From 822a62bd6077379a1cc56494c23cef2e7aa9289c Mon Sep 17 00:00:00 2001 From: Bruchtal Admin Date: Sat, 21 Feb 2026 18:57:26 +0100 Subject: [PATCH] chore: initial commit for Bruchtal Docker + deploy --- .gitignore | 12 +++++ README.md | 17 ++++++ deploy/deploy-bruchtal.sh | 16 ++++++ deploy/hooks.json | 17 ++++++ docker-compose.yml | 17 ++++++ docker/adguardhome/docker-compose.yml | 13 +++++ docker/gitea/docker-compose.yml | 22 ++++++++ docker/heimdall/docker-compose.yml | 16 ++++++ docker/wikijs/docker-compose.yml | 16 ++++++ docs/docker/adguardhome/adguardhome.md | 22 ++++++++ docs/docker/architecture.md | 0 docs/docker/heimdall/heimdall.md | 23 ++++++++ docs/docker/wikijs/wikijs.md | 24 +++++++++ docs/index.md | 18 +++++++ docs/network/topology.md | 0 docs/network/tunnel.md | 74 ++++++++++++++++++++++++++ docs/overview/index.md | 0 docs/proxmox/vms.md | 9 ++++ docs/workflows/docker-workflow.md | 66 +++++++++++++++++++++++ mkdocs.yml | 24 +++++++++ 20 files changed, 406 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100755 deploy/deploy-bruchtal.sh create mode 100644 deploy/hooks.json create mode 100644 docker-compose.yml create mode 100644 docker/adguardhome/docker-compose.yml create mode 100644 docker/gitea/docker-compose.yml create mode 100644 docker/heimdall/docker-compose.yml create mode 100644 docker/wikijs/docker-compose.yml create mode 100644 docs/docker/adguardhome/adguardhome.md create mode 100644 docs/docker/architecture.md create mode 100644 docs/docker/heimdall/heimdall.md create mode 100644 docs/docker/wikijs/wikijs.md create mode 100644 docs/index.md create mode 100644 docs/network/topology.md create mode 100644 docs/network/tunnel.md create mode 100644 docs/overview/index.md create mode 100644 docs/proxmox/vms.md create mode 100644 docs/workflows/docker-workflow.md create mode 100644 mkdocs.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..feb6b06 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +# OS +.DS_Store + +# MkDocs build +site/ + +# Secrets +.env +.env.* +secrets/ +*.key +*.pem diff --git a/README.md b/README.md new file mode 100644 index 0000000..87088c1 --- /dev/null +++ b/README.md @@ -0,0 +1,17 @@ +# Homelab Documentation & Infrastructure + +Zentrale Dokumentation und Konfigurationsbasis für mein Homelab. + +## Inhalt +- 📚 Technische Dokumentation (Markdown, MkDocs) +- 🐳 Docker-Compose Stacks +- 🖧 Netzwerk- & VM-Übersicht +- 🗂 Versionierte Infrastruktur + +## Struktur +- `/docs` → Dokumentation +- `/docker` → docker-compose Dateien +- `/diagrams` → Architektur- & Netzdiagramme + +## Grundsatz +> Git ist die Quelle der Wahrheit. diff --git a/deploy/deploy-bruchtal.sh b/deploy/deploy-bruchtal.sh new file mode 100755 index 0000000..0d876c9 --- /dev/null +++ b/deploy/deploy-bruchtal.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e + +echo "===== Bruchtal Deploy $(date) =====" + +cd /docker/Bruchtal + +echo "Pulling latest changes..." +git pull + +echo "Updating containers..." +docker restart bruchtal-docs + + +echo "Deploy finished." diff --git a/deploy/hooks.json b/deploy/hooks.json new file mode 100644 index 0000000..e924a1d --- /dev/null +++ b/deploy/hooks.json @@ -0,0 +1,17 @@ +[ + { + "id": "bruchtal-deploy", + "execute-command": "/docker/deploy/deploy-bruchtal.sh", + "command-working-directory": "/docker/Bruchtal", + "trigger-rule": { + "match": { + "type": "payload-hmac-sha256", + "secret": "!!Zazen17-Doshin17**", + "parameter": { + "source": "header", + "name": "X-Gitea-Signature" + } + } + } + } +] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..47d485c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,17 @@ +services: + bruchtal-docs: + image: squidfunk/mkdocs-material:latest + container_name: bruchtal-docs + restart: unless-stopped + + ports: + - "8005:8000" + + volumes: + - /docker/Bruchtal:/docs + + command: serve --dev-addr=0.0.0.0:8000 + + environment: + - TZ=Europe/Berlin + - WATCHDOG_FORCE_POLLING=true diff --git a/docker/adguardhome/docker-compose.yml b/docker/adguardhome/docker-compose.yml new file mode 100644 index 0000000..52d16ba --- /dev/null +++ b/docker/adguardhome/docker-compose.yml @@ -0,0 +1,13 @@ +version: "3.8" + +services: + adguardhome: + image: adguard/adguardhome:v0.107.69 + container_name: adguardhome + restart: unless-stopped + network_mode: host + volumes: + - /docker/Daten/adguardhome/work:/opt/adguardhome/work + - /docker/Daten/adguardhome/conf:/opt/adguardhome/conf + environment: + TZ: Europe/Berlin diff --git a/docker/gitea/docker-compose.yml b/docker/gitea/docker-compose.yml new file mode 100644 index 0000000..79586bd --- /dev/null +++ b/docker/gitea/docker-compose.yml @@ -0,0 +1,22 @@ +networks: + gitea: + external: false + +services: + server: + image: gitea/gitea:1.24 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: unless-stopped + networks: + - gitea + volumes: + - /docker/Daten/gitea/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3002:3000" + - "2222:22" +#rem diff --git a/docker/heimdall/docker-compose.yml b/docker/heimdall/docker-compose.yml new file mode 100644 index 0000000..7cf2356 --- /dev/null +++ b/docker/heimdall/docker-compose.yml @@ -0,0 +1,16 @@ +version: "2.1" +services: + heimdall: + image: lscr.io/linuxserver/heimdall:latest + container_name: heimdall2 + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /home/christian/docker/heimdall/data/config:/config + + ports: + - 1280:80 + - 12443:443 + restart: unless-stopped diff --git a/docker/wikijs/docker-compose.yml b/docker/wikijs/docker-compose.yml new file mode 100644 index 0000000..19dc99e --- /dev/null +++ b/docker/wikijs/docker-compose.yml @@ -0,0 +1,16 @@ +version: "2.1" +services: + wikijs: + image: linuxserver/wikijs:2.5.312 + container_name: wikijs + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /docker/Daten/wikijs/config:/config + - /docker/Daten/wikijs/data:/data + - /mnt/wikijsBackupOnQnap:/backup + ports: + - 3000:3000 + restart: unless-stopped \ No newline at end of file diff --git a/docs/docker/adguardhome/adguardhome.md b/docs/docker/adguardhome/adguardhome.md new file mode 100644 index 0000000..a56740a --- /dev/null +++ b/docs/docker/adguardhome/adguardhome.md @@ -0,0 +1,22 @@ +# Adguardhome + +## Allgemein + +- Image: `adguard/adguardhome:v0.107.69` +- Port: `3000` +- Restart Policy: `unless-stopped` + + +## Volumes + +| Host Path | Container Path | Zweck | +|------------|----------------|--------| +| /docker/Daten/adguardhome/conf| /opt/adguardhome/conf | Konfiguration | +| /docker/Daten/adguardhome/work| /opt/adguardhome/work | Datenbank & Inhalte | + +## Deployment +```bash +cd /docker/Bruchtal/docker/adguardhome +git pull +docker compose pull +docker compose up -d diff --git a/docs/docker/architecture.md b/docs/docker/architecture.md