Compare commits
10 Commits
3ec7edfc87
...
dev
| Author | SHA1 | Date | |
|---|---|---|---|
|
92b082aedc | ||
|
|
3f848299ae | ||
|
|
42cdbeeb02 | ||
|
|
1351d9d0a0 | ||
|
|
dc98c7080a | ||
|
|
3515d1f2d2 | ||
|
|
9c4534330c | ||
|
|
6e813a5e99 | ||
|
|
0eb4b91639 | ||
|
|
212833ca3c |
5
.gitignore
vendored
Normal file
5
.gitignore
vendored
Normal file
@@ -0,0 +1,5 @@
|
||||
Volumes
|
||||
.env
|
||||
Piped-Docker
|
||||
pterodactyl
|
||||
piped.yml
|
||||
129
Caddyfile
Normal file
129
Caddyfile
Normal file
@@ -0,0 +1,129 @@
|
||||
{
|
||||
acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
||||
}
|
||||
|
||||
actual.archfox.org {
|
||||
reverse_proxy actual:5006
|
||||
}
|
||||
|
||||
searxng.archfox.org {
|
||||
reverse_proxy searxng:8080
|
||||
}
|
||||
|
||||
git.archfox.org {
|
||||
reverse_proxy gitea:3000
|
||||
}
|
||||
|
||||
jelly.archfox.org {
|
||||
reverse_proxy jellyfin:8096 {
|
||||
header_up +Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/accentlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/base.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/bottombarprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fixes.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/jf_font.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/overlayprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/smallercast.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_floating.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_corner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/glassy.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/pan-animation.css https://ctalvio.github.io/Monochromic/backdrop-hack_style.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/hoverglow.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/scrollfade.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_compactlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_grid.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_border.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_noborder.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent-dashboard.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_minimalistic.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/monochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/kaleidochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/novachromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/light.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/colorful.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark_withaccent.css https://fonts.googleapis.com/css2; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"
|
||||
}
|
||||
}
|
||||
|
||||
vault.archfox.org {
|
||||
reverse_proxy vaultwarden:80
|
||||
}
|
||||
|
||||
aria.archfox.org {
|
||||
reverse_proxy ariang:8080
|
||||
}
|
||||
|
||||
nextcloud.archfox.org {
|
||||
reverse_proxy 10.0.1.45:11000
|
||||
}
|
||||
|
||||
bookstack.archfox.org {
|
||||
reverse_proxy bookstack:80
|
||||
}
|
||||
|
||||
panel.archfox.org {
|
||||
reverse_proxy tpanel:80
|
||||
|
||||
php_fastcgi unix//run/php/php8.3-fpm.sock {
|
||||
root /var/www/pterodactyl/public
|
||||
index index.php
|
||||
|
||||
env PHP_VALUE "upload_max_filesize = 100M
|
||||
post_max_size = 100M"
|
||||
env HTTP_PROXY ""
|
||||
env HTTPS "on"
|
||||
|
||||
read_timeout 300s
|
||||
dial_timeout 300s
|
||||
write_timeout 300s
|
||||
}
|
||||
|
||||
header Strict-Transport-Security "max-age=16768000; preload;"
|
||||
header X-Content-Type-Options "nosniff"
|
||||
header X-XSS-Protection "1; mode=block;"
|
||||
header X-Robots-Tag "none"
|
||||
header Content-Security-Policy "frame-ancestors 'self'"
|
||||
header X-Frame-Options "DENY"
|
||||
header Referrer-Policy "same-origin"
|
||||
header Access-Control-Allow-Origin "*"
|
||||
header Access-Control-Allow-Methods "GET, POST, OPTIONS"
|
||||
header Access-Control-Allow-Headers "Authorization, Content-Type"
|
||||
|
||||
request_body {
|
||||
max_size 100m
|
||||
}
|
||||
|
||||
respond /.ht* 403
|
||||
}
|
||||
|
||||
wings.archfox.org {
|
||||
reverse_proxy twings:443
|
||||
}
|
||||
|
||||
omada.archfox.org {
|
||||
reverse_proxy host.docker.internal:8043 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
header_up Host "omada.archfox.org:443"
|
||||
}
|
||||
}
|
||||
|
||||
ai.archfox.org {
|
||||
reverse_proxy open-webui:8080
|
||||
}
|
||||
|
||||
p.archfox.org {
|
||||
reverse_proxy pastefy:80
|
||||
}
|
||||
|
||||
archfox.org {
|
||||
root * /srv
|
||||
file_server
|
||||
|
||||
@webfinger {
|
||||
path /.well-known/webfinger
|
||||
method GET HEAD
|
||||
query resource=acct:poslop@archfox.org
|
||||
query resource=mailto:poslop@archfox.org
|
||||
query resource=https://archfox.org
|
||||
query resource=https://archfox.org/
|
||||
}
|
||||
rewrite @webfinger /webfinger.json
|
||||
header @webfinger {
|
||||
Content-Type "application/jrd+json"
|
||||
Access-Control-Allow-Origin "*"
|
||||
X-Robots-Tag "noindex"
|
||||
}
|
||||
}
|
||||
|
||||
(global) {
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
}
|
||||
@@ -3,6 +3,6 @@ This repository is for documenting my homelab. Most documentation is found in t
|
||||
|
||||
I use docker for all of my services that I run with a docker compose file. I use ssh through a peer to peer vpn service called [Tailscale](https://tailscale.com/). Tailscale has functionality to store ssh keys and makes managing them very simple and easy with github accounts.
|
||||
|
||||
The homelab is run off of a dedicated server running a headless instance of Arch Linux. Arch linux is my Distro of preference however if I were to run a server that is required for reliability I would most likely prefer RedHat or similar for a stable environment over rolling release Arch.
|
||||
The homelab is run off of a dedicated server running a headless instance of Arch Linux. Arch linux is my Distro of preference however if I were to run a server that is required for reliability I would most likely prefer RedHat or similar for a stable environment over rolling release Arch but so far Arch has been fine.
|
||||
|
||||
Caddy is currently used to share my publicly facing services with a subdomain of mintyserver.net eg https://git.mintyserver.net. Not all services are reverse proxied such as my pihole as they are only needed to be accessed by me and therefore only accessible via local or vpn connections.
|
||||
Caddy is currently used to share my publicly facing services with a subdomain of archox.org eg https://git.archox.org. Not all services are reverse proxied such as my DNS server as they are only needed to be accessed by me and therefore only accessible via local or vpn connections.
|
||||
|
||||
@@ -32,6 +32,57 @@ services:
|
||||
- arr
|
||||
- qbit
|
||||
|
||||
lidarr:
|
||||
image: ghcr.io/hotio/lidarr:latest
|
||||
container_name: lidarr
|
||||
hostname: lidarr
|
||||
environment:
|
||||
- TZ=ETC/UTC
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
volumes:
|
||||
- ${Volumes}/arr/lidarr:/config
|
||||
- /mnt/massdrive/media/Music:/data
|
||||
ports:
|
||||
- 8686:8686
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- arr
|
||||
|
||||
slskd:
|
||||
image: slskd/slskd
|
||||
container_name: slskd
|
||||
hostname: slskd
|
||||
user: 1000:1000
|
||||
environment:
|
||||
- TZ=ETC/UTC
|
||||
- SLSKD_REMOTE_CONFIGURATION=true
|
||||
ports:
|
||||
- 5030:5030
|
||||
- 5031:5031
|
||||
- 50300:50300
|
||||
volumes:
|
||||
- ${Volumes}/arr/slskd:/app
|
||||
- /mnt/massdrive/media/Music/downloads:/app/downloads
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- arr
|
||||
|
||||
soularr:
|
||||
image: mrusse08/soularr:latest
|
||||
container_name: soularr
|
||||
hostname: soularr
|
||||
user: 1000:1000
|
||||
environment:
|
||||
- TZ=ETC/UTC
|
||||
- SCRIPT_INTERVAL=300
|
||||
volumes:
|
||||
- /mnt/massdrive/media/Music/downloads:/downloads
|
||||
- ${Volumes}/arr/soularr:/data
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- arr
|
||||
|
||||
networks:
|
||||
arr:
|
||||
name: arr
|
||||
|
||||
@@ -13,7 +13,6 @@ services:
|
||||
- caddy_set:/etc/caddy
|
||||
- caddy_srv:/srv
|
||||
- caddy_data:/data
|
||||
- piped-proxy:/var/run/ytproxy
|
||||
- caddy_config:/config
|
||||
environment:
|
||||
- CLOUDFLARE_API_TOKEN=${CF_CADDY_KEY}
|
||||
@@ -40,3 +39,5 @@ volumes:
|
||||
caddy_set:
|
||||
name: caddy_set
|
||||
external: true
|
||||
caddy_html:
|
||||
external: true
|
||||
|
||||
@@ -10,5 +10,5 @@ services:
|
||||
security_opt: [no-new-privileges:true]
|
||||
environment:
|
||||
- CLOUDFLARE_API_TOKEN=${CFKEY}
|
||||
- DOMAINS=archfox.org, jelly.archfox.org, searxng.archfox.org, bookstack.archfox.org, vault.archfox.org, git.archfox.org, nextcloud.archfox.org, aria.archfox.org, wings.archfox.org, panel.archfox.org, omada.archfox.org, mc.archfox.org
|
||||
