tiff/homelab-config
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

Compare commits

base: tiff:main
Branches Tags
tiff:main
tiff:update/remove-extra-cells
tiff:beta-0.2
tiff:beta
..
compare: tiff:beta
Branches Tags
tiff:main
tiff:update/remove-extra-cells
tiff:beta-0.2
tiff:beta

No commits in common. "main" and "beta" have entirely different histories.
main ... beta

66 changed files with 110 additions and 812 deletions
Download patch file Download diff file Expand all files Collapse all files

44
README.md
View file

@ -3,12 +3,6 @@
</p> </p>
<p align="center">
<img alt="GitHub Release" src="https://img.shields.io/github/v/release/twhite96/homelab-config?include_prereleases&style=for-the-badge&logo=github&logoColor=black&labelColor=white&color=%23ff0000">
<img alt="Mastodon Follow" src="https://img.shields.io/mastodon/follow/109435346803331556?domain=https%3A%2F%2Ffosstodon.org&style=for-the-badge&logo=mastodon&logoColor=%23ff0000&label=Fosstodon%20Follows&labelColor=white&color=%23ff0000">
<img alt="GitHub Sponsors" src="https://img.shields.io/github/sponsors/twhite96?style=for-the-badge&logoColor=%23ff0000&labelColor=white&color=%23ff0000">
<img alt="Gitea Issues" src="https://img.shields.io/gitea/issues/open/tifflabs/homelab-config?gitea_url=https%3A%2F%2Fwww.tifflabs-software.org%2F&style=for-the-badge&logo=forgejo&logoColor=%23ff0000&labelColor=white&color=ff0000">
</p>
<!-- START doctoc generated TOC please keep comment here to allow auto update --> <!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
@ -53,25 +47,24 @@ You'll find my setup below.
<!-- ![](https://img.shields.io/badge/homeassistant-41BDF5.svg?&style=for-the-badge&logo=homeassistant&logoColor=white) --> <!-- ![](https://img.shields.io/badge/homeassistant-41BDF5.svg?&style=for-the-badge&logo=homeassistant&logoColor=white) -->
| | Device | Image/Where to Buy (Click the Image) | | | Device | Image/Where to Buy (Click the Image) |
| --- | -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | | --- | -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| | | | | | | |
| | Used NUCs | [![nucs]](https://www.ebay.com/itm/285116201597?var=586979484256) | | | Used NUCs | [![nucs]](https://www.ebay.com/itm/285116201597?var=586979484256) |
| | Intel NUC | [![ha-nuc]](https://www.amazon.com/gp/product/B09DCZQFF2/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Intel NUC | [![ha-nuc]](https://www.amazon.com/gp/product/B09DCZQFF2/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | UniFi Dream Machine Pro | [![udm-pro]](https://store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/udm-pro) | | | UniFi Dream Machine Pro | [![udm-pro]](https://store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/udm-pro) |
| | UniFi Flex HD AP | [![unifi-flex-hd]](https://www.amazon.com/gp/product/B07YQ87QBF) | | | UniFi Flex HD AP | [![unifi-flex-hd]](https://www.amazon.com/gp/product/B07YQ87QBF) |
