/homecontroller

Personal project to move all tools on my RaspberryPi to Docker.

Primary LanguageShellMIT LicenseMIT

homecontroller

Personal project to move all tools on my home server to Docker. Alpine Linux is used as host OS (due to minimal footprint and security focus). Docker compose is used to manage my local infrastructure in a single file. I use a Linux Container in Proxmox, but it can also run on a Raspberry Pi

features

  • Wildcard Let's Encrypt certificates
  • Automated certificate renewal
  • Redirect HTTP to HTTPS for all services
  • IP whitelist protection for admin pages
  • Automated redirect of Synology mailstation and webstation
  • Bind mounts for persistent data (easy backups)
  • Sensitive Vaultwarden configuration in docker secrets
  • Firefly III with PostgreSQL database and data importer

Usage

(Optional) configure Alpine Linux

Configure Alpine Linux

(Optional) Host security

Setup fail2ban

Setup firewall

Create a folder

Copy this repository, e.g. by downloading the zip-file and extract it.

# apk add zip
wget https://github.com/dannybouwers/homecontroller/archive/refs/heads/master.zip
unzip ./master.zip
cd ./homecontroller-master

This directory is further referred to as 'working directory'.

Set environment

Rename .env.example to .env (or create a new file) and replace the contents with your personal details.

mv ./.env.example .env

Create secrets

Create the following text files in your working directory an fill them with the corresponding secret values:

echo "your-cloudflare-api-token" > ./secrets/cloudflare_api_token
echo "your-google-smpt-password" > ./secrets/google_smtp_pass
echo "a-password-for-the-vaultwarden-admin-page" > ./secrets/vaultwarden_admin_token

Prepare for running

Run the file setup.sh to create directories and files mounted by docker compose:

. ./setup.sh

Run

Start the containers using docker compose:

docker compose up -d --remove-orphans

Test

Test if everything is running using:

. ./test.sh

Access services

If DNS is set up correctly, the services can be reached (and configured) using these urls:

todo