mafyuh/iac
1
0
Fork 0
Code Issues 6 Pull requests 6 Projects 1 Wiki Activity Actions

init migration

Browse source
This commit is contained in:
Matt Reeves 2024-07-12 23:57:29 -04:00
parent 9793bdf1b8
commit 623e70f62d
58 changed files with 7114 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

97
.forgejo/workflows/CD.yml Normal file
View file

@ -0,0 +1,97 @@
name: Deploy to Hosts
on:
pull_request:
types: [closed]
jobs:
deploy:
if: github.event.pull_request.merged == true
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Fetch all history for git diff
run: git fetch --depth=2
- name: Detect modified folders
id: detect-changes
run: |
if [ "$(git rev-parse --is-shallow-repository)" = "true" ]; then
git fetch --unshallow
fi
folders=$(git diff --name-only HEAD~1 HEAD | cut -d/ -f1 | sort | uniq)
echo "Modified folders: $folders"
echo "::set-output name=folders::$folders"
- name: Deploy to hosts
run: |
IFS=' ' read -r -a folder_array <<< "${{ steps.detect-changes.outputs.folders }}"
for folder in "${folder_array[@]}"; do
case $folder in
arrs)
target_host="arrs.lan"
;;
arm)
target_host="arm.lan"
;;
downloaders)
target_host="downloaders.lan"
;;
AI)
target_host="ai.lan"
;;
authentik)
target_host="auth.lan"
;;
cf)
target_host="cf.lan"
;;
jellyfin)
target_host="jf.lan"
;;
kasm)
target_host="kasm.lan"
;;
netboot)
target_host="netboot.lan"
;;
nexus)
target_host="nexus.lan"
;;
pages)
target_host="pages.lan"
;;
portainer)
target_host="port.lan"
;;
twingate)
target_host="twingate.lan"
;;
whisper)
target_host="whisper.lan"
;;
# Add cases for other folders/hosts
*)
echo "Unknown folder: $folder"
continue
;;
esac
echo "Triggering AWX Job with target host: $target_host and folder: $folder"
curl -X POST -k -H "Content-Type: application/json" \
-H "Authorization: Bearer ${{ secrets.AWX_API_TOKEN }}" \
-d "{\"extra_vars\": {\"target_host\": \"$target_host\", \"folder\": \"$folder\"}}" \
"https://awx.mafyuh.xyz/api/v2/job_templates/13/launch/"
sleep 45 # Delay for 45 seconds before fetching logs
job_id=$(curl -s -H "Authorization: Bearer ${{ secrets.AWX_API_TOKEN }}" https://awx.mafyuh.xyz/api/v2/job_templates/13/jobs/?order_by=-id | jq -r '.results[0].id')
logs=$(curl -s -H "Authorization: Bearer ${{ secrets.AWX_API_TOKEN }}" https://awx.mafyuh.xyz/api/v2/jobs/$job_id/stdout/?format=json)
echo "AWX Job Logs for folder: $folder"
echo "Range:"
echo "Start: $(echo "$logs" | jq -r '.range.start')"
echo "End: $(echo "$logs" | jq -r '.range.end')"
echo "Absolute End: $(echo "$logs" | jq -r '.range.absolute_end')"
echo "Content:"
echo "$(echo "$logs" | jq -r '.content')"
done

30
.forgejo/workflows/yamllint.yml Normal file
View file

@ -0,0 +1,30 @@
name: Lint on PR
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
lint:
name: Lint YAML files
runs-on: docker
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 14
- name: Install yamllint
run: |
npm install -g yaml-lint
- name: Show yamllint version
run: |
yamllint --version
- name: Lint .yml files
run: |
yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" ./**/*.yml

107
.github/ISSUE_TEMPLATE/adding.yml vendored Normal file
View file

@ -0,0 +1,107 @@
name: 'Add Application'
description: 'Track the process of adding a new application'
title: 'Add Application: [Application Name]'
labels:
- addition
assignees: ''
body:
- type: markdown
attributes:
value: |
## Application Details
- type: input
id: application-name
attributes:
label: Application Name
description: Name of the application to be added
placeholder: Name of the application
- type: textarea
id: application-description
attributes:
label: Application Description
description: Provide a brief description of the application and its purpose
placeholder: Description of the application
- type: checkboxes
id: application-reason
attributes:
label: Reason for Addition
description: Please select one or more reasons for adding the application
options:
- label: New functionality
- label: Performance improvement
- label: Security enhancement
- label: Replacing another application
description: Provide the name of the application being replaced, if applicable
- label: Other (please specify)
description: Provide additional details
- type: dropdown
id: folder-added
attributes:
label: Folder Added To
description: Select the folder where the application was added
options:
- ag-backup
- ag-main
- AI
- arm
- arrs
- authentik
- cf
- downloaders
- jellyfin
- kasm
- netboot
- nexus
- pages
- portainer
- twingate
- whisper
- New Folder
- type: input
id: new-folder-name
attributes:
label: New Folder Name
description: If you created a new folder, provide the name of the new folder
placeholder: Name of the new folder
validations:
required: false
- type: markdown
attributes:
value: |
## Steps to Add
- type: checkboxes
id: steps-to-add
attributes:
label: Steps to Add
description: Please check off each step as it is completed
options:
- label: Add Configuration Files
description: Create and add configuration files for the new application
- label: Update Wiki
description: Create or update the Wiki page for the new application and update any relevant architecture diagrams or flowcharts
- label: Update README(s)
description: Add the new application to the main table and any other relevant sections
- label: Add to CD Platform Logic
description: Add necessary logic to the CD platform for the new application
- label: Testing and Validation
description: Ensure the application is tested and validated in the environment
- type: markdown
attributes:
value: |
## Commit IDs for Completed Steps
- type: textarea
id: commit-ids
attributes:
label: Commit IDs
description: Enter the commit IDs for the completed steps above
placeholder: Enter commit IDs separated by commas

92
.github/ISSUE_TEMPLATE/deletion.yml vendored Normal file
View file

@ -0,0 +1,92 @@
name: 'Delete Application'
description: 'Track the process of deleting an application'
title: 'Delete Application: [Application Name]'
labels:
- deletion
assignees: ''
body:
- type: markdown
attributes:
value: |
## Application Details
- type: input
id: application-name
attributes:
label: Application Name
description: Name of the application to be deleted
placeholder: Name of the application
- type: checkboxes
id: reason-for-deletion
attributes:
label: Reason for Deletion
description: Please select one or more reasons for the deletion
options:
- label: No longer needed
- label: Replaced by another application
description: Provide the name of the new application, if applicable
- label: Maintenance overhead
- label: Security vulnerabilities
- label: Performance issues
- label: Compatibility issues
- label: Licensing issues
- label: Other (please specify)
description: Provide additional details
- type: checkboxes
id: impacted-folders
attributes:
label: Impacted Folders
description: Select the folders that are impacted by the deletion
options:
- label: ag-backup
- label: ag-main
- label: AI
- label: arm
- label: arrs
- label: authentik
- label: cf
- label: downloaders
- label: jellyfin
- label: kasm
- label: netboot
- label: nexus
- label: pages
- label: portainer
- label: twingate
- label: whisper
- type: markdown
attributes:
value: |
## Steps to Delete
- type: checkboxes
id: steps-to-delete
attributes:
label: Steps to Delete
description: Please check off each step as it is completed
options:
- label: Remove Configuration Files
description: Locate and remove all configuration files related to the application
- label: Update Wiki
description: Add Archived tag to Wiki page and update any architecture diagrams or flowcharts
- label: Update README(s)
description: Remove app from main table
- label: Remove From CD Platform Logic
description: Remove unneeded if statement from CD platform
- label: Deletion from host
description: Ensure that the application and all related files have been successfully removed
- label: Close Related Issues
description: Close any open issues or tasks related to the application
- label: If you are deleting the entire folder check this box
description: Deleting entire folder
- type: textarea
id: additional-notes
attributes:
label: Additional Notes
description: Add any additional comments or details here
placeholder: Comments

