initial
This commit is contained in:
commit
2639194501
|
@ -0,0 +1,8 @@
|
||||||
|
TZ=Europe/Moscow
|
||||||
|
EMAIL=YOUR_EMAIL
|
||||||
|
HOST=YOUR_DOMAIN
|
||||||
|
PG_USER=docker
|
||||||
|
PG_PASSWORD=CHANGE_PASSWORD
|
||||||
|
REDIS_PASSWORD=CHANGE_PASSWORD
|
||||||
|
TRANSMISSION_USER=root
|
||||||
|
TRANSMISSION_PASSWORD=CHANGE_PASSWORD
|
|
@ -0,0 +1 @@
|
||||||
|
.env
|
|
@ -0,0 +1,55 @@
|
||||||
|
# TinyNAS
|
||||||
|
|
||||||
|
Дистрибутив софта на базе докера для быстрого развертования домашнего NAS.
|
||||||
|
|
||||||
|
В дистрибутив входят:
|
||||||
|
|
||||||
|
* Transmission - торрент клиент
|
||||||
|
* miniDLNA - DLNA сервер для трансляции скачанных файлов на ТВ/другие устройства
|
||||||
|
* NextCloud - персональное облако
|
||||||
|
* VaultWarden - селфхостед менеджер паролей, свободная реализация Bitwarden
|
||||||
|
|
||||||
|
Помимо этого, сконфигурированы Caddy, Postgres, Redis чтобы всю эту красоту поддерживать.
|
||||||
|
|
||||||
|
## Перед установкой:
|
||||||
|
|
||||||
|
Требования для установки:
|
||||||
|
|
||||||
|
* Сервер доступный снаружи
|
||||||
|
* Домен который смотрит на этот сервер (его нужно будет указать в первом шаге установки)
|
||||||
|
* docker + docker-compose
|
||||||
|
|
||||||
|
## Установка:
|
||||||
|
|
||||||
|
1. Запустить на сервере `./setup.sh` для генерации файла настроек .env
|
||||||
|
2. Запустить TinyNAS: `docker compose up -d`
|
||||||
|
|
||||||
|
## Использование
|
||||||
|
|
||||||
|
Здесь и далее будет использоваться `example.com` как домен указанный 1 шаге установки
|
||||||
|
|
||||||
|
### Transmission
|
||||||
|
|
||||||
|
Адрес: https://transmission.example.com/
|
||||||
|
|
||||||
|
Логин: TRANSMISSION_USER из файла .env
|
||||||
|
|
||||||
|
Пароль: TRANSMISSION_PASSWORD из файла .env
|
||||||
|
|
||||||
|
### Nextcloud
|
||||||
|
|
||||||
|
Адрес: https://nextcloud.example.com/
|
||||||
|
|
||||||
|
Необходимо ввести новый логин и пароль для создания администратора. Нажать "Создать".
|
||||||
|
|
||||||
|
После этого в какой-то момент будет ошибка таймаута браузера. Это *нормально*!
|
||||||
|
|
||||||
|
Ничего не делаем, обновляем страницу раз в пару минут, пока окно создания администратора не сменится на окно входа.
|
||||||
|
|
||||||
|
Почему так - не знаю. Но оно работает. Пуллреквесты приветствуются.
|
||||||
|
|
||||||
|
### VaultWarden
|
||||||
|
|
||||||
|
Адрес: https://vaultwarden.example.com/
|
||||||
|
|
||||||
|
Тут нет особенностей. Оно просто работает.
