v4.0 (#56)

* 48 switch to docker swarm services (#51) * 48 Migrating to docker swarm * 48 Add docker stack files * 48 Edit monitoring stack * 48 Add traefik configs * 48 Testing traefik * 48 Testing traefik * 48 Testing traefik * 48 Test labels * 48 Fix packages * 48 Working Traefik reverse proxy * 48 Working Jellyfin, prometheus and testing grafana, portainer * 48 Add labels * 48 move legacy setup * 48 Fix portainer reverse proxy * 48 Tested all services --------- Co-authored-by: veerendra2 <[email protected]> * 18 cant connect to jellyfin server in android (#53) * 18 Change mount dirs * 18 Test self signed certs in traefik --------- Co-authored-by: veerendra2 <[email protected]> * 37 smoke tests tasks after install (#55) * 37 Update ansible tasks * 37 fix paths * 37 Refactoring * 37 Test deploy services * 37 Add smoke tests tasks --------- Co-authored-by: veerendra2 <[email protected]> * Update readme --------- Co-authored-by: veerendra2 <[email protected]>
veerendra2 · Mar 5, 2023 · 6a41d16 · 6a41d16
1 parent 784392e
commit 6a41d16
Show file tree

Hide file tree

Showing 193 changed files with 33,451 additions and 140 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,4 +2,6 @@ apps/pihole/etc-dnsmasq.d
 apps/pihole/etc-pihole
 apps/pihole/docker_run.sh
 apps/nginx/ssl/*
-!apps/nginx/ssl/.gitkeep
+!apps/nginx/ssl/.gitkeep
+services/traefik/config/ssl/*.crt
+services/traefik/config/ssl/*.key
diff --git a/README.md b/README.md
@@ -4,8 +4,11 @@
 ![GitHub issues](https://img.shields.io/github/issues/veerendra2/raspberrypi-homeserver?style=plastic)
 ![GitHub release (release name instead of tag name)](https://img.shields.io/github/v/release/veerendra2/raspberrypi-homeserver?include_prereleases&style=plastic)
 # Raspberry Pi Home Server
-**A collection of applications and tools to make awesome Raspberry Pi homerserver.**
-<table>
+<p align="center">
+<b>A collection of applications and tools to make awesome Raspberry Pi homerserver</b>
+</p>
+
+<table align="center">
 <tr>
   <td>
     <center>
@@ -51,7 +54,7 @@
   </td>
   <td>
     <center>
-      <img src="https://user-images.githubusercontent.com/8393701/196514761-f3585baf-5d0e-4647-b3a7-727d219bf1ae.png" alt="Nginx" width="60"/> <br /> Nginx
+      <img src="https://user-images.githubusercontent.com/8393701/221434420-2277ee82-115d-4ec6-bbe7-d0a010687dda.png" alt="Traefik" width="60"/> <br /> Traefik
     </center>
   </td>
   <td>
@@ -62,20 +65,60 @@
 </tr>
 </table>
 
-> This project meant to be simple and deploy apps on single box. Created this project out of my own curiousity to make my very first homeserver with Raspberry Pi 4. For more advance configuration to make your own homeserver, you may checkout [geek-cookbook](https://github.com/geek-cookbook/geek-cookbook)
 
-:point_right: Check [projects](https://github.com/veerendra2/raspberrypi-homeserver/projects) tab for roadmap
+<p align="center">
+  <img src="https://user-images.githubusercontent.com/8393701/221664828-4531e8b6-491c-44b3-b270-cda18040abba.png" /><br/>Docker Swarm
+</p>
+
+
+<!-- <table>
+<center>
+<img src="https://user-images.githubusercontent.com/8393701/221664828-4531e8b6-491c-44b3-b270-cda18040abba.png" alt="Docker Swarm"/> <br/>Docker Swarm
+</center>
+</tr>
+</table> -->
+
+## Table of Contents
+* [Features](https://github.com/veerendra2/raspberrypi-homeserver#features)
+* [Homer screenshot](https://github.com/veerendra2/raspberrypi-homeserver#homer-screenshot)
+* [Getting started](https://github.com/veerendra2/raspberrypi-homeserver#getting-started)
+* [Docker swarm services architecture](https://github.com/veerendra2/raspberrypi-homeserver/wiki)
+* [Project roadmap](https://github.com/veerendra2/raspberrypi-homeserver/projects)
+* [Docs](https://github.com/veerendra2/raspberrypi-homeserver/wiki)
 