50
.github/ISSUE_TEMPLATE/feature-request.yml vendored Normal file
View file

@ -0,0 +1,50 @@
name: 'Feature Request'
description: 'Suggest a new feature for the project'
title: 'Feature Request: [Summary]'
labels:
- enhancement
assignees: ''
body:
- type: markdown
attributes:
value: |
## Feature Request
**Please fill out this template with the requested information.**
- type: input
id: summary
attributes:
label: Summary
description: A concise description of the feature you'd like to see added.
placeholder: Brief summary of the feature request
- type: textarea
id: motivation
attributes:
label: Motivation
description: Explain why this feature would be beneficial to the project. What problem does it solve or what value does it bring?
placeholder: Describe the motivation behind the feature request
- type: textarea
id: detailed-description
attributes:
label: Detailed Description
description: |
Provide a detailed explanation of the proposed feature. Include:
- How would this feature be used?
- What are the expected benefits of this feature?
- Are there any potential drawbacks or limitations to consider?
placeholder: Provide a detailed description of the feature
- type: textarea
id: additional-context
attributes:
label: Additional Context
description: |
Include any relevant information such as:
- Links to external resources (e.g., documentation, articles)
- Screenshots or mockups to illustrate the feature
- Use cases and examples of how the feature would be used
placeholder: Add any other context or screenshots about the feature request here

7
.github/renovate.json vendored Normal file
View file

@ -0,0 +1,7 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
],
"dependencyDashboardTitle": ":robot: Renovate Dashboard"
}

6
.gitignore vendored
View file

@ -34,3 +34,9 @@ override.tf.json
.terraformrc .terraformrc
terraform.rc terraform.rc
## Docker
.env
## Kubernetes
/kubernetes/cluster/apps/staging

7
ansible/playbooks/apt.yml Normal file
View file

@ -0,0 +1,7 @@
- hosts: "*"
become: yes
tasks:
- name: apt
apt:
update_cache: yes
upgrade: 'yes'

33
ansible/playbooks/deploy.yml Normal file
View file

@ -0,0 +1,33 @@
---
- name: Deploy application
hosts: "{{ target_host }}"
vars:
repo_path: "/home/{{ ansible_user }}/Auto-Homelab/{{ folder }}"
tasks:
- name: Ensure the repository is up-to-date
shell: git pull
args:
chdir: "{{ repo_path }}"
register: git_pull_output
- name: Display git pull output
debug:
var: git_pull_output.stdout_lines
- name: Restart services
command: docker compose up -d
args:
chdir: "{{ repo_path }}"
register: docker_compose_output
- name: Display docker output
debug:
var: docker_compose_output.stdout_lines
- name: Run Docker Command
command: docker ps
register: docker_output
- name: Display Docker Output
debug:
var: docker_output.stdout_lines

24
ansible/playbooks/git-pull-reset.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Reset and Pull Git Repository
hosts: all
tasks:
- name: Change to Auto-Homelab directory
shell: cd ~/Auto-Homelab
args:
chdir: "/home/{{ ansible_user }}"
environment:
HOME: "/home/{{ ansible_user }}"
- name: Git Pull
shell: git pull
args:
chdir: "/home/{{ ansible_user }}/Auto-Homelab"
environment:
HOME: "/home/{{ ansible_user }}"
- name: Git Reset
shell: git reset --hard origin/main
args:
chdir: "/home/{{ ansible_user }}/Auto-Homelab"
environment:
HOME: "/home/{{ ansible_user }}"

15
ansible/playbooks/qemu-guest-agent.yml Normal file
View file

@ -0,0 +1,15 @@
- name: Install and start qemu-guest-agent
hosts: "*"
tasks:
- name: Install qemu-guest-agent
apt:
name: qemu-guest-agent
state: present
update_cache: true
become: true
- name: Start qemu-guest-agent service
systemd:
name: qemu-guest-agent
state: started
become: true

16
ansible/playbooks/timezone.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Set timezone and configure timesyncd
hosts: "*"
become: yes
tasks:
- name: set timezone
shell: timedatectl set-timezone America/New_York
- name: Make sure timesyncd is stopped
systemd:
name: systemd-timesyncd.service
state: stopped
- name: Make sure timesyncd is started
systemd:
name: systemd-timesyncd.service
state: started

11
docker/AI/README.md Normal file
View file

@ -0,0 +1,11 @@
## VM
Self hosted on Proxmox Node 2. Has GPU passthrough
## Specs
- 6 core host
- 32GB RAM
- 256GB Storage
- Nvidia GTX 1660 6GB (Needs Upgrade)
## OS
[![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/)
### Hypervisor
[![Proxmox](https://img.shields.io/badge/-Proxmox-%23c9d1d9?logo=Proxmox)](https://www.proxmox.com)

45
docker/AI/docker-compose.yml Normal file
View file

@ -0,0 +1,45 @@
version: "3.8"
services:
ollama:
image: docker.mafyuh.xyz/ollama/ollama:0.1.45
container_name: ollama
restart: unless-stopped
volumes:
- ollama:/root/.ollama
ports:
- "11434:11434"
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: all
capabilities: [gpu]
open-webui:
image: ghcr.io/open-webui/open-webui:0.3.5
container_name: open-webui
restart: unless-stopped
ports:
- 3000:8080
volumes:
- open-webui:/app/backend/data
extra_hosts:
- host.docker.internal:host-gateway
mindsdb:
image: docker.mafyuh.xyz/mindsdb/mindsdb:v24.6.3.1
container_name: mindsdb
ports:
- 47334:47334
- 47335:47335
volumes:
- /home/mafyuh/mindsdb:/root/mindsdb
restart: unless-stopped
volumes:
ollama:
external: true
open-webui:
external: true

