Commit c39066d2 authored by Nick Busey's avatar Nick Busey

Resolve "RFC: Replace Docker-Compose"

parent 2c542243
......@@ -9,3 +9,4 @@ kibitzr.yml
kibitzr-creds.yml
config.yml
inventory
fetch/
......@@ -8,6 +8,8 @@ This software has not reached version 1.0 and should therefore be considered uns
If you like getting your hands dirty in early versions of software, this is for you. If you prefer to wait till things are stable and friendly, maybe hold off for a while.
Also, if you trash your server or wreck your data, that's on you. Test your backups. Trust nothing.
## [Documentation](https://nickbusey.gitlab.io/HomelabOS/)
## Summary
......
......@@ -4,6 +4,6 @@
## Access
It is available at [https://warden.{{ domain }}/](https://warden.{{ domain }}/) or [http://warden.{{ domain }}/](http://warden.{{ domain }}/)
It is available at [https://bitwarden.{{ domain }}/](https://bitwarden.{{ domain }}/) or [http://bitwarden.{{ domain }}/](http://bitwarden.{{ domain }}/)
It is also available via Tor at [http://warden.{{ tor_domain }}/](http://warden.{{ tor_domain }}/)
\ No newline at end of file
It is also available via Tor at [http://bitwarden.{{ tor_domain }}/](http://bitwarden.{{ tor_domain }}/)
\ No newline at end of file
# Inventario
[Inventario](https://gitlab.com/NickBusey/inventario) is a home inventory managament system.
## Access
It is available at [https://inventario.{{ domain }}/](https://inventario.{{ domain }}/) or [http://inventario.{{ domain }}/](http://inventario.{{ domain }}/)
It is also available via Tor at [http://inventario.{{ tor_domain }}/](http://inventario.{{ tor_domain }}/)
\ No newline at end of file
# Mashio
[Mashio](https://gitlab.com/NickBusey/mashio) is a home brewery management software.
## Access
It is available at [https://mashio.{{ domain }}/](https://mashio.{{ domain }}/) or [http://mashio.{{ domain }}/](http://mashio.{{ domain }}/)
It is also available via Tor at [http://mashio.{{ tor_domain }}/](http://mashio.{{ tor_domain }}/)
\ No newline at end of file
......@@ -8,6 +8,7 @@ enable_bitwarden: False
enable_bulletnotes: False
enable_darksky_influx: False
enable_dasher: False
enable_docs: False
enable_emby: False
enable_firefly_iii: False
enable_gitea: False
......@@ -16,6 +17,7 @@ enable_homeassistant: False
enable_inventario: False
enable_jackett: False
enable_kibitzr: False
enable_mashio: False
enable_matomo: False
enable_miniflux: False
enable_minio: False
......@@ -33,6 +35,7 @@ enable_radarr: False
enable_restic: False
enable_syncthing: False
enable_thelounge: False
enable_tick: False
enable_transmission: False
enable_xfinityusageinfluxdb: False
......@@ -79,24 +82,29 @@ s3_backup_cron: 0 4 * * *
# Service List
services:
- warden
- bitwarden
- bulletnotes
- docs
- emby
- money
- git
- firefly_iii
- gitea
- grafana
- homeassistant
- inventario
- mashio
- matomo
- rss
- miniflux
- minio
- monica
- monicahq
- nextcloud
- organizr
- paperless
- pihole
- docker
- portainer
- sonarr
- radarr
- sync
- syncthing
- thelounge
- torrent
\ No newline at end of file
- tick
- tinc
- transmission
......@@ -20,9 +20,9 @@
roles:
# Install Docker, configure basic server settings
- common
- homelabos_common
# Configure a TOR hidden service for remote access without a public IP
- role: toke.tor
- role: tor
hidden_services:
- dir: /var/lib/tor/ssh-onion
port: 22
......@@ -34,27 +34,6 @@
port: 80
source: 127.0.0.1:80
# Install and configure HomelabOS documentation
- hosts: homelabos
become: "True"
gather_facts: "True"
tags:
- homelabos
- docs
roles:
- docs
# Install and configure HomelabOS services
- hosts: homelabos
become: "True"
gather_facts: "True"
tags:
- homelabos
- deploy
roles:
- homelabos
- name: "Setup tinc VPN"
tags: tinc
......@@ -62,9 +41,9 @@
become: yes
become_method: sudo
roles:
- role: tinc
- role: homelabos_tinc
when:
- "vpn_ip is defined"
- enable_tinc
- name: "Update Tinc NGINX Servers"
hosts: tinc
......@@ -72,7 +51,17 @@
become_method: sudo
tags: tinc-nginx
roles:
- role: tinc-nginx
when:
- "vpn_ip is defined"
- role: homelabos_tinc-nginx
when: enable_tinc
# Install and configure HomelabOS services
- hosts: homelabos
become: "True"
gather_facts: "True"
tags:
- homelabos
- deploy
roles:
- homelabos_base
...
