cce203ed62
This commit adds several new features to enhance homelab management: ## New Services ### Backrest (backup.fig.systems) - Modern web UI for managing Restic backups - Encrypted, deduplicated backups to Backblaze B2 - Automated scheduling and retention policies - Pre-configured to backup Immich photos and homelab configs - SSO protected via tinyauth ### Homarr (home.fig.systems) - Auto-discovery dashboard for all homelab services - Docker socket integration for service monitoring - Clean, modern interface with customizable widgets - SSO protected via tinyauth ## Infrastructure ### Service Template System (templates/service-template/) - Complete template with all common patterns - Traefik labels, health checks, dependencies - Environment variable examples - Comprehensive README with usage instructions - Ensures consistency across all new services ### OpenTofu/Terraform IaC (terraform/) - Complete Proxmox VM provisioning setup - Cloud-init automation for Docker host creation - Automated Docker installation and configuration - Media directory structure creation - Step-by-step documentation including: - Cloud template creation guide - Variable configuration examples - Resource sizing recommendations - Security hardening options ## Documentation Updates - Updated README with new service URLs - Added Homarr and Backrest to directory structure - Updated deployment instructions - Added service table entries for new services All new services follow established patterns: - External homelab network - Let's Encrypt SSL via Traefik - Dual domain support (fig.systems + edfig.dev) - Consistent naming and structure
118 lines
3 KiB
YAML
118 lines
3 KiB
YAML
# Service Name - Brief Description
|
|
# Official Docs: https://docs.example.com
|
|
# Docker Hub: https://hub.docker.com/r/example/service
|
|
|
|
services:
|
|
service-name:
|
|
container_name: service-name
|
|
image: example/service:latest
|
|
|
|
# Environment Variables
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=America/Los_Angeles
|
|
# Add service-specific variables here
|
|
|
|
# Optional: Use .env file for sensitive config
|
|
# env_file: .env
|
|
|
|
# Volumes - Persistent data storage
|
|
volumes:
|
|
- ./config:/config
|
|
- ./data:/data
|
|
# Add media folder mounts if needed:
|
|
# - /media/movies:/movies:ro
|
|
# - /media/books:/books:ro
|
|
|
|
# Ports (optional - prefer Traefik routing)
|
|
# ports:
|
|
# - "8080:8080"
|
|
|
|
# Restart Policy
|
|
restart: unless-stopped
|
|
|
|
# Networks
|
|
networks:
|
|
- homelab
|
|
# Add internal network if multi-container:
|
|
# - service_internal
|
|
|
|
# Health Check (optional but recommended)
|
|
# healthcheck:
|
|
# test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
|
|
# interval: 30s
|
|
# timeout: 10s
|
|
# retries: 3
|
|
# start_period: 40s
|
|
|
|
# Dependencies (if needed)
|
|
# depends_on:
|
|
# - database
|
|
# - redis
|
|
|
|
# Traefik Labels - Web Access with SSL
|
|
labels:
|
|
traefik.enable: true
|
|
|
|
# Routing - Replace 'service' with actual service name
|
|
traefik.http.routers.service-name.rule: Host(`service.fig.systems`) || Host(`service.edfig.dev`)
|
|
traefik.http.routers.service-name.entrypoints: websecure
|
|
traefik.http.routers.service-name.tls.certresolver: letsencrypt
|
|
|
|
# Service port - Change to actual port
|
|
traefik.http.services.service-name.loadbalancer.server.port: 8080
|
|
|
|
# SSO Protection (optional - uncomment if needed)
|
|
traefik.http.routers.service-name.middlewares: tinyauth
|
|
|
|
# Network selection (if using multiple networks)
|
|
# traefik.docker.network: homelab
|
|
|
|
# Optional: Database service (PostgreSQL example)
|
|
# database:
|
|
# container_name: service-name-db
|
|
# image: postgres:16-alpine
|
|
# environment:
|
|
# POSTGRES_DB: servicedb
|
|
# POSTGRES_USER: serviceuser
|
|
# POSTGRES_PASSWORD: ${DB_PASSWORD}
|
|
# TZ: America/Los_Angeles
|
|
# volumes:
|
|
# - ./db:/var/lib/postgresql/data
|
|
# restart: unless-stopped
|
|
# networks:
|
|
# - service_internal
|
|
# healthcheck:
|
|
# test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
|
|
# interval: 10s
|
|
# timeout: 5s
|
|
# retries: 5
|
|
|
|
# Optional: Redis cache
|
|
# redis:
|
|
# container_name: service-name-redis
|
|
# image: redis:alpine
|
|
# restart: unless-stopped
|
|
# networks:
|
|
# - service_internal
|
|
# healthcheck:
|
|
# test: ["CMD", "redis-cli", "ping"]
|
|
# interval: 30s
|
|
# timeout: 10s
|
|
# retries: 5
|
|
|
|
# Networks
|
|
networks:
|
|
homelab:
|
|
external: true
|
|
|
|
# Internal network (if multi-container service)
|
|
# service_internal:
|
|
# name: service_internal
|
|
# driver: bridge
|
|
|
|
# Named Volumes (optional)
|
|
# volumes:
|
|
# data:
|
|
# cache:
|