|
|
@ -0,0 +1,238 @@
|
||||||
|
version: "3.0"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
media:
|
||||||
|
transmission-config:
|
||||||
|
transmission-watch:
|
||||||
|
nextcloud-config:
|
||||||
|
nextcloud-data:
|
||||||
|
nextcloud-www:
|
||||||
|
caddy-config:
|
||||||
|
caddy-data:
|
||||||
|
vw-data:
|
||||||
|
postgres-data:
|
||||||
|
postgres-backups:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
inner:
|
||||||
|
|
||||||
|
services:
|
||||||
|
minidlna:
|
||||||
|
build:
|
||||||
|
context: minidlna
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
container_name: dlna
|
||||||
|
environment:
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1000
|
||||||
|
TZ: ${TZ}
|
||||||
|
MINIDLNA_MEDIA_DIR: /media
|
||||||
|
MINIDLNA_FRIENDLY_NAME: tinyNAS
|
||||||
|
volumes:
|
||||||
|
- media:/media
|
||||||
|
healthcheck:
|
||||||
|
test:
|
||||||
|
[
|
||||||
|
"CMD",
|
||||||
|
"curl",
|
||||||
|
"--silent",
|
||||||
|
"--fail",
|
||||||
|
"127.0.0.1:8200",
|
||||||
|
"||",
|
||||||
|
"exit 1"
|
||||||
|
]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 6
|
||||||
|
start_period: 10s
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- 8200:8200
|
||||||
|
|
||||||
|
transmission:
|
||||||
|
image: lscr.io/linuxserver/transmission:latest
|
||||||
|
container_name: transmission
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=${TZ}
|
||||||
|
- USER=${TRANSMISSION_USER}
|
||||||
|
- PASS=${TRANSMISSION_PASSWORD}
|
||||||
|
volumes:
|
||||||
|
- transmission-config:/config
|
||||||
|
- media:/downloads
|
||||||
|
- transmission-watch:/watch
|
||||||
|
ports:
|
||||||
|
- 51413:51413
|
||||||
|
- 51413:51413/udp
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- inner
|
||||||
|
|
||||||
|
nextcloud:
|
||||||
|
image: nextcloud:stable-fpm-alpine
|
||||||
|
container_name: nextcloud
|
||||||
|
environment:
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1000
|
||||||
|
TZ: ${TZ}
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_USER: ${PG_USER}
|
||||||
|
POSTGRES_PASSWORD: ${PG_PASSWORD}
|
||||||
|
POSTGRES_HOST: postgres:5432
|
||||||
|
NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.${HOST}
|
||||||
|
REDIS_HOST: redis
|
||||||
|
REDIS_HOST_PASSWORD: ${REDIS_PASSWORD}
|
||||||
|
volumes:
|
||||||
|
- nextcloud-config:/config:rw
|
||||||
|
- nextcloud-data:/var/data:rw
|
||||||
|
- nextcloud-www:/var/www/html:rw
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- inner
|
||||||
|
depends_on:
|
||||||
|
postgres:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_started
|
||||||
|
|
||||||
|
nextcloud-cron:
|
||||||
|
image: nextcloud:stable-fpm-alpine
|
||||||
|
restart: always
|
||||||
|
container_name: nextcloud-cron
|
||||||
|
environment:
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1000
|
||||||
|
TZ: ${TZ}
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_USER: ${PG_USER}
|
||||||
|
POSTGRES_PASSWORD: ${PG_PASSWORD}
|
||||||
|
POSTGRES_HOST: postgres:5432
|
||||||
|
NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.${HOST}
|
||||||
|
REDIS_HOST: redis
|
||||||
|
REDIS_HOST_PASSWORD: ${REDIS_PASSWORD}
|
||||||
|
volumes:
|
||||||
|
- nextcloud-config:/config:rw
|
||||||
|
- nextcloud-data:/data:rw
|
||||||
|
- nextcloud-www:/var/www/html:rw
|
||||||
|
entrypoint: /cron.sh
|
||||||
|
networks:
