feat: Complete EZ-Homelab deployment system overhaul
- Add unified ez-homelab.sh script with guided menu interface - Create dedicated Dockge stack in /opt/dockge for clean isolation - Move dockerproxy from core to infrastructure stack - Fix Authelia configuration with proper variable placeholders - Update all compose files to use variables - Enhance script with comprehensive variable replacement - Fix sed delimiter conflicts and middleware issues - Add proper step numbering and error handling - Prepare all stacks for Dockge management - Update README with new deployment instructions
This commit is contained in:
EZ-Homelab
@@ -1,6 +1,6 @@
|
||||
# Authelia Configuration
|
||||
# Copy to /opt/stacks/authelia/configuration.yml
|
||||
# IMPORTANT: Replace 'kelin-casa.duckdns.org' with your actual DuckDNS domain
|
||||
# IMPORTANT: Replace '${DOMAIN}' with your actual DuckDNS domain
|
||||
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
@@ -13,10 +13,10 @@ theme: dark
|
||||
|
||||
jwt_secret: ${AUTHELIA_JWT_SECRET}
|
||||
|
||||
default_redirection_url: https://auth.kelin-casa.duckdns.org
|
||||
default_redirection_url: https://auth.${DOMAIN}
|
||||
|
||||
totp:
|
||||
issuer: kelin-casa.duckdns.org
|
||||
issuer: ${DOMAIN}
|
||||
period: 30
|
||||
skew: 1
|
||||
|
||||
@@ -36,31 +36,31 @@ access_control:
|
||||
|
||||
rules:
|
||||
# Bypass Authelia for Jellyfin (allow app access)
|
||||
- domain: jellyfin.kelin-casa.duckdns.org
|
||||
- domain: jellyfin.${DOMAIN}
|
||||
policy: bypass
|
||||
|
||||
# Bypass for Plex (allow app access)
|
||||
- domain: plex.kelin-casa.duckdns.org
|
||||
- domain: plex.${DOMAIN}
|
||||
policy: bypass
|
||||
|
||||
# Bypass for Home Assistant (has its own auth)
|
||||
- domain: ha.kelin-casa.duckdns.org
|
||||
- domain: ha.${DOMAIN}
|
||||
policy: bypass
|
||||
|
||||
# Bypass for development services (they have their own auth or setup)
|
||||
- domain: pgadmin.kelin-casa.duckdns.org
|
||||
- domain: pgadmin.${DOMAIN}
|
||||
policy: bypass
|
||||
- domain: gitlab.kelin-casa.duckdns.org
|
||||
- domain: gitlab.${DOMAIN}
|
||||
policy: bypass
|
||||
|
||||
# Protected: All other services require authentication
|
||||
- domain: "*.kelin-casa.duckdns.org"
|
||||
- domain: "*.${DOMAIN}"
|
||||
policy: one_factor
|
||||
|
||||
# Two-factor for admin services (optional)
|
||||
# - domain:
|
||||
# - "admin.kelin-casa.duckdns.org"
|
||||
# - "portainer.kelin-casa.duckdns.org"
|
||||
# - "admin.${DOMAIN}"
|
||||
# - "portainer.${DOMAIN}"
|
||||
# policy: two_factor
|
||||
|
||||
session:
|
||||
@@ -69,7 +69,7 @@ session:
|
||||
expiration: 24h # Session expires after 24 hours
|
||||
inactivity: 24h # Session expires after 24 hours of inactivity
|
||||
remember_me_duration: 1M
|
||||
domain: kelin-casa.duckdns.org
|
||||
domain: ${DOMAIN}
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
|
||||
@@ -73,25 +73,6 @@ services:
|
||||
- traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
|
||||
- x-dockge.url=https://auth.${DOMAIN}
|
||||
|
||||
dockerproxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
container_name: dockerproxy
|
||||
privileged: true
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 2375:2375
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
- SERVICES=1
|
||||
- TASKS=1
|
||||
- NETWORKS=1
|
||||
- NODES=1
|
||||
labels:
|
||||
- homelab.category=infrastructure
|
||||
- homelab.description=Docker socket proxy for security
|
||||
|
||||
# Sablier - Lazy loading service for Docker containers
|
||||
sablier-service:
|
||||
image: sablierapp/sablier:latest
|
||||
|
||||
@@ -25,7 +25,6 @@ services:
|
||||
networks:
|
||||
- homelab-network
|
||||
- traefik-network
|
||||
- dockerproxy-network
|
||||
volumes:
|
||||
- ./homepage:/app/config
|
||||
- /var/run/docker.sock:/var/run/docker.sock # For Docker integration do not mount RO
|
||||
@@ -86,5 +85,3 @@ networks:
|
||||
external: true
|
||||
traefik-network:
|
||||
external: true
|
||||
dockerproxy-network:
|
||||
external: true
|
||||
|
||||
51
docker-compose/dockge/docker-compose.yml
Normal file
51
docker-compose/dockge/docker-compose.yml
Normal file
@@ -0,0 +1,51 @@
|
||||
# Dockge Stack
|
||||
# Docker Compose Stack Manager
|
||||
# Place in /opt/dockge/docker-compose.yml
|
||||
|
||||
# Service Access URLs:
|
||||
# - Dockge: https://dockge.${DOMAIN}
|
||||
|
||||
services:
|
||||
# Dockge - Docker Compose Stack Manager (PRIMARY - preferred over Portainer)
|