| | TP-Link (T1600G-18TS) 16 Port Managed Switch | [![tp-link-T1600G-18TS-switch]](https://www.amazon.com/gp/product/B0797KPRPK/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | TP-Link (T1600G-18TS) 16 Port Managed Switch | [![tp-link-T1600G-18TS-switch]](https://www.amazon.com/gp/product/B0797KPRPK/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Echogear Server Rack | [![rack]](https://www.amazon.com/gp/product/B07YYJMCNV/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Echogear Server Rack | [![rack]](https://www.amazon.com/gp/product/B07YYJMCNV/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Generic NUC 1U Rack | [![nuc-rack]](https://www.amazon.com/gp/product/B09BJ5WBHB/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Generic NUC 1U Rack | [![nuc-rack]](https://www.amazon.com/gp/product/B09BJ5WBHB/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Cyberpower power strip 12 outlets | [![cyberpower-strip-12]](https://www.amazon.com/gp/product/B00077INZU/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Cyberpower power strip 12 outlets | [![cyberpower-strip-12]](https://www.amazon.com/gp/product/B00077INZU/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Cyberpower power strip 18 outlets | [![cyberpower-strip-18]](https://www.amazon.com/gp/product/B004K1YG1Y/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Cyberpower power strip 18 outlets | [![cyberpower-strip-18]](https://www.amazon.com/gp/product/B004K1YG1Y/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Synology DS920+ NAS | [![synology-9120]](https://www.amazon.com/gp/product/B087Z34F3R/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Synology DS920+ NAS | [![synology-9120]](https://www.amazon.com/gp/product/B087Z34F3R/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Deco X55 Router | [![deco-x55]](https://www.amazon.com/gp/product/B09PRB1MZM/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Deco X55 Router | [![deco-x55]](https://www.amazon.com/gp/product/B09PRB1MZM/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Navepoint 12U Closet Rack | [![navepoint-12u-closet-rack]](https://www.amazon.com/gp/product/B072BXSTY8/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Navepoint 12U Closet Rack | [![navepoint-12u-closet-rack]](https://www.amazon.com/gp/product/B072BXSTY8/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Beelink NUC | [![beelink-nuc]](https://www.amazon.com/gp/product/B0BVLPCDVW/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Beelink NUC | [![beelink-nuc]](https://www.amazon.com/gp/product/B0BVLPCDVW/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | CyberPower LCD UPS System 2U Rack/Tower | [![cyber-power-ups]](https://www.amazon.com/gp/product/B00HDODQYS?th=1) | | | CyberPower LCD UPS System 2U Rack/Tower | [![cyber-power-ups]](https://www.amazon.com/gp/product/B00HDODQYS?th=1) |
| | Raspberry Pi 4 B 8gb RAM | [![raspberry-pi-4]](https://www.amazon.com/gp/product/B08R87H4RR/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) | | | Raspberry Pi 4 B 8gb RAM | [![raspberry-pi-4]](https://www.amazon.com/gp/product/B08R87H4RR/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) |
| | Beelink S12 Pro Mini PC, Intel 12th Gen Alder Lake- N100 | [![beelink-s12-pro-nucs]](https://www.amazon.com/dp/B0CRKD4YQL?th=1) |
[☝️ Top](#table-of-contents) [☝️ Top](#table-of-contents)
@ -96,5 +89,4 @@ Some of the software running on the servers in my home lab.
[raspberry-pi-3B+]: assets/rpi-3bp.png [raspberry-pi-3B+]: assets/rpi-3bp.png
[raspberry-pi-2]: assets/rpi-2.png [raspberry-pi-2]: assets/rpi-2.png
[beelink-nuc]: assets/beelink.png [beelink-nuc]: assets/beelink.png
[beelink-s12-pro-nucs]: assets/beelink-pros.png
[cyber-power-ups]: assets/ups.png [cyber-power-ups]: assets/ups.png