312
docker/README.md Normal file
View file

@ -0,0 +1,312 @@
[![Yamllint](https://git.mafyuh.dev/mafyuh/Auto-Homelab/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/Auto-Homelab/actions)
[![Yamllint](https://git.mafyuh.dev/mafyuh/Auto-Homelab/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/Auto-Homelab/actions)
[![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions)
[![Pulls](https://git.mafyuh.dev/mafyuh/Auto-Homelab/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/Auto-Homelab/pulls)
![Header Image](https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/header_.png)
<div align="center">
# Auto-Homelab
Homelab docker-compose environment defined in code. Using Forgejo Actions and Renovate bot for CI, AWX Tower and Forgejo Actions for CD. This is how I keep my Homelab UTD.
</div>
<p align="center">
<a href="https://git.mafyuh.dev/mafyuh/Auto-Homelab/wiki">Wiki</a> |
<a href="https://loganmarchione.com/2022/10/how-to-run-renovate-on-a-self-hosted-gitea-and-drone-instance/">How to Setup</a> |
<a href="https://mafyuh.com">Blog</a> |
<a href="https://www.youtube.com/watch?v=5CkCr9U_Q1Y">Inspiration</a> |
<a href="https://git.mafyuh.dev/mafyuh/IaC-Homelab">Infrastructure</a>
</p>
<div align="center">
| Hypervisor | OS | Tools | VPS (arm) | Firewall |
|---|---|---|---|---|
| [![Proxmox](https://img.shields.io/badge/-Proxmox-%23c9d1d9?logo=Proxmox)](https://www.proxmox.com) | [![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/) [![Ubuntu](https://img.shields.io/badge/Ubuntu_24-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/noble/) | [![Forgejo](https://img.shields.io/badge/-Forgejo-%23c9d1d9?logo=forgejo&logoColor=orange)](https://forgejo.org/) [![Docker](https://img.shields.io/badge/-Docker-%23c9d1d9?logo=docker)](https://www.docker.com/) | [![Oracle](https://img.shields.io/badge/-Oracle_Cloud-%23c9d1d9?logo=oracle&logoColor=red)](https://www.oracle.com/cloud/) | [![pfSense](https://img.shields.io/badge/-pfSense-%23c9d1d9?logo=pfsense&logoColor=blue)](https://www.pfsense.org/) |
</div>
<div align="center">
## Apps in Repo:
<table>
<tr>
<th>Logo</th>
<th>Name</th>
<th>Description</th>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/adguardhome.svg"></td>
<td><a href="https://adguard.com/en/adguard-home/overview.html">AdGuard Home</a></td>
<td>Network Wide DNS adblock as well as my DNS server (2/2)</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/adguardhomesync-icon.png"></td>
<td><a href="https://docs.linuxserver.io/images/docker-adguardhome-sync/">AdGuard Home Sync</a></td>
<td>Syncs my instances of Adguard</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/authentik.svg"></td>
<td><a href="https://goauthentik.io/">authentik</a></td>
<td>Open Source Identity Provider </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/bazarr.svg"></td>
<td><a href="https://www.bazarr.media/">Bazarr</a></td>
<td>Downloads subtitles for Radarr/Sonarr</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/cloudflare.svg"></td>
<td><a href="https://www.cloudflare.com/products/tunnel/">Cloudflare Tunnels</a></td>
<td>How I expose some of these services</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://upload.wikimedia.org/wikipedia/commons/thumb/9/9a/Codeberg_logo.svg/1200px-Codeberg_logo.svg.png"></td>
<td><a href="https://codeberg.org/Codeberg/pages-server">Codeberg Pages</a></td>
<td>Github Pages for Gitea installs. hosts https://mafyuh.co</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/kiranshila/Doplarr/main/logos/logo.svg"></td>
<td><a href="https://github.com/kiranshila/Doplarr">Doplarr</a></td>
<td>Allows my users to request content through Discord if they choose</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/FlareSolverr/FlareSolverr/master/resources/flaresolverr_logo.svg"></td>
<td><a href="https://github.com/FlareSolverr/FlareSolverr">FlareSolverr</a></td>
<td>Proxy server to bypass Cloudflare and DDoS-GUARD protection</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/forgejo.svg"></td>
<td><a href="https://forgejo.org/">Forgejo</a></td>
<td>This site</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/forgejo.svg"></td>
<td><a href="https://code.forgejo.org/forgejo/runner">Forgejo Runner</a></td>
<td>Runs CI/CD tasks Yamllint and Renovatebot and CD through AWX</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/gotify.svg"></td>
<td><a href="https://gotify.net/">Gotfiy</a></td>
<td>Self hosted notification service</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/homarr.svg"></td>
<td><a href="https://homarr.dev/docs/getting-started/installation/">Homarr</a></td>
<td>Homelab dashboard that integrates with the arr's so I see data in 1 place</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/jellyfin.svg"></td>
<td><a href="https://github.com/jellyfin/jellyfin">Jellyfin</a></td>
<td>Open Source Streaming Service for home media like Plex</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/jellyseerr.svg"></td>
<td><a href="https://github.com/Fallenbagel/jellyseerr">Jellyseerr</a></td>
<td>Request platform for my Jellyfin user's to request content</a></td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/docker.svg"></td>
<td><a href="https://github.com/hrfee/jfa-go">jfa-go</a></td>
<td>Used for some PPV/Live TV automations to create users for certain periods of time</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/kasm.svg"></td>
<td><a href="https://docs.linuxserver.io/images/docker-kasm/">Kasm</a></td>
<td>Docker container streaming platform for browser-based access to desktops, applications, and web services</a></td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/lidarr.svg"></td>
<td><a href="https://wiki.servarr.com/en/lidarr">Lidarr</a></td>
<td>Music Collection Manager</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/LinkStackOrg/branding/main/logo/svg/logo_animated.svg"></td>
<td><a href="https://github.com/LinkStackOrg/linkstack-docker">LinkStack</a></td>
<td>Creating a static links page for my Jellyfin users</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,w_60,h_60/https://dashboard.snapcraft.io/site_media/appmedia/2020/03/makemkv.png"></td>
<td><a href="https://github.com/jlesage/docker-makemkv">MakeMKV</a></td>
<td>Used to rip Bluray's with my LG BU40N drive </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://avatars.githubusercontent.com/u/31035808?s=200&v=4"></td>
<td><a href="https://docs.mindsdb.com/what-is-mindsdb">mindsdb</a></td>
<td>Connects Ollama models to 100+ different databases, easy to use.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/nbxyz-logo.svg"></td>
<td><a href="https://netboot.xyz/">Netboot.xyz</a></td>
<td>Network boot instead of using my ventoy USB</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/nginxproxymanager.svg"></td>
<td><a href="https://nginxproxymanager.com/">Nginx Proxy Manager</a></td>
<td>Reverse Proxy used for its simplicity (1/3)</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/n8n.svg"></td>
<td><a href="https://n8n.io">n8n</a></td>
<td>Self hosted automation platform, Zapier alternative, switched from ActivePieces</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://ollama.com/public/ollama.png"></td>
<td><a href="https://ollama.com/">Ollama</a></td>
<td>Easiest way to run LLM's on your own hardware</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://github.com/open-webui/open-webui/blob/main/static/favicon.png?raw=true"></td>
<td><a href="https://github.com/open-webui/open-webui">open-webui</a></td>
<td>Creates a ChatGPT like web interface for talking to Ollama models</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/portainer.svg"></td>
<td><a href="https://github.com/portainer/portainer">Portainer</a></td>
<td>Web-based management for learning Kubernetes, I learned Docker this way and will Kub as well</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/prowlarr.svg"></td>
<td><a href="https://prowlarr.com/">Prowlarr</a></td>
<td>Searches indexers for Radarr/Sonarr</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/qbittorrent.svg"></td>
<td><a href="https://github.com/binhex/arch-qbittorrentvpn">qBittorrent VPN</a></td>
<td>Modified qBittorrent with VPN killswitch enabled</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/radarr.svg"></td>
<td><a href="https://radarr.video/">Radarr</a></td>
<td>Movie Collection Manager</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/sabnzbd.svg"></td>
<td><a href="https://sabnzbd.org/">Sabnzbd</a></td>
<td>Usenet downloader to download content</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/sonarr.svg"></td>
<td><a href="https://wiki.servarr.com/sonarr">Sonarr</a></td>
<td>Radarr, but for TV Shows</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://www.gravatar.com/avatar/614e0f6491dbb293e540190b02b3024e?s=120&r=g&d=404"></td>
<td><a href="https://hub.docker.com/r/sonatype/nexus3/">Sonatype Nexus</a></td>
<td>Self-hosted Docker registry to help lower Docker pulls</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/syncthing.svg"></td>
<td><a href="https://syncthing.net/">Syncthing</a></td>
<td>How I backup all config files, following 3-2-1 backup procedure</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://play-lh.googleusercontent.com/GBhNhKgjfy6i6Ucc0hyB-79WmcV7LvKSfGSy8iStFdZSaLioKQp5rPWjqsh2YFRRZsE1"></td>
<td><a href="https://twingate.com">Twingate Connectors</a></td>
<td>Main VPN between homelab and cloud VPS's</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/uptimekuma.svg"></td>
<td><a href="https://github.com/louislam/uptime-kuma">Uptime Kuma</a></td>
<td>Self hosted service uptime tracker</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/openai-black.svg"></td>
<td><a href="https://github.com/ahmetoner/whisper-asr-webservice">Whisper</a></td>
<td>AI Model that I use to generate subtitles for Bazarr when they can't be found</td>
</tr>
</table>
</div>
<div align="center">
## Apps not yet in repo:
<table>
<tr>
<th>Logo</th>
<th>Name</th>
<th>Description</th>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/ansible-black.svg"></td>
<td><a href="https://github.com/ansible/awx">AWX (Ansible Tower)</a></td>
<td>Used to easily run Ansible playbooks on all my VM's, and now CD for this repo, installed on K3s</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/grafana.svg"></td>
<td><a href="https://hub.docker.com/r/grafana/grafana-oss">Grafana</a></td>
<td>Monitoring for various services</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/wordpress.svg"></td>
<td><a href="https://wordpress.org/">Wordpress</a></td>
<td>WooCommerce store setup for JF PPV access</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://upload.wikimedia.org/wikipedia/commons/3/31/Apache_Guacamole_logo.png"></td>
<td><a href="https://guacamole.apache.org/">Guacamole</a></td>
<td>Remote access in browser via SSH, RDP, VNC, etc</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/homeassistant.svg"></td>
<td><a href="https://www.home-assistant.io/">Home Assistant</a></td>
<td>Slowly migrating over to Home Assistant from Google Home</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/plausible.svg"></td>
<td><a href="https://plausible.io/">Plausible</a></td>
<td>Analytics tracker for certain websites (Blog)</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/wazuh.svg"></td>
<td><a href="https://wazuh.com/">wazuh</a></td>
<td>Security platform monitoring everything with agents installed on all VM's</td>
</tr>
</table>
</div>
<div align="center">
## Full Workflow Chart
</div>
```mermaid
graph TD
A1((Renovate Bot Scans for Updates)) --> A2{Updates Found?}
A2 -- Yes --> B[Make PR]
A2 -- No --> C(End)
B --> D{PR Merged?}
D -- No --> E(End)
subgraph Handle Merged PR
D -- Yes --> F[Extract Host]
F --> G[SSH to Host Machine]
G --> H[Git Pull & Docker Compose Up]
H --> I(End)
end
subgraph Notification on PR Creation
B --> P[Notify via Gotify]
end
subgraph Release Notes Handling
Q((PR Webhook Received)) --> R{PR Open?}
R -- No --> S(End)
R -- Yes --> T[Hit GitHub API for Release Notes]
T --> U[Extract PR Number from webhook]
U --> W[API Call to Foregjo to leave Release Notes]
W --> S
end
P --> Q
```
## To-Do
[View Project Board](https://git.mafyuh.dev/mafyuh/Auto-Homelab/projects/1)

