michael/IaC
1
0
Fork 0
Code Packages

more apps

Browse Source
This commit is contained in:
= 2024-12-30 01:18:40 -05:00
parent c090cc9cbe
commit e76d1a1f88
6 changed files with 191 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -4,6 +4,9 @@
ansible/collections/** ansible/collections/**
# registry password file
distribution/htpasswd
# .tfstate files # .tfstate files
*.tfstate *.tfstate
*.tfstate.* *.tfstate.*

96
compose/truenas-apps.yaml
View File

@ -26,16 +26,12 @@ services:
adguard: adguard:
container_name: adguard container_name: adguard
image: adguard/adguardhome image: adguard/adguardhome
pull_policy: always
restart: unless-stopped restart: unless-stopped
networks: networks:
apps: apps:
ipv4_address: 10.96.10.53 ipv4_address: 10.96.10.53
link_local_ips: [] link_local_ips: []
# ports:
# - "53:53/tcp"
# - "53:53/udp"
# - "80:80/tcp"
# - "443:443/tcp"
volumes: volumes:
- /mnt/hdd/apps/adguard/work:/opt/adguardhome/work - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work
- /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf
@ -45,6 +41,7 @@ services:
certbot: certbot:
container_name: certbot container_name: certbot
image: certbot/dns-cloudflare image: certbot/dns-cloudflare
pull_policy: always
restart: "no" restart: "no"
networks: networks:
apps: apps:
@ -63,6 +60,14 @@ services:
-d unifi.balsillie.house -d unifi.balsillie.house
-d s3.balsillie.house -d s3.balsillie.house
-d registry.balsillie.house -d registry.balsillie.house
-d sync-admin.balsillie.house
-d jellyfin.balsillie.house
-d torrent.balsillie.house
-d tv.balsillie.house
-d movies.balsillie.house
-d music.balsillie.house
-d books.balsillie.house
-d subs.balsillie.house
volumes: volumes:
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
@ -70,6 +75,7 @@ services:
minio: minio:
container_name: minio container_name: minio
image: minio/minio image: minio/minio
pull_policy: always
hostname: s3.balsillie.house hostname: s3.balsillie.house
restart: unless-stopped restart: unless-stopped
command: command:
@ -89,3 +95,83 @@ services:
- /mnt/hdd/s3:/data - /mnt/hdd/s3:/data
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
registry:
container_name: registry
image: distribution/distribution:edge
pull_policy: always
hostname: registry.balsillie.house
restart: unless-stopped
environment:
REGISTRY_HTTP_SECRET: VfOVfkMqoeZGpfTJqe82rz4clqrR6Wid
networks:
apps:
ipv4_address: 10.96.10.13
link_local_ips: []
volumes:
- /mnt/hdd/apps/registry:/etc/distribution
- /mnt/hdd/registry:/var/lib/registry
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
sort:
container_name: sort
image: code.balsillie.net/michael/containers/upload-sorter:latest
pull_policy: always
restart: unless-stopped
environment:
WATCH_DIRS: '/sort/michael:/sort/bridie'
PHOTOS_DIRECTORY: '/photos'
RECORDINGS_DIRECTORY: '/recordings'
networks:
apps:
ipv4_address: 10.96.10.14
link_local_ips: []
volumes:
- /mnt/hdd/sync:/sort
- /mnt/hdd/photos:/photos
- /mnt/hdd/recordings:/recordings
sync:
container_name: sync
image: syncthing/syncthing:1
pull_policy: always
entrypoint: ["/bin/syncthing", "serve", "--config=/config", ]
command: []
restart: unless-stopped
networks:
apps:
ipv4_address: 10.96.10.15
link_local_ips: []
volumes:
- /mnt/hdd/apps/syncthing:/config
- /mnt/hdd/sync:/sync
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
nginx:
container_name: nginx
image: nginx
pull_policy: always
restart: unless-stopped
networks:
apps:
ipv4_address: 10.96.10.16
link_local_ips: []
volumes:
- /mnt/hdd/apps/nginx/default.conf:/etc/nginx/conf.d/default.conf
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
unifi:
container_name: unifi
image: goofball222/unifi:8.6.9
pull_policy: always
restart: unless-stopped
networks:
apps:
ipv4_address: 10.96.10.17
link_local_ips: []
volumes:
- /mnt/hdd/apps/unifi:/usr/lib/unifi/data

