kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
802a4d1ba0f57d7b6beeb253d6170b2e5961c0ad
EZ-Homelab/.env.example
kelin 44b529a7cb feat: Add Option 3 - Deploy Additional Server with multi-server support 
Major features:
- Automated SSH key setup between remote and core servers
- Docker TLS configuration with shared CA certificates
- Automatic deployment of Dockge, Traefik, Sablier, and Infrastructure stacks
- Copy all stacks (except core) to remote server for on-demand deployment
- New standalone Traefik stack for remote server container discovery
- Locale-aware SSH/SCP commands to handle Raspberry Pi warnings
- Variable expansion support in .env files (${VAR} references)
- Comprehensive error handling and verbose deployment logging

Technical improvements:
- setup_ssh_key_to_core() - Automated RSA 4096-bit key generation and installation
- setup_multi_server_tls() - Fetch shared CA from core server via SSH
- copy_all_stacks_for_remote() - Deploy all stacks except core
- deploy_traefik_stack() - Local Traefik for container discovery
- Enhanced localization with envsubst support
- Docker network creation (traefik-network, homelab-network)
- Password authentication with special character handling

Fixes:
- Fixed SSH key path handling for non-root users
- Fixed SCP exit code checking (was checking grep instead of scp)
- Fixed CA file detection with proper test commands
- Removed unnecessary prepare_deployment() function call
- Added ACTUAL_USER variable initialization for remote deployments
2026-02-06 22:00:25 -05:00

