Source Code for the Home Server setup. This includes the git server hosting this repository as well. #terraform #docker https://git.captnemo.in/nemo/nebula/
Go to file
Nemo 63facbde70 Remove custom dns support 2019-06-02 14:51:33 +05:30
_scripts Upgrades and stuff 2018-05-29 18:06:21 +05:30
abstruse Create and use a single traefik network everywhere 2018-06-04 13:39:55 +05:30
cloudflare General Updates 2019-05-19 12:51:53 +05:30
db [docker] Dealing from the aftermath of docker provider release 2019-01-20 03:46:18 +05:30
digitalocean General Updates 2019-05-19 12:51:53 +05:30
docker Adds elibsrv Docker Container 2019-05-12 09:01:46 +05:30
gitea Fix radicale 2019-05-16 16:07:01 +05:30
media turn off dnscrypt-proxy, client now runs on the Router 2019-03-31 17:09:43 +05:30
modules Remove custom dns support 2019-06-02 14:51:33 +05:30
monitoring Fix ACT Exporter 2019-05-19 12:52:02 +05:30
opml Get opml back 2019-04-27 16:24:48 +05:30
radicale Fix radicale 2019-05-16 16:07:01 +05:30
resilio Create and use a single traefik network everywhere 2018-06-04 13:39:55 +05:30
timemachine standardize quotes on resource type 2018-04-22 18:09:44 +05:30
.editorconfig Work on proxying content via sydney 2017-11-26 16:53:34 +05:30
.gitignore General Updates 2019-02-03 18:39:10 +05:30
.terraform-version Fix pass provider issues 2019-04-13 03:01:36 +05:30
README.md Drops tt-rss entirely 2018-07-26 01:25:11 +05:30
audioserve.tf Adds audioserve 2019-04-02 02:55:26 +05:30
data.tf Upgrade miniflux and fix rss-bridge 2019-01-21 21:41:08 +05:30
echoserver.tf Minor fixes in container zipmapping 2018-08-07 02:55:46 +05:30
elibsrv.tf Adds elibsrv Docker Container 2019-05-12 09:01:46 +05:30
firefox-sync.tf Fix Firefox Sync 2019-04-14 00:11:55 +05:30
heimdall.tf Really complicated terraform labelling 2018-08-07 02:12:55 +05:30
jupyter.tf Run a jupyter notebook 2019-04-26 03:16:37 +05:30
kayak.tf Comment out unused kubernetes stuff 2019-04-26 03:16:25 +05:30
kube-test.tf Comment out unused kubernetes stuff 2019-04-26 03:16:25 +05:30
main.tf General Updates 2019-05-19 12:51:53 +05:30
miniflux.tf Improve NextCloud Networking 2019-04-16 00:38:40 +05:30
monicahq.tf Switch to pass-provider for secrets 2019-03-25 21:04:47 +05:30
nextcloud.tf Switch to stable release of nextcloud 2019-04-21 17:45:28 +05:30
outline.tf Switch to pass-provider for secrets 2019-03-25 21:04:47 +05:30
providers.tf Fix pass provider issues 2019-04-13 03:01:36 +05:30
pulse.tf Some minor updates for Docker provider upgrade 2019-01-18 17:15:22 +05:30
requestbin.tf Minor fixes in container zipmapping 2018-08-07 02:55:46 +05:30
rss-bridge.tf docker improvements got merged 2019-06-01 22:43:00 +05:30
secrets.tf Fix pass provider issues 2019-04-13 03:01:36 +05:30
state.tf Switch to a remote state 2019-02-10 23:14:10 +05:30
variables.tf General Updates 2019-05-19 12:51:53 +05:30
znc.tf Adds ZNC 2018-08-23 12:02:32 +05:30

README.md

nebula

Nebula header image

Where stars are born.

Manages the local infrastructure of my home server. I'm also doing blog posts around the same:

  1. Part 1, Hardware
  2. Part 2, Terraform/Docker
  3. Part 3, Learnings
  4. Part 4, Migrating from Google (and more)
  5. Part 5, Networking

The canonical URL for this repo is https://git.captnemo.in/nemo/nebula/. A mirror is maintained on GitHub at https://github.com/captn3m0/nebula

modules

  1. docker: to actually run the services. Catch-all for miscellaneous containers
  2. cloudflare: to manage the DNS.
  3. mysql: to create mysql users and databases.
  4. media: Media related containers (Jackett, Lidarr, Radarr, Sonarr)
  5. Monitoring: Monitoring related resources (Cadvisor, Grafana, NodeExporter, Prometheus, Transmission-Exporter)
  6. Gitea: Just git.captnemo.in
  7. miniflux: RSS Web reader
  8. Radicale: CardDav/CalDav webserver

Self-learning project for terraform/docker.

