diff --git a/homelab/.gitignore b/homelab/.gitignore new file mode 100644 index 0000000..8b7b6c0 --- /dev/null +++ b/homelab/.gitignore @@ -0,0 +1 @@ +*/log/ diff --git a/homelab/auth/run b/homelab/auth/run new file mode 100755 index 0000000..9a58241 --- /dev/null +++ b/homelab/auth/run @@ -0,0 +1,13 @@ +#! /bin/sh + +exec 2>&1 + +me=$(basename $(pwd)) +podman rm -f $me +podman run \ + --name $me \ + --network homelab \ + --name auth \ + --volume /srv/secrets/oauth2-proxy.cfg:/etc/oauth2-proxy.cfg:ro \ + quay.io/oauth2-proxy/oauth2-proxy \ + --config=/etc/oauth2-proxy.cfg diff --git a/homelab/btrfs-scrub/run b/homelab/btrfs-scrub/run new file mode 100755 index 0000000..3ffea8e --- /dev/null +++ b/homelab/btrfs-scrub/run @@ -0,0 +1,17 @@ +#! /bin/sh + +set -e + +# Wait 7 days +sleep 7d + +# Wait until it's after 10pm +while [ $(TZ=US/Mountain date +%H) -lt 22 ]; do + sleep 10m +done + +# Limit scrub speed to 100m. Is this a good limit? I don't know! +btrfs scrub limit --limit 100m --all /sys + +# Start the scrub! +btrfs scrub start /sys diff --git a/homelab/caddy/Caddyfile b/homelab/caddy/Caddyfile index e1d5d86..3f455eb 100644 --- a/homelab/caddy/Caddyfile +++ b/homelab/caddy/Caddyfile @@ -4,21 +4,42 @@ } (restricted-access) { - forward_auth simpleauth:8080 { - uri / - copy_headers X-Simpleauth-Username - header_down X-Simpleauth-Domain "woozle.org" + forward_auth auth:4180 { + uri /oauth2/auth + copy_headers Authorization X-Auth-Request-Access-Token + + @bad status 4xx + handle_response { + redir https://auth.woozle.org/oauth2/start?rd={scheme}://{host}{uri} + } } } +(restricted-access-naiive) { + forward_auth auth:4180 { + uri /oauth2/auth + # No copy-headers, so things don't get confused + + @bad status 4xx + handle_response { + redir https://auth.woozle.org/oauth2/start?rd={scheme}://{host}{uri} + } + } +} + +auth.woozle.org { + reverse_proxy auth:4180 +} + git.woozle.org { reverse_proxy gitea:3000 } drive.woozle.org { - import restricted-access + import restricted-access-naiive reverse_proxy webfs:5000 #reverse_proxy filebrowser:80 + #reverse_proxy nextcloud:80 } # XXX: have this use caddy auth @@ -28,13 +49,23 @@ ancestry.woozle.org { photos.woozle.org { import restricted-access - reverse_proxy pigallery2:80 + reverse_proxy photos:8080 # photofield, photoprism, pigallery2 } xfer.woozle.org { reverse_proxy picoshare:4001 } +irc.woozle.org, irc.entar.net { + handle_path /socket { + reverse_proxy ircd:8067 + } + handle /imgme/* { + reverse_proxy imgme:8080 + } + root * /srv/sys/www/irc.woozle.org/ + file_server +} ## ## handle sends original path @@ -71,7 +102,6 @@ deergrove.woozle.org { handle /prowlarr/* { reverse_proxy prowlarr:9696 } - handle_path /sucker/* { reverse_proxy sucker:8080 } diff --git a/homelab/caddy/Caddyfile.simpleauth b/homelab/caddy/Caddyfile.simpleauth new file mode 100644 index 0000000..c7b15d8 --- /dev/null +++ b/homelab/caddy/Caddyfile.simpleauth @@ -0,0 +1,106 @@ +{ + email neale@woozle.org + #debug +} + +(restricted-access) { + forward_auth simpleauth:8080 { + uri / + copy_headers X-Simpleauth-Username + header_down X-Simpleauth-Domain "woozle.org" + } +} + +git.woozle.org { + reverse_proxy gitea:3000 +} + +drive.woozle.org { + import restricted-access + reverse_proxy webfs:5000 + #reverse_proxy filebrowser:80 +} + +# XXX: have this use caddy auth +ancestry.woozle.org { + reverse_proxy geneweb:2317 +} + +photos.woozle.org { + import restricted-access + #reverse_proxy photos:8080 + reverse_proxy photos:2342 +} + +xfer.woozle.org { + reverse_proxy picoshare:4001 +} + +irc.woozle.org, irc.entar.net { + handle_path /socket { + reverse_proxy ircd:8067 + } + handle /imgme/* { + reverse_proxy imgme:8080 + } + root * /srv/sys/www/irc.woozle.org/ + file_server +} + +## +## handle sends original path +## handle_path truncates path +## + +deergrove.woozle.org { + import restricted-access + + handle_path /ddns/* { + reverse_proxy ddns:8000 + } + + handle /transmission/* { + reverse_proxy transmission:9091 + } + + handle /nzbget/* { + reverse_proxy nzbget:6789 + } + + handle /sonarr/* { + reverse_proxy sonarr:8989 + } + handle /radarr/* { + reverse_proxy radarr:7878 + } + handle /readarr/* { + reverse_proxy readarr:8787 + } + handle /lidarr/* { + reverse_proxy lidarr:8686 + } + handle /prowlarr/* { + reverse_proxy prowlarr:9696 + } + + handle_path /sucker/* { + reverse_proxy sucker:8080 + } + + handle_path /netdata/* { + reverse_proxy netdata:19999 + } + + # Octoprint serves up broken webcam URLs + uri replace /webcam/ /octoprint/webcam/ + handle_path /octoprint/* { + reverse_proxy { + to 192.168.86.20:80 + header_up X-Script-Name "/octoprint" + } + } + + handle { + reverse_proxy portal:8080 + } +} diff --git a/homelab/caddy/run b/homelab/caddy/run index 61c9d75..9f4d42a 100755 --- a/homelab/caddy/run +++ b/homelab/caddy/run @@ -1,6 +1,9 @@ #! /bin/sh + +exec 2>&1 + me=$(basename $(pwd)) -podman rm $me +podman rm -f $me podman run \ --name $me \ --network homelab \ diff --git a/homelab/coredns/Corefile b/homelab/coredns/Corefile index 3f5254a..82c09ff 100644 --- a/homelab/coredns/Corefile +++ b/homelab/coredns/Corefile @@ -1,7 +1,7 @@ . { bind 192.168.86.2 hosts { - 192.168.86.2 sweetums.woozle.org deergrove.woozle.org drive.woozle.org git.woozle.org ancestry.woozle.org media.woozle.org photos.woozle.org auth.woozle.org xfer.woozle.org + 192.168.86.2 sweetums.woozle.org deergrove.woozle.org drive.woozle.org git.woozle.org ancestry.woozle.org media.woozle.org photos.woozle.org auth.woozle.org xfer.woozle.org irc.woozle.org irc.entar.net fallthrough } forward . 1.1.1.1 1.0.0.1 8.8.8.8 diff --git a/homelab/pigallery2/finish b/homelab/imgme/finish similarity index 100% rename from homelab/pigallery2/finish rename to homelab/imgme/finish diff --git a/homelab/imgme/run b/homelab/imgme/run new file mode 100755 index 0000000..7a20a39 --- /dev/null +++ b/homelab/imgme/run @@ -0,0 +1,8 @@ +#! /bin/sh +me=$(basename $(pwd)) +podman rm $me +podman run \ + --name $me \ + --network homelab \ + --volume /srv/sys/imgme:/cache \ + git.woozle.org/neale/imgme diff --git a/homelab/ircd/finish b/homelab/ircd/finish new file mode 100755 index 0000000..0428209 --- /dev/null +++ b/homelab/ircd/finish @@ -0,0 +1,3 @@ +#! /bin/sh +me=$(basename $(pwd)) +podman stop $me diff --git a/homelab/ircd/run b/homelab/ircd/run new file mode 100755 index 0000000..af076d1 --- /dev/null +++ b/homelab/ircd/run @@ -0,0 +1,14 @@ +#! /bin/sh + +exec 2>&1 + +me=$(basename $(pwd)) + +podman rm -f $me +podman run \ + --name $me \ + --publish 6697:6697 \ + --network homelab \ + --volume /srv/sys/ircd:/ircd/ \ + --volume /srv/sys/caddy/certificates/acme-v02.api.letsencrypt.org-directory/irc.woozle.org/:/ircd/certs:ro \ + ghcr.io/ergochat/ergo diff --git a/homelab/photos/photofield.yaml b/homelab/photos/photofield.yaml new file mode 100644 index 0000000..a36d565 --- /dev/null +++ b/homelab/photos/photofield.yaml @@ -0,0 +1,11 @@ +collections: + - name: Fam + layout: timeline + dirs: + - /srv/storage/fam/Photos + + - name: Ginnie + layout: timeline + dirs: + - /srv/storage/ginnie/Photos + diff --git a/homelab/photos/run b/homelab/photos/run new file mode 120000 index 0000000..3b5b5df --- /dev/null +++ b/homelab/photos/run @@ -0,0 +1 @@ +run.pigallery2 \ No newline at end of file diff --git a/homelab/photos/run.photofield b/homelab/photos/run.photofield new file mode 100755 index 0000000..577bca5 --- /dev/null +++ b/homelab/photos/run.photofield @@ -0,0 +1,13 @@ +#! /bin/sh + +podman rm -f photos +podman run \ + --name=photos \ + --network=homelab \ + --cpu-shares=256 \ + -v /srv/sys/photofield/:/app/data \ + -v /srv/storage/fam/Photos:/srv/storage/fam/Photos:ro \ + -v /srv/storage/ginnie/Photos:/srv/storage/ginnie/Photos:ro \ + -v /etc/service/photos/photofield.yaml:/app/data/configuration.yaml:ro \ + ghcr.io/smilyorg/photofield + diff --git a/homelab/photos/run.photoprism b/homelab/photos/run.photoprism new file mode 100755 index 0000000..8af95a3 --- /dev/null +++ b/homelab/photos/run.photoprism @@ -0,0 +1,16 @@ +#! /bin/sh + +podman rm -f photos +podman run \ + --name=photos \ + --network=homelab \ + --cpu-shares=256 \ + --env PHOTOPRISM_SITE_URL=https://photos.woozle.org/ \ + --env PHOTOPRISM_AUTH_MODE=public \ + --env PHOTOPRISM_READONLY=true \ + --env PHOTOPRISM_HTTP_PORT=8080 \ + -v /srv/sys/photoprism/:/photoprism/storage \ + -v /srv/storage/fam/Photos:/photoprism/originals/fam \ + -v /srv/storage/ginnie/Photos:/photoprism/originals/ginnie \ + photoprism/photoprism:latest + diff --git a/homelab/pigallery2/run b/homelab/photos/run.pigallery2 similarity index 81% rename from homelab/pigallery2/run rename to homelab/photos/run.pigallery2 index c9309eb..06445b0 100755 --- a/homelab/pigallery2/run +++ b/homelab/photos/run.pigallery2 @@ -1,6 +1,6 @@ #! /bin/sh me=$(basename $(pwd)) -podman rm $me +podman rm -f $me podman run \ --name $me \ --network homelab \ @@ -8,5 +8,5 @@ podman run \ --volume /srv/sys/pigallery2/db:/app/data/db \ --volume /srv/sys/pigallery2/cache:/app/data/cache \ --volume /srv/storage/fam/Photos:/photos/fam:ro \ - --volume /srv/storage/ginnie/Photos:/photos/ginnie:ro \ + --volume /home/ginnie/Photos:/photos/ginnie:ro \ bpatrik/pigallery2:latest diff --git a/homelab/pigallery2/deergrove.png b/homelab/pigallery2/deergrove.png deleted file mode 100644 index 16817e6..0000000 Binary files a/homelab/pigallery2/deergrove.png and /dev/null differ diff --git a/homelab/pigallery2/portal.json b/homelab/pigallery2/portal.json deleted file mode 100644 index 1cfe1d9..0000000 --- a/homelab/pigallery2/portal.json +++ /dev/null @@ -1,76 +0,0 @@ -[ - { - "title": "Storage", - "href": "https://drive.woozle.org/", - "icon": "https://drive.woozle.org/storage/public/icons/cloud-folder.png", - "target": "_blank" - }, - { - "title": "Photos", - "href": "https://photos.woozle.org/", - "icon": "https://photos.woozle.org/assets/icon_inv.png", - "target": "_blank" - }, - { - "title": "Git", - "href": "https://git.woozle.org/", - "icon": "https://git.woozle.org/assets/img/logo.svg", - "target": "_blank" - }, - { - "title": "Genealogy", - "href": "https://ancestry.woozle.org/", - "icon": "https://ancestry.woozle.org/images/arbre_start.png", - "target": "_blank" - }, - { - "title": "Movies", - "href": "https://deergrove.woozle.org/radarr/", - "icon": "/radarr/Content/Images/logo.svg" - }, - { - "title": "Episodes", - "href": "https://deergrove.woozle.org/sonarr/", - "icon": "/sonarr/Content/Images/logo.svg" - }, - { - "title": "Music", - "href": "https://deergrove.woozle.org/lidarr/", - "icon": "/lidarr/Content/Images/logo.svg" - }, - { - "title": "Books", - "href": "https://deergrove.woozle.org/readarr/", - "icon": "/readarr/Content/Images/logo.svg" - }, - { - "title": "Media Sucker", - "href": "https://deergrove.woozle.org/sucker/", - "icon": "/sucker/cd-dvd.svg" - }, - { - "title": "Searcher", - "href": "https://deergrove.woozle.org/prowlarr/", - "icon": "/prowlarr/Content/Images/logo.png" - }, - { - "title": "Usenet", - "href": "https://deergrove.woozle.org/nzbget/", - "icon": "/nzbget/img/favicon-256x256.png" - }, - { - "title": "BitTorrent", - "href": "https://deergrove.woozle.org/transmission/web/", - "icon": "/transmission/web/images/webclip-icon.png" - }, - { - "title": "3D