BIN
assets/Friday, 26 Jul 2024 19:06:55.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.6 MiB

BIN
assets/Saturday, 27 Jul 2024 16:05:06.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 924 KiB

BIN
assets/Wednesday, 24 Jul 2024 19:03:21.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1 MiB

BIN
assets/Wednesday, 24 Jul 2024 19:03:36.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.1 MiB

BIN
assets/Wednesday, 24 Jul 2024 19:03:52.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.2 MiB

BIN
assets/Wednesday, 24 Jul 2024 19:04:06.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.2 MiB

BIN
assets/audobookshelf.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 6.1 MiB

BIN
assets/beelink-pros.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 24 KiB

BIN
assets/beelink-s12-pro-nucs.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 17 KiB

BIN
assets/bookstack.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 685 KiB

BIN
assets/freshrss.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.2 MiB

BIN
assets/grafana.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 918 KiB

BIN
assets/n100-beelinks.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 43 KiB

BIN
assets/pihole.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 855 KiB

14
docker/audiobookshelf/docker-compose.yml
View file

@ -1,14 +0,0 @@
---
services:
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
ports:
- 13378:80
volumes:
- /audiobooks:/audiobooks
- /podcasts:/podcasts
- /config:/config
- /metadata>:/metadata
environment:
- TZ=America/New_York

68
docker/immich/docker-compose.yml
View file

@ -1,68 +0,0 @@
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
command: ['start.sh', 'immich']
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- 2283:3001
depends_on:
- redis
- database
restart: always
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/hardware-transcoding
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
command: ['start.sh', 'microservices']
volumes:
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
depends_on:
- redis
- database
restart: always
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
redis:
container_name: immich_redis
image: registry.hub.docker.com/library/redis:6.2-alpine@sha256:84882e87b54734154586e5f8abd4dce69fe7311315e2fc6d67c29614c8de2672
restart: always
database:
container_name: immich_postgres
image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
volumes:
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
restart: always
volumes:
model-cache:

71
docker/piped/docker-compose.yml
View file

@ -1,71 +0,0 @@
---
services:
piped-frontend:
image: 1337kavin/piped-frontend:latest
restart: unless-stopped
depends_on:
- piped
environment:
BACKEND_HOSTNAME: pipedapi.tifflabs.cfd
container_name: piped-frontend
piped-proxy:
image: 1337kavin/piped-proxy:latest
restart: unless-stopped
environment:
- UDS=1
volumes:
- piped-proxy:/app/socket
container_name: piped-proxy
piped:
image: 1337kavin/piped:latest
restart: unless-stopped
volumes:
- ./config/config.properties:/app/config.properties:ro
depends_on:
- postgres
container_name: piped-backend
nginx:
image: nginx:mainline-alpine
restart: unless-stopped
ports:
- "8080:80"
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro
- ./config/pipedproxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro
- ./config/pipedfrontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro
- ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro
- piped-proxy:/var/run/ytproxy
container_name: nginx
depends_on:
- piped
- piped-proxy
- pipedfrontend
labels:
- "traefik.enable=true"
- "traefik.http.routers.piped.rule=Host(`FRONTEND_HOSTNAME`, `BACKEND_HOSTNAME`, `PROXY_HOSTNAME`)"
- "traefik.http.routers.piped.entrypoints=websecure"
- "traefik.http.services.piped.loadbalancer.server.port=8080"
postgres:
image: postgres:15
restart: unless-stopped
volumes:
- ./data/db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=piped
- POSTGRES_USER=piped
- POSTGRES_PASSWORD=changeme
container_name: postgres
watchtower:
image: containrrr/watchtower
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_INCLUDE_RESTARTING=true
container_name: watchtower
command: piped-frontend piped-backend piped-proxy varnish nginx postgres watchtower
volumes:
piped-proxy: null

16
docker/traefik/docker-compose.yml
View file

@ -1,16 +0,0 @@
version: '3'
services:
reverse-proxy:
# The official v3 Traefik docker image
image: traefik:v3.0
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:
# The HTTP port
- "80:80"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock

0
kubernetes/prometheus/README.md
View file

12
pikapods/audiobookshelf/docker-compose.yaml
View file

@ -1,12 +0,0 @@
services:
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
ports:
- 13378:80
volumes:
- ./audiobooks:/audiobooks
- ./podcasts:/podcasts
- ./config:/config
- ./metadata:/metadata
environment:
- TZ=America/New_York

6
portainer/README.md
View file

@ -3,8 +3,4 @@
> [!NOTE]\ > [!NOTE]\
> This is a work in progress. I will be placing configs and yaml files and docker compose files, etc in here once I get a better feel for Portainer and how it works. > This is a work in progress. I will be placing configs and yaml files and docker compose files, etc in here once I get a better feel for Portainer and how it works.
> [!WARNING]\
> **I AM NO LONGER USING PORTAINER**
>
> Portainer, while easy to use, is not a good option once you get your feet wet. Learn how to use Docker Compose and the command line. Trust me, it will be beneficial to you in the long run.