Planned

  1. ~Setup DigitalOcean~
  2. Add DO infrastructure via ansible
  3. ~Add traefik for proper proxying~
  4. Maybe add docker swarm (or k8s?) across both the servers. Might setup the k8s API on the Raspberry Pi.

Service List

Currently running the following (all links are to the store.docker.com links for the docker images that I'm using:

image tag module/link
bleenco/abstruse latest ci
captn3m0/opml-gen latest https://opml.bb8.fun
captn3m0/prometheus-act-exporter latest https://git.captnemo.in/nemo/prometheus-act-exporter
captn3m0/rss-bridge latest https://github.com/RSS-Bridge/rss-bridge
captn3m0/speedtest-exporter alpine https://github.com/stefanwalther/speedtest-exporter
emby/embyserver latest https://emby.media
gitea/gitea 1.5.0-rc1 services
google/cadvisor latest monitoring
grafana/grafana latest monitoring
jankysolutions/requestbin latest tools
linuxserver/airsonic latest media
linuxserver/heimdall latest tools
linuxserver/jackett latest media
linuxserver/lidarr latest media
linuxserver/lychee latest media
linuxserver/radarr latest media
linuxserver/resilio-sync latest sync
linuxserver/sonarr latest media
linuxserver/transmission latest media
linuxserver/ubooquity latest media
miniflux/miniflux 2.0.9 tools
monicahq/monicahq latest services
odarriba/timemachine latest tools
percona/percona-server-mongodb 3.4 database
postgres 10-alpine database
prom/node-exporter v0.15.2 monitoring
prom/prometheus latest monitoring
requarks/wiki latest services
serjs/go-socks5-proxy latest tools
tocttou/gotviz latest na
tomsquest/docker-radicale latest services
traefik 1.6-alpine plumbing

Docker Notes

  • Lots of the above images are from the excellent LinuxServer.io, and they're doing great work 👍
  • Most images are running the latest beta (if available) or stable versions.
  • Traefik is running with wildcard certificates.

Upstream

I've been using this as a contributing opportunity and reporting/fixing issues upstream:

  1. Airsonic HTTPS proxying is broken. Reported: https://github.com/airsonic/airsonic/issues/641. Turned out to be a known issue: https://github.com/airsonic/airsonic/issues/594. Now fixed.
  2. Traefik docker backend security headers were broken with dashes. I reported it here, and fixed by https://github.com/containous/traefik/pull/2496
  3. Headphones dies repeatedly with no error logs. Yet-to-report. (Already reported, fails due to classical artists)
  4. Terraform doesn't parse mariadb version numbers. Report: https://github.com/terraform-providers/terraform-provider-mysql/issues/6. Filed a PR to fix and to bump the go-version dependency
  5. elibsrv didn't support ebook-convert, only mobigen. PR is at https://github.com/captn3m0/elibsrv/pull/1. Merged to elibsrv trunk, will be part of next release.
  6. ubooquity docker container doesn't let you set admin password: https://github.com/linuxserver/docker-ubooquity/issues/17. (Couldn't reproduce, closed)
  7. Traefik customresponseheaders can't contain colons on the docker backend: https://github.com/containous/traefik/issues/2517. Fixed with https://github.com/containous/traefik/pull/2509
  8. Traefik Security headers don't overwrite upstream headers: https://github.com/containous/traefik/issues/2618
  9. Transmission exporter broke with different data types while unmarshalling JSON in go. I filed a PR https://github.com/metalmatze/transmission-exporter/pull/2
  10. Radarr official docker container was running a very old mediainfo. Filed a fix to upgrade mediainfo on the official radarr image
  11. Patched the speedtest-exporter to use Alpine and upgraded Node.JS for a smaller updated build.
  12. Faced (4) above again because mariadb decided to add : in the version response. Workaround was to force set --version=10.3-mariadb
  13. Reported 2 critical security issues in Abstruse CI.
  14. Faced (13) above again with postgres, thankfully someone already fixed version parsing
  15. RSS Bridge was missing an official Docker Image. I Filed a PR

Plumbing

Their is a lot of additional infrastructure that is not-yet part of this repo. This includes:

  1. The Digital Ocean droplet running DNSCrypt and simpleproxy to proxy over a openvpn connection to this box.
  2. openbox, kodi configuration to run on boot along with the Steam Controller for the HTPC setup
  3. Docker main configuration with half-baked CA setup
  4. btrfs-backed subvolumes and snapshotting for most things in /mnt/xwing/ (in-progress)
  5. User-creation on the main server. (I'm using a common user for media applications and specific users for other applications)

License

All code in this repository is shared under the MIT License.