Printer", - "href": "https://deergrove.woozle.org/octoprint/", - "icon": "/octoprint/static/img/logo.png" - }, - { - "title": "Host Stats", - "href": "/stat.html", - "app": "stat" - } -] diff --git a/homelab/plex/README.md b/homelab/plex/README.md new file mode 100644 index 0000000..07f8b57 --- /dev/null +++ b/homelab/plex/README.md @@ -0,0 +1,15 @@ +Notes To Self +============= + +You are probably going to have to re-claim the server again +at some point. + +https://support.plex.tv/articles/204281528-why-am-i-locked-out-of-server-settings-and-how-do-i-get-in/ + +This requires removing some entries from a config file in +/srv/sys. + +Plex wants you to connect to http://localhost:32400. +Use SSH port forwarding: + + ssh -L 32400:localhost:32400 sweetums.lan diff --git a/homelab/plex/run b/homelab/plex/run index 05294e3..c8fd1a3 100755 --- a/homelab/plex/run +++ b/homelab/plex/run @@ -4,7 +4,6 @@ podman rm $me podman run \ --name $me \ --network host \ - --tz US/Mountain \ --env VERSION=public \ --mount type=bind,src=/srv/sys/plex,dst=/config \ --mount type=bind,src=/srv/media,dst=/srv/media,readonly=true \ diff --git a/homelab/portal/portal.json b/homelab/portal/portal.json index d7577db..a050073 100644 --- a/homelab/portal/portal.json +++ b/homelab/portal/portal.json @@ -23,16 +23,16 @@ "icon": "https://ancestry.woozle.org/images/arbre_start.png", "target": "_blank" }, + { + "title": "TV", + "href": "https://deergrove.woozle.org/sonarr/", + "icon": "/sonarr/Content/Images/logo.svg" + }, { "title": "Movies", "href": "https://deergrove.woozle.org/radarr/", "icon": "/radarr/Content/Images/logo.svg" }, - { - "title": "Episodes", - "href": "https://deergrove.woozle.org/sonarr/", - "icon": "/sonarr/Content/Images/logo.svg" - }, { "title": "Music", "href": "https://deergrove.woozle.org/lidarr/", @@ -63,11 +63,6 @@ "href": "https://deergrove.woozle.org/transmission/web/", "icon": "/transmission/web/images/webclip-icon.png" }, - { - "title": "3D Printer", - "href": "https://deergrove.woozle.org/octoprint/", - "icon": "/octoprint/static/img/logo.png" - }, { "title": "Host Stats", "href": "/stat.html", diff --git a/homelab/samba/run b/homelab/samba/run index 82fdc32..b4ffce2 100755 --- a/homelab/samba/run +++ b/homelab/samba/run @@ -1,11 +1,10 @@ #! /bin/sh me=$(basename $(pwd)) podman rm $me +# You gotta use host networking to get discovery gubbins podman run \ --name $me \ - --network homelab \ - --publish 139:139 \ - --publish 445:445 \ + --network host \ --env NMBD=enable \ --env RECYCLE=disable \ --env USERID=911 \ diff --git a/homelab/skeleton/down b/homelab/skeleton/down new file mode 100644 index 0000000..e69de29 diff --git a/homelab/skeleton/run b/homelab/skeleton/run new file mode 100755 index 0000000..e9f7e1e --- /dev/null +++ b/homelab/skeleton/run @@ -0,0 +1,10 @@ +#! /bin/sh + +exec 2>&1 + +me=$(basename $(pwd)) +podman rm -f $me +podman run \ + --name $me \ + --network homelab \ + caddy:2-alpine diff --git a/homelab/sucker/run b/homelab/sucker/run index c19f5cb..8484360 100755 --- a/homelab/sucker/run +++ b/homelab/sucker/run @@ -6,7 +6,7 @@ podman run \ --device-cgroup-rule 'b 11:* rmw' \ --network homelab \ -v /dev:/hdev \ - -v /srv/ext/incoming/sucker:/incoming/sucker \ + -v /srv/incoming/sucker:/incoming/sucker \ --cpu-shares 256 \ --user 911:19 \ git.woozle.org/neale/media-sucker \ diff --git a/homelab/webfs/run b/homelab/webfs/run index 3bec13f..eb4d5fc 100755 --- a/homelab/webfs/run +++ b/homelab/webfs/run @@ -8,4 +8,8 @@ podman run \ --volume /srv/storage:/srv/storage \ --volume /srv/incoming:/srv/incoming \ --volume /srv/media:/srv/media \ - sigoden/dufs -A /srv + sigoden/dufs \ + --auth @/:rw \ + --auth neale@/:rw \ + -A \ + /srv