Buncha changes

This commit is contained in:
Neale Pickett 2024-11-28 13:34:56 -07:00
parent 6f942be00f
commit bb058597e8
26 changed files with 285 additions and 103 deletions

1
homelab/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*/log/

13
homelab/auth/run Executable file
View File

@ -0,0 +1,13 @@
#! /bin/sh
exec 2>&1
me=$(basename $(pwd))
podman rm -f $me
podman run \
--name $me \
--network homelab \
--name auth \
--volume /srv/secrets/oauth2-proxy.cfg:/etc/oauth2-proxy.cfg:ro \
quay.io/oauth2-proxy/oauth2-proxy \
--config=/etc/oauth2-proxy.cfg

17
homelab/btrfs-scrub/run Executable file
View File

@ -0,0 +1,17 @@
#! /bin/sh
set -e
# Wait 7 days
sleep 7d
# Wait until it's after 10pm
while [ $(TZ=US/Mountain date +%H) -lt 22 ]; do
sleep 10m
done
# Limit scrub speed to 100m. Is this a good limit? I don't know!
btrfs scrub limit --limit 100m --all /sys
# Start the scrub!
btrfs scrub start /sys

View File

@ -4,21 +4,42 @@
} }
(restricted-access) { (restricted-access) {
forward_auth simpleauth:8080 { forward_auth auth:4180 {
uri / uri /oauth2/auth
copy_headers X-Simpleauth-Username copy_headers Authorization X-Auth-Request-Access-Token
header_down X-Simpleauth-Domain "woozle.org"
@bad status 4xx
handle_response {
redir https://auth.woozle.org/oauth2/start?rd={scheme}://{host}{uri}
}
} }
} }
(restricted-access-naiive) {
forward_auth auth:4180 {
uri /oauth2/auth
# No copy-headers, so things don't get confused
@bad status 4xx
handle_response {
redir https://auth.woozle.org/oauth2/start?rd={scheme}://{host}{uri}
}
}
}
auth.woozle.org {
reverse_proxy auth:4180
}
git.woozle.org { git.woozle.org {
reverse_proxy gitea:3000 reverse_proxy gitea:3000
} }
drive.woozle.org { drive.woozle.org {
import restricted-access import restricted-access-naiive
reverse_proxy webfs:5000 reverse_proxy webfs:5000
#reverse_proxy filebrowser:80 #reverse_proxy filebrowser:80
#reverse_proxy nextcloud:80
} }
# XXX: have this use caddy auth # XXX: have this use caddy auth
@ -28,13 +49,23 @@ ancestry.woozle.org {
photos.woozle.org { photos.woozle.org {
import restricted-access import restricted-access
reverse_proxy pigallery2:80 reverse_proxy photos:8080 # photofield, photoprism, pigallery2
} }
xfer.woozle.org { xfer.woozle.org {
reverse_proxy picoshare:4001 reverse_proxy picoshare:4001
} }
irc.woozle.org, irc.entar.net {
handle_path /socket {
reverse_proxy ircd:8067
}
handle /imgme/* {
reverse_proxy imgme:8080
}
root * /srv/sys/www/irc.woozle.org/
file_server
}
## ##
## handle sends original path ## handle sends original path
@ -71,7 +102,6 @@ deergrove.woozle.org {
handle /prowlarr/* { handle /prowlarr/* {
reverse_proxy prowlarr:9696 reverse_proxy prowlarr:9696
} }
handle_path /sucker/* { handle_path /sucker/* {
reverse_proxy sucker:8080 reverse_proxy sucker:8080
} }

