kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c8f128eaf37f68a053c78c4d3a3873c908e849e
EZ-Homelab/docs/automated-setup.md
kelinfoxy 5cbb106160 Add multi-server support and update docs 
Introduce multi-server architecture documentation and reorganize README content. Top-level README now documents Core vs Remote server roles, links to local docs instead of wiki pages, and highlights Traefik/Sablier multi-server behavior. docker-compose/README.md was rewritten to be a template-style reference with single- and multi-server deployment guidance, Traefik label examples, and sablier usage; dockge README was moved into docker-compose/dockge/. docker-compose/core/README.md was updated to describe core responsibilities, shared CA artifacts, and startup order for multi-server deployments. Several obsolete/duplicated docs and action reports were removed and a new multi-server deployment doc was added to centralize on-demand/remote service guidance. Overall this cleans up legacy docs and documents the multi-server workflow and TLS/shared-CA requirements.
2026-02-05 22:30:52 -05:00

179 lines
6.7 KiB
Markdown
Raw Blame History

# Automated Setup (Recommended)
For most users, the automated setup script handles everything from system preparation to deployment.
## Prerequisites
- **Fresh Debian/Ubuntu server** (or existing system)
- **Root/sudo access**
- **Internet connection**
- **Ports 80 and 443 forwarded** from your router to your **core server only** (required for SSL certificates)
- **VS Code with GitHub Copilot** (for AI assistance)
**Note**: For multi-server setups, only the core server needs ports forwarded. Remote servers connect via Docker TLS (port 2376).
## Simple Setup
1. **Connect to your server** via SSH
>Tip: Use VS Code on your local machine to ssh
in to your server for the easiest install!
2. **Install git if needed**
```bash
sudo apt update && sudo apt upgrade -y && sudo apt install git
```
3. **Clone the repository**:
```bash
git clone https://github.com/kelinfoxy/EZ-Homelab.git
cd EZ-Homelab
```
4. **Configure environment**:
```bash
cp .env.example .env
nano .env # Edit with your domain and tokens
```
**Required variables in .env:**
- `DOMAIN` - Your DuckDNS domain (e.g., yourdomain.duckdns.org)
- `DUCKDNS_TOKEN` - Your DuckDNS token from [duckdns.org](https://www.duckdns.org/)
- `ACME_EMAIL` - Your email for Let's Encrypt certificates
- `SURFSHARK_USERNAME` and `SURFSHARK_PASSWORD` - If using VPN
**Note:** The `.env` file stays in the repository folder (`~/EZ-Homelab/.env`). The deploy script copies it to stack directories automatically. Authelia secrets (JWT, session, encryption key) are auto-generated by the setup script - leave them with default values for now.
5. **Run the unified setup script:**
```bash
./scripts/ez-homelab.sh
```
The script will guide you through:
- System preparation (if needed)
- Domain and credential configuration
- Service stack selection
- Authelia secrets generation
- SSL certificate setup
- Service deployment
**Note:** Certificate generation may take 2-5 minutes. All services will use the wildcard certificate automatically.
**Login credentials:**
- Username: `admin` (default username - or the custom username you specified during setup)