......@@ -34,6 +34,7 @@ pages:
- Inventario: software/inventario.md
- Jackett: software/jackett.md
- Kibitzr: software/kibitzr.md
- Mashio: software/mashio.md
- Matomo: software/matomo.md
- Miniflux: software/miniflux.md
- Minio: software/minio.md
......
# Apple Health Data Importer
apple_health_influx:
image: nickbusey/healthdata_influx:cron
restart: unless-stopped
volumes:
- /var/homelabos/nextcloud/data/{{ apple_health_nextcloud_username }}/files/export/:/export/
- /var/homelabos/apple_health_influx/config.yml:/config.yml
\ No newline at end of file
---
- name: Make bitwarden directory.
file:
path: "/var/homelabos/bitwarden"
state: directory
- name: Copy bitwarden docker-compose.yml file into place.
template:
src: docker-compose.bitwarden.yml.j2
dest: /var/homelabos/bitwarden/docker-compose.bitwarden.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure bitwarden systemd service.
template: src=bitwarden.service dest=/etc/systemd/system/bitwarden.service
- name: Start bitwarden
systemd:
name: bitwarden
enabled: "yes"
daemon-reload: "yes"
state: started
...
[Unit]
Description=HomelabOS bitwarden Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStart=/usr/bin/docker-compose -f /var/homelabos/bitwarden/docker-compose.bitwarden.yml -p bitwarden up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/bitwarden/docker-compose.bitwarden.yml -p bitwarden stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Password Manager
bitwarden_web:
image: mprasil/bitwarden
restart: unless-stopped
networks:
- traefik_network
volumes:
- /var/homelabos/bitwarden:/data
labels:
- "traefik.enable=true"
- "traefik.docker.network=homelabos_traefik"
- "traefik.http.frontend.rule=Host:bitwarden.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=80"
- "traefik.http.frontend.headers.customFrameOptionsValue=ALLOW-FROM http://{{ domain }}"
- "traefik.http.frontend.headers.customFrameOptionsValue=ALLOW-FROM https://{{ domain }}"
- "traefik.tor.frontend.rule=Host:bitwarden.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=80"
\ No newline at end of file
---
- name: Make bulletnotes directory.
file:
path: "/var/homelabos/bulletnotes"
state: directory
- name: Copy bulletnotes docker-compose.yml file into place.
template:
src: docker-compose.bulletnotes.yml.j2
dest: /var/homelabos/bulletnotes/docker-compose.bulletnotes.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure bulletnotes systemd service.
template: src=bulletnotes.service dest=/etc/systemd/system/bulletnotes.service
- name: Start bulletnotes
systemd:
name: bulletnotes
enabled: "yes"
daemon-reload: "yes"
state: started
...
