Commit b9465ca8 authored by Nick Busey's avatar Nick Busey

#42 Starting to break up the services

parent 2c542243
Pipeline #38923325 failed with stage
in 40 seconds
......@@ -9,3 +9,4 @@ kibitzr.yml
kibitzr-creds.yml
config.yml
inventory
fetch/
# Inventario
[Inventario](https://gitlab.com/NickBusey/inventario) is a home inventory managament system.
## Access
It is available at [https://inventario.{{ domain }}/](https://inventario.{{ domain }}/) or [http://inventario.{{ domain }}/](http://inventario.{{ domain }}/)
It is also available via Tor at [http://inventario.{{ tor_domain }}/](http://inventario.{{ tor_domain }}/)
\ No newline at end of file
......@@ -8,6 +8,7 @@ enable_bitwarden: False
enable_bulletnotes: False
enable_darksky_influx: False
enable_dasher: False
enable_docs: False
enable_emby: False
enable_firefly_iii: False
enable_gitea: False
......
......@@ -20,9 +20,9 @@
roles:
# Install Docker, configure basic server settings
- common
- homelabos_common
# Configure a TOR hidden service for remote access without a public IP
- role: toke.tor
- role: tor
hidden_services:
- dir: /var/lib/tor/ssh-onion
port: 22
......@@ -34,27 +34,26 @@
port: 80
source: 127.0.0.1:80
# Install and configure HomelabOS documentation
# Install and configure HomelabOS services
- hosts: homelabos
become: "True"
gather_facts: "True"
tags:
- homelabos
- docs
- deploy
roles:
- docs
- homelabos_base
# Install and configure HomelabOS services
# Install and configure HomelabOS documentation
- hosts: homelabos
become: "True"
gather_facts: "True"
tags:
- homelabos
- deploy
- docs
roles:
- homelabos
- role: homelabos_docs
when: enable_docs
- name: "Setup tinc VPN"
tags: tinc
......@@ -62,7 +61,7 @@
become: yes
become_method: sudo
roles:
- role: tinc
- role: homelabos_tinc
when:
- "vpn_ip is defined"
......@@ -72,7 +71,28 @@
become_method: sudo
tags: tinc-nginx
roles:
- role: tinc-nginx
- role: homelabos_tinc-nginx
when:
- "vpn_ip is defined"
- name: "Deploy enabled services"
hosts: homelabos
become: "True"
gather_facts: "True"
tags:
- deploy
roles:
- role: apple_health_influx
when: enable_apple_health_influx
- role: bitwarden
when: enable_bitwarden
- role: bulletnotes
when: enable_bulletnotes
- role: bitwarden
when: enable_bitwarden
- role: firefly_iii
when: enable_firefly_iii
- role: thelounge
when: enable_thelounge
...
# Apple Health Data Importer
apple_health_influx:
image: nickbusey/healthdata_influx:cron
restart: unless-stopped
volumes:
- /var/homelabos/nextcloud/data/{{ apple_health_nextcloud_username }}/files/export/:/export/
- /var/homelabos/apple_health_influx/config.yml:/config.yml
\ No newline at end of file
---
- name: Make bitwarden directory.
file:
path: "/var/homelabos/bitwarden"
state: directory
- name: Copy bitwarden docker-compose.yml file into place.
template:
src: docker-compose.bitwarden.yml.j2
dest: /var/homelabos/bitwarden/docker-compose.bitwarden.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure bitwarden systemd service.
template: src=bitwarden.service dest=/etc/systemd/system/bitwarden.service
- name: Start bitwarden
systemd:
name: bitwarden
enabled: "yes"
daemon-reload: "yes"
state: started
...
