home/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e9abcf80e6a84ebd925c520967e04c49f533091c
docker/readme.md

157 lines
4.2 KiB
Markdown
Raw Blame History

# Containerized Home Server
This repo is used to deploy the containers for the home server infrastructure. If you want to move infrastructure to another host you have to install docker and docker-compose at first.
## Requirements
### Docker
[Offical docker installation guide for ubuntu](https://docs.docker.com/engine/install/ubuntu/)
To be able to use this repo, you must have running system with a running docker instance.
Installing docker on ubuntu:
````
sudo apt update && sudo apt upgrade
sudo apt install ca-certificates curl gnupg lsb-release
````
Next docker's GPG key must be added to repo list:
``curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg``
To setup the stable repostiory:
````
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
````
Now docker engine can be installed:
````
sudo apt- update
sudo apt install docker-ce docker-ce-cli containerd.io
````
### Networking with macvlan
To expose containers to the local network a macvlan can be used. Containers that are
attached to this network can not be reached from the host system. To be able to reach
these containers from the host, a second bridge has to be created and traffic must be routed to this network.
* Network-Adapter of host: ``enp3s0``
* Name of the network bridge: ``docker-bridge``
* Free IP address of subnet out of dhcp range: ``192.168.178.19``
````
ip link add docker-bridge link enp3s0 type macvlan mode bridge
ip addr add 192.168.178.19/32 dev docker-bridge
ip link set docker-bridge up
ip route add 192.168.178.0/24 dev docker-bridge
````
### IPv6 networking
IPv6 is not enabled by default in docker networking. If you don't want to disable the complete IPv6 networking stack
in your routers configuration and use pihole or unbound, IPv6 has to be enabled.
Configuration is a bit tricky, and there might be better possibilities to get the stack running.
#### Determine data that has to be used:
* Private IPv6 prefix of home network \
``Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> IPv6 Präfix des Heimnetz``
* Unique local address of router \
``Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> Unique Local Address der Fritz!Box``
* Unique local address prefix (ULA) \
``Usually the first 64 bits of routers address``
#### Docker settings
Edit or create ``/etc/docker/daemon.json`` and use the private IPv6 prefix of home network
````
{
"ipv6": true,
"fixed-cidr-v6": "2a02:8070:c3b6:2b00::/64"
}
````
Then do a docker restart ``sudo systemctl restart docker``. Reloading was not successful in my setup.
#### Docker networking
For the macvlan use the router as gateway and the correct subnet. Select an IP range that has a longer Prefix for the network.
If the prefix is as long as the ULA prefix, there is no chance to build up a second macvlan network.
````
networks:
home:
external: false
driver: macvlan
enable_ipv6: true
driver_opts:
parent: enp2s0
ipam:
config:
- subnet: 192.168.178.0/24
gateway: 192.168.178.1
ip_range: 192.168.178.2/30 # .2 and .3
- subnet: fd00::/64
gateway: fd00::de15:c8ff:feec:9960
ip_range: fd00::1/80
name: home
````
### SQLite3
Vaultwarden stores data in a sqlite database. To view data sqlite3 should be installed.
````
sudo apt install sqlite3
````
## Components and structure
The root's docker-compose is used to install common components like databases and traefik.
Subdirectories are used to structure and keep components independent. You have to run the common part, after that you can run single components.
### Common
- traefik 2
- portainer
- mysql 8
- postgresql 14
- redis
### Development
- gitea: Version control
- kimai: Time tracking
- nginx: Reverse proxy for kimai
### Networking
- pihole
- unbound
- wireguard
- smokeping: Not used at the moment
- netdata: Not used at the moment
### Nextcloud
- nextcloud-fpm
- nginx
### Vault
- vaultwarden
### VPN
- wireguard: Not working at the moment
### Wiki
- bookstack
Reference in New Issue View Git Blame Copy Permalink