[Unit]
Description=HomelabOS bulletnotes Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStartPre=/usr/bin/docker-compose -f /var/homelabos/bulletnotes/docker-compose.bulletnotes.yml -p bulletnotes down
ExecStart=/usr/bin/docker-compose -f /var/homelabos/bulletnotes/docker-compose.bulletnotes.yml -p bulletnotes up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/bulletnotes/docker-compose.bulletnotes.yml -p bulletnotes stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
bulletnotes_db:
image: mongo:3.2.21
restart: unless-stopped
command: mongod --smallfiles --oplogSize 128
expose:
- 27017
volumes:
- ./data/bulletnotes-db:/data/db
- ./data/bulletnotes-db-dump:/dump
bulletnotes:
image: nickbusey/bulletnotes
command: meteor --allow-superuser run
working_dir: /BulletNotes
links:
- bulletnotes_db
restart: unless-stopped
networks:
- traefik_network
environment:
- MONGO_URL=mongodb://bulletnotes_db:27017/bulletnotes
- ROOT_URL=http://bulletnotes.{{ domain }}
labels:
- "traefik.enable=true"
- "traefik.docker.network=homelabos_traefik"
- "traefik.http.frontend.rule=Host:bulletnotes.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=3000"
- "traefik.tor.frontend.rule=Host:bulletnotes.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=3000"
\ No newline at end of file
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Weather Data Importer
darksky_influx:
image: erwinsteffens/darksky-influxdb:latest
restart: always
networks:
- traefik_network
links:
- influxdb
environment:
- DARKSKY_KEY={{ darksky_key }}
# This is every 2 minutes. This is about as fast as you can go with the free API keys without running out of queries.
- CRON=0 */2 * * * *
- INFLUXDB_HOST=influxdb
- INFLUXDB_DATABASE=darksky
- DARKSKY_LATITUDE={{ latitude }}
- DARKSKY_LONGITUDE={{ longitude }}
\ No newline at end of file
---
- name: Configure Dasher
template: src=dasher.config.json dest=/var/homelabos/dasher/config.json
- name: Make dasher directory.
file:
path: "/var/homelabos/dasher"
state: directory
- name: Copy dasher docker-compose.yml file into place.
template:
src: docker-compose.dasher.yml.j2
dest: /var/homelabos/dasher/docker-compose.dasher.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure dasher systemd service.
template: src=dasher.service dest=/etc/systemd/system/dasher.service
- name: Start dasher
systemd:
name: dasher
enabled: "yes"
daemon-reload: "yes"
state: started
...
[Unit]
Description=HomelabOS dasher Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStartPre=/usr/bin/docker-compose -f /var/homelabos/dasher/docker-compose.dasher.yml -p dasher down
ExecStart=/usr/bin/docker-compose -f /var/homelabos/dasher/docker-compose.dasher.yml -p dasher up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/dasher/docker-compose.dasher.yml -p dasher stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
---
version: '3'
services:
# Amazon Dash Button
dasher:
image: hijinx/dasher
restart: unless-stopped
network_mode: host
volumes:
- /var/homelabos/dasher/config.json:/usr/src/app/config/config.json
\ No newline at end of file
---
- name: Make emby directory.
file:
path: "/var/homelabos/emby"
state: directory
- name: Copy emby docker-compose.yml file into place.
template:
src: docker-compose.emby.yml.j2
dest: /var/homelabos/emby/docker-compose.emby.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure emby systemd service.
template: src=emby.service dest=/etc/systemd/system/emby.service
- name: Start emby
systemd:
name: emby
enabled: "yes"
daemon-reload: "yes"
state: started
...
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Media Server
emby:
image: emby/embyserver:latest
restart: unless-stopped
volumes:
- /var/homelabos/emby:/config
- /mnt/nas:/mnt/nas
- /mnt/nas/tmp:/config/transcoding-temp
labels:
- "traefik.enable=true"
- "traefik.docker.network=homelabos_traefik"
- "traefik.http.frontend.rule=Host:emby.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=8096"
- "traefik.tor.frontend.rule=Host:emby.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=8096"
\ No newline at end of file
[Unit]
Description=HomelabOS emby Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStartPre=/usr/bin/docker-compose -f /var/homelabos/emby/docker-compose.emby.yml -p emby down
ExecStart=/usr/bin/docker-compose -f /var/homelabos/emby/docker-compose.emby.yml -p emby up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/emby/docker-compose.emby.yml -p emby stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
---
- name: Make firefly_iii directory.
file:
path: "/var/homelabos/firefly_iii"
state: directory
- name: Copy firefly_iii docker-compose.yml file into place.
template:
src: docker-compose.firefly_iii.yml.j2
dest: /var/homelabos/firefly_iii/docker-compose.firefly_iii.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure firefly_iii systemd service.
template: src=firefly_iii.service dest=/etc/systemd/system/firefly_iii.service
- name: Start firefly_iii
systemd:
name: firefly_iii
enabled: "yes"
daemon-reload: "yes"
state: started
...