||||
# Access at: https://dockge.${DOMAIN}
|
||||
dockge:
|
||||
image: louislam/dockge:1
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 256M
|
||||
pids: 512
|
||||
reservations:
|
||||
cpus: '0.25'
|
||||
memory: 128M
|
||||
container_name: dockge
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- homelab-network
|
||||
- traefik-network
|
||||
ports:
|
||||
- "5001:5001" # Optional: direct access
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /opt/stacks:/opt/stacks # Dockge manages stacks in this directory
|
||||
- ./data:/app/data
|
||||
environment:
|
||||
- DOCKGE_STACKS_DIR=/opt/stacks
|
||||
- DOCKGE_ENABLE_CONSOLE=true
|
||||
labels:
|
||||
- "homelab.category=infrastructure"
|
||||
- "homelab.description=Docker Compose stack manager (PRIMARY)"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)"
|
||||
- "traefik.http.routers.dockge.entrypoints=websecure"
|
||||
- "traefik.http.routers.dockge.tls=true"
|
||||
- "traefik.http.routers.dockge.middlewares=authelia@docker"
|
||||
- "traefik.http.services.dockge.loadbalancer.server.port=5001"
|
||||
- "x-dockge.url=https://dockge.${DOMAIN}"
|
||||
|
||||
networks:
|
||||
homelab-network:
|
||||
external: true
|
||||
traefik-network:
|
||||
external: true
|
||||
@@ -5,7 +5,6 @@
|
||||
# See /opt/stacks/traefik/, /opt/stacks/authelia/, etc.
|
||||
|
||||
# Service Access URLs:
|
||||
# - Dockge: https://dockge.${DOMAIN}
|
||||
# - Portainer: https://portainer.${DOMAIN}
|
||||
# - Pi-hole: https://pihole.${DOMAIN}
|
||||
# - Dozzle: https://dozzle.${DOMAIN}
|
||||
@@ -13,43 +12,24 @@
|
||||
# - Netdata: https://netdata.${DOMAIN}
|
||||
|
||||
services:
|
||||
# Dockge - Docker Compose Stack Manager (PRIMARY - preferred over Portainer)
|
||||
# Access at: https://dockge.${DOMAIN}
|
||||
dockge:
|
||||
image: louislam/dockge:1
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 256M
|
||||
pids: 512
|
||||
reservations:
|
||||
cpus: '0.25'
|
||||
memory: 128M
|
||||
container_name: dockge
|
||||
dockerproxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
container_name: dockerproxy
|
||||
privileged: true
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- homelab-network
|
||||
- traefik-network
|
||||
ports:
|
||||
- "5001:5001" # Optional: direct access
|
||||
- 2375:2375
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /opt/stacks:/opt/stacks # Dockge manages stacks in this directory
|
||||
- /opt/dockge/data:/app/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- DOCKGE_STACKS_DIR=/opt/stacks
|
||||
- DOCKGE_ENABLE_CONSOLE=true
|
||||
- CONTAINERS=1
|
||||
- SERVICES=1
|
||||
- TASKS=1
|
||||
- NETWORKS=1
|
||||
- NODES=1
|
||||
labels:
|
||||
- "homelab.category=infrastructure"
|
||||
- "homelab.description=Docker Compose stack manager (PRIMARY)"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)"
|
||||
- "traefik.http.routers.dockge.entrypoints=websecure"
|
||||
- "traefik.http.routers.dockge.tls=true"
|
||||
- "traefik.http.routers.dockge.middlewares=authelia@docker"
|
||||
- "traefik.http.services.dockge.loadbalancer.server.port=5001"
|
||||
- "x-dockge.url=https://dockge.${DOMAIN}"
|
||||
- homelab.category=infrastructure
|
||||
- homelab.description=Docker socket proxy for security
|
||||
|
||||
# Pi-hole - Network-wide ad blocker and DNS server
|
||||
# Access at: https://pihole.${DOMAIN}
|
||||
@@ -160,28 +140,6 @@ services:
|
||||
- "traefik.http.routers.dozzle.middlewares=authelia@docker"
|
||||
- "traefik.http.services.dozzle.loadbalancer.server.port=8080"
|
||||
|
||||
# Docker Proxy - Socket proxy for security
|
||||
# Used by services that need Docker socket access
|
||||
dockerproxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
container_name: dockerproxy
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- dockerproxy-network
|
||||
ports:
|
||||
- "127.0.0.1:2375:2375"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
- SERVICES=1
|
||||
- TASKS=1
|
||||
- NETWORKS=1
|
||||
- NODES=1
|
||||
labels:
|
||||
- "homelab.category=infrastructure"
|
||||
- "homelab.description=Docker socket proxy for security"
|
||||
|
||||
# Glances - System monitoring
|
||||
# Access at: https://glances.${DOMAIN}
|
||||
glances:
|
||||
@@ -259,5 +217,3 @@ networks:
|
||||
external: true
|
||||
traefik-network:
|
||||
external: true
|
||||
dockerproxy-network:
|
||||
external: true
|
||||
|
||||
Reference in New Issue
Block a user