[Unit]
Description=HomelabOS bitwarden Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStart=/usr/bin/docker-compose -f /var/homelabos/bitwarden/docker-compose.bitwarden.yml -p bitwarden up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/bitwarden/docker-compose.bitwarden.yml -p bitwarden stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Password Manager
bitwarden_web:
image: mprasil/bitwarden
restart: unless-stopped
networks:
- traefik_network
volumes:
- /var/homelabos/bitwarden:/data
labels:
- "traefik.enable=true"
- "traefik.http.frontend.rule=Host:warden.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=80"
- "traefik.http.frontend.headers.customFrameOptionsValue=ALLOW-FROM http://{{ domain }}"
- "traefik.http.frontend.headers.customFrameOptionsValue=ALLOW-FROM https://{{ domain }}"
- "traefik.tor.frontend.rule=Host:warden.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=80"
\ No newline at end of file
---
- name: Make bulletnotes directory.
file:
path: "/var/homelabos/bulletnotes"
state: directory
- name: Copy bulletnotes docker-compose.yml file into place.
template:
src: docker-compose.bulletnotes.yml.j2
dest: /var/homelabos/bulletnotes/docker-compose.bulletnotes.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure bulletnotes systemd service.
template: src=homelabos_bulletnotes.service dest=/etc/systemd/system/homelabos_bulletnotes.service
- name: Start bulletnotes
systemd:
name: bulletnotes
enabled: "yes"
daemon-reload: "yes"
state: started
...
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
bulletnotes_db:
image: mongo:3.2.21
restart: unless-stopped
command: mongod --smallfiles --oplogSize 128
expose:
- 27017
volumes:
- ./data/bulletnotes-db:/data/db
- ./data/bulletnotes-db-dump:/dump
bulletnotes:
image: nickbusey/bulletnotes
command: meteor --allow-superuser run
working_dir: /BulletNotes
links:
- bulletnotes_db
restart: unless-stopped
networks:
- traefik_network
environment:
- MONGO_URL=mongodb://bulletnotes_db:27017/bulletnotes
- ROOT_URL=http://bulletnotes.{{ domain }}
labels:
- "traefik.enable=true"
- "traefik.http.frontend.rule=Host:bulletnotes.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=3000"
- "traefik.tor.frontend.rule=Host:bulletnotes.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=3000"
\ No newline at end of file
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Weather Data Importer
darksky_influx:
image: erwinsteffens/darksky-influxdb:latest
restart: always
networks:
- traefik_network
links:
- influxdb
environment:
- DARKSKY_KEY={{ darksky_key }}
# This is every 2 minutes. This is about as fast as you can go with the free API keys without running out of queries.
- CRON=0 */2 * * * *
- INFLUXDB_HOST=influxdb
- INFLUXDB_DATABASE=darksky
- DARKSKY_LATITUDE={{ latitude }}
- DARKSKY_LONGITUDE={{ longitude }}
\ No newline at end of file
---
- name: Make firefly_iii directory.
file:
path: "/var/homelabos/firefly_iii"
state: directory
- name: Copy firefly_iii docker-compose.yml file into place.
template:
src: docker-compose.firefly_iii.yml.j2
dest: /var/homelabos/firefly_iii/docker-compose.firefly_iii.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure firefly_iii systemd service.
template: src=firefly_iii.service dest=/etc/systemd/system/firefly_iii.service
- name: Start firefly_iii
systemd:
name: firefly_iii
enabled: "yes"
daemon-reload: "yes"
state: started
...
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Financial Tracker
firefly_iii_app:
restart: unless-stopped
environment:
- FF_DB_HOST=firefly_iii_db
- FF_DB_NAME=firefly_db
- FF_DB_USER=firefly_db
- FF_DB_PASSWORD=firefly_db_secret
- FF_APP_KEY=S0m3R@nd0mStr1ngOf31Ch@rsEx@ctly
- FF_APP_ENV=local
- APP_URL=https://money.{{ domain }}
- TZ={{ common_timezone }}
- ServerName=money.{{ domain }}
image: jc5x/firefly-iii
networks:
- traefik_network
volumes:
- /var/homelabos/firefly/export:/var/www/firefly-iii/storage/export
- /var/homelabos/firefly/upload:/var/www/firefly-iii/storage/upload
labels:
- "traefik.enable=true"
- "traefik.http.frontend.rule=Host:money.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=80"
- "traefik.tor.frontend.rule=Host:money.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=80"
firefly_iii_db:
