From 8b720d1ff8bef4b45b5bee32a7c9f29745ef9f1c Mon Sep 17 00:00:00 2001 From: bart Date: Mon, 2 Dec 2024 18:52:31 -0600 Subject: [PATCH] initial+current state of the server --- config.scm | 78 +++++++++++++++++++ docker-compose.yml | 183 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 261 insertions(+) create mode 100644 config.scm create mode 100644 docker-compose.yml diff --git a/config.scm b/config.scm new file mode 100644 index 0000000..c6f028b --- /dev/null +++ b/config.scm @@ -0,0 +1,78 @@ +;; Indicate which modules to import to access the variables +;; used in this configuration. +(use-modules (gnu)) +(use-service-modules cups desktop networking ssh xorg docker dbus) + +(operating-system + (locale "en_US.utf8") + (timezone "America/Chicago") + (keyboard-layout (keyboard-layout "us")) + (host-name "excellon") + + ;; The list of user accounts ('root' is implicit). + (users + (cons* (user-account + (name "bartronx7") + (comment "bartronx7") + (group "users") + (home-directory "/home/bartronx7") + (supplementary-groups '("wheel" "netdev" "audio" "video" "www-data" "docker"))) + %base-user-accounts)) + + ;; Below is the list of system services. To search for available + ;; services, run 'guix system search KEYWORD' in a terminal. + (services + (append (list + ;; To configure OpenSSH, pass an 'openssh-configuration' + ;; record as a second argument to 'service' below. + (service openssh-service-type) + (service dhcp-client-service-type) + (service ntp-service-type) + (service elogind-service-type + (elogind-configuration (handle-suspend-key 'ignore))) + (service dbus-root-service-type) + (service containerd-service-type) + (service docker-service-type (docker-configuration + (environment-variables (list + "TMPDIR=/tmp/dockerd"))))) + + ;; This is the default list of services we + ;; are appending to. + %base-services)) + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets (list "/dev/sda")) + (keyboard-layout keyboard-layout))) + + ;; The devices that make up the luks "docs" labelled filesystem + (mapped-devices + (list (mapped-device + (source (uuid "cf6bafca-b225-46ca-8dfc-b82fb6ab5560")) + (target "doc1") + (type luks-device-mapping)) + (mapped-device + (source (uuid "05f833fb-1c68-4453-9df5-68a454f59845")) + (target "doc2") + (type luks-device-mapping)))) + + ;; The list of file systems that get "mounted". The unique + ;; file system identifiers there ("UUIDs") can be obtained + ;; by running 'blkid' in a terminal. + (file-systems + (cons* (file-system + (mount-point "/") + (device (file-system-label "guixos")) + (type "btrfs")) + + (file-system + (mount-point "/data") + (device (file-system-label "datapool")) + (type "btrfs")) + + (file-system + (mount-point "/docs") + (device "/dev/mapper/doc1") + (type "btrfs")) + + %base-file-systems))) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..5c79268 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,183 @@ +version: '3' + +services: + traefik: + image: traefik:v3.2 + container_name: traefik + command: + # - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entryPoints.web.address=:80" + - "--entryPoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email=barton@akeley.tech" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - "80:80" + - "443:443" + - "8080:8080" + volumes: + - "/data/docker/volumes/letsencrypt:/letsencrypt:rw" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.api.rule=Host(`traefik.akeley.tech`)' + - 'traefik.http.routers.api.entryPoints=https' + - 'traefik.http.routers.api.tls=true' + - 'traefik.http.routers.api.service=api@internal' + - 'traefik.http.routers.api.middlewares=authelia@docker' + + pktriot: + image: packetriot/pktriot:latest + container_name: pktriot + restart: unless-stopped + volumes: + - /data/docker/volumes/pktriot:/data:rw + + mariadb: + image: mariadb:10.6 + container_name: mariadb + restart: always + command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW + volumes: + - /data/docker/volumes/mariadb:/var/lib/mysql:rw + environment: + - MYSQL_ROOT_PASSWORD=fji9_+jK12dEW + - MYSQL_PASSWORD=Z67dJ0rKBSU74ZwvqIsd + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + + nextcloud: + image: nextcloud + container_name: nextcloud + restart: always + ports: + - 8088:80 + links: + - mariadb + volumes: + - /data/docker/volumes/nextcloud:/var/www/html + - /data:/data:rw + - /docs/documents:/documents:rw + environment: + - MYSQL_PASSWORD=Z67dJ0rKBSU74ZwvqIsd + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_HOST=mariadb + labels: + - traefik.enable=true + - traefik.http.routers.nextcloud.entrypoints=web,websecure + - traefik.http.routers.nextcloud.rule=Host(`nextcloud.akeley.tech`) + - traefik.http.routers.nextcloud.tls=true + - traefik.http.routers.nextcloud.tls.certresolver=myresolver + + plex: + image: plexinc/pms-docker + container_name: plex + init: true + hostname: excellon + restart: always + ports: + - 32400:32400 + - 8324:8324 + - 32469:32469 + - 1900:1900 + - 32410:32410 + - 32412:32412 + - 32413:32413 + - 32414:32414 + environment: + TZ: "America/Chicago" + PLEX_CLAIM: "claim-7-N1LVT5AMco6ayhy4Tm" + ADVERTISE_IP: "http://192.168.1.3:32400/" + volumes: + - /data/docker/volumes/plex/config:/config + - /data/docker/volumes/plex/transcode:/transcode + - /data:/data:rw + + forgejo: + image: codeberg.org/forgejo/forgejo:9 + container_name: forgejo + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + volumes: + - /data/docker/volumes/forgejo:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - '3000:3000' + - '222:22' + depends_on: + - postgres + + postgres: + image: postgres:14 + restart: always + environment: + - POSTGRES_USER=forgejo + - POSTGRES_PASSWORD=forgejo + - POSTGRES_DB=forgejo + volumes: + - /data/docker/volumes/postgres:/var/lib/postgresql/data + + # whoami: + # image: "traefik/whoami" + # container_name: whoami + # labels: + # - "traefik.enable=true" + # - "traefik.http.routers.whoami.rule=Host(`whoami.akeley.tech`)" + # - "traefik.http.routers.whoami.entrypoints=web,websecure" + # - "traefik.http.routers.whoami.tls.certresolver=myresolver" + + # authelia: + # container_name: 'authelia' + # image: 'authelia/authelia' + # restart: 'unless-stopped' + # expose: + # - 9091 + # volumes: + # - './authelia/config:/config' + # environment: + # TZ: "America/Chicago" + # labels: + # - 'traefik.enable=true' + # - 'traefik.http.routers.authelia.rule=Host(`auth.akeley.tech`)' + # - 'traefik.http.routers.authelia.entryPoints=https' + # - 'traefik.http.routers.authelia.tls=true' + # - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth' + # ## The following commented line is for configuring the Authelia URL in the proxy. We strongly suggest this is + # ## configured in the Session Cookies section of the Authelia configuration. + # # - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.example.com%2F' + # - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true' + # - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name' + + + # nextcloud: + # image: nextcloud/all-in-one:latest + # container_name: nextcloud-aio-mastercontainer + # init: true + # volumes: + # - /var/run/docker.sock:/var/run/docker.sock + # - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + # - /data:/data:rw + # - /docs/documents:/documents:rw + # ports: + # - 8088:8080 + # environment: + # - APACHE_PORT=11000 + # - APACHE_IP_BINDING=127.0.0.1 + # - NEXTCLOUD_DATADIR=/data/nextcloud + # - AIO_DISABLE_BACKUP_SECTION=true + # - SKIP_DOMAIN_VALIDATION=true + # labels: + # - traefik.enable=true + # - traefik.http.routers.nextcloud.entrypoints=web,websecure + # - traefik.http.routers.nextcloud.rule=Host(`nextcloud.akeley.tech`) + # - traefik.http.routers.nextcloud.tls=true + # - traefik.http.routers.nextcloud.tls.certresolver=myresolver