22
docker/ag-backup/docker-compose.yml Normal file
View file

@ -0,0 +1,22 @@
---
services:
adguardhome:
image: docker.mafyuh.xyz/adguard/adguardhome:v0.107.51
container_name: adguardhome
restart: unless-stopped
volumes:
- /home/mafyuh/adguard/work:/opt/adguardhome/work
- /home/mafyuh/adguard/conf:/opt/adguardhome/conf
ports:
- 53:53/tcp
- 53:53/udp
- 80:80/tcp
- 443:443/tcp
- 443:443/udp
- 3000:3000/tcp
- 853:853/tcp
- 784:784/udp
- 853:853/udp
- 8853:8853/udp
- 5443:5443/tcp
- 5443:5443/udp

36
docker/ag-main/docker-compose.yml Normal file
View file

@ -0,0 +1,36 @@
---
services:
adguardhome:
image: docker.mafyuh.xyz/adguard/adguardhome:v0.107.51
container_name: adguardhome
restart: unless-stopped
volumes:
- /home/mafyuh/adguard/work:/opt/adguardhome/work
- /home/mafyuh/adguard/conf:/opt/adguardhome/conf
ports:
- 53:53/tcp
- 53:53/udp
- 80:80/tcp
- 443:443/tcp
- 443:443/udp
- 3000:3000/tcp
- 853:853/tcp
- 784:784/udp
- 853:853/udp
- 8853:8853/udp
- 5443:5443/tcp
- 5443:5443/udp
adguardhome-sync:
image: ghcr.io/linuxserver/adguardhome-sync@sha256:67962a0e15bf1a41e4bc0083d93d7e0268ad6431482c337ef49d5f2673c36c71
container_name: adguardhome-sync
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- CONFIGFILE=/config/adguardhome-sync.yaml
volumes:
- /home/mafyuh/adguard/sync:/config
ports:
- 8080:8080
restart: unless-stopped

15
docker/arm/README.md Normal file
View file

@ -0,0 +1,15 @@
## Cloud VM
Part of Oracle's Always Free VM's I was able to grab with https://github.com/hitrov/oci-arm-host-capacity
*Account is on PAYG but I don't have any monthly fees. Oracle likes to remove free tier accounts
[![Oracle](https://img.shields.io/badge/-Oracle_Cloud-%23c9d1d9?logo=oracle&logoColor=red)](https://www.oracle.com/cloud/)
## Specs
- 4 core ARM
- 24GB RAM
- Currently 150GB Storage (will expand)
## OS
[![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/)

165
docker/arm/docker-compose.yml Normal file
View file

@ -0,0 +1,165 @@
---
services:
server:
image: codeberg.org/forgejo/forgejo:7.0.4
container_name: forgejo
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=db:3306
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=$GITEA__database__PASSWD
restart: always
networks:
- gitea_main
volumes:
- /home/ubuntu/forgejo/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3002:3000"
- "23:22"
depends_on:
- db
db:
image: mysql:8
restart: always
environment:
- MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
- MYSQL_USER=gitea
- MYSQL_PASSWORD=$MYSQL_PASSWORD
- MYSQL_DATABASE=gitea
networks:
- gitea_main
volumes:
- /home/ubuntu/forgejo/mysql:/var/lib/mysql
gotify:
image: docker.mafyuh.xyz/gotify/server-arm7:2.4.0
container_name: gotify
ports:
- 9008:80
volumes:
- /docker/appdata/gotify:/app/data
restart: unless-stopped
environment:
- TZ=America/New_York
- GOTIFY_DEFAULTUSER_NAME=$GOTIFY_DEFAULTUSER_NAME
- GOTIFY_DEFAULTUSER_PASS=$GOTIFY_DEFAULTUSER_PASS
networks:
- gitea_main
nginx-proxy-manager:
image: docker.mafyuh.xyz/jc21/nginx-proxy-manager:2.11.2
container_name: nginx-proxy-manager
ports:
- 80:80
- 81:81
- 443:443
volumes:
- /docker/appdata/nginx/data:/data
- /docker/appdata/nginx/letsencrypt:/etc/letsencrypt
restart: unless-stopped
networks:
- gitea_main
uptime-kuma:
image: docker.mafyuh.xyz/louislam/uptime-kuma:1.23.13
container_name: uptime-kuma
ports:
- 3001:3001
volumes:
- /docker/appdata/kuma:/app/data
restart: unless-stopped
networks:
- gitea_main
jellyseerr:
image: docker.mafyuh.xyz/fallenbagel/jellyseerr:1.9.2
container_name: jellyseerr
ports:
- 5055:5055
volumes:
- /docker/appdata/jellyseerr:/app/config
environment:
- TZ=America/New_York
- LOG_LEVEL=debug
restart: unless-stopped
networks:
- gitea_main
linkstack:
image: docker.mafyuh.xyz/linkstackorg/linkstack@sha256:ad2ec7ffa69f4b04367313d1b95566bb00955b9670eb5467fd4fab39dd1f53c1
container_name: linkstack
ports:
- 8005:80
- 8006:443
volumes:
- linkstack:/htdocs
environment:
- HTTP_SERVER_NAME=$HTTP_SERVER_NAME
- HTTPS_SERVER_NAME=$HTTP_SERVER_NAME
- SERVER_ADMIN=$SERVER_ADMIN
restart: unless-stopped
networks:
- gitea_main
n8n:
image: ghcr.io/n8n-io/n8n:1.47.0
container_name: n8n
ports:
- 5678:5678
volumes:
- n8n_data:/home/node/.n8n
environment:
- GENERIC_TIMEZONE=America/New_York
- TZ=America/New_York
- WEBHOOK_URL=$WEBHOOK_URL
restart: unless-stopped
networks:
- gitea_main
vaultwarden:
image: docker.mafyuh.xyz/vaultwarden/server:1.30.5
container_name: vaultwarden
ports:
- 8989:80
volumes:
- /home/ubuntu/vw-data/:/data
environment:
- DOMAIN=$VWDOMAIN
- SIGNUPS_ALLOWED=false
restart: unless-stopped
networks:
gitea_main:
ipv4_address: 172.25.0.25
syncthing:
image: ghcr.io/linuxserver/syncthing@sha256:6e70dd0cc0ddb038a8f58cf0945d6659b13c984f11d708407469bf16d520574c
container_name: syncthing
hostname: ARM #optional
environment:
- PUID=0
- PGID=0
- TZ=Etc/UTC
volumes:
- /home/ubuntu/syncthing/config:/config
- /docker/appdata/:/docker/appdata/
- /home/ubuntu/:/home/ubuntu/
ports:
- 8384:8384
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
restart: unless-stopped
networks:
gitea_main:
external: true
volumes:
linkstack:
n8n_data:

