diff --git a/compose_files/Caddyfile b/compose_files/Caddyfile deleted file mode 100644 index 83f25c1..0000000 --- a/compose_files/Caddyfile +++ /dev/null @@ -1,28 +0,0 @@ -# Caddyfile -# Place this at /etc/caddy/Caddyfile on the caddy instance. -# Caddy will automatically obtain and renew TLS certificates via Let's Encrypt. - -# erda-reader -reader.erdaverse.com { - handle /api/* { - reverse_proxy erda-reader-backend:8000 - } - handle { - reverse_proxy erda-reader-frontend:3000 - } -} - -# FusionAuth -auth.erdaverse.com { - reverse_proxy fusionauth:9011 -} - -# n8n -n8n.erdaverse.com { - reverse_proxy n8n:5678 -} - -# NATS WebSocket -nats.erdaverse.com { - reverse_proxy nats:8080 -} diff --git a/compose_files/files.zip b/compose_files/files.zip deleted file mode 100644 index bf5fb4b..0000000 Binary files a/compose_files/files.zip and /dev/null differ diff --git a/compose_files/nats.conf b/compose_files/nats.conf deleted file mode 100644 index 5dfa965..0000000 --- a/compose_files/nats.conf +++ /dev/null @@ -1,15 +0,0 @@ -listen: 0.0.0.0:4222 - -jetstream { - store_dir: /data -} - -websocket { - listen: "0.0.0.0:8080" - no_tls: true - authorization { - token: "LKD0knyFLTBpxW9Tq9eTgLiTYJOzNlyxAHLLb3Th" - } -} - -http: 0.0.0.0:8222 diff --git a/compose_files/nats.yml b/compose_files/nats.yml deleted file mode 100644 index 8000b58..0000000 --- a/compose_files/nats.yml +++ /dev/null @@ -1,33 +0,0 @@ -version: "3.8" - -services: - nats: - image: nats:latest - command: ["-c", "/etc/nats/nats.conf"] - configs: - - source: nats_conf - target: /etc/nats/nats.conf - volumes: - - nats_data:/data - networks: - - erda-net - deploy: - replicas: 1 - placement: - constraints: - - node.hostname == ip-10-0-1-168 - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - -configs: - nats_conf: - file: ./nats.conf - -volumes: - nats_data: - -networks: - erda-net: - external: true diff --git a/compose_files/postgres-init/01-init.sh b/compose_files/postgres-init/01-init.sh deleted file mode 100755 index 65030c2..0000000 --- a/compose_files/postgres-init/01-init.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -set -e - -FUSIONAUTH_PASS=$(cat /run/secrets/fusionauth_db_password) -N8N_PASS=$(cat /run/secrets/n8n_db_password) -APP_PASS=$(cat /run/secrets/app_db_password) - -psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL - CREATE USER fusionauth_user WITH PASSWORD '$FUSIONAUTH_PASS'; - CREATE DATABASE fusionauth_db OWNER fusionauth_user; - GRANT ALL PRIVILEGES ON DATABASE fusionauth_db TO fusionauth_user; - - CREATE USER n8n_user WITH PASSWORD '$N8N_PASS'; - CREATE DATABASE n8n_db OWNER n8n_user; - GRANT ALL PRIVILEGES ON DATABASE n8n_db TO n8n_user; - - CREATE USER erda_reader_user WITH PASSWORD '$APP_PASS'; - CREATE DATABASE erda_reader_db OWNER erda_reader_user; - GRANT ALL PRIVILEGES ON DATABASE erda_reader_db TO erda_reader_user; -EOSQL diff --git a/compose_files/postgres.yml b/compose_files/postgres.yml deleted file mode 100644 index 8b8b73d..0000000 --- a/compose_files/postgres.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: '3.8' - -services: - postgres: - image: postgres:16 - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password - volumes: - - postgres_data:/var/lib/postgresql/data - - /etc/postgres-init:/docker-entrypoint-initdb.d - networks: - - erda-net - secrets: - - postgres_password - - fusionauth_db_password - - n8n_db_password - - app_db_password - deploy: - replicas: 1 - placement: - constraints: - - node.hostname == ip-10-0-1-173 - restart_policy: - condition: on-failure - delay: 5s - max_attempts: 3 - -volumes: - postgres_data: - -networks: - erda-net: - external: true - -secrets: - postgres_password: - external: true - fusionauth_db_password: - external: true - n8n_db_password: - external: true - app_db_password: - external: true diff --git a/proxmox/services/game-interfaces b/proxmox/services/game-interfaces new file