2
proxmox/actualbudget/README.md
View file

@ -1,2 +0,0 @@
# ActualBudget lxc

1
proxmox/cloudflared/README.md
View file

@ -1 +0,0 @@
# Cloudflared lxcs

1
proxmox/flaresolverr/README.md
View file

@ -1 +0,0 @@
# Flaresolverr lxc

1
proxmox/forgejo/README.md
View file

@ -1 +0,0 @@
# Forgejo lxc

0
docker/immich/README.md → proxmox/homepage/README.md
View file

0
ubuntu/docker/homepage/homepage.sh → proxmox/homepage/homepage.sh
View file

1
proxmox/influxdb/README.md
View file

@ -1 +0,0 @@
# InfluxDB lxc

1
proxmox/pihole/README.md
View file

@ -1 +0,0 @@
# Pi-hole lxc

1
proxmox/prometheus/README.md
View file

@ -1 +0,0 @@
# Prometheus lxc

0
docker/portainer/README.md → proxmox/qbittorrent/README.md
View file

0
ubuntu/docker/qbittorrent/qbittorrent.sh → proxmox/qbittorrent/qbittorrent.sh
View file

0
docker/traefik/README.md → proxmox/ubuntu/README.md
View file

0
ubuntu/docker/README.md → proxmox/ubuntu/docker/README.md
View file

0
ubuntu/docker/haproxy/Dockerfile → proxmox/ubuntu/docker/haproxy/Dockerfile
View file

0
ubuntu/docker/haproxy/README.md → proxmox/ubuntu/docker/haproxy/README.md
View file

0
kubernetes/README.md → proxmox/ubuntu/docker/portainer/README.md
View file

0
docker/portainer/docker-compose.yml → proxmox/ubuntu/docker/portainer/docker-compose.yml
View file

0
ubuntu/ubuntu.sh → proxmox/ubuntu/ubuntu.sh
View file

1
proxmox/umami/README.md
View file

@ -1 +0,0 @@
# Umami lxc

1
proxmox/wastebin/README.md
View file

@ -1 +0,0 @@
# Wastebin lxc

1
proxmox/whoogle/README.md
View file

@ -1 +0,0 @@
# Whoogle lxc

8
proxmox/wikijs/README.md Normal file
View file

@ -0,0 +1,8 @@
# Wiki.js Script
> [!WARNING]\
> Always make sure you vet the scripts you install from anywhere on the internet!
You can install the script directly from this link:
- [Proxmox VE Helper Scripts](https://tteck.github.io/Proxmox/)

83
proxmox/wikijs/wiki-js.sh Normal file
View file

@ -0,0 +1,83 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2024 tteck
# Author: tteck (tteckster)
# License: MIT
# https://github.com/tteck/Proxmox/raw/main/LICENSE
source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y curl
$STD apt-get install -y sudo
$STD apt-get install -y mc
$STD apt-get install -y git
$STD apt-get install -y ca-certificates
$STD apt-get install -y gnupg
msg_ok "Installed Dependencies"
msg_info "Setting up Node.js Repository"
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" >/etc/apt/sources.list.d/nodesource.list
msg_ok "Set up Node.js Repository"
msg_info "Installing Node.js"
$STD apt-get update
$STD apt-get install -y nodejs
msg_ok "Installed Node.js"
msg_info "Installing Wiki.js"
mkdir -p /opt/wikijs
cd /opt/wikijs
$STD wget https://github.com/Requarks/wiki/releases/latest/download/wiki-js.tar.gz
tar xzf wiki-js.tar.gz
rm wiki-js.tar.gz
cat <<EOF >/opt/wikijs/config.yml
bindIP: 0.0.0.0
port: 3000
db:
type: sqlite
storage: /opt/wikijs/db.sqlite
logLevel: info
logFormat: default
dataPath: /opt/wikijs/data
bodyParserLimit: 5mb
EOF
$STD npm rebuild sqlite3
msg_ok "Installed Wiki.js"
msg_info "Creating Service"
service_path="/etc/systemd/system/wikijs.service"
echo "[Unit]
Description=Wiki.js
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/node server
Restart=always
User=root
Environment=NODE_ENV=production
WorkingDirectory=/opt/wikijs
[Install]
WantedBy=multi-user.target" >$service_path
$STD systemctl enable --now wikijs
msg_ok "Created Service"
motd_ssh
customize
msg_info "Cleaning up"
$STD apt-get autoremove
$STD apt-get autoclean
msg_ok "Cleaned"

