diff --git a/.forgejo/workflows/CD.yml b/.forgejo/workflows/CD.yml index 8bb3a22..7bf27e1 100644 --- a/.forgejo/workflows/CD.yml +++ b/.forgejo/workflows/CD.yml @@ -6,7 +6,7 @@ on: jobs: deploy: if: github.event.pull_request.merged == true - runs-on: ubuntu-22.04 + runs-on: docker steps: - name: Checkout repository uses: actions/checkout@v4 @@ -14,15 +14,19 @@ jobs: - name: Fetch all history for git diff run: git fetch --depth=2 + - name: Install jq + run: | + apt-get update && apt-get install -y jq + - name: Detect modified folders id: detect-changes run: | if [ "$(git rev-parse --is-shallow-repository)" = "true" ]; then git fetch --unshallow fi - folders=$(git diff --name-only HEAD~1 HEAD | cut -d/ -f1 | sort | uniq) + folders=$(git diff --name-only HEAD~1 HEAD | grep '^docker/' | cut -d/ -f2 | sort | uniq) echo "Modified folders: $folders" - echo "::set-output name=folders::$folders" + echo "::set-output name=folders::$folders" - name: Deploy to hosts run: | diff --git a/.forgejo/workflows/yamllint.yml b/.forgejo/workflows/yamllint.yml index ce53c2d..908ecba 100644 --- a/.forgejo/workflows/yamllint.yml +++ b/.forgejo/workflows/yamllint.yml @@ -16,7 +16,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: 14 - + - name: Install yamllint run: | npm install -g yaml-lint @@ -27,4 +27,4 @@ jobs: - name: Lint .yml files run: | - yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" ./**/*.yml \ No newline at end of file + yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" docker/**/*.yml \ No newline at end of file diff --git a/README.md b/README.md index e032c68..61d6502 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,10 @@ # iac +Currently migrating [Auto-Homelab](https://git.mafyuh.dev/mafyuh/Auto-Homelab), [Iac-Homelab](https://git.mafyuh.dev/mafyuh/IaC-Homelab), [ansible-playbooks](https://git.mafyuh.dev/mafyuh/ansible-playbooks) and [kub](https://git.mafyuh.dev/mafyuh/kub) repos into this one. + +ToDo +- [ ] Update Readme +- [x] Migrate all containers to use this repo (DB migrations) +- [x] Get OpenTofu migrated to this repo +- [ ] Get Kubernetes repo migrated over +- [ ] Re-bootstrap Flux diff --git a/ansible/playbooks/deploy-docker.yml b/ansible/playbooks/deploy-docker.yml new file mode 100644 index 0000000..728d41d --- /dev/null +++ b/ansible/playbooks/deploy-docker.yml @@ -0,0 +1,33 @@ +--- +- name: Deploy application + hosts: "{{ target_host }}" + vars: + repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}" + tasks: + - name: Ensure the repository is up-to-date + shell: git pull + args: + chdir: "{{ repo_path }}" + register: git_pull_output + + - name: Display git pull output + debug: + var: git_pull_output.stdout_lines + + - name: Restart services + command: docker compose up -d + args: + chdir: "{{ repo_path }}" + register: docker_compose_output + + - name: Display docker output + debug: + var: docker_compose_output.stdout_lines + + - name: Run Docker Command + command: docker ps + register: docker_output + + - name: Display Docker Output + debug: + var: docker_output.stdout_lines diff --git a/docker/AI/docker-compose.yml