|
||||||
|
- inner
|
||||||
|
depends_on:
|
||||||
|
postgres:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_started
|
||||||
|
|
||||||
|
vaultwarden:
|
||||||
|
image: vaultwarden/server:latest
|
||||||
|
container_name: vaultwarden
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1000
|
||||||
|
TZ: ${TZ}
|
||||||
|
WEBSOCKET_ENABLED: "true"
|
||||||
|
DATABASE_URL: postgresql://${PG_USER}:${PG_PASSWORD}@postgres:5432/vaultwarden
|
||||||
|
volumes:
|
||||||
|
- vw-data:/data
|
||||||
|
networks:
|
||||||
|
- inner
|
||||||
|
depends_on:
|
||||||
|
postgres:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
gateway:
|
||||||
|
image: caddy:2
|
||||||
|
container_name: caddy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
volumes:
|
||||||
|
- ./etc/Caddyfile:/etc/caddy/Caddyfile:ro
|
||||||
|
- caddy-config:/config:rw
|
||||||
|
- caddy-data:/data:rw
|
||||||
|
- nextcloud-www:/var/www/nextcloud:rw
|
||||||
|
environment:
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1000
|
||||||
|
TZ: ${TZ}
|
||||||
|
HOST: ${HOST}
|
||||||
|
EMAIL: ${EMAIL}
|
||||||
|
LOG_FILE: "/data/access.log"
|
||||||
|
networks:
|
||||||
|
- inner
|
||||||
|
depends_on:
|
||||||
|
- nextcloud
|
||||||
|
- vaultwarden
|
||||||
|
- transmission
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres:15.2-alpine3.17
|
||||||
|
restart: always
|
||||||
|
container_name: postgres
|
||||||
|
environment:
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1000
|
||||||
|
TZ: ${TZ}
|
||||||
|
PGUSER: ${PG_USER}
|
||||||
|
POSTGRES_USER: ${PG_USER}
|
||||||
|
POSTGRES_PASSWORD: ${PG_PASSWORD}
|
||||||
|
DB_NAME: nextcloud,vaultwarden
|
||||||
|
LANG: ru_RU.utf8
|
||||||
|
volumes:
|
||||||
|
- "postgres-data:/var/lib/postgresql/data"
|
||||||
|
- "./etc/init.sql:/docker-entrypoint-initdb.d/init.sql"
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -d vaultwarden -U docker"]
|
||||||
|
interval: 20s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 10
|
||||||
|
networks:
|
||||||
|
- inner
|
||||||
|
|
||||||
|
backups:
|
||||||
|
image: postgres:15.2-alpine3.17
|
||||||
|
container_name: postgres_backup
|
||||||
|
# Run nextcloud-restore-application-data.sh to restore application data if needed.
|
||||||
|
# Run nextcloud-restore-database.sh to restore database if needed.
|
||||||
|
command: sh -c 'sleep 30m
|
||||||
|
&& while true; do
|
||||||
|
PGPASSWORD="$$(echo $$POSTGRES_PASSWORD)"
|
||||||
|
pg_dump
|
||||||
|
-h postgres
|
||||||
|
-p 5432
|
||||||
|
-d nextcloud
|
||||||
|
-U docker | gzip > /srv/nextcloud-postgres/backups/nextcloud-postgres-backup-$$(date "+%Y-%m-%d_%H-%M").gz
|
||||||
|
&& tar -zcpf /srv/nextcloud-application-data/backups/nextcloud-application-data-backup-$$(date "+%Y-%m-%d_%H-%M").tar.gz /var/www/html
|
||||||
|
&& find /srv/nextcloud-postgres/backups -type f -mtime +7 | xargs rm -f
|
||||||
|
&& find /srv/nextcloud-application-data/backups -type f -mtime +7 | xargs rm -f;
|
||||||
|
sleep 24h; done'
|
||||||
|
environment:
|
||||||
|
PUID: 1000
|
||||||
|
PGID: 1000
|
||||||
|
TZ: ${TZ}
|
||||||
|
PGUSER: ${PG_USER}
|
||||||
|
POSTGRES_USER: ${PG_USER}
|
||||||
|
POSTGRES_PASSWORD: ${PG_PASSWORD}
|
||||||
|
DB_NAME: nextcloud,vaultwarden
|
||||||
|
LANG: ru_RU.utf8
|
||||||
|
volumes:
|
||||||
|
- "postgres-data:/var/lib/postgresql/data"
|
