services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

update mesh

Browse Source
This commit is contained in:
Reese Wells
2024-06-24 17:04:36 -04:00
parent b7f93fe41d
commit 4e51d263fb
11 changed files with 54 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -10,6 +10,7 @@ A project to store homelab stuff.
- [Reverse Proxy](#reverse-proxy)
- [Service Mesh](#service-mesh)
- [Data Storage](#data-storage)
- [Order of Operations](#order-of-operations)
- [Components](#components)
- [CoreDNS](#coredns)
- [Metal LB](#metal-lb)
@@ -75,6 +76,13 @@ to the wireguard-assigned IP addresses.
All servers will use ISCSI.
## Order of Operations
1. Establish DNS records (`dns/`, `aws/`, `ddns/`)
2. Create reverse proxy(s) (`nginx/`)
3. Create service mesh (`mesh/`)
4. Install services
## Components
### CoreDNS

5
ansible/inventory.yaml
View File

@@ -13,11 +13,6 @@ colors:
yellow:
nextcloud-aio:
hosts:
nextcloud-aio:
unifi-external:
hosts:
unifi-external:
hardware:

0
wireguard/README.md → mesh/README.md
View File

0
wireguard/interface.yaml → mesh/interface.yaml
View File

0
wireguard/keys.yaml → mesh/keys.yaml
View File

0
wireguard/peers.yaml → mesh/peers.yaml
View File

0
wireguard/vars.yaml → mesh/vars.yaml
View File

5
nginx/https.conf
View File

@@ -8,6 +8,11 @@ server {
}
{% endif %}
{% if item.external.password_protect is defined and item.external.password_protect is sameas true %}
auth_basic "Administrators Area";
auth_basic_user_file /etc/nginx/.htpasswd;
{% endif %}
http2 on;
gzip on;

2
nginx/service/certbot-renew.service
View File

@@ -3,4 +3,4 @@ Description=Certbot Renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew
ExecStart=/usr/bin/certbot renew --dns-route53 -n

4
nginx/vars.yaml
View File

@@ -9,7 +9,9 @@ defaults:
internal_https_port: 443
internal_ipv4_regex:
- "10.1.*"
- "10.10.*"
- "192.168.4.*"
- "192.168.5.*"
- "192.168.6.*"
internal_ipv6_regex:
- "2600:1700:1e6c:a81f.*"
expose_tld: .reeseapps.com

37
podman/README.md
View File

@@ -6,6 +6,7 @@
- [iperf3](#iperf3)
- [pihole](#pihole)
- [Cloudflared](#cloudflared)
- [WG Easy (Deprecated - use Unifi)](#wg-easy-deprecated---use-unifi)
- [Update yellow/orange](#update-yelloworange)
## Notes
@@ -84,6 +85,42 @@ podman run \
compose /compose/cloudflared-compose.yaml
```
### WG Easy (Deprecated - use Unifi)
<https://github.com/wg-easy/wg-easy>
Note, to create PASSWORD_HASH run:
```bash
python -c 'import bcrypt; print(bcrypt.hashpw(b"testpass", bcrypt.gensalt()).decode())'
```
```bash
podman run \
-v ./podman/quadlets:/quadlets \
quay.io/k9withabone/podlet \
-f /quadlets \
-i \
--overwrite \
--wants network-online.target \
--after network-online.target \
--name=wg-easy \
podman run \
-e LANG=en \
-e WG_HOST=wg.reeseapps.com \
-e PORT=51821 \
-e WG_PORT=51820 \
-v wg-easy:/etc/wireguard \
-p 51820:51820/udp \
-p 51822:51821/tcp \
--secret wg_easy_password,type=env,target=PASSWORD_HASH \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--cap-add=NET_RAW \
--restart unless-stopped \
ghcr.io/wg-easy/wg-easy:nightly
```
## Update yellow/orange
```bash