mode 100644 index 0000000..10f489f --- /dev/null +++ b/proxmox/services/game-interfaces @@ -0,0 +1,51 @@ +auto lo +iface lo inet loopback + +iface nic0 inet manual + +iface nic1 inet manual + +iface wlp7s0 inet manual + +auto vmbr0 +iface vmbr0 inet static + address 192.168.40.109/24 + gateway 192.168.40.1 + bridge-ports nic0 + bridge-stp off + bridge-fd 0 + post-up ip link add vxlan10 type vxlan id 10 local 192.168.40.109 dstport 4790 || true + post-up bridge fdb append 00:00:00:00:00:00 dev vxlan10 dst 192.168.40.198 || true + post-up bridge fdb append 00:00:00:00:00:00 dev vxlan10 dst 192.168.40.150 || true + post-up ip link set vxlan10 up || true + +auto vmbr1 +iface vmbr1 inet static + address 10.10.10.172/24 + bridge-ports none + bridge-stp off + bridge-fd 0 + post-up brctl addif vmbr1 vxlan10 || true + +auto vmbr2 +iface vmbr2 inet manual + bridge-ports none + bridge-stp off + bridge-fd 0 +#openwrt me + +auto vmbr3 +iface vmbr3 inet manual + bridge-ports none + bridge-stp off + bridge-fd 0 +#openwrt donna + +auto vmbr4 +iface vmbr4 inet manual + bridge-ports none + bridge-stp off + bridge-fd 0 +#openwrt IoT + +source /etc/network/interfaces.d/* diff --git a/services/authentik.yml b/services/authentik.yml new file mode 100644 index 0000000..e01bb44 --- /dev/null +++ b/services/authentik.yml @@ -0,0 +1,74 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c authentik.yml authentik +# +# Runs on: docker-swarm-1 +# Authentik server + worker, using the shared postgres stack. +# No Redis required as of 2026.2.x. +# Initial setup wizard at http://:9000/if/flow/initial-setup/ + +services: + server: + image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2026.2.1} + command: server + environment: + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + AUTHENTIK_POSTGRESQL__HOST: postgres_postgres + AUTHENTIK_POSTGRESQL__PORT: 5432 + AUTHENTIK_POSTGRESQL__NAME: authentik_db + AUTHENTIK_POSTGRESQL__USER: authentik_user + AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} + ports: + - "9000:9000" + - "9443:9443" + volumes: + - authentik_media:/media + - authentik_templates:/templates + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-tools + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + + worker: + image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2026.2.1} + command: worker + environment: + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + AUTHENTIK_POSTGRESQL__HOST: postgres_postgres + AUTHENTIK_POSTGRESQL__PORT: 5432 + AUTHENTIK_POSTGRESQL__NAME: authentik_db + AUTHENTIK_POSTGRESQL__USER: authentik_user + AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} + volumes: + - authentik_media:/media + - authentik_templates:/templates + - authentik_certs:/certs + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-tools + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + authentik_media: + authentik_templates: + authentik_certs: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/compose_files/caddy.yml b/services/caddy.yml similarity index 91% rename from compose_files/caddy.yml rename to services/caddy.yml index 7cc62d7..1c0b3d7 100644 --- a/compose_files/caddy.yml +++ b/services/caddy.yml @@ -19,7 +19,7 @@ services: - caddy_data:/data - caddy_config:/config networks: - - erda-net + - overlay-net deploy: replicas: 1 placement: @@ -35,5 +35,6 @@ volumes: caddy_config: networks: - erda-net: + overlay-net: external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/compose_files/fusionauth.yml b/services/fusionauth.yml similarity index 74% rename from compose_files/fusionauth.yml rename to services/fusionauth.yml index d44a921..7bd8c9f 100644 --- a/compose_files/fusionauth.yml +++ b/services/fusionauth.yml @@ -1,14 +1,11 @@ version: '3.8' # Deploy with: -# export POSTGRES_PASSWORD='...' FUSIONAUTH_DB_PASSWORD='...' -# sudo -E docker stack deploy -c fusionauth.yml fusionauth -# -# Passwords sourced from