31
compose/truenas-media.yaml Normal file
View File

@ -0,0 +1,31 @@
# Docker compose file for truenas apps
name: "media"
# Network
networks:
apps:
external: true
name: apps
services:
jellyfin:
container_name: jellyfin
image: jellyfin # FIX
restart: unless-stopped
networks:
apps:
ipv4_address: 10.96.10.101
link_local_ips: []
volumes:
- /mnt/hdd/apps/jellyfin:/config
- /mnt/hdd/media:/media
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
# qbittorrent
# sonarr
# radarr

60
compose/truenas-rename.yaml
View File

@ -1,60 +0,0 @@
# Docker compose file for truenas apps
name: "media"
# Network
networks:
apps:
external: true
name: apps
services:
adguard:
container_name: adguard
image: adguard/adguardhome
restart: unless-stopped
networks:
apps:
ipv4_address: 10.96.10.53
link_local_ips: []
# ports:
# - "53:53/tcp"
# - "53:53/udp"
# - "80:80/tcp"
# - "443:443/tcp"
volumes:
- /mnt/hdd/apps/adguard/work:/opt/adguardhome/work
- /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
certbot:
container_name: certbot
image: certbot/dns-cloudflare
restart: "no"
networks:
apps:
ipv4_address: 10.96.10.11
link_local_ips: []
command: >-
certonly --dns-cloudflare
--dns-cloudflare-credentials /etc/letsencrypt/credentials.ini
--dns-cloudflare-propagation-seconds 20
--email certbot-apps@balsillie.email
--non-interactive
--expand
--no-eff-email
--agree-tos
-d adguard.balsillie.house
-d unifi.balsillie.house
-d s3.balsillie.house
-d registry.balsillie.house
volumes:
- /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
- /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
# Certbot
# Adguard
# Minio

52
distribution/config.yml Normal file
View File

@ -0,0 +1,52 @@
version: 0.1
log:
accesslog:
disabled: false
level: info
formatter: text
fields: {}
storage:
cache:
blobdescriptor: inmemory
blobdescriptorsize: 5000
delete:
enabled: true
filesystem:
rootdirectory: /var/lib/registry
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
tag:
concurrencylimit: 8
http:
http2:
disabled: false
h2c:
enabled: false
addr: 10.96.10.13:443
net: tcp
host: https://registry.balsillie.house
prefix: ''
headers:
X-Content-Type-Options:
- nosniff
relativeurls: false
draintimeout: 30s
tls:
certificate: /etc/letsencrypt/live/adguard.balsillie.house/fullchain.pem
key: /etc/letsencrypt/live/adguard.balsillie.house/privkey.pem
minimumtls: tls1.2
prometheus:
enabled: false
# auth:
# htpasswd:
# realm: BALSILLIE
# path: /etc/distribution/htpasswd
health:
storagedriver:
enabled: false

15
terraform/cloudflare/main.tf
View File

@ -7,8 +7,19 @@ terraform {
version = "~> 4.44" version = "~> 4.44"
} }
} }
backend "local" { backend "s3" {
# path = pathexpand("~/Backups/tfstate/cloudflare.tfstate") endpoints = {
s3 = "https://s3.balsillie.house:9000"
}
region = "home"
bucket = "terraform"
use_path_style = true
key = "cloudflare/terraform.tfstate"
shared_credentials_files = ["~/.aws/credentials"]
profile = "terraform"
skip_credentials_validation = true
skip_region_validation = true
skip_requesting_account_id = true
} }
} }