9
ubuntu/README.md
View file

@ -1,9 +0,0 @@
# Ubuntu VMs Inside of Proxmox
These days, I have figured out that if I need privileged access to a container, an LXC is not the best choice. For instance, if I want to add storage to a container, it is almost impossible to do so with an LXC without making the container a privleged container which comes with security implications that I don't want to manage.
So now I run mission-critical services in Ubuntu VMs on Proxmox. I do not use the tteck's scripts for this; I download an ISO file and upload it to storage on Proxmox and create the VM from scratch.
## Difficult to manage publically shared services
For services I want to share publicly that are a real pita to setup and run on my home server, I use [PikaPods](https://pikapods.com). Yes, it costs money, but I've been running Audiobookshelf for a month now on an initial $5 top up. It's a pittance for such a wonderful service, and each "Pod" has a different price for usage. They don't keep your data and the funds go directly to the open source developers apps you are using.

1
ubuntu/docker/authentik/.env.example
View file

@ -1 +0,0 @@
# You environment variables go here

86
ubuntu/docker/authentik/docker-compose.yml
View file

@ -1,86 +0,0 @@
---
version: "3.4"
services:
postgresql:
image: docker.io/library/postgres:12-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
env_file:
- .env
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.2}
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
- postgresql
- redis
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.2}
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
- postgresql
- redis
volumes:
database:
driver: local
redis:
driver: local

1
ubuntu/docker/homepage/README.md
View file

@ -1 +0,0 @@
# Homepage

92
ubuntu/docker/homepage/config/bookmarks.yaml
View file

@ -1,92 +0,0 @@
---
- Repositories:
- Homelab:
- icon: si-github-#FFFFFF
href: https://github.com/twhite96/homelab-config
description: Homelab config
- Homelab Docs:
- icon: si-github-#FFFFFF
href: https://github.com/twhite96/tifflabs
description: Homelab repo
- Selfhosted Projects:
- tiff labs:
- icon: /icons/tifflabsgit.png
href: https://tifflabs-software.org
description: Labs software hosting
- cyber:
- icon: /icons/htbavatar.png
href: https://projects.0x8c.run
description: '0x8c project hosting'
- Cloud Platforms:
- Linode:
- icon: /icons/linode.png
href: https://cloud.linode.com/linodes
description: Linode
- Hetzner:
- icon: si-hetzner-#D50C2D
href: https://accounts.hetzner.com/login
description: Hetzner
- Hosting Platforms:
- Vercel:
- icon: si-vercel-#000000
href: https://vercel.com/dashboard
description: Vercel
- Cloudron:
- icon: si-cloudron-#03A9F4
href: https://console.cloudron.io/
description: Cloudron
- Documentation:
- Docs site:
- icon: si-materialformkdocs-#ff0000
href: https://docs.tifflabs.org
description: Smart home docs
- labs.network:
- icon: si-bookstack-#B91C1C
href: https://presto-horn.tifflabs.org
description: Network wiki
- Public Projects:
- Homelab Config:
- icon: /icons/tifflabs.svg
href: https://homelab.tiff.tools
description: Homelab Config
- Forgejo Homelab Projects:
- icon: si-forgejo-#FB923C
href: https://tifflabs-software.org/explore
description: Public personal projects
- Cyber Learning:
- Hack The Box:
- icon: si-hackthebox-#9FEF00
href: https://academy.hackthebox.com
description: HTB Academy
- TryHackMe:
- icon: si-tryhackme-#88CC15
href: https://tryhackme.com/
description: TryHackMe
- Productivity:
- Email:
- icon: si-protonmail-#6D4AFF
href: https://mail.proton.me/
description: Email
- Calendar:
- icon: si-protoncalendar-#50B0E9
href: https://calendar.proton.me
description: Calendar
- Public Notes and Writeups:
- Notes:
- icon: si-obsidian-#7C3AED
href: https://notes.0x8c.org
description: Public Notes
- Wiki:
icon: si-gitbook-#BBDDE5
href: https://app.gitbook.com/?source=pwa
description: Write-ups