- Password: The secure password you created when prompted by the setup script
**That's it!** Your homelab is ready.
**Access Dockge at `https://dockge.yourdomain.duckdns.org`**
## Multi-Server Setup
To deploy services across multiple servers (e.g., Raspberry Pi, mini PCs):
### Core Server Setup (First)
1. Follow the main setup above (steps 1-5)
2. This server gets ports 80/443 forwarded from your router
3. This server generates the shared CA for Docker TLS communication
### Remote Server Setup (After Core)
1. **Clone repository on remote server**:
```bash
git clone https://github.com/kelinfoxy/EZ-Homelab.git
cd EZ-Homelab
```
2. **Copy `.env` from core server**:
```bash
# On core server
cd ~/EZ-Homelab
cat .env # Copy the contents
# On remote server
nano ~/EZ-Homelab/.env # Paste and save
```
3. **Run setup with Infrastructure-Only option**:
```bash
./scripts/ez-homelab.sh
# Select option 3: "Deploy Infrastructure Only (Remote Server)"
```
4. **When prompted, provide core server IP** for CA import
5. **Script automatically**:
- Copies shared CA from core server via SSH
- Configures Docker TLS with shared certificates
- Generates server certificates signed by shared CA
- Sets up Docker daemon for TLS on port 2376
- Deploys Traefik for local container discovery
- Deploys Sablier for local lazy loading
### What Gets Deployed Where
| Component | Core Server | Remote Servers |
|-----------|-------------|----------------|
| DuckDNS | ✅ Yes | ❌ No |
| Authelia | ✅ Yes | ❌ No |
| Traefik | ✅ Yes (multi-provider) | ✅ Yes (local only) |
| Sablier | ✅ Yes (own stack) | ✅ Yes (own stack) |
| Dockge | ✅ Yes | ✅ Yes |
| Services | ✅ Any | ✅ Any |
### Architecture Benefits
- **Single Domain**: All services accessible via core server's domain
- **No Port Forwarding**: Remote servers don't need router configuration
- **Automatic Discovery**: Core Traefik finds services on all servers
- **Local Control**: Each Sablier manages its own server's containers
- **Secure Communication**: All inter-server traffic uses TLS encryption
### Troubleshooting Multi-Server Setup
If remote server setup fails:
1. **Check SSH access** from remote to core server
2. **Verify firewall** allows port 2376 on remote servers
3. **Test TLS connection** from core:
```bash
cd /opt/stacks/core/shared-ca
docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem \
--tlskey=key.pem --host=tcp://REMOTE_IP:2376 ps
```
4. **Check logs**: See setup script output for specific errors
## What the Unified Setup Script Does
The `ez-homelab.sh` script is a comprehensive guided setup and deployment tool:
**System Preparation (when needed):**
- ✅ Pre-flight checks (internet connectivity, disk space 50GB+)
- ✅ Updates system packages
- ✅ Installs required packages (git, curl, etc.)
- ✅ Installs Docker Engine + Compose V2 (if not present)
- ✅ Configures user permissions (docker, sudo groups)
- ✅ Sets up firewall (UFW with SSH, HTTP, HTTPS)
- ✅ Enables SSH server
**Interactive Configuration:**
- ✅ Guides through domain setup (DuckDNS)
- ✅ Prompts for admin username, email, and password
- ✅ Generates three cryptographic secrets (JWT, session, encryption)
- ✅ Generates argon2id password hash using Docker (30-60s process)
- ✅ Allows service stack selection
- ✅ Validates Docker is available before operations
**Infrastructure Setup & Deployment:**
- ✅ Creates directory structure (`/opt/stacks/`)
- ✅ Sets up Docker networks (homelab, traefik, dockerproxy, media)
- ✅ Deploys selected service stacks with individual deployment scripts
- ✅ Obtains wildcard SSL certificate (*.yourdomain.duckdns.org)
- ✅ Configures Traefik for multi-server support (if applicable)
- ✅ Generates and distributes TLS certificates for Docker API (multi-server)
- ✅ Detects NVIDIA GPU and offers driver installation
- ✅ Opens Dockge when ready
**Safety Features:**
- Interactive guidance with clear prompts
- Timeout handling (60s for Docker operations)
- Comprehensive error messages with troubleshooting hints
- Safe to re-run (idempotent operations)
- Confirmation prompts for destructive actions
## Release-Specific Notes
- **Current Version**: Production-ready with comprehensive multi-server support
- **Stacks**: Core, Infrastructure, Sablier, and Dashboards deploy automatically
- **Dashboards**: Homepage is preconfigured at `homepage.yourdomain.duckdns.org`
- **Multi-Server**: Use option 3 for remote server infrastructure deployment
- **Modular Deployment**: Individual scripts in `docker-compose/*/deploy-*.sh` called by ez-homelab.sh
Reference in New Issue View Git Blame Copy Permalink