Source Code for the Home Server setup. This includes the git server hosting this repository as well. #terraform #docker
https://git.captnemo.in/nemo/nebula/
_scripts | ||
cloudflare | ||
db | ||
digitalocean | ||
docker | ||
gitea | ||
home-assistant | ||
kaarana | ||
mastodon | ||
media | ||
modules | ||
monitoring | ||
opml | ||
radicale | ||
timemachine | ||
.editorconfig | ||
.gitignore | ||
.terraform-version | ||
data.tf | ||
echoserver.tf | ||
elibsrv.tf | ||
HACKING.md | ||
jupyter.tf | ||
kaarana.tf | ||
kavita.tf | ||
kayak.tf | ||
klaxon.tf | ||
kube-test.tf | ||
main.tf | ||
miniflux.tf | ||
nextcloud.tf | ||
providers.tf | ||
pulse.tf | ||
README.md | ||
rss-bridge.tf | ||
secrets.tf | ||
state.tf | ||
variables.tf | ||
wiki.tf | ||
znc.tf |
nebula
Where stars are born.
Manages the local infrastructure of my home server. I'm also doing blog posts around the same:
- Part 1, Hardware
- Part 2, Terraform/Docker
- Part 3, Learnings
- Part 4, Migrating from Google (and more)
- Part 5, Networking
- Part 6, RAID
The canonical URL for this repo is https://git.captnemo.in/nemo/nebula/. A mirror is maintained on GitHub at https://github.com/captn3m0/nebula
modules
- docker: to actually run the services. Catch-all for miscellaneous containers
- cloudflare: to manage the DNS.
- mysql: to create mysql users and databases.
- media: Media related containers (Jackett, Lidarr, Radarr, Sonarr)
- Monitoring: Monitoring related resources (Cadvisor, Grafana, NodeExporter, Prometheus, Transmission-Exporter)
- Gitea: Just git.captnemo.in
- miniflux: RSS Web reader
- Radicale: CardDav/CalDav webserver
Self-learning project for terraform/docker.
Planned
- ~Setup DigitalOcean~
- Add DO infrastructure via ansible
- ~Add traefik for proper proxying~
- Maybe add docker swarm (or k8s?) across both the servers. Might setup the k8s API on the Raspberry Pi.
Service List
Currently running the following (all links are to the store.docker.com
links for the docker images that I'm using:
image | tag | module/link |
---|---|---|
captn3m0/opml-gen | latest | https://opml.bb8.fun |
captn3m0/rss-bridge | latest | https://github.com/RSS-Bridge/rss-bridge |
captn3m0/speedtest-exporter | alpine | https://github.com/stefanwalther/speedtest-exporter |
emby/embyserver | latest | https://emby.media |
gitea/gitea | 1.5.0-rc1 | services |
google/cadvisor | latest | monitoring |
grafana/grafana | latest | monitoring |
jankysolutions/requestbin | latest | tools |
linuxserver/airsonic | latest | media |
linuxserver/jackett | latest | media |
linuxserver/lidarr | latest | media |
linuxserver/lychee | latest | media |
linuxserver/radarr | latest | media |
linuxserver/sonarr | latest | media |
linuxserver/transmission | latest | media |
linuxserver/ubooquity | latest | media |
miniflux/miniflux | 2.0.9 | tools |
postgres | 10-alpine | database |
prom/node-exporter | v0.15.2 | monitoring |
prom/prometheus | latest | monitoring |
requarks/wiki | latest | services |
serjs/go-socks5-proxy | latest | tools |
tocttou/gotviz | latest | na |
tomsquest/docker-radicale | latest | services |
traefik | 1.6-alpine | plumbing |
Docker Notes
- Lots of the above images are from the excellent LinuxServer.io, and they're doing great work 👍
- Most images are running the latest beta (if available) or stable versions.
- Traefik is running with wildcard certificates.
Upstream
I've been using this as a contributing opportunity and reporting/fixing issues upstream:
- Airsonic HTTPS proxying is broken. Reported: https://github.com/airsonic/airsonic/issues/641. Turned out to be a known issue: https://github.com/airsonic/airsonic/issues/594. Now fixed.
- Traefik docker backend security headers were broken with dashes. I reported it here, and fixed by https://github.com/containous/traefik/pull/2496 ✅
- Headphones dies repeatedly with no error logs. Yet-to-report. (Already reported, fails due to classical artists)
- Terraform doesn't parse mariadb version numbers. Report: https://github.com/terraform-providers/terraform-provider-mysql/issues/6. Filed a PR to fix and to bump the go-version dependency ✅
elibsrv
didn't support ebook-convert, only mobigen. PR is at https://github.com/captn3m0/elibsrv/pull/1. Merged toelibsrv
trunk, will be part of next release.ubooquity
docker container doesn't let you set admin password: https://github.com/linuxserver/docker-ubooquity/issues/17. (Couldn't reproduce, closed) ✅- Traefik customresponseheaders can't contain colons on the docker backend: https://github.com/containous/traefik/issues/2517. Fixed with https://github.com/containous/traefik/pull/2509 ✅
- Traefik Security headers don't overwrite upstream headers: https://github.com/containous/traefik/issues/2618 ✅
- Transmission exporter broke with different data types while unmarshalling JSON in go. I filed a PR https://github.com/metalmatze/transmission-exporter/pull/2 ✅
- Radarr official docker container was running a very old
mediainfo
. Filed a fix to upgrademediainfo
on the official radarr image ✅ - Patched the speedtest-exporter to use Alpine and upgraded Node.JS for a smaller updated build.
- Faced (4) above again because mariadb decided to add
:
in the version response. Workaround was to force set--version=10.3-mariadb
- Reported 2 critical security issues in Abstruse CI. ✅
- Faced (13) above again with postgres, thankfully someone already fixed version parsing ✅
- RSS Bridge was missing an official Docker Image. I Filed a PR ✅
Plumbing
Their is a lot of additional infrastructure that is not-yet part of this repo. This includes:
- The Digital Ocean droplet running DNSCrypt and simpleproxy to proxy over a openvpn connection to this box.
- openbox, kodi configuration to run on boot along with the Steam Controller for the HTPC setup
- Docker main configuration with half-baked CA setup
- btrfs-backed subvolumes and snapshotting for most things in /mnt/xwing/ (in-progress)
- User-creation on the main server. (I'm using a common user for media applications and specific users for other applications)
License
All code in this repository is shared under the MIT License.