Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
Infrastructure
Open source, decentralized and self-hosted infrastructure for many services.
About
It uses caddy and docker-compose to run my services (And many other things). It's a work in progress, and I'm still learning a lot about it. If you have any questions or suggestions, feel free to open an issue or a pull request.
Features
- caddy 2 HTTP/S reverse proxy
- Docker / docker-compose
- Wordpress (Via FASTCGI/caddy)
- Jellyfin (Media server)
- Gitea (Git server)
- Uptime Kuma (Monitoring)
- qbittorrent and transmission (Torrent client/server)
- SyncThing (File synchronization)
- PsiTransfer, ProjectSend, Picoshare (File sharing)
- it-tools (Tools for IT)
- Privatebin (Pastebin)
- Yacht (Web interface for managing docker containers)
- Integrate games (Satisfactory, 7 days to die, Minecraft...)
Architecture
Screenshots
The homepage is a dashboard with many widgets and services.
Installation and configuration
Requirements
To avoid get rate limit from letsencrypt (10 certificates per 3 hours), you need to disable some certificates in the caddyfiles and enable them 3h later...
Clone
Clone this repository to your local machine using:
git clone --recurse-submodules --remote-submodules https://github.com/bensuperpc/infrastructure.git
Go to the folder
cd infrastructure
Configure the domain
For all bensuperpc.org, you need to replace it with your domain, example: mydomain.com, so the same for bensuperpc.com ect...
find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/mydomain.com/g'
Check if all bensuperpc.* are replaced by your domain in Caddyfile
And then, caddy will generate the certificate for you and renew it automatically :D
Domain name | Type | Description |
---|---|---|
bensuperpc.org | Main | Redirect to www.bensuperpc.org |
www.bensuperpc.org | Main | Homepage |
wordpress.bensuperpc.org | Sub | Wordpress website |
adminer.bensuperpc.org | Sub | Adminer for MariaDB for wordpress only |
uptimekuma.bensuperpc.org | Sub | Uptime Kuma for monitoring |
qbittorrent.bensuperpc.org | Sub | Torrent client/server |
transmission.bensuperpc.org | Sub | Torrent client/server |
git.bensuperpc.org | Sub | Gitea for git |
link.bensuperpc.org | Sub | For link shortener |
jellyfin.bensuperpc.org | Sub | Jellyfin for media server |
syncthing.bensuperpc.org | Sub | SyncThing for file synchronization |
psitransfer.bensuperpc.org | Sub | PsiTransfer for file sharing |
it-tools.bensuperpc.org | Sub | Tools for IT |
privatebin.bensuperpc.org | Sub | Pastebin |
yacht.bensuperpc.org | Sub | Web interface for managing docker containers |
projectsend.bensuperpc.org | Sub | ProjectSend for file sharing |
picoshare.bensuperpc.org | Sub | Picoshare for file sharing |
dufs.bensuperpc.org | Sub | Dufs for file sharing |
bensuperpc.com | Main | Redirect to www.bensuperpc.org |
bensuperpc.fr | Main | Redirect to www.bensuperpc.org |
bensuperpc.net | Main | Redirect to www.bensuperpc.org |
bensuperpc.ovh | Main | Redirect to www.bensuperpc.org |
Configure the infrastructure
You need to configure the infrastructure with your own configuration.
You can generate a password with 32 characters:
openssl rand -base64 32
Or online: passwordsgenerator.net
For caddy_backup.env file, you need to change the password(s) for the restic backup.
RESTIC_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
For the wordpress.env file, you need to change the password and user for the database.
WORDPRESS_DB_USER=bensuperpc
WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
For wordpress_db.env file, you need to change the password(s) and user for the database.
MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
For wordpress_backup.env file, you need to change the password(s) for the restic backup.
RESTIC_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
For adminer.env file, you need to change the password(s) and user for the database.
MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
For gitea.env file, you need to change the password(s) and user for the database.
GITEA__database__USER=bensuperpc
GITEA__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
GITEA__security__SECRET_KEY=ykcZt23an1E4lFHWvrCKdAyt16WAiK9c
For gitea_db.env file, you need to change the password(s) and user for the database.
MARIADB_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
For psitransfer.env file, you need to change the secret key.
PSITRANSFER_ADMIN_PASS=n9jLVNT9QUotTJTT91JqH4GyBTg9pvEn
For yacht.env file, you need to change the secret key.
SECRET_KEY=UZvg9nbcGIJlPEB3uI39TAEWyFOz9nm8
For projectsend_db.env file, you need to change the password(s) and user for the database.
MARIADB_ROOT_PASSWORD=8O34297GrBfT3Ld34Lfg9mpotmZwbJtt
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=wdSUa1JEZhXie5AJ5NcX1w73xmpO12EY
For picoshare.env file, you need to change the secret key.
PS_SHARED_SECRET=CBuS4DJLqIe93xF1KGYRrnhxUFBqLD2n
For dufs.env file, you need to change the secret key and if you want the user name.
DUFS_AUTH="admin:heqihlOfBmJDESGFlpbPi7P7Mi6F7RkV@/:rw|@/:ro"
For stirlingpdf.env file, it's completly optional, you can change the password(s) and user.
# Enable security, optional
DOCKER_ENABLE_SECURITY=true
SECURITY_ENABLE_LOGIN=true
# Can be disabled after initial login, optional,
# default it admin:stirling
SECURITY_INITIALLOGIN_USERNAME=admin
SECURITY_INITIALLOGIN_PASSWORD=Jw9U039f5xc2mFcacvGvPD9RjwIh4DzO
You can need to add/change the public ssh key id_ed25519.pub (its my public key), also change the config/password in openssh.env:
SUDO_ACCESS=true
#PUBLIC_KEY_URL=https://github.com/bensuperpc.keys
PUBLIC_KEY_DIR=/authorized_ssh_keys
USER_PASSWORD=rdUwf36C11PLmpU9Lvq7tP5pfFBKAuCh
#PUBLIC_KEY=yourpublickey
#PUBLIC_KEY_FILE=/path/to/file
#PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys
#USER_PASSWORD_FILE=/path/to/file
Start the infrastructure
Start the website with:
make start-at
Stop the website with (or CTRL+C with the previous command):
make stop
Remove countainers with:
make down
You can disable some services by removing the service name in PROFILES variable in the Makefile file.
To enable the gitea CI: https://medium.com/@lokanx/how-to-build-docker-containers-using-gitea-runners-600729555e07
Homepage
You can change the homepage config in these files:
Docker volumes
This infrastructure uses docker volumes to store data, all configuration/data for each service are not shared between services for security and maintenance reasons, but public_data and private_data are shared between all services to store your data.
Volume name | Description |
---|---|
public_data | Public data reachable on internet via dufs.bensuperpc.org, can be disabled. |
private_data | Private data |
SSH access
The default port for ssh/rsync is is 2222.
You can access to the server with:
ssh -p 2222 admin@bensuperpc.org
Sources
- Wordpress
- Gnu Make
- Github API
- Github Actions
- Docker
- Docker Compose
- Docker Hub
- How To Start WordPress with Caddy using Docker Compose
- Digital Ocean - How To Install WordPress with Docker Compose (nginx)
- Imagisphe
- Letsencrypt
- Caddy
- Adminer
- Uptime Kuma
- qbittorrent
- Transmission
- Gitea
- Jellyfin
- SyncThing
- PsiTransfer
- It-tools
- Privatebin
- ghost
- Homepage Tuto
- Yacht
- ProjectSend
- Picoshare
- Dufs
- Fix docker volume