10
docker/arrs/README.md Normal file
View file

@ -0,0 +1,10 @@
## VM
Self hosted on Proxmox Node 1. Full *arr suite
## Specs
- 4 core host
- 6GB RAM
- 128GB Storage
## OS
[![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/)
### Hypervisor
[![Proxmox](https://img.shields.io/badge/-Proxmox-%23c9d1d9?logo=Proxmox)](https://www.proxmox.com)

162
docker/arrs/docker-compose.yml Normal file
View file

@ -0,0 +1,162 @@
---
services:
bazarr:
image: ghcr.io/linuxserver/bazarr@sha256:6fb83511c0dca70a400fde79cb45ed59c4f66ea30dcba8c6f9274f01d77e5aef
container_name: bazarr
ports:
- "6767:6767"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/bazarr:/config
- /data/media:/data/media
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
lidarr:
image: ghcr.io/linuxserver/lidarr@sha256:a7d0282dcdbf5b11306cc4054c11b42252106b5e8494375231322822d31ac9f6
container_name: lidarr
ports:
- "8686:8686"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/lidarr:/config
- /data:/data
- /docker/appdata/lidarr-extended:/custom-services.d
- /docker/appdata/lidarr-extended1:/custom-cont-init.d
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
prowlarr:
image: ghcr.io/linuxserver/prowlarr@sha256:237e9a72c11c5350bf22e355759436ecd4fd660e820d5b556d9a9e436f25f6b9
container_name: prowlarr
ports:
- "9696:9696"
volumes:
- /docker/appdata/prowlarr:/config
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
radarr:
image: ghcr.io/linuxserver/radarr@sha256:40f10a3d826f6c231d338738c3c86bf0d23a9546f20f8b1b504c6c579b79992c
container_name: radarr
ports:
- "7878:7878"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/radarr:/config
- /data:/data
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
sonarr:
image: ghcr.io/linuxserver/sonarr@sha256:275467ba17d990bbc6301dec3cc76b042969836749de39067818759d0f3b407f
container_name: sonarr
ports:
- "8989:8989"
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/sonarr:/config
- /data:/data
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:0.15.3
restart: unless-stopped
volumes:
- /docker/appdata/homarr/configs:/app/data/configs
- /docker/appdata/homarr/icons:/app/public/icons
- /docker/appdata/homarr/data:/data
ports:
- '7575:7575'
environment:
- AUTH_PROVIDER=oidc
- AUTH_OIDC_URI=${AUTH_OIDC_URI}
- AUTH_OIDC_CLIENT_SECRET=${AUTH_OIDC_CLIENT_SECRET}
- AUTH_OIDC_CLIENT_ID=${AUTH_OIDC_CLIENT_ID}
- AUTH_OIDC_CLIENT_NAME=authentik
- BASE_URL=${BASE_URL}
- NEXTAUTH_URL=${NEXTAUTH_URL}
- AUTH_OIDC_ADMIN_GROUP=${AUTH_OIDC_ADMIN_GROUP}
doplarr:
image: ghcr.io/linuxserver/doplarr@sha256:20981fa1a4087d5369b9eaf756ab179352e05fe914b88c36f468ee3cd9a1ce98
container_name: doplarr
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
- DISCORD__TOKEN=${DISCORD__TOKEN}
- RADARR__API=${RADARR__API}
- RADARR__URL=${RADARR__URL}
- SONARR__API=${SONARR__API}
- SONARR__URL=${SONARR__URL}
- DISCORD__MAX_RESULTS=${DISCORD__MAX_RESULTS}
- DISCORD__REQUESTED_MSG_STYLE=${DISCORD__REQUESTED_MSG_STYLE}
- SONARR__QUALITY_PROFILE=${SONARR__QUALITY_PROFILE}
- RADARR__QUALITY_PROFILE=${RADARR__QUALITY_PROFILE}
- SONARR__ROOTFOLDER=${SONARR__ROOTFOLDER}
- RADARR__ROOTFOLDER=${RADARR__ROOTFOLDER}
- PARTIAL_SEASONS=${PARTIAL_SEASONS}
- LOG_LEVEL=${LOG_LEVEL}
- JAVA_OPTS=${JAVA_OPTS}
volumes:
- /docker/appdata/doplarr/config:/config
restart: unless-stopped
jfa-go:
image: docker.mafyuh.xyz/hrfee/jfa-go
container_name: jfa-go
ports:
- 8056:8056
volumes:
- /docker/appdata/jfa-go/config:/data
- /etc/localtime:/etc/localtime:ro
cadvisor:
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
ports:
- 9999:8080
container_name: cadvisor
privileged: true
devices:
- /dev/kmsg
image: gcr.io/cadvisor/cadvisor:v0.49.1
syncthing:
image: ghcr.io/linuxserver/syncthing@sha256:6e70dd0cc0ddb038a8f58cf0945d6659b13c984f11d708407469bf16d520574c
container_name: syncthing
hostname: ARRS
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /docker/appdata/syncthing/config:/config
- /docker/appdata/:/docker/appdata/
ports:
- 8384:8384
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
restart: unless-stopped
networks:
default:
name: arrs_default

96
docker/authentik/docker-compose.yml Normal file
View file

@ -0,0 +1,96 @@
---
version: "3.4"
services:
postgresql:
image: docker.io/library/postgres:12-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
env_file:
- .env
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
server:
image: ghcr.io/goauthentik/server@sha256:a2e592a08eb3c9e3435aa4e6585d60cc1eb54850da9d1498d56a131bbfbe03ff
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- /home/mafyuh/media:/media
- /home/mafyuh/custom-templates:/templates
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
- postgresql
- redis
worker:
image: ghcr.io/goauthentik/server@sha256:a2e592a08eb3c9e3435aa4e6585d60cc1eb54850da9d1498d56a131bbfbe03ff
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/mafyuh/media:/media
- /home/mafyuh/certs:/certs
- /home/mafyuh/custom-templates:/templates
env_file:
- .env
depends_on:
- postgresql
- redis
authentik_ldap:
image: ghcr.io/goauthentik/ldap@sha256:7f317da9b736dec3e53b71b7face1787d4f15aee00e80d003e5ff3b2d49ee382
ports:
- 389:3389
- 636:6636
environment:
AUTHENTIK_HOST: ${AUTH_HOST}
AUTHENTIK_INSECURE: "true"
AUTHENTIK_TOKEN: ${AUTH_TOKEN}
volumes:
database:
driver: local
redis:
driver: local

1
docker/cf/.env.example Normal file
View file

@ -0,0 +1 @@
CF_TOKEN=your-cf-tunnel-token

6
docker/cf/docker-compose.yml Normal file
View file

@ -0,0 +1,6 @@
---
services:
cf-tunnel:
restart: unless-stopped
image: docker.mafyuh.xyz/cloudflare/cloudflared@sha256:f6e9fff347602b8e70f1765127abc96f3b8d1af4cc46185913a043edab75ae5b
command: tunnel --no-autoupdate run --token $CF_TOKEN

10
docker/downloaders/README.md Normal file
View file

@ -0,0 +1,10 @@
## VM
Self hosted on Proxmox Node 1. Downloads media as well as Flaresolverr.
## Specs
- 3 core host
- 8GB RAM
- 256GB Storage
## OS
[![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/)
### Hypervisor
[![Proxmox](https://img.shields.io/badge/-Proxmox-%23c9d1d9?logo=Proxmox)](https://www.proxmox.com)

