Skip to content
Resources for my homelab media server
Shell Python HCL
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
compose
config
inactive
scripts
.gitignore
.gitmodules
LICENSE
README.md
bastion.tf
compose.sh
down.sh
env.sample
pre-commit
up.sh

README.md

Container Orchestration

Setup

Add or remove container orchestrations in compose directory. Traefik and Auth containers must be started before any others. Network setup originates in the Traefik reverse proxy traefik.yml and all other containers attach to that network.

Run

# start all services
bash up.sh

# start specific file orchestration within compose directory
bash up.sh traefik auth <compose/file_name> ...

Note: traefik and auth must be run first. traefik.yml also defines the network that the others attach to.

Stop

# stop all services
bash down.sh

# stop specific bundle
bash down.sh <compose/file_name> ...

Logs

docker logs -tf --tail="50" <service_name>

Traefik Reverse Proxy

Bastion Server

Install Terraform

First, install Terraform by pulling the latest download here with wget

apt install unzip

unzip terraform*.zip

mv terraform /usr/local/bin

terraform --version

Set Up VPN Server

Next, install WireGuard on the VPN client (the homelab server)

sudo chmod +x scripts/wireguard/install.sh
sudo bash -c ./scripts/wireguard/install.sh

Setup bastion server, install WireGuard, copy VPN server configuration to client, run terraform plan before apply to view changes

ssh-keygen # if you haven't already

terraform init

do_token=$(grep DO_TOKEN .env | xargs) TF_VAR_do_token=${do_token#*=} terraform apply -auto-approve

wg-quick@wg0 service should have started, now just enable the service

systemctl enable wg-quick@wg0

Other commands

Destroy the bastion server

do_token=$(grep DO_TOKEN .env | xargs) TF_VAR_do_token=${do_token#*=} terraform destroy -auto-approve

You may consider debugging your homelab and VPN traffic forwarding with this simple container

docker run --rm -it -p 10.0.0.2:80:80 --name iamfoo containous/whoami

Resources

Todo

  • Handle the server configuration with Ansible instead of scripts via Terraform
  • Automatically configure DNS records for subdomains (Cloudflare API)
  • Install and setup unbound (docker discussion)
You can’t perform that action at this time.