diff --git a/homelab/.gitignore b/homelab/.gitignore
index f0764f1..b3843ab 100644
--- a/homelab/.gitignore
+++ b/homelab/.gitignore
@@ -1,2 +1,3 @@
password
samba-users.env
+secrets
diff --git a/homelab/Caddyfile b/homelab/Caddyfile
new file mode 100644
index 0000000..1609eca
--- /dev/null
+++ b/homelab/Caddyfile
@@ -0,0 +1,60 @@
+{
+ email neale@woozle.org
+
+ # Uncomment to use testing CA
+ #acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
+}
+
+import /run/secrets/caddy-users
+
+(restricted-access) {
+ basicauth {
+ import home-users
+ }
+}
+
+git.woozle.org {
+ reverse_proxy gitea:3000
+}
+
+drive.woozle.org {
+ import restricted-access
+
+ # XXX: browsing says method not allowed
+ @get {
+ method GET
+ }
+ # route overrides built-in ordering
+ route {
+ file_server @get browse {
+ root /srv/ext/
+ }
+ reverse_proxy webdav:8000
+ }
+}
+
+# XXX: have this use caddy auth
+ancestry.woozle.org {
+ reverse_proxy geneweb:2317
+}
+
+sweetums.woozle.org {
+ handle /transmission/* {
+ import restricted-access
+ reverse_proxy host.docker.internal:9091
+ }
+ handle_path /sucker/* {
+ import restricted-access
+ reverse_proxy host.docker.internal:5880
+ }
+
+ file_server /public/* {
+ root /srv/ext/storage/public
+ }
+
+ import restricted-access
+ file_server {
+ root /www
+ }
+}
+
diff --git a/homelab/HOSTS b/homelab/HOSTS
deleted file mode 100644
index 490e677..0000000
--- a/homelab/HOSTS
+++ /dev/null
@@ -1 +0,0 @@
-sweetums.woozle.org
diff --git a/homelab/dave.yaml b/homelab/dave.yaml
new file mode 100644
index 0000000..b5ae6cf
--- /dev/null
+++ b/homelab/dave.yaml
@@ -0,0 +1,4 @@
+address: "0.0.0.0"
+port: "8000"
+dir: "/data"
+prefix: "/"
diff --git a/homelab/deploy.sh b/homelab/deploy.sh
index a3308fa..f42b263 100755
--- a/homelab/deploy.sh
+++ b/homelab/deploy.sh
@@ -2,9 +2,4 @@
stack=$(basename $(pwd))
-cat HOSTS | while read host; do
- echo "=== $host"
- export FQDN=$host
- export HOSTNAME=${host%%.*}
- docker -H ssh://$host stack deploy -c docker-compose.yaml --prune $stack
-done
+docker stack deploy -c docker-compose.yaml --prune $stack
diff --git a/homelab/docker-compose.yaml b/homelab/docker-compose.yaml
index a9c24ac..3295a13 100644
--- a/homelab/docker-compose.yaml
+++ b/homelab/docker-compose.yaml
@@ -1,21 +1,7 @@
version: "3.8"
services:
- traefik:
- image: traefik
- environment:
- TRAEFIK_API: "true"
- TRAEFIK_API_INSECURE: "true"
- TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80
- TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
- TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
- TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443
- TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
- TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org
- TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json
- XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
- TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true"
- TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true"
- TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
+ caddy:
+ image: caddy:2-alpine
ports:
- target: 443
published: 443
@@ -25,34 +11,21 @@ services:
mode: host
volumes:
- type: bind
- source: /var/run/docker.sock
- target: /var/run/docker.sock
+ source: /srv/ext
+ target: /srv/ext
read_only: true
- type: bind
- source: /srv/ext/sys/traefik/acme.json
- target: /acme.json
- deploy:
- labels:
- # XXX: This HSTS stuff doesn't seem to be working
- traefik.enable: "true"
- traefik.frontend.headers.STSSeconds: "31536000"
- traefik.frontend.headers.STSPreload: "true"
- traefik.http.routers.dashboard.rule: "Host(`$FQDN`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- traefik.http.routers.dashboard.tls.certresolver: letsencrypt
- traefik.http.routers.dashboard.middlewares: forward-auth
- traefik.http.routers.dashboard.service: api@internal
- traefik.http.middlewares.forward-auth.forwardauth.address: http://simpleauth:8080/
- traefik.http.services.traefik.loadbalancer.server.port: "1"
-
- simpleauth:
- image: ghcr.io/nealey/simpleauth
+ source: /srv/ext/sys/caddy
+ target: /data/caddy
+ configs:
+ - source: Caddyfile
+ target: /etc/caddy/Caddyfile
+ - source: index.html
+ target: /www/index.html
secrets:
- - password
- deploy:
- labels:
- traefik.enable: "true"
- traefik.http.routers.simpleauth.rule: "Host(`$FQDN`) && Path(`/`)"
- traefik.http.services.simpleauth.loadbalancer.server.port: "8080"
+ - caddy-users
+ extra_hosts:
+ - host.docker.internal:host-gateway
plex:
image: ghcr.io/linuxserver/plex
@@ -61,6 +34,7 @@ services:
environment:
TZ: US/Mountain
VERSION: public
+ PLEX_CLAIM: claim-jp4-HfTyRzCce4WzUdj5
volumes:
- type: bind
source: /srv/ext/sys/plex
@@ -83,11 +57,6 @@ services:
- type: bind
source: /srv/ext/incoming
target: /srv/ext/incoming
- deploy:
- labels:
- # This isn't going to work, because transmission binds to the host network.
- traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)"
- traefik.http.services.transmission.loadbalancer.server.port: "9091"
gitea:
image: gitea/gitea:1
@@ -106,13 +75,6 @@ services:
source: /etc/localtime
target: /etc/localtime
read_only: true
- deploy:
- labels:
- traefik.enable: "true"
- traefik.http.routers.gitea.rule: "Host(`git.woozle.org`)"
- traefik.http.routers.gitea.middlewares: gitea-striparoo
- traefik.http.middlewares.gitea-striparoo.stripprefix.prefixes: "/gitea"
- traefik.http.services.gitea.loadbalancer.server.port: "3000"
atlas:
image: ctassisf/ripe-atlas-alpine:arm64v8
@@ -138,18 +100,6 @@ services:
- type: bind
source: /srv/ext/sys/geneweb/log
target: /usr/local/share/geneweb/log
- deploy:
- labels:
- traefik.enable: "true"
- traefik.http.routers.gwsetup.rule: "PathPrefix(`/gwsetup`)"
- traefik.http.middlewares.gwsetup-striparoo.stripprefix.prefixes: "/gwsetup"
- traefik.http.routers.gwsetup.middlewares: gwsetup-striparoo,forward-auth
- traefik.http.routers.gwsetup.service: gwsetup
- traefik.http.services.gwsetup.loadbalancer.server.port: "2316"
-
- traefik.http.routers.geneweb.rule: "Host(`ancestry.woozle.org`)"
- traefik.http.routers.geneweb.service: geneweb
- traefik.http.services.geneweb.loadbalancer.server.port: "2317"
samba:
image: dperson/samba
@@ -165,13 +115,9 @@ services:
USERID: 911
GROUPID: 911
# name;path;browse;readonly;guest
- SHARE1: storage;/srv/ext/storage;yes;no;no
- SHARE2: media;/srv/ext/media;yes;no;no
- SHARE3: software;/srv/ext/software;yes;no;no
- SHARE4: backups;/srv/ext/backups;yes;no;no
- SHARE4: incoming;/srv/ext/incoming;yes;no;no
+ SHARE1: drive;/srv/ext;yes;no;no
env_file:
- - samba-users.env
+ - secrets/samba-users.env
ports:
- published: 139
target: 139
@@ -182,40 +128,28 @@ services:
image: micromata/dave
volumes:
- type: bind
- source: /srv/ext/storage
+ source: /srv/ext
target: /data
configs:
- source: dave.yaml
target: /config/config.yaml
user: "911:911"
- deploy:
- labels:
- traefik.enable: "true"
- traefik.http.routers.webdav.rule: "Host(`drive.woozle.org`)"
- traefik.http.services.webdav.loadbalancer.server.port: "8000"
-
- public:
- image: caddy
- volumes:
- - type: bind
- source: /srv/ext/storage/public
- target: /usr/share/caddy/public
- read_only: true
- deploy:
- labels:
- traefik.enable: "true"
- traefik.http.routers.public.rule: "PathPrefix(`/public`)"
- traefik.http.services.public.loadbalancer.server.port: "80"
configs:
dave.yaml:
file: dave.yaml
- name: dave.yaml-v1
+ name: dave.yaml-v3
+ Caddyfile:
+ file: Caddyfile
+ name: Caddyfile-v17
+ index.html:
+ file: index.html
+ name: index.html-v8
secrets:
- password:
- file: password
- name: password-v1
+ caddy-users:
+ file: secrets/caddy-users
+ name: caddy-users-v2
networks:
hostnet:
diff --git a/homelab/index.html b/homelab/index.html
new file mode 100644
index 0000000..d8dbe0a
--- /dev/null
+++ b/homelab/index.html
@@ -0,0 +1,30 @@
+
+
+
+ Sweetums
+
+
+
+
+
+
+
+
+
+
+
diff --git a/homelab/grafana.ini.tmpl b/homelab/unused/grafana.ini.tmpl
similarity index 100%
rename from homelab/grafana.ini.tmpl
rename to homelab/unused/grafana.ini.tmpl
diff --git a/homelab/netdata.conf b/homelab/unused/netdata.conf
similarity index 100%
rename from homelab/netdata.conf
rename to homelab/unused/netdata.conf
diff --git a/homelab/periodic/backup-systemd b/homelab/unused/periodic/backup-systemd
similarity index 100%
rename from homelab/periodic/backup-systemd
rename to homelab/unused/periodic/backup-systemd
diff --git a/homelab/periodic/btrfs-scrub b/homelab/unused/periodic/btrfs-scrub
similarity index 100%
rename from homelab/periodic/btrfs-scrub
rename to homelab/unused/periodic/btrfs-scrub
diff --git a/homelab/periodic/ddns-update b/homelab/unused/periodic/ddns-update
similarity index 100%
rename from homelab/periodic/ddns-update
rename to homelab/unused/periodic/ddns-update
diff --git a/homelab/periodic/gdrive-backup b/homelab/unused/periodic/gdrive-backup
similarity index 100%
rename from homelab/periodic/gdrive-backup
rename to homelab/unused/periodic/gdrive-backup
diff --git a/homelab/periodic/last-run b/homelab/unused/periodic/last-run
similarity index 100%
rename from homelab/periodic/last-run
rename to homelab/unused/periodic/last-run
diff --git a/homelab/periodic/nextcloud-cron b/homelab/unused/periodic/nextcloud-cron
similarity index 100%
rename from homelab/periodic/nextcloud-cron
rename to homelab/unused/periodic/nextcloud-cron
diff --git a/homelab/prometheus.yaml b/homelab/unused/prometheus.yaml
similarity index 100%
rename from homelab/prometheus.yaml
rename to homelab/unused/prometheus.yaml