more apps

2024-12-30 01:18:40 -05:00 · 2024-12-30 01:18:40 -05:00 · e76d1a1f88
commit e76d1a1f88
parent c090cc9cbe
6 changed files with 191 additions and 68 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,6 +4,9 @@

 ansible/collections/**

+# registry password file
+distribution/htpasswd
+
 # .tfstate files
 *.tfstate
 *.tfstate.*
--- a/compose/truenas-apps.yaml
+++ b/compose/truenas-apps.yaml
@ -26,16 +26,12 @@ services:
  adguard:
    container_name: adguard
    image: adguard/adguardhome
+    pull_policy: always
    restart: unless-stopped
    networks:
      apps:
        ipv4_address: 10.96.10.53
        link_local_ips: []
-    # ports:
-    #   - "53:53/tcp"
-    #   - "53:53/udp"
-    #   - "80:80/tcp"
-    #   - "443:443/tcp"
    volumes:
      - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work
      - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf
@ -45,6 +41,7 @@ services:
  certbot:
    container_name: certbot
    image: certbot/dns-cloudflare
+    pull_policy: always
    restart: "no"
    networks:
      apps:
@ -63,6 +60,14 @@ services:
      -d unifi.balsillie.house
      -d s3.balsillie.house
      -d registry.balsillie.house
+      -d sync-admin.balsillie.house
+      -d jellyfin.balsillie.house
+      -d torrent.balsillie.house
+      -d tv.balsillie.house
+      -d movies.balsillie.house
+      -d music.balsillie.house
+      -d books.balsillie.house
+      -d subs.balsillie.house
    volumes:
      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
@ -70,6 +75,7 @@ services:
  minio:
    container_name: minio
    image: minio/minio
+    pull_policy: always
    hostname: s3.balsillie.house
    restart: unless-stopped
    command:
@ -89,3 +95,83 @@ services:
      - /mnt/hdd/s3:/data
      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
+
+  registry:
+    container_name: registry
+    image: distribution/distribution:edge
+    pull_policy: always
+    hostname: registry.balsillie.house
+    restart: unless-stopped
+    environment:
+      REGISTRY_HTTP_SECRET: VfOVfkMqoeZGpfTJqe82rz4clqrR6Wid
+    networks:
+      apps:
+        ipv4_address: 10.96.10.13
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/apps/registry:/etc/distribution
+      - /mnt/hdd/registry:/var/lib/registry
+      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
+      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
+
+  sort:
+    container_name: sort
+    image: code.balsillie.net/michael/containers/upload-sorter:latest
+    pull_policy: always
+    restart: unless-stopped
+    environment:
+      WATCH_DIRS: '/sort/michael:/sort/bridie'
+      PHOTOS_DIRECTORY: '/photos'
+      RECORDINGS_DIRECTORY: '/recordings'
+    networks: 
+      apps:
+        ipv4_address: 10.96.10.14
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/sync:/sort
+      - /mnt/hdd/photos:/photos
+      - /mnt/hdd/recordings:/recordings
+
+  sync:
+    container_name: sync
+    image: syncthing/syncthing:1
+    pull_policy: always
+    entrypoint: ["/bin/syncthing", "serve", "--config=/config", ]
+    command: []
+    restart: unless-stopped
+    networks: 
+      apps:
+        ipv4_address: 10.96.10.15
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/apps/syncthing:/config
+      - /mnt/hdd/sync:/sync
+      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
+      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
+
+  nginx:
+    container_name: nginx
+    image: nginx
+    pull_policy: always
+    restart: unless-stopped
+    networks: 
+      apps:
+        ipv4_address: 10.96.10.16
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/apps/nginx/default.conf:/etc/nginx/conf.d/default.conf
+      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
+      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
+
+  unifi:
+    container_name: unifi
+    image: goofball222/unifi:8.6.9
+    pull_policy: always
+    restart: unless-stopped
+    networks: 
+      apps:
+        ipv4_address: 10.96.10.17