b/docker/AI/docker-compose.yml index cc0f340..e713044 100644 --- a/docker/AI/docker-compose.yml +++ b/docker/AI/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.8" services: ollama: - image: docker.mafyuh.xyz/ollama/ollama:0.1.45 + image: ollama/ollama:0.3.1 container_name: ollama restart: unless-stopped volumes: @@ -18,7 +18,7 @@ services: capabilities: [gpu] open-webui: - image: ghcr.io/open-webui/open-webui:0.3.5 + image: ghcr.io/open-webui/open-webui:v0.3.10 container_name: open-webui restart: unless-stopped ports: @@ -29,7 +29,7 @@ services: - host.docker.internal:host-gateway mindsdb: - image: docker.mafyuh.xyz/mindsdb/mindsdb:v24.6.3.1 + image: mindsdb/mindsdb:v24.7.5.0 container_name: mindsdb ports: - 47334:47334 diff --git a/docker/README.md b/docker/README.md index 4a6f829..f219485 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,17 +1,15 @@ -[![Yamllint](https://git.mafyuh.dev/mafyuh/Auto-Homelab/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/Auto-Homelab/actions) -[![Yamllint](https://git.mafyuh.dev/mafyuh/Auto-Homelab/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/Auto-Homelab/actions) +[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions) +[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions) [![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions) -[![Pulls](https://git.mafyuh.dev/mafyuh/Auto-Homelab/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/Auto-Homelab/pulls) +[![Pulls](https://git.mafyuh.dev/mafyuh/iac/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/iac/pulls) ![Header Image](https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/header_.png)
-# Auto-Homelab - Homelab docker-compose environment defined in code. Using Forgejo Actions and Renovate bot for CI, AWX Tower and Forgejo Actions for CD. This is how I keep my Homelab UTD.

- Wiki | + Wiki | How to Setup | Blog | Inspiration | @@ -305,8 +303,4 @@ graph TD P --> Q -``` - -## To-Do - -[View Project Board](https://git.mafyuh.dev/mafyuh/Auto-Homelab/projects/1) \ No newline at end of file +``` \ No newline at end of file diff --git a/docker/ag-backup/docker-compose.yml b/docker/ag-backup/docker-compose.yml index f01af6a..1b75373 100644 --- a/docker/ag-backup/docker-compose.yml +++ b/docker/ag-backup/docker-compose.yml @@ -1,7 +1,7 @@ --- services: adguardhome: - image: docker.mafyuh.xyz/adguard/adguardhome:v0.107.51 + image: docker.mafyuh.xyz/adguard/adguardhome:v0.107.52 container_name: adguardhome restart: unless-stopped volumes: diff --git a/docker/ag-main/docker-compose.yml b/docker/ag-main/docker-compose.yml index a1b3c2a..a212357 100644 --- a/docker/ag-main/docker-compose.yml +++ b/docker/ag-main/docker-compose.yml @@ -1,7 +1,7 @@ --- services: adguardhome: - image: docker.mafyuh.xyz/adguard/adguardhome:v0.107.51 + image: docker.mafyuh.xyz/adguard/adguardhome:v0.107.52 container_name: adguardhome restart: unless-stopped volumes: @@ -22,7 +22,7 @@ services: - 5443:5443/udp adguardhome-sync: - image: ghcr.io/linuxserver/adguardhome-sync@sha256:67962a0e15bf1a41e4bc0083d93d7e0268ad6431482c337ef49d5f2673c36c71 + image: ghcr.io/linuxserver/adguardhome-sync@sha256:c6bad810acfc292b9220936751194f6ae9800b1228385ae8f2130fba280b79ee container_name: adguardhome-sync environment: - PUID=1000 diff --git a/docker/arm/docker-compose.yml b/docker/arm/docker-compose.yml index 2c96a42..ec3c28c 100644 --- a/docker/arm/docker-compose.yml +++ b/docker/arm/docker-compose.yml @@ -1,7 +1,7 @@ --- services: server: - image: codeberg.org/forgejo/forgejo:7.0.4 + image: codeberg.org/forgejo/forgejo:8.0.0 container_name: forgejo environment: - USER_UID=1000 @@ -38,7 +38,7 @@ services: - /home/ubuntu/forgejo/mysql:/var/lib/mysql gotify: - image: docker.mafyuh.xyz/gotify/server-arm7:2.4.0 + image: docker.mafyuh.xyz/gotify/server-arm7:2.5.0 container_name: gotify ports: - 9008:80 @@ -53,7 +53,7 @@ services: - gitea_main nginx-proxy-manager: - image: docker.mafyuh.xyz/jc21/nginx-proxy-manager:2.11.2 + image: docker.mafyuh.xyz/jc21/nginx-proxy-manager:2.11.3 container_name: nginx-proxy-manager ports: - 80:80 @@ -107,7 +107,7 @@ services: networks: - gitea_main n8n: - image: ghcr.io/n8n-io/n8n:1.47.0 + image: ghcr.io/n8n-io/n8n:1.52.2 container_name: n8n ports: - 5678:5678 @@ -122,7 +122,7 @@ services: - gitea_main vaultwarden: - image: docker.mafyuh.xyz/vaultwarden/server:1.30.5 + image: docker.mafyuh.xyz/vaultwarden/server:1.31.0 container_name: vaultwarden ports: - 8989:80 @@ -137,7 +137,7 @@ services: ipv4_address: 172.25.0.25 syncthing: - image: ghcr.io/linuxserver/syncthing@sha256:6e70dd0cc0ddb038a8f58cf0945d6659b13c984f11d708407469bf16d520574c + image: ghcr.io/linuxserver/syncthing@sha256:84e9cd99d247d6ef31fc8c1a6967f068a8352a530095bb402bf3bb298aa10696 container_name: syncthing hostname: ARM #optional environment: diff --git a/docker/arrs/docker-compose.yml b/docker/arrs/docker-compose.yml index f0e296c..69bc746 100644 --- a/docker/arrs/docker-compose.yml +++ b/docker/arrs/docker-compose.yml @@ -1,7 +1,7 @@ --- services: bazarr: - image: ghcr.io/linuxserver/bazarr@sha256:6fb83511c0dca70a400fde79cb45ed59c4f66ea30dcba8c6f9274f01d77e5aef + image: ghcr.io/linuxserver/bazarr@sha256:e70de8a714ac57395d45052392001ec433b8f48aa1c204f13dae312cbcbe43af container_name: bazarr ports: - "6767:6767" @@ -15,7 +15,7 @@ services: - PGID=1000 lidarr: - image: ghcr.io/linuxserver/lidarr@sha256:a7d0282dcdbf5b11306cc4054c11b42252106b5e8494375231322822d31ac9f6 + image: ghcr.io/linuxserver/lidarr@sha256:5855582eee07024c2584c01aaf955901303162bf00de183a1fbf2e9b81041695 container_name: lidarr ports: - "8686:8686" @@ -31,7 +31,7 @@ services: - PGID=1000 prowlarr: - image: ghcr.io/linuxserver/prowlarr@sha256:237e9a72c11c5350bf22e355759436ecd4fd660e820d5b556d9a9e436f25f6b9 + image: ghcr.io/linuxserver/prowlarr@sha256:7fe57565907f4f776d43c15b2e020a0e4a62fe1e04e80e25b85a3ae4ca49e5d0 container_name: prowlarr ports: - "9696:9696" @@ -43,7 +43,7 @@ services: - PGID=1000 radarr: - image: ghcr.io/linuxserver/radarr@sha256:40f10a3d826f6c231d338738c3c86bf0d23a9546f20f8b1b504c6c579b79992c + image: ghcr.io/linuxserver/radarr@sha256:9d6f0548fd805edb30108fdd06d0fc5a4436c9bd708b57bd4119d7aefa815fe4 container_name: radarr ports: - "7878:7878" @@ -57,7 +57,7 @@ services: - PGID=1000 sonarr: - image: ghcr.io/linuxserver/sonarr@sha256:275467ba17d990bbc6301dec3cc76b042969836749de39067818759d0f3b407f + image: ghcr.io/linuxserver/sonarr@sha256:fbee5770f688e4f89dd073534feda11251bfde0e0a4e6ac74dd8c33bb856b505 container_name: sonarr ports: - "8989:8989" @@ -91,7 +91,7 @@ services: - AUTH_OIDC_ADMIN_GROUP=${AUTH_OIDC_ADMIN_GROUP} doplarr: - image: ghcr.io/linuxserver/doplarr@sha256:20981fa1a4087d5369b9eaf756ab179352e05fe914b88c36f468ee3cd9a1ce98 + image: ghcr.io/linuxserver/doplarr@sha256:9e1cfedf824d00bb0f269bcb3836b13cdbb74747bef062f9021be6f0f63dde7a container_name: doplarr environment: - PUID=1000 @@ -140,7 +140,7 @@ services: image: gcr.io/cadvisor/cadvisor:v0.49.1 syncthing: - image: ghcr.io/linuxserver/syncthing@sha256:6e70dd0cc0ddb038a8f58cf0945d6659b13c984f11d708407469bf16d520574c + image: ghcr.io/linuxserver/syncthing@sha256:84e9cd99d247d6ef31fc8c1a6967f068a8352a530095bb402bf3bb298aa10696 container_name: syncthing hostname: ARRS environment: @@ -157,6 +157,21 @@ services: - 21027:21027/udp restart: unless-stopped + code-server: + image: ghcr.io/linuxserver/code-server@sha256:1eb6671a1bc500028e1d7a44eccbfdffbb2d802840c6d7f9e83cc87e1003da94 + container_name: code-server + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - SUDO_PASSWORD=$SUDO_PASSWORD + - PROXY_DOMAIN=$PROXY_DOMAIN + volumes: + - /docker/appdata/code-server/config:/config + ports: + - 8443:8443 + restart: unless-stopped + networks: default: name: arrs_default diff --git a/docker/authentik/docker-compose.yml b/docker/authentik/docker-compose.yml index 45590e2..e70cf5b 100644 --- a/docker/authentik/docker-compose.yml +++ b/docker/authentik/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.4" services: postgresql: - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:16-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] @@ -32,7 +32,7 @@ services: volumes: - redis:/data server: - image: ghcr.io/goauthentik/server@sha256:a2e592a08eb3c9e3435aa4e6585d60cc1eb54850da9d1498d56a131bbfbe03ff + image: ghcr.io/goauthentik/server@sha256:a98f95518269d01bb812eb0e12c6647f3d08a36e37b9fdbdccf9345d4431b9f0 restart: unless-stopped command: server environment: @@ -53,7 +53,7 @@ services: - postgresql - redis worker: - image: ghcr.io/goauthentik/server@sha256:a2e592a08eb3c9e3435aa4e6585d60cc1eb54850da9d1498d56a131bbfbe03ff + image: ghcr.io/goauthentik/server@sha256:a98f95518269d01bb812eb0e12c6647f3d08a36e37b9fdbdccf9345d4431b9f0 restart: unless-stopped command: worker environment: @@ -79,15 +79,6 @@ services: depends_on: - postgresql - redis - authentik_ldap: - image: ghcr.io/goauthentik/ldap@sha256:7f317da9b736dec3e53b71b7face1787d4f15aee00e80d003e5ff3b2d49ee382 - ports: - - 389:3389 - - 636:6636 - environment: - AUTHENTIK_HOST: ${AUTH_HOST} - AUTHENTIK_INSECURE: "true" - AUTHENTIK_TOKEN: ${AUTH_TOKEN} volumes: database: diff --git a/docker/docker-runner/docker-compose.yml b/docker/docker-runner/docker-compose.yml new file mode 100644 index 0000000..7a76451 --- /dev/null +++ b/docker/docker-runner/docker-compose.yml @@ -0,0 +1,26 @@ +--- +services: + docker-in-docker: + image: docker:dind + container_name: 'docker_dind' + privileged: 'true' + command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false'] + restart: 'unless-stopped' + + gitea: + image: 'code.forgejo.org/forgejo/runner:3.5.0' + links: + - docker-in-docker + depends_on: + docker-in-docker: + condition: service_started + container_name: 'runner' + environment: + DOCKER_HOST: tcp://docker-in-docker:2375 + # User without root privileges, but with access to `/data`. + user: 1000:1000 + volumes: + - /home/mafyuh/data:/data + restart: 'unless-stopped' + + command: '/bin/sh -c "sleep 5; forgejo-runner daemon"' diff --git a/docker/downloaders/docker-compose.yml b/docker/downloaders/docker-compose.yml index 479bc9f..beef2a5 100644 --- a/docker/downloaders/docker-compose.yml +++ b/docker/downloaders/docker-compose.yml @@ -1,7 +1,7 @@ version: '3.9' services: sabnzbd: - image: ghcr.io/linuxserver/sabnzbd@sha256:4fb40ea724abc25cf9496cdbc8e528aa0882132737e49c5e712c264284fa7b94 + image: ghcr.io/linuxserver/sabnzbd@sha256:d6a2a967d47b495c5342bc23de76d35eeb2f3ceb53c7be51885ad25f95dffe9b container_name: sabnzbd environment: - PUID=1000 @@ -32,7 +32,7 @@ services: - VPN_USER=mafyuh+pmp - VPN_PASS= - STRICT_PORT_FORWARD=yes - - LAN_NETWORK=10.0.0.0/24,10.69.69.0/24 + - LAN_NETWORK=$LAN_NETWORK - ENABLE_PRIVOXY=yes - PUID=1000 - PGID=1000 @@ -48,7 +48,7 @@ services: restart: unless-stopped flaresolverr: - image: ghcr.io/flaresolverr/flaresolverr:v3.3.20 + image: ghcr.io/flaresolverr/flaresolverr:v3.3.21 container_name: flaresolverr ports: - '8191:8191' @@ -72,7 +72,7 @@ services: image: gcr.io/cadvisor/cadvisor:v0.49.1 node-exporter: - image: docker.mafyuh.xyz/prom/node-exporter:v1.8.1 + image: docker.mafyuh.xyz/prom/node-exporter:v1.8.2 container_name: monitoring_node_exporter restart: unless-stopped ports: diff --git a/docker/jellyfin/docker-compose.yml b/docker/jellyfin/docker-compose.yml index 0a09270..737a23c 100644 --- a/docker/jellyfin/docker-compose.yml +++ b/docker/jellyfin/docker-compose.yml @@ -1,7 +1,7 @@ --- services: jellyfin: - image: ghcr.io/linuxserver/jellyfin@sha256:a363aa018edee61bcee46be5f8dbd0db2a317b2bc0f95121a46e522d798c2a63 + image: ghcr.io/linuxserver/jellyfin@sha256:eadf16cadd823a5cbe1b92750ee74111f9b2cac894834477ab4a43a5fc835ebe container_name: jellyfin devices: - /dev/dri/renderD129:/dev/dri/renderD129 @@ -13,6 +13,7 @@ services: volumes: - /home/mafyuh/jellyfin/config:/config - /mnt/thePoolShare/Media:/Media + - /mnt/thePoolShare/Media/Youtube:/Media/Youtube:ro - /home/mafyuh/jellyfin/transcodes:/transcodes - /home/mafyuh/jellyfin/cache:/nvmecache - /home/mafyuh/jellyfin/metadata:/nvmemetadata @@ -34,7 +35,7 @@ services: privileged: true syncthing: - image: ghcr.io/linuxserver/syncthing@sha256:6e70dd0cc0ddb038a8f58cf0945d6659b13c984f11d708407469bf16d520574c + image: ghcr.io/linuxserver/syncthing@sha256:84e9cd99d247d6ef31fc8c1a6967f068a8352a530095bb402bf3bb298aa10696 container_name: syncthing hostname: JF environment: diff --git a/docker/netboot/docker-compose.yml b/docker/netboot/docker-compose.yml