149 lines
4.5 KiB
Plaintext
Raw Blame History

# EZ-Homelab .env template file - Copy to .env and fill in your values
# ################################
# #### REQUIRED CONFIGURATION ####
# User and Group IDs for file permissions (get with: id -u and id -g)
PUID=1000
PGID=1000
TZ=America/New_York
# Servers configuration
SERVER_IP=192.168.1.100 # This server
SERVER_HOSTNAME=debian
# Domain Configuration
DUCKDNS_SUBDOMAINS=yourdomain # Without .duckdns.org
DUCKDNS_TOKEN=your-duckdns-token
DOMAIN=${DUCKDNS_SUBDOMAINS}.duckdns.org
# Default credentials (used by multiple services for easier setup)
DEFAULT_USER=admin
DEFAULT_PASSWORD=changeme
DEFAULT_EMAIL=admin@example.com
# FOLDER PATHS
USERDIR=/opt/stacks # all docker-compose stacks
MEDIADIR=/mnt/media # Large media files on separate drive
DOWNLOADDIR=/mnt/downloads # Downloads on separate drive
PROJECTDIR=~/projects # User's projects folder
# If selecting option 3: Deploy Additional Server
# the CORE_SERVER is where the Core Traefik is running
CORE_SERVER_IP=192.168.1.101
CORE_SERVER_HOSTNAME=debian2
CORE_SERVER_USER=${DEFAULT_USER}
CORE_SERVER_PASSWORD=${DEFAULT_PASSWORD}
# ##########################################
# #### NOTEABLE OPTIONAL CONFIGURATIONS ####
# Surfshark OpenVPN (RECOMMENDED)
# Wireguard options are below and commented out
SURFSHARK_USERNAME=your-surfshark-username
SURFSHARK_PASSWORD=your-surfshark-password
VPN_SERVER_COUNTRIES=Netherlands # Preferred VPN server location
# Email credentials for services that need SMTP
SMTP_EMAIL_PASSWORD=your-email-app-password
SMTP_EMAIL_SERVER=smtp.gmail.com # change if not using Gmail
SMTP_EMAIL_PORT=587
SMTP_EMAIL_FROM=${DEFAULT_EMAIL}
SMTP_EMAIL_SECURITY=starttls
# ACME Email for Let's Encrypt certificates
ACME_EMAIL=${DEFAULT_EMAIL}
# Authelia Admin Account
# These 4 Used by ez-homelab.sh for easy deployment
# Not used by the Authelia container directly
ADMIN_EMAIL=${DEFAULT_EMAIL} # Used for admin user account
AUTHELIA_ADMIN_USER=${DEFAULT_USER}
AUTHELIA_ADMIN_EMAIL=${DEFAULT_EMAIL}
AUTHELIA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
AUTHELIA_ADMIN_PASSWORD_HASH=generate-with-openssl-rand-hex-64
# SMTP for Authelia Notifications
SMTP_USERNAME=${SMTP_EMAIL_FROM}
SMTP_PASSWORD=${SMTP_EMAIL_PASSWORD}
# Let ez-homelab.sh generate these 3 unless you know what your doing
AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64
AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64
AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
# Surfshark WireGuard (OPTIONAL - Advanced users only)
# Get WireGuard details from Surfshark dashboard
# SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
# SURFSHARK_ADDRESSES=10.14.0.2/16
# What domains Homepage will accept requests from
# comma separated list NO SPACES!!!
HOMEPAGE_ALLOWED_HOSTS=homepage.${DOMAIN},${SERVER_IP}:3003
# #######################################
# #### OTHER OPTIONAL CONFIGURATIONS ####
# BookStack
BOOKSTACK_DB_PASSWORD=${DEFAULT_PASSWORD}
BOOKSTACK_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
# DATABASES - GENERAL
POSTGRES_USER=${DEFAULT_USER}
POSTGRES_PASSWORD=${DEFAULT_PASSWORD}
POSTGRES_DB=homelab
PGADMIN_EMAIL=${DEFAULT_EMAIL}
PGADMIN_PASSWORD=${DEFAULT_PASSWORD}
# Form.io
FORMIO_JWT_SECRET=${DEFAULT_PASSWORD}
FORMIO_DB_SECRET=${DEFAULT_PASSWORD}
# Gitea
GITEA_DB_PASSWORD=${DEFAULT_PASSWORD}
# GRAFANA
GRAFANA_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
# Jupyter Notebook
JUPYTER_TOKEN=${DEFAULT_PASSWORD}
# MediaWiki
MEDIAWIKI_DB_PASSWORD=${DEFAULT_PASSWORD}
MEDIAWIKI_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
# Nextcloud
NEXTCLOUD_ADMIN_USER=${DEFAULT_USER}
NEXTCLOUD_ADMIN_PASSWORD=${DEFAULT_PASSWORD}
NEXTCLOUD_DB_PASSWORD=${DEFAULT_PASSWORD}
NEXTCLOUD_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
# Pi-hole
PIHOLE_PASSWORD=${DEFAULT_PASSWORD}
# qBittorrent
QBITTORRENT_USER=admin
QBITTORRENT_PASS=${DEFAULT_PASSWORD}
# Vaultwarden
BITWARDEN_ADMIN_TOKEN=${DEFAULT_PASSWORD}
BITWARDEN_INVITATIONS_ALLOWED=true
SMTP_HOST=${SMTP_EMAIL_SERVER}
SMTP_FROM=${SMTP_EMAIL_FROM}
SMTP_PORT=${SMTP_EMAIL_PORT}
SMTP_SECURITY=${SMTP_EMAIL_SECURITY}
# #### IMPORTANT ****************************
# #### SET TO FALSE AFTER CREATING USERS ####
BITWARDEN_SIGNUPS_ALLOWED=true
# VS Code Server
CODE_SERVER_PASSWORD=${DEFAULT_PASSWORD}
CODE_SERVER_SUDO_PASSWORD=${DEFAULT_PASSWORD}
# Watchtower Notifications (optional)
# WATCHTOWER_NOTIFICATION_URL=
# WordPress
WORDPRESS_DB_PASSWORD=${DEFAULT_PASSWORD}
WORDPRESS_DB_ROOT_PASSWORD=${DEFAULT_PASSWORD}
Reference in New Issue View Git Blame Copy Permalink