restart: unless-stopped
networks:
- traefik_network
environment:
- MYSQL_DATABASE=firefly_db
- MYSQL_USER=firefly_db
- MYSQL_PASSWORD=firefly_db_secret
- MYSQL_RANDOM_ROOT_PASSWORD=yes
image: mariadb
volumes:
- /var/homelabos/firefly/db:/var/lib/mysql
\ No newline at end of file
[Unit]
Description=HomelabOS firefly_iii Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStart=/usr/bin/docker-compose -f /var/homelabos/firefly_iii/docker-compose.firefly_iii.yml -p firefly_iii up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/firefly_iii/docker-compose.firefly_iii.yml -p firefly_iii stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
globalSettings__baseServiceUri__vault=https://{{ domain }}
globalSettings__baseServiceUri__api=https://{{ domain }}/api
globalSettings__baseServiceUri__identity=https://{{ domain }}/identity
globalSettings__baseServiceUri__admin=https://{{ domain }}/admin
globalSettings__sqlServer__connectionString="Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=cS2ZvPGgPnvVc8fIljD6ufpaanCQNOYt;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
globalSettings__identityServer__certificatePassword=tiSVFF2O0inVP6zU6G9IqhHbxYEbfCqx
globalSettings__attachment__baseDirectory=/etc/bitwarden/core/attachments
globalSettings__attachment__baseUrl=https://{{ domain }}/attachments
globalSettings__dataProtection__directory=/etc/bitwarden/core/aspnet-dataprotection
globalSettings__logDirectory=/etc/bitwarden/logs
globalSettings__licenseDirectory=/etc/bitwarden/core/licenses
globalSettings__duo__aKey=QlZeTP29PPwyAvTDpTGpMzAxbwfCkzt54gztJnMX9zAykiumOaf7hLfMRRvilisQ
globalSettings__installation__id=e85eeb91-8fa2-45f3-a231-a90400406250
globalSettings__installation__key=FCF3Gv8At3M3fqfzl9YC
globalSettings__yubico__clientId=REPLACE
globalSettings__yubico__key=REPLACE
globalSettings__mail__replyToEmail=no-reply@{{ domain }}
globalSettings__mail__smtp__host=REPLACE
globalSettings__mail__smtp__username=REPLACE
globalSettings__mail__smtp__password=REPLACE
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__useDefaultCredentials=false
globalSettings__disableUserRegistration=false
adminSettings__admins=
This diff is collapsed.
[Unit]
Description=HomelabOS Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
#EnvironmentFile=/var/homelabos/docker/.env
ExecStartPre=/usr/bin/docker-compose -f /var/homelabos/docker/docker-compose.yml -p homelabos down
ExecStart=/usr/bin/docker-compose -f /var/homelabos/docker/docker-compose.yml -p homelabos up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/docker/docker-compose.yml -p homelabos stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
......@@ -5,26 +5,10 @@
state: directory
mode: '1777'
loop:
- /var/homelabos/apple_health_influx
- /var/homelabos/dasher
- /var/homelabos/docker
- /var/homelabos/telegraf
- /var/homelabos/traefik
- /var/homelabos/grafana/data
- /var/homelabos/grafana/datasources
- /var/homelabos/grafana/dashboards
- /mnt/nas
ignore_errors: "yes"
- name: Configure Docker.
template: src={{ item }} dest=/var/homelabos/docker/
loop:
- .env
- monica.env
- name: Configure Telegraf.
template: src=telegraf.conf dest=/var/homelabos/telegraf/telegraf.conf
- name: Configure Traefik.
template: src=traefik.toml dest=/var/homelabos/traefik/traefik.toml
......@@ -34,28 +18,6 @@
mode: 0600
state: touch
- name: Configure Dasher
template: src=dasher.config.json dest=/var/homelabos/dasher/config.json
- name: Configure Apple Health Importer
template: src=apple_health_config.yml dest=/var/homelabos/apple_health_influx/config.yml
- name: Configure NAS
lineinfile:
path: /etc/fstab
line: '{{ nas_path }} /mnt/nas cifs username={{ nas_user }},vers=2.0,dom={{ nas_workgroup }},password={{ nas_pass }},uid=1000,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0'
- name: Configure Grafana Datasources
template: src={{ item }} dest=/var/homelabos/grafana/datasources/{{ item }}
loop:
- grafana.datasource.influxdb.yaml
- name: Configure Grafana Dashboards
template: src={{ item }} dest=/var/homelabos/grafana/dashboards/{{ item }}
loop:
- grafana.dashboards.yaml
- grafana.dash.homelab.json
- name: Mount NAS Drives
command: mount -a
args:
......@@ -71,8 +33,8 @@
- name: Copy HomelabOS docker-compose.yml file into place.