0
ubuntu/docker/homepage/config/custom.css
View file

0
ubuntu/docker/homepage/config/custom.js
View file

0
ubuntu/docker/homepage/config/docker.yaml
View file

0
ubuntu/docker/homepage/config/kubernetes.yaml
View file

107
ubuntu/docker/homepage/config/services.yaml
View file

@ -1,107 +0,0 @@
---
- Infrastructure and Data:
- Proxmox:
href: {{proxmox-url}}
icon: proxmox.svg
description: prx-prod-2
siteMonitor: {{proxmox-url}}
widget:
type: proxmox
url: {{proxmox-url}}
username: {{HOMEPAGE_VAR_PROXMOX_USERNAME}}
password: {{HOMEPAGE_VAR_PROXMOX_PASSWORD}}
- Authentik:
icon: authentik.png
showStats: true
href: {{url}}
widget:
type: authentik
fields: ["users"]
url: {{url}}
key: {{HOMEPAGE_VAR_AUTHENTIK_KEY}}
- Monitoring:
- UptimeKuma:
icon: uptime-kuma.svg
href: https://uptime.tifflabs.org
widget:
description: uptime on pve main
fields: ["up", "down", "uptime", "incident"]
icon: uptime-kuma.svg
type: uptimekuma
url: {{url}}
slug: lab
- Pi-hole:
icon: pi-hole.svg
siteMonitor: {{url}}
widget:
type: pihole
fields: ["queries", "blocked", "blocked_percent", "gravity"]
url: {{url}} # required if running v6 or higher, defaults to 5
key: {{HOMEPAGE_VAR_PIHOLE_TOKEN}}
- Grafana:
icon: grafana.svg
siteMonitor: {{url}}
widget:
type: grafana
fields: ["dashboards", "datasources", "totalalerts", "alertstriggered"]
url: {{url}}
username: tifflabs
password: {{HOMEPAGE_VAR_GRAFANA_PASSWORD}}
- Tailscale:
icon: tailscale.svg
showStats: true
widget:
type: tailscale
fields: ["address", "last_seen", "expires"]
deviceid: {{device-id}}
key: {{key}}
- Media:
- Jellyfin:
icon: jellyfin.svg
description: tailnet jellyfin
widget:
type: jellyfin
url: {{url}}
fields: ["movies", "series", "episodes", "songs"]
key: {{HOMEPAGE_VAR_JELLYFIN_KEY}}
enableBlocks: true # optional, defaults to false
enableNowPlaying: true # optional, defaults to true
enableUser: true # optional, defaults to false
showEpisodeNumber: true # optional, defaults to false
expandOneStreamToTwoRows: false # optional, defaults to true
- Calibre:
icon: calibre.svg
siteMonitor: https://books.tiffs.app
href: 'https://books.tiffs.app'
widget:
type: calibreweb
url: https://books.tiffs.app
fields: ["books", "authors", "categories", "series"]
username: {{username}}
password: {{password}}
- FreshRSS:
icon: freshrss.svg
description: RSS Feed
href: https://rss.tifflabs.dev
showStats: true
widget:
type: freshrss
url: https://rss.tifflabs.dev
fields: ["subscriptions", "unread"]
username: {{username}}
password: {{password}}
- Audiobookshelf:
icon: audiobookshelf.svg
siteMonitor: https://audiobooks.tiffs.app
href: https://audiobooks.tiffs.app
description: Audiobook Library
showStats: true
widget:
type: audiobookshelf
fields: ["podcasts", "podcastsDuration", "books", "booksDuration"]
url: https://audiobooks.tiffs.app
key: {{HOMEPAGE_VAR_AUDIOBOOKSHELF_KEY}}

