services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

move to project lifecycle structure

Browse Source
This commit is contained in:
Reese Wells
2024-07-21 02:20:48 -04:00
parent fd1fde499d
commit e6aff894e8
121 changed files with 6234 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
systemd/graduated/ddns/README.md Normal file
View File

@@ -0,0 +1,14 @@
# DDNS Service
Since we occasionally need an ipv4 address we'll make one.
This creates and keeps updated `ipv4.reeselink.com`.
This requires the aws cli to be installed on each node with credentials that can modify
records in route53.
<https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html>
```bash
ansible-playbook -i ansible/inventory.yaml ddns/install_ddns.yaml
```

5
systemd/graduated/ddns/ddns.service Normal file
View File

@@ -0,0 +1,5 @@
[Unit]
Description=Updates the IPv4 records with the current public IPV4 address
[Service]
ExecStart=/usr/local/scripts/ddns.sh

20
systemd/graduated/ddns/ddns.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
# Get public IP address (there are many ways to do it, I picked this way)
PUBLIC_IP=$(curl -4 ifconfig.me)
# Update reeselink records
cat /etc/ddns/reeselink_record_template.json \
| jq '.Changes[0].ResourceRecordSet.ResourceRecords[0].Value = "'$PUBLIC_IP'"' \
> /etc/ddns/reeselink_record.json
# Update reeseapps records
cat /etc/ddns/reeseapps_record_template.json \
| jq '.Changes[].ResourceRecordSet.ResourceRecords[0].Value = "'$PUBLIC_IP'"' \
> /etc/ddns/reeseapps_record.json
# Update reeselink records
aws route53 change-resource-record-sets --hosted-zone-id Z0092652G7L97DSINN18 --change-batch file:///etc/ddns/reeselink_record.json
# Update reeseapps records
aws route53 change-resource-record-sets --hosted-zone-id Z012820733346FJ0U4FUF --change-batch file:///etc/ddns/reeseapps_record.json

11
systemd/graduated/ddns/ddns.timer Normal file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=Run ddns service every hour
[Timer]
OnCalendar=hourly
AccuracySec=10min
Persistent=true
Unit=ddns.service
[Install]
WantedBy=timers.target

63
systemd/graduated/ddns/install_ddns.yaml Normal file
View File

@@ -0,0 +1,63 @@
- name: Update nginx stream configuration
hosts: yellow
vars_files:
- vars.yaml
tasks:
- name: Ensure moreutils, jq is installed
ansible.builtin.dnf:
name:
- moreutils
- jq
state: present
- name: Create /usr/local/scripts dir
ansible.builtin.file:
path: /usr/local/scripts
state: directory
mode: '0755'
- name: Copy ddns.sh
template:
src: ddns.sh
dest: /usr/local/scripts/ddns.sh
owner: root
group: root
mode: '0755'
- name: Create /etc/ddns dir
ansible.builtin.file:
path: /etc/ddns
state: directory
mode: '0755'
- name: Copy reeseapps_record_template.json
template:
src: reeseapps_record_template.json
dest: /etc/ddns/reeseapps_record_template.json
owner: root
group: root
mode: '0644'
- name: Copy reeselink_record_template.json
template:
src: reeselink_record_template.json
dest: /etc/ddns/reeselink_record_template.json
owner: root
group: root
mode: '0644'
- name: Copy ddns.service
template:
src: ddns.service
dest: /etc/systemd/system/ddns.service
owner: root
group: root
mode: '0644'
- name: Copy ddns.timer
template:
src: ddns.timer
dest: /etc/systemd/system/ddns.timer
owner: root
group: root
mode: '0644'
- name: Run ddns script
ansible.builtin.shell: /usr/local/scripts/ddns.sh
- name: Reload ddns timer
ansible.builtin.systemd_service:
state: restarted
name: ddns.timer
enabled: true

96
systemd/graduated/ddns/reeseapps_record_template.json Normal file
View File

@@ -0,0 +1,96 @@
{
"Comment": "Update Public IPV4 Address",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "homeassistant.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "nextcloud.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "gitea.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "git.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "jellyfin.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "snapdrop.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "unifi.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
}
]
}

18
systemd/graduated/ddns/reeselink_record_template.json Normal file
View File

@@ -0,0 +1,18 @@
{
"Comment": "Update Public IPV4 Address",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "ipv4.reeselink.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
}
]
}

0
systemd/graduated/ddns/vars.yaml Normal file
View File

24
systemd/graduated/ipv4-proxy/README.md Normal file
View File

@@ -0,0 +1,24 @@
# IPv4 Proxy
This project aims to serve those without an IPv6 ISP by forwarding IPv4 requests to the
correct destination. This is accomplished by SSL preread and port mapping. This service
is intended only for publicly accessible services.
## DDNS
This project pairs with the ddns service. Set that up first!
## Updating IPv4 Proxy Records
1. In `ddns` create a new record in the `reeseapps_record_template.json`
2. Apply the new record with ansible
3. Update `vars.yaml` in this project
4. Run the following ansible script:
```bash
ansible-playbook -i ansible/inventory.yaml ipv4-proxy/nginx.yaml
```
## Logging
You can tail all the nginx logs with `ssh yellow 'tail -f /var/log/nginx/*.log'`