||||||
|
# Database backups location
|
||||||
|
- "postgres-backups:/srv/nextcloud-postgres/backups"
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
postgres:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
redis:
|
||||||
|
container_name: redis
|
||||||
|
image: redis:alpine3.17
|
||||||
|
restart: always
|
||||||
|
mem_limit: 2048m
|
||||||
|
mem_reservation: 512m
|
||||||
|
command: redis-server --requirepass $REDIS_PASSWORD
|
||||||
|
networks:
|
||||||
|
- inner
|
|
@ -0,0 +1,101 @@
|
||||||
|
{
|
||||||
|
servers :443 {
|
||||||
|
timeouts {
|
||||||
|
idle 600s
|
||||||
|
read_body 600s
|
||||||
|
read_header 600s
|
||||||
|
write 600s
|
||||||
|
}
|
||||||
|
max_header_size 100MB
|
||||||
|
}
|
||||||
|
servers {
|
||||||
|
timeouts {
|
||||||
|
idle 600s
|
||||||
|
read_body 600s
|
||||||
|
read_header 600s
|
||||||
|
write 600s
|
||||||
|
}
|
||||||
|
max_header_size 20MB
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
nextcloud.{$HOST} {
|
||||||
|
log {
|
||||||
|
level INFO
|
||||||
|
output file {$LOG_FILE} {
|
||||||
|
roll_size 10MB
|
||||||
|
roll_keep 10
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tls {$EMAIL}
|
||||||
|
|
||||||
|
encode gzip
|
||||||
|
|
||||||
|
header {
|
||||||
|
# enable HSTS
|
||||||
|
# Strict-Transport-Security max-age=31536000;
|
||||||
|
}
|
||||||
|
|
||||||
|
file_server
|
||||||
|
root * /var/www/nextcloud
|
||||||
|
|
||||||
|
@forbidden {
|
||||||
|
path /.htaccess
|
||||||
|
path /data/*
|
||||||
|
path /config/*
|
||||||
|
path /db_structure
|
||||||
|
path /.xml
|
||||||
|
path /README
|
||||||
|
path /3rdparty/*
|
||||||
|
path /lib/*
|
||||||
|
path /templates/*
|
||||||
|
path /occ
|
||||||
|
path /console.php
|
||||||
|
}
|
||||||
|
respond @forbidden 404
|
||||||
|
php_fastcgi nextcloud:9000 {
|
||||||
|
root /var/www/html
|
||||||
|
env front_controller_active true
|
||||||
|
dial_timeout 600s
|
||||||
|
read_timeout 600s
|
||||||
|
write_timeout 600s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
vaultwarden.{$HOST} {
|
||||||
|
log {
|
||||||
|
level INFO
|
||||||
|
output file {$LOG_FILE} {
|
||||||
|
roll_size 10MB
|
||||||
|
roll_keep 10
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tls {$EMAIL}
|
||||||
|
|
||||||
|
encode gzip
|
||||||
|
|
||||||
|
reverse_proxy /notifications/hub vaultwarden:3012
|
||||||
|
reverse_proxy vaultwarden:80 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
transmission.{$HOST} {
|
||||||
|
log {
|
||||||
|
level INFO
|
||||||
|
output file {$LOG_FILE} {
|
||||||
|
roll_size 10MB
|
||||||
|
roll_keep 10
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tls {$EMAIL}
|
||||||
|
|
||||||
|
encode gzip
|
||||||
|
|
||||||
|
reverse_proxy transmission:9091 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,4 @@
|
||||||
|
CREATE DATABASE nextcloud;
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO docker;
|
||||||
|
CREATE DATABASE vaultwarden;
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO docker;
|
|
@ -0,0 +1,13 @@
|
||||||
|
FROM alpine:3.17.2
|
||||||
|
LABEL maintainer "Alexander Kiryukhin i@neonxp.dev"
|
||||||
|
|
||||||
|
# Install
|
||||||
|
RUN apk --no-cache add bash curl minidlna tini shadow su-exec alpine-conf inotify-tools
|
||||||
|
|
||||||
|
# Entrypoint
|
||||||
|
COPY entrypoint.sh /
|
||||||
|