74
ubuntu/docker/homepage/config/settings.yaml
View file

@ -1,74 +0,0 @@
---
title: Dash
headerStyle: clean
background:
blur: xl
brightness: 90
opacity: 60
cardBlur: sm
useEqualHeights: true
providers:
quicklaunch:
searchDescriptions: true
hideInternetSearch: true
showSearchSuggestions: true
hideVisitURL: true
layout:
- Services:
Infrastructure and Data:
icon: proxmox.svg
style: row
columns: 2
Monitoring:
icon: grafana.svg
style: row
columns: 4
Media:
icon: jellyfin.svg
style: row
columns: 4
- Bookmarks:
Repositories:
icon: github.svg
style: row
columns: 2
Selfhosted Projects:
icon: codeberg.svg
style: row
columns: 2
Cloud Platforms:
icon: hetzner.svg
style: row
columns: 2
Hosting Platforms:
icon: cloudron.svg
style: row
columns: 2
Documentation:
icon: bookstack.svg
style: row
columns: 2
Public Projects:
icon: forgejo.svg
style: row
columns: 2
Cyber Learning:
icon: hackthebox.svg
style: row
columns: 2
Productivity:
icon: protonmail.svg
style: row
columns: 2
Public Notes and Writeups:
icon: obsidian.svg
style: row
columns: 2

26
ubuntu/docker/homepage/config/widgets.yaml
View file

@ -1,26 +0,0 @@
---
- resources:
cpu: true
memory: true
disk: /
- search:
provider: custom
url: # whoogle # google, duckduckgo, bing, baidu, brave or custom
focus: true
target: _blank # One of _self, _blank, _parent or _top
- openweathermap:
latitude: {{long}}
longitude: {{lat}}
units: imperial # or imperial
provider: openweathermap
cache: 5 # Time in minutes to cache API responses, to stay within limits
format: # optional, Intl.NumberFormat options
maximumFractionDigits: 0
- datetime:
text_size: m
format:
timeStyle: short
hourCycle: h12

14
ubuntu/docker/homepage/docker-compose.yaml
View file

@ -1,14 +0,0 @@
---
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage-prod-1
ports:
- 3000:3000
env_file:
- ".env.example"
volumes:
- ./config:/app/config # Make sure your local config directory exists
- ./images:/app/public/images
- ./icons:/app/public/icons
restart: unless-stopped

