diff --git a/.gitignore b/.gitignore index 2f0e0e2..9d4df60 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,9 @@ ansible/collections/** +# registry password file +distribution/htpasswd + # .tfstate files *.tfstate *.tfstate.* diff --git a/compose/truenas-apps.yaml b/compose/truenas-apps.yaml index 0ac40ad..5f0eda2 100644 --- a/compose/truenas-apps.yaml +++ b/compose/truenas-apps.yaml @@ -26,16 +26,12 @@ services: adguard: container_name: adguard image: adguard/adguardhome + pull_policy: always restart: unless-stopped networks: apps: ipv4_address: 10.96.10.53 link_local_ips: [] - # ports: - # - "53:53/tcp" - # - "53:53/udp" - # - "80:80/tcp" - # - "443:443/tcp" volumes: - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf @@ -45,6 +41,7 @@ services: certbot: container_name: certbot image: certbot/dns-cloudflare + pull_policy: always restart: "no" networks: apps: @@ -63,6 +60,14 @@ services: -d unifi.balsillie.house -d s3.balsillie.house -d registry.balsillie.house + -d sync-admin.balsillie.house + -d jellyfin.balsillie.house + -d torrent.balsillie.house + -d tv.balsillie.house + -d movies.balsillie.house + -d music.balsillie.house + -d books.balsillie.house + -d subs.balsillie.house volumes: - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt @@ -70,6 +75,7 @@ services: minio: container_name: minio image: minio/minio + pull_policy: always hostname: s3.balsillie.house restart: unless-stopped command: @@ -88,4 +94,84 @@ services: volumes: - /mnt/hdd/s3:/data - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt \ No newline at end of file + - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt + + registry: + container_name: registry + image: distribution/distribution:edge + pull_policy: always + hostname: registry.balsillie.house + restart: unless-stopped + environment: + REGISTRY_HTTP_SECRET: VfOVfkMqoeZGpfTJqe82rz4clqrR6Wid + networks: + apps: + ipv4_address: 10.96.10.13 + link_local_ips: [] + volumes: + - /mnt/hdd/apps/registry:/etc/distribution + - /mnt/hdd/registry:/var/lib/registry + - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt + - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt + + sort: + container_name: sort + image: code.balsillie.net/michael/containers/upload-sorter:latest + pull_policy: always + restart: unless-stopped + environment: + WATCH_DIRS: '/sort/michael:/sort/bridie' + PHOTOS_DIRECTORY: '/photos' + RECORDINGS_DIRECTORY: '/recordings' + networks: + apps: + ipv4_address: 10.96.10.14 + link_local_ips: [] + volumes: + - /mnt/hdd/sync:/sort + - /mnt/hdd/photos:/photos + - /mnt/hdd/recordings:/recordings + + sync: + container_name: sync + image: syncthing/syncthing:1 + pull_policy: always + entrypoint: ["/bin/syncthing", "serve", "--config=/config", ] + command: [] + restart: unless-stopped + networks: + apps: + ipv4_address: 10.96.10.15 + link_local_ips: [] + volumes: + - /mnt/hdd/apps/syncthing:/config + - /mnt/hdd/sync:/sync + - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt + - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt + + nginx: + container_name: nginx + image: nginx + pull_policy: always + restart: unless-stopped + networks: + apps: + ipv4_address: 10.96.10.16 + link_local_ips: [] + volumes: + - /mnt/hdd/apps/nginx/default.conf:/etc/nginx/conf.d/default.conf + - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt + - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt + + unifi: + container_name: unifi + image: goofball222/unifi:8.6.9 + pull_policy: always + restart: unless-stopped + networks: + apps: + ipv4_address: 10.96.10.17 + link_local_ips: [] + volumes: + - /mnt/hdd/apps/unifi:/usr/lib/unifi/data + diff --git a/compose/truenas-media.yaml b/compose/truenas-media.yaml new file mode 100644 index 0000000..7bf9797 --- /dev/null +++ b/compose/truenas-media.yaml @@ -0,0 +1,31 @@ +# Docker compose file for truenas apps + +name: "media" + +# Network + +networks: + apps: + external: true + name: apps + +services: + jellyfin: + container_name: jellyfin + image: jellyfin # FIX + restart: unless-stopped + networks: + apps: + ipv4_address: 10.96.10.101 + link_local_ips: [] + volumes: + - /mnt/hdd/apps/jellyfin:/config + - /mnt/hdd/media:/media + - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt + - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt + +# qbittorrent + +# sonarr + +# radarr \ No newline at end of file diff --git a/compose/truenas-rename.yaml b/compose/truenas-rename.yaml deleted file mode 100644 index a2708a0..0000000 --- a/compose/truenas-rename.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Docker compose file for truenas apps - -name: "media" - -# Network - -networks: - apps: - external: true - name: apps - -services: - adguard: - container_name: adguard - image: adguard/adguardhome - restart: unless-stopped - networks: - apps: - ipv4_address: 10.96.10.53 - link_local_ips: [] - # ports: - # - "53:53/tcp" - # - "53:53/udp" - # - "80:80/tcp" - # - "443:443/tcp" - volumes: - - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work - - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf - - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt - certbot: - container_name: certbot - image: certbot/dns-cloudflare - restart: "no" - networks: - apps: - ipv4_address: 10.96.10.11 - link_local_ips: [] - command: >- - certonly --dns-cloudflare - --dns-cloudflare-credentials /etc/letsencrypt/credentials.ini - --dns-cloudflare-propagation-seconds 20 - --email certbot-apps@balsillie.email - --non-interactive - --expand - --no-eff-email - --agree-tos - -d adguard.balsillie.house - -d unifi.balsillie.house - -d s3.balsillie.house - -d registry.balsillie.house - volumes: - - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt - -# Certbot - -# Adguard - -# Minio \ No newline at end of file diff --git a/distribution/config.yml b/distribution/config.yml new file mode 100644 index 0000000..217a331 --- /dev/null +++ b/distribution/config.yml @@ -0,0 +1,52 @@ +version: 0.1 +log: + accesslog: + disabled: false + level: info + formatter: text + fields: {} +storage: + cache: + blobdescriptor: inmemory + blobdescriptorsize: 5000 + delete: + enabled: true + filesystem: + rootdirectory: /var/lib/registry + maintenance: + uploadpurging: + enabled: true + age: 168h + interval: 24h + dryrun: false + readonly: + enabled: false + tag: + concurrencylimit: 8 +http: + http2: + disabled: false + h2c: + enabled: false + addr: 10.96.10.13:443 + net: tcp + host: https://registry.balsillie.house + prefix: '' + headers: + X-Content-Type-Options: + - nosniff + relativeurls: false + draintimeout: 30s + tls: + certificate: /etc/letsencrypt/live/adguard.balsillie.house/fullchain.pem + key: /etc/letsencrypt/live/adguard.balsillie.house/privkey.pem + minimumtls: tls1.2 + prometheus: + enabled: false +# auth: +# htpasswd: +# realm: BALSILLIE +# path: /etc/distribution/htpasswd +health: + storagedriver: + enabled: false \ No newline at end of file diff --git a/terraform/cloudflare/main.tf b/terraform/cloudflare/main.tf index d1c370b..038f1ec 100644 --- a/terraform/cloudflare/main.tf +++ b/terraform/cloudflare/main.tf @@ -7,8 +7,19 @@ terraform { version = "~> 4.44" } } - backend "local" { - # path = pathexpand("~/Backups/tfstate/cloudflare.tfstate") + backend "s3" { + endpoints = { + s3 = "https://s3.balsillie.house:9000" + } + region = "home" + bucket = "terraform" + use_path_style = true + key = "cloudflare/terraform.tfstate" + shared_credentials_files = ["~/.aws/credentials"] + profile = "terraform" + skip_credentials_validation = true + skip_region_validation = true + skip_requesting_account_id = true } }