template:
src: docker-compose.yml.j2
dest: /var/homelabos/docker/docker-compose.yml
src: docker-compose.traefik.yml.j2
dest: /var/homelabos/traefik/docker-compose.traefik.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
......@@ -88,53 +50,16 @@
with_items:
- "{{ services }}"
- name: Pull latest HomelabOS service docker images. (This could take a while the first time, it has to download quite a bit.)
command: docker-compose -f /var/homelabos/docker/docker-compose.yml pull
- name: Configure Kibitzr
ignore_errors: True
copy:
src=kibitzr.yml
dest=/var/homelabos/kibitzr/config/kibitzr.yml
- name: Configure Kibitzr Credentials
ignore_errors: True
copy:
src=kibitzr-creds.yml
dest=/var/homelabos/kibitzr/config/kibitzr-creds.yml
# - name: Disable resolved service to make room for pihole
# systemd:
# name: systemd-resolved
# state: stopped
# enabled: no
# daemon-reload: yes
# - name: Configure resolve.conf to use localhost
# lineinfile:
# path: /etc/resolv.conf
# line: 'nameserver 127.0.0.1'
- name: Stop HomelabOS
systemd:
name: homelabos
enabled: "yes"
daemon-reload: "yes"
state: stopped
- name: Restart Docker (workaround for Docker not releasing ports.)
systemd:
name: docker
enabled: "yes"
daemon-reload: "yes"
state: restarted
- name: Pull HomelabOS Traefik Image
command: docker-compose -f /var/homelabos/traefik/docker-compose.traefik.yml pull
- name: Start HomelabOS
systemd:
name: homelabos
enabled: "yes"
daemon-reload: "yes"
state: started
state: restarted
ignore_errors: "yes"
- name: Read Tor SSH connection info
shell: cat /var/lib/tor/ssh-onion/hostname
......
---
version: '3'
networks:
traefik:
driver: bridge
services:
# Load Balancer / SSL / Web Server
traefik:
image: traefik
restart: always
networks:
- traefik
ports:
- "80:80"
- "443:443"
- "8181:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/homelabos/traefik/traefik.toml:/traefik.toml
- /var/homelabos/traefik/acme.json:/acme.json
...
[Unit]
Description=HomelabOS Traefik Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStart=/usr/bin/docker-compose -f /var/homelabos/traefik/docker-compose.traefik.yml -p homelabos up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/traefik/docker-compose.traefik.yml -p homelabos stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
......@@ -37,4 +37,21 @@
vars:
tor_domain: "{{ tor_domain_file.stdout }}"
tor_ssh_domain: "{{ tor_ssh_domain_file.stdout }}"
- name: Copy HomelabOS docker-compose.yml file into place.
template:
src: docker-compose.docs.yml.j2
dest: /var/homelabos/docs/docker-compose.docs.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure HomelabOS systemd service.
template: src=homelabos_docs.service dest=/etc/systemd/system/homelabos_docs.service
- name: Start HomelabOS Docs
systemd:
name: homelabos_docs
enabled: "yes"
daemon-reload: "yes"
state: restarted
...
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# HomelabOS Documentation
docs:
image: kyma/docker-nginx
restart: unless-stopped
networks:
- traefik_network
volumes:
- /var/homelabos/docs/site:/var/www
labels:
- "traefik.enable=true"
- "traefik.http.frontend.rule=Host:docs.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=80"
- "traefik.tor.frontend.rule=Host:docs.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=80"
[Unit]
Description=HomelabOS Documentation Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStart=/usr/bin/docker-compose -f /var/homelabos/docs/docker-compose.docs.yml -p docs up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/docs/docker-compose.docs.yml -p docs stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
......@@ -43,6 +43,7 @@ enable_bitwarden: {{enable_bitwarden}}
enable_bulletnotes: {{enable_bulletnotes}}
enable_darksky_influx: {{enable_darksky_influx}}
enable_dasher: {{enable_dasher}}
enable_docs: {{enable_docs}}
enable_emby: {{enable_emby}}
enable_firefly_iii: {{enable_firefly_iii}}
enable_gitea: {{enable_gitea}}
......
---
- name: Make thelounge directory.
file:
path: "/var/homelabos/thelounge"
state: directory
- name: Copy thelounge docker-compose.yml file into place.
template: