Containerized Home Server
This repo is used to deploy the containers for the home server infrastructure. If you want to move infrastructure to another host you have to install docker and docker-compose at first.
Requirements
Docker
Offical docker installation guide for ubuntu
To be able to use this repo, you must have running system with a running docker instance. Installing docker on ubuntu:
sudo apt update && sudo apt upgrade
sudo apt install ca-certificates curl gnupg lsb-release
Next docker's GPG key must be added to repo list:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
To setup the stable repostiory:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Now docker engine can be installed:
sudo apt- update
sudo apt install docker-ce docker-ce-cli containerd.io
Networking with macvlan
To expose containers to the local network a macvlan can be used. Containers that are attached to this network can not be reached from the host system. To be able to reach these containers from the host, a second bridge has to be created and traffic must be routed to this network.
- Network-Adapter of host:
enp3s0 - Name of the network bridge:
docker-bridge - Free IP address of subnet out of dhcp range:
192.168.178.19
ip link add docker-bridge link enp3s0 type macvlan mode bridge
ip addr add 192.168.178.19/32 dev docker-bridge
ip link set docker-bridge up
ip route add 192.168.178.0/24 dev docker-bridge
IPv6 networking
IPv6 is not enabled by default in docker networking. If you don't want to disable the complete IPv6 networking stack in your routers configuration and use pihole or unbound, IPv6 has to be enabled. Configuration is a bit tricky, and there might be better possibilities to get the stack running.
Determine data that has to be used:
- Private IPv6 prefix of home network
Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> IPv6 Präfix des Heimnetz - Unique local address of router
Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> Unique Local Address der Fritz!Box - Unique local address prefix (ULA)
Usually the first 64 bits of routers address
Docker settings
Edit or create /etc/docker/daemon.json and use the private IPv6 prefix of home network
{
"ipv6": true,
"fixed-cidr-v6": "2a02:8070:c3b6:2b00::/64"
}
Then do a docker restart sudo systemctl restart docker. Reloading was not successful in my setup.
Docker networking
For the macvlan use the router as gateway and the correct subnet. Select an IP range that has a longer Prefix for the network. If the prefix is as long as the ULA prefix, there is no chance to build up a second macvlan network.
networks:
home:
external: false
driver: macvlan
enable_ipv6: true
driver_opts:
parent: enp2s0
ipam:
config:
- subnet: 192.168.178.0/24
gateway: 192.168.178.1
ip_range: 192.168.178.2/30 # .2 and .3
- subnet: fd00::/64
gateway: fd00::de15:c8ff:feec:9960
ip_range: fd00::1/80
name: home
SQLite3
Vaultwarden stores data in a sqlite database. To view data sqlite3 should be installed.
sudo apt install sqlite3
Components and structure
The root's docker-compose is used to install common components like databases and traefik. Subdirectories are used to structure and keep components independent. You have to run the common part, after that you can run single components.
Common
- traefik 2
- portainer
- mysql 8
- postgresql 14
- redis
Development
- gitea: Version control
- kimai: Time tracking
- nginx: Reverse proxy for kimai
Networking
- pihole
- unbound
- wireguard
- smokeping: Not used at the moment
- netdata: Not used at the moment
Nextcloud
- nextcloud-fpm
- nginx
Vault
- vaultwarden
VPN
- wireguard: Not working at the moment
Wiki
- bookstack