- DOMAINS=archfox.org, jelly.archfox.org, searxng.archfox.org, bookstack.archfox.org, vault.archfox.org, git.archfox.org, nextcloud.archfox.org, aria.archfox.org, wings.archfox.org, panel.archfox.org, omada.archfox.org, mc.archfox.org, ai.archfox.org, p.archfox.org, actual.archfox.org
|
||||
- PROXIED=false
|
||||
|
||||
27
docker-compose.d/Tools/actual.yml
Normal file
27
docker-compose.d/Tools/actual.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
services:
|
||||
actual_server:
|
||||
container_name: actual
|
||||
image: docker.io/actualbudget/actual-server:latest
|
||||
environment:
|
||||
- ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=100
|
||||
- ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=100
|
||||
- ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=100
|
||||
volumes:
|
||||
- actual-data:/data
|
||||
networks:
|
||||
- caddy
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', 'node src/scripts/health-check.js']
|
||||
interval: 60s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 20s
|
||||
restart: unless-stopped
|
||||
|
||||
volumes:
|
||||
actual-data:
|
||||
external: true
|
||||
|
||||
networks:
|
||||
caddy:
|
||||
external: true
|
||||
@@ -5,11 +5,17 @@ services:
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- OLLAMA_BASE_URL=http://poslop-w:11434
|
||||
ports:
|
||||
- 3636:8080
|
||||
volumes:
|
||||
- open-webui:/app/backend/data
|
||||
networks:
|
||||
- caddy
|
||||
|
||||
|
||||
volumes:
|
||||
open-webui:
|
||||
external: true
|
||||
|
||||
networks:
|
||||
caddy:
|
||||
name: caddy
|
||||
external: true
|
||||
|
||||
45
docker-compose.d/Tools/pastefy.yml
Normal file
45
docker-compose.d/Tools/pastefy.yml
Normal file
@@ -0,0 +1,45 @@
|
||||
services:
|
||||
pastedb:
|
||||
container_name: pastedb
|
||||
image: mariadb:10.11
|
||||
volumes:
|
||||
- pastedb:/var/lib/mysql
|
||||
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: pastefy
|
||||
MYSQL_DATABASE: pastefy
|
||||
MYSQL_USER: pastefy
|
||||
MYSQL_PASSWORD: pastefy
|
||||
networks:
|
||||
- pastefy
|
||||
|
||||
pastefy:
|
||||
container_name: pastefy
|
||||
depends_on:
|
||||
- pastedb
|
||||
image: interaapps/pastefy:latest
|
||||
|
||||
environment:
|
||||
HTTP_SERVER_PORT: 80
|
||||
HTTP_SERVER_CORS: "*"
|
||||
DATABASE_DRIVER: mysql
|
||||
DATABASE_NAME: pastefy
|
||||
DATABASE_USER: pastefy
|
||||
DATABASE_PASSWORD: pastefy
|
||||
DATABASE_HOST: pastedb
|
||||
DATABASE_PORT: 3306
|
||||
SERVER_NAME: "https://p.archfox.org"
|
||||
networks:
|
||||
- caddy
|
||||
- pastefy
|
||||
|
||||
volumes:
|
||||
pastedb:
|
||||
external: true
|
||||
|
||||
networks:
|
||||
pastefy:
|
||||
name: pastefy
|
||||
caddy:
|
||||
name: caddy
|
||||
external: true
|
||||
@@ -27,9 +27,10 @@ services:
|
||||
- VPN_SERVICE_PROVIDER=mullvad
|
||||
- VPN_TYPE=wireguard
|
||||
- WIREGUARD_PRIVATE_KEY=${MULLKEY}
|
||||
- WIREGUARD_ADDRESSES=10.73.197.103/32
|
||||
- DNS_ADDRESS=10.64.0.1
|
||||
- WIREGUARD_ADDRESSES=10.75.99.140/32
|
||||
- SERVER_COUNTRIES=USA
|
||||
- SERVER_CITIES=Chicago IL
|
||||
#- DNS_ADDRESS=10.64.0.1
|
||||
volumes:
|
||||
- gluetun:/gluetun
|
||||
devices:
|
||||
|
||||
@@ -26,8 +26,9 @@ services=(
|
||||
"Tools/qbit.yml"
|
||||
"Tools/open-webui.yml"
|
||||
"Tools/watchtower.yml"
|
||||
"Tools/pastefy.yml"
|
||||
"Tools/actual.yml"
|
||||
"pterodactyl/docker-compose.yml"
|
||||
"Piped-Docker/docker-compose.yml"
|
||||
)
|
||||
|
||||
# Start building the docker compose command with multiple -f flags
|
||||
|
||||
Reference in New Issue
Block a user