new file mode 100644 index 0000000..e69de29 diff --git a/docs/docker/heimdall/heimdall.md b/docs/docker/heimdall/heimdall.md new file mode 100644 index 0000000..284e8c1 --- /dev/null +++ b/docs/docker/heimdall/heimdall.md @@ -0,0 +1,23 @@ +# Heimdall + +## Allgemein + +- Image: `lscr.io/linuxserver/heimdall:2.7.6` +- Port: `1280:80`, `12443:443` +- Restart Policy: `unless-stopped` + +## Volumes + +| Host Path | Container Path | Zweck | +|------------|----------------|--------| +| /docker/Bruchtal/docker/heimdall/data/config:/config | /config | Konfiguration | + + +## Deployment + +```bash +cd /docker/Bruchtal/docker/heimdall +git pull +docker compose pull +docker compose up -d +`` \ No newline at end of file diff --git a/docs/docker/wikijs/wikijs.md b/docs/docker/wikijs/wikijs.md new file mode 100644 index 0000000..1030a1c --- /dev/null +++ b/docs/docker/wikijs/wikijs.md @@ -0,0 +1,24 @@ +# Wikijs + +## Allgemein + +- Image: `linuxserver/wikijs:2.5.312` +- Port: `3000` +- Restart Policy: `unless-stopped` + +## Volumes + +| Host Path | Container Path | Zweck | +|------------|----------------|--------| +| /docker/Daten/wikijs/config | /config | Konfiguration | +| /docker/Daten/wikijs/data | /data | Datenbank & Inhalte | +| /docker/Daten/wikijs/backup | /backup | Backups | + +## Deployment + +```bash +cd /docker/Bruchtal/docker/wikijs +git pull +docker compose pull +docker compose up -d +`` diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..c6724ca --- /dev/null +++ b/docs/index.md @@ -0,0 +1,18 @@ +# Bruchtal + +Willkommen in der Infrastruktur-Dokumentation von **Bruchtal**. + +## Ziel + +Diese Dokumentation beschreibt: + +- ⚙️ Workflows +- 🖧 Netzwerk +- 🧱 Proxmox & VMs +- 🐳 Docker-Services +- 💾 Backup & Storage +- 🔐 Sicherheit + +--- + +> Git ist die Quelle der Wahrheit. diff --git a/docs/network/topology.md b/docs/network/topology.md new file mode 100644 index 0000000..e69de29 diff --git a/docs/network/tunnel.md b/docs/network/tunnel.md new file mode 100644 index 0000000..3f17e57 --- /dev/null +++ b/docs/network/tunnel.md @@ -0,0 +1,74 @@ +# Pangolin-Tunnel: Zugriff über Hetzner42 + +## Sicherheits-Setup + +``` + +------------------+ + | Internet | + +--------+---------+ + | + | TCP 80 / 443 + v ++------------------------------------------------------------------+ +| Hetzner Server | +| seanluc1 | +| | +| +------------+ shared docker network +---------------+ | +| | Traefik | <--------------------------> | CrowdSec | | +| | v3.4.1 | | LAPI | | +| | | | | | +| | :80 :443 | | Decisions | | +| | :8080 | | (CAPI) | | +| +------+-----+ +---------------+ | +| | | +| | dynamic config (file provider) | +| v | +| +-----------------------------------------------------------+ | +| | Pangolin | | +| | v1.14.1 | | +| | | | +| | Web UI :3002 | | +| | API :3000 | | +| | Internal API :3001 | | +| | | | +| | - generates Traefik routers | | +| | - manages resources | | +| | - controls Gerbil / Newt | | +| +-----------+-----------------------------------------------+ | +| | | +| | WireGuard control | +| v | +| +-----------------------------------------------------------+ | +| | Gerbil | | +| | | | +| | WireGuard Exit Node | | +| | wg0: 100.89.128.1/24 | | +| | Control API :3003 | | +| | | | +| | - terminates tunnel | | +| | - forwards TCP ports | | +| +-----------+-----------------------------------------------+ | +| | | ++---------------|--------------------------------------------------+ + | + | WireGuard tunnel (encrypted) + v ++------------------------------------------------------------------+ +| Local Network (LAN) | +| | +| +-------------+ +------------------------------------+ | +| | Newt | | Target Services | | +| | | | | | +| | wg IP | | Home Assistant | | +| | 100.89.128.4| | 192.168.178.203:8123 | | +| | | | | | +| | TCP Proxy | | Wiki / Bitwarden | | +| +-------------+ +------------------------------------+ | +| | ++------------------------------------------------------------------+ +``` + + + + + diff --git a/docs/overview/index.md b/docs/overview/index.md new file mode 100644 index 0000000..e69de29 diff --git a/docs/proxmox/vms.md b/docs/proxmox/vms.md new file mode 100644 index 0000000..ee0b934 --- /dev/null +++ b/docs/proxmox/vms.md @@ -0,0 +1,9 @@ +# Proxmox Host + +- Hostname: vm-proxmox +- OS: Debian 12 +- VMs: + - paperless-ngx + - home-assistant + - Docker-VM +- Backup: tägliche Snapshots diff --git a/docs/workflows/docker-workflow.md b/docs/workflows/docker-workflow.md new file mode 100644 index 0000000..ca499f8 --- /dev/null +++ b/docs/workflows/docker-workflow.md @@ -0,0 +1,66 @@ +# Docker-Workflow (Bruchtal Standard) + +Dieser Workflow ist verbindlich für alle Änderungen an Docker-Stacks in Bruchtal. + +Ziel: +- Keine Konfiguration direkt auf der VM +- Alles versioniert in Git +- Reproduzierbare Deployments +- Dokumentation immer synchron zur Infrastruktur + +--- + +## Grundprinzip + +**Konfiguration passiert lokal in VS Code.** +Die VM ist nur noch Laufzeitumgebung. + + +1. Lokal ändern, egal was +2. Committen & Pushen +3. Auf VM pullen +4. Container neu starten + +--- + +## Workflow "neuer Container" +- VSCode starten in ~Bruchtal mit code . => VS startet sauber mit der Giteinstellung +**ALLE ÄNDERUNGEN NUR IN VS** + +### neuen Containeranlegen +- `Bruchtal/` anlegen +- `Bruchtal//docker-compose.yml` anlegen +- docker-compose.yml editieren, +- commit mit Message `"infra(): docker-compose.yml neu angelegt"` +- push + + +### neuen Container dokumentieren +- `Bruchtal/docs/` anlegen +- `Bruchtal/docs//.md` anlegen +- `.md` editieren, Blaupause z.B: wikijs.md +- commit message `docs(): Dokumentation angelegt` +- `Bruchtal/mkdocs.md`: nav sinnvoll ergänzen +- commit message `docs(mkdocs): ` ergänzt +- push + +### Übernehmen auf VM Docker +```bash +ssh docker +cd /docker/Bruchtal +git pull +cd /docker/Bruchtal/ +docker compose up -d +``` + +## Repository-Struktur +``` +Bruchtal/ +├── docker/ +│ └── / +│ └── docker-compose.yml +└── docs/ + └── docker/ + └── / + └── .md +``` diff --git a/mkdocs.yml b/mkdocs.yml new file mode 100644 index 0000000..b1f3d25 --- /dev/null +++ b/mkdocs.yml @@ -0,0 +1,24 @@ +site_name: Bruchtal +site_description: Infrastruktur- und Betriebsdokumentation von Bruchtal +site_author: Bruchtal + +theme: + name: material + language: de + +nav: + - Übersicht: index.md + - Workflows: + - Docker-workflow: workflows/docker-workflow.md + - Netzwerk: + - Topologie: network/topology.md + - Tunnel: network/tunnel.md + - Proxmox: + - VMs: proxmox/vms.md + - Docker: + - Adguardhome: docker/adguardhome/adguardhome.md + - Wikijs: docker/wikijs/wikijs.md + - Architektur: docker/architecture.md + - Backup_Storage: + - Backup: backup/backup.md + - Storage: backup/storage.md \ No newline at end of file