53
systemd/graduated/ipv4-proxy/nginx.conf Normal file
View File

@@ -0,0 +1,53 @@
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;
worker_processes auto;
events {
worker_connections 1024;
}
stream {
log_format ssl '| Remote Addr: $remote_addr:$server_port | SSL Preread: $ssl_preread_server_name | Forward: $map_forward_ssl | $time_local | $protocol | $status | $bytes_sent | $bytes_received | $session_time |';
log_format port '| Remote Addr: $remote_addr:$server_port | SSL Preread: $ssl_preread_server_name | Forward: $map_forward_port | $time_local | $protocol | $status | $bytes_sent | $bytes_received | $session_time |';
# Map all SSL parsed server names to hosts
map $ssl_preread_server_name $map_forward_ssl {
{% for item in stream_ssl %}
{{ item.external.domain }} {{ item.internal.domain }}:{{ item.internal.port }};
{% endfor %}
}
server {
access_log /var/log/nginx/nginx_stream_access.log ssl;
error_log /var/log/nginx/nginx_stream_error.log warn;
listen 443;
proxy_pass $map_forward_ssl;
ssl_preread on;
proxy_socket_keepalive on;
resolver 10.1.0.1;
}
map $server_port $map_forward_port {
{% for item in stream_ports %}
{{ item.external }} {{ item.internal }};
{% endfor %}
}
server {
{% for item in stream_ports %}
listen {{ item.external }};
{% endfor %}
access_log /var/log/nginx/nginx_stream_access.log port;
error_log /var/log/nginx/nginx_stream_error.log warn;
listen 443;
proxy_pass $map_forward_port;
proxy_socket_keepalive on;
resolver 10.1.0.1;
}
}

42
systemd/graduated/ipv4-proxy/nginx.yaml Normal file
View File

@@ -0,0 +1,42 @@
- name: Update nginx stream configuration
hosts: yellow
vars_files:
- vars.yaml
tasks:
- name: Ensure nginx, certbot, and nginx-mod-stream are installed
ansible.builtin.dnf:
name:
- nginx
- nginx-mod-stream
state: present
- name: Remove http.d dir before repopulating
file:
path: /etc/nginx/http.d/
state: absent
- name: Remove stream.d dir before repopulating
file:
path: /etc/nginx/stream.d/
state: absent
- name: Create stream.d dir
ansible.builtin.file:
path: /etc/nginx/stream.d
state: directory
mode: '0755'
- name: Template nginx.conf
template:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
- name: Test nginx configuration
ansible.builtin.shell: /usr/sbin/nginx -t
- name: Stop nginx service
ansible.builtin.systemd_service:
state: stopped
name: nginx
- name: Reload nginx service
ansible.builtin.systemd_service:
state: started
name: nginx
enabled: true

37
systemd/graduated/ipv4-proxy/vars.yaml Normal file
View File

@@ -0,0 +1,37 @@
stream_ssl:
- external:
domain: homeassistant.reeseapps.com
internal:
domain: homeassistant.reeselink.com
port: 443
protocol: https
- external:
domain: gitea.reeseapps.com
internal:
domain: ingress-nginx.reeselink.com
port: 443
protocol: https
- external:
domain: nextcloud.reeseapps.com
internal:
domain: nextcloud.reeselink.com
port: 443
protocol: https
- external:
domain: jellyfin.reeseapps.com
internal:
domain: ingress-nginx.reeselink.com
port: 443
protocol: https
- external:
domain: snapdrop.reeseapps.com
internal:
domain: ingress-nginx.reeselink.com
port: 443
protocol: https
stream_ports:
- external: 2222
internal: git.reeselink.com:22
- external: 3478
internal: nextcloud.reeselink.com:3478

15
systemd/graduated/unifi-server/README.md Normal file
View File

@@ -0,0 +1,15 @@
# Unifi Server
<https://help.ui.com/hc/en-us/articles/220066768-Updating-and-Installing-Self-Hosted-UniFi-Network-Servers-Linux>
## Install
```bash
apt-get update && apt-get install ca-certificates apt-transport-https
echo 'deb [ arch=amd64,arm64 ] https://www.ui.com/downloads/unifi/debian stable ubiquiti' | tee /etc/apt/sources.list.d/100-ubnt-unifi.list
wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg
wget -qO - https://www.mongodb.org/static/pgp/server-3.6.asc | apt-key add -
echo "deb [trusted=yes] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/3.6 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-3.6.list
apt-get update
apt-get update && apt-get install unifi -y
```