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Financial Tracker
firefly_iii_app:
restart: unless-stopped
environment:
- FF_DB_HOST=firefly_iii_db
- FF_DB_NAME=firefly_db
- FF_DB_USER=firefly_db
- FF_DB_PASSWORD=firefly_db_secret
- FF_APP_KEY=S0m3R@nd0mStr1ngOf31Ch@rsEx@ctly
- FF_APP_ENV=local
- APP_URL=https://money.{{ domain }}
- TZ={{ common_timezone }}
- ServerName=money.{{ domain }}
image: jc5x/firefly-iii
links:
- firefly_iii_db
networks:
- traefik_network
volumes:
- /var/homelabos/firefly/export:/var/www/firefly-iii/storage/export
- /var/homelabos/firefly/upload:/var/www/firefly-iii/storage/upload
labels:
- "traefik.enable=true"
- "traefik.docker.network=homelabos_traefik"
- "traefik.http.frontend.rule=Host:money.{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=80"
- "traefik.tor.frontend.rule=Host:money.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=80"
firefly_iii_db:
restart: unless-stopped
networks:
- traefik_network
environment:
- MYSQL_DATABASE=firefly_db
- MYSQL_USER=firefly_db
- MYSQL_PASSWORD=firefly_db_secret
- MYSQL_RANDOM_ROOT_PASSWORD=yes
image: mariadb
volumes:
- /var/homelabos/firefly/db:/var/lib/mysql
\ No newline at end of file
[Unit]
Description=HomelabOS firefly_iii Service
After=docker.service
Requires=docker.service
[Service]
TimeoutSec=infinity
Restart=always
RestartSec=3
ExecStart=/usr/bin/docker-compose -f /var/homelabos/firefly_iii/docker-compose.firefly_iii.yml -p firefly_iii up
ExecStop=/usr/bin/docker-compose -f /var/homelabos/firefly_iii/docker-compose.firefly_iii.yml -p firefly_iii stop
[Install]
WantedBy=multi-user.target
\ No newline at end of file
---
- name: Make gitea directory.
file:
path: "/var/homelabos/gitea"
state: directory
- name: Copy gitea docker-compose.yml file into place.
template:
src: docker-compose.gitea.yml.j2
dest: /var/homelabos/gitea/docker-compose.gitea.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
- name: Configure gitea systemd service.
template: src=gitea.service dest=/etc/systemd/system/gitea.service
- name: Start gitea
systemd:
name: gitea
enabled: "yes"
daemon-reload: "yes"
state: started
...
---
version: '3'
networks:
traefik_network:
external:
name: homelabos_traefik
services:
# Code Hosting
gitea:
image: gitea/gitea:latest
networks:
- traefik_network
environment:
- USER_UID=1000
- USER_GID=1000
restart: unless-stopped
links:
- gitea_db:db
volumes:
- /var/lab/homelabos/gitea:/data
ports:
- "3030:3000"
- "222:22"
depends_on:
- gitea_db
labels:
- "traefik.enable=true"
- "traefik.docker.network=homelabos_traefik"
- "traefik.http.frontend.rule=Host:gitea.{{ domain }}"
- "traefik.http.frontend.headers.customFrameOptionsValue=ALLOW-FROM http://{{ domain }}"
- "traefik.http.frontend.headers.customFrameOptionsValue=ALLOW-FROM https://{{ domain }}"
- "traefik.http.protocol=http"
- "traefik.http.port=3000"
- "traefik.tor.frontend.rule=Host:gitea.{{ tor_domain }}"
- "traefik.tor.protocol=http"
- "traefik.tor.port=3000"
gitea_db:
image: mariadb
networks:
- traefik_network
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD=gitea
- MYSQL_USER=gitea