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/apps/unifi:/usr/lib/unifi/data
+
--- a/compose/truenas-media.yaml
+++ b/compose/truenas-media.yaml
@ -0,0 +1,31 @@
+# Docker compose file for truenas apps
+
+name: "media"
+
+# Network
+
+networks:
+  apps:
+    external: true
+    name: apps
+
+services:
+  jellyfin:
+    container_name: jellyfin
+    image: jellyfin # FIX
+    restart: unless-stopped
+    networks:
+      apps:
+        ipv4_address: 10.96.10.101
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/apps/jellyfin:/config
+      - /mnt/hdd/media:/media
+      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
+      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
+
+# qbittorrent
+
+# sonarr
+
+# radarr
--- a/compose/truenas-rename.yaml
+++ b/compose/truenas-rename.yaml
@ -1,60 +0,0 @@
-# Docker compose file for truenas apps
-
-name: "media"
-
-# Network
-
-networks:
-  apps:
-    external: true
-    name: apps
-
-services:
-  adguard:
-    container_name: adguard
-    image: adguard/adguardhome
-    restart: unless-stopped
-    networks:
-      apps:
-        ipv4_address: 10.96.10.53
-        link_local_ips: []
-    # ports:
-    #   - "53:53/tcp"
-    #   - "53:53/udp"
-    #   - "80:80/tcp"
-    #   - "443:443/tcp"
-    volumes:
-      - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work
-      - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf
-      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
-      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
-  certbot:
-    container_name: certbot
-    image: certbot/dns-cloudflare
-    restart: "no"
-    networks:
-      apps:
-        ipv4_address: 10.96.10.11
-        link_local_ips: []
-    command: >-
-      certonly --dns-cloudflare
-      --dns-cloudflare-credentials /etc/letsencrypt/credentials.ini
-      --dns-cloudflare-propagation-seconds 20
-      --email certbot-apps@balsillie.email
-      --non-interactive
-      --expand
-      --no-eff-email
-      --agree-tos
-      -d adguard.balsillie.house
-      -d unifi.balsillie.house
-      -d s3.balsillie.house
-      -d registry.balsillie.house
-    volumes:
-      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
-      - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
-
-# Certbot
-
-# Adguard
-
-# Minio
--- a/distribution/config.yml
+++ b/distribution/config.yml
@ -0,0 +1,52 @@
+version: 0.1
+log:
+  accesslog:
+    disabled: false
+  level: info
+  formatter: text
+  fields: {}
+storage:
+  cache:
+    blobdescriptor: inmemory
+    blobdescriptorsize: 5000
+  delete:
+    enabled: true
+  filesystem:
+    rootdirectory: /var/lib/registry
+  maintenance:
+    uploadpurging:
+      enabled: true
+      age: 168h
+      interval: 24h
+      dryrun: false
+    readonly:
+      enabled: false
+  tag:
+    concurrencylimit: 8
+http:
+  http2:
+    disabled: false
+  h2c:
+    enabled: false
+  addr: 10.96.10.13:443
+  net: tcp
+  host: https://registry.balsillie.house
+  prefix: ''
+  headers:
+    X-Content-Type-Options: 
+      - nosniff
+  relativeurls: false
+  draintimeout: 30s
+  tls:
+    certificate: /etc/letsencrypt/live/adguard.balsillie.house/fullchain.pem
+    key: /etc/letsencrypt/live/adguard.balsillie.house/privkey.pem
+    minimumtls: tls1.2
+  prometheus:
+    enabled: false
+# auth:
+#   htpasswd:
+#     realm: BALSILLIE
+#     path: /etc/distribution/htpasswd
+health:
+  storagedriver:
+    enabled: false
--- a/terraform/cloudflare/main.tf
+++ b/terraform/cloudflare/main.tf
@ -7,8 +7,19 @@ terraform {
      version = "~> 4.44"
    }
  }
-  backend "local" {
-    # path = pathexpand("~/Backups/tfstate/cloudflare.tfstate")
+  backend "s3" {
+    endpoints = {
+      s3 = "https://s3.balsillie.house:9000"
+    }
+    region = "home"
+    bucket = "terraform"
+    use_path_style = true
+    key = "cloudflare/terraform.tfstate"
+    shared_credentials_files = ["~/.aws/credentials"]
+    profile = "terraform"
+    skip_credentials_validation = true
+    skip_region_validation = true
+    skip_requesting_account_id = true
  }
 }