79
docker/downloaders/docker-compose.yml Normal file
View file

@ -0,0 +1,79 @@
version: '3.9'
services:
sabnzbd:
image: ghcr.io/linuxserver/sabnzbd@sha256:4fb40ea724abc25cf9496cdbc8e528aa0882132737e49c5e712c264284fa7b94
container_name: sabnzbd
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /etc/localtime:/etc/localtime:ro
- /docker/appdata/sabnzbd:/config
- /data/usenet:/data/usenet:rw
ports:
- 8080:8080
restart: unless-stopped
arch-qbittorrentvpn:
image: docker.mafyuh.xyz/binhex/arch-qbittorrentvpn:4.6.5-1-03
container_name: qbittorrentvpn
volumes:
- '/docker/appdata/qbitty:/config'
- '/data/torrents/:/data/torrents'
- '/etc/localtime:/etc/localtime:ro'
ports:
- '49550:49550'
- '49551:8118'
environment:
- VPN_ENABLED=yes
- VPN_PROV=protonvpn
- VPN_CLIENT=wireguard
- VPN_USER=mafyuh+pmp
- VPN_PASS=
- STRICT_PORT_FORWARD=yes
- LAN_NETWORK=10.0.0.0/24,10.69.69.0/24
- ENABLE_PRIVOXY=yes
- PUID=1000
- PGID=1000
- WEBUI_PORT=49550
- UMASK=1000
- DEBUG=false
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
privileged: true
network_mode: bridge
restart: unless-stopped
flaresolverr:
image: ghcr.io/flaresolverr/flaresolverr:v3.3.20
container_name: flaresolverr
ports:
- '8191:8191'
environment:
- LOG_LEVEL=info
restart: unless-stopped
cadvisor:
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
ports:
- 9999:8080
container_name: cadvisor
privileged: true
devices:
- /dev/kmsg
image: gcr.io/cadvisor/cadvisor:v0.49.1
node-exporter:
image: docker.mafyuh.xyz/prom/node-exporter:v1.8.1
container_name: monitoring_node_exporter
restart: unless-stopped
ports:
- 9100:9100

12
docker/jellyfin/README.md Normal file
View file

@ -0,0 +1,12 @@
# Homelab Physical Machine
Bought an old Dell Optiplex 3050 as it supports NVMe storage, DDR4 RAM, Disk reader slot which I exchanged for a LibreDrive compatible drive, and has an extra PCIe slot with just enough room for a low profile GPU.
## Specs
- Intel i5-6500 (4 core)
- 16GB DDR4 RAM
- Intel Arc A310 GPU (transcoding)
- 500GB NVMe SSD
- LG BU40N UHD Bluray drive
## OS
[![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/)

53
docker/jellyfin/docker-compose.yml Normal file
View file

@ -0,0 +1,53 @@
---
services:
jellyfin:
image: ghcr.io/linuxserver/jellyfin@sha256:a363aa018edee61bcee46be5f8dbd0db2a317b2bc0f95121a46e522d798c2a63
container_name: jellyfin
devices:
- /dev/dri/renderD129:/dev/dri/renderD129
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- DOCKER_MODS=linuxserver/mods:jellyfin-opencl-intel
volumes:
- /home/mafyuh/jellyfin/config:/config
- /mnt/thePoolShare/Media:/Media
- /home/mafyuh/jellyfin/transcodes:/transcodes
- /home/mafyuh/jellyfin/cache:/nvmecache
- /home/mafyuh/jellyfin/metadata:/nvmemetadata
ports:
- 8096:8096
restart: unless-stopped
makemkv:
image: docker.mafyuh.xyz/jlesage/makemkv@sha256:7af8a5d70006cbf0fc5ea54971779bc8b35f976dd844db173f5bc28ae97876b7
container_name: makemkv
ports:
- 5800:5800
volumes:
- /docker/appdata/makemkv:/config:rw
- /home/mafyuh/makemkv/storage:/storage:rw
- /mnt/thePoolShare/Media/BR:/output:rw
devices:
- /dev/sr0:/dev/sr0
privileged: true
syncthing:
image: ghcr.io/linuxserver/syncthing@sha256:6e70dd0cc0ddb038a8f58cf0945d6659b13c984f11d708407469bf16d520574c
container_name: syncthing
hostname: JF
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /docker/appdata/syncthing/config:/config
- /docker/appdata/:/docker/appdata/
- /home/mafyuh/jellyfin/:/home/mafyuh/jellyfin/
ports:
- 8384:8384
- 22000:22000/tcp
- 22000:22000/udp
- 21027:21027/udp
restart: unless-stopped

14
docker/kasm/docker-compose.yml Normal file
View file

@ -0,0 +1,14 @@
---
services:
kasm:
image: ghcr.io/linuxserver/kasm@sha256:95c8d5d0f588cb3982da344c34b6acbebb5f428176947a923e5cc0cec4710f4d
container_name: kasm
privileged: true
environment:
- KASM_PORT=443
volumes:
- /docker/appdata/kasm:/opt
ports:
- 3000:3000
- 443:443
restart: unless-stopped

17
docker/netboot/docker-compose.yml Normal file
View file

@ -0,0 +1,17 @@
---
services:
netbootxyz:
image: ghcr.io/linuxserver/netbootxyz@sha256:dce6b2c729611f1090f2e6479b764d98aef24cc340d018d923fa6678fcbf330e
container_name: netboot
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
volumes:
- /home/mafyuh/netboot/config:/config
- /home/mafyuh/netboot/assets:/assets
ports:
- 3000:3000
- 69:69/udp
- 8080:80
restart: unless-stopped

11
docker/nexus/docker-compose.yml Normal file
View file

@ -0,0 +1,11 @@
---
services:
nexus:
image: docker.mafyuh.xyz/sonatype/nexus3:3.69.0
container_name: nexus
restart: unless-stopped
ports:
- 8081:8081
- 8082:8082
volumes:
- /docker/appdata/nexus:/nexus-data ## To get to work run: sudo chown -R 200 /docker/appdata/nexus/ | cat /docker/appdata/nexus/admin.password

21
docker/pages/docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
---
services:
pages:
image: codeberg.org/codeberg/pages-server:v5.1
container_name: codeberg-pages
environment:
- GITEA_ROOT=https://git.mafyuh.dev
- GITEA_API_TOKEN=$GITEA_API_TOKEN
- ACME_ACCEPT_TERMS=true
- CLOUDFLARE_EMAIL=$CLOUDFLARE_EMAIL
- CLOUDFLARE_API_KEY=$CLOUDFLARE_API_KEY
- DNS_PROVIDER=cloudflare
- PAGES_DOMAIN=mafyuh.co
- CF_ZONE_API_TOKEN=$CF_ZONE_API_TOKEN
- CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN
- ENABLE_HTTP_SERVER=false
ports:
- "80:80"
- "443:443"
volumes:
- /home/ubuntu/pages/datanew:/data

15
docker/portainer/docker-compose.yml Normal file
View file

@ -0,0 +1,15 @@
services:
portainer:
image: docker.mafyuh.xyz/portainer/portainer-ee@sha256:0aa305da72738d9f90a209bf74bdc74172004690fa298f52d5f92dd065f26aea
container_name: portainer
command: -H unix:///var/run/docker.sock
ports:
- "9000:9000"
- "9443:9443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "portainer_data:/data"
restart: always
volumes:
portainer_data:

4167
docker/scripts/CD.json Normal file
View file

File diff suppressed because it is too large Load diff

74
docker/scripts/README.md Normal file
View file

@ -0,0 +1,74 @@
# n8n Continuous Deployment
Previously used this script for CD, it worked, but I wanted an instant deployment and not just ran on a schedule. So I created an n8n automation. Here's the visual breakdown:
```mermaid
graph LR
A((Webhook Received)) --> B{PR Merged?}
B -- No --> C(End)
B -- Yes --> D{Extract App Name}
D --> E{SSH to Host Machine}
E --> F{Git Pull & Docker Compose Up}
F --> G{Error?}
G -- Yes --> H[Send Gotify Notification]
G -- No --> I[Extract PR Number]
I --> J[Add PR Number to Forgejo API URL]
J --> K[Send Review with Logs]
K --> L(End)
H --> L
```
## Outline
- Webhook is sent whenever a PR is merged
- Filters out any new, edited or re-opened PR's
- Checks the PR title for app name, which is filtered so each SSH session matches based on the IF conditions.
- SSH in to the machine that hosts that docker compose stack running git pull and docker compose up -d
- Optional, If there is any error message we sent Gotify a link to the PR and error message
- Set number from JSON to number in n8n
- Add that number to URL of API request to Forgejo which we add a review with the logs if no errors. https://git.mafyuh.dev/mafyuh/Auto-Homelab/pulls/222#issuecomment-1799
The only exception is n8n itself. Which for now I will manually update.
To import this into your n8n, create a new workflow, top right click 3 dots - Import from URL and paste https://git.mafyuh.dev/mafyuh/Auto-Homelab/raw/branch/main/scripts/CD.json
## dccd instructions (no longer used besides ag-backup)
Modified version of https://github.com/loganmarchione/dccd, with Gotify notification on error and allowing to choose which directory is cd'd into before running script. I run this on each docker host through crontab every 30 minutes, just adding the -f flag with the folder which that host represents. So each directory represents a host
Clone this repo:
```
git clone https://git.mafyuh.dev/mafyuh/Auto-Homelab.git
```
Make executable:
```
sudo chmod +x /home/mafyuh/Auto-Homelab/scripts/dccd.sh
```
Example:
```
./dccd.sh -b main -d /home/mafyuh/Auto-Homelab -p -f 'arrs'
```
Crontab every 30 mins:
```
*/30 * * * * /home/mafyuh/Auto-Homelab/scripts/dccd.sh -b main -d /home/mafyuh/Auto-Homelab -l /tmp/dccd.txt -p -f 'arrs'
```
View Logs:
```
cat /tmp/dccd.txt
```
Export Variables:
```
export GOTIFY_BASE_URL="https:go.example.com"
export GOTIFY_TOKEN="token"
```
Full Usage:
```
Options:
-b <name> Specify the remote branch to track (default: main)
-d <path> Specify the base directory of the git repository (required)
-h Show this help message
-l <path> Specify the path to the log file (default: /tmp/dccd.log)
-p Specify if you want to prune docker images (default: don't prune)
-x <path> Exclude directories matching the specified pattern (relative to the base directory)
-f <pattern> Specify the pattern for folder names to match
```

38
docker/twingate/docker-compose.yml Normal file
View file

@ -0,0 +1,38 @@
services:
twingate-famous-alligator:
image: docker.mafyuh.xyz/twingate/connector@sha256:d916c024a0c568442fc4c5a3a081fc9543338a807591a3403b9bec941ed6deeb
container_name: twingate-famous-alligator
restart: always
environment:
- TWINGATE_NETWORK=$TWINGATE_NETWORK
- TWINGATE_ACCESS_TOKEN=$TWINGATE_ACCESS_TOKEN
- TWINGATE_REFRESH_TOKEN=$TWINGATE_REFRESH_TOKEN
- TWINGATE_LABEL_HOSTNAME=${HOSTNAME}
- TWINGATE_LABEL_DEPLOYED_BY=docker
sysctls:
- net.ipv4.ping_group_range=0 2147483647
docker-in-docker:
image: docker:dind
container_name: 'docker_dind'
privileged: 'true'
command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false']
restart: 'unless-stopped'
gitea:
image: 'code.forgejo.org/forgejo/runner:3.5.0'
links:
- docker-in-docker
depends_on:
docker-in-docker:
condition: service_started
container_name: 'runner'
environment:
DOCKER_HOST: tcp://docker-in-docker:2375
# User without root privileges, but with access to `/data`.
user: 1000:1000
volumes:
- /home/mafyuh/data:/data
restart: 'unless-stopped'
command: '/bin/sh -c "sleep 5; forgejo-runner daemon"'

19
docker/whisper/docker-compose.yml Normal file
View file

@ -0,0 +1,19 @@
---
version: "2.1"
services:
whisperasr:
container_name: whisper
image: onerahmet/openai-whisper-asr-webservice:v1.4.1-gpu
environment:
- ASR_MODEL=base.en
- ASR_ENGINE=faster_whisper
ports:
- 9000:9000
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities: [gpu]
restart: unless-stopped

71
terraform/AI.tf Normal file
View file

@ -0,0 +1,71 @@
resource "proxmox_virtual_environment_vm" "AI" {
# VM General Settings
node_name = "pve2"
vm_id = 322
name = "AI"
machine = "q35"
description = "Ollama, Open Webui, mindsdb"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo"]
started = true
agent {
enabled = true
}
clone {
vm_id = 8101
}
# VM CPU Settings
cpu {
cores = 10
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 16384
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "local-lvm"
size = 100
interface = "scsi0"
}
hostpci {
device = "hostpci0"
pcie = true
mapping = "gpu2"
rombar = true
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config2.id
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

18
terraform/README.md Normal file
View file

@ -0,0 +1,18 @@
[![OpenTofu](https://img.shields.io/badge/OpenTofu-v1.7.1-blue)](https://github.com/opentofu/opentofu)
<div align="center">
# IaC-Homelab
Infrastructure as Code (IaC) for my homelab using OpenTofu.
</div>
## Overview
This repository manages the infrastructure for my homelab using OpenTofu and Proxmox.

64
terraform/adguard.tf Normal file
View file

@ -0,0 +1,64 @@
resource "proxmox_virtual_environment_vm" "Adguard" {
# VM General Settings
node_name = "prox"
vm_id = 206
name = "Adguard"
description = "DNS Server"
tags = ["tofu", "ubuntu24", "auto-homelab-repo", "infrastructure"]
agent {
enabled = false # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8002
}
# VM CPU Settings
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 2048
}
# VM Network Settings
network_device {
bridge = "vmbr0"
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 60
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

66
terraform/arrbuntu.tf Normal file
View file

@ -0,0 +1,66 @@
resource "proxmox_virtual_environment_vm" "Arrbuntu" {
# VM General Settings
node_name = "prox"
vm_id = 200
name = "arrbuntu"
description = "arrbuntu"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8000
}
# VM CPU Settings
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 6144
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 120
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = var.arrbuntu_ip_address
gateway = var.vlan_gateway
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

73
terraform/cloud-init.tf Normal file
View file

@ -0,0 +1,73 @@
data "local_file" "ssh_public_key" {
filename = "/home/mafyuh/.ssh/main_key.pub"
}
resource "proxmox_virtual_environment_file" "cloud_config" {
content_type = "snippets"
datastore_id = "Slow4tb"
node_name = "prox"
source_raw {
data = <<-EOF
#cloud-config
users:
- default
- name: mafyuh
groups:
- sudo
- docker
shell: /bin/bash
ssh_authorized_keys:
- ${trimspace(data.local_file.ssh_public_key.content)}
sudo: ALL=(ALL) NOPASSWD:ALL
runcmd:
- apt update
- apt install -y qemu-guest-agent net-tools nfs-common
- timedatectl set-timezone America/New_York
- systemctl enable qemu-guest-agent
- systemctl start qemu-guest-agent
- curl -fsSL https://get.docker.com | sudo sh
- su - mafyuh -c 'git clone https://git.mafyuh.dev/mafyuh/IaC-Homelab.git /home/mafyuh/IaC-Homelab'
- su - mafyuh -c 'git clone https://git.mafyuh.dev/mafyuh/Auto-Homelab.git /home/mafyuh/Auto-Homelab'
- echo "done" > /tmp/cloud-config.done
EOF
file_name = "cloud-config.yaml"
}
}
resource "proxmox_virtual_environment_file" "cloud_config2" {
content_type = "snippets"
datastore_id = "Fast500Gb"
node_name = "pve2"
source_raw {
data = <<-EOF
#cloud-config
users:
- default
- name: mafyuh
groups:
- sudo
- docker
shell: /bin/bash
ssh_authorized_keys:
- ${trimspace(data.local_file.ssh_public_key.content)}
sudo: ALL=(ALL) NOPASSWD:ALL
runcmd:
- apt update
- apt install -y qemu-guest-agent net-tools nfs-common
- timedatectl set-timezone America/New_York
- systemctl enable qemu-guest-agent
- systemctl start qemu-guest-agent
- curl -fsSL https://get.docker.com | sudo sh
- su - mafyuh -c 'git clone https://git.mafyuh.dev/mafyuh/IaC-Homelab.git /home/mafyuh/IaC-Homelab'
- su - mafyuh -c 'git clone https://git.mafyuh.dev/mafyuh/Auto-Homelab.git /home/mafyuh/Auto-Homelab'
- su - mafyuh -c 'git config --global user.name "Mafyuh"'
- su - mafyuh -c 'git config --global user.email "matt@mafyuh.com"'
- echo "done" > /tmp/cloud-config.done
EOF
file_name = "cloud-config.yaml"
}
}

64
terraform/docker-runner.tf Normal file
View file

@ -0,0 +1,64 @@
resource "proxmox_virtual_environment_vm" "Docker-Runner" {
# VM General Settings
node_name = "prox"
vm_id = 209
name = "docker-runner"
description = "docker-runner for forgejo"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8100
}
# VM CPU Settings
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 2048
}
# VM Network Settings
network_device {
bridge = "vmbr0"
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 50
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

64
terraform/docker-runner2.tf Normal file
View file

@ -0,0 +1,64 @@
resource "proxmox_virtual_environment_vm" "Docker-Runner2" {
# VM General Settings
node_name = "prox"
vm_id = 210
name = "docker-runner2"
description = "docker-runner for forgejo"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8100
}
# VM CPU Settings
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 2048
}
# VM Network Settings
network_device {
bridge = "vmbr0"
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 50
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

66
terraform/downloaders.tf Normal file
View file

@ -0,0 +1,66 @@
resource "proxmox_virtual_environment_vm" "Downloaders" {
# VM General Settings
node_name = "prox"
vm_id = 201
name = "Downloaders"
description = "Sab, Qbitty"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8000
}
# VM CPU Settings
cpu {
cores = 3
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 8192
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 260
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = var.downloaders_ip_address
gateway = var.vlan_gateway
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

65
terraform/k3s-master.tf Normal file
View file

@ -0,0 +1,65 @@
resource "proxmox_virtual_environment_vm" "K3s-Master" {
# VM General Settings
node_name = "prox"
vm_id = 300
name = "K3s-Master"
description = "Kubernetes master"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8000
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 8192
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 100
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

65
terraform/k3s-master2.tf Normal file
View file

@ -0,0 +1,65 @@
resource "proxmox_virtual_environment_vm" "K3s-Master2" {
# VM General Settings
node_name = "pve2"
vm_id = 321
name = "K3s-Master2"
description = "Kubernetes Master"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8005
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 8192
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "local-lvm"
size = 100
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

65
terraform/k3s-master3.tf Normal file
View file

@ -0,0 +1,65 @@
resource "proxmox_virtual_environment_vm" "K3s-Master3" {
# VM General Settings
node_name = "prox"
vm_id = 330
name = "K3s-Master3"
description = "Kubernetes master"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8000
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 8192
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 100
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

62
terraform/kasm.tf Normal file
View file

@ -0,0 +1,62 @@
resource "proxmox_virtual_environment_vm" "Kasm" {
# VM General Settings
node_name = "pve2"
vm_id = 333
name = "Kasm"
description = "kasm"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo"]
started = true
agent {
enabled = true
}
clone {
vm_id = 8101
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 4096
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "local-lvm"
size = 100
interface = "scsi0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config2.id
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

64
terraform/nexus.tf Normal file
View file

@ -0,0 +1,64 @@
resource "proxmox_virtual_environment_vm" "Nexus" {
# VM General Settings
node_name = "prox"
vm_id = 205
name = "Nexus"
description = "Docker Registry to limit DockerHub pulls"
tags = ["tofu", "ubuntu24", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8002
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 4096
}
# VM Network Settings
network_device {
bridge = "vmbr0"
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 120
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

66
terraform/npm.tf Normal file
View file

@ -0,0 +1,66 @@
resource "proxmox_virtual_environment_vm" "NPM" {
# VM General Settings
node_name = "prox"
vm_id = 204
name = "Nginx-Proxy-Manager"
description = "Nginx Proxy Manager"
tags = ["tofu", "ubuntu24", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8002
}
# VM CPU Settings
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 2048
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 40
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = var.npm_ip_address
gateway = var.vlan_gateway
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

26
terraform/provider.tf Normal file
View file

@ -0,0 +1,26 @@
terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
version = ">= 0.60.1"
}
}
}
provider "proxmox" {
endpoint = var.virtual_environment_endpoint
password = var.ssh_password
username = "root@pam"
insecure = true
ssh {
agent = true
username = "root"
password = var.ssh_password
node {
name = "prox"
address = var.prox_ip_address
}
}
}

64
terraform/runner.tf Normal file
View file

@ -0,0 +1,64 @@
resource "proxmox_virtual_environment_vm" "Runner" {
# VM General Settings
node_name = "prox"
vm_id = 207
name = "Runner"
description = "Forgejo Runner"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8000
}
# VM CPU Settings
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 2048
}
# VM Network Settings
network_device {
bridge = "vmbr0"
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 60
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

48
terraform/ubuntu22-template.tf Normal file
View file

@ -0,0 +1,48 @@
resource "proxmox_virtual_environment_vm" "Ubuntu-22-Template" {
name = "ubuntu-22"
node_name = "prox"
vm_id = 8100
tags = ["tofu", "ubuntu-22"]
template = true
started = false
disk {
datastore_id = "Fast2Tb"
file_id = proxmox_virtual_environment_download_file.ubuntu_cloud_image_22.id
interface = "scsi0"
size = 4
}
agent {
enabled = true
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
}
serial_device {}
network_device {
bridge = "vmbr0"
}
vga {
type = "serial0"
}
}
resource "proxmox_virtual_environment_download_file" "ubuntu_cloud_image_22" {
content_type = "iso"
datastore_id = "local"
node_name = "prox"
url = "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img"
}

40
terraform/ubuntu22-template2.tf Normal file
View file

@ -0,0 +1,40 @@
resource "proxmox_virtual_environment_vm" "Ubuntu-22-Template2" {
name = "ubuntu-22"
node_name = "pve2"
vm_id = 8101
tags = ["tofu", "ubuntu-22"]
template = true
started = false
disk {
datastore_id = "local-lvm"
file_id = "local:iso/jammy-server-cloudimg-amd64.img"
interface = "scsi0"
size = 4
}
agent {
enabled = true
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config2.id
}
serial_device {}
network_device {
bridge = "vmbr0"
}
vga {
type = "serial0"
}
}

47
terraform/vars.tf Normal file
View file

@ -0,0 +1,47 @@
variable "virtual_environment_endpoint" {
type = string
}
variable "virtual_environment_api" {
type = string
}
variable "arrbuntu_ip_address" {
type = string
}
variable "vlan_gateway" {
type = string
}
variable "downloaders_ip_address" {
type = string
}
variable "whisper_ip_address" {
type = string
}
variable "ssh_password" {
type = string
}
variable "ssh_username" {
type = string
}
variable "prox_ip_address" {
type = string
}
variable "npm_ip_address" {
type = string
}
variable "init_username" {
type = string
}
variable "init_password" {
type = string
}

75
terraform/whisper.tf Normal file
View file

@ -0,0 +1,75 @@
resource "proxmox_virtual_environment_vm" "Whisper" {
# VM General Settings
node_name = "prox"
vm_id = 203
name = "Whisper"
machine = "q35"
description = "Creates subtitles for Bazarr and stable-diffusion"
tags = ["tofu", "ubuntu-22", "auto-homelab-repo"]
started = false
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 8000
}
# VM CPU Settings
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 4096
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 40
interface = "scsi0"
}
vga {
type = "serial0"
}
hostpci {
device = "hostpci0"
pcie = true
mapping = "gpu"
rombar = true
}
initialization {
ip_config {
ipv4 {
address = var.whisper_ip_address
gateway = var.vlan_gateway
}
}
user_account {}
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
]
}
}

46
terraform/windows.tf Normal file
View file

@ -0,0 +1,46 @@
resource "proxmox_virtual_environment_vm" "Windows11" {
name = "windows"
node_name = "pve2"
vm_id = 250
tags = ["tofu"]
started = true
bios = "ovmf"
machine = "q35"
agent {
enabled = true
}
disk {
datastore_id = "Fast500Gb"
interface = "scsi0"
size = 450
}
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
memory {
dedicated = 8192
}
efi_disk {
type = "4m"
}
network_device {
bridge = "vmbr0"
}
tpm_state {
datastore_id = "Fast500Gb"
version = "v2.0"
}
operating_system {
type = "win11"
}
}