# Containerized Home Server This repo is used to deploy the containers for the home server infrastructure. If you want to move infrastructure to another host you have to install docker and docker-compose at first. ## Requirements ### Docker [Offical docker installation guide for ubuntu](https://docs.docker.com/engine/install/ubuntu/) To be able to use this repo, you must have running system with a running docker instance. Installing docker on ubuntu: ```` sudo apt update && sudo apt upgrade sudo apt install ca-certificates curl gnupg lsb-release ```` Next docker's GPG key must be added to repo list: ``curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg`` To setup the stable repostiory: ```` echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null ```` Now docker engine can be installed: ```` sudo apt- update sudo apt install docker-ce docker-ce-cli containerd.io ```` ### Networking with macvlan To expose containers to the local network a macvlan can be used. Containers that are attached to this network can not be reached from the host system. To be able to reach these containers from the host, a second bridge has to be created and traffic must be routed to this network. * Network-Adapter of host: ``enp3s0`` * Name of the network bridge: ``docker-bridge`` * Free IP address of subnet out of dhcp range: ``192.168.178.19`` ```` ip link add docker-bridge link enp3s0 type macvlan mode bridge ip addr add 192.168.178.19/32 dev docker-bridge ip link set docker-bridge up ip route add 192.168.178.0/24 dev docker-bridge ```` ### IPv6 networking IPv6 is not enabled by default in docker networking. If you don't want to disable the complete IPv6 networking stack in your routers configuration and use pihole or unbound, IPv6 has to be enabled. Configuration is a bit tricky, and there might be better possibilities to get the stack running. #### Determine data that has to be used: * Private IPv6 prefix of home network \ ``Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> IPv6 Präfix des Heimnetz`` * Unique local address of router \ ``Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> Unique Local Address der Fritz!Box`` * Unique local address prefix (ULA) \ ``Usually the first 64 bits of routers address`` #### Docker settings Edit or create ``/etc/docker/daemon.json`` and use the private IPv6 prefix of home network ```` { "ipv6": true, "fixed-cidr-v6": "2a02:8070:c3b6:2b00::/64" } ```` Then do a docker restart ``sudo systemctl restart docker``. Reloading was not successful in my setup. #### Docker networking For the macvlan use the router as gateway and the correct subnet. Select an IP range that has a longer Prefix for the network. If the prefix is as long as the ULA prefix, there is no chance to build up a second macvlan network. ```` networks: home: external: false driver: macvlan enable_ipv6: true driver_opts: parent: enp2s0 ipam: config: - subnet: 192.168.178.0/24 gateway: 192.168.178.1 ip_range: 192.168.178.2/30 # .2 and .3 - subnet: fd00::/64 gateway: fd00::de15:c8ff:feec:9960 ip_range: fd00::1/80 name: home ```` ### SQLite3 Vaultwarden stores data in a sqlite database. To view data sqlite3 should be installed. ```` sudo apt install sqlite3 ```` ## Components and structure The root's docker-compose is used to install common components like databases and traefik. Subdirectories are used to structure and keep components independent. You have to run the common part, after that you can run single components. ### Common - traefik 2 - portainer - mysql 8 - postgresql 14 - redis ### Development - gitea: Version control - kimai: Time tracking - nginx: Reverse proxy for kimai ### Networking - pihole - unbound - wireguard - smokeping: Not used at the moment - netdata: Not used at the moment ### Nextcloud - nextcloud-fpm - nginx ### Vault - vaultwarden ### VPN - wireguard: Not working at the moment ### Wiki - bookstack