diff --git a/docs/home-network/containerisation.md b/docs/home-network/containerisation.md new file mode 100644 index 0000000..a2c85ae --- /dev/null +++ b/docs/home-network/containerisation.md @@ -0,0 +1,46 @@ +# Containerisation + +## Reverse proxy + +The proxy receives all connections on TCP ports 80 and 443 and routes the +requests to services listening on high-numbered ports. + +### Adding new services + +New services are registered with the reverse proxy by adding a server +configuration file. + +1. Add the configuration file. +2. Restart the reverse proxy. + +### TLS + +The proxy has a Let's Encrypt TLS certificate for each service that uses a +public domain name. + +The proxy automatically renews the certificates using an HTTP-01 challenge: +Let's Encrypt requests a text file from the server to prove that the server is +controlled by the domain owner. + +The proxy generates a separate certificate for each domain; certificates are +managed separately for each service. + +## Systemd services + +Each service is registered as a Systemd service: Systemd starts the containers +when the server boots; systemd auto restarts the containers when they stop. + +Systemd also provides a unified interface for disabling/enabling services. The +exact implementation details of the service's containers is not important: they +can be standalone docker images or docker compose services. + +## Standard service containerisation pattern + +Each service will use docker compose to run its containers, even if the service +only uses a single container. This simplifies maintenance because each service +can use a similar docker and systemd setup. + +Services can break from this pattern for a couple of reasons: + +1. docker compose setup is too difficult. +1. The service needs to run directly on the host. diff --git a/docs/home-network/services/_index.md b/docs/home-network/services/_index.md index e69de29..8892b9a 100644 --- a/docs/home-network/services/_index.md +++ b/docs/home-network/services/_index.md @@ -0,0 +1,21 @@ +# Services on raspberrypi.home + +| Service | Port | Comment | +| :-------------------- | :------- | :------------------------------------------------- | +| OpenSSH server | 22 | SSH access for system admin | +| Pi-hole DNS server | 53 | DNS server for home network | +| NGINX reverse proxy | 80, 443 | Reverse proxy for all web services on home network | +| Samba SMB server | 139, 445 | SMB access for uploading files | +| Gitea SSH server | 2200 | SSH access for forge | +| Gitea web server | 3001 | Git forge web access | +| Jellyfin media server | 8096 | Media server for viewing media | +| Pi-hole admin server | 8080 | Admin for Pi-hole | +| Notes server | 42069 | Personal notes server | + +## File structure + +## Planned functionality + +- Authentik OAuth2 Identity provider +- Notes server with OAuth2 +- Vaultwarden secrets vault diff --git a/docs/home-network/services/jellyfin.md b/docs/home-network/services/jellyfin.md index 2560982..00fa762 100644 --- a/docs/home-network/services/jellyfin.md +++ b/docs/home-network/services/jellyfin.md @@ -3,3 +3,7 @@ Host: raspberrypi Port: 8096 (Access via web browser) + +## AWS Backups + +@todo diff --git a/docs/home-network/services/notes-server.md b/docs/home-network/services/notes-server.md index a71c565..d5c58d4 100644 --- a/docs/home-network/services/notes-server.md +++ b/docs/home-network/services/notes-server.md @@ -1 +1,3 @@ # Notes server + +Path: `/var/www/html/notes` diff --git a/docs/home-network/services/reverse-proxy.md b/docs/home-network/services/reverse-proxy.md index a5fb19d..28305e5 100644 --- a/docs/home-network/services/reverse-proxy.md +++ b/docs/home-network/services/reverse-proxy.md @@ -2,4 +2,6 @@ Host: raspberrypi (192.168.0.105) +Path: `/var/www/html/reverse-proxy` + Routes HTTP requests to other services hosted on home network.