AWS Secrets Manager (swarm_infra_secrets) +# docker stack deploy -c fusionauth.yml fusionauth # # Runs on: CADDY_INSTANCE (ip-10-0-1-168) # FusionAuth is Java-based and memory hungry — deployed on caddy node (t3.large, 8GB) -# Accessible publicly via Caddy reverse proxy at auth.erdaverse.com +# Accessible publicly via Caddy reverse proxy at auth.yourdomain.com services: fusionauth: @@ -23,7 +20,7 @@ services: FUSIONAUTH_APP_RUNTIME_MODE: production SEARCH_TYPE: database networks: - - erda-net + - overlay-net deploy: replicas: 1 placement: @@ -35,5 +32,6 @@ services: max_attempts: 3 networks: - erda-net: + overlay-net: external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/services/ghost.yml b/services/ghost.yml new file mode 100644 index 0000000..4388f94 --- /dev/null +++ b/services/ghost.yml @@ -0,0 +1,99 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c ghost.yml ghost +# +# Runs on: adder-ghost +# Three Ghost blog instances, each with its own port and MariaDB database. +# Ghost 1: port 2368, Ghost 2: port 2369, Ghost 3: port 2370 + +services: + ghost1: + image: ghost:5-alpine + environment: + database__client: mysql + database__connection__host: mariadb_mariadb + database__connection__port: 3306 + database__connection__user: ghost1_user + database__connection__password: ${GHOST1_DB_PASSWORD} + database__connection__database: ghost1_db + url: ${GHOST1_URL:-http://localhost:2368} + ports: + - "2368:2368" + volumes: + - ghost1_data:/var/lib/ghost/content + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == adder-ghost + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + + ghost2: + image: ghost:5-alpine + environment: + database__client: mysql + database__connection__host: mariadb_mariadb + database__connection__port: 3306 + database__connection__user: ghost2_user + database__connection__password: ${GHOST2_DB_PASSWORD} + database__connection__database: ghost2_db + url: ${GHOST2_URL:-http://localhost:2369} + server__port: 2369 + ports: + - "2369:2369" + volumes: + - ghost2_data:/var/lib/ghost/content + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == adder-ghost + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + + ghost3: + image: ghost:5-alpine + environment: + database__client: mysql + database__connection__host: mariadb_mariadb + database__connection__port: 3306 + database__connection__user: ghost3_user + database__connection__password: ${GHOST3_DB_PASSWORD} + database__connection__database: ghost3_db + url: ${GHOST3_URL:-http://localhost:2370} + server__port: 2370 + ports: + - "2370:2370" + volumes: + - ghost3_data:/var/lib/ghost/content + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == adder-ghost + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + ghost1_data: + ghost2_data: + ghost3_data: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/services/mariadb.yml b/services/mariadb.yml new file mode 100644 index 0000000..0142852 --- /dev/null +++ b/services/mariadb.yml @@ -0,0 +1,35 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c mariadb.yml mariadb +# +# Runs on: adder-ghost + +services: + mariadb: + image: mariadb:11 + environment: + MYSQL_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} + ports: + - "3306:3306" + volumes: + - mariadb_data:/var/lib/mysql + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == adder-ghost + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + mariadb_data: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/services/monerod-ban-list.txt b/services/monerod-ban-list.txt new file mode 100644 index 0000000..e69de29 diff --git a/services/monerod.yml b/services/monerod.yml new file mode 100644 index 0000000..02a1b91 --- /dev/null +++ b/services/monerod.yml @@ -0,0 +1,45 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c monerod.yml monerod +# +# Runs on: fedora +# Restricted RPC node with pruning enabled to reduce disk usage. +# Blockchain data