View File

@ -0,0 +1,106 @@
{
email neale@woozle.org
#debug
}
(restricted-access) {
forward_auth simpleauth:8080 {
uri /
copy_headers X-Simpleauth-Username
header_down X-Simpleauth-Domain "woozle.org"
}
}
git.woozle.org {
reverse_proxy gitea:3000
}
drive.woozle.org {
import restricted-access
reverse_proxy webfs:5000
#reverse_proxy filebrowser:80
}
# XXX: have this use caddy auth
ancestry.woozle.org {
reverse_proxy geneweb:2317
}
photos.woozle.org {
import restricted-access
#reverse_proxy photos:8080
reverse_proxy photos:2342
}
xfer.woozle.org {
reverse_proxy picoshare:4001
}
irc.woozle.org, irc.entar.net {
handle_path /socket {
reverse_proxy ircd:8067
}
handle /imgme/* {
reverse_proxy imgme:8080
}
root * /srv/sys/www/irc.woozle.org/
file_server
}
##
## handle sends original path
## handle_path truncates path
##
deergrove.woozle.org {
import restricted-access
handle_path /ddns/* {
reverse_proxy ddns:8000
}
handle /transmission/* {
reverse_proxy transmission:9091
}
handle /nzbget/* {
reverse_proxy nzbget:6789
}
handle /sonarr/* {
reverse_proxy sonarr:8989
}
handle /radarr/* {
reverse_proxy radarr:7878
}
handle /readarr/* {
reverse_proxy readarr:8787
}
handle /lidarr/* {
reverse_proxy lidarr:8686
}
handle /prowlarr/* {
reverse_proxy prowlarr:9696
}
handle_path /sucker/* {
reverse_proxy sucker:8080
}
handle_path /netdata/* {
reverse_proxy netdata:19999
}
# Octoprint serves up broken webcam URLs
uri replace /webcam/ /octoprint/webcam/
handle_path /octoprint/* {
reverse_proxy {
to 192.168.86.20:80
header_up X-Script-Name "/octoprint"
}
}
handle {
reverse_proxy portal:8080
}
}

View File

@ -1,6 +1,9 @@
#! /bin/sh #! /bin/sh
exec 2>&1
me=$(basename $(pwd)) me=$(basename $(pwd))
podman rm $me podman rm -f $me
podman run \ podman run \
--name $me \ --name $me \
--network homelab \ --network homelab \

View File

@ -1,7 +1,7 @@
. { . {
bind 192.168.86.2 bind 192.168.86.2
hosts { hosts {
192.168.86.2 sweetums.woozle.org deergrove.woozle.org drive.woozle.org git.woozle.org ancestry.woozle.org media.woozle.org photos.woozle.org auth.woozle.org xfer.woozle.org 192.168.86.2 sweetums.woozle.org deergrove.woozle.org drive.woozle.org git.woozle.org ancestry.woozle.org media.woozle.org photos.woozle.org auth.woozle.org xfer.woozle.org irc.woozle.org irc.entar.net
fallthrough fallthrough
} }
forward . 1.1.1.1 1.0.0.1 8.8.8.8 forward . 1.1.1.1 1.0.0.1 8.8.8.8

8
homelab/imgme/run Executable file
View File

@ -0,0 +1,8 @@
#! /bin/sh
me=$(basename $(pwd))
podman rm $me
podman run \
--name $me \
--network homelab \
--volume /srv/sys/imgme:/cache \
git.woozle.org/neale/imgme

3
homelab/ircd/finish Executable file
View File

@ -0,0 +1,3 @@
#! /bin/sh
me=$(basename $(pwd))
podman stop $me

14
homelab/ircd/run Executable file
View File

@ -0,0 +1,14 @@
#! /bin/sh
exec 2>&1
me=$(basename $(pwd))
podman rm -f $me
podman run \
--name $me \
--publish 6697:6697 \
--network homelab \
--volume /srv/sys/ircd:/ircd/ \
--volume /srv/sys/caddy/certificates/acme-v02.api.letsencrypt.org-directory/irc.woozle.org/:/ircd/certs:ro \
ghcr.io/ergochat/ergo

View File

@ -0,0 +1,11 @@
collections:
- name: Fam
layout: timeline
dirs:
- /srv/storage/fam/Photos
- name: Ginnie
layout: timeline
dirs:
- /srv/storage/ginnie/Photos

1
homelab/photos/run Symbolic link
View File

@ -0,0 +1 @@
run.pigallery2

13
homelab/photos/run.photofield Executable file
View File

@ -0,0 +1,13 @@
#! /bin/sh
podman rm -f photos
podman run \
--name=photos \
--network=homelab \
--cpu-shares=256 \
-v /srv/sys/photofield/:/app/data \
-v /srv/storage/fam/Photos:/srv/storage/fam/Photos:ro \
-v /srv/storage/ginnie/Photos:/srv/storage/ginnie/Photos:ro \
-v /etc/service/photos/photofield.yaml:/app/data/configuration.yaml:ro \
ghcr.io/smilyorg/photofield

