add basic container, configure git repo structure, add sops addon

2026-02-10 18:34:25 +03:00
parent 3e5be7b7a4
commit d457efd566
14 changed files with 132 additions and 1 deletions
--- a/hosts/home-morefine/docker/caddy/Caddyfile
+++ b/hosts/home-morefine/docker/caddy/Caddyfile
@@ -27,7 +27,6 @@ caddy-minipc.catmedved.com {
 }
 # D
 databasus.catmedved.com {
    reverse_proxy http://databasus:4005
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
--- a/hosts/home-morefine/docker/caddy/docker-compose.yml
+++ b/hosts/home-morefine/docker/caddy/docker-compose.yml
--- a/hosts/home-morefine/docker/jellyfin/docker-compose.yaml
+++ b/hosts/home-morefine/docker/jellyfin/docker-compose.yaml
@@ -0,0 +1,35 @@
 services:
  jellyfin:
    image: jellyfin/jellyfin:latest
    container_name: jellyfin
    hostname: Films
    networks:
      - caddy_internal
    dns:
      - 192.168.1.131 # pi-hole
    volumes:
      - ~/docker/jellyfin/config:/config
      - ~/docker/jellyfin/cache:/cache
      - /media/vk/L200/Media:/media
      - /mnt/wd:/media_wd
    #  - /path/to/media2:/media2:ro
    devices:
      - /dev/dri:/dev/dri
    restart: 'unless-stopped'
    #ports:
    #  - 8096:8096
    #  - 7359:7359/udp
    # Optional - alternative address used for autodiscovery
    #environment:
    #  - JELLYFIN_PublishedServerUrl=http://media.local
    # Optional - may be necessary for docker healthcheck to pass if running in host network mode
    #extra_hosts:
    #  - "host.docker.internal:host-gateway"
 networks:
  caddy_internal:
    name: caddy_internal
    external: true
--- a/hosts/home-morefine/initial-setup/info.md
+++ b/hosts/home-morefine/initial-setup/info.md
@@ -0,0 +1,8 @@
 # Main server paths
 ```sh
 /srv/backups/<service>   # backups
 /srv/gitops              # git repo
 /srv/rundata/<service>   # persistent service data (volumes)
 /run/secrets/<service>   # runtime secrets (tmpfs) - docker style file-based secrets
 ```
--- a/hosts/home-morefine/initial-setup/sops.sh
+++ b/hosts/home-morefine/initial-setup/sops.sh
@@ -0,0 +1,17 @@
 # age
 sudo apt install -y age
 sudo mkdir -p /root/.config/sops/age
 sudo age-keygen -o /root/.config/sops/age/keys.txt
 sudo chmod 600 /root/.config/sops/age/keys.txt
 # sops
 curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.linux.amd64
 sudo install -m 0755 sops-v3.11.0.linux.amd64 /usr/local/bin/sops
 rm sops-v3.11.0.linux.amd64
 # yq for yaml
 sudo wget -qO /usr/local/bin/yq \
  https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
 sudo chmod +x /usr/local/bin/yq
--- a/hosts/home-morefine/inventory.md
+++ b/hosts/home-morefine/inventory.md
--- a/hosts/home-morefine/systemd/docker.service.d/10-sops-decrypt.conf
+++ b/hosts/home-morefine/systemd/docker.service.d/10-sops-decrypt.conf
@@ -0,0 +1,3 @@
 [Unit]
 Requires=sops-decrypt.service
 After=sops-decrypt.service
--- a/hosts/home-morefine/systemd/sops/sops-decrypt.service
+++ b/hosts/home-morefine/systemd/sops/sops-decrypt.service
@@ -0,0 +1,19 @@
 [Unit]
 Description=Decrypt SOPS secrets before Docker starts
 DefaultDependencies=no
 Before=docker.service
 Wants=network-online.target
 After=network-online.target
 [Service]
 Type=oneshot
 WorkingDirectory=/srv/gitops
 Environment=SOPS_AGE_KEY_FILE=/root/.config/sops/age/keys.txt
 # твой скрипт расшифровки (держи в репо или в /usr/local/bin)
 ExecStart=/srv/gitops/homelab-infra/lab-home/sops-decrypt.sh
 TimeoutStartSec=300
 [Install]
 WantedBy=multi-user.target
--- a/hosts/home-morefine/systemd/sops/sops-install-oneoff.sh
+++ b/hosts/home-morefine/systemd/sops/sops-install-oneoff.sh
@@ -0,0 +1,8 @@
 sudo install -D -m 0644 systemd/sops-decrypt.service /etc/systemd/system/sops-decrypt.service
 sudo install -D -m 0644 systemd/docker.service.d/10-sops-decrypt.conf /etc/systemd/system/docker.service.d/10-sops-decrypt.conf
 # сам скрипт
 sudo install -D -m 0755 systemd/sops-decrypt-all /usr/local/bin/sops-decrypt-all
 sudo systemctl daemon-reload
 sudo systemctl enable sops-decrypt.service
--- a/hosts/home-morefine/users/group_photo.sh
+++ b/hosts/home-morefine/users/group_photo.sh
@@ -0,0 +1,8 @@
 sudo groupadd photos
 sudo usermod -aG photos vk
 sudo usermod -aG photos apps
 sudo usermod -aG photos syncthing_user
 sudo chown -R vk:photos /srv/photo
 sudo chmod -R 2775 /srv/photo
--- a/hosts/home-morefine/users/user_apps.sh
+++ b/hosts/home-morefine/users/user_apps.sh
@@ -0,0 +1,18 @@
 sudo groupadd --system --gid 995 apps
 sudo useradd --uid 995 --gid 995 \
  --system \
  --create-home \
  --home-dir /home/apps \
  --gid apps \
  --shell /usr/sbin/nologin \
  --comment "Service account for applications" \
  apps
 sudo chmod 0750 /home/apps
 sudo usermod -aG apps vk
 sudo usermod -aG photos apps
 id apps
 # uid=995(apps) gid=995(apps) groups=995(apps)
--- a/hosts/home-morefine/users/user_syncthing_user.sh
+++ b/hosts/home-morefine/users/user_syncthing_user.sh
@@ -0,0 +1 @@
 syncthing_user
--- a/hosts/home-morefine/users/user_vk.sh
+++ b/hosts/home-morefine/users/user_vk.sh
@@ -0,0 +1,2 @@
 # vk - human system admin
--- a/hosts/jalezze/soft.md
+++ b/hosts/jalezze/soft.md
@@ -0,0 +1,13 @@
 # PDF Tools
 ## imagemagick
 https://imagemagick.org/script/download.php#windows&gsc.tab=0
 ## ghostscript
 Needed for imagemagic
 https://www.ghostscript.com/releases/gsdnld.html