index 814738f..bd30952 100644 --- a/docker/netboot/docker-compose.yml +++ b/docker/netboot/docker-compose.yml @@ -1,7 +1,7 @@ --- services: netbootxyz: - image: ghcr.io/linuxserver/netbootxyz@sha256:dce6b2c729611f1090f2e6479b764d98aef24cc340d018d923fa6678fcbf330e + image: ghcr.io/linuxserver/netbootxyz@sha256:3e7af245944519374e7e01422024f3b5baf67fa252ec92390fee1d57cd6cc1f6 container_name: netboot environment: - PUID=1000 diff --git a/docker/nexus/docker-compose.yml b/docker/nexus/docker-compose.yml index a09a185..cc6c84d 100644 --- a/docker/nexus/docker-compose.yml +++ b/docker/nexus/docker-compose.yml @@ -1,7 +1,7 @@ --- services: nexus: - image: docker.mafyuh.xyz/sonatype/nexus3:3.69.0 + image: docker.mafyuh.xyz/sonatype/nexus3:3.70.1 container_name: nexus restart: unless-stopped ports: diff --git a/docker/pages/docker-compose.yml b/docker/pages/docker-compose.yml deleted file mode 100644 index 7e7aec4..0000000 --- a/docker/pages/docker-compose.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -services: - pages: - image: codeberg.org/codeberg/pages-server:v5.1 - container_name: codeberg-pages - environment: - - GITEA_ROOT=https://git.mafyuh.dev - - GITEA_API_TOKEN=$GITEA_API_TOKEN - - ACME_ACCEPT_TERMS=true - - CLOUDFLARE_EMAIL=$CLOUDFLARE_EMAIL - - CLOUDFLARE_API_KEY=$CLOUDFLARE_API_KEY - - DNS_PROVIDER=cloudflare - - PAGES_DOMAIN=mafyuh.co - - CF_ZONE_API_TOKEN=$CF_ZONE_API_TOKEN - - CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN - - ENABLE_HTTP_SERVER=false - ports: - - "80:80" - - "443:443" - volumes: - - /home/ubuntu/pages/datanew:/data diff --git a/docker/runner/docker-compose.yml b/docker/runner/docker-compose.yml new file mode 100644 index 0000000..7a76451 --- /dev/null +++ b/docker/runner/docker-compose.yml @@ -0,0 +1,26 @@ +--- +services: + docker-in-docker: + image: docker:dind + container_name: 'docker_dind' + privileged: 'true' + command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false'] + restart: 'unless-stopped' + + gitea: + image: 'code.forgejo.org/forgejo/runner:3.5.0' + links: + - docker-in-docker + depends_on: + docker-in-docker: + condition: service_started + container_name: 'runner' + environment: + DOCKER_HOST: tcp://docker-in-docker:2375 + # User without root privileges, but with access to `/data`. + user: 1000:1000 + volumes: + - /home/mafyuh/data:/data + restart: 'unless-stopped' + + command: '/bin/sh -c "sleep 5; forgejo-runner daemon"' diff --git a/docker/whisper/docker-compose.yml b/docker/whisper/docker-compose.yml index 85abecd..4718ba1 100644 --- a/docker/whisper/docker-compose.yml +++ b/docker/whisper/docker-compose.yml @@ -3,7 +3,7 @@ version: "2.1" services: whisperasr: container_name: whisper - image: onerahmet/openai-whisper-asr-webservice:v1.4.1-gpu + image: onerahmet/openai-whisper-asr-webservice:v1.5.0-gpu environment: - ASR_MODEL=base.en - ASR_ENGINE=faster_whisper diff --git a/terraform/README.md b/terraform/README.md index 9516ef2..8239517 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -3,7 +3,7 @@

-# IaC-Homelab +# IaC Infrastructure as Code (IaC) for my homelab using OpenTofu.