16
homelab/photos/run.photoprism Executable file
View File

@ -0,0 +1,16 @@
#! /bin/sh
podman rm -f photos
podman run \
--name=photos \
--network=homelab \
--cpu-shares=256 \
--env PHOTOPRISM_SITE_URL=https://photos.woozle.org/ \
--env PHOTOPRISM_AUTH_MODE=public \
--env PHOTOPRISM_READONLY=true \
--env PHOTOPRISM_HTTP_PORT=8080 \
-v /srv/sys/photoprism/:/photoprism/storage \
-v /srv/storage/fam/Photos:/photoprism/originals/fam \
-v /srv/storage/ginnie/Photos:/photoprism/originals/ginnie \
photoprism/photoprism:latest

View File

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
me=$(basename $(pwd)) me=$(basename $(pwd))
podman rm $me podman rm -f $me
podman run \ podman run \
--name $me \ --name $me \
--network homelab \ --network homelab \
@ -8,5 +8,5 @@ podman run \
--volume /srv/sys/pigallery2/db:/app/data/db \ --volume /srv/sys/pigallery2/db:/app/data/db \
--volume /srv/sys/pigallery2/cache:/app/data/cache \ --volume /srv/sys/pigallery2/cache:/app/data/cache \
--volume /srv/storage/fam/Photos:/photos/fam:ro \ --volume /srv/storage/fam/Photos:/photos/fam:ro \
--volume /srv/storage/ginnie/Photos:/photos/ginnie:ro \ --volume /home/ginnie/Photos:/photos/ginnie:ro \
bpatrik/pigallery2:latest bpatrik/pigallery2:latest

Binary file not shown.

Before

Width:  |  Height:  |  Size: 30 KiB

View File

@ -1,76 +0,0 @@
[
{
"title": "Storage",
"href": "https://drive.woozle.org/",
"icon": "https://drive.woozle.org/storage/public/icons/cloud-folder.png",
"target": "_blank"
},
{
"title": "Photos",
"href": "https://photos.woozle.org/",
"icon": "https://photos.woozle.org/assets/icon_inv.png",
"target": "_blank"
},
{
"title": "Git",
"href": "https://git.woozle.org/",
"icon": "https://git.woozle.org/assets/img/logo.svg",
"target": "_blank"
},
{
"title": "Genealogy",
"href": "https://ancestry.woozle.org/",
"icon": "https://ancestry.woozle.org/images/arbre_start.png",
"target": "_blank"
},
{
"title": "Movies",
"href": "https://deergrove.woozle.org/radarr/",
"icon": "/radarr/Content/Images/logo.svg"
},
{
"title": "Episodes",
"href": "https://deergrove.woozle.org/sonarr/",
"icon": "/sonarr/Content/Images/logo.svg"
},
{
"title": "Music",
"href": "https://deergrove.woozle.org/lidarr/",
"icon": "/lidarr/Content/Images/logo.svg"
},
{
"title": "Books",
"href": "https://deergrove.woozle.org/readarr/",
"icon": "/readarr/Content/Images/logo.svg"
},
{
"title": "Media Sucker",
"href": "https://deergrove.woozle.org/sucker/",
"icon": "/sucker/cd-dvd.svg"
},
{
"title": "Searcher",
"href": "https://deergrove.woozle.org/prowlarr/",
"icon": "/prowlarr/Content/Images/logo.png"
},
{
"title": "Usenet",
"href": "https://deergrove.woozle.org/nzbget/",
"icon": "/nzbget/img/favicon-256x256.png"
},
{
"title": "BitTorrent",
"href": "https://deergrove.woozle.org/transmission/web/",
"icon": "/transmission/web/images/webclip-icon.png"
},
{
"title": "3D Printer",
"href": "https://deergrove.woozle.org/octoprint/",
"icon": "/octoprint/static/img/logo.png"
},
{
"title": "Host Stats",
"href": "/stat.html",
"app": "stat"
}
]