is persisted in a named Docker volume. +# Restricted RPC exposed on port 18089 for external wallet access. + +services: + monerod: + image: ghcr.io/sethforprivacy/simple-monerod:latest + command: + - --rpc-restricted-bind-ip=0.0.0.0 + - --rpc-restricted-bind-port=18089 + - --no-igd + - --enable-dns-blocklist + - --ban-list=/home/monero/ban_list.txt + - --prune-blockchain + ports: + - "18080:18080" + - "18089:18089" + volumes: + - bitmonero:/home/monero/.bitmonero + - ./monerod-ban-list.txt:/home/monero/ban_list.txt:ro + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == fedora + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + bitmonero: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/compose_files/n8n.yml b/services/n8n.yml similarity index 52% rename from compose_files/n8n.yml rename to services/n8n.yml index faf0b70..e6f96e4 100644 --- a/compose_files/n8n.yml +++ b/services/n8n.yml @@ -3,53 +3,43 @@ version: '3.8' # Deploy with: # docker stack deploy -c n8n.yml n8n # -# Runs on: CADDY_INSTANCE (ip-10-0-1-168) -# Accessible publicly via Caddy reverse proxy at n8n.erdaverse.com +# Runs on: pve-tools services: n8n: image: n8nio/n8n:latest - entrypoint: /bin/sh - command: - - -c - - | - export DB_POSTGRESDB_PASSWORD=$(cat /run/secrets/n8n_db_password) - exec n8n environment: DB_TYPE: postgresdb - DB_POSTGRESDB_HOST: postgres + DB_POSTGRESDB_HOST: postgres_postgres DB_POSTGRESDB_PORT: 5432 DB_POSTGRESDB_DATABASE: n8n_db DB_POSTGRESDB_USER: n8n_user - N8N_HOST: n8n.erdaverse.com + DB_POSTGRESDB_PASSWORD: ${N8N_DB_PASSWORD} + N8N_HOST: n8n.yourdomain.com N8N_PORT: 5678 N8N_PROTOCOL: https - WEBHOOK_URL: https://n8n.erdaverse.com + WEBHOOK_URL: https://n8n.yourdomain.com GENERIC_TIMEZONE: UTC - NODES_EXCLUDE: "[]" - secrets: - - n8n_db_password + # NATS connection for event-driven workflows + # Configure in n8n credentials UI after first boot volumes: - n8n_data:/home/node/.n8n networks: - - erda-net + - overlay-net deploy: replicas: 1 placement: constraints: - - node.hostname == ip-10-0-1-168 + - node.hostname == pve-tools restart_policy: condition: on-failure delay: 5s max_attempts: 3 -secrets: - n8n_db_password: - external: true - volumes: n8n_data: networks: - erda-net: + overlay-net: external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/services/nats.yml b/services/nats.yml new file mode 100644 index 0000000..05e921d --- /dev/null +++ b/services/nats.yml @@ -0,0 +1,37 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c nats.yml nats +# +# Runs on: pve-tools +# JetStream enabled for persistent messaging. +# Internal only — services connect to nats_nats:4222 via overlay. + +services: + nats: + image: nats:latest + command: + - -js # Enable JetStream + - -sd=/data # JetStream storage directory + - -m=8222 # Enable monitoring endpoint + volumes: + - nats_data:/data + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-tools + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + nats_data: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net} diff --git a/services/postgres.yml b/services/postgres.yml new file mode 100644 index 0000000..3f0b8fa --- /dev/null +++ b/services/postgres.yml @@ -0,0 +1,38 @@ +version: '3.8' + +# Deploy with: +# docker stack deploy -c postgres.yml postgres +# +# Runs on: POSTGRES_INSTANCE (ip-10-0-1-173) +# Creates databases and users for all services on first boot via init scripts. +# Data is persisted in a named Docker volume on the postgres node. + +services: + postgres: + image: postgres:16 + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + ports: + - "5432:5432" + volumes: + - postgres_data:/var/lib/postgresql/data + networks: + - overlay-net + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == pve-postgres + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + +volumes: + postgres_data: + +networks: + overlay-net: + external: true + name: ${OVERLAY_NETWORK:-homelab-net}