes the restic container fails and keeps restarting as it fails to reach the backup server (which is off). + +** Music Multi-CD +Create a script =~/cron/music-multi-cd.sh= with: +#+begin_src bash :tangle /ssh:thomas@homelab:~/cron/music-multi-cd.sh :shebang "#!/usr/bin/env bash" +shopt -s extglob globstar + +find /srv/storage/Music/ -maxdepth 2 -type d -name "Disc\ 1" -print0 | while read -d $'\0' file +do + echo $file + cd_dir=$(dirname "$file") + cd_name=$(basename "$cd_dir") + mkdir "$cd_dir/$cd_name" && \ + mv "$cd_dir"/Disc* "$cd_dir/$cd_name/" + mv "$cd_dir/cover.jpg" "$cd_dir/$cd_name/" +done +#+end_src + +Type =crontab -e= and add this line: +#+begin_src conf +1 2 * * * /home/thomas/cron/music-multi-cd.sh >> /home/thomas/cron/music-multi-cd.log 2>&1 +#+end_src + + +** TODO Caddy Update +- [ ] Is this even still in use? + Create a script =~/cron/caddy_update.sh= with: #+begin_src bash :tangle /ssh:thomas@homelab:~/cron/caddy_update.sh :shebang "#!/usr/bin/env bash" docker exec caddy /bin/sh -c "cd /srv/www && echo -e \"Update repo $(date)\" && git submodule update --recursive --remote --merge"