15
homelab/plex/README.md Normal file
View File

@ -0,0 +1,15 @@
Notes To Self
=============
You are probably going to have to re-claim the server again
at some point.
https://support.plex.tv/articles/204281528-why-am-i-locked-out-of-server-settings-and-how-do-i-get-in/
This requires removing some entries from a config file in
/srv/sys.
Plex wants you to connect to http://localhost:32400.
Use SSH port forwarding:
ssh -L 32400:localhost:32400 sweetums.lan

View File

@ -4,7 +4,6 @@ podman rm $me
podman run \ podman run \
--name $me \ --name $me \
--network host \ --network host \
--tz US/Mountain \
--env VERSION=public \ --env VERSION=public \
--mount type=bind,src=/srv/sys/plex,dst=/config \ --mount type=bind,src=/srv/sys/plex,dst=/config \
--mount type=bind,src=/srv/media,dst=/srv/media,readonly=true \ --mount type=bind,src=/srv/media,dst=/srv/media,readonly=true \

View File

@ -23,16 +23,16 @@
"icon": "https://ancestry.woozle.org/images/arbre_start.png", "icon": "https://ancestry.woozle.org/images/arbre_start.png",
"target": "_blank" "target": "_blank"
}, },
{
"title": "TV",
"href": "https://deergrove.woozle.org/sonarr/",
"icon": "/sonarr/Content/Images/logo.svg"
},
{ {
"title": "Movies", "title": "Movies",
"href": "https://deergrove.woozle.org/radarr/", "href": "https://deergrove.woozle.org/radarr/",
"icon": "/radarr/Content/Images/logo.svg" "icon": "/radarr/Content/Images/logo.svg"
}, },
{
"title": "Episodes",
"href": "https://deergrove.woozle.org/sonarr/",
"icon": "/sonarr/Content/Images/logo.svg"
},
{ {
"title": "Music", "title": "Music",
"href": "https://deergrove.woozle.org/lidarr/", "href": "https://deergrove.woozle.org/lidarr/",
@ -63,11 +63,6 @@
"href": "https://deergrove.woozle.org/transmission/web/", "href": "https://deergrove.woozle.org/transmission/web/",
"icon": "/transmission/web/images/webclip-icon.png" "icon": "/transmission/web/images/webclip-icon.png"
}, },
{
"title": "3D Printer",
"href": "https://deergrove.woozle.org/octoprint/",
"icon": "/octoprint/static/img/logo.png"
},
{ {
"title": "Host Stats", "title": "Host Stats",
"href": "/stat.html", "href": "/stat.html",

View File

@ -1,11 +1,10 @@
#! /bin/sh #! /bin/sh
me=$(basename $(pwd)) me=$(basename $(pwd))
podman rm $me podman rm $me
# You gotta use host networking to get discovery gubbins
podman run \ podman run \
--name $me \ --name $me \
--network homelab \ --network host \
--publish 139:139 \
--publish 445:445 \
--env NMBD=enable \ --env NMBD=enable \
--env RECYCLE=disable \ --env RECYCLE=disable \
--env USERID=911 \ --env USERID=911 \

0
homelab/skeleton/down Normal file
View File

10
homelab/skeleton/run Executable file
View File

@ -0,0 +1,10 @@
#! /bin/sh
exec 2>&1
me=$(basename $(pwd))
podman rm -f $me
podman run \
--name $me \
--network homelab \
caddy:2-alpine

View File

@ -6,7 +6,7 @@ podman run \
--device-cgroup-rule 'b 11:* rmw' \ --device-cgroup-rule 'b 11:* rmw' \
--network homelab \ --network homelab \
-v /dev:/hdev \ -v /dev:/hdev \
-v /srv/ext/incoming/sucker:/incoming/sucker \ -v /srv/incoming/sucker:/incoming/sucker \
--cpu-shares 256 \ --cpu-shares 256 \
--user 911:19 \ --user 911:19 \
git.woozle.org/neale/media-sucker \ git.woozle.org/neale/media-sucker \

View File

@ -8,4 +8,8 @@ podman run \
--volume /srv/storage:/srv/storage \ --volume /srv/storage:/srv/storage \
--volume /srv/incoming:/srv/incoming \ --volume /srv/incoming:/srv/incoming \
--volume /srv/media:/srv/media \ --volume /srv/media:/srv/media \
sigoden/dufs -A /srv sigoden/dufs \
--auth @/:rw \
--auth neale@/:rw \
-A \
/srv