Skip to content

jbarratt/docker-homelab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits

config

config

 
 

imagesrc

imagesrc

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

dns.yml

dns.yml

 
 

minecraft.md

minecraft.md

 
 

minecraft.yml

minecraft.yml

 
 

minecraft.yml-backup

minecraft.yml-backup

 
 

monitoring.yml

monitoring.yml

 
 

restarting.py

restarting.py

 
 

Repository files navigation

Docker Homelab

This is how I configure docker for my home lab.

I'm using docker-compose because it's bulletproof and portable. For a single machine, kubernetes or the slimmer single machine alternatives doesn't bring much to the party.

File Layout

monitoring.yml # the monitoring stack
minecraft.yml # the minecraft container party
imagesrc/{image name}/ # where the image builders live for custom images

Common Commands

docker-compose -f monitoring.yml build
docker-compose -f monitoring.yml up -d
docker-compose -f monitoring.yml stop
docker-compose pull --ignore-pull-failures && docker-compose up -d # update all

Minecraft Commands

Connecting to rcon in a container

docker-compose -f minecraft.yml exec disneyland rcon-cli

Backup Recovery

Assuming you have attached a volume at /recover pointing at a different location:

docker-compose -f minecraft.yml exec backup /bin/bash
# restic snapshots
# restic restore <sha> --target /recover/myrestore

Helpful Tips

To Do

  • Add minecraft prom exporter and connect to prometheus
  • Monitor the backups
  • Extend prometheus to do push notifications over telegram if the server is down
  • solve the rcon work so it works with multiple containers

.env file contents

The .env file is not checked in because it has secrets or host-dependent values in it.

AWS_ACCESS_KEY_ID=""
AWS_SECRET_ACCESS_KEY=""
AWS_DEFAULT_REGION=""
RESTIC_REPOSITORY="s3:https://s3.amazonaws.com/mybucket/mybackuppath/"
RESTIC_FORGET_ARGS="--prune --keep-daily 7 --keep-weekly 52 --keep-monthly 120 --keep-yearly 100"
RESTIC_PASSWORD="looselips"
RCON_PASSWORD="nohackingrconplz"

Sample IAM policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::mybucketname"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::mybucketname/myhost/*"
        }
    ]
}

Alerting

Alertmanager's config is not in git because it has creds. But it's stupid simple

route:
  receiver: pushover

receivers:
  - name: pushover
    pushover_configs:
      - token: app token
        user_key: your user key

This can be tested as so:

curl -H "Content-Type: application/json" -d '[{"status": "firing", "labels":{"alertname":"TestAlert1"}}]' localhost:9093/alertmanager/api/v1/alerts

About

Docker-compose files making up my home server setup

Resources

Readme

License

View license
Activity

Stars

21 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages