chore: initial commit for Bruchtal Docker + deploy
This commit is contained in:
Bruchtal Admin
22
docs/docker/adguardhome/adguardhome.md
Normal file
22
docs/docker/adguardhome/adguardhome.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# Adguardhome
|
||||
|
||||
## Allgemein
|
||||
|
||||
- Image: `adguard/adguardhome:v0.107.69`
|
||||
- Port: `3000`
|
||||
- Restart Policy: `unless-stopped`
|
||||
|
||||
|
||||
## Volumes
|
||||
|
||||
| Host Path | Container Path | Zweck |
|
||||
|------------|----------------|--------|
|
||||
| /docker/Daten/adguardhome/conf| /opt/adguardhome/conf | Konfiguration |
|
||||
| /docker/Daten/adguardhome/work| /opt/adguardhome/work | Datenbank & Inhalte |
|
||||
|
||||
## Deployment
|
||||
```bash
|
||||
cd /docker/Bruchtal/docker/adguardhome
|
||||
git pull
|
||||
docker compose pull
|
||||
docker compose up -d
|
||||
0
docs/docker/architecture.md
Normal file
0
docs/docker/architecture.md
Normal file
23
docs/docker/heimdall/heimdall.md
Normal file
23
docs/docker/heimdall/heimdall.md
Normal file
@@ -0,0 +1,23 @@
|
||||
# Heimdall
|
||||
|
||||
## Allgemein
|
||||
|
||||
- Image: `lscr.io/linuxserver/heimdall:2.7.6`
|
||||
- Port: `1280:80`, `12443:443`
|
||||
- Restart Policy: `unless-stopped`
|
||||
|
||||
## Volumes
|
||||
|
||||
| Host Path | Container Path | Zweck |
|
||||
|------------|----------------|--------|
|
||||
| /docker/Bruchtal/docker/heimdall/data/config:/config | /config | Konfiguration |
|
||||
|
||||
|
||||
## Deployment
|
||||
|
||||
```bash
|
||||
cd /docker/Bruchtal/docker/heimdall
|
||||
git pull
|
||||
docker compose pull
|
||||
docker compose up -d
|
||||
``
|
||||
24
docs/docker/wikijs/wikijs.md
Normal file
24
docs/docker/wikijs/wikijs.md
Normal file
@@ -0,0 +1,24 @@
|
||||
# Wikijs
|
||||
|
||||
## Allgemein
|
||||
|
||||
- Image: `linuxserver/wikijs:2.5.312`
|
||||
- Port: `3000`
|
||||
- Restart Policy: `unless-stopped`
|
||||
|
||||
## Volumes
|
||||
|
||||
| Host Path | Container Path | Zweck |
|
||||
|------------|----------------|--------|
|
||||
| /docker/Daten/wikijs/config | /config | Konfiguration |
|
||||
| /docker/Daten/wikijs/data | /data | Datenbank & Inhalte |
|
||||
| /docker/Daten/wikijs/backup | /backup | Backups |
|
||||
|
||||
## Deployment
|
||||
|
||||
```bash
|
||||
cd /docker/Bruchtal/docker/wikijs
|
||||
git pull
|
||||
docker compose pull
|
||||
docker compose up -d
|
||||
``
|
||||
18
docs/index.md
Normal file
18
docs/index.md
Normal file
@@ -0,0 +1,18 @@
|
||||
# Bruchtal
|
||||
|
||||
Willkommen in der Infrastruktur-Dokumentation von **Bruchtal**.
|
||||
|
||||
## Ziel
|
||||
|
||||
Diese Dokumentation beschreibt:
|
||||
|
||||
- ⚙️ Workflows
|
||||
- 🖧 Netzwerk
|
||||
- 🧱 Proxmox & VMs
|
||||
- 🐳 Docker-Services
|
||||
- 💾 Backup & Storage
|
||||
- 🔐 Sicherheit
|
||||
|
||||
---
|
||||
|
||||
> Git ist die Quelle der Wahrheit.