RUN chmod +x /entrypoint.sh
|
||||||
|
|
||||||
|
EXPOSE 8200
|
||||||
|
|
||||||
|
ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
|
|
@ -0,0 +1,62 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Bash strict mode
|
||||||
|
set -euo pipefail
|
||||||
|
IFS=$'\n\t'
|
||||||
|
|
||||||
|
# DEBUG
|
||||||
|
[ -z "${DEBUG:-}" ] || set -x
|
||||||
|
|
||||||
|
# VARs
|
||||||
|
export TZ="${TZ:-}"
|
||||||
|
export PUID="${PUID:-100}"
|
||||||
|
export PGID="${PGID:-101}"
|
||||||
|
export PIDFILE='/minidlna/minidlna.pid'
|
||||||
|
export FORCE_SCAN="${FORCE_SCAN:-false}"
|
||||||
|
export FORCE_REBUILD="${FORCE_REBUILD:-false}"
|
||||||
|
|
||||||
|
# Remove old pid if it exists
|
||||||
|
[ -f "$PIDFILE" ] && rm -f "$PIDFILE"
|
||||||
|
|
||||||
|
echo '=== Set user and group identifier'
|
||||||
|
groupmod --non-unique --gid "$PGID" minidlna
|
||||||
|
usermod --non-unique --uid "$PUID" minidlna
|
||||||
|
|
||||||
|
if [[ -n "$TZ" ]]; then
|
||||||
|
echo '=== Set timezone'
|
||||||
|
setup-timezone -z "$TZ"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo '=== Set standard configuration'
|
||||||
|
export MINIDLNA_DB_DIR="${MINIDLNA_DB_DIR:-/minidlna/cache}"
|
||||||
|
export MINIDLNA_LOG_DIR="${MINIDLNA_LOG_DIR:-/minidlna}"
|
||||||
|
export MINIDLNA_INOTIFY="${MINIDLNA_INOTIFY:-yes}"
|
||||||
|
|
||||||
|
echo '=== Set configuration from environment variables'
|
||||||
|
: > /etc/minidlna.conf
|
||||||
|
for VAR in $(env); do
|
||||||
|
if [[ "$VAR" =~ ^MINIDLNA_ ]]; then
|
||||||
|
if [[ "$VAR" =~ ^MINIDLNA_MEDIA_DIR ]]; then
|
||||||
|
minidlna_name='media_dir'
|
||||||
|
else
|
||||||
|
minidlna_name=$(echo "$VAR" | sed -r "s/MINIDLNA_(.*)=.*/\\1/g" | tr '[:upper:]' '[:lower:]')
|
||||||
|
fi
|
||||||
|
minidlna_value=$(echo "$VAR" | sed -r "s/.*=(.*)/\\1/g")
|
||||||
|
echo "${minidlna_name}=${minidlna_value}" >> /etc/minidlna.conf
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo '=== Set permissions'
|
||||||
|
mkdir -p /minidlna/ "${MINIDLNA_DB_DIR}" "${MINIDLNA_LOG_DIR}"
|
||||||
|
chown -R "${PUID}:${PGID}" /minidlna/ "${MINIDLNA_DB_DIR}" "${MINIDLNA_LOG_DIR}"
|
||||||
|
|
||||||
|
echo '=== Generate scan/rebuild flags'
|
||||||
|
if [[ "$FORCE_SCAN" == true ]]; then
|
||||||
|
set -- -r "$@"
|
||||||
|
fi
|
||||||
|
if [[ "$FORCE_REBUILD" == true ]]; then
|
||||||
|
set -- -R "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo '=== Start daemon'
|
||||||
|
exec su-exec minidlna /usr/sbin/minidlnad -P "$PIDFILE" -S "$@"
|
|
@ -0,0 +1,18 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
read -p "Ваш e-mail: " EMAIL
|
||||||
|
read -p "Базовый домен, для которого будут созданы поддомены с сервисами: " HOST
|
||||||
|
|
||||||
|
PG_PASSWORD=`tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo ''`
|
||||||
|
REDIS_PASSWORD=`tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo ''`
|
||||||
|
TRANSMISSION_PASSWORD=`tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo ''`
|
||||||
|
|
||||||
|
echo "TZ=Europe/Moscow
|
||||||
|
EMAIL=${EMAIL}
|
||||||
|
HOST=${HOST}
|
||||||
|
PG_USER=docker
|
||||||
|
PG_PASSWORD=${PG_PASSWORD}
|
||||||
|
REDIS_PASSWORD=${REDIS_PASSWORD}
|
||||||
|
TRANSMISSION_USER=root
|
||||||
|
TRANSMISSION_PASSWORD=${TRANSMISSION_PASSWORD}" > .env
|
||||||
|
echo "Конфиг записан в файл .env"
|
Loading…
Reference in New Issue