166
ubuntu/docker/photoprism/docker-compose.yml
View file

@ -1,166 +0,0 @@
# Example Docker Compose config file for PhotoPrism (Linux / AMD64)
#
# Note:
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
# https://docs.photoprism.app/getting-started/proxies/traefik/
#
# Setup Guides:
# - https://docs.photoprism.app/getting-started/docker-compose/
# - https://docs.photoprism.app/getting-started/raspberry-pi/
# - https://www.photoprism.app/kb/activation
#
# Troubleshooting Checklists:
# - https://docs.photoprism.app/getting-started/troubleshooting/
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
#
# CLI Commands:
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
#
# All commands may have to be prefixed with "sudo" when not running as root.
# This will point the home directory shortcut ~ to /root in volume mounts.
services:
# traefik:
# image: traefik:v2.11
# restart: unless-stopped
# ports:
# - "80:80"
# - "443:443"
# volumes:
# - "./traefik.yaml:/etc/traefik/traefik.yaml"
# - "./traefik/data:/data"
# - "/var/run/docker.sock:/var/run/docker.sock"
photoprism:
## Use photoprism/photoprism:preview for testing preview builds:
image: photoprism/photoprism:latest
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
# restart: unless-stopped
stop_grace_period: 10s
depends_on:
- mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
## Server port mapping in the format "Host:Container". To use a different port, change the host port on
## the left-hand side and keep the container port, e.g. "80:2342" (for HTTP) or "443:2342 (for HTTPS):
ports:
- "2342:2342"
# labels:
# - "traefik.http.routers.photoprism.rule=Host(`photos.tiff.ws`)"
# - "traefik.http.routers.photoprism.tls=true"
# - "traefik.http.routers.photoprism.tls.certresolver=myresolver"
## Before you start the service, please check the following config options (and change them as needed):
## https://docs.photoprism.app/getting-started/config-options/
environment:
PHOTOPRISM_ADMIN_USER: "admin" # admin login username
PHOTOPRISM_ADMIN_PASSWORD: # initial admin password (8-72 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_SIDECAR_YAML: "true" # creates YAML sidecar files to back up picture metadata
PHOTOPRISM_BACKUP_ALBUMS: "true" # creates YAML files to back up album metadata
PHOTOPRISM_BACKUP_DATABASE: "true" # creates regular backups based on the configured schedule
PHOTOPRISM_BACKUP_SCHEDULE: "daily" # backup SCHEDULE in cron format (e.g. "0 12 * * *" for daily at noon) or at a random time (daily, weekly)
PHOTOPRISM_INDEX_SCHEDULE: "" # indexing SCHEDULE in cron format (e.g. "@every 3h" for every 3 hours; "" to disable)
PHOTOPRISM_AUTO_INDEX: 300 # delay before automatically indexing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_AUTO_IMPORT: -1 # delay before automatically importing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that does not require a separate database server
PHOTOPRISM_DATABASE_DRIVER: "mysql" # MariaDB 10.5.12+ (MySQL successor) offers significantly better performance compared to SQLite
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB database user name
PHOTOPRISM_DATABASE_PASSWORD: # MariaDB database user password
PHOTOPRISM_SITE_CAPTION: #your caption goes here
PHOTOPRISM_SITE_DESCRIPTION: # meta site description
PHOTOPRISM_SITE_AUTHOR: # meta site author
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
## Run/install on first startup (options: update https gpu ffmpeg tensorflow davfs clitools clean):
# PHOTOPRISM_INIT: "https gpu tensorflow"
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# PHOTOPRISM_UID: 1000
# PHOTOPRISM_GID: 1000
# PHOTOPRISM_UMASK: 0000
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# user: "1000:1000"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # Example
- "./photos:/photoprism/originals" # Original media files (DO NOT REMOVE)
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
- "./storage.usb:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "./storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
## MariaDB Database Server (recommended)
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
mariadb:
image: mariadb:11
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
restart: unless-stopped
stop_grace_period: 5s
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
volumes:
- "./database:/var/lib/mysql" # DO NOT REMOVE
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "x!rPM.jTjcKLPuhLHdGs78A9W"
MARIADB_ROOT_PASSWORD: "WkDdnDehFdALm*N@EUqE6e7MC"
## Watchtower upgrades services automatically (optional)
## see https://docs.photoprism.app/getting-started/updates/#watchtower
## activate via "COMPOSE_PROFILES=update docker compose up -d"
watchtower:
restart: unless-stopped
image: containrrr/watchtower
profiles: ["update"]
environment:
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account

10
ubuntu/docker/qbittorrent/README.md
View file

@ -1,10 +0,0 @@
# qBittorent Web Ui Install
> [!NOTE]\
> This gist is taken from an article on Linux Babe which is linked in the Gist. If curious now, you can find the article here: [Linux Babe How to Install qBIttorent Web UI on Ubuntu 18.04 Desktip or Server](https://www.linuxbabe.com/ubuntu/install-qbittorrent-ubuntu-18-04-desktop-server)
>
>
<a href="https://gist.github.com/twhite96/631d3544ce01c47a6de787f6c47af60b"> <img src="https://github-readme-stats-git-master-twhite96.vercel.app/api/gist?id=631d3544ce01c47a6de787f6c47af60b"></a>

3
ubuntu/servarr/README.md
View file

@ -1,3 +0,0 @@
# *arr Apps
The apps you use when you want to keep track of the ISO files you get.

0
vps/README.md
View file

0
vps/server-1/README.md
View file

0
vps/server-1/coolify/README.md
View file

0
vps/server-2/README.md
View file

0
vps/server-2/docker/README.md
View file