|
||||
0
docs/network/topology.md
Normal file
0
docs/network/topology.md
Normal file
74
docs/network/tunnel.md
Normal file
74
docs/network/tunnel.md
Normal file
@@ -0,0 +1,74 @@
|
||||
# Pangolin-Tunnel: Zugriff über Hetzner42
|
||||
|
||||
## Sicherheits-Setup
|
||||
|
||||
```
|
||||
+------------------+
|
||||
| Internet |
|
||||
+--------+---------+
|
||||
|
|
||||
| TCP 80 / 443
|
||||
v
|
||||
+------------------------------------------------------------------+
|
||||
| Hetzner Server |
|
||||
| seanluc1 |
|
||||
| |
|
||||
| +------------+ shared docker network +---------------+ |
|
||||
| | Traefik | <--------------------------> | CrowdSec | |
|
||||
| | v3.4.1 | | LAPI | |
|
||||
| | | | | |
|
||||
| | :80 :443 | | Decisions | |
|
||||
| | :8080 | | (CAPI) | |
|
||||
| +------+-----+ +---------------+ |
|
||||
| | |
|
||||
| | dynamic config (file provider) |
|
||||
| v |
|
||||
| +-----------------------------------------------------------+ |
|
||||
| | Pangolin | |
|
||||
| | v1.14.1 | |
|
||||
| | | |
|
||||
| | Web UI :3002 | |
|
||||
| | API :3000 | |
|
||||
| | Internal API :3001 | |
|
||||
| | | |
|
||||
| | - generates Traefik routers | |
|
||||
| | - manages resources | |
|
||||
| | - controls Gerbil / Newt | |
|
||||
| +-----------+-----------------------------------------------+ |
|
||||
| | |
|
||||
| | WireGuard control |
|
||||
| v |
|
||||
| +-----------------------------------------------------------+ |
|
||||
| | Gerbil | |
|
||||
| | | |
|
||||
| | WireGuard Exit Node | |
|
||||
| | wg0: 100.89.128.1/24 | |
|
||||
| | Control API :3003 | |
|
||||
| | | |
|
||||
| | - terminates tunnel | |
|
||||
| | - forwards TCP ports | |
|
||||
| +-----------+-----------------------------------------------+ |
|
||||
| | |
|
||||
+---------------|--------------------------------------------------+
|
||||
|
|
||||
| WireGuard tunnel (encrypted)
|
||||
v
|
||||
+------------------------------------------------------------------+
|
||||
| Local Network (LAN) |
|
||||
| |
|
||||
| +-------------+ +------------------------------------+ |
|
||||
| | Newt | | Target Services | |
|
||||
| | | | | |
|
||||
| | wg IP | | Home Assistant | |
|
||||
| | 100.89.128.4| | 192.168.178.203:8123 | |
|
||||
| | | | | |
|
||||
| | TCP Proxy | | Wiki / Bitwarden | |
|
||||
| +-------------+ +------------------------------------+ |
|
||||
| |
|
||||
+------------------------------------------------------------------+
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
0
docs/overview/index.md
Normal file
0
docs/overview/index.md
Normal file
9
docs/proxmox/vms.md
Normal file
9
docs/proxmox/vms.md
Normal file
@@ -0,0 +1,9 @@
|
||||
# Proxmox Host
|
||||
|
||||
- Hostname: vm-proxmox
|
||||
- OS: Debian 12
|
||||
- VMs:
|
||||
- paperless-ngx
|
||||
- home-assistant
|
||||
- Docker-VM
|
||||
- Backup: tägliche Snapshots
|
||||
66
docs/workflows/docker-workflow.md
Normal file
66
docs/workflows/docker-workflow.md
Normal file
@@ -0,0 +1,66 @@
|
||||
# Docker-Workflow (Bruchtal Standard)
|
||||
|
||||
Dieser Workflow ist verbindlich für alle Änderungen an Docker-Stacks in Bruchtal.
|
||||
|
||||
Ziel:
|
||||
- Keine Konfiguration direkt auf der VM
|
||||
- Alles versioniert in Git
|
||||
- Reproduzierbare Deployments
|
||||
- Dokumentation immer synchron zur Infrastruktur
|
||||
|
||||
---
|
||||
|
||||
## Grundprinzip
|
||||
|
||||
**Konfiguration passiert lokal in VS Code.**
|
||||
Die VM ist nur noch Laufzeitumgebung.
|
||||
|
||||
|
||||
1. Lokal ändern, egal was
|
||||
2. Committen & Pushen
|
||||
3. Auf VM pullen
|
||||
4. Container neu starten
|
||||
|
||||
---
|
||||
|
||||
## Workflow "neuer Container"
|
||||
- VSCode starten in ~Bruchtal mit code . => VS startet sauber mit der Giteinstellung
|
||||
**ALLE ÄNDERUNGEN NUR IN VS**
|
||||
|
||||
### neuen Containeranlegen
|
||||
- `Bruchtal/<Containername>` anlegen
|
||||
- `Bruchtal/<Containername>/docker-compose.yml` anlegen
|
||||
- docker-compose.yml editieren,
|
||||
- commit mit Message `"infra(<Containername>): docker-compose.yml neu angelegt"`
|
||||
- push
|
||||
|
||||
|
||||
### neuen Container dokumentieren
|
||||
- `Bruchtal/docs/<Containername>` anlegen
|
||||
- `Bruchtal/docs/<Containername>/<Containername>.md` anlegen
|
||||
- `<Containername>.md` editieren, Blaupause z.B: wikijs.md
|
||||
- commit message `docs(<Containername>): Dokumentation angelegt`
|
||||
- `Bruchtal/mkdocs.md`: nav sinnvoll ergänzen
|
||||
- commit message `docs(mkdocs): <Containername>` ergänzt
|
||||
- push
|
||||
|
||||
### Übernehmen auf VM Docker
|
||||
```bash
|
||||
ssh docker
|
||||
cd /docker/Bruchtal
|
||||
git pull
|
||||
cd /docker/Bruchtal/<Containername>
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
## Repository-Struktur
|
||||
```
|
||||
Bruchtal/
|
||||
├── docker/
|
||||
│ └── <Containername>/
|
||||
│ └── docker-compose.yml
|
||||
└── docs/
|
||||
└── docker/
|
||||
└── <Containername>/
|
||||
└── <Containername>.md
|
||||
```
|
||||
Reference in New Issue
Block a user