-:point_right: Check [wiki pages](https://github.com/veerendra2/raspberrypi-homeserver/wiki) for documentation
+## Features
+* Fully automated with Ansible
+* All services are deployable on docker swarm
+* Traefik reverse proxy
+* Grafana dashboards to view
+  * System metrics
+  * Internet speed everyone hour
+  * Uptime with blackbox exporter
+  * Docker container metrics
+* Beautiful Homer dashboard to view all services
+* Uncomplicated firewall
 
-## Homer Screenshot
-![image](https://user-images.githubusercontent.com/8393701/203421293-02dcc50e-f029-492c-9884-ba18e555c606.png)
+## Homer screenshot
+![image](https://user-images.githubusercontent.com/8393701/221434707-6c8e83a5-8116-4f78-9b2f-941bf1c053e2.png)
 
-## Deploy
+## Getting started
 * Follow prerequisite [manual steps](https://github.com/veerendra2/raspberrypi-homeserver/wiki/Manual-Steps) to prepare Pi
+* Browse [vars.yml](./vars.yml) to configuration
 ```
 $ git clone https://github.com/veerendra2/raspberrypi-homeserver.git
 $ cd raspberrypi-homeserver
-# Review inventory.yml and run
+# Review vars.yml and inventory.yml and run
 $ ansible-playbook main.yml
 ```
+### NOTE
+* The setup created to deploy all services on single node docker swarm cluster. If you want to use this setup on multi node swarm cluster, there are some additional tweaks required like
+  * Change plancement
+    ```
+    ...
+      deploy:
+        replicas: 1
+        placement:
+          constraints: [node.role == manager]
+    ...
+    ```
+* Currently I'm using IP address `192.168.0.120` to access services, change services configs if you have a domain
diff --git a/apps/README.md b/apps/README.md
diff --git a/legacy/README.md b/legacy/README.md
@@ -0,0 +1,4 @@
+# Legacy Setup
+This is legacy/archived setup with `docker-compose` used previously, not using it anymore. Right now the setup migrated to docker swarm services.
+
+* Browse [wiki](./wiki) directory for documentation on legacy setup
diff --git a/legacy/ansible/bettercap.yml b/legacy/ansible/bettercap.yml
@@ -0,0 +1,34 @@
+---
+
+- name: Create temporary bettercap build directory
+  tempfile:
+    state: directory
+    suffix: build
+  register: tempdir
+
+- name: Build bettercap
+  shell: |
+    go env -w GO111MODULE=off
+    go get -u github.com/bettercap/bettercap
+  environment:
+    GOPATH: "{{ tempdir.path }}"
+
+- name: Install bettercap
+  shell: |
+    mv {{ tempdir.path }}/bin/bettercap /usr/local/bin/
+    rm -rf {{ tempdir.path }}
+    bettercap -version
+  become: yes
+  register: output
+
+- name: Display bettercap version
+  debug:
+    msg: "{{ output.stdout }}"
+  when: output.rc == 0
+
+# https://www.bettercap.org/usage/webui/
+- name: Install bettercap caplets
+  shell: bettercap -eval "caplets.update; ui.update; q"
+  when: output.rc == 0
+  ignore_errors: true
+  become: true
diff --git a/tasks/filebrowser.yml → legacy/ansible/filebrowser.yml b/tasks/filebrowser.yml → legacy/ansible/filebrowser.yml
diff --git a/tasks/homer.yml → legacy/ansible/homer.yml b/tasks/homer.yml → legacy/ansible/homer.yml
diff --git a/tasks/jellyfin.yml → legacy/ansible/jellyfin.yml b/tasks/jellyfin.yml → legacy/ansible/jellyfin.yml
diff --git a/legacy/ansible/main.yml b/legacy/ansible/main.yml
@@ -0,0 +1,53 @@
+# Author: Veerendra Kakumanu
+# Description: An Ansible playbook to make awesome Raspberry Pi homeserver(Legacy Setup)
+
+- name: Raspberry Pi Homeserver
+  hosts: atom
+  gather_facts: yes
+  vars_files:
+    - vars.yml
+
+  pre_tasks:
+    - name: Run update
+      apt:
+        upgrade: true
+        update_cache: yes
+      ignore_errors: yes
+      become: yes
+
+  post_tasks:
+    - name: Run autoremove
+      apt:
+        autoremove: yes
+      become: yes
+
+  tasks:
+    - name: Install bettercap
+      import_tasks: bettercap.yml
+
+    - name: Setup monitoring
+      import_tasks: monitoring.yml
+
+    - name: Setup pihole
+      import_tasks: pihole.yml
+
+    - name: Setup portainer
+      import_tasks: portainer.yml
+
+    - name: Setup homer
+      import_tasks: homer.yml
+
+    - name: Setup jellyfin
+      import_tasks: jellyfin.yml
+
+    - name: Setup nextcloud
+      import_tasks: nextcloud.yml
+
+    - name: Setup filebrowser
+      import_tasks: filebrowser.yml
+
+    - name: Setup nginx
+      import_tasks: nginx.yml
+
+    - name: Setup firewall rules
+      import_tasks: ufw.yml
diff --git a/tasks/monitoring.yml → legacy/ansible/monitoring.yml b/tasks/monitoring.yml → legacy/ansible/monitoring.yml
diff --git a/tasks/nextcloud.yml → legacy/ansible/nextcloud.yml b/tasks/nextcloud.yml → legacy/ansible/nextcloud.yml
diff --git a/tasks/nginx.yml → legacy/ansible/nginx.yml b/tasks/nginx.yml → legacy/ansible/nginx.yml
diff --git a/legacy/ansible/pihole.yml b/legacy/ansible/pihole.yml
@@ -0,0 +1,58 @@
+---
+- set_fact:
+    app: pihole
+    project_dir: /opt/apps/pihole/
+
+# https://github.com/pi-hole/docker-pi-hole#installing-on-ubuntu-or-fedora
+- name: Configure systemd-resolved for PiHole
+  block:
+    - name: Disable stub resolver in systemd-resolved config
+      ini_file:
+        path: /etc/systemd/resolved.conf
+        section: Resolve
+        option: DNSStubListener
+        value: "no"
+        backup: true
+
+    - name: Create backup /etc/resolv.conf
+      copy:
+        remote_src: yes
+        src: /etc/resolv.conf
+        dest: /etc/resolv.conf.backup
+
+    - name: Remove /etc/resolv.conf
+      file:
+        path: /etc/resolv.conf
+        state: absent
+
+    - name: Create link /etc/resolv.conf
+      file:
+        src: /run/systemd/resolve/resolv.conf
+        dest: /etc/resolv.conf
+        state: link
+
+    - name: Restart systemd-resolved
+      service:
+        name: systemd-resolved
+        state: restarted
+  become: yes
+
+- name: Create project directory | {{ app }}
+  file:
+    path: "{{ project_dir }}"
+    state: directory
+    owner: "{{ run_user }}"
+  become: yes
+
+- name: Synchronize project directory | {{ app }}
+  synchronize:
+    src: apps/pihole/
+    dest: "{{ project_dir }}"
+    delete: false
+    recursive: true
+    perms: false
+
+- name: Run docker-compose up | {{ app }}
+  docker_compose:
+    project_src: "{{ project_dir }}"
+    build: false
diff --git a/tasks/portainer.yml → legacy/ansible/portainer.yml b/tasks/portainer.yml → legacy/ansible/portainer.yml
diff --git a/legacy/ansible/ufw.yml b/legacy/ansible/ufw.yml
@@ -0,0 +1,58 @@
+---
+- set_fact:
+    external_iface_list:
+      - eth0
+      - wlan0
+    allow_tcp_ports:
+      - 80
+      - 443
+      - 22
+      - 53
+      - 7359
+      - 1900
+    allow_udp_ports:
+      - 53
+      - 67
+
+- block:
+  # https://github.com/moby/moby/issues/4737#issuecomment-419705925
+  - name: Append custom rules in /etc/ufw/after.rules
+    blockinfile:
+      dest: /etc/ufw/after.rules
+      block: "{{ lookup('template', 'templates/override_ufw_rules.j2' ) }}"
+      marker: "#{mark} ANSIBLE MANAGED BLOCK"
+
+  - name: Set DEFAULT_FORWARD_POLICY=DROP in /etc/default/ufw
+    lineinfile:
+      path: /etc/default/ufw
+      regexp: '^DEFAULT_FORWARD_POLICY(.*)$'
+      line: 'DEFAULT_FORWARD_POLICY="DROP"'
+      backup: yes
+      backrefs: yes
+
+  - name: Set IPV6=no in /etc/default/ufw
+    lineinfile:
+      path: /etc/default/ufw
+      regexp: '^IPV6=(.*)$'
+      line: 'IPV6=no'
+      backup: yes
+      backrefs: yes
+
+  - name: Allow selected tcp ports
+    ufw:
+      rule: allow
+      port: "{{ item }}"
+      proto: tcp
+    with_items: "{{ allow_tcp_ports }}"
+
+  - name: Allow selected udp ports
+    ufw:
+      rule: allow
+      port: "{{ item }}"
+      proto: udp
+    with_items: "{{ allow_udp_ports }}"
+
+  - name